Python: Allow printing PostUpdateNode in ConceptsTest.qll

See how this works in `test_json.py`
2026-04-30 19:26:02 +02:00 · 2021-05-11 14:59:35 +02:00
parent 9dbb364cca
commit 61ad5d0673
3 changed files with 35 additions and 11 deletions
--- a/python/ql/test/experimental/dataflow/TestUtil/PrintNode.qll
+++ b/python/ql/test/experimental/dataflow/TestUtil/PrintNode.qll
@@ -26,6 +26,30 @@ string prettyExpr(Expr e) {
  result = prettyExpr(e.(Attribute).getObject()) + "." + e.(Attribute).getName()
 }

+/**
+ * Gets pretty-printed version of the DataFlow::Node `node`
+ */
+bindingset[node]
 string prettyNode(DataFlow::Node node) {
  if exists(node.asExpr()) then result = prettyExpr(node.asExpr()) else result = node.toString()
 }
+
+/**
+ * Gets pretty-printed version of the DataFlow::Node `node`, that is suitable for use
+ * with `TestUtilities.InlineExpectationsTest` (that is, no spaces unless required).
+ */
+bindingset[node]
+string prettyNodeForInlineTest(DataFlow::Node node) {
+  exists(node.asExpr()) and
+  result = prettyExpr(node.asExpr())
+  or
+  exists(Expr e | e = node.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr() |
+    // since PostUpdateNode both has space in the `[post <thing>]` annotation, and does
+    // not pretty print the pre-update node, we do custom handling of this.
+    result = "[post]" + prettyExpr(e)
+  )
+  or
+  not exists(node.asExpr()) and
+  not exists(Expr e | e = node.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr()) and
+  result = node.toString()
+}
--- a/python/ql/test/experimental/meta/ConceptsTest.qll
+++ b/python/ql/test/experimental/meta/ConceptsTest.qll
@@ -15,7 +15,7 @@ class SystemCommandExecutionTest extends InlineExpectationsTest {
      command = sce.getCommand() and
      location = command.getLocation() and
      element = command.toString() and
-      value = prettyExpr(command.asExpr()) and
+      value = prettyNodeForInlineTest(command) and
      tag = "getCommand"
    )
  }
@@ -34,7 +34,7 @@ class DecodingTest extends InlineExpectationsTest {
      exists(DataFlow::Node data |
        location = data.getLocation() and
        element = data.toString() and
-        value = prettyExpr(data.asExpr()) and
+        value = prettyNodeForInlineTest(data) and
        (
          data = d.getAnInput() and
          tag = "decodeInput"
@@ -72,7 +72,7 @@ class EncodingTest extends InlineExpectationsTest {
      exists(DataFlow::Node data |
        location = data.getLocation() and
        element = data.toString() and
-        value = prettyExpr(data.asExpr()) and
+        value = prettyNodeForInlineTest(data) and
        (
          data = e.getAnInput() and
          tag = "encodeInput"
@@ -105,7 +105,7 @@ class CodeExecutionTest extends InlineExpectationsTest {
      code = ce.getCode() and
      location = code.getLocation() and
      element = code.toString() and
-      value = prettyExpr(code.asExpr()) and
+      value = prettyNodeForInlineTest(code) and
      tag = "getCode"
    )
  }
@@ -123,7 +123,7 @@ class SqlExecutionTest extends InlineExpectationsTest {
      sql = e.getSql() and
      location = e.getLocation() and
      element = sql.toString() and
-      value = prettyExpr(sql.asExpr()) and
+      value = prettyNodeForInlineTest(sql) and
      tag = "getSql"
    )
  }
@@ -206,7 +206,7 @@ class HttpServerHttpResponseTest extends InlineExpectationsTest {
      exists(HTTP::Server::HttpResponse response |
        location = response.getLocation() and
        element = response.toString() and
-        value = prettyExpr(response.getBody().asExpr()) and
+        value = prettyNodeForInlineTest(response.getBody()) and
        tag = "responseBody"
      )
      or
@@ -245,7 +245,7 @@ class HttpServerHttpRedirectResponseTest extends InlineExpectationsTest {
      exists(HTTP::Server::HttpRedirectResponse redirect |
        location = redirect.getLocation() and
        element = redirect.toString() and
-        value = prettyExpr(redirect.getRedirectLocation().asExpr()) and
+        value = prettyNodeForInlineTest(redirect.getRedirectLocation()) and
        tag = "redirectLocation"
      )
    )
@@ -263,7 +263,7 @@ class FileSystemAccessTest extends InlineExpectationsTest {
      path = a.getAPathArgument() and
      location = a.getLocation() and
      element = path.toString() and
-      value = prettyExpr(path.asExpr()) and
+      value = prettyNodeForInlineTest(path) and
      tag = "getAPathArgument"
    )
  }
@@ -297,7 +297,7 @@ class SafeAccessCheckTest extends InlineExpectationsTest {
      location = c.getLocation() and
      (
        element = checks.toString() and
-        value = prettyExpr(checks.asExpr()) and
+        value = prettyNodeForInlineTest(checks) and
        tag = "checks"
        or
        element = branch.toString() and
--- a/python/ql/test/library-tests/frameworks/stdlib/test_json.py
+++ b/python/ql/test/library-tests/frameworks/stdlib/test_json.py
@@ -17,7 +17,7 @@ def test():

    # load/dump with file-like
    tainted_filelike = StringIO()
-    json.dump(ts, tainted_filelike) # $ encodeFormat=JSON encodeInput=ts
+    json.dump(ts, tainted_filelike) # $ encodeOutput=[post]tainted_filelike encodeFormat=JSON encodeInput=ts

    tainted_filelike.seek(0)
    ensure_tainted(
@@ -27,7 +27,7 @@ def test():

    # load/dump with file-like using keyword-args
    tainted_filelike = StringIO()
-    json.dump(obj=ts, fp=tainted_filelike) # $ encodeFormat=JSON encodeInput=ts
+    json.dump(obj=ts, fp=tainted_filelike) # $ encodeOutput=[post]tainted_filelike encodeFormat=JSON encodeInput=ts

    tainted_filelike.seek(0)
    ensure_tainted(