simple taint-flow test

python/ql/test/library-tests/frameworks/data/test.expected

@@ -4,6 +4,7 @@ taintFlow
 | test.py:9:8:9:14 | ControlFlowNode for alias() | test.py:9:8:9:14 | ControlFlowNode for alias() |
 | test.py:10:8:10:22 | ControlFlowNode for Attribute() | test.py:10:8:10:22 | ControlFlowNode for Attribute() |
 | test.py:11:8:11:30 | ControlFlowNode for Attribute() | test.py:11:8:11:30 | ControlFlowNode for Attribute() |
+| test.py:71:28:71:38 | ControlFlowNode for getSource() | test.py:71:8:71:39 | ControlFlowNode for Attribute() |
 isSink
 | test.py:4:8:4:8 | ControlFlowNode for x | test-sink |
 | test.py:7:17:7:17 | ControlFlowNode for x | test-sink |
@@ -28,6 +29,8 @@ isSink
 | test.py:66:23:66:26 | ControlFlowNode for arg2 | test-source |
 | test.py:66:34:66:43 | ControlFlowNode for namedThing | test-source |
 | test.py:67:34:67:44 | ControlFlowNode for secondNamed | test-source |
+| test.py:71:8:71:39 | ControlFlowNode for Attribute() | test-sink |
+| test.py:72:8:72:47 | ControlFlowNode for Attribute() | test-sink |
 isSource
 | test.py:3:5:3:15 | ControlFlowNode for getSource() | test-source |
 | test.py:9:8:9:14 | ControlFlowNode for alias() | test-source |
@@ -54,6 +57,8 @@ isSource
 | test.py:63:42:63:45 | ControlFlowNode for arg3 | test-source |
 | test.py:63:48:63:51 | ControlFlowNode for arg4 | test-source |
 | test.py:63:54:63:57 | ControlFlowNode for arg5 | test-source |
+| test.py:71:28:71:38 | ControlFlowNode for getSource() | test-source |
+| test.py:72:36:72:46 | ControlFlowNode for getSource() | test-source |
 syntaxErrors
 | Member[foo |
 | Member[foo] .Member[bar] |

python/ql/test/library-tests/frameworks/data/test.py

@@ -64,4 +64,9 @@ class SubClass (ArgPos.MyClass):
         pass
 
 ArgPos.anyParam(arg1, arg2, name=namedThing)
-ArgPos.anyNamed(arg4, arg5, name=secondNamed)
+ArgPos.anyNamed(arg4, arg5, name=secondNamed)
+
+from testlib import Steps
+
+mySink(Steps.preserveTaint(getSource())) # FLOW
+mySink(Steps.preserveTaint("safe", getSource())) # NO FLOW

python/ql/test/library-tests/frameworks/data/test.ql

@@ -5,24 +5,21 @@ import semmle.python.dataflow.new.TaintTracking
 import semmle.python.dataflow.new.DataFlow
 private import semmle.python.ApiGraphs
 
-// TODO:
-/*
- * class Steps extends ModelInput::SummaryModelCsv {
- *  override predicate row(string row) {
- *    // package;type;path;input;output;kind
- *    row =
- *      [
- *        "testlib;;Member[preserveTaint];Argument[0];ReturnValue;taint",
- *        "testlib;;Member[taintIntoCallback];Argument[0];Argument[1..2].Parameter[0];taint",
- *        "testlib;;Member[taintIntoCallbackThis];Argument[0];Argument[1..2].Parameter[this];taint",
- *        "testlib;;Member[preserveArgZeroAndTwo];Argument[0,2];ReturnValue;taint",
- *        "testlib;;Member[preserveAllButFirstArgument];Argument[1..];ReturnValue;taint",
- *        "testlib;;Member[preserveAllIfCall].Call;Argument[0..];ReturnValue;taint",
- *        "testlib;;Member[getSource].ReturnValue.Member[continue];Argument[this];ReturnValue;taint",
- *      ]
- *  }
- * }
- */
+class Steps extends ModelInput::SummaryModelCsv {
+  override predicate row(string row) {
+    // package;type;path;input;output;kind
+    row =
+      [
+        "testlib;;Member[Steps].Member[preserveTaint];Argument[0];ReturnValue;taint",
+        // "testlib;;Member[Steps].Member[taintIntoCallback];Argument[0];Argument[1..2].Parameter[0];taint",
+        // "testlib;;Member[Steps].Member[taintIntoCallbackThis];Argument[0];Argument[1..2].Parameter[this];taint",
+        // "testlib;;Member[Steps].Member[preserveArgZeroAndTwo];Argument[0,2];ReturnValue;taint",
+        // "testlib;;Member[Steps].Member[preserveAllButFirstArgument];Argument[1..];ReturnValue;taint",
+        // "testlib;;Member[Steps].Member[preserveAllIfCall].Call;Argument[0..];ReturnValue;taint",
+        // "testlib;;Member[Steps].Member[getSource].ReturnValue.Member[continue];Argument[this];ReturnValue;taint",
+      ]
+  }
+}
 
 class Types extends ModelInput::TypeModelCsv {
   override predicate row(string row) {