python: add test for model summaries

(but no summaries yet)
2026-04-21 15:05:56 +02:00 · 2023-03-24 09:48:31 +01:00
parent 3cf9e3e692
commit 6554e804dd
4 changed files with 83 additions and 0 deletions
--- a/python/ql/test/experimental/dataflow/model-summaries/NormalTaintTrackingTest.expected
+++ b/python/ql/test/experimental/dataflow/model-summaries/NormalTaintTrackingTest.expected
@@ -0,0 +1,2 @@
+missingAnnotationOnSink
+failures
--- a/python/ql/test/experimental/dataflow/model-summaries/NormalTaintTrackingTest.ql
+++ b/python/ql/test/experimental/dataflow/model-summaries/NormalTaintTrackingTest.ql
@@ -0,0 +1,3 @@
+import python
+private import TestSummaries
+import experimental.dataflow.TestUtil.NormalTaintTrackingTest
--- a/python/ql/test/experimental/dataflow/model-summaries/TestSummaries.qll
+++ b/python/ql/test/experimental/dataflow/model-summaries/TestSummaries.qll
@@ -0,0 +1,8 @@
+private import python
+private import semmle.python.dataflow.new.FlowSummary
+private import semmle.python.frameworks.data.ModelsAsData
+private import semmle.python.ApiGraphs
+
+private class StepsFromModel extends ModelInput::SummaryModelCsv {
+  override predicate row(string row) { none() }
+}
--- a/python/ql/test/experimental/dataflow/model-summaries/model_summaries.py
+++ b/python/ql/test/experimental/dataflow/model-summaries/model_summaries.py
@@ -0,0 +1,70 @@
+
+import sys
+import os
+
+sys.path.append(os.path.dirname(os.path.dirname((__file__))))
+from testlib import expects
+
+# These are defined so that we can evaluate the test code.
+NONSOURCE = "not a source"
+SOURCE = "source"
+
+
+def is_source(x):
+    return x == "source" or x == b"source" or x == 42 or x == 42.0 or x == 42j
+
+
+def SINK(x):
+    if is_source(x):
+        print("OK")
+    else:
+        print("Unexpected flow", x)
+
+
+def SINK_F(x):
+    if is_source(x):
+        print("Unexpected flow", x)
+    else:
+        print("OK")
+
+
+from Foo import identity
+
+# Simple summary
+tainted = identity(SOURCE)
+SINK(tainted)  # $ MISSING: flow="SOURCE, l:-1 -> tainted"
+
+# Lambda summary
+tainted_lambda = apply_lambda(lambda x: x + 1, SOURCE)
+SINK(tainted_lambda)  # $ MISSING: flow="SOURCE, l:-1 -> tainted_lambda"
+
+# A lambda that breaks the flow
+untainted_lambda = apply_lambda(lambda x: 1, SOURCE)
+SINK_F(untainted_lambda)
+
+# Collection summaries
+tainted_list = my_reversed([SOURCE])
+SINK(tainted_list[0])  # $ MISSING: flow="SOURCE, l:-1 -> tainted_list[0]"
+
+# Complex summaries
+def add_colon(x):
+    return x + ":"
+
+tainted_mapped = list_map(add_colon, [SOURCE])
+SINK(tainted_mapped[0])  # $ MISSING: flow="SOURCE, l:-1 -> tainted_mapped[0]"
+
+def explicit_identity(x):
+    return x
+
+tainted_mapped_explicit = list_map(explicit_identity, [SOURCE])
+SINK(tainted_mapped_explicit[0])  # $ MISSING: flow="SOURCE, l:-1 -> tainted_mapped_explicit[0]"
+
+tainted_mapped_summary = list_map(identity, [SOURCE])
+SINK(tainted_mapped_summary[0])  # $ MISSING: flow="SOURCE, l:-1 -> tainted_mapped_summary[0]"
+
+tainted_list = append_to_list([], SOURCE)
+SINK(tainted_list[0])  # $ MISSING: flow="SOURCE, l:-1 -> tainted_list[0]"
+
+from json import my_loads as json_loads
+tainted_resultlist = json_loads(SOURCE)
+SINK(tainted_resultlist[0])  # $ MISSING: flow="SOURCE, l:-1 -> tainted_resultlist[0]"