From 7956b97ac36d50eae381e0f295120f3dbf0f48bb Mon Sep 17 00:00:00 2001
From: jorgectf <jorgectf@protonmail.com>
Date: Wed, 23 Jun 2021 00:40:05 +0200
Subject: [PATCH] Unit tests move and temporary ql

---
 .../ql/src/experimental/Security/CWE-079/test.ql |  3 +++
 .../sendgrid_mail_helper_content_bad.py          |  0
 ...ndgrid_via_mail_send_post_request_body_bad.py |  0
 .../CWE-079/unit_tests}/smtplib_bad_subparts.py  |  0
 .../unit_tests}/smtplib_bad_via_attach.py        |  0
 .../Security/CWE-079/unit_tests/test.actual      |  1 +
 .../Security/CWE-079/unit_tests/test.qlref       |  1 +
 .../query-tests/Security/CWE-079/.gitkeep        |  0
 .../Security/CWE-079/flask_mail_bad_1.py         | 14 --------------
 .../Security/CWE-079/flask_mail_bad_2.py         | 14 --------------
 .../CWE-079/flask_mail_bulk_email_bad.py         | 16 ----------------
 11 files changed, 5 insertions(+), 44 deletions(-)
 create mode 100644 python/ql/src/experimental/Security/CWE-079/test.ql
 rename python/ql/{test/experimental/query-tests/Security/CWE-079 => src/experimental/Security/CWE-079/unit_tests}/sendgrid_mail_helper_content_bad.py (100%)
 rename python/ql/{test/experimental/query-tests/Security/CWE-079 => src/experimental/Security/CWE-079/unit_tests}/sendgrid_via_mail_send_post_request_body_bad.py (100%)
 rename python/ql/{test/experimental/query-tests/Security/CWE-079 => src/experimental/Security/CWE-079/unit_tests}/smtplib_bad_subparts.py (100%)
 rename python/ql/{test/experimental/query-tests/Security/CWE-079 => src/experimental/Security/CWE-079/unit_tests}/smtplib_bad_via_attach.py (100%)
 create mode 100644 python/ql/src/experimental/Security/CWE-079/unit_tests/test.actual
 create mode 100644 python/ql/src/experimental/Security/CWE-079/unit_tests/test.qlref
 create mode 100644 python/ql/test/experimental/query-tests/Security/CWE-079/.gitkeep
 delete mode 100644 python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bad_1.py
 delete mode 100644 python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bad_2.py
 delete mode 100644 python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bulk_email_bad.py

diff --git a/python/ql/src/experimental/Security/CWE-079/test.ql b/python/ql/src/experimental/Security/CWE-079/test.ql
new file mode 100644
index 00000000000..e30d45c0c3f
--- /dev/null
+++ b/python/ql/src/experimental/Security/CWE-079/test.ql
@@ -0,0 +1,3 @@
+select "1"
+// void query to run and generate unit_tests.testproj database to test
+// until we decide the objective of the query
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-079/sendgrid_mail_helper_content_bad.py b/python/ql/src/experimental/Security/CWE-079/unit_tests/sendgrid_mail_helper_content_bad.py
similarity index 100%
rename from python/ql/test/experimental/query-tests/Security/CWE-079/sendgrid_mail_helper_content_bad.py
rename to python/ql/src/experimental/Security/CWE-079/unit_tests/sendgrid_mail_helper_content_bad.py
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-079/sendgrid_via_mail_send_post_request_body_bad.py b/python/ql/src/experimental/Security/CWE-079/unit_tests/sendgrid_via_mail_send_post_request_body_bad.py
similarity index 100%
rename from python/ql/test/experimental/query-tests/Security/CWE-079/sendgrid_via_mail_send_post_request_body_bad.py
rename to python/ql/src/experimental/Security/CWE-079/unit_tests/sendgrid_via_mail_send_post_request_body_bad.py
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-079/smtplib_bad_subparts.py b/python/ql/src/experimental/Security/CWE-079/unit_tests/smtplib_bad_subparts.py
similarity index 100%
rename from python/ql/test/experimental/query-tests/Security/CWE-079/smtplib_bad_subparts.py
rename to python/ql/src/experimental/Security/CWE-079/unit_tests/smtplib_bad_subparts.py
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-079/smtplib_bad_via_attach.py b/python/ql/src/experimental/Security/CWE-079/unit_tests/smtplib_bad_via_attach.py
similarity index 100%
rename from python/ql/test/experimental/query-tests/Security/CWE-079/smtplib_bad_via_attach.py
rename to python/ql/src/experimental/Security/CWE-079/unit_tests/smtplib_bad_via_attach.py
diff --git a/python/ql/src/experimental/Security/CWE-079/unit_tests/test.actual b/python/ql/src/experimental/Security/CWE-079/unit_tests/test.actual
new file mode 100644
index 00000000000..2a4f078a25f
--- /dev/null
+++ b/python/ql/src/experimental/Security/CWE-079/unit_tests/test.actual
@@ -0,0 +1 @@
+| 1 |
diff --git a/python/ql/src/experimental/Security/CWE-079/unit_tests/test.qlref b/python/ql/src/experimental/Security/CWE-079/unit_tests/test.qlref
new file mode 100644
index 00000000000..01c9dd06163
--- /dev/null
+++ b/python/ql/src/experimental/Security/CWE-079/unit_tests/test.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE-079/test.ql
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-079/.gitkeep b/python/ql/test/experimental/query-tests/Security/CWE-079/.gitkeep
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bad_1.py b/python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bad_1.py
deleted file mode 100644
index 91ffcf8f0be..00000000000
--- a/python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bad_1.py
+++ /dev/null
@@ -1,14 +0,0 @@
-# This tests that the user doesn't pass user-tainted data into the msg.html attribute.
-# source: https://pythonhosted.org/Flask-Mail/
-from flask_mail import Message
-
-@app.route("/")
-def index():
-
-    msg = Message("Hello",
-                  sender="from@example.com",
-                  recipients=["to@example.com"])
-
-    msg.html = "<b>testing</b>"
-
-    mail.send(msg)
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bad_2.py b/python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bad_2.py
deleted file mode 100644
index 3f0a11a4e74..00000000000
--- a/python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bad_2.py
+++ /dev/null
@@ -1,14 +0,0 @@
-# This tests that the user doesn't pass user-tainted data into the msg html initialized argument.
-# source: https://pythonhosted.org/Flask-Mail/
-
-from flask_mail import Message
-
-@app.route("/")
-def index():
-
-    msg = Message("Hello",
-                  sender="from@example.com",
-                  recipients=["to@example.com"],
-                  html="<b>testing</b>")
-
-    mail.send(msg)
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bulk_email_bad.py b/python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bulk_email_bad.py
deleted file mode 100644
index b1747762848..00000000000
--- a/python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bulk_email_bad.py
+++ /dev/null
@@ -1,16 +0,0 @@
-# This tests that the user can't send multiple vulnerable emails.
-# source: https://pythonhosted.org/Flask-Mail/
-
-from flask_mail import Message
-
-@app.route("/")
-def index():
-  with mail.connect() as conn:
-      for user in users:
-          message = '...'
-          subject = "hello, %s" % user.name
-          msg = Message(recipients=[user.email],
-                        html=message,
-                        subject=subject)
-
-          conn.send(msg)