Unit tests move and temporary ql

python/ql/src/experimental/Security/CWE-079/test.ql

@@ -0,0 +1,3 @@
+select "1"
+// void query to run and generate unit_tests.testproj database to test
+// until we decide the objective of the query

python/ql/src/experimental/Security/CWE-079/unit_tests/test.actual

@@ -0,0 +1 @@
+| 1 |

python/ql/src/experimental/Security/CWE-079/unit_tests/test.qlref

@@ -0,0 +1 @@
+experimental/Security/CWE-079/test.ql

python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bad_1.py

@@ -1,14 +0,0 @@
-# This tests that the user doesn't pass user-tainted data into the msg.html attribute.
-# source: https://pythonhosted.org/Flask-Mail/
-from flask_mail import Message
-
-@app.route("/")
-def index():
-
-    msg = Message("Hello",
-                  sender="from@example.com",
-                  recipients=["to@example.com"])
-
-    msg.html = "<b>testing</b>"
-
-    mail.send(msg)

python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bad_2.py

@@ -1,14 +0,0 @@
-# This tests that the user doesn't pass user-tainted data into the msg html initialized argument.
-# source: https://pythonhosted.org/Flask-Mail/
-
-from flask_mail import Message
-
-@app.route("/")
-def index():
-
-    msg = Message("Hello",
-                  sender="from@example.com",
-                  recipients=["to@example.com"],
-                  html="<b>testing</b>")
-
-    mail.send(msg)

python/ql/test/experimental/query-tests/Security/CWE-079/flask_mail_bulk_email_bad.py

@@ -1,16 +0,0 @@
-# This tests that the user can't send multiple vulnerable emails.
-# source: https://pythonhosted.org/Flask-Mail/
-
-from flask_mail import Message
-
-@app.route("/")
-def index():
-  with mail.connect() as conn:
-      for user in users:
-          message = '...'
-          subject = "hello, %s" % user.name
-          msg = Message(recipients=[user.email],
-                        html=message,
-                        subject=subject)
-
-          conn.send(msg)