Python: Clean up global flow test

2025-12-21 03:06:31 +01:00 · 2020-09-17 13:20:58 +02:00
parent 9458861b18
commit 797ac23db7
2 changed files with 39 additions and 14 deletions
--- a/python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/test.py
+++ b/python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/test.py
@@ -3,21 +3,42 @@ from taintlib import *

 # Various instances where flow is undesirable

-tainted = NOT_TAINTED
-ensure_not_tainted(tainted)
+
+# A global variable that starts out being not tainted, but gets tainted through a later assignment.
+# In this case, we do not want flow from the tainting assignment back to the place where the value
+# was used in a potentially unsafe manner.
+
+tainted_later = NOT_TAINTED
+ensure_not_tainted(tainted_later)

 def write_global():
-    global tainted
-    tainted = TAINTED_STRING
+    global tainted_later
+    tainted_later = TAINTED_STRING

-tainted2 = TAINTED_STRING
-len(tainted2)
-tainted2 = NOT_TAINTED
-ensure_not_tainted(tainted2)

-def use_of_tainted2():
-    global tainted2
-    tainted2 = NOT_TAINTED
+# A global variable that starts out tainted, and is subsequently reassigned to be untainted.
+# In this case we don't want flow from the first assignment to any of its uses.
+
+initially_tainted = TAINTED_STRING
+len(initially_tainted) # Some call that _could_ potentially modify `initially_tainted`
+initially_tainted = NOT_TAINTED
+ensure_not_tainted(initially_tainted)
+
+def use_of_initially_tainted():
+    ensure_not_tainted(initially_tainted) # FP
+
+
+# A very similar case to the above, but here we _do_ want taint flow, because the initially tainted
+# value is actually used before it gets reassigned to an untainted value. 
+
+def use_of_initially_tainted2():
+    ensure_tainted(initially_tainted)
+
+initially_tainted2 = TAINTED_STRING
+use_of_initially_tainted2()
+initially_tainted2 = NOT_TAINTED
+ensure_not_tainted(initially_tainted2)
+

 # Flow via global assigment

@@ -28,5 +49,6 @@ def write_tainted():
 def sink_global():
    ensure_tainted(g)

+write_global()
 write_tainted()
 sink_global()
--- a/python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/testTaint.expected
+++ b/python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/testTaint.expected
@@ -1,3 +1,6 @@
-| test.py:7 | ok   | test | tainted |
-| test.py:16 | ok   | test | tainted2 |
-| test.py:29 | ok   | sink_global | g |
+| test.py:12 | ok   | test | tainted_later |
+| test.py:25 | ok   | test | initially_tainted |
+| test.py:28 | fail | use_of_initially_tainted | initially_tainted |
+| test.py:35 | ok   | use_of_initially_tainted2 | initially_tainted |
+| test.py:40 | ok   | test | initially_tainted2 |
+| test.py:50 | ok   | sink_global | g |