hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Add more urlsplit tests

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2020-02-21 15:26:07 +01:00
parent 31ff652cb3
commit 798db91f71
2 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
python/ql/test/library-tests/taint/namedtuple/TestTaint.expected
View File

@@ -5,7 +5,10 @@
| test.py:13 | test_basic | urlsplit_res | [externally controlled string] |
| test.py:20 | test_sanitizer | Attribute | NO TAINT |
| test.py:23 | test_sanitizer | Subscript | NO TAINT |
| test.py:33 | test_namedtuple | a | NO TAINT |
| test.py:33 | test_namedtuple | b | NO TAINT |
| test.py:33 | test_namedtuple | c | NO TAINT |
| test.py:33 | test_namedtuple | d | NO TAINT |
| test.py:26 | test_sanitizer | Attribute | NO TAINT |
| test.py:29 | test_sanitizer | Attribute | externally controlled string |
| test.py:32 | test_sanitizer | Attribute | externally controlled string |
| test.py:42 | test_namedtuple | a | NO TAINT |
| test.py:42 | test_namedtuple | b | NO TAINT |
| test.py:42 | test_namedtuple | c | NO TAINT |
| test.py:42 | test_namedtuple | d | NO TAINT |

9
python/ql/test/library-tests/taint/namedtuple/test.py
View File

@@ -22,6 +22,15 @@ def test_sanitizer():
if urlsplit_res[2] == "OK":
test(urlsplit_res[0])
if urlsplit_res.netloc == "OK":
test(urlsplit_res.path) # FN
if urlsplit_res.netloc in ["OK"]:
test(urlsplit_res.netloc) # FP
if urlsplit_res.netloc in ["OK", non_constant()]:
test(urlsplit_res.netloc) # should be tainted
def test_namedtuple():
tainted_string = TAINTED_STRING
Point = namedtuple('Point', ['x', 'y'])