Add additional info to concept tests

python/ql/test/library-tests/frameworks/flask/response_test.py

@@ -118,7 +118,7 @@ def response_modification1():  # $requestHandler
 @app.route("/content-type/response-modification2")  # $routeSetup="/content-type/response-modification2"
 def response_modification2():  # $requestHandler
     resp = make_response("<h1>hello</h1>")  # $HttpResponse mimetype=text/html responseBody="<h1>hello</h1>"
-    resp.headers["content-type"] = "text/plain"  # $ headerWriteName=unsanitized headerWriteValue=sanitized MISSING: HttpResponse mimetype=text/plain
+    resp.headers["content-type"] = "text/plain"  # $ headerWriteNameUnsanitized="content-type" headerWriteValueSanitized="text/plain" MISSING: HttpResponse mimetype=text/plain
     return resp  # $ SPURIOUS: HttpResponse mimetype=text/html responseBody=resp
 
 
@@ -148,7 +148,7 @@ def Response3():  # $requestHandler
 @app.route("/content-type/Response4")  # $routeSetup="/content-type/Response4"
 def Response4():  # $requestHandler
     # note: capitalization of Content-Type does not matter
-    resp = Response("<h1>hello</h1>", headers={"Content-TYPE": "text/plain"})  # $ headerWriteBulk headerWriteName=unsanitized headerWriteValue=sanitized HttpResponse responseBody="<h1>hello</h1>" SPURIOUS: mimetype=text/html MISSING: mimetype=text/plain
+    resp = Response("<h1>hello</h1>", headers={"Content-TYPE": "text/plain"})  # $ headerWriteBulk=Dict headerWriteNameUnsanitized headerWriteValueSanitized HttpResponse responseBody="<h1>hello</h1>" SPURIOUS: mimetype=text/html MISSING: mimetype=text/plain
     return resp  # $ SPURIOUS: HttpResponse mimetype=text/html responseBody=resp
 
 
@@ -156,7 +156,7 @@ def Response4():  # $requestHandler
 def Response5():  # $requestHandler
     # content_type argument takes priority (and result is text/plain)
     # note: capitalization of Content-Type does not matter
-    resp = Response("<h1>hello</h1>", headers={"Content-TYPE": "text/html"}, content_type="text/plain; charset=utf-8")  # $ headerWriteBulk headerWriteName=unsanitized headerWriteValue=sanitized HttpResponse mimetype=text/plain responseBody="<h1>hello</h1>"
+    resp = Response("<h1>hello</h1>", headers={"Content-TYPE": "text/html"}, content_type="text/plain; charset=utf-8")  # $ headerWriteBulk=Dict headerWriteNameUnsanitized headerWriteValueSanitized HttpResponse mimetype=text/plain responseBody="<h1>hello</h1>"
     return resp  # $ SPURIOUS: HttpResponse mimetype=text/html responseBody=resp
 
 
@@ -164,7 +164,7 @@ def Response5():  # $requestHandler
 def Response6():  # $requestHandler
     # mimetype argument takes priority over header (and result is text/plain)
     # note: capitalization of Content-Type does not matter
-    resp = Response("<h1>hello</h1>", headers={"Content-TYPE": "text/html"}, mimetype="text/plain")  # $ headerWriteBulk headerWriteName=unsanitized headerWriteValue=sanitized HttpResponse mimetype=text/plain responseBody="<h1>hello</h1>"
+    resp = Response("<h1>hello</h1>", headers={"Content-TYPE": "text/html"}, mimetype="text/plain")  # $ headerWriteBulk=Dict headerWriteNameUnsanitized headerWriteValueSanitized HttpResponse mimetype=text/plain responseBody="<h1>hello</h1>"
     return resp  # $ SPURIOUS: HttpResponse mimetype=text/html responseBody=resp
 
 
@@ -208,7 +208,7 @@ def setting_cookie():  # $requestHandler
     resp = make_response() # $ HttpResponse mimetype=text/html
     resp.set_cookie("key", "value") # $ CookieWrite CookieName="key" CookieValue="value"
     resp.set_cookie(key="key", value="value") # $ CookieWrite CookieName="key" CookieValue="value"
-    resp.headers.add("Set-Cookie", "key2=value2") # $ headerWriteName=unsanitized headerWriteValue=sanitized MISSING: CookieWrite CookieRawHeader="key2=value2"
+    resp.headers.add("Set-Cookie", "key2=value2") # $ headerWriteNameUnsanitized="Set-Cookie" headerWriteValueSanitized="key2=value2" MISSING: CookieWrite CookieRawHeader="key2=value2"
     resp.delete_cookie("key3") # $ CookieWrite CookieName="key3"
     resp.delete_cookie(key="key3") # $ CookieWrite CookieName="key3"
     return resp  # $ SPURIOUS: HttpResponse mimetype=text/html responseBody=resp
@@ -220,28 +220,29 @@ def setting_cookie():  # $requestHandler
 @app.route("/headers") # $routeSetup="/headers"
 def headers():  # $requestHandler
     resp1 = Response() # $ HttpResponse mimetype=text/html
-    resp1.headers['X-MyHeader'] = 'a' # $ headerWriteName=unsanitized headerWriteValue=sanitized 
+    resp1.headers["X-MyHeader"] = "a" # $ headerWriteNameUnsanitized="X-MyHeader" headerWriteValueSanitized="a"
     resp2 = make_response() # $ HttpResponse mimetype=text/html
-    resp2.headers['X-MyHeader'] = 'a' # $ headerWriteName=unsanitized headerWriteValue=sanitized 
-    resp2.headers.extend({'X-MyHeader2': 'b'}) # $ headerWriteBulk headerWriteName=unsanitized headerWriteValue=sanitized 
-    resp3 = make_response("hello", 200, {'X-MyHeader3': 'c'}) # $ HttpResponse mimetype=text/html responseBody="hello" headerWriteBulk headerWriteName=unsanitized headerWriteValue=sanitized
-    resp4 = make_response("hello", {'X-MyHeader4': 'd'}) # $ HttpResponse mimetype=text/html responseBody="hello" headerWriteBulk headerWriteName=unsanitized headerWriteValue=sanitized
-    return resp4  # $ SPURIOUS: HttpResponse mimetype=text/html responseBody=resp4
+    resp2.headers["X-MyHeader"] = "aa" # $ headerWriteNameUnsanitized="X-MyHeader" headerWriteValueSanitized="aa"
+    resp2.headers.extend({"X-MyHeader2": "b"}) # $ headerWriteBulk=Dict headerWriteNameUnsanitized headerWriteValueSanitized 
+    resp3 = make_response("hello", 200, {"X-MyHeader3": "c"}) # $ HttpResponse mimetype=text/html responseBody="hello" headerWriteBulk=Dict headerWriteNameUnsanitized headerWriteValueSanitized
+    resp4 = make_response("hello", {"X-MyHeader4": "d"}) # $ HttpResponse mimetype=text/html responseBody="hello" headerWriteBulk=Dict headerWriteNameUnsanitized headerWriteValueSanitized
+    resp5 = Response(headers={"X-MyHeader5":"e"}) # $ HttpResponse mimetype=text/html headerWriteBulk=Dict headerWriteNameUnsanitized headerWriteValueSanitized
+    return resp5  # $ SPURIOUS: HttpResponse mimetype=text/html responseBody=resp5
 
 @app.route("/werkzeug-headers") # $routeSetup="/werkzeug-headers"
 def werkzeug_headers():  # $requestHandler
     response = Response() # $ HttpResponse mimetype=text/html
     headers = Headers()
-    headers.add("X-MyHeader1", "a") # $ headerWriteName=unsanitized headerWriteValue=sanitized 
-    headers.add_header("X-MyHeader2", "b") # $ headerWriteName=unsanitized headerWriteValue=sanitized 
-    headers.set("X-MyHeader3", "c") # $ headerWriteName=unsanitized headerWriteValue=sanitized 
-    headers.setdefault("X-MyHeader4", "d") # $ headerWriteName=unsanitized headerWriteValue=sanitized 
-    headers.__setitem__("X-MyHeader5", "e") # $ headerWriteName=unsanitized headerWriteValue=sanitized 
-    headers["X-MyHeader6"] = "f" # $ headerWriteName=unsanitized headerWriteValue=sanitized 
+    headers.add("X-MyHeader1", "a") # $ headerWriteNameUnsanitized="X-MyHeader1" headerWriteValueSanitized="a"
+    headers.add_header("X-MyHeader2", "b") # $ headerWriteNameUnsanitized="X-MyHeader2" headerWriteValueSanitized="b"
+    headers.set("X-MyHeader3", "c") # $ headerWriteNameUnsanitized="X-MyHeader3" headerWriteValueSanitized="c" 
+    headers.setdefault("X-MyHeader4", "d") # $ headerWriteNameUnsanitized="X-MyHeader4" headerWriteValueSanitized="d" 
+    headers.__setitem__("X-MyHeader5", "e") # $ headerWriteNameUnsanitized="X-MyHeader5" headerWriteValueSanitized="e" 
+    headers["X-MyHeader6"] = "f" # $ headerWriteNameUnsanitized="X-MyHeader6" headerWriteValueSanitized="f" 
     h1 = {"X-MyHeader7": "g"}
-    headers.extend(h1) # $ headerWriteBulk headerWriteName=unsanitized headerWriteValue=sanitized 
+    headers.extend(h1) # $ headerWriteBulk=h1 headerWriteNameUnsanitized headerWriteValueSanitized 
     h2 = [("X-MyHeader8", "h")]
-    headers.extend(h2) # $ headerWriteBulk headerWriteName=unsanitized headerWriteValue=sanitized 
+    headers.extend(h2) # $ headerWriteBulk=h2 headerWriteNameUnsanitized headerWriteValueSanitized 
     response.headers = headers 
     return response # $ SPURIOUS: HttpResponse mimetype=text/html responseBody=response
 

python/ql/test/library-tests/frameworks/stdlib/wsgiref_simple_server_test.py

@@ -18,7 +18,7 @@ def func(environ, start_response): # $ requestHandler
         environ, # $ tainted
         environ["PATH_INFO"], # $ tainted
     )
-    write = start_response("200 OK", [("Content-Type", "text/plain")]) # $ headerWriteBulk headerWriteName=unsanitized headerWriteValue=unsanitized
+    write = start_response("200 OK", [("Content-Type", "text/plain")]) # $ headerWriteBulk=List headerWriteNameUnsanitized headerWriteValueUnsanitized
     write(b"hello") # $ HttpResponse responseBody=b"hello"
     write(data=b" ") # $ HttpResponse responseBody=b" "
 
@@ -33,16 +33,16 @@ class MyServer(wsgiref.simple_server.WSGIServer):
         self.set_app(self.my_method)
 
     def my_method(self, _env, start_response): # $ requestHandler
-        start_response("200 OK", []) # $ headerWriteBulk headerWriteName=unsanitized headerWriteValue=unsanitized
+        start_response("200 OK", []) # $ headerWriteBulk=List headerWriteNameUnsanitized headerWriteValueUnsanitized
         return [b"my_method"] # $ HttpResponse responseBody=List
 
 def func2(environ, start_response): # $ requestHandler
-    headers = wsgiref.headers.Headers([("Content-Type", "text/plain")]) # $ headerWriteBulk headerWriteName=unsanitized headerWriteValue=unsanitized
-    headers.add_header("X-MyHeader", "a") # $ headerWriteName=unsanitized headerWriteValue=unsanitized 
-    headers.setdefault("X-MyHeader2", "b") # $ headerWriteName=unsanitized headerWriteValue=unsanitized 
-    headers.__setitem__("X-MyHeader3", "c") # $ headerWriteName=unsanitized headerWriteValue=unsanitized 
-    headers["X-MyHeader4"] = "d" # $ headerWriteName=unsanitized headerWriteValue=unsanitized 
-    start_response(status, headers) # $ headerWriteBulk headerWriteName=unsanitized headerWriteValue=unsanitized
+    headers = wsgiref.headers.Headers([("Content-Type", "text/plain")]) # $ headerWriteBulk=List headerWriteNameUnsanitized headerWriteValueUnsanitized
+    headers.add_header("X-MyHeader", "a") # $ headerWriteNameUnsanitized="X-MyHeader" headerWriteValueUnsanitized="a"
+    headers.setdefault("X-MyHeader2", "b") # $ headerWriteNameUnsanitized="X-MyHeader2" headerWriteValueUnsanitized="b"
+    headers.__setitem__("X-MyHeader3", "c") # $ headerWriteNameUnsanitized="X-MyHeader3" headerWriteValueUnsanitized="c"
+    headers["X-MyHeader4"] = "d" # $ headerWriteNameUnsanitized="X-MyHeader4" headerWriteValueUnsanitized="d"
+    start_response(status, headers) # $ headerWriteBulk=headers headerWriteNameUnsanitized headerWriteValueUnsanitized
     return [b"Hello"] # $ HttpResponse responseBody=List
 
 case = sys.argv[1]
@@ -54,7 +54,7 @@ elif case == "2":
 elif case == "3":
     server = MyServer()
     def func3(_env, start_response): # $ requestHandler
-        start_response("200 OK", []) # $ headerWriteBulk headerWriteName=unsanitized headerWriteValue=unsanitized
+        start_response("200 OK", []) # $ headerWriteBulk=List headerWriteNameUnsanitized headerWriteValueUnsanitized
         return [b"foo"] # $ HttpResponse responseBody=List
     server.set_app(func3)
 elif case == "4":