From 91b6801db13a5de9b6f39db9b6ea8674440ad93f Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 4 Mar 2026 12:09:22 +0000 Subject: [PATCH] py: Inline expectation should have space before $ --- .../import-resolution/block_flow_check.py | 2 +- .../experimental/import-resolution/foo.py | 4 +- .../import-resolution/generous_export.py | 2 +- .../import-resolution/if_then_else_refined.py | 2 +- .../experimental/import-resolution/main.py | 86 ++--- .../package/subpackage/__init__.py | 4 +- .../experimental/import-resolution/refined.py | 4 +- .../import-resolution/simplistic_reexport.py | 8 +- .../type_annotations.py | 10 +- .../CallGraph/code/self_passing.py | 2 +- .../test/library-tests/ApiGraphs/py2/test.py | 4 +- .../library-tests/ApiGraphs/py3/deftest1.py | 54 +-- .../library-tests/ApiGraphs/py3/deftest2.py | 26 +- .../test/library-tests/ApiGraphs/py3/test.py | 92 ++--- .../test/library-tests/ApiGraphs/py3/test1.py | 10 +- .../test/library-tests/ApiGraphs/py3/test2.py | 8 +- .../test/library-tests/ApiGraphs/py3/test3.py | 8 +- .../test/library-tests/ApiGraphs/py3/test4.py | 8 +- .../test/library-tests/ApiGraphs/py3/test5.py | 14 +- .../test/library-tests/ApiGraphs/py3/test6.py | 8 +- .../test/library-tests/ApiGraphs/py3/test7.py | 14 +- .../ApiGraphs/py3/test_annotations.py | 24 +- .../ApiGraphs/py3/test_captured.py | 8 +- .../ApiGraphs/py3/test_captured_flask.py | 6 +- .../py3/test_captured_inheritance.py | 12 +- .../library-tests/ApiGraphs/py3/test_deep.py | 8 +- .../ApiGraphs/py3/test_entry_point.py | 2 +- .../ApiGraphs/py3/test_import_star.py | 16 +- .../ApiGraphs/py3/test_import_star2.py | 8 +- .../ApiGraphs/py3/test_subscript.py | 10 +- .../test/library-tests/dataflow/basic/test.py | 12 +- .../dataflow/coverage-py2/classes.py | 2 +- .../coverage-py3/argumentRoutingTest.expected | 8 +- .../dataflow/coverage-py3/classes.py | 4 +- .../dataflow/coverage/argumentPassing.py | 44 +-- .../dataflow/coverage/classes.py | 362 +++++++++--------- .../dataflow/coverage/datamodel.py | 8 +- .../library-tests/dataflow/coverage/loops.py | 7 +- .../dataflow/coverage/module_level.py | 2 +- .../library-tests/dataflow/coverage/test.py | 258 ++++++------- .../dataflow/coverage/test_builtins.py | 236 ++++++------ .../dataflow/global-flow/known.py | 2 +- .../test/library-tests/dataflow/match/test.py | 40 +- .../module-initialization/multiphase.py | 44 +-- .../dataflow/typetracking/attribute_tests.py | 2 +- .../dataflow/variable-capture/by_value.py | 4 +- .../dataflow/variable-capture/dict.py | 8 +- .../dataflow/variable-capture/global.py | 12 +- .../dataflow/variable-capture/in.py | 12 +- .../dataflow/variable-capture/nonlocal.py | 8 +- .../variable-capture/test_collections.py | 10 +- .../dataflow/variable-capture/test_fields.py | 4 +- .../variable-capture/test_library_calls.py | 2 +- .../django-v2-v3/testproj/settings.py | 2 +- .../test/library-tests/regex/charRangeTest.py | 36 +- .../test/library-tests/regex/charSetTest.py | 36 +- .../regex/escapedCharacterTest.py | 30 +- .../ql/test/library-tests/regex/groupTest.py | 4 +- .../test.py | 54 +-- .../CWE-209-StackTraceExposure/Exceptions.py | 4 +- .../CWE-209-StackTraceExposure/Stacktrace.py | 18 +- .../CWE-209-StackTraceExposure/test.py | 10 +- .../flask_mongoengine_bad.py | 4 +- .../flask_mongoengine_good.py | 2 +- .../flask_pymongo_bad.py | 2 +- .../flask_pymongo_good.py | 2 +- .../CWE-943-NoSqlInjection/mongoengine_bad.py | 12 +- .../mongoengine_good.py | 4 +- .../CWE-943-NoSqlInjection/pymongo_test.py | 8 +- 69 files changed, 891 insertions(+), 892 deletions(-) diff --git a/python/ql/test/experimental/import-resolution/block_flow_check.py b/python/ql/test/experimental/import-resolution/block_flow_check.py index cd939b037e6..83bc3201b06 100644 --- a/python/ql/test/experimental/import-resolution/block_flow_check.py +++ b/python/ql/test/experimental/import-resolution/block_flow_check.py @@ -5,7 +5,7 @@ class SOURCE(object): @staticmethod def block_flow(): pass -check("SOURCE", SOURCE, SOURCE, globals()) #$ prints=SOURCE +check("SOURCE", SOURCE, SOURCE, globals()) # $ prints=SOURCE SOURCE.block_flow() diff --git a/python/ql/test/experimental/import-resolution/foo.py b/python/ql/test/experimental/import-resolution/foo.py index d112007ad03..e0986a6babf 100644 --- a/python/ql/test/experimental/import-resolution/foo.py +++ b/python/ql/test/experimental/import-resolution/foo.py @@ -8,7 +8,7 @@ foo_attr = "foo_attr" __private_foo_attr = "__private_foo_attr" # A reexport of bar under a new name. Used in main.py -import bar as bar_reexported #$ imports=bar as=bar_reexported -check("bar_reexported.bar_attr", bar_reexported.bar_attr, "bar_attr", globals()) #$ prints=bar_attr +import bar as bar_reexported # $ imports=bar as=bar_reexported +check("bar_reexported.bar_attr", bar_reexported.bar_attr, "bar_attr", globals()) # $ prints=bar_attr exit(__file__) diff --git a/python/ql/test/experimental/import-resolution/generous_export.py b/python/ql/test/experimental/import-resolution/generous_export.py index cbea96e19ce..3b817a29f82 100644 --- a/python/ql/test/experimental/import-resolution/generous_export.py +++ b/python/ql/test/experimental/import-resolution/generous_export.py @@ -5,7 +5,7 @@ class SOURCE(object): @staticmethod def block_flow(): pass -check("SOURCE", SOURCE, SOURCE, globals()) #$ prints=SOURCE +check("SOURCE", SOURCE, SOURCE, globals()) # $ prints=SOURCE if eval("False"): # With our current import resolution, this value for SOURCE will be considered to be diff --git a/python/ql/test/experimental/import-resolution/if_then_else_refined.py b/python/ql/test/experimental/import-resolution/if_then_else_refined.py index 670c7f178e9..fe1210fbf11 100644 --- a/python/ql/test/experimental/import-resolution/if_then_else_refined.py +++ b/python/ql/test/experimental/import-resolution/if_then_else_refined.py @@ -14,6 +14,6 @@ else: src.foo = 42 -check("src", src, src, globals()) #$ prints=SOURCE +check("src", src, src, globals()) # $ prints=SOURCE exit(__file__) diff --git a/python/ql/test/experimental/import-resolution/main.py b/python/ql/test/experimental/import-resolution/main.py index ce1bee040f4..43560800df5 100644 --- a/python/ql/test/experimental/import-resolution/main.py +++ b/python/ql/test/experimental/import-resolution/main.py @@ -24,76 +24,76 @@ from trace import * enter(__file__) # A simple import. Binds foo to the foo module -import foo #$ imports=foo as=foo -check("foo.foo_attr", foo.foo_attr, "foo_attr", globals()) #$ prints=foo_attr +import foo # $ imports=foo as=foo +check("foo.foo_attr", foo.foo_attr, "foo_attr", globals()) # $ prints=foo_attr # Private attributes are still accessible. -check("foo.__private_foo_attr", foo.__private_foo_attr, "__private_foo_attr", globals()) #$ prints=__private_foo_attr +check("foo.__private_foo_attr", foo.__private_foo_attr, "__private_foo_attr", globals()) # $ prints=__private_foo_attr # An aliased import, binding foo to foo_alias -import foo as foo_alias #$ imports=foo as=foo_alias -check("foo_alias.foo_attr", foo_alias.foo_attr, "foo_attr", globals()) #$ prints=foo_attr +import foo as foo_alias # $ imports=foo as=foo_alias +check("foo_alias.foo_attr", foo_alias.foo_attr, "foo_attr", globals()) # $ prints=foo_attr # A reference to a reexported module -check("foo.bar_reexported", foo.bar_reexported, "", globals()) #$ prints="" -check("foo.bar_reexported.bar_attr", foo.bar_reexported.bar_attr, "bar_attr", globals()) #$ prints=bar_attr +check("foo.bar_reexported", foo.bar_reexported, "", globals()) # $ prints="" +check("foo.bar_reexported.bar_attr", foo.bar_reexported.bar_attr, "bar_attr", globals()) # $ prints=bar_attr # A simple "import from" statement. from bar import bar_attr -check("bar_attr", bar_attr, "bar_attr", globals()) #$ prints=bar_attr +check("bar_attr", bar_attr, "bar_attr", globals()) # $ prints=bar_attr # Importing an attribute from a subpackage of a package. from package.subpackage import subpackage_attr -check("subpackage_attr", subpackage_attr, "subpackage_attr", globals()) #$ prints=subpackage_attr +check("subpackage_attr", subpackage_attr, "subpackage_attr", globals()) # $ prints=subpackage_attr # Importing a package attribute under an alias. from package import package_attr as package_attr_alias -check("package_attr_alias", package_attr_alias, "package_attr", globals()) #$ prints=package_attr +check("package_attr_alias", package_attr_alias, "package_attr", globals()) # $ prints=package_attr # Importing a subpackage under an alias. -from package import subpackage as aliased_subpackage #$ imports=package.subpackage.__init__ as=aliased_subpackage -check("aliased_subpackage.subpackage_attr", aliased_subpackage.subpackage_attr, "subpackage_attr", globals()) #$ prints=subpackage_attr +from package import subpackage as aliased_subpackage # $ imports=package.subpackage.__init__ as=aliased_subpackage +check("aliased_subpackage.subpackage_attr", aliased_subpackage.subpackage_attr, "subpackage_attr", globals()) # $ prints=subpackage_attr def local_import(): # Same as above, but in a local scope. - import package.subpackage as local_subpackage #$ imports=package.subpackage.__init__ as=local_subpackage - check("local_subpackage.subpackage_attr", local_subpackage.subpackage_attr, "subpackage_attr", locals()) #$ prints=subpackage_attr + import package.subpackage as local_subpackage # $ imports=package.subpackage.__init__ as=local_subpackage + check("local_subpackage.subpackage_attr", local_subpackage.subpackage_attr, "subpackage_attr", locals()) # $ prints=subpackage_attr local_import() # Importing a subpacking using `import` and binding it to a name. -import package.subpackage as aliased_subpackage #$ imports=package.subpackage.__init__ as=aliased_subpackage -check("aliased_subpackage.subpackage_attr", aliased_subpackage.subpackage_attr, "subpackage_attr", globals()) #$ prints=subpackage_attr +import package.subpackage as aliased_subpackage # $ imports=package.subpackage.__init__ as=aliased_subpackage +check("aliased_subpackage.subpackage_attr", aliased_subpackage.subpackage_attr, "subpackage_attr", globals()) # $ prints=subpackage_attr # Importing without binding instead binds the top level name. -import package.subpackage #$ imports=package.__init__ as=package -check("package.package_attr", package.package_attr, "package_attr", globals()) #$ prints=package_attr +import package.subpackage # $ imports=package.__init__ as=package +check("package.package_attr", package.package_attr, "package_attr", globals()) # $ prints=package_attr # Deep imports -import package.subpackage.submodule #$ imports=package.__init__ as=package -check("package.subpackage.submodule.submodule_attr", package.subpackage.submodule.submodule_attr, "submodule_attr", globals()) #$ prints=submodule_attr +import package.subpackage.submodule # $ imports=package.__init__ as=package +check("package.subpackage.submodule.submodule_attr", package.subpackage.submodule.submodule_attr, "submodule_attr", globals()) # $ prints=submodule_attr if sys.version_info[0] == 3: # Importing from a namespace module. from namespace_package.namespace_module import namespace_module_attr - check("namespace_module_attr", namespace_module_attr, "namespace_module_attr", globals()) #$ prints3=namespace_module_attr + check("namespace_module_attr", namespace_module_attr, "namespace_module_attr", globals()) # $ prints3=namespace_module_attr -from attr_clash import clashing_attr, non_clashing_submodule #$ imports=attr_clash.clashing_attr as=clashing_attr imports=attr_clash.non_clashing_submodule as=non_clashing_submodule -check("clashing_attr", clashing_attr, "clashing_attr", globals()) #$ prints=clashing_attr SPURIOUS: prints="" -check("non_clashing_submodule", non_clashing_submodule, "", globals()) #$ prints="" +from attr_clash import clashing_attr, non_clashing_submodule # $ imports=attr_clash.clashing_attr as=clashing_attr imports=attr_clash.non_clashing_submodule as=non_clashing_submodule +check("clashing_attr", clashing_attr, "clashing_attr", globals()) # $ prints=clashing_attr SPURIOUS: prints="" +check("non_clashing_submodule", non_clashing_submodule, "", globals()) # $ prints="" -import attr_clash.clashing_attr as _doesnt_matter #$ imports=attr_clash.clashing_attr as=_doesnt_matter -from attr_clash import clashing_attr, non_clashing_submodule #$ imports=attr_clash.clashing_attr as=clashing_attr imports=attr_clash.non_clashing_submodule as=non_clashing_submodule -check("clashing_attr", clashing_attr, "", globals()) #$ prints="" SPURIOUS: prints=clashing_attr +import attr_clash.clashing_attr as _doesnt_matter # $ imports=attr_clash.clashing_attr as=_doesnt_matter +from attr_clash import clashing_attr, non_clashing_submodule # $ imports=attr_clash.clashing_attr as=clashing_attr imports=attr_clash.non_clashing_submodule as=non_clashing_submodule +check("clashing_attr", clashing_attr, "", globals()) # $ prints="" SPURIOUS: prints=clashing_attr # check that import * only imports the __all__ attributes from has_defined_all import * -check("all_defined_foo", all_defined_foo, "all_defined_foo", globals()) #$ prints=all_defined_foo +check("all_defined_foo", all_defined_foo, "all_defined_foo", globals()) # $ prints=all_defined_foo try: - check("all_defined_bar", all_defined_bar, "all_defined_bar", globals()) #$ SPURIOUS: prints=all_defined_bar + check("all_defined_bar", all_defined_bar, "all_defined_bar", globals()) # $ SPURIOUS: prints=all_defined_bar raise Exception("Did not get expected NameError") except NameError as e: if "all_defined_bar" in str(e): @@ -102,15 +102,15 @@ except NameError as e: raise import has_defined_all # $ imports=has_defined_all as=has_defined_all -check("has_defined_all.all_defined_foo", has_defined_all.all_defined_foo, "all_defined_foo", globals()) #$ prints=all_defined_foo -check("has_defined_all.all_defined_bar", has_defined_all.all_defined_bar, "all_defined_bar", globals()) #$ prints=all_defined_bar +check("has_defined_all.all_defined_foo", has_defined_all.all_defined_foo, "all_defined_foo", globals()) # $ prints=all_defined_foo +check("has_defined_all.all_defined_bar", has_defined_all.all_defined_bar, "all_defined_bar", globals()) # $ prints=all_defined_bar # same check as above, but going through one level of indirection (which can make a difference) from has_defined_all_indirection import * -check("all_defined_foo_copy", all_defined_foo_copy, "all_defined_foo_copy", globals()) #$ prints=all_defined_foo_copy +check("all_defined_foo_copy", all_defined_foo_copy, "all_defined_foo_copy", globals()) # $ prints=all_defined_foo_copy try: - check("all_defined_bar_copy", all_defined_bar_copy, "all_defined_bar_copy", globals()) #$ SPURIOUS: prints=all_defined_bar_copy + check("all_defined_bar_copy", all_defined_bar_copy, "all_defined_bar_copy", globals()) # $ SPURIOUS: prints=all_defined_bar_copy raise Exception("Did not get expected NameError") except NameError as e: if "all_defined_bar_copy" in str(e): @@ -120,7 +120,7 @@ except NameError as e: # same check as above, but going through one level of indirection (which can make a difference) import has_defined_all_indirection # $ imports=has_defined_all_indirection as=has_defined_all_indirection -check("has_defined_all_indirection.all_defined_foo_copy", has_defined_all_indirection.all_defined_foo_copy, "all_defined_foo_copy", globals()) #$ prints=all_defined_foo_copy +check("has_defined_all_indirection.all_defined_foo_copy", has_defined_all_indirection.all_defined_foo_copy, "all_defined_foo_copy", globals()) # $ prints=all_defined_foo_copy try: check("has_defined_all_indirection.all_defined_bar_copy", has_defined_all_indirection.all_defined_bar_copy, "all_defined_bar_copy", globals()) @@ -133,30 +133,30 @@ except AttributeError as e: # check that import * from an __init__ file works from package.subpackage2 import * -check("subpackage2_attr", subpackage2_attr, "subpackage2_attr", globals()) #$ prints=subpackage2_attr +check("subpackage2_attr", subpackage2_attr, "subpackage2_attr", globals()) # $ prints=subpackage2_attr # check that definitions from within if-then-else are found from if_then_else import if_then_else_defined -check("if_then_else_defined", if_then_else_defined, "if_defined", globals()) #$ prints=if_defined prints=else_defined_1 prints=else_defined_2 +check("if_then_else_defined", if_then_else_defined, "if_defined", globals()) # $ prints=if_defined prints=else_defined_1 prints=else_defined_2 # check that refined definitions are handled correctly import refined # $ imports=refined as=refined -check("refined.SOURCE", refined.SOURCE, refined.SOURCE, globals()) #$ prints=SOURCE +check("refined.SOURCE", refined.SOURCE, refined.SOURCE, globals()) # $ prints=SOURCE import if_then_else_refined # $ imports=if_then_else_refined as=if_then_else_refined -check("if_then_else_refined.src", if_then_else_refined.src, if_then_else_refined.src, globals()) #$ prints=SOURCE +check("if_then_else_refined.src", if_then_else_refined.src, if_then_else_refined.src, globals()) # $ prints=SOURCE import simplistic_reexport # $ imports=simplistic_reexport as=simplistic_reexport -check("simplistic_reexport.bar_attr", simplistic_reexport.bar_attr, "overwritten", globals()) #$ prints=overwritten SPURIOUS: prints=bar_attr -check("simplistic_reexport.baz_attr", simplistic_reexport.baz_attr, "overwritten", globals()) #$ prints=overwritten SPURIOUS: prints=baz_attr +check("simplistic_reexport.bar_attr", simplistic_reexport.bar_attr, "overwritten", globals()) # $ prints=overwritten SPURIOUS: prints=bar_attr +check("simplistic_reexport.baz_attr", simplistic_reexport.baz_attr, "overwritten", globals()) # $ prints=overwritten SPURIOUS: prints=baz_attr # check that we don't treat all assignments as being exports -import block_flow_check #$ imports=block_flow_check as=block_flow_check +import block_flow_check # $ imports=block_flow_check as=block_flow_check check("block_flow_check.SOURCE", block_flow_check.SOURCE, block_flow_check.SOURCE, globals()) # show that import resolution is a bit too generous with definitions -import generous_export #$ imports=generous_export as=generous_export -check("generous_export.SOURCE", generous_export.SOURCE, generous_export.SOURCE, globals()) #$ SPURIOUS: prints=SOURCE +import generous_export # $ imports=generous_export as=generous_export +check("generous_export.SOURCE", generous_export.SOURCE, generous_export.SOURCE, globals()) # $ SPURIOUS: prints=SOURCE exit(__file__) diff --git a/python/ql/test/experimental/import-resolution/package/subpackage/__init__.py b/python/ql/test/experimental/import-resolution/package/subpackage/__init__.py index 9110bcfd506..1bd64b549c1 100644 --- a/python/ql/test/experimental/import-resolution/package/subpackage/__init__.py +++ b/python/ql/test/experimental/import-resolution/package/subpackage/__init__.py @@ -5,10 +5,10 @@ subpackage_attr = "subpackage_attr" # Importing an attribute from the parent package. from .. import attr_used_in_subpackage as imported_attr -check("imported_attr", imported_attr, "attr_used_in_subpackage", globals()) #$ prints=attr_used_in_subpackage +check("imported_attr", imported_attr, "attr_used_in_subpackage", globals()) # $ prints=attr_used_in_subpackage # Importing an irrelevant attribute from a sibling module binds the name to the module. from .submodule import irrelevant_attr -check("submodule.submodule_attr", submodule.submodule_attr, "submodule_attr", globals()) #$ MISSING:prints=submodule_attr +check("submodule.submodule_attr", submodule.submodule_attr, "submodule_attr", globals()) # $ MISSING:prints=submodule_attr exit(__file__) diff --git a/python/ql/test/experimental/import-resolution/refined.py b/python/ql/test/experimental/import-resolution/refined.py index 3694168c5df..218824fbaf1 100644 --- a/python/ql/test/experimental/import-resolution/refined.py +++ b/python/ql/test/experimental/import-resolution/refined.py @@ -3,12 +3,12 @@ enter(__file__) class SOURCE(object): pass -check("SOURCE", SOURCE, SOURCE, globals()) #$ prints=SOURCE +check("SOURCE", SOURCE, SOURCE, globals()) # $ prints=SOURCE SOURCE.foo = 42 SOURCE.bar = 43 SOURCE.baz = 44 -check("SOURCE", SOURCE, SOURCE, globals()) #$ prints=SOURCE +check("SOURCE", SOURCE, SOURCE, globals()) # $ prints=SOURCE exit(__file__) diff --git a/python/ql/test/experimental/import-resolution/simplistic_reexport.py b/python/ql/test/experimental/import-resolution/simplistic_reexport.py index 2847a8a66e0..1f02d647f9b 100644 --- a/python/ql/test/experimental/import-resolution/simplistic_reexport.py +++ b/python/ql/test/experimental/import-resolution/simplistic_reexport.py @@ -4,16 +4,16 @@ from trace import * enter(__file__) from bar import bar_attr -check("bar_attr", bar_attr, "bar_attr", globals()) #$ prints=bar_attr +check("bar_attr", bar_attr, "bar_attr", globals()) # $ prints=bar_attr bar_attr = "overwritten" -check("bar_attr", bar_attr, "overwritten", globals()) #$ prints=overwritten +check("bar_attr", bar_attr, "overwritten", globals()) # $ prints=overwritten from baz import * -check("baz_attr", baz_attr, "baz_attr", globals()) #$ MISSING: prints=baz_attr +check("baz_attr", baz_attr, "baz_attr", globals()) # $ MISSING: prints=baz_attr baz_attr = "overwritten" -check("baz_attr", baz_attr, "overwritten", globals()) #$ prints=overwritten +check("baz_attr", baz_attr, "overwritten", globals()) # $ prints=overwritten exit(__file__) diff --git a/python/ql/test/experimental/library-tests/CallGraph-type-annotations/type_annotations.py b/python/ql/test/experimental/library-tests/CallGraph-type-annotations/type_annotations.py index 51c08d1675e..a71d3103456 100644 --- a/python/ql/test/experimental/library-tests/CallGraph-type-annotations/type_annotations.py +++ b/python/ql/test/experimental/library-tests/CallGraph-type-annotations/type_annotations.py @@ -3,7 +3,7 @@ class Foo: pass def test_parameter_annotation(x: Foo): - x.method() #$ tt=Foo.method + x.method() # $ tt=Foo.method def test_no_parameter_annotation(x): x.method() @@ -12,21 +12,21 @@ def function_with_return_annotation() -> Foo: return eval("Foo()") def test_return_annotation(): - x = function_with_return_annotation() #$ pt,tt=function_with_return_annotation - x.method() #$ tt=Foo.method + x = function_with_return_annotation() # $ pt,tt=function_with_return_annotation + x.method() # $ tt=Foo.method def function_without_return_annotation(): return eval("Foo()") def test_no_return_annotation(): - x = function_without_return_annotation() #$ pt,tt=function_without_return_annotation + x = function_without_return_annotation() # $ pt,tt=function_without_return_annotation x.method() def test_variable_annotation(): x = eval("Foo()") x : Foo # Currently fails because there is no flow from the class definition to the type annotation. - x.method() #$ MISSING: tt=Foo.method + x.method() # $ MISSING: tt=Foo.method def test_no_variable_annotation(): x = eval("Foo()") diff --git a/python/ql/test/experimental/library-tests/CallGraph/code/self_passing.py b/python/ql/test/experimental/library-tests/CallGraph/code/self_passing.py index f5618450033..54809c0aef3 100644 --- a/python/ql/test/experimental/library-tests/CallGraph/code/self_passing.py +++ b/python/ql/test/experimental/library-tests/CallGraph/code/self_passing.py @@ -24,7 +24,7 @@ class A(Base): self.bar() # $ pt,tt=A.bar def not_called(self): - self.bar() #$ pt,tt=A.bar + self.bar() # $ pt,tt=A.bar def bar(self): print("A.bar") diff --git a/python/ql/test/library-tests/ApiGraphs/py2/test.py b/python/ql/test/library-tests/ApiGraphs/py2/test.py index d98eae40852..98178a43eaa 100644 --- a/python/ql/test/library-tests/ApiGraphs/py2/test.py +++ b/python/ql/test/library-tests/ApiGraphs/py2/test.py @@ -1,3 +1,3 @@ def python2_style(): - from __builtin__ import open #$ use=moduleImport("builtins").getMember("open") - open("hello.txt") #$ use=moduleImport("builtins").getMember("open").getReturn() + from __builtin__ import open # $ use=moduleImport("builtins").getMember("open") + open("hello.txt") # $ use=moduleImport("builtins").getMember("open").getReturn() diff --git a/python/ql/test/library-tests/ApiGraphs/py3/deftest1.py b/python/ql/test/library-tests/ApiGraphs/py3/deftest1.py index db04548eaa0..5e67e5f6f7e 100644 --- a/python/ql/test/library-tests/ApiGraphs/py3/deftest1.py +++ b/python/ql/test/library-tests/ApiGraphs/py3/deftest1.py @@ -1,29 +1,29 @@ -from mypkg import foo #$ use=moduleImport("mypkg").getMember("foo") +from mypkg import foo # $ use=moduleImport("mypkg").getMember("foo") -def callback(x): #$ use=moduleImport("mypkg").getMember("foo").getMember("bar").getParameter(0).getParameter(0) - x.baz() #$ use=moduleImport("mypkg").getMember("foo").getMember("bar").getParameter(0).getParameter(0).getMember("baz").getReturn() +def callback(x): # $ use=moduleImport("mypkg").getMember("foo").getMember("bar").getParameter(0).getParameter(0) + x.baz() # $ use=moduleImport("mypkg").getMember("foo").getMember("bar").getParameter(0).getParameter(0).getMember("baz").getReturn() -foo.bar(callback) #$ def=moduleImport("mypkg").getMember("foo").getMember("bar").getParameter(0) use=moduleImport("mypkg").getMember("foo").getMember("bar").getReturn() +foo.bar(callback) # $ def=moduleImport("mypkg").getMember("foo").getMember("bar").getParameter(0) use=moduleImport("mypkg").getMember("foo").getMember("bar").getReturn() -def callback2(x): #$ use=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0).getASubscript().getParameter(0) - x.baz2() #$ use=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0).getASubscript().getParameter(0).getMember("baz2").getReturn() +def callback2(x): # $ use=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0).getASubscript().getParameter(0) + x.baz2() # $ use=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0).getASubscript().getParameter(0).getMember("baz2").getReturn() mydict = { - "c": callback2, #$ def=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0).getASubscript() - "other": "whatever" #$ def=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0).getASubscript() + "c": callback2, # $ def=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0).getASubscript() + "other": "whatever" # $ def=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0).getASubscript() } -foo.baz(mydict) #$ def=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0) use=moduleImport("mypkg").getMember("foo").getMember("baz").getReturn() +foo.baz(mydict) # $ def=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0) use=moduleImport("mypkg").getMember("foo").getMember("baz").getReturn() -def callback3(x): #$ use=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0).getMember("third").getParameter(0) - x.baz3() #$ use=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0).getMember("third").getParameter(0).getMember("baz3").getReturn() +def callback3(x): # $ use=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0).getMember("third").getParameter(0) + x.baz3() # $ use=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0).getMember("third").getParameter(0).getMember("baz3").getReturn() -mydict.third = callback3 #$ def=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0).getMember("third") +mydict.third = callback3 # $ def=moduleImport("mypkg").getMember("foo").getMember("baz").getParameter(0).getMember("third") -foo.blab(mydict) #$ def=moduleImport("mypkg").getMember("foo").getMember("blab").getParameter(0) use=moduleImport("mypkg").getMember("foo").getMember("blab").getReturn() +foo.blab(mydict) # $ def=moduleImport("mypkg").getMember("foo").getMember("blab").getParameter(0) use=moduleImport("mypkg").getMember("foo").getMember("blab").getReturn() -def callback4(x): #$ use=moduleImport("mypkg").getMember("foo").getMember("quack").getParameter(0).getParameter(0) - x.baz4() #$ use=moduleImport("mypkg").getMember("foo").getMember("quack").getParameter(0).getParameter(0).getMember("baz4").getReturn() +def callback4(x): # $ use=moduleImport("mypkg").getMember("foo").getMember("quack").getParameter(0).getParameter(0) + x.baz4() # $ use=moduleImport("mypkg").getMember("foo").getMember("quack").getParameter(0).getParameter(0).getMember("baz4").getReturn() otherDict = { # TODO: Backtracking through a property set using a dict doesn't work, but I can backtrack through explicit property writes, e.g. the `otherDict.fourth` below. @@ -32,30 +32,30 @@ otherDict = { } otherDict.fourth = callback4 -foo.quack(otherDict.fourth) #$ def=moduleImport("mypkg").getMember("foo").getMember("quack").getParameter(0) use=moduleImport("mypkg").getMember("foo").getMember("quack").getReturn() +foo.quack(otherDict.fourth) # $ def=moduleImport("mypkg").getMember("foo").getMember("quack").getParameter(0) use=moduleImport("mypkg").getMember("foo").getMember("quack").getReturn() def namedCallback(myName, otherName): # Using named parameters: - myName() #$ use=moduleImport("mypkg").getMember("foo").getMember("blob").getParameter(0).getKeywordParameter("myName").getReturn() - otherName() #$ use=moduleImport("mypkg").getMember("foo").getMember("blob").getParameter(0).getKeywordParameter("otherName").getReturn() + myName() # $ use=moduleImport("mypkg").getMember("foo").getMember("blob").getParameter(0).getKeywordParameter("myName").getReturn() + otherName() # $ use=moduleImport("mypkg").getMember("foo").getMember("blob").getParameter(0).getKeywordParameter("otherName").getReturn() # Using numbered parameters: - myName() #$ use=moduleImport("mypkg").getMember("foo").getMember("blob").getParameter(0).getParameter(0).getReturn() - otherName() #$ use=moduleImport("mypkg").getMember("foo").getMember("blob").getParameter(0).getParameter(1).getReturn() + myName() # $ use=moduleImport("mypkg").getMember("foo").getMember("blob").getParameter(0).getParameter(0).getReturn() + otherName() # $ use=moduleImport("mypkg").getMember("foo").getMember("blob").getParameter(0).getParameter(1).getReturn() -foo.blob(namedCallback) #$ use=moduleImport("mypkg").getMember("foo").getMember("blob").getReturn() +foo.blob(namedCallback) # $ use=moduleImport("mypkg").getMember("foo").getMember("blob").getReturn() -foo.named(myName = 2) #$ def=moduleImport("mypkg").getMember("foo").getMember("named").getKeywordParameter("myName") +foo.named(myName = 2) # $ def=moduleImport("mypkg").getMember("foo").getMember("named").getKeywordParameter("myName") def recusisionCallback(x): - x.recursion() #$ use=moduleImport("mypkg").getMember("foo").getMember("rec").getParameter(0).getMember("callback").getParameter(0).getMember("recursion").getReturn() - x.recursion() #$ use=moduleImport("mypkg").getMember("foo").getMember("rec").getParameter(0).getMember("rec1").getMember("callback").getParameter(0).getMember("recursion").getReturn() - x.recursion() #$ use=moduleImport("mypkg").getMember("foo").getMember("rec").getParameter(0).getMember("rec1").getMember("rec2").getMember("callback").getParameter(0).getMember("recursion").getReturn() - x.recursion() #$ use=moduleImport("mypkg").getMember("foo").getMember("rec").getParameter(0).getMember("rec1").getMember("rec2").getMember("rec1").getMember("callback").getParameter(0).getMember("recursion").getReturn() + x.recursion() # $ use=moduleImport("mypkg").getMember("foo").getMember("rec").getParameter(0).getMember("callback").getParameter(0).getMember("recursion").getReturn() + x.recursion() # $ use=moduleImport("mypkg").getMember("foo").getMember("rec").getParameter(0).getMember("rec1").getMember("callback").getParameter(0).getMember("recursion").getReturn() + x.recursion() # $ use=moduleImport("mypkg").getMember("foo").getMember("rec").getParameter(0).getMember("rec1").getMember("rec2").getMember("callback").getParameter(0).getMember("recursion").getReturn() + x.recursion() # $ use=moduleImport("mypkg").getMember("foo").getMember("rec").getParameter(0).getMember("rec1").getMember("rec2").getMember("rec1").getMember("callback").getParameter(0).getMember("recursion").getReturn() recursiveDict = {}; recursiveDict.callback = recusisionCallback; recursiveDict.rec1 = recursiveDict; recursiveDict.rec2 = recursiveDict; -foo.rec(recursiveDict); #$ def=moduleImport("mypkg").getMember("foo").getMember("rec").getParameter(0) +foo.rec(recursiveDict); # $ def=moduleImport("mypkg").getMember("foo").getMember("rec").getParameter(0) diff --git a/python/ql/test/library-tests/ApiGraphs/py3/deftest2.py b/python/ql/test/library-tests/ApiGraphs/py3/deftest2.py index ef15ece04f6..9453e23ad1d 100644 --- a/python/ql/test/library-tests/ApiGraphs/py3/deftest2.py +++ b/python/ql/test/library-tests/ApiGraphs/py3/deftest2.py @@ -1,22 +1,22 @@ # Subclasses -from flask.views import View #$ use=moduleImport("flask").getMember("views").getMember("View") +from flask.views import View # $ use=moduleImport("flask").getMember("views").getMember("View") -class MyView(View): #$ use=moduleImport("flask").getMember("views").getMember("View").getASubclass() - myvar = 45 #$ def=moduleImport("flask").getMember("views").getMember("View").getASubclass().getMember("myvar") - def my_method(self): #$ def=moduleImport("flask").getMember("views").getMember("View").getASubclass().getMember("my_method") - return 3 #$ def=moduleImport("flask").getMember("views").getMember("View").getASubclass().getMember("my_method").getReturn() +class MyView(View): # $ use=moduleImport("flask").getMember("views").getMember("View").getASubclass() + myvar = 45 # $ def=moduleImport("flask").getMember("views").getMember("View").getASubclass().getMember("myvar") + def my_method(self): # $ def=moduleImport("flask").getMember("views").getMember("View").getASubclass().getMember("my_method") + return 3 # $ def=moduleImport("flask").getMember("views").getMember("View").getASubclass().getMember("my_method").getReturn() -instance = MyView() #$ use=moduleImport("flask").getMember("views").getMember("View").getASubclass().getReturn() +instance = MyView() # $ use=moduleImport("flask").getMember("views").getMember("View").getASubclass().getReturn() def internal(): - from pflask.views import View #$ use=moduleImport("pflask").getMember("views").getMember("View") - class IntMyView(View): #$ use=moduleImport("pflask").getMember("views").getMember("View").getASubclass() - my_internal_var = 35 #$ def=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getMember("my_internal_var") - def my_internal_method(self): #$ def=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getMember("my_internal_method") + from pflask.views import View # $ use=moduleImport("pflask").getMember("views").getMember("View") + class IntMyView(View): # $ use=moduleImport("pflask").getMember("views").getMember("View").getASubclass() + my_internal_var = 35 # $ def=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getMember("my_internal_var") + def my_internal_method(self): # $ def=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getMember("my_internal_method") pass - int_instance = IntMyView() #$ use=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getReturn() + int_instance = IntMyView() # $ use=moduleImport("pflask").getMember("views").getMember("View").getASubclass().getReturn() # ------------------------------------------------------------------------------ # Class decorator @@ -27,8 +27,8 @@ def my_class_decorator(cls): return cls @my_class_decorator -class MyViewWithDecorator(View): #$ use=moduleImport("flask").getMember("views").getMember("View").getASubclass() +class MyViewWithDecorator(View): # $ use=moduleImport("flask").getMember("views").getMember("View").getASubclass() pass -class SubclassFromDecorated(MyViewWithDecorator): #$ use=moduleImport("flask").getMember("views").getMember("View").getASubclass().getASubclass() +class SubclassFromDecorated(MyViewWithDecorator): # $ use=moduleImport("flask").getMember("views").getMember("View").getASubclass().getASubclass() pass diff --git a/python/ql/test/library-tests/ApiGraphs/py3/test.py b/python/ql/test/library-tests/ApiGraphs/py3/test.py index 424c6248907..350c213a005 100644 --- a/python/ql/test/library-tests/ApiGraphs/py3/test.py +++ b/python/ql/test/library-tests/ApiGraphs/py3/test.py @@ -1,44 +1,44 @@ -import a1 #$ use=moduleImport("a1") +import a1 # $ use=moduleImport("a1") -x = a1.blah1 #$ use=moduleImport("a1").getMember("blah1") +x = a1.blah1 # $ use=moduleImport("a1").getMember("blah1") -import a2 as m2 #$ use=moduleImport("a2") +import a2 as m2 # $ use=moduleImport("a2") -x2 = m2.blah2 #$ use=moduleImport("a2").getMember("blah2") +x2 = m2.blah2 # $ use=moduleImport("a2").getMember("blah2") -import a3.b3 as m3 #$ use=moduleImport("a3").getMember("b3") +import a3.b3 as m3 # $ use=moduleImport("a3").getMember("b3") -x3 = m3.blah3 #$ use=moduleImport("a3").getMember("b3").getMember("blah3") +x3 = m3.blah3 # $ use=moduleImport("a3").getMember("b3").getMember("blah3") -from a4.b4 import c4 as m4 #$ use=moduleImport("a4").getMember("b4").getMember("c4") +from a4.b4 import c4 as m4 # $ use=moduleImport("a4").getMember("b4").getMember("c4") -x4 = m4.blah4 #$ use=moduleImport("a4").getMember("b4").getMember("c4").getMember("blah4") +x4 = m4.blah4 # $ use=moduleImport("a4").getMember("b4").getMember("c4").getMember("blah4") -import a.b.c.d #$ use=moduleImport("a") +import a.b.c.d # $ use=moduleImport("a") -ab = a.b #$ use=moduleImport("a").getMember("b") +ab = a.b # $ use=moduleImport("a").getMember("b") -abc = ab.c #$ use=moduleImport("a").getMember("b").getMember("c") +abc = ab.c # $ use=moduleImport("a").getMember("b").getMember("c") -abcd = abc.d #$ use=moduleImport("a").getMember("b").getMember("c").getMember("d") +abcd = abc.d # $ use=moduleImport("a").getMember("b").getMember("c").getMember("d") -x5 = abcd.method() #$ use=moduleImport("a").getMember("b").getMember("c").getMember("d").getMember("method").getReturn() +x5 = abcd.method() # $ use=moduleImport("a").getMember("b").getMember("c").getMember("d").getMember("method").getReturn() from a.b.c.d import method -x5_alt = method() #$ use=moduleImport("a").getMember("b").getMember("c").getMember("d").getMember("method").getReturn() +x5_alt = method() # $ use=moduleImport("a").getMember("b").getMember("c").getMember("d").getMember("method").getReturn() -from a6 import m6 #$ use=moduleImport("a6").getMember("m6") +from a6 import m6 # $ use=moduleImport("a6").getMember("m6") -x6 = m6().foo().bar() #$ use=moduleImport("a6").getMember("m6").getReturn().getMember("foo").getReturn().getMember("bar").getReturn() +x6 = m6().foo().bar() # $ use=moduleImport("a6").getMember("m6").getReturn().getMember("foo").getReturn().getMember("bar").getReturn() -import foo.baz.baz as fbb #$ use=moduleImport("foo").getMember("baz").getMember("baz") -from foo.bar.baz import quux as fbbq #$ use=moduleImport("foo").getMember("bar").getMember("baz").getMember("quux") -from ham.bar.eggs import spam as hbes #$ use=moduleImport("ham").getMember("bar").getMember("eggs").getMember("spam") -fbb.quux #$ use=moduleImport("foo").getMember("baz").getMember("baz").getMember("quux") -fbbq #$ use=moduleImport("foo").getMember("bar").getMember("baz").getMember("quux") -hbes #$ use=moduleImport("ham").getMember("bar").getMember("eggs").getMember("spam") +import foo.baz.baz as fbb # $ use=moduleImport("foo").getMember("baz").getMember("baz") +from foo.bar.baz import quux as fbbq # $ use=moduleImport("foo").getMember("bar").getMember("baz").getMember("quux") +from ham.bar.eggs import spam as hbes # $ use=moduleImport("ham").getMember("bar").getMember("eggs").getMember("spam") +fbb.quux # $ use=moduleImport("foo").getMember("baz").getMember("baz").getMember("quux") +fbbq # $ use=moduleImport("foo").getMember("bar").getMember("baz").getMember("quux") +hbes # $ use=moduleImport("ham").getMember("bar").getMember("eggs").getMember("spam") -import foo.bar.baz #$ use=moduleImport("foo") +import foo.bar.baz # $ use=moduleImport("foo") # Relative imports. These are ignored @@ -50,51 +50,51 @@ from ..foobar import baz # Use of imports across scopes def use_m4(): - x = m4.blah4 #$ use=moduleImport("a4").getMember("b4").getMember("c4").getMember("blah4") + x = m4.blah4 # $ use=moduleImport("a4").getMember("b4").getMember("c4").getMember("blah4") def local_import_use(): - from foo import bar #$ use=moduleImport("foo").getMember("bar") + from foo import bar # $ use=moduleImport("foo").getMember("bar") - x = bar() #$ use=moduleImport("foo").getMember("bar").getReturn() + x = bar() # $ use=moduleImport("foo").getMember("bar").getReturn() -from eggs import ham as spam #$ use=moduleImport("eggs").getMember("ham") +from eggs import ham as spam # $ use=moduleImport("eggs").getMember("ham") def bbb(): - f = spam #$ use=moduleImport("eggs").getMember("ham") + f = spam # $ use=moduleImport("eggs").getMember("ham") -from danger import SOURCE #$ use=moduleImport("danger").getMember("SOURCE") +from danger import SOURCE # $ use=moduleImport("danger").getMember("SOURCE") -foo = SOURCE #$ use=moduleImport("danger").getMember("SOURCE") +foo = SOURCE # $ use=moduleImport("danger").getMember("SOURCE") def change_foo(): global foo - foo = SOURCE #$ use=moduleImport("danger").getMember("SOURCE") + foo = SOURCE # $ use=moduleImport("danger").getMember("SOURCE") def f(): global foo - sink(foo) #$ use=moduleImport("danger").getMember("SOURCE") + sink(foo) # $ use=moduleImport("danger").getMember("SOURCE") foo = NONSOURCE change_foo() - sink(foo) #$ use=moduleImport("danger").getMember("SOURCE") + sink(foo) # $ use=moduleImport("danger").getMember("SOURCE") # Built-ins def use_of_builtins(): - for x in range(5): #$ use=moduleImport("builtins").getMember("range").getReturn() - if x < len([]): #$ use=moduleImport("builtins").getMember("len").getReturn() - print("Hello") #$ use=moduleImport("builtins").getMember("print").getReturn() - raise Exception("Farewell") #$ use=moduleImport("builtins").getMember("Exception").getReturn() + for x in range(5): # $ use=moduleImport("builtins").getMember("range").getReturn() + if x < len([]): # $ use=moduleImport("builtins").getMember("len").getReturn() + print("Hello") # $ use=moduleImport("builtins").getMember("print").getReturn() + raise Exception("Farewell") # $ use=moduleImport("builtins").getMember("Exception").getReturn() def imported_builtins(): - import builtins #$ use=moduleImport("builtins") + import builtins # $ use=moduleImport("builtins") def open(f): - return builtins.open(f) #$ use=moduleImport("builtins").getMember("open").getReturn() + return builtins.open(f) # $ use=moduleImport("builtins").getMember("open").getReturn() def redefine_print(): def my_print(x): - import builtins #$ use=moduleImport("builtins") - builtins.print("I'm printing", x) #$ use=moduleImport("builtins").getMember("print").getReturn() + import builtins # $ use=moduleImport("builtins") + builtins.print("I'm printing", x) # $ use=moduleImport("builtins").getMember("print").getReturn() print = my_print print("these words") @@ -109,13 +109,13 @@ def global_redefine_chr(): def what_is_chr_now(): # If global_redefine_chr has been run, then the following is _not_ a reference to the built-in chr - return chr(123) #$ MISSING: use=moduleImport("builtins").getMember("chr").getReturn() + return chr(123) # $ MISSING: use=moduleImport("builtins").getMember("chr").getReturn() def obscured_print(): - p = print #$ use=moduleImport("builtins").getMember("print") - p("Can you see me?") #$ use=moduleImport("builtins").getMember("print").getReturn() + p = print # $ use=moduleImport("builtins").getMember("print") + p("Can you see me?") # $ use=moduleImport("builtins").getMember("print").getReturn() def python2_style(): # In Python 3, `__builtin__` has no special meaning. - from __builtin__ import open #$ use=moduleImport("__builtin__").getMember("open") - open("hello.txt") #$ use=moduleImport("__builtin__").getMember("open").getReturn() + from __builtin__ import open # $ use=moduleImport("__builtin__").getMember("open") + open("hello.txt") # $ use=moduleImport("__builtin__").getMember("open").getReturn() diff --git a/python/ql/test/library-tests/ApiGraphs/py3/test1.py b/python/ql/test/library-tests/ApiGraphs/py3/test1.py index 471cb09d4fa..548070cd60e 100644 --- a/python/ql/test/library-tests/ApiGraphs/py3/test1.py +++ b/python/ql/test/library-tests/ApiGraphs/py3/test1.py @@ -1,6 +1,6 @@ -import mypkg #$ use=moduleImport("mypkg") -print(mypkg.foo) #$ use=moduleImport("mypkg").getMember("foo") // 42 +import mypkg # $ use=moduleImport("mypkg") +print(mypkg.foo) # $ use=moduleImport("mypkg").getMember("foo") // 42 try: - print(mypkg.bar) #$ use=moduleImport("mypkg").getMember("bar") -except AttributeError as e: #$ use=moduleImport("builtins").getMember("AttributeError") - print(e) #$ use=moduleImport("builtins").getMember("print").getReturn() // module 'mypkg' has no attribute 'bar' + print(mypkg.bar) # $ use=moduleImport("mypkg").getMember("bar") +except AttributeError as e: # $ use=moduleImport("builtins").getMember("AttributeError") + print(e) # $ use=moduleImport("builtins").getMember("print").getReturn() // module 'mypkg' has no attribute 'bar' diff --git a/python/ql/test/library-tests/ApiGraphs/py3/test2.py b/python/ql/test/library-tests/ApiGraphs/py3/test2.py index dce67f0b034..00e65f12853 100644 --- a/python/ql/test/library-tests/ApiGraphs/py3/test2.py +++ b/python/ql/test/library-tests/ApiGraphs/py3/test2.py @@ -1,4 +1,4 @@ -from mypkg import foo #$ use=moduleImport("mypkg").getMember("foo") -from mypkg import bar #$ use=moduleImport("mypkg").getMember("bar") -print(foo) #$ use=moduleImport("mypkg").getMember("foo") -print(bar) #$ use=moduleImport("mypkg").getMember("bar") +from mypkg import foo # $ use=moduleImport("mypkg").getMember("foo") +from mypkg import bar # $ use=moduleImport("mypkg").getMember("bar") +print(foo) # $ use=moduleImport("mypkg").getMember("foo") +print(bar) # $ use=moduleImport("mypkg").getMember("bar") diff --git a/python/ql/test/library-tests/ApiGraphs/py3/test3.py b/python/ql/test/library-tests/ApiGraphs/py3/test3.py index 83ff25cc402..b8f27f62fa6 100644 --- a/python/ql/test/library-tests/ApiGraphs/py3/test3.py +++ b/python/ql/test/library-tests/ApiGraphs/py3/test3.py @@ -1,4 +1,4 @@ -import mypkg.foo #$ use=moduleImport("mypkg") -import mypkg.bar #$ use=moduleImport("mypkg") -print(mypkg.foo) #$ use=moduleImport("mypkg").getMember("foo") // ', methods=['GET','PUT']) def users(id): - Users.query.filter_by(id=id).first() #$ use=moduleImport("flask_sqlalchemy").getMember("SQLAlchemy").getReturn().getMember("Model").getASubclass().getMember("query").getMember("filter_by") + Users.query.filter_by(id=id).first() # $ use=moduleImport("flask_sqlalchemy").getMember("SQLAlchemy").getReturn().getMember("Model").getASubclass().getMember("query").getMember("filter_by") diff --git a/python/ql/test/library-tests/ApiGraphs/py3/test_captured_inheritance.py b/python/ql/test/library-tests/ApiGraphs/py3/test_captured_inheritance.py index 14ceb88b54a..77e4dd7ed25 100644 --- a/python/ql/test/library-tests/ApiGraphs/py3/test_captured_inheritance.py +++ b/python/ql/test/library-tests/ApiGraphs/py3/test_captured_inheritance.py @@ -10,17 +10,17 @@ def func(): class Bar(B): pass class Baz(A): pass - + def other_func(): - print(Foo) #$ use=moduleImport("foo").getMember("A").getASubclass() use=moduleImport("foo").getMember("B").getASubclass() + print(Foo) # $ use=moduleImport("foo").getMember("A").getASubclass() use=moduleImport("foo").getMember("B").getASubclass() # On the next line, we wish to express that it is not possible for `Bar` to be a subclass of `A`. # However, we have no "true negative" annotation, so we use the MISSING annotation instead. # (Normally, "true negative" is not needed as all applicable annotations must be present, - # but these API graph tests work differently, since having all results recorded in annotations + # but these API graph tests work differently, since having all results recorded in annotations # would be excessive) - print(Bar) #$ use=moduleImport("foo").getMember("B").getASubclass() MISSING: use=moduleImport("foo").getMember("A").getASubclass() - print(Baz) #$ use=moduleImport("foo").getMember("B").getASubclass() SPURIOUS: use=moduleImport("foo").getMember("A").getASubclass() + print(Bar) # $ use=moduleImport("foo").getMember("B").getASubclass() MISSING: use=moduleImport("foo").getMember("A").getASubclass() + print(Baz) # $ use=moduleImport("foo").getMember("B").getASubclass() SPURIOUS: use=moduleImport("foo").getMember("A").getASubclass() class Baz(B): pass - other_func() \ No newline at end of file + other_func() diff --git a/python/ql/test/library-tests/ApiGraphs/py3/test_deep.py b/python/ql/test/library-tests/ApiGraphs/py3/test_deep.py index 0d5dab44411..e67bbadc642 100644 --- a/python/ql/test/library-tests/ApiGraphs/py3/test_deep.py +++ b/python/ql/test/library-tests/ApiGraphs/py3/test_deep.py @@ -1,4 +1,4 @@ -from start.middle.end import foo #$ use=moduleImport("start").getMember("middle").getMember("end").getMember("foo") -from start.middle.end import bar #$ use=moduleImport("start").getMember("middle").getMember("end").getMember("bar") -print(foo) #$ use=moduleImport("start").getMember("middle").getMember("end").getMember("foo") -print(bar) #$ use=moduleImport("start").getMember("middle").getMember("end").getMember("bar") \ No newline at end of file +from start.middle.end import foo # $ use=moduleImport("start").getMember("middle").getMember("end").getMember("foo") +from start.middle.end import bar # $ use=moduleImport("start").getMember("middle").getMember("end").getMember("bar") +print(foo) # $ use=moduleImport("start").getMember("middle").getMember("end").getMember("foo") +print(bar) # $ use=moduleImport("start").getMember("middle").getMember("end").getMember("bar") diff --git a/python/ql/test/library-tests/ApiGraphs/py3/test_entry_point.py b/python/ql/test/library-tests/ApiGraphs/py3/test_entry_point.py index 17d0cfacc4b..e5c5a0579a0 100644 --- a/python/ql/test/library-tests/ApiGraphs/py3/test_entry_point.py +++ b/python/ql/test/library-tests/ApiGraphs/py3/test_entry_point.py @@ -1,2 +1,2 @@ -"magic_string".foo.bar #$ use=entryPoint("CustomEntryPoint").getMember("foo").getMember("bar") +"magic_string".foo.bar # $ use=entryPoint("CustomEntryPoint").getMember("foo").getMember("bar") "magic_string2".foo.bar diff --git a/python/ql/test/library-tests/ApiGraphs/py3/test_import_star.py b/python/ql/test/library-tests/ApiGraphs/py3/test_import_star.py index edf344bac29..8b29a7d2e8f 100644 --- a/python/ql/test/library-tests/ApiGraphs/py3/test_import_star.py +++ b/python/ql/test/library-tests/ApiGraphs/py3/test_import_star.py @@ -1,12 +1,12 @@ # Star imports -from unknown import * #$ use=moduleImport("unknown") +from unknown import * # $ use=moduleImport("unknown") # This used to be missing, as we did not consider `hello` to be a `LocalSourceNode`, # since it has flow going into it from its corresponding `GlobalSsaVariable`. -hello() #$ use=moduleImport("unknown").getMember("hello").getReturn() +hello() # $ use=moduleImport("unknown").getMember("hello").getReturn() -print(const_from_unknown) #$ use=moduleImport("unknown").getMember("const_from_unknown") +print(const_from_unknown) # $ use=moduleImport("unknown").getMember("const_from_unknown") # We don't want our analysis to think that either `non_module_member` or `outer_bar` can # come from `from unknown import *` @@ -16,23 +16,23 @@ outer_bar = 5 outer_bar def foo(): - world() #$ use=moduleImport("unknown").getMember("world").getReturn() + world() # $ use=moduleImport("unknown").getMember("world").getReturn() bar = 5 bar non_module_member - print(bar) #$ use=moduleImport("builtins").getMember("print").getReturn() + print(bar) # $ use=moduleImport("builtins").getMember("print").getReturn() def quux(): global non_module_member non_module_member = 5 def func1(): - var() #$ use=moduleImport("unknown").getMember("var").getReturn() + var() # $ use=moduleImport("unknown").getMember("var").getReturn() def func2(): var = "FOO" def func3(): - var2 = print #$ use=moduleImport("builtins").getMember("print") + var2 = print # $ use=moduleImport("builtins").getMember("print") def func4(): - var2() #$ use=moduleImport("builtins").getMember("print").getReturn() + var2() # $ use=moduleImport("builtins").getMember("print").getReturn() func4() diff --git a/python/ql/test/library-tests/ApiGraphs/py3/test_import_star2.py b/python/ql/test/library-tests/ApiGraphs/py3/test_import_star2.py index a73f1f43548..d6f26a5bc40 100644 --- a/python/ql/test/library-tests/ApiGraphs/py3/test_import_star2.py +++ b/python/ql/test/library-tests/ApiGraphs/py3/test_import_star2.py @@ -1,14 +1,14 @@ # Star imports in local scope -hello2() +hello2() def foo(): - from unknown2 import * #$ use=moduleImport("unknown2") - world2() #$ use=moduleImport("unknown2").getMember("world2").getReturn() + from unknown2 import * # $ use=moduleImport("unknown2") + world2() # $ use=moduleImport("unknown2").getMember("world2").getReturn() bar2 = 5 bar2 non_module_member2 - print(bar2) #$ use=moduleImport("builtins").getMember("print").getReturn() + print(bar2) # $ use=moduleImport("builtins").getMember("print").getReturn() def quux2(): global non_module_member2 diff --git a/python/ql/test/library-tests/ApiGraphs/py3/test_subscript.py b/python/ql/test/library-tests/ApiGraphs/py3/test_subscript.py index c4d3c655983..5773facfca0 100644 --- a/python/ql/test/library-tests/ApiGraphs/py3/test_subscript.py +++ b/python/ql/test/library-tests/ApiGraphs/py3/test_subscript.py @@ -1,8 +1,8 @@ import mypkg def test_subscript(): - bar = mypkg.foo()["bar"] #$ use=moduleImport("mypkg").getMember("foo").getReturn().getASubscript() - mypkg.foo()["baz"] = 42 #$ def=moduleImport("mypkg").getMember("foo").getReturn().getASubscript() - mypkg.foo()["qux"] += 42 #$ use=moduleImport("mypkg").getMember("foo").getReturn().getASubscript() - mypkg.foo()["qux"] += 42 #$ def=moduleImport("mypkg").getMember("foo").getReturn().getASubscript() - mypkg.foo()[mypkg.index] = mypkg.value #$ def=moduleImport("mypkg").getMember("foo").getReturn().getASubscript() + bar = mypkg.foo()["bar"] # $ use=moduleImport("mypkg").getMember("foo").getReturn().getASubscript() + mypkg.foo()["baz"] = 42 # $ def=moduleImport("mypkg").getMember("foo").getReturn().getASubscript() + mypkg.foo()["qux"] += 42 # $ use=moduleImport("mypkg").getMember("foo").getReturn().getASubscript() + mypkg.foo()["qux"] += 42 # $ def=moduleImport("mypkg").getMember("foo").getReturn().getASubscript() + mypkg.foo()[mypkg.index] = mypkg.value # $ def=moduleImport("mypkg").getMember("foo").getReturn().getASubscript() diff --git a/python/ql/test/library-tests/dataflow/basic/test.py b/python/ql/test/library-tests/dataflow/basic/test.py index aa1f9906b7c..b0d4307ad2a 100644 --- a/python/ql/test/library-tests/dataflow/basic/test.py +++ b/python/ql/test/library-tests/dataflow/basic/test.py @@ -1,7 +1,7 @@ -def obfuscated_id(x): #$ step="FunctionExpr -> obfuscated_id" - y = x #$ step="x -> y" step="x, l:-1 -> x" - z = y #$ step="y -> z" step="y, l:-1 -> y" - return z #$ flow="42, l:+2 -> z" step="z, l:-1 -> z" +def obfuscated_id(x): # $ step="FunctionExpr -> obfuscated_id" + y = x # $ step="x -> y" step="x, l:-1 -> x" + z = y # $ step="y -> z" step="y, l:-1 -> y" + return z # $ flow="42, l:+2 -> z" step="z, l:-1 -> z" -a = 42 #$ step="42 -> a" -b = obfuscated_id(a) #$ flow="42, l:-1 -> b" flow="FunctionExpr, l:-6 -> obfuscated_id" step="obfuscated_id(..) -> b" step="obfuscated_id, l:-6 -> obfuscated_id" step="a, l:-1 -> a" +a = 42 # $ step="42 -> a" +b = obfuscated_id(a) # $ flow="42, l:-1 -> b" flow="FunctionExpr, l:-6 -> obfuscated_id" step="obfuscated_id(..) -> b" step="obfuscated_id, l:-6 -> obfuscated_id" step="a, l:-1 -> a" diff --git a/python/ql/test/library-tests/dataflow/coverage-py2/classes.py b/python/ql/test/library-tests/dataflow/coverage-py2/classes.py index 48dbaea8e93..9f1b92c7b4d 100644 --- a/python/ql/test/library-tests/dataflow/coverage-py2/classes.py +++ b/python/ql/test/library-tests/dataflow/coverage-py2/classes.py @@ -50,5 +50,5 @@ class With_index: def test_index(): import operator - with_index = With_index() #$ MISSING: arg1="SSA variable with_index" func=With_index.__index__ + with_index = With_index() # $ MISSING: arg1="SSA variable with_index" func=With_index.__index__ operator.index(with_index) diff --git a/python/ql/test/library-tests/dataflow/coverage-py3/argumentRoutingTest.expected b/python/ql/test/library-tests/dataflow/coverage-py3/argumentRoutingTest.expected index a0001b7c55c..0eaf5273669 100644 --- a/python/ql/test/library-tests/dataflow/coverage-py3/argumentRoutingTest.expected +++ b/python/ql/test/library-tests/dataflow/coverage-py3/argumentRoutingTest.expected @@ -1,4 +1,4 @@ -| classes.py:54:44:54:107 | Comment #$ arg1="with_length_hint" func=With_length_hint.__length_hint__ | Missing result: arg1="with_length_hint" | -| classes.py:54:44:54:107 | Comment #$ arg1="with_length_hint" func=With_length_hint.__length_hint__ | Missing result: func=With_length_hint.__length_hint__ | -| classes.py:71:32:71:77 | Comment #$ arg1="with_index" func=With_index.__index__ | Missing result: arg1="with_index" | -| classes.py:71:32:71:77 | Comment #$ arg1="with_index" func=With_index.__index__ | Missing result: func=With_index.__index__ | +| classes.py:54:44:54:107 | Comment # $ arg1="with_length_hint" func=With_length_hint.__length_hint__ | Missing result: arg1="with_length_hint" | +| classes.py:54:44:54:107 | Comment # $ arg1="with_length_hint" func=With_length_hint.__length_hint__ | Missing result: func=With_length_hint.__length_hint__ | +| classes.py:71:32:71:77 | Comment # $ arg1="with_index" func=With_index.__index__ | Missing result: arg1="with_index" | +| classes.py:71:32:71:77 | Comment # $ arg1="with_index" func=With_index.__index__ | Missing result: func=With_index.__index__ | diff --git a/python/ql/test/library-tests/dataflow/coverage-py3/classes.py b/python/ql/test/library-tests/dataflow/coverage-py3/classes.py index 199c31c2535..20a6d725505 100644 --- a/python/ql/test/library-tests/dataflow/coverage-py3/classes.py +++ b/python/ql/test/library-tests/dataflow/coverage-py3/classes.py @@ -51,7 +51,7 @@ class With_length_hint: def test_length_hint(): import operator - with_length_hint = With_length_hint() #$ arg1="with_length_hint" func=With_length_hint.__length_hint__ + with_length_hint = With_length_hint() # $ arg1="with_length_hint" func=With_length_hint.__length_hint__ operator.length_hint(with_length_hint) @@ -68,5 +68,5 @@ class With_index: def test_index(): import operator - with_index = With_index() #$ arg1="with_index" func=With_index.__index__ + with_index = With_index() # $ arg1="with_index" func=With_index.__index__ operator.index(with_index) diff --git a/python/ql/test/library-tests/dataflow/coverage/argumentPassing.py b/python/ql/test/library-tests/dataflow/coverage/argumentPassing.py index 5ece2a3aaa6..dc70cd2dc6c 100644 --- a/python/ql/test/library-tests/dataflow/coverage/argumentPassing.py +++ b/python/ql/test/library-tests/dataflow/coverage/argumentPassing.py @@ -53,9 +53,9 @@ def argument_passing( b, /, c, - d=arg4, #$ arg4 func=argument_passing + d=arg4, # $ arg4 func=argument_passing *, - e=arg5, #$ arg5 func=argument_passing + e=arg5, # $ arg5 func=argument_passing f, **g, ): @@ -73,12 +73,12 @@ def argument_passing( @expects(7) def test_argument_passing1(): - argument_passing(arg1, *(arg2, arg3, arg4), e=arg5, **{"f": arg6, "g": arg7}) #$ arg1 arg5 arg6 arg7 func=argument_passing MISSING: arg2 arg3 arg4 + argument_passing(arg1, *(arg2, arg3, arg4), e=arg5, **{"f": arg6, "g": arg7}) # $ arg1 arg5 arg6 arg7 func=argument_passing MISSING: arg2 arg3 arg4 @expects(7) def test_argument_passing2(): - argument_passing(arg1, arg2, arg3, f=arg6) #$ arg1 arg2 arg3 arg6 + argument_passing(arg1, arg2, arg3, f=arg6) # $ arg1 arg2 arg3 arg6 def with_pos_only(a, /, b): @@ -88,9 +88,9 @@ def with_pos_only(a, /, b): @expects(6) def test_pos_only(): - with_pos_only(arg1, arg2) #$ arg1 arg2 - with_pos_only(arg1, b=arg2) #$ arg1 arg2 - with_pos_only(arg1, *(arg2,)) #$ arg1 MISSING: arg2 + with_pos_only(arg1, arg2) # $ arg1 arg2 + with_pos_only(arg1, b=arg2) # $ arg1 arg2 + with_pos_only(arg1, *(arg2,)) # $ arg1 MISSING: arg2 def with_multiple_kw_args(a, b, c): @@ -101,13 +101,13 @@ def with_multiple_kw_args(a, b, c): @expects(12) def test_multiple_kw_args(): - with_multiple_kw_args(b=arg2, c=arg3, a=arg1) #$ arg1 arg2 arg3 - with_multiple_kw_args(arg1, *(arg2,), arg3) #$ arg1 MISSING: arg2 arg3 - with_multiple_kw_args(arg1, **{"c": arg3}, b=arg2) #$ arg1 arg2 arg3 func=with_multiple_kw_args - with_multiple_kw_args(**{"b": arg2}, **{"c": arg3}, **{"a": arg1}) #$ arg1 arg2 arg3 func=with_multiple_kw_args + with_multiple_kw_args(b=arg2, c=arg3, a=arg1) # $ arg1 arg2 arg3 + with_multiple_kw_args(arg1, *(arg2,), arg3) # $ arg1 MISSING: arg2 arg3 + with_multiple_kw_args(arg1, **{"c": arg3}, b=arg2) # $ arg1 arg2 arg3 func=with_multiple_kw_args + with_multiple_kw_args(**{"b": arg2}, **{"c": arg3}, **{"a": arg1}) # $ arg1 arg2 arg3 func=with_multiple_kw_args -def with_default_arguments(a=arg1, b=arg2, c=arg3): #$ arg1 arg2 arg3 func=with_default_arguments +def with_default_arguments(a=arg1, b=arg2, c=arg3): # $ arg1 arg2 arg3 func=with_default_arguments SINK1(a) SINK2(b) SINK3(c) @@ -116,9 +116,9 @@ def with_default_arguments(a=arg1, b=arg2, c=arg3): #$ arg1 arg2 arg3 func=with @expects(12) def test_default_arguments(): with_default_arguments() - with_default_arguments(arg1) #$ arg1 - with_default_arguments(b=arg2) #$ arg2 - with_default_arguments(**{"c": arg3}) #$ arg3 func=with_default_arguments + with_default_arguments(arg1) # $ arg1 + with_default_arguments(b=arg2) # $ arg2 + with_default_arguments(**{"c": arg3}) # $ arg3 func=with_default_arguments # All combinations @@ -126,14 +126,14 @@ def test_pos_pos(): def with_pos(a): SINK1(a) - with_pos(arg1) #$ arg1 func=test_pos_pos.with_pos + with_pos(arg1) # $ arg1 func=test_pos_pos.with_pos def test_pos_pos_only(): def with_pos_only(a, /): SINK1(a) - with_pos_only(arg1) #$ arg1 func=test_pos_pos_only.with_pos_only + with_pos_only(arg1) # $ arg1 func=test_pos_pos_only.with_pos_only def test_pos_star(): @@ -141,35 +141,35 @@ def test_pos_star(): if len(a) > 0: SINK1(a[0]) - with_star(arg1) #$ arg1 func=test_pos_star.with_star + with_star(arg1) # $ arg1 func=test_pos_star.with_star def test_pos_kw(): def with_kw(a=""): SINK1(a) - with_kw(arg1) #$ arg1 func=test_pos_kw.with_kw + with_kw(arg1) # $ arg1 func=test_pos_kw.with_kw def test_kw_pos(): def with_pos(a): SINK1(a) - with_pos(a=arg1) #$ arg1 func=test_kw_pos.with_pos + with_pos(a=arg1) # $ arg1 func=test_kw_pos.with_pos def test_kw_kw(): def with_kw(a=""): SINK1(a) - with_kw(a=arg1) #$ arg1 func=test_kw_kw.with_kw + with_kw(a=arg1) # $ arg1 func=test_kw_kw.with_kw def test_kw_doublestar(): def with_doublestar(**kwargs): SINK1(kwargs["a"]) - with_doublestar(a=arg1) #$ arg1 func=test_kw_doublestar.with_doublestar + with_doublestar(a=arg1) # $ arg1 func=test_kw_doublestar.with_doublestar def only_kwargs(**kwargs): diff --git a/python/ql/test/library-tests/dataflow/coverage/classes.py b/python/ql/test/library-tests/dataflow/coverage/classes.py index 74127d34d20..2bd1b8f4856 100644 --- a/python/ql/test/library-tests/dataflow/coverage/classes.py +++ b/python/ql/test/library-tests/dataflow/coverage/classes.py @@ -38,7 +38,7 @@ def OK(): # object.__new__(cls[, ...]) -class With_new: #$ MISSING: arg1="With_new" func=With_new.__new__ +class With_new: # $ MISSING: arg1="With_new" func=With_new.__new__ def __new__(cls): SINK1(cls) OK() # Call not found @@ -57,7 +57,7 @@ class With_init: def test_init(): - with_init = With_init() #$ MISSING: arg1="with_init" func=With_init.__init__ + with_init = With_init() # $ MISSING: arg1="with_init" func=With_init.__init__ # object.__del__(self) @@ -68,7 +68,7 @@ class With_del: def test_del(): - with_del = With_del() #$ MISSING: arg1="with_del" func=With_del.__del__ + with_del = With_del() # $ MISSING: arg1="with_del" func=With_del.__del__ del with_del @@ -81,7 +81,7 @@ class With_repr: def test_repr(): - with_repr = With_repr() #$ MISSING: arg1="with_repr" func=With_repr.__repr__ + with_repr = With_repr() # $ MISSING: arg1="with_repr" func=With_repr.__repr__ repr(with_repr) @@ -94,7 +94,7 @@ class With_str: def test_str(): - with_str = With_str() #$ MISSING: arg1="with_str" func=With_str.__str__ + with_str = With_str() # $ MISSING: arg1="with_str" func=With_str.__str__ str(with_str) @@ -107,7 +107,7 @@ class With_bytes: def test_bytes(): - with_bytes = With_bytes() #$ MISSING: arg1="with_bytes" func=With_bytes.__bytes__ + with_bytes = With_bytes() # $ MISSING: arg1="with_bytes" func=With_bytes.__bytes__ bytes(with_bytes) @@ -121,18 +121,18 @@ class With_format: def test_format(): - with_format = With_format() #$ MISSING: arg1="with_format" func=With_format.__format__ - arg2 = "" #$ MISSING: arg2 func=With_format.__format__ + with_format = With_format() # $ MISSING: arg1="with_format" func=With_format.__format__ + arg2 = "" # $ MISSING: arg2 func=With_format.__format__ format(with_format, arg2) def test_format_str(): - with_format = With_format() #$ MISSING: arg1="with_format" func=With_format.__format__ + with_format = With_format() # $ MISSING: arg1="with_format" func=With_format.__format__ "{0}".format(with_format) def test_format_fstr(): - with_format = With_format() #$ MISSING: arg1="with_format" func=With_format.__format__ + with_format = With_format() # $ MISSING: arg1="with_format" func=With_format.__format__ f"{with_format}" @@ -146,8 +146,8 @@ class With_lt: def test_lt(): - with_lt = With_lt() #$ MISSING: arg1="with_lt" func=With_lt.__lt__ - arg2 = with_lt #$ MISSING: arg2 func=With_lt.__lt__ + with_lt = With_lt() # $ MISSING: arg1="with_lt" func=With_lt.__lt__ + arg2 = with_lt # $ MISSING: arg2 func=With_lt.__lt__ with_lt < arg2 @@ -161,8 +161,8 @@ class With_le: def test_le(): - with_le = With_le() #$ MISSING: arg1="with_le" func=With_le.__le__ - arg2 = with_le #$ MISSING: arg2 func=With_le.__le__ + with_le = With_le() # $ MISSING: arg1="with_le" func=With_le.__le__ + arg2 = with_le # $ MISSING: arg2 func=With_le.__le__ with_le <= arg2 @@ -176,8 +176,8 @@ class With_eq: def test_eq(): - with_eq = With_eq() #$ MISSING: arg1="with_eq" func=With_eq.__eq__ - with_eq == with_eq #$ MISSING: arg2="with_eq" func=With_eq.__eq__ + with_eq = With_eq() # $ MISSING: arg1="with_eq" func=With_eq.__eq__ + with_eq == with_eq # $ MISSING: arg2="with_eq" func=With_eq.__eq__ # object.__ne__(self, other) @@ -190,8 +190,8 @@ class With_ne: def test_ne(): - with_ne = With_ne() #$ MISSING: arg1="with_ne" func=With_ne.__ne__ - with_ne != with_ne #$ MISSING: arg2="with_ne" func=With_ne.__ne__ + with_ne = With_ne() # $ MISSING: arg1="with_ne" func=With_ne.__ne__ + with_ne != with_ne # $ MISSING: arg2="with_ne" func=With_ne.__ne__ # object.__gt__(self, other) @@ -204,8 +204,8 @@ class With_gt: def test_gt(): - with_gt = With_gt() #$ MISSING: arg1="with_gt" func=With_gt.__gt__ - arg2 = with_gt #$ MISSING: arg2 func=With_gt.__gt__ + with_gt = With_gt() # $ MISSING: arg1="with_gt" func=With_gt.__gt__ + arg2 = with_gt # $ MISSING: arg2 func=With_gt.__gt__ with_gt > arg2 @@ -219,8 +219,8 @@ class With_ge: def test_ge(): - with_ge = With_ge() #$ MISSING: arg1="with_ge" func=With_ge.__ge__ - arg2 = with_ge #$ MISSING: arg2 func=With_ge.__ge__ + with_ge = With_ge() # $ MISSING: arg1="with_ge" func=With_ge.__ge__ + arg2 = with_ge # $ MISSING: arg2 func=With_ge.__ge__ with_ge >= arg2 @@ -233,22 +233,22 @@ class With_hash: def test_hash(): - with_hash = With_hash() #$ MISSING: arg1="with_hash" func=With_hash.__hash__ + with_hash = With_hash() # $ MISSING: arg1="with_hash" func=With_hash.__hash__ hash(with_hash) def test_hash_set(): - with_hash = With_hash() #$ MISSING: arg1="with_hash" func=With_hash.__hash__ + with_hash = With_hash() # $ MISSING: arg1="with_hash" func=With_hash.__hash__ len(set([with_hash])) def test_hash_frozenset(): - with_hash = With_hash() #$ MISSING: arg1="with_hash" func=With_hash.__hash__ + with_hash = With_hash() # $ MISSING: arg1="with_hash" func=With_hash.__hash__ len(frozenset([with_hash])) def test_hash_dict(): - with_hash = With_hash() #$ MISSING: arg1="with_hash" func=With_hash.__hash__ + with_hash = With_hash() # $ MISSING: arg1="with_hash" func=With_hash.__hash__ len(dict({with_hash: 0})) @@ -261,12 +261,12 @@ class With_bool: def test_bool(): - with_bool = With_bool() #$ MISSING: arg1="with_bool" func=With_bool.__bool__ + with_bool = With_bool() # $ MISSING: arg1="with_bool" func=With_bool.__bool__ bool(with_bool) def test_bool_if(): - with_bool = With_bool() #$ MISSING: arg1="with_bool" func=With_bool.__bool__ + with_bool = With_bool() # $ MISSING: arg1="with_bool" func=With_bool.__bool__ if with_bool: pass @@ -282,8 +282,8 @@ class With_getattr: def test_getattr(): - with_getattr = With_getattr() #$ MISSING: arg1="with_getattr" func=With_getattr.__getattr__ - with_getattr.arg2 #$ MISSING: arg2="with_getattr.arg2" func=With_getattr.__getattr__ + with_getattr = With_getattr() # $ MISSING: arg1="with_getattr" func=With_getattr.__getattr__ + with_getattr.arg2 # $ MISSING: arg2="with_getattr.arg2" func=With_getattr.__getattr__ # object.__getattribute__(self, name) @@ -296,8 +296,8 @@ class With_getattribute: def test_getattribute(): - with_getattribute = With_getattribute() #$ MISSING: arg1="with_getattribute" func=With_getattribute.__getattribute__ - with_getattribute.arg2 #$ MISSING: arg2 func=With_getattribute.__getattribute__ + with_getattribute = With_getattribute() # $ MISSING: arg1="with_getattribute" func=With_getattribute.__getattribute__ + with_getattribute.arg2 # $ MISSING: arg2 func=With_getattribute.__getattribute__ # object.__setattr__(self, name, value) @@ -310,9 +310,9 @@ class With_setattr: def test_setattr(): - with_setattr = With_setattr() #$ MISSING: arg1="with_setattr" func=With_setattr.__setattr__ - arg3 = "" #$ MISSING: arg3 func=With_setattr.__setattr__ - with_setattr.arg2 = arg3 #$ MISSING: arg2 func=With_setattr.__setattr__ + with_setattr = With_setattr() # $ MISSING: arg1="with_setattr" func=With_setattr.__setattr__ + arg3 = "" # $ MISSING: arg3 func=With_setattr.__setattr__ + with_setattr.arg2 = arg3 # $ MISSING: arg2 func=With_setattr.__setattr__ # object.__delattr__(self, name) @@ -324,8 +324,8 @@ class With_delattr: def test_delattr(): - with_delattr = With_delattr() #$ MISSING: arg1="with_delattr" func=With_delattr.__delattr__ - del with_delattr.arg2 #$ MISSING: arg2 func=With_delattr.__delattr__ + with_delattr = With_delattr() # $ MISSING: arg1="with_delattr" func=With_delattr.__delattr__ + del with_delattr.arg2 # $ MISSING: arg2 func=With_delattr.__delattr__ # object.__dir__(self) @@ -337,7 +337,7 @@ class With_dir: def test_dir(): - with_dir = With_dir() #$ MISSING: arg1="with_dir" func=With_dir.__dir__ + with_dir = With_dir() # $ MISSING: arg1="with_dir" func=With_dir.__dir__ dir(with_dir) @@ -360,9 +360,9 @@ def test_get(): class arg3: pass - with_get = With_get() #$ MISSING: arg1="with_get" func=With_get.__get__ + with_get = With_get() # $ MISSING: arg1="with_get" func=With_get.__get__ arg3.attr = with_get - arg2 = arg3() #$ MISSING: arg2 func=With_get.__get__ + arg2 = arg3() # $ MISSING: arg2 func=With_get.__get__ arg2.attr @@ -376,10 +376,10 @@ class With_set: def test_set(): - with_set = With_set() #$ MISSING: arg1="with_set" func=With_set.__set__ + with_set = With_set() # $ MISSING: arg1="with_set" func=With_set.__set__ Owner.attr = with_set - arg2 = Owner() #$ MISSING: arg2 func=With_set.__set__ - arg3 = "" #$ MISSING: arg3 func=With_set.__set__ + arg2 = Owner() # $ MISSING: arg2 func=With_set.__set__ + arg3 = "" # $ MISSING: arg3 func=With_set.__set__ arg2.attr = arg3 @@ -392,9 +392,9 @@ class With_delete: def test_delete(): - with_delete = With_delete() #$ MISSING: arg1="with_delete" func=With_delete.__delete__ + with_delete = With_delete() # $ MISSING: arg1="with_delete" func=With_delete.__delete__ Owner.attr = with_delete - arg2 = Owner() #$ MISSING: arg2 func=With_delete.__delete__ + arg2 = Owner() # $ MISSING: arg2 func=With_delete.__delete__ del arg2.attr @@ -408,8 +408,8 @@ class With_set_name: def test_set_name(): - with_set_name = With_set_name() #$ MISSING: arg1="with_set_name" func=With_set_name.__set_name__ - type("arg2", (object,), dict(arg3=with_set_name)) #$ MISSING: arg2 arg3 func=With_set_name.__set_name__ + with_set_name = With_set_name() # $ MISSING: arg1="with_set_name" func=With_set_name.__set_name__ + type("arg2", (object,), dict(arg3=with_set_name)) # $ MISSING: arg2 arg3 func=With_set_name.__set_name__ # 3.3.2.4. __slots__ // We are not testing the suppression of __weakref__ and __dict__ here @@ -421,7 +421,7 @@ def test_set_name(): # classmethod object.__init_subclass__(cls) class With_init_subclass: def __init_subclass__(cls): - SINK1(cls) #$ MISSING: arg1="Tuple[0], l:+5 -> cls" + SINK1(cls) # $ MISSING: arg1="Tuple[0], l:+5 -> cls" OK() # Call not found @@ -441,7 +441,7 @@ class With_prepare(type): def __prepare__(name, bases, **kwds): SINK3(kwds) # Flow not tested SINK2(bases) # Flow not tested - SINK1(name) #$ MISSING: arg1="arg1, l:+6 -> name" + SINK1(name) # $ MISSING: arg1="arg1, l:+6 -> name" OK() # Call not found return kwds @@ -462,8 +462,8 @@ class With_instancecheck: def test_instancecheck(): - with_instancecheck = With_instancecheck() #$ MISSING: arg1="with_instancecheck" func=With_instancecheck.__instancecheck__ - arg2 = "" #$ MISSING: arg2 func=With_instancecheck.__instancecheck__ + with_instancecheck = With_instancecheck() # $ MISSING: arg1="with_instancecheck" func=With_instancecheck.__instancecheck__ + arg2 = "" # $ MISSING: arg2 func=With_instancecheck.__instancecheck__ isinstance(arg2, with_instancecheck) @@ -477,14 +477,14 @@ class With_subclasscheck: def test_subclasscheck(): - with_subclasscheck = With_subclasscheck() #$ MISSING: arg1="with_subclasscheck" func=With_subclasscheck.__subclasscheck__ - arg2 = object #$ MISSING: arg2 func=With_subclasscheck.__subclasscheck__ + with_subclasscheck = With_subclasscheck() # $ MISSING: arg1="with_subclasscheck" func=With_subclasscheck.__subclasscheck__ + arg2 = object # $ MISSING: arg2 func=With_subclasscheck.__subclasscheck__ issubclass(arg2, with_subclasscheck) # 3.3.5. Emulating generic types # classmethod object.__class_getitem__(cls, key) -class With_class_getitem: #$ MISSING: arg1="With_class_getitem" func=With_class_getitem.__class_getitem__ +class With_class_getitem: # $ MISSING: arg1="With_class_getitem" func=With_class_getitem.__class_getitem__ def __class_getitem__(cls, key): SINK2(key) SINK1(cls) @@ -493,7 +493,7 @@ class With_class_getitem: #$ MISSING: arg1="With_class_getitem" func=With_class def test_class_getitem(): - arg2 = int #$ MISSING: arg2 func=With_class_getitem.__class_getitem__ + arg2 = int # $ MISSING: arg2 func=With_class_getitem.__class_getitem__ with_class_getitem = With_class_getitem[arg2]() @@ -506,7 +506,7 @@ class With_call: def test_call(): - with_call = With_call() #$ arg1="with_call" func=With_call.__call__ + with_call = With_call() # $ arg1="with_call" func=With_call.__call__ with_call() @@ -520,17 +520,17 @@ class With_len: def test_len(): - with_len = With_len() #$ MISSING: arg1="with_len" func=With_len.__len__ + with_len = With_len() # $ MISSING: arg1="with_len" func=With_len.__len__ len(with_len) def test_len_bool(): - with_len = With_len() #$ MISSING: arg1="with_len" func=With_len.__len__ + with_len = With_len() # $ MISSING: arg1="with_len" func=With_len.__len__ bool(with_len) def test_len_if(): - with_len = With_len() #$ MISSING: arg1="with_len" func=With_len.__len__ + with_len = With_len() # $ MISSING: arg1="with_len" func=With_len.__len__ if with_len: pass @@ -545,9 +545,9 @@ class With_getitem: def test_getitem(): - with_getitem = With_getitem() #$ MISSING: arg1="with_getitem" func=With_getitem.__getitem__ + with_getitem = With_getitem() # $ MISSING: arg1="with_getitem" func=With_getitem.__getitem__ arg2 = 0 - with_getitem[arg2] #$ MISSING: arg2 func=With_getitem.__getitem__ + with_getitem[arg2] # $ MISSING: arg2 func=With_getitem.__getitem__ # object.__setitem__(self, key, value) @@ -560,10 +560,10 @@ class With_setitem: def test_setitem(): - with_setitem = With_setitem() #$ MISSING: arg1="with_setitem" func=With_setitem.__setitem__ + with_setitem = With_setitem() # $ MISSING: arg1="with_setitem" func=With_setitem.__setitem__ arg2 = 0 arg3 = "" - with_setitem[arg2] = arg3 #$ MISSING: arg2 arg3 func=With_setitem.__setitem__ + with_setitem[arg2] = arg3 # $ MISSING: arg2 arg3 func=With_setitem.__setitem__ # object.__delitem__(self, key) @@ -575,9 +575,9 @@ class With_delitem: def test_delitem(): - with_delitem = With_delitem() #$ MISSING: arg1="with_delitem" func=With_delitem.__delitem__ + with_delitem = With_delitem() # $ MISSING: arg1="with_delitem" func=With_delitem.__delitem__ arg2 = 0 - del with_delitem[arg2] #$ MISSING: arg2 func=With_delitem.__delitem__ + del with_delitem[arg2] # $ MISSING: arg2 func=With_delitem.__delitem__ # object.__missing__(self, key) @@ -590,8 +590,8 @@ class With_missing(dict): def test_missing(): - with_missing = With_missing() #$ MISSING: arg1="with_missing" func=With_missing.__missing__ - arg2 = 0 #$ MISSING: arg2 func=With_missing.__missing__ + with_missing = With_missing() # $ MISSING: arg1="with_missing" func=With_missing.__missing__ + arg2 = 0 # $ MISSING: arg2 func=With_missing.__missing__ with_missing[arg2] @@ -604,7 +604,7 @@ class With_iter: def test_iter(): - with_iter = With_iter() #$ MISSING: arg1="with_iter" func=With_iter.__iter__ + with_iter = With_iter() # $ MISSING: arg1="with_iter" func=With_iter.__iter__ [x for x in with_iter] @@ -617,7 +617,7 @@ class With_reversed: def test_reversed(): - with_reversed = With_reversed() #$ MISSING: arg1="with_reversed" func=With_reversed.__reversed__ + with_reversed = With_reversed() # $ MISSING: arg1="with_reversed" func=With_reversed.__reversed__ reversed(with_reversed) @@ -631,8 +631,8 @@ class With_contains: def test_contains(): - with_contains = With_contains() #$ MISSING: arg1="with_contains" func=With_contains.__contains__ - arg2 = 0 #$ MISSING: arg2 func=With_contains.__contains__ + with_contains = With_contains() # $ MISSING: arg1="with_contains" func=With_contains.__contains__ + arg2 = 0 # $ MISSING: arg2 func=With_contains.__contains__ arg2 in with_contains @@ -647,9 +647,9 @@ class With_add: def test_add(): - with_add = With_add() #$ MISSING: arg1="with_add" func=With_add.__add__ + with_add = With_add() # $ MISSING: arg1="with_add" func=With_add.__add__ arg2 = with_add - with_add + arg2 #$ MISSING: arg2 func=With_add.__add__ + with_add + arg2 # $ MISSING: arg2 func=With_add.__add__ # object.__sub__(self, other) @@ -662,9 +662,9 @@ class With_sub: def test_sub(): - with_sub = With_sub() #$ MISSING: arg1="with_sub" func=With_sub.__sub__ + with_sub = With_sub() # $ MISSING: arg1="with_sub" func=With_sub.__sub__ arg2 = with_sub - with_sub - arg2 #$ MISSING: arg2 func=With_sub.__sub__ + with_sub - arg2 # $ MISSING: arg2 func=With_sub.__sub__ # object.__mul__(self, other) @@ -677,9 +677,9 @@ class With_mul: def test_mul(): - with_mul = With_mul() #$ MISSING: arg1="with_mul" func=With_mul.__mul__ + with_mul = With_mul() # $ MISSING: arg1="with_mul" func=With_mul.__mul__ arg2 = with_mul - with_mul * arg2 #$ MISSING: arg2 func=With_mul.__mul__ + with_mul * arg2 # $ MISSING: arg2 func=With_mul.__mul__ # object.__matmul__(self, other) @@ -692,9 +692,9 @@ class With_matmul: def test_matmul(): - with_matmul = With_matmul() #$ MISSING: arg1="with_matmul" func=With_matmul.__matmul__ + with_matmul = With_matmul() # $ MISSING: arg1="with_matmul" func=With_matmul.__matmul__ arg2 = with_matmul - with_matmul @ arg2 #$ MISSING: arg2 func=With_matmul.__matmul__ + with_matmul @ arg2 # $ MISSING: arg2 func=With_matmul.__matmul__ # object.__truediv__(self, other) @@ -707,9 +707,9 @@ class With_truediv: def test_truediv(): - with_truediv = With_truediv() #$ MISSING: arg1="with_truediv" func=With_truediv.__truediv__ + with_truediv = With_truediv() # $ MISSING: arg1="with_truediv" func=With_truediv.__truediv__ arg2 = with_truediv - with_truediv / arg2 #$ MISSING: arg2 func=With_truediv.__truediv__ + with_truediv / arg2 # $ MISSING: arg2 func=With_truediv.__truediv__ # object.__floordiv__(self, other) @@ -722,9 +722,9 @@ class With_floordiv: def test_floordiv(): - with_floordiv = With_floordiv() #$ MISSING: arg1="with_floordiv" func=With_floordiv.__floordiv__ + with_floordiv = With_floordiv() # $ MISSING: arg1="with_floordiv" func=With_floordiv.__floordiv__ arg2 = with_floordiv - with_floordiv // arg2 #$ MISSING: arg2 func=With_floordiv.__floordiv__ + with_floordiv // arg2 # $ MISSING: arg2 func=With_floordiv.__floordiv__ # object.__mod__(self, other) @@ -737,9 +737,9 @@ class With_mod: def test_mod(): - with_mod = With_mod() #$ MISSING: arg1="with_mod" func=With_mod.__mod__ + with_mod = With_mod() # $ MISSING: arg1="with_mod" func=With_mod.__mod__ arg2 = with_mod - with_mod % arg2 #$ MISSING: arg2 func=With_mod.__mod__ + with_mod % arg2 # $ MISSING: arg2 func=With_mod.__mod__ # object.__divmod__(self, other) @@ -752,8 +752,8 @@ class With_divmod: def test_divmod(): - with_divmod = With_divmod() #$ MISSING: arg1="with_divmod" func=With_divmod.__divmod__ - arg2 = With_divmod #$ MISSING: arg2 func=With_divmod.__divmod__ + with_divmod = With_divmod() # $ MISSING: arg1="with_divmod" func=With_divmod.__divmod__ + arg2 = With_divmod # $ MISSING: arg2 func=With_divmod.__divmod__ divmod(with_divmod, arg2) @@ -767,15 +767,15 @@ class With_pow: def test_pow(): - with_pow = With_pow() #$ MISSING: arg1="with_pow" func=With_pow.__pow__ + with_pow = With_pow() # $ MISSING: arg1="with_pow" func=With_pow.__pow__ arg2 = with_pow - pow(with_pow, arg2) #$ MISSING: arg2 func=With_pow.__pow__ + pow(with_pow, arg2) # $ MISSING: arg2 func=With_pow.__pow__ def test_pow_op(): - with_pow = With_pow() #$ MISSING: arg1="with_pow" func=With_pow.__pow__ + with_pow = With_pow() # $ MISSING: arg1="with_pow" func=With_pow.__pow__ arg2 = with_pow - with_pow ** arg2 #$ MISSING: arg2 func=With_pow.__pow__ + with_pow ** arg2 # $ MISSING: arg2 func=With_pow.__pow__ # object.__lshift__(self, other) @@ -788,9 +788,9 @@ class With_lshift: def test_lshift(): - with_lshift = With_lshift() #$ MISSING: arg1="with_lshift" func=With_lshift.__lshift__ + with_lshift = With_lshift() # $ MISSING: arg1="with_lshift" func=With_lshift.__lshift__ arg2 = with_lshift - with_lshift << arg2 #$ MISSING: arg2 func=With_lshift.__lshift__ + with_lshift << arg2 # $ MISSING: arg2 func=With_lshift.__lshift__ # object.__rshift__(self, other) @@ -803,9 +803,9 @@ class With_rshift: def test_rshift(): - with_rshift = With_rshift() #$ MISSING: arg1="with_rshift" func=With_rshift.__rshift__ + with_rshift = With_rshift() # $ MISSING: arg1="with_rshift" func=With_rshift.__rshift__ arg2 = with_rshift - with_rshift >> arg2 #$ MISSING: arg2 func=With_rshift.__rshift__ + with_rshift >> arg2 # $ MISSING: arg2 func=With_rshift.__rshift__ # object.__and__(self, other) @@ -818,9 +818,9 @@ class With_and: def test_and(): - with_and = With_and() #$ MISSING: arg1="with_and" func=With_and.__and__ + with_and = With_and() # $ MISSING: arg1="with_and" func=With_and.__and__ arg2 = with_and - with_and & arg2 #$ MISSING: arg2 func=With_and.__and__ + with_and & arg2 # $ MISSING: arg2 func=With_and.__and__ # object.__xor__(self, other) @@ -833,9 +833,9 @@ class With_xor: def test_xor(): - with_xor = With_xor() #$ MISSING: arg1="with_xor" func=With_xor.__xor__ + with_xor = With_xor() # $ MISSING: arg1="with_xor" func=With_xor.__xor__ arg2 = with_xor - with_xor ^ arg2 #$ MISSING: arg2 func=With_xor.__xor__ + with_xor ^ arg2 # $ MISSING: arg2 func=With_xor.__xor__ # object.__or__(self, other) @@ -848,23 +848,23 @@ class With_or: def test_or(): - with_or = With_or() #$ MISSING: arg1="with_or" func=With_or.__or__ + with_or = With_or() # $ MISSING: arg1="with_or" func=With_or.__or__ arg2 = with_or - with_or | arg2 #$ MISSING: arg2 func=With_or.__or__ + with_or | arg2 # $ MISSING: arg2 func=With_or.__or__ # object.__radd__(self, other) class With_radd: def __radd__(self, other): - SINK2(other) #$ MISSING: arg2="arg2, l:+8 -> other" + SINK2(other) # $ MISSING: arg2="arg2, l:+8 -> other" SINK1(self) OK() # Call not found return self def test_radd(): - with_radd = With_radd() #$ MISSING: arg1="with_radd" func=With_radd.__radd__ - arg2 = "" #$ MISSING: arg2 func=With_radd.__radd__ + with_radd = With_radd() # $ MISSING: arg1="with_radd" func=With_radd.__radd__ + arg2 = "" # $ MISSING: arg2 func=With_radd.__radd__ arg2 + with_radd @@ -878,8 +878,8 @@ class With_rsub: def test_rsub(): - with_rsub = With_rsub() #$ MISSING: arg1="with_rsub" func=With_rsub.__rsub__ - arg2 = "" #$ MISSING: arg2 func=With_rsub.__rsub__ + with_rsub = With_rsub() # $ MISSING: arg1="with_rsub" func=With_rsub.__rsub__ + arg2 = "" # $ MISSING: arg2 func=With_rsub.__rsub__ arg2 - with_rsub @@ -893,8 +893,8 @@ class With_rmul: def test_rmul(): - with_rmul = With_rmul() #$ MISSING: arg1="with_rmul" func=With_rmul.__rmul__ - arg2 = "" #$ MISSING: arg2 func=With_rmul.__rmul__ + with_rmul = With_rmul() # $ MISSING: arg1="with_rmul" func=With_rmul.__rmul__ + arg2 = "" # $ MISSING: arg2 func=With_rmul.__rmul__ arg2 * with_rmul @@ -908,8 +908,8 @@ class With_rmatmul: def test_rmatmul(): - with_rmatmul = With_rmatmul() #$ MISSING: arg1="with_rmatmul" func=With_rmatmul.__rmatmul__ - arg2 = "" #$ MISSING: arg2 func=With_rmatmul.__rmatmul__ + with_rmatmul = With_rmatmul() # $ MISSING: arg1="with_rmatmul" func=With_rmatmul.__rmatmul__ + arg2 = "" # $ MISSING: arg2 func=With_rmatmul.__rmatmul__ arg2 @ with_rmatmul @@ -923,8 +923,8 @@ class With_rtruediv: def test_rtruediv(): - with_rtruediv = With_rtruediv() #$ MISSING: arg1="with_rtruediv" func=With_rtruediv.__rtruediv__ - arg2 = "" #$ MISSING: arg2 func=With_rtruediv.__rtruediv__ + with_rtruediv = With_rtruediv() # $ MISSING: arg1="with_rtruediv" func=With_rtruediv.__rtruediv__ + arg2 = "" # $ MISSING: arg2 func=With_rtruediv.__rtruediv__ arg2 / with_rtruediv @@ -938,8 +938,8 @@ class With_rfloordiv: def test_rfloordiv(): - with_rfloordiv = With_rfloordiv() #$ MISSING: arg1="with_rfloordiv" func=With_rfloordiv.__rfloordiv__ - arg2 = "" #$ MISSING: arg2 func=With_rfloordiv.__rfloordiv__ + with_rfloordiv = With_rfloordiv() # $ MISSING: arg1="with_rfloordiv" func=With_rfloordiv.__rfloordiv__ + arg2 = "" # $ MISSING: arg2 func=With_rfloordiv.__rfloordiv__ arg2 // with_rfloordiv @@ -953,8 +953,8 @@ class With_rmod: def test_rmod(): - with_rmod = With_rmod() #$ MISSING: arg1="with_rmod" func=With_rmod.__rmod__ - arg2 = {} #$ MISSING: arg2 func=With_rmod.__rmod__ + with_rmod = With_rmod() # $ MISSING: arg1="with_rmod" func=With_rmod.__rmod__ + arg2 = {} # $ MISSING: arg2 func=With_rmod.__rmod__ arg2 % with_rmod @@ -968,8 +968,8 @@ class With_rdivmod: def test_rdivmod(): - with_rdivmod = With_rdivmod() #$ MISSING: arg1="with_rdivmod" func=With_rdivmod.__rdivmod__ - arg2 = "" #$ MISSING: arg2 func=With_rdivmod.__rdivmod__ + with_rdivmod = With_rdivmod() # $ MISSING: arg1="with_rdivmod" func=With_rdivmod.__rdivmod__ + arg2 = "" # $ MISSING: arg2 func=With_rdivmod.__rdivmod__ divmod(arg2, with_rdivmod) @@ -983,14 +983,14 @@ class With_rpow: def test_rpow(): - with_rpow = With_rpow() #$ MISSING: arg1="with_rpow" func=With_rpow.__rpow__ - arg2 = "" #$ MISSING: arg2 func=With_rpow.__rpow__ + with_rpow = With_rpow() # $ MISSING: arg1="with_rpow" func=With_rpow.__rpow__ + arg2 = "" # $ MISSING: arg2 func=With_rpow.__rpow__ pow(arg2, with_rpow) def test_rpow_op(): - with_rpow = With_rpow() #$ MISSING: arg1="with_rpow" func=With_rpow.__rpow__ - arg2 = "" #$ MISSING: arg2 func=With_rpow.__rpow__ + with_rpow = With_rpow() # $ MISSING: arg1="with_rpow" func=With_rpow.__rpow__ + arg2 = "" # $ MISSING: arg2 func=With_rpow.__rpow__ arg2 ** with_rpow @@ -1004,8 +1004,8 @@ class With_rlshift: def test_rlshift(): - with_rlshift = With_rlshift() #$ MISSING: arg1="with_rlshift" func=With_rlshift.__rlshift__ - arg2 = "" #$ MISSING: arg2 func=With_rlshift.__rlshift__ + with_rlshift = With_rlshift() # $ MISSING: arg1="with_rlshift" func=With_rlshift.__rlshift__ + arg2 = "" # $ MISSING: arg2 func=With_rlshift.__rlshift__ arg2 << with_rlshift @@ -1019,8 +1019,8 @@ class With_rrshift: def test_rrshift(): - with_rrshift = With_rrshift() #$ MISSING: arg1="with_rrshift" func=With_rrshift.__rrshift__ - arg2 = "" #$ MISSING: arg2 func=With_rrshift.__rrshift__ + with_rrshift = With_rrshift() # $ MISSING: arg1="with_rrshift" func=With_rrshift.__rrshift__ + arg2 = "" # $ MISSING: arg2 func=With_rrshift.__rrshift__ arg2 >> with_rrshift @@ -1034,8 +1034,8 @@ class With_rand: def test_rand(): - with_rand = With_rand() #$ MISSING: arg1="with_rand" func=With_rand.__rand__ - arg2 = "" #$ MISSING: arg2 func=With_rand.__rand__ + with_rand = With_rand() # $ MISSING: arg1="with_rand" func=With_rand.__rand__ + arg2 = "" # $ MISSING: arg2 func=With_rand.__rand__ arg2 & with_rand @@ -1049,8 +1049,8 @@ class With_rxor: def test_rxor(): - with_rxor = With_rxor() #$ MISSING: arg1="with_rxor" func=With_rxor.__rxor__ - arg2 = "" #$ MISSING: arg2 func=With_rxor.__rxor__ + with_rxor = With_rxor() # $ MISSING: arg1="with_rxor" func=With_rxor.__rxor__ + arg2 = "" # $ MISSING: arg2 func=With_rxor.__rxor__ arg2 ^ with_rxor @@ -1064,8 +1064,8 @@ class With_ror: def test_ror(): - with_ror = With_ror() #$ MISSING: arg1="with_ror" func=With_ror.__ror__ - arg2 = "" #$ MISSING: arg2 func=With_ror.__ror__ + with_ror = With_ror() # $ MISSING: arg1="with_ror" func=With_ror.__ror__ + arg2 = "" # $ MISSING: arg2 func=With_ror.__ror__ arg2 | with_ror @@ -1079,8 +1079,8 @@ class With_iadd: def test_iadd(): - with_iadd = With_iadd() #$ MISSING: arg1="with_iadd" func=With_iadd.__iadd__ - arg2 = with_iadd #$ MISSING: arg2 func=With_iadd.__iadd__ + with_iadd = With_iadd() # $ MISSING: arg1="with_iadd" func=With_iadd.__iadd__ + arg2 = with_iadd # $ MISSING: arg2 func=With_iadd.__iadd__ with_iadd += arg2 @@ -1094,8 +1094,8 @@ class With_isub: def test_isub(): - with_isub = With_isub() #$ MISSING: arg1="with_isub" func=With_isub.__isub__ - arg2 = with_isub #$ MISSING: arg2 func=With_isub.__isub__ + with_isub = With_isub() # $ MISSING: arg1="with_isub" func=With_isub.__isub__ + arg2 = with_isub # $ MISSING: arg2 func=With_isub.__isub__ with_isub -= arg2 @@ -1109,8 +1109,8 @@ class With_imul: def test_imul(): - with_imul = With_imul() #$ MISSING: arg1="with_imul" func=With_imul.__imul__ - arg2 = with_imul #$ MISSING: arg2 func=With_imul.__imul__ + with_imul = With_imul() # $ MISSING: arg1="with_imul" func=With_imul.__imul__ + arg2 = with_imul # $ MISSING: arg2 func=With_imul.__imul__ with_imul *= arg2 @@ -1124,8 +1124,8 @@ class With_imatmul: def test_imatmul(): - with_imatmul = With_imatmul() #$ MISSING: arg1="with_imatmul" func=With_imatmul.__imatmul__ - arg2 = with_imatmul #$ MISSING: arg2 func=With_imatmul.__imatmul__ + with_imatmul = With_imatmul() # $ MISSING: arg1="with_imatmul" func=With_imatmul.__imatmul__ + arg2 = with_imatmul # $ MISSING: arg2 func=With_imatmul.__imatmul__ with_imatmul @= arg2 @@ -1139,8 +1139,8 @@ class With_itruediv: def test_itruediv(): - with_itruediv = With_itruediv() #$ MISSING: arg1="with_itruediv" func=With_itruediv.__itruediv__ - arg2 = with_itruediv #$ MISSING: arg2 func=With_itruediv.__itruediv__ + with_itruediv = With_itruediv() # $ MISSING: arg1="with_itruediv" func=With_itruediv.__itruediv__ + arg2 = with_itruediv # $ MISSING: arg2 func=With_itruediv.__itruediv__ with_itruediv /= arg2 @@ -1154,8 +1154,8 @@ class With_ifloordiv: def test_ifloordiv(): - with_ifloordiv = With_ifloordiv() #$ MISSING: arg1="with_ifloordiv" func=With_ifloordiv.__ifloordiv__ - arg2 = with_ifloordiv #$ MISSING: arg2 func=With_ifloordiv.__ifloordiv__ + with_ifloordiv = With_ifloordiv() # $ MISSING: arg1="with_ifloordiv" func=With_ifloordiv.__ifloordiv__ + arg2 = with_ifloordiv # $ MISSING: arg2 func=With_ifloordiv.__ifloordiv__ with_ifloordiv //= arg2 @@ -1169,8 +1169,8 @@ class With_imod: def test_imod(): - with_imod = With_imod() #$ MISSING: arg1="with_imod" func=With_imod.__imod__ - arg2 = with_imod #$ MISSING: arg2 func=With_imod.__imod__ + with_imod = With_imod() # $ MISSING: arg1="with_imod" func=With_imod.__imod__ + arg2 = with_imod # $ MISSING: arg2 func=With_imod.__imod__ with_imod %= arg2 @@ -1184,8 +1184,8 @@ class With_ipow: def test_ipow(): - with_ipow = With_ipow() #$ MISSING: arg1="with_ipow" func=With_ipow.__ipow__ - arg2 = with_ipow #$ MISSING: arg2 func=With_ipow.__ipow__ + with_ipow = With_ipow() # $ MISSING: arg1="with_ipow" func=With_ipow.__ipow__ + arg2 = with_ipow # $ MISSING: arg2 func=With_ipow.__ipow__ with_ipow **= arg2 @@ -1199,8 +1199,8 @@ class With_ilshift: def test_ilshift(): - with_ilshift = With_ilshift() #$ MISSING: arg1="with_ilshift" func=With_ilshift.__ilshift__ - arg2 = with_ilshift #$ MISSING: arg2 func=With_ilshift.__ilshift__ + with_ilshift = With_ilshift() # $ MISSING: arg1="with_ilshift" func=With_ilshift.__ilshift__ + arg2 = with_ilshift # $ MISSING: arg2 func=With_ilshift.__ilshift__ with_ilshift <<= arg2 @@ -1214,8 +1214,8 @@ class With_irshift: def test_irshift(): - with_irshift = With_irshift() #$ MISSING: arg1="with_irshift" func=With_irshift.__irshift__ - arg2 = with_irshift #$ MISSING: arg2 func=With_irshift.__irshift__ + with_irshift = With_irshift() # $ MISSING: arg1="with_irshift" func=With_irshift.__irshift__ + arg2 = with_irshift # $ MISSING: arg2 func=With_irshift.__irshift__ with_irshift >>= arg2 @@ -1229,8 +1229,8 @@ class With_iand: def test_iand(): - with_iand = With_iand() #$ MISSING: arg1="with_iand" func=With_iand.__iand__ - arg2 = with_iand #$ MISSING: arg2 func=With_iand.__iand__ + with_iand = With_iand() # $ MISSING: arg1="with_iand" func=With_iand.__iand__ + arg2 = with_iand # $ MISSING: arg2 func=With_iand.__iand__ with_iand &= arg2 @@ -1244,8 +1244,8 @@ class With_ixor: def test_ixor(): - with_ixor = With_ixor() #$ MISSING: arg1="with_ixor" func=With_ixor.__ixor__ - arg2 = with_ixor #$ MISSING: arg2 func=With_ixor.__ixor__ + with_ixor = With_ixor() # $ MISSING: arg1="with_ixor" func=With_ixor.__ixor__ + arg2 = with_ixor # $ MISSING: arg2 func=With_ixor.__ixor__ with_ixor ^= arg2 @@ -1259,8 +1259,8 @@ class With_ior: def test_ior(): - with_ior = With_ior() #$ MISSING: arg1="with_ior" func=With_ior.__ior__ - arg2 = with_ior #$ MISSING: arg2 func=With_ior.__ior__ + with_ior = With_ior() # $ MISSING: arg1="with_ior" func=With_ior.__ior__ + arg2 = with_ior # $ MISSING: arg2 func=With_ior.__ior__ with_ior |= arg2 @@ -1273,7 +1273,7 @@ class With_neg: def test_neg(): - with_neg = With_neg() #$ MISSING: arg1="with_neg" func=With_neg.__neg__ + with_neg = With_neg() # $ MISSING: arg1="with_neg" func=With_neg.__neg__ -with_neg @@ -1286,7 +1286,7 @@ class With_pos: def test_pos(): - with_pos = With_pos() #$ MISSING: arg1="with_pos" func=With_pos.__pos__ + with_pos = With_pos() # $ MISSING: arg1="with_pos" func=With_pos.__pos__ +with_pos @@ -1299,7 +1299,7 @@ class With_abs: def test_abs(): - with_abs = With_abs() #$ MISSING: arg1="with_abs" func=With_abs.__abs__ + with_abs = With_abs() # $ MISSING: arg1="with_abs" func=With_abs.__abs__ abs(with_abs) @@ -1312,7 +1312,7 @@ class With_invert: def test_invert(): - with_invert = With_invert() #$ MISSING: arg1="with_invert" func=With_invert.__invert__ + with_invert = With_invert() # $ MISSING: arg1="with_invert" func=With_invert.__invert__ ~with_invert @@ -1325,7 +1325,7 @@ class With_complex: def test_complex(): - with_complex = With_complex() #$ MISSING: arg1="with_complex" func=With_complex.__complex__ + with_complex = With_complex() # $ MISSING: arg1="with_complex" func=With_complex.__complex__ complex(with_complex) @@ -1338,7 +1338,7 @@ class With_int: def test_int(): - with_int = With_int() #$ MISSING: arg1="with_int" func=With_int.__int__ + with_int = With_int() # $ MISSING: arg1="with_int" func=With_int.__int__ int(with_int) @@ -1351,7 +1351,7 @@ class With_float: def test_float(): - with_float = With_float() #$ MISSING: arg1="with_float" func=With_float.__float__ + with_float = With_float() # $ MISSING: arg1="with_float" func=With_float.__float__ float(with_float) @@ -1364,37 +1364,37 @@ class With_index: def test_index_slicing(): - with_index = With_index() #$ MISSING: arg1="with_index" func=With_index.__index__ + with_index = With_index() # $ MISSING: arg1="with_index" func=With_index.__index__ [0][with_index:1] def test_index_bin(): - with_index = With_index() #$ MISSING: arg1="with_index" func=With_index.__index__ + with_index = With_index() # $ MISSING: arg1="with_index" func=With_index.__index__ bin(with_index) def test_index_hex(): - with_index = With_index() #$ MISSING: arg1="with_index" func=With_index.__index__ + with_index = With_index() # $ MISSING: arg1="with_index" func=With_index.__index__ hex(with_index) def test_index_oct(): - with_index = With_index() #$ MISSING: arg1="with_index" func=With_index.__index__ + with_index = With_index() # $ MISSING: arg1="with_index" func=With_index.__index__ oct(with_index) def test_index_int(): - with_index = With_index() #$ MISSING: arg1="with_index" func=With_index.__index__ + with_index = With_index() # $ MISSING: arg1="with_index" func=With_index.__index__ int(with_index) def test_index_float(): - with_index = With_index() #$ MISSING: arg1="with_index" func=With_index.__index__ + with_index = With_index() # $ MISSING: arg1="with_index" func=With_index.__index__ float(with_index) def test_index_complex(): - with_index = With_index() #$ MISSING: arg1="with_index" func=With_index.__index__ + with_index = With_index() # $ MISSING: arg1="with_index" func=With_index.__index__ complex(with_index) @@ -1407,7 +1407,7 @@ class With_round: def test_round(): - with_round = With_round() #$ MISSING: arg1="with_round" func=With_round.__round__ + with_round = With_round() # $ MISSING: arg1="with_round" func=With_round.__round__ round(with_round) @@ -1420,7 +1420,7 @@ class With_trunc: def test_trunc(): - with_trunc = With_trunc() #$ MISSING: arg1="with_trunc" func=With_trunc.__trunc__ + with_trunc = With_trunc() # $ MISSING: arg1="with_trunc" func=With_trunc.__trunc__ import math math.trunc(with_trunc) @@ -1435,7 +1435,7 @@ class With_floor: def test_floor(): - with_floor = With_floor() #$ MISSING: arg1="with_floor" func=With_floor.__floor__ + with_floor = With_floor() # $ MISSING: arg1="with_floor" func=With_floor.__floor__ import math math.floor(with_floor) @@ -1450,7 +1450,7 @@ class With_ceil: def test_ceil(): - with_ceil = With_ceil() #$ MISSING: arg1="with_ceil" func=With_ceil.__ceil__ + with_ceil = With_ceil() # $ MISSING: arg1="with_ceil" func=With_ceil.__ceil__ import math math.ceil(with_ceil) @@ -1503,7 +1503,7 @@ class With_await: async def atest_await(): - with_await = With_await() #$ MISSING: arg1="with_await" func=With_await.__await__ + with_await = With_await() # $ MISSING: arg1="with_await" func=With_await.__await__ await (with_await) @@ -1525,7 +1525,7 @@ class With_aiter: async def atest_aiter(): - with_aiter = With_aiter() #$ MISSING: arg1="with_aiter" func=With_aiter.__aiter__ + with_aiter = With_aiter() # $ MISSING: arg1="with_aiter" func=With_aiter.__aiter__ async for x in with_aiter: pass @@ -1542,7 +1542,7 @@ class With_anext: async def atest_anext(): - with_anext = With_anext() #$ MISSING: arg1="with_anext" func=With_anext.__anext__ + with_anext = With_anext() # $ MISSING: arg1="with_anext" func=With_anext.__anext__ async for x in with_anext: pass @@ -1559,7 +1559,7 @@ class With_aenter: async def atest_aenter(): - with_aenter = With_aenter() #$ MISSING: arg1="with_aenter" func=With_aenter.__aenter__ + with_aenter = With_aenter() # $ MISSING: arg1="with_aenter" func=With_aenter.__aenter__ async with with_aenter: pass @@ -1578,6 +1578,6 @@ class With_aexit: async def atest_aexit(): - with_aexit = With_aexit() #$ MISSING: arg1="with_aexit" func=With_aexit.__aexit__ + with_aexit = With_aexit() # $ MISSING: arg1="with_aexit" func=With_aexit.__aexit__ async with with_aexit: pass diff --git a/python/ql/test/library-tests/dataflow/coverage/datamodel.py b/python/ql/test/library-tests/dataflow/coverage/datamodel.py index 22111a0abbd..3b561843b43 100644 --- a/python/ql/test/library-tests/dataflow/coverage/datamodel.py +++ b/python/ql/test/library-tests/dataflow/coverage/datamodel.py @@ -58,7 +58,7 @@ SINK7 = functools.partial(SINK, expected=arg7) def f(a, b): return a -SINK(f(SOURCE, 3)) #$ flow="SOURCE -> f(..)" +SINK(f(SOURCE, 3)) # $ flow="SOURCE -> f(..)" # Instance methods # An instance method object combines a class, a class instance and any callable object (normally a user-defined function). @@ -236,10 +236,10 @@ class Customized: # testing __new__ and __init__ customized = Customized() -SINK(Customized.a) #$ MISSING:flow="SOURCE, l:-8 -> customized.a" +SINK(Customized.a) # $ MISSING:flow="SOURCE, l:-8 -> customized.a" SINK_F(Customized.b) -SINK(customized.a) #$ MISSING: flow="SOURCE, l:-10 -> customized.a" -SINK(customized.b) #$ flow="SOURCE, l:-7 -> customized.b" +SINK(customized.a) # $ MISSING: flow="SOURCE, l:-10 -> customized.a" +SINK(customized.b) # $ flow="SOURCE, l:-7 -> customized.b" class Test2: diff --git a/python/ql/test/library-tests/dataflow/coverage/loops.py b/python/ql/test/library-tests/dataflow/coverage/loops.py index df1dc24310b..d240f8ffc15 100644 --- a/python/ql/test/library-tests/dataflow/coverage/loops.py +++ b/python/ql/test/library-tests/dataflow/coverage/loops.py @@ -38,7 +38,7 @@ def test_while(): n = 2 while n > 0: if n == 1: - SINK(x) #$ flow="SOURCE, l:+1 -> x" + SINK(x) # $ flow="SOURCE, l:+1 -> x" x = SOURCE n -= 1 @@ -54,14 +54,14 @@ def test_while_obj(): n = 2 while n > 0: if n == 1: - SINK(myobj.foo) #$ flow="SOURCE, l:+1 -> myobj.foo" + SINK(myobj.foo) # $ flow="SOURCE, l:+1 -> myobj.foo" setFoo(myobj, SOURCE) n -= 1 def setAndTestFoo(obj, x, test): if test: # This flow is not found, if self-loops are broken at the SSA level. - SINK(obj.foo) #$ flow="SOURCE, l:+7 -> obj.foo" + SINK(obj.foo) # $ flow="SOURCE, l:+7 -> obj.foo" obj.foo = x def test_while_obj_sink(): @@ -70,4 +70,3 @@ def test_while_obj_sink(): while n > 0: setAndTestFoo(myobj, SOURCE, n == 1) n -= 1 - diff --git a/python/ql/test/library-tests/dataflow/coverage/module_level.py b/python/ql/test/library-tests/dataflow/coverage/module_level.py index bd2d38088b1..f73520589de 100644 --- a/python/ql/test/library-tests/dataflow/coverage/module_level.py +++ b/python/ql/test/library-tests/dataflow/coverage/module_level.py @@ -3,5 +3,5 @@ t = (SOURCE, NONSOURCE) a, b = t -SINK(a) #$ flow="SOURCE, l:-2 -> a" +SINK(a) # $ flow="SOURCE, l:-2 -> a" SINK_F(b) diff --git a/python/ql/test/library-tests/dataflow/coverage/test.py b/python/ql/test/library-tests/dataflow/coverage/test.py index 64c500b5b69..9d2299123f9 100644 --- a/python/ql/test/library-tests/dataflow/coverage/test.py +++ b/python/ql/test/library-tests/dataflow/coverage/test.py @@ -41,7 +41,7 @@ def SINK_F(x): def test_tuple_with_local_flow(): x = (NONSOURCE, SOURCE) y = x[1] - SINK(y) #$ flow="SOURCE, l:-2 -> y" + SINK(y) # $ flow="SOURCE, l:-2 -> y" def test_tuple_negative(): @@ -53,45 +53,45 @@ def test_tuple_negative(): # 6.2.1. Identifiers (Names) def test_names(): x = SOURCE - SINK(x) #$ flow="SOURCE, l:-1 -> x" + SINK(x) # $ flow="SOURCE, l:-1 -> x" # 6.2.2. Literals def test_string_literal(): x = "source" - SINK(x) #$ flow="'source', l:-1 -> x" + SINK(x) # $ flow="'source', l:-1 -> x" def test_bytes_literal(): x = b"source" - SINK(x) #$ flow="b'source', l:-1 -> x" + SINK(x) # $ flow="b'source', l:-1 -> x" def test_integer_literal(): x = 42 - SINK(x) #$ flow="42, l:-1 -> x" + SINK(x) # $ flow="42, l:-1 -> x" def test_floatnumber_literal(): x = 42.0 - SINK(x) #$ flow="42.0, l:-1 -> x" + SINK(x) # $ flow="42.0, l:-1 -> x" def test_imagnumber_literal(): x = 42j - SINK(x) #$ MISSING:flow="42j, l:-1 -> x" + SINK(x) # $ MISSING:flow="42j, l:-1 -> x" # 6.2.3. Parenthesized forms def test_parenthesized_form(): x = (SOURCE) - SINK(x) #$ flow="SOURCE, l:-1 -> x" + SINK(x) # $ flow="SOURCE, l:-1 -> x" # 6.2.5. List displays def test_list_display(): x = [SOURCE] - SINK(x[0]) #$ flow="SOURCE, l:-1 -> x[0]" + SINK(x[0]) # $ flow="SOURCE, l:-1 -> x[0]" def test_list_display_negative(): @@ -101,23 +101,23 @@ def test_list_display_negative(): def test_list_comprehension(): x = [SOURCE for y in [NONSOURCE]] - SINK(x[0]) #$ flow="SOURCE, l:-1 -> x[0]" + SINK(x[0]) # $ flow="SOURCE, l:-1 -> x[0]" def test_list_comprehension_flow(): x = [y for y in [SOURCE]] - SINK(x[0]) #$ flow="SOURCE, l:-1 -> x[0]" + SINK(x[0]) # $ flow="SOURCE, l:-1 -> x[0]" def test_list_comprehension_inflow(): l = [SOURCE] x = [y for y in l] - SINK(x[0]) #$ flow="SOURCE, l:-2 -> x[0]" + SINK(x[0]) # $ flow="SOURCE, l:-2 -> x[0]" def test_nested_list_display(): x = [*[SOURCE]] - SINK(x[0]) #$ MISSING:flow="SOURCE, l:-1 -> x[0]" + SINK(x[0]) # $ MISSING:flow="SOURCE, l:-1 -> x[0]" @expects(6) @@ -144,98 +144,98 @@ def test_list_comprehension_with_tuple_result(): # 6.2.6. Set displays def test_set_display(): x = {SOURCE} - SINK(x.pop()) #$ flow="SOURCE, l:-1 -> x.pop()" + SINK(x.pop()) # $ flow="SOURCE, l:-1 -> x.pop()" def test_set_comprehension(): x = {SOURCE for y in [NONSOURCE]} - SINK(x.pop()) #$ flow="SOURCE, l:-1 -> x.pop()" + SINK(x.pop()) # $ flow="SOURCE, l:-1 -> x.pop()" def test_set_comprehension_flow(): x = {y for y in [SOURCE]} - SINK(x.pop()) #$ flow="SOURCE, l:-1 -> x.pop()" + SINK(x.pop()) # $ flow="SOURCE, l:-1 -> x.pop()" def test_set_comprehension_inflow(): l = {SOURCE} x = {y for y in l} - SINK(x.pop()) #$ flow="SOURCE, l:-2 -> x.pop()" + SINK(x.pop()) # $ flow="SOURCE, l:-2 -> x.pop()" def test_nested_set_display(): x = {*{SOURCE}} - SINK(x.pop()) #$ MISSING:flow="SOURCE, l:-1 -> x.pop()" + SINK(x.pop()) # $ MISSING:flow="SOURCE, l:-1 -> x.pop()" # 6.2.7. Dictionary displays def test_dict_display(): x = {"s": SOURCE} - SINK(x["s"]) #$ flow="SOURCE, l:-1 -> x['s']" + SINK(x["s"]) # $ flow="SOURCE, l:-1 -> x['s']" def test_dict_display_pop(): x = {"s": SOURCE} - SINK(x.pop("s")) #$ flow="SOURCE, l:-1 -> x.pop(..)" + SINK(x.pop("s")) # $ flow="SOURCE, l:-1 -> x.pop(..)" def test_dict_comprehension(): x = {y: SOURCE for y in ["s"]} - SINK(x["s"]) #$ MISSING:flow="SOURCE, l:-1 -> x['s']" + SINK(x["s"]) # $ MISSING:flow="SOURCE, l:-1 -> x['s']" def test_dict_comprehension_pop(): x = {y: SOURCE for y in ["s"]} - SINK(x.pop("s")) #$ MISSING:flow="SOURCE, l:-1 -> x.pop()" + SINK(x.pop("s")) # $ MISSING:flow="SOURCE, l:-1 -> x.pop()" def test_nested_dict_display(): x = {**{"s": SOURCE}} - SINK(x["s"]) #$ MISSING:flow="SOURCE, l:-1 -> x['s']" + SINK(x["s"]) # $ MISSING:flow="SOURCE, l:-1 -> x['s']" def test_nested_dict_display_pop(): x = {**{"s": SOURCE}} - SINK(x.pop("s")) #$ MISSING:flow="SOURCE, l:-1 -> x.pop()" + SINK(x.pop("s")) # $ MISSING:flow="SOURCE, l:-1 -> x.pop()" # Nested comprehensions def test_nested_comprehension(): x = [y for z in [[SOURCE]] for y in z] - SINK(x[0]) #$ flow="SOURCE, l:-1 -> x[0]" + SINK(x[0]) # $ flow="SOURCE, l:-1 -> x[0]" def test_nested_comprehension_deep_with_local_flow(): x = [y for v in [[[[SOURCE]]]] for u in v for z in u for y in z] - SINK(x[0]) #$ flow="SOURCE, l:-1 -> x[0]" + SINK(x[0]) # $ flow="SOURCE, l:-1 -> x[0]" def test_nested_comprehension_dict(): d = {"s": [SOURCE]} x = [y for k, v in d.items() for y in v] - SINK(x[0]) #$ flow="SOURCE, l:-2 -> x[0]" + SINK(x[0]) # $ flow="SOURCE, l:-2 -> x[0]" def test_nested_comprehension_paren(): x = [y for y in (z for z in [SOURCE])] - SINK(x[0]) #$ flow="SOURCE, l:-1 -> x[0]" + SINK(x[0]) # $ flow="SOURCE, l:-1 -> x[0]" # Iterable unpacking in comprehensions def test_unpacking_comprehension(): x = [a for (a, b) in [(SOURCE, NONSOURCE)]] - SINK(x[0]) #$ flow="SOURCE, l:-1 -> x[0]" + SINK(x[0]) # $ flow="SOURCE, l:-1 -> x[0]" def test_star_unpacking_comprehension(): x = [a[0] for (*a, b) in [(SOURCE, NONSOURCE)]] - SINK(x[0]) #$ flow="SOURCE, l:-1 -> x[0]" + SINK(x[0]) # $ flow="SOURCE, l:-1 -> x[0]" # 6.2.8. Generator expressions def test_generator(): x = (SOURCE for y in [NONSOURCE]) - SINK([*x][0]) #$ MISSING:flow="SOURCE, l:-1 -> List[0]" + SINK([*x][0]) # $ MISSING:flow="SOURCE, l:-1 -> List[0]" # 6.2.9. Yield expressions @@ -245,7 +245,7 @@ def gen(x): def test_yield(): g = gen(SOURCE) - SINK(next(g)) #$ flow="SOURCE, l:-1 -> next(..)" + SINK(next(g)) # $ flow="SOURCE, l:-1 -> next(..)" def gen_from(x): @@ -254,19 +254,19 @@ def gen_from(x): def test_yield_from(): g = gen_from(SOURCE) - SINK(next(g)) #$ MISSING:flow="SOURCE, l:-1 -> next()" + SINK(next(g)) # $ MISSING:flow="SOURCE, l:-1 -> next()" # a statement rather than an expression, but related to generators def test_for(): for x in gen(SOURCE): - SINK(x) #$ flow="SOURCE, l:-1 -> x" + SINK(x) # $ flow="SOURCE, l:-1 -> x" # 6.2.9.1. Generator-iterator methods def test___next__(): g = gen(SOURCE) - SINK(g.__next__()) #$ MISSING:flow="SOURCE, l:-1 -> g.__next__()" + SINK(g.__next__()) # $ MISSING:flow="SOURCE, l:-1 -> g.__next__()" def gen2(x): @@ -278,7 +278,7 @@ def gen2(x): def test_send(): g = gen2(NONSOURCE) n = next(g) - SINK(g.send(SOURCE)) #$ MISSING:flow="SOURCE -> g.send()" + SINK(g.send(SOURCE)) # $ MISSING:flow="SOURCE -> g.send()" def gen_ex(x): @@ -291,7 +291,7 @@ def gen_ex(x): def test_throw(): g = gen_ex(SOURCE) n = next(g) - SINK(g.throw(TypeError)) #$ MISSING:flow="SOURCE, l:-2 -> g.throw()" + SINK(g.throw(TypeError)) # $ MISSING:flow="SOURCE, l:-2 -> g.throw()" # no `test_close` as `close` involves no data flow @@ -312,7 +312,7 @@ def runa(a): async def atest___anext__(): g = agen(SOURCE) - SINK(await g.__anext__()) #$ MISSING:flow="SOURCE, l:-1 -> g.__anext__()" + SINK(await g.__anext__()) # $ MISSING:flow="SOURCE, l:-1 -> g.__anext__()" def test___anext__(): @@ -328,7 +328,7 @@ async def agen2(x): async def atest_asend(): g = agen2(NONSOURCE) n = await g.__anext__() - SINK(await g.asend(SOURCE)) #$ MISSING:flow="SOURCE -> g.asend()" + SINK(await g.asend(SOURCE)) # $ MISSING:flow="SOURCE -> g.asend()" def test_asend(): @@ -345,7 +345,7 @@ async def agen_ex(x): async def atest_athrow(): g = agen_ex(SOURCE) n = await g.__anext__() - SINK(await g.athrow(TypeError)) #$ MISSING:flow="SOURCE, l:-2 -> g.athrow()" + SINK(await g.athrow(TypeError)) # $ MISSING:flow="SOURCE, l:-2 -> g.athrow()" def test_athrow(): @@ -367,15 +367,15 @@ def test_attribute_reference(): # 6.3.2. Subscriptions def test_subscription_tuple(): - SINK((SOURCE,)[0]) #$ flow="SOURCE -> Tuple[0]" + SINK((SOURCE,)[0]) # $ flow="SOURCE -> Tuple[0]" def test_subscription_list(): - SINK([SOURCE][0]) #$ flow="SOURCE -> List[0]" + SINK([SOURCE][0]) # $ flow="SOURCE -> List[0]" def test_subscription_mapping(): - SINK({"s": SOURCE}["s"]) #$ flow="SOURCE -> Dict['s']" + SINK({"s": SOURCE}["s"]) # $ flow="SOURCE -> Dict['s']" # overriding __getitem__ should be tested by the class coverage tests @@ -387,7 +387,7 @@ l = [SOURCE] def test_slicing(): s = l[0:1:1] - SINK(s[0]) #$ MISSING:flow="SOURCE -> s[0]" + SINK(s[0]) # $ MISSING:flow="SOURCE -> s[0]" # The grammar seems to allow `l[0:1:1, 0:1]`, but the interpreter does not like it @@ -398,7 +398,7 @@ def second(a, b): def test_call_positional(): - SINK(second(NONSOURCE, SOURCE)) #$ flow="SOURCE -> second(..)" + SINK(second(NONSOURCE, SOURCE)) # $ flow="SOURCE -> second(..)" def test_call_positional_negative(): @@ -406,15 +406,15 @@ def test_call_positional_negative(): def test_call_keyword(): - SINK(second(NONSOURCE, b=SOURCE)) #$ flow="SOURCE -> second(..)" + SINK(second(NONSOURCE, b=SOURCE)) # $ flow="SOURCE -> second(..)" def test_call_unpack_iterable(): - SINK(second(NONSOURCE, *[SOURCE])) #$ MISSING:flow="SOURCE -> second(..)" + SINK(second(NONSOURCE, *[SOURCE])) # $ MISSING:flow="SOURCE -> second(..)" def test_call_unpack_mapping(): - SINK(second(NONSOURCE, **{"b": SOURCE})) #$ flow="SOURCE -> second(..)" + SINK(second(NONSOURCE, **{"b": SOURCE})) # $ flow="SOURCE -> second(..)" def f_extra_pos(a, *b): @@ -422,7 +422,7 @@ def f_extra_pos(a, *b): def test_call_extra_pos(): - SINK(f_extra_pos(NONSOURCE, SOURCE)) #$ flow="SOURCE -> f_extra_pos(..)" + SINK(f_extra_pos(NONSOURCE, SOURCE)) # $ flow="SOURCE -> f_extra_pos(..)" def f_extra_keyword(a, **b): @@ -430,7 +430,7 @@ def f_extra_keyword(a, **b): def test_call_extra_keyword(): - SINK(f_extra_keyword(NONSOURCE, b=SOURCE)) #$ flow="SOURCE -> f_extra_keyword(..)" + SINK(f_extra_keyword(NONSOURCE, b=SOURCE)) # $ flow="SOURCE -> f_extra_keyword(..)" # return the name of the first extra keyword argument @@ -440,34 +440,34 @@ def f_extra_keyword_flow(**a): # call the function with our source as the name of the keyword arguemnt def test_call_extra_keyword_flow(): - SINK(f_extra_keyword_flow(**{SOURCE: None})) #$ MISSING:flow="SOURCE -> f_extra_keyword(..)" + SINK(f_extra_keyword_flow(**{SOURCE: None})) # $ MISSING:flow="SOURCE -> f_extra_keyword(..)" # 6.11. Boolean operations def test_or(x = False): # if we don't know the value of the lhs, we should always add flow - SINK(x or SOURCE) #$ flow="SOURCE -> BoolExpr" + SINK(x or SOURCE) # $ flow="SOURCE -> BoolExpr" def test_and(x = True): # if we don't know the value of the lhs, we should always add flow - SINK(x and SOURCE) #$ flow="SOURCE -> BoolExpr" + SINK(x and SOURCE) # $ flow="SOURCE -> BoolExpr" # 6.12. Assignment expressions def test_assignment_expression_flow_lhs(): x = NONSOURCE if x := SOURCE: - SINK(x) #$ flow="SOURCE, l:-1 -> x" + SINK(x) # $ flow="SOURCE, l:-1 -> x" def test_assignment_expression_flow_out(): x = NONSOURCE - SINK(x := SOURCE) #$ flow="SOURCE -> AssignExpr" + SINK(x := SOURCE) # $ flow="SOURCE -> AssignExpr" # 6.13. Conditional expressions def test_conditional_true(): - SINK(SOURCE if True else NONSOURCE) #$ flow="SOURCE -> IfExp" + SINK(SOURCE if True else NONSOURCE) # $ flow="SOURCE -> IfExp" def test_conditional_true_guards(): @@ -475,7 +475,7 @@ def test_conditional_true_guards(): def test_conditional_false(): - SINK(NONSOURCE if False else SOURCE) #$ flow="SOURCE -> IfExp" + SINK(NONSOURCE if False else SOURCE) # $ flow="SOURCE -> IfExp" def test_conditional_false_guards(): @@ -485,13 +485,13 @@ def test_conditional_false_guards(): # Condition is evaluated first, so x is SOURCE once chosen def test_conditional_evaluation_true(): x = NONSOURCE - SINK(x if (SOURCE == (x := SOURCE)) else NONSOURCE) #$ flow="SOURCE -> IfExp" + SINK(x if (SOURCE == (x := SOURCE)) else NONSOURCE) # $ flow="SOURCE -> IfExp" # Condition is evaluated first, so x is SOURCE once chosen def test_conditional_evaluation_false(): x = NONSOURCE - SINK(NONSOURCE if (NONSOURCE == (x := SOURCE)) else x) #$ flow="SOURCE -> IfExp" + SINK(NONSOURCE if (NONSOURCE == (x := SOURCE)) else x) # $ flow="SOURCE -> IfExp" # 6.14. Lambdas @@ -499,14 +499,14 @@ def test_lambda(): def f(x): return x - SINK(f(SOURCE)) #$ flow="SOURCE -> f(..)" + SINK(f(SOURCE)) # $ flow="SOURCE -> f(..)" def test_lambda_positional(): def second(a, b): return b - SINK(second(NONSOURCE, SOURCE)) #$ flow="SOURCE -> second(..)" + SINK(second(NONSOURCE, SOURCE)) # $ flow="SOURCE -> second(..)" def test_lambda_positional_negative(): @@ -520,57 +520,57 @@ def test_lambda_keyword(): def second(a, b): return b - SINK(second(NONSOURCE, b=SOURCE)) #$ flow="SOURCE -> second(..)" + SINK(second(NONSOURCE, b=SOURCE)) # $ flow="SOURCE -> second(..)" def test_lambda_unpack_iterable(): def second(a, b): return b - SINK(second(NONSOURCE, *[SOURCE])) #$ MISSING:flow="SOURCE -> second(..)" # Flow missing + SINK(second(NONSOURCE, *[SOURCE])) # $ MISSING:flow="SOURCE -> second(..)" # Flow missing def test_lambda_unpack_mapping(): def second(a, b): return b - SINK(second(NONSOURCE, **{"b": SOURCE})) #$ flow="SOURCE -> second(..)" + SINK(second(NONSOURCE, **{"b": SOURCE})) # $ flow="SOURCE -> second(..)" def test_lambda_extra_pos(): f_extra_pos = lambda a, *b: b[0] - SINK(f_extra_pos(NONSOURCE, SOURCE)) #$ flow="SOURCE -> f_extra_pos(..)" + SINK(f_extra_pos(NONSOURCE, SOURCE)) # $ flow="SOURCE -> f_extra_pos(..)" def test_lambda_extra_keyword(): f_extra_keyword = lambda a, **b: b["b"] - SINK(f_extra_keyword(NONSOURCE, b=SOURCE)) #$ flow="SOURCE -> f_extra_keyword(..)" + SINK(f_extra_keyword(NONSOURCE, b=SOURCE)) # $ flow="SOURCE -> f_extra_keyword(..)" # call the function with our source as the name of the keyword argument def test_lambda_extra_keyword_flow(): # return the name of the first extra keyword argument f_extra_keyword_flow = lambda **a: [*a][0] - SINK(f_extra_keyword_flow(**{SOURCE: None})) #$ MISSING:flow="SOURCE -> f_extra_keyword(..)" + SINK(f_extra_keyword_flow(**{SOURCE: None})) # $ MISSING:flow="SOURCE -> f_extra_keyword(..)" @expects(4) def test_swap(): a = SOURCE b = NONSOURCE - SINK(a) #$ flow="SOURCE, l:-2 -> a" + SINK(a) # $ flow="SOURCE, l:-2 -> a" SINK_F(b) a, b = b, a SINK_F(a) - SINK(b) #$ flow="SOURCE, l:-7 -> b" + SINK(b) # $ flow="SOURCE, l:-7 -> b" @expects(2) def test_unpacking_assignment(): t = (SOURCE, NONSOURCE) a, b = t - SINK(a) #$ flow="SOURCE, l:-2 -> a" + SINK(a) # $ flow="SOURCE, l:-2 -> a" SINK_F(b) @@ -578,16 +578,16 @@ def test_unpacking_assignment(): def test_nested_unpacking_assignment(): t = (SOURCE, (NONSOURCE, SOURCE)) a, (b, c) = t - SINK(a) #$ flow="SOURCE, l:-2 -> a" + SINK(a) # $ flow="SOURCE, l:-2 -> a" SINK_F(b) - SINK(c) #$ flow="SOURCE, l:-4 -> c" + SINK(c) # $ flow="SOURCE, l:-4 -> c" @expects(2) def test_deeply_nested_unpacking_assignment(): t = [[[[SOURCE]]], NONSOURCE] [[[a]]], b = t - SINK(a) #$ flow="SOURCE, l:-2 -> a" + SINK(a) # $ flow="SOURCE, l:-2 -> a" SINK_F(b) @@ -595,19 +595,19 @@ def test_deeply_nested_unpacking_assignment(): def test_iterated_unpacking_assignment(): t = (SOURCE, SOURCE, NONSOURCE) a, *b, c = t - SINK(a) #$ flow="SOURCE, l:-2 -> a" + SINK(a) # $ flow="SOURCE, l:-2 -> a" SINK_F(b) - SINK(b[0]) #$ flow="SOURCE, l:-4 -> b[0]" - SINK_F(c) #$ SPURIOUS: flow="SOURCE, l:-5 -> c" # We do not track tuple sizes + SINK(b[0]) # $ flow="SOURCE, l:-4 -> b[0]" + SINK_F(c) # $ SPURIOUS: flow="SOURCE, l:-5 -> c" # We do not track tuple sizes @expects(3) def test_iterated_unpacking_assignment_shrink(): t = (SOURCE, SOURCE) a, *b, c = t - SINK(a) #$ flow="SOURCE, l:-2 -> a" + SINK(a) # $ flow="SOURCE, l:-2 -> a" SINK_F(b) - SINK(c) #$ flow="SOURCE, l:-4 -> c" + SINK(c) # $ flow="SOURCE, l:-4 -> c" @expects(15) @@ -616,25 +616,25 @@ def test_unpacking_assignment_conversion(): # tuple ((a1, a2, a3), b, c) = ll - SINK(a1) #$ flow="SOURCE, l:-4 -> a1" - SINK_F(a2) #$ SPURIOUS: flow="SOURCE, l:-5 -> a2" # We expect an FP as all elements are tainted - SINK(a3) #$ flow="SOURCE, l:-6 -> a3" + SINK(a1) # $ flow="SOURCE, l:-4 -> a1" + SINK_F(a2) # $ SPURIOUS: flow="SOURCE, l:-5 -> a2" # We expect an FP as all elements are tainted + SINK(a3) # $ flow="SOURCE, l:-6 -> a3" SINK_F(b) # The list itself is not tainted SINK_F(c) # mixed [(a1, a2, a3), b, c] = ll - SINK(a1) #$ flow="SOURCE, l:-12 -> a1" - SINK_F(a2) #$ SPURIOUS: flow="SOURCE, l:-13 -> a2" # We expect an FP as all elements are tainted - SINK(a3) #$ flow="SOURCE, l:-14 -> a3" + SINK(a1) # $ flow="SOURCE, l:-12 -> a1" + SINK_F(a2) # $ SPURIOUS: flow="SOURCE, l:-13 -> a2" # We expect an FP as all elements are tainted + SINK(a3) # $ flow="SOURCE, l:-14 -> a3" SINK_F(b) # The list itself is not tainted SINK_F(c) # mixed differently ([a1, a2, a3], b, c) = ll - SINK(a1) #$ flow="SOURCE, l:-20 -> a1" - SINK_F(a2) #$ SPURIOUS: flow="SOURCE, l:-21 -> a2" # We expect an FP as all elements are tainted - SINK(a3) #$ flow="SOURCE, l:-22 -> a3" + SINK(a1) # $ flow="SOURCE, l:-20 -> a1" + SINK_F(a2) # $ SPURIOUS: flow="SOURCE, l:-21 -> a2" # We expect an FP as all elements are tainted + SINK(a3) # $ flow="SOURCE, l:-22 -> a3" SINK_F(b) # The list itself is not tainted SINK_F(c) @@ -644,37 +644,37 @@ def test_iterated_unpacking_assignment_conversion(): # list [[a1, *a2], *b] = tt - SINK(a1) #$ flow="SOURCE, l:-4 -> a1" + SINK(a1) # $ flow="SOURCE, l:-4 -> a1" SINK_F(a2) # The list itself is not tainted - SINK_F(a2[0]) #$ SPURIOUS: flow="SOURCE, l:-6 -> a2[0]" # FP here due to list abstraction - SINK(a2[1]) #$ flow="SOURCE, l:-7 -> a2[1]" + SINK_F(a2[0]) # $ SPURIOUS: flow="SOURCE, l:-6 -> a2[0]" # FP here due to list abstraction + SINK(a2[1]) # $ flow="SOURCE, l:-7 -> a2[1]" SINK_F(b) # The list itself is not tainted SINK_F(b[0]) # tuple ((a1, *a2), *b) = tt - SINK(a1) #$ flow="SOURCE, l:-13 -> a1" + SINK(a1) # $ flow="SOURCE, l:-13 -> a1" SINK_F(a2) # The list itself is not tainted - SINK_F(a2[0]) #$ SPURIOUS: flow="SOURCE, l:-15 -> a2[0]" # FP here due to list abstraction - SINK(a2[1]) #$ flow="SOURCE, l:-16 -> a2[1]" + SINK_F(a2[0]) # $ SPURIOUS: flow="SOURCE, l:-15 -> a2[0]" # FP here due to list abstraction + SINK(a2[1]) # $ flow="SOURCE, l:-16 -> a2[1]" SINK_F(b) # The list itself is not tainted SINK_F(b[0]) # mixed [(a1, *a2), *b] = tt - SINK(a1) #$ flow="SOURCE, l:-22 -> a1" + SINK(a1) # $ flow="SOURCE, l:-22 -> a1" SINK_F(a2) # The list itself is not tainted - SINK_F(a2[0]) #$ SPURIOUS: flow="SOURCE, l:-24 -> a2[0]" # FP here due to list abstraction - SINK(a2[1]) #$ flow="SOURCE, l:-25 -> a2[1]" + SINK_F(a2[0]) # $ SPURIOUS: flow="SOURCE, l:-24 -> a2[0]" # FP here due to list abstraction + SINK(a2[1]) # $ flow="SOURCE, l:-25 -> a2[1]" SINK_F(b) # The list itself is not tainted SINK_F(b[0]) # mixed differently ([a1, *a2], *b) = tt - SINK(a1) #$ flow="SOURCE, l:-31 -> a1" + SINK(a1) # $ flow="SOURCE, l:-31 -> a1" SINK_F(a2) # The list itself is not tainted - SINK_F(a2[0]) #$ SPURIOUS: flow="SOURCE, l:-33 -> a2[0]" # FP here due to list abstraction - SINK(a2[1]) #$ flow="SOURCE, l:-34 -> a2[1]" + SINK_F(a2[0]) # $ SPURIOUS: flow="SOURCE, l:-33 -> a2[0]" # FP here due to list abstraction + SINK(a2[1]) # $ flow="SOURCE, l:-34 -> a2[1]" SINK_F(b) # The list itself is not tainted SINK_F(b[0]) @@ -682,16 +682,16 @@ def test_iterated_unpacking_assignment_conversion(): @expects(3) def test_iterable_repacking(): a, *(b, c) = (SOURCE, NONSOURCE, SOURCE) - SINK(a) #$ flow="SOURCE, l:-1 -> a" + SINK(a) # $ flow="SOURCE, l:-1 -> a" SINK_F(b) - SINK(c) #$ MISSING: flow="SOURCE, l:-3 -> c" + SINK(c) # $ MISSING: flow="SOURCE, l:-3 -> c" @expects(4) def test_iterable_unpacking_in_for(): tl = [(SOURCE, NONSOURCE), (SOURCE, NONSOURCE)] for x,y in tl: - SINK(x) #$ flow="SOURCE, l:-2 -> x" + SINK(x) # $ flow="SOURCE, l:-2 -> x" SINK_F(y) @@ -700,21 +700,21 @@ def test_iterable_star_unpacking_in_for(): tl = [(SOURCE, NONSOURCE), (SOURCE, NONSOURCE)] for *x,y in tl: SINK_F(x) - SINK(x[0]) #$ flow="SOURCE, l:-3 -> x[0]" - SINK_F(y) #$ SPURIOUS: flow="SOURCE, l:-4 -> y" # FP here since we do not track the tuple lenght and so `*x` could be empty + SINK(x[0]) # $ flow="SOURCE, l:-3 -> x[0]" + SINK_F(y) # $ SPURIOUS: flow="SOURCE, l:-4 -> y" # FP here since we do not track the tuple lenght and so `*x` could be empty @expects(6) def test_iterable_star_unpacking_in_for_2(): tl = [(SOURCE, NONSOURCE), (SOURCE, NONSOURCE)] for x,*y,z in tl: - SINK(x) #$ flow="SOURCE, l:-2 -> x" + SINK(x) # $ flow="SOURCE, l:-2 -> x" SINK_F(y) # The list itself is not tainted (and is here empty) SINK_F(z) def iterate_star_args(first, second, *args): for arg in args: - SINK(arg) #$ flow="SOURCE, l:+5 -> arg" flow="SOURCE, l:+6 -> arg" + SINK(arg) # $ flow="SOURCE, l:+5 -> arg" flow="SOURCE, l:+6 -> arg" # FP reported here: https://github.com/github/codeql-python-team/issues/49 @expects(2) @@ -751,17 +751,17 @@ def test_deep_callgraph(): return f5(arg) x = f6(SOURCE) - SINK(x) #$ flow="SOURCE, l:-1 -> x" + SINK(x) # $ flow="SOURCE, l:-1 -> x" x = f5(SOURCE) - SINK(x) #$ flow="SOURCE, l:-1 -> x" + SINK(x) # $ flow="SOURCE, l:-1 -> x" x = f4(SOURCE) - SINK(x) #$ flow="SOURCE, l:-1 -> x" + SINK(x) # $ flow="SOURCE, l:-1 -> x" x = f3(SOURCE) - SINK(x) #$ flow="SOURCE, l:-1 -> x" + SINK(x) # $ flow="SOURCE, l:-1 -> x" x = f2(SOURCE) - SINK(x) #$ flow="SOURCE, l:-1 -> x" + SINK(x) # $ flow="SOURCE, l:-1 -> x" x = f1(SOURCE) - SINK(x) #$ flow="SOURCE, l:-1 -> x" + SINK(x) # $ flow="SOURCE, l:-1 -> x" def wat_f1(arg): @@ -785,17 +785,17 @@ def wat_f6(arg): @expects(6) def test_deep_callgraph_defined_in_module(): x = wat_f6(SOURCE) - SINK(x) #$ flow="SOURCE, l:-1 -> x" + SINK(x) # $ flow="SOURCE, l:-1 -> x" x = wat_f5(SOURCE) - SINK(x) #$ flow="SOURCE, l:-1 -> x" + SINK(x) # $ flow="SOURCE, l:-1 -> x" x = wat_f4(SOURCE) - SINK(x) #$ flow="SOURCE, l:-1 -> x" + SINK(x) # $ flow="SOURCE, l:-1 -> x" x = wat_f3(SOURCE) - SINK(x) #$ flow="SOURCE, l:-1 -> x" + SINK(x) # $ flow="SOURCE, l:-1 -> x" x = wat_f2(SOURCE) - SINK(x) #$ flow="SOURCE, l:-1 -> x" + SINK(x) # $ flow="SOURCE, l:-1 -> x" x = wat_f1(SOURCE) - SINK(x) #$ flow="SOURCE, l:-1 -> x" + SINK(x) # $ flow="SOURCE, l:-1 -> x" @expects(2) def test_dynamic_tuple_creation_1(): @@ -803,7 +803,7 @@ def test_dynamic_tuple_creation_1(): tup += (SOURCE,) tup += (NONSOURCE,) - SINK(tup[0]) #$ MISSING:flow="SOURCE, l:-3 -> tup[0]" + SINK(tup[0]) # $ MISSING:flow="SOURCE, l:-3 -> tup[0]" SINK_F(tup[1]) @@ -813,7 +813,7 @@ def test_dynamic_tuple_creation_2(): tup += (SOURCE,) tup += (NONSOURCE,) - SINK(tup[0]) #$ MISSING:flow="SOURCE, l:-3 -> tup[0]" + SINK(tup[0]) # $ MISSING:flow="SOURCE, l:-3 -> tup[0]" SINK_F(tup[1]) @@ -823,7 +823,7 @@ def test_dynamic_tuple_creation_3(): tup2 = (NONSOURCE,) tup = tup1 + tup2 - SINK(tup[0]) #$ MISSING:flow="SOURCE, l:-4 -> tup[0]" + SINK(tup[0]) # $ MISSING:flow="SOURCE, l:-4 -> tup[0]" SINK_F(tup[1]) @@ -834,7 +834,7 @@ def test_dynamic_tuple_creation_4(): for item in [SOURCE, NONSOURCE]: tup += (item,) - SINK(tup[0]) #$ MISSING:flow="SOURCE, l:-3 -> tup[0]" + SINK(tup[0]) # $ MISSING:flow="SOURCE, l:-3 -> tup[0]" SINK_F(tup[1]) def return_from_inner_scope(x): @@ -844,7 +844,7 @@ def return_from_inner_scope(x): return SOURCE def test_return_from_inner_scope(): - SINK(return_from_inner_scope([])) #$ flow="SOURCE, l:-3 -> return_from_inner_scope(..)" + SINK(return_from_inner_scope([])) # $ flow="SOURCE, l:-3 -> return_from_inner_scope(..)" # Inspired by reverse read inconsistency check @@ -855,13 +855,13 @@ def test_reverse_read_subscript(): d = {"a": NONSOURCE} l = [d] insertAtA(l[0]) - SINK(d["a"]) #$ MISSING:flow="SOURCE, l-6 -> d['a']"" + SINK(d["a"]) # $ MISSING:flow="SOURCE, l-6 -> d['a']"" def test_reverse_read_dict_arg(): d = {"a": NONSOURCE} dd = {"d": d} insertAtA(**dd) - SINK(d["a"]) #$ MISSING:flow="SOURCE, l-12 -> d['a']"" + SINK(d["a"]) # $ MISSING:flow="SOURCE, l-12 -> d['a']"" class WithA: @@ -876,10 +876,10 @@ def test_reverse_read_subscript_cls(): withA = WithA() l = [withA] l[0].setA(SOURCE) - SINK(withA.a) #$ MISSING:flow="SOURCE, l:-1 -> self.a" + SINK(withA.a) # $ MISSING:flow="SOURCE, l:-1 -> self.a" @expects(3) def test_with_default_param_value(x=SOURCE, /, y=SOURCE, *, z=SOURCE): - SINK(x) #$ flow="SOURCE, l:-1 -> x" - SINK(y) #$ flow="SOURCE, l:-2 -> y" - SINK(z) #$ flow="SOURCE, l:-3 -> z" + SINK(x) # $ flow="SOURCE, l:-1 -> x" + SINK(y) # $ flow="SOURCE, l:-2 -> y" + SINK(z) # $ flow="SOURCE, l:-3 -> z" diff --git a/python/ql/test/library-tests/dataflow/coverage/test_builtins.py b/python/ql/test/library-tests/dataflow/coverage/test_builtins.py index d609dbe3ef2..8e87e56dc2e 100644 --- a/python/ql/test/library-tests/dataflow/coverage/test_builtins.py +++ b/python/ql/test/library-tests/dataflow/coverage/test_builtins.py @@ -41,8 +41,8 @@ def SINK_F(x): def test_list_from_list(): l1 = [SOURCE, NONSOURCE] l2 = list(l1) - SINK(l2[0]) #$ flow="SOURCE, l:-2 -> l2[0]" - SINK_F(l2[1]) #$ SPURIOUS: flow="SOURCE, l:-3 -> l2[1]" + SINK(l2[0]) # $ flow="SOURCE, l:-2 -> l2[0]" + SINK_F(l2[1]) # $ SPURIOUS: flow="SOURCE, l:-3 -> l2[1]" # -- skip list_from_string @@ -50,19 +50,19 @@ def test_list_from_list(): def test_list_from_tuple(): t = (SOURCE, NONSOURCE) l = list(t) - SINK(l[0]) #$ flow="SOURCE, l:-2 -> l[0]" - SINK_F(l[1]) #$ SPURIOUS: flow="SOURCE, l:-3 -> l[1]" + SINK(l[0]) # $ flow="SOURCE, l:-2 -> l[0]" + SINK_F(l[1]) # $ SPURIOUS: flow="SOURCE, l:-3 -> l[1]" def test_list_from_set(): s = {SOURCE} l = list(s) - SINK(l[0]) #$ flow="SOURCE, l:-2 -> l[0]" + SINK(l[0]) # $ flow="SOURCE, l:-2 -> l[0]" @expects(2) def test_list_from_dict(): d = {SOURCE: 'v', NONSOURCE: 'v2'} l = list(d) - SINK(l[0]) #$ MISSING: flow="SOURCE, l:-2 -> l[0]" + SINK(l[0]) # $ MISSING: flow="SOURCE, l:-2 -> l[0]" SINK_F(l[1]) # expecting FP due to imprecise flow ### Tuple @@ -71,26 +71,26 @@ def test_list_from_dict(): def test_tuple_from_list(): l = [SOURCE, NONSOURCE] t = tuple(l) - SINK(t[0]) #$ MISSING: flow="SOURCE, l:-2 -> t[0]" + SINK(t[0]) # $ MISSING: flow="SOURCE, l:-2 -> t[0]" SINK_F(t[1]) @expects(2) def test_tuple_from_tuple(): t0 = (SOURCE, NONSOURCE) t = tuple(t0) - SINK(t[0]) #$ flow="SOURCE, l:-2 -> t[0]" + SINK(t[0]) # $ flow="SOURCE, l:-2 -> t[0]" SINK_F(t[1]) def test_tuple_from_set(): s = {SOURCE} t = tuple(s) - SINK(t[0]) #$ MISSING: flow="SOURCE, l:-2 -> t[0]" + SINK(t[0]) # $ MISSING: flow="SOURCE, l:-2 -> t[0]" @expects(2) def test_tuple_from_dict(): d = {SOURCE: "v1", NONSOURCE: "v2"} t = tuple(d) - SINK(t[0]) #$ MISSING: flow="SOURCE, l:-2 -> t[0]" + SINK(t[0]) # $ MISSING: flow="SOURCE, l:-2 -> t[0]" SINK_F(t[1]) @@ -100,25 +100,25 @@ def test_set_from_list(): l = [SOURCE] s = set(l) v = s.pop() - SINK(v) #$ flow="SOURCE, l:-3 -> v" + SINK(v) # $ flow="SOURCE, l:-3 -> v" def test_set_from_tuple(): t = (SOURCE,) s = set(t) v = s.pop() - SINK(v) #$ flow="SOURCE, l:-3 -> v" + SINK(v) # $ flow="SOURCE, l:-3 -> v" def test_set_from_set(): s0 = {SOURCE} s = set(s0) v = s.pop() - SINK(v) #$ flow="SOURCE, l:-3 -> v" + SINK(v) # $ flow="SOURCE, l:-3 -> v" def test_set_from_dict(): d = {SOURCE: "val"} s = set(d) v = s.pop() - SINK(v) #$ MISSING: flow="SOURCE, l:-3 -> v" + SINK(v) # $ MISSING: flow="SOURCE, l:-3 -> v" ### Dict @@ -126,29 +126,29 @@ def test_set_from_dict(): @expects(2) def test_dict_from_keyword(): d = dict(k = SOURCE, k1 = NONSOURCE) - SINK(d["k"]) #$ flow="SOURCE, l:-1 -> d['k']" + SINK(d["k"]) # $ flow="SOURCE, l:-1 -> d['k']" SINK_F(d["k1"]) @expects(2) def test_dict_from_list(): d = dict([("k", SOURCE), ("k1", NONSOURCE)]) - SINK(d["k"]) #$ flow="SOURCE, l:-1 -> d['k']" - SINK_F(d["k1"]) #$ SPURIOUS: flow="SOURCE, l:-2 -> d['k1']" // due to imprecise list content + SINK(d["k"]) # $ flow="SOURCE, l:-1 -> d['k']" + SINK_F(d["k1"]) # $ SPURIOUS: flow="SOURCE, l:-2 -> d['k1']" // due to imprecise list content @expects(2) def test_dict_from_dict(): d1 = {'k': SOURCE, 'k1': NONSOURCE} d2 = dict(d1) - SINK(d2["k"]) #$ flow="SOURCE, l:-2 -> d2['k']" + SINK(d2["k"]) # $ flow="SOURCE, l:-2 -> d2['k']" SINK_F(d2["k1"]) @expects(4) def test_dict_from_multiple_args(): d = dict([("k", SOURCE), ("k1", NONSOURCE)], k2 = SOURCE, k3 = NONSOURCE) - SINK(d["k"]) #$ flow="SOURCE, l:-1 -> d['k']" - SINK_F(d["k1"]) #$ SPURIOUS: flow="SOURCE, l:-2 -> d['k1']" // due to imprecise list content - SINK(d["k2"]) #$ flow="SOURCE, l:-3 -> d['k2']" - SINK_F(d["k3"]) #$ SPURIOUS: flow="SOURCE, l:-4 -> d['k3']" // due to imprecise list content + SINK(d["k"]) # $ flow="SOURCE, l:-1 -> d['k']" + SINK_F(d["k1"]) # $ SPURIOUS: flow="SOURCE, l:-2 -> d['k1']" // due to imprecise list content + SINK(d["k2"]) # $ flow="SOURCE, l:-3 -> d['k2']" + SINK_F(d["k3"]) # $ SPURIOUS: flow="SOURCE, l:-4 -> d['k3']" // due to imprecise list content ## Container methods @@ -157,46 +157,46 @@ def test_dict_from_multiple_args(): def test_list_pop(): l = [SOURCE] v = l.pop() - SINK(v) #$ flow="SOURCE, l:-2 -> v" + SINK(v) # $ flow="SOURCE, l:-2 -> v" def test_list_pop_index(): l = [SOURCE] v = l.pop(0) - SINK(v) #$ flow="SOURCE, l:-2 -> v" + SINK(v) # $ flow="SOURCE, l:-2 -> v" def test_list_pop_index_imprecise(): l = [SOURCE, NONSOURCE] v = l.pop(1) - SINK_F(v) #$ SPURIOUS: flow="SOURCE, l:-2 -> v" + SINK_F(v) # $ SPURIOUS: flow="SOURCE, l:-2 -> v" @expects(2) def test_list_copy(): l0 = [SOURCE, NONSOURCE] l = l0.copy() - SINK(l[0]) #$ flow="SOURCE, l:-2 -> l[0]" - SINK_F(l[1]) #$ SPURIOUS: flow="SOURCE, l:-3 -> l[1]" + SINK(l[0]) # $ flow="SOURCE, l:-2 -> l[0]" + SINK_F(l[1]) # $ SPURIOUS: flow="SOURCE, l:-3 -> l[1]" def test_list_append(): l = [NONSOURCE] l.append(SOURCE) - SINK(l[1]) #$ flow="SOURCE, l:-1 -> l[1]" + SINK(l[1]) # $ flow="SOURCE, l:-1 -> l[1]" ### Set def test_set_pop(): s = {SOURCE} v = s.pop() - SINK(v) #$ flow="SOURCE, l:-2 -> v" + SINK(v) # $ flow="SOURCE, l:-2 -> v" def test_set_copy(): s0 = {SOURCE} s = s0.copy() - SINK(s.pop()) #$ flow="SOURCE, l:-2 -> s.pop()" + SINK(s.pop()) # $ flow="SOURCE, l:-2 -> s.pop()" def test_set_add(): s = set([]) s.add(SOURCE) - SINK(s.pop()) #$ flow="SOURCE, l:-1 -> s.pop()" + SINK(s.pop()) # $ flow="SOURCE, l:-1 -> s.pop()" ### Dict @@ -204,13 +204,13 @@ def test_dict_keys(): d = {SOURCE: "value"} keys = d.keys() key_list = list(keys) - SINK(key_list[0]) #$ MISSING: flow="SOURCE, l:-3 -> key_list[0]" + SINK(key_list[0]) # $ MISSING: flow="SOURCE, l:-3 -> key_list[0]" def test_dict_values(): d = {'k': SOURCE} vals = d.values() val_list = list(vals) - SINK(val_list[0]) #$ flow="SOURCE, l:-3 -> val_list[0]" + SINK(val_list[0]) # $ flow="SOURCE, l:-3 -> val_list[0]" @expects(4) def test_dict_items(): @@ -218,43 +218,43 @@ def test_dict_items(): items = d.items() item_list = list(items) SINK_F(item_list[0][0]) # expecting FP due to imprecise flow - SINK(item_list[0][1]) #$ flow="SOURCE, l:-4 -> item_list[0][1]" - SINK(item_list[1][0]) #$ MISSING: flow="SOURCE, l:-5 -> item_list[1][0]" - SINK_F(item_list[1][1]) #$ SPURIOUS: flow="SOURCE, l:-6 -> item_list[1][1]" + SINK(item_list[0][1]) # $ flow="SOURCE, l:-4 -> item_list[0][1]" + SINK(item_list[1][0]) # $ MISSING: flow="SOURCE, l:-5 -> item_list[1][0]" + SINK_F(item_list[1][1]) # $ SPURIOUS: flow="SOURCE, l:-6 -> item_list[1][1]" @expects(3) def test_dict_pop(): d = {'k': SOURCE} v = d.pop("k") - SINK(v) #$ flow="SOURCE, l:-2 -> v" + SINK(v) # $ flow="SOURCE, l:-2 -> v" v1 = d.pop("k", NONSOURCE) - SINK_F(v1) #$ SPURIOUS: flow="SOURCE, l:-4 -> v1" + SINK_F(v1) # $ SPURIOUS: flow="SOURCE, l:-4 -> v1" v2 = d.pop("non-existing", SOURCE) - SINK(v2) #$ flow="SOURCE, l:-1 -> v2" + SINK(v2) # $ flow="SOURCE, l:-1 -> v2" @expects(3) def test_dict_get(): d = {'k': SOURCE} v = d.get("k") - SINK(v) #$ flow="SOURCE, l:-2 -> v" + SINK(v) # $ flow="SOURCE, l:-2 -> v" v1 = d.get("non-existing", SOURCE) - SINK(v1) #$ flow="SOURCE, l:-1 -> v1" + SINK(v1) # $ flow="SOURCE, l:-1 -> v1" k = "k" v2 = d.get(k) - SINK(v2) #$ flow="SOURCE, l:-7 -> v2" + SINK(v2) # $ flow="SOURCE, l:-7 -> v2" @expects(2) def test_dict_popitem(): d = {'k': SOURCE} t = d.popitem() # could be any pair (before 3.7), but we only have one SINK_F(t[0]) - SINK(t[1]) #$ flow="SOURCE, l:-3 -> t[1]" + SINK(t[1]) # $ flow="SOURCE, l:-3 -> t[1]" @expects(2) def test_dict_copy(): d = {'k': SOURCE, 'k1': NONSOURCE} d1 = d.copy() - SINK(d1["k"]) #$ flow="SOURCE, l:-2 -> d1['k']" + SINK(d1["k"]) # $ flow="SOURCE, l:-2 -> d1['k']" SINK_F(d1["k1"]) @@ -265,22 +265,22 @@ def test_dict_copy(): def test_sorted_list(): l0 = [SOURCE] l = sorted(l0) - SINK(l[0]) #$ flow="SOURCE, l:-2 -> l[0]" + SINK(l[0]) # $ flow="SOURCE, l:-2 -> l[0]" def test_sorted_tuple(): t = (SOURCE,) l = sorted(t) - SINK(l[0]) #$ flow="SOURCE, l:-2 -> l[0]" + SINK(l[0]) # $ flow="SOURCE, l:-2 -> l[0]" def test_sorted_set(): s = {SOURCE} l = sorted(s) - SINK(l[0]) #$ flow="SOURCE, l:-2 -> l[0]" + SINK(l[0]) # $ flow="SOURCE, l:-2 -> l[0]" def test_sorted_dict(): d = {SOURCE: "val"} l = sorted(d) - SINK(l[0]) #$ MISSING: flow="SOURCE, l:-2 -> l[0]" + SINK(l[0]) # $ MISSING: flow="SOURCE, l:-2 -> l[0]" ### reversed @@ -289,16 +289,16 @@ def test_reversed_list(): l0 = [SOURCE, NONSOURCE] r = reversed(l0) l = list(r) - SINK_F(l[0]) #$ SPURIOUS: flow="SOURCE, l:-3 -> l[0]" - SINK(l[1]) #$ flow="SOURCE, l:-4 -> l[1]" + SINK_F(l[0]) # $ SPURIOUS: flow="SOURCE, l:-3 -> l[0]" + SINK(l[1]) # $ flow="SOURCE, l:-4 -> l[1]" @expects(2) def test_reversed_tuple(): t = (SOURCE, NONSOURCE) r = reversed(t) l = list(r) - SINK_F(l[0]) #$ SPURIOUS: flow="SOURCE, l:-3 -> l[0]" - SINK(l[1]) #$ flow="SOURCE, l:-4 -> l[1]" + SINK_F(l[0]) # $ SPURIOUS: flow="SOURCE, l:-3 -> l[0]" + SINK(l[1]) # $ flow="SOURCE, l:-4 -> l[1]" @expects(2) def test_reversed_dict(): @@ -306,7 +306,7 @@ def test_reversed_dict(): r = reversed(d) l = list(r) SINK_F(l[0]) - SINK(l[1]) #$ MISSING: flow="SOURCE, l:-4 -> l[1]" + SINK(l[1]) # $ MISSING: flow="SOURCE, l:-4 -> l[1]" ### iter @@ -314,32 +314,32 @@ def test_iter_list(): l0 = [SOURCE] i = iter(l0) l = list(i) - SINK(l[0]) #$ flow="SOURCE, l:-3 -> l[0]" + SINK(l[0]) # $ flow="SOURCE, l:-3 -> l[0]" def test_iter_tuple(): t = (SOURCE,) i = iter(t) l = list(i) - SINK(l[0]) #$ flow="SOURCE, l:-3 -> l[0]" + SINK(l[0]) # $ flow="SOURCE, l:-3 -> l[0]" def test_iter_set(): t = {SOURCE} i = iter(t) l = list(i) - SINK(l[0]) #$ flow="SOURCE, l:-3 -> l[0]" + SINK(l[0]) # $ flow="SOURCE, l:-3 -> l[0]" def test_iter_dict(): d = {SOURCE: "val"} i = iter(d) l = list(i) - SINK(l[0]) #$ MISSING: flow="SOURCE, l:-3 -> l[0]" + SINK(l[0]) # $ MISSING: flow="SOURCE, l:-3 -> l[0]" def test_iter_iter(): # applying iter() to the result of iter() is basically a no-op l0 = [SOURCE] i = iter(iter(l0)) l = list(i) - SINK(l[0]) #$ flow="SOURCE, l:-3 -> l[0]" + SINK(l[0]) # $ flow="SOURCE, l:-3 -> l[0]" ### next @@ -347,25 +347,25 @@ def test_next_list(): l = [SOURCE] i = iter(l) n = next(i) - SINK(n) #$ flow="SOURCE, l:-3 -> n" + SINK(n) # $ flow="SOURCE, l:-3 -> n" def test_next_tuple(): t = (SOURCE,) i = iter(t) n = next(i) - SINK(n) #$ flow="SOURCE, l:-3 -> n" + SINK(n) # $ flow="SOURCE, l:-3 -> n" def test_next_set(): s = {SOURCE} i = iter(s) n = next(i) - SINK(n) #$ flow="SOURCE, l:-3 -> n" + SINK(n) # $ flow="SOURCE, l:-3 -> n" def test_next_dict(): d = {SOURCE: "val"} i = iter(d) n = next(i) - SINK(n) #$ MISSING: flow="SOURCE, l:-3 -> n" + SINK(n) # $ MISSING: flow="SOURCE, l:-3 -> n" ### map @@ -375,13 +375,13 @@ def test_map_list(): l2 = [NONSOURCE] def f(p1,p2): - SINK(p1) #$ flow="SOURCE, l:-4 -> p1" + SINK(p1) # $ flow="SOURCE, l:-4 -> p1" SINK_F(p2) return p1,p2 rl = list(map(f, l1, l2)) - SINK(rl[0][0]) #$ flow="SOURCE, l:-10 -> rl[0][0]" + SINK(rl[0][0]) # $ flow="SOURCE, l:-10 -> rl[0][0]" SINK_F(rl[0][1]) @expects(4) @@ -390,13 +390,13 @@ def test_map_set(): s2 = {NONSOURCE} def f(p1,p2): - SINK(p1) #$ flow="SOURCE, l:-4 -> p1" + SINK(p1) # $ flow="SOURCE, l:-4 -> p1" SINK_F(p2) return p1,p2 rl = list(map(f, s1, s2)) - SINK(rl[0][0]) #$ flow="SOURCE, l:-10 -> rl[0][0]" + SINK(rl[0][0]) # $ flow="SOURCE, l:-10 -> rl[0][0]" SINK_F(rl[0][1]) @expects(4) @@ -405,13 +405,13 @@ def test_map_tuple(): t2 = (NONSOURCE,) def f(p1,p2): - SINK(p1) #$ flow="SOURCE, l:-4 -> p1" + SINK(p1) # $ flow="SOURCE, l:-4 -> p1" SINK_F(p2) return p1,p2 rl = list(map(f, t1, t2)) - SINK(rl[0][0]) #$ flow="SOURCE, l:-10 -> rl[0][0]" + SINK(rl[0][0]) # $ flow="SOURCE, l:-10 -> rl[0][0]" SINK_F(rl[0][1]) @@ -421,13 +421,13 @@ def test_map_dict(): d2 = {NONSOURCE: "v2"} def f(p1,p2): - SINK(p1) #$ MISSING: flow="SOURCE, l:-4 -> p1" + SINK(p1) # $ MISSING: flow="SOURCE, l:-4 -> p1" SINK_F(p2) return p1,p2 rl = list(map(f, d1, d2)) - SINK(rl[0][0]) #$ MISSING: flow="SOURCE, l:-10 -> rl[0][0]" + SINK(rl[0][0]) # $ MISSING: flow="SOURCE, l:-10 -> rl[0][0]" SINK_F(rl[0][1]) @expects(4) @@ -436,13 +436,13 @@ def test_map_multi_list(): l2 = [SOURCE] def f(p1,p2): - SINK(p1) #$ flow="SOURCE, l:-4 -> p1" - SINK(p2) #$ flow="SOURCE, l:-4 -> p2" + SINK(p1) # $ flow="SOURCE, l:-4 -> p1" + SINK(p2) # $ flow="SOURCE, l:-4 -> p2" return p1,p2 rl = list(map(f, l1, l2)) - SINK(rl[0][0]) #$ flow="SOURCE, l:-9 -> rl[0][0]" - SINK(rl[0][1]) #$ flow="SOURCE, l:-9 -> rl[0][1]" + SINK(rl[0][0]) # $ flow="SOURCE, l:-9 -> rl[0][0]" + SINK(rl[0][1]) # $ flow="SOURCE, l:-9 -> rl[0][1]" @expects(4) def test_map_multi_tuple(): @@ -450,59 +450,59 @@ def test_map_multi_tuple(): l2 = (SOURCE,) def f(p1,p2): - SINK(p1) #$ flow="SOURCE, l:-4 -> p1" - SINK(p2) #$ MISSING: flow="SOURCE, l:-4 -> p2" # Tuples are not tracked beyond the first list argument for performance. + SINK(p1) # $ flow="SOURCE, l:-4 -> p1" + SINK(p2) # $ MISSING: flow="SOURCE, l:-4 -> p2" # Tuples are not tracked beyond the first list argument for performance. return p1,p2 rl = list(map(f, l1, l2)) - SINK(rl[0][0]) #$ flow="SOURCE, l:-9 -> rl[0][0]" - SINK(rl[0][1]) #$ MISSING: flow="SOURCE, l:-9 -> rl[0][1]" + SINK(rl[0][0]) # $ flow="SOURCE, l:-9 -> rl[0][0]" + SINK(rl[0][1]) # $ MISSING: flow="SOURCE, l:-9 -> rl[0][1]" -### filter +### filter @expects(2) def test_filter_list(): l = [SOURCE] def f(p): - SINK(p) #$ flow="SOURCE, l:-3 -> p" - return True + SINK(p) # $ flow="SOURCE, l:-3 -> p" + return True rl = list(filter(f,l)) - SINK(rl[0]) #$ flow="SOURCE, l:-7 -> rl[0]" + SINK(rl[0]) # $ flow="SOURCE, l:-7 -> rl[0]" @expects(2) def test_filter_set(): s = {SOURCE} def f(p): - SINK(p) #$ flow="SOURCE, l:-3 -> p" - return True + SINK(p) # $ flow="SOURCE, l:-3 -> p" + return True rl = list(filter(f,s)) - SINK(rl[0]) #$ flow="SOURCE, l:-7 -> rl[0]" + SINK(rl[0]) # $ flow="SOURCE, l:-7 -> rl[0]" @expects(2) def test_filter_tuple(): t = (SOURCE,) def f(p): - SINK(p) #$ flow="SOURCE, l:-3 -> p" - return True + SINK(p) # $ flow="SOURCE, l:-3 -> p" + return True rl = list(filter(f,t)) - SINK(rl[0]) #$ flow="SOURCE, l:-7 -> rl[0]" + SINK(rl[0]) # $ flow="SOURCE, l:-7 -> rl[0]" @expects(2) def test_filter_dict(): d = {SOURCE: "v"} def f(p): - SINK(p) #$ MISSING: flow="SOURCE, l:-3 -> p" - return True + SINK(p) # $ MISSING: flow="SOURCE, l:-3 -> p" + return True rl = list(filter(f,d)) - SINK(rl[0]) #$ MISSING: flow="SOURCE, l:-7 -> rl[0]" + SINK(rl[0]) # $ MISSING: flow="SOURCE, l:-7 -> rl[0]" @expects(1) def test_enumerate_list(): @@ -510,7 +510,7 @@ def test_enumerate_list(): e = list(enumerate(l)) - SINK(e[0][1]) #$ flow="SOURCE, l:-4 -> e[0][1]" + SINK(e[0][1]) # $ flow="SOURCE, l:-4 -> e[0][1]" @expects(1) def test_enumerate_set(): @@ -518,7 +518,7 @@ def test_enumerate_set(): e = list(enumerate(s)) - SINK(e[0][1]) #$ flow="SOURCE, l:-4 -> e[0][1]" + SINK(e[0][1]) # $ flow="SOURCE, l:-4 -> e[0][1]" @expects(1) def test_enumerate_tuple(): @@ -526,17 +526,17 @@ def test_enumerate_tuple(): e = list(enumerate(t)) - SINK(e[0][1]) #$ flow="SOURCE, l:-4 -> e[0][1]" + SINK(e[0][1]) # $ flow="SOURCE, l:-4 -> e[0][1]" @expects(2) def test_enumerate_list_for(): l = [SOURCE] for i, x in enumerate(l): - SINK(x) #$ flow="SOURCE, l:-3 -> x" + SINK(x) # $ flow="SOURCE, l:-3 -> x" for t in enumerate(l): - SINK(t[1]) #$ flow="SOURCE, l:-6 -> t[1]" + SINK(t[1]) # $ flow="SOURCE, l:-6 -> t[1]" @expects(1) def test_enumerate_dict(): @@ -552,16 +552,16 @@ def test_zip_list(): l2 = [SOURCE, NONSOURCE] l3 = [NONSOURCE, SOURCE] l4 = [NONSOURCE, NONSOURCE] - + z = list(zip(l1,l2,l3,l4)) - SINK(z[0][0]) #$ flow="SOURCE, l:-7 -> z[0][0]" - SINK(z[0][1]) #$ flow="SOURCE, l:-7 -> z[0][1]" - SINK_F(z[0][2]) #$ SPURIOUS: flow="SOURCE, l:-7 -> z[0][2]" + SINK(z[0][0]) # $ flow="SOURCE, l:-7 -> z[0][0]" + SINK(z[0][1]) # $ flow="SOURCE, l:-7 -> z[0][1]" + SINK_F(z[0][2]) # $ SPURIOUS: flow="SOURCE, l:-7 -> z[0][2]" SINK_F(z[0][3]) - SINK(z[1][0]) #$ flow="SOURCE, l:-11 -> z[1][0]" - SINK_F(z[1][1]) #$ SPURIOUS: flow="SOURCE, l:-11 -> z[1][1]" - SINK(z[1][2]) #$ flow="SOURCE, l:-11 -> z[1][2]" + SINK(z[1][0]) # $ flow="SOURCE, l:-11 -> z[1][0]" + SINK_F(z[1][1]) # $ SPURIOUS: flow="SOURCE, l:-11 -> z[1][1]" + SINK(z[1][2]) # $ flow="SOURCE, l:-11 -> z[1][2]" SINK_F(z[1][3]) @expects(4) @@ -570,12 +570,12 @@ def test_zip_set(): s2 = {NONSOURCE} s3 = {SOURCE} s4 = {NONSOURCE} - + z = list(zip(s1,s2,s3,s4)) - SINK(z[0][0]) #$ flow="SOURCE, l:-7 -> z[0][0]" + SINK(z[0][0]) # $ flow="SOURCE, l:-7 -> z[0][0]" SINK_F(z[0][1]) - SINK(z[0][2]) #$ flow="SOURCE, l:-7 -> z[0][2]" + SINK(z[0][2]) # $ flow="SOURCE, l:-7 -> z[0][2]" SINK_F(z[0][3]) @expects(8) @@ -584,16 +584,16 @@ def test_zip_tuple(): t2 = (SOURCE, NONSOURCE) t3 = (NONSOURCE, SOURCE) t4 = (NONSOURCE, NONSOURCE) - + z = list(zip(t1,t2,t3,t4)) - SINK(z[0][0]) #$ flow="SOURCE, l:-7 -> z[0][0]" - SINK(z[0][1]) #$ flow="SOURCE, l:-7 -> z[0][1]" - SINK_F(z[0][2]) + SINK(z[0][0]) # $ flow="SOURCE, l:-7 -> z[0][0]" + SINK(z[0][1]) # $ flow="SOURCE, l:-7 -> z[0][1]" + SINK_F(z[0][2]) SINK_F(z[0][3]) - SINK(z[1][0]) #$ flow="SOURCE, l:-11 -> z[1][0]" - SINK_F(z[1][1]) #$ SPURIOUS: flow="SOURCE, l:-11 -> z[1][1]" - SINK(z[1][2]) #$ MISSING: flow="SOURCE, l:-11 -> z[1][2]" # Tuple contents are not tracked beyond the first two arguments for performance. + SINK(z[1][0]) # $ flow="SOURCE, l:-11 -> z[1][0]" + SINK_F(z[1][1]) # $ SPURIOUS: flow="SOURCE, l:-11 -> z[1][1]" + SINK(z[1][2]) # $ MISSING: flow="SOURCE, l:-11 -> z[1][2]" # Tuple contents are not tracked beyond the first two arguments for performance. SINK_F(z[1][3]) @expects(4) @@ -602,10 +602,10 @@ def test_zip_dict(): d2 = {NONSOURCE: "v"} d3 = {SOURCE: "v"} d4 = {NONSOURCE: "v"} - + z = list(zip(d1,d2,d3,d4)) - SINK(z[0][0]) #$ MISSING: flow="SOURCE, l:-7 -> z[0][0]" - SINK_F(z[0][1]) - SINK(z[0][2]) #$ MISSING: flow="SOURCE, l:-7 -> z[0][2]" - SINK_F(z[0][3]) \ No newline at end of file + SINK(z[0][0]) # $ MISSING: flow="SOURCE, l:-7 -> z[0][0]" + SINK_F(z[0][1]) + SINK(z[0][2]) # $ MISSING: flow="SOURCE, l:-7 -> z[0][2]" + SINK_F(z[0][3]) diff --git a/python/ql/test/library-tests/dataflow/global-flow/known.py b/python/ql/test/library-tests/dataflow/global-flow/known.py index f9bdbd7af54..045e9ecc051 100644 --- a/python/ql/test/library-tests/dataflow/global-flow/known.py +++ b/python/ql/test/library-tests/dataflow/global-flow/known.py @@ -1 +1 @@ -known_attr = [1000] #$ writes=known_attr +known_attr = [1000] # $ writes=known_attr diff --git a/python/ql/test/library-tests/dataflow/match/test.py b/python/ql/test/library-tests/dataflow/match/test.py index abdeaa2ee7c..cc921a9753e 100644 --- a/python/ql/test/library-tests/dataflow/match/test.py +++ b/python/ql/test/library-tests/dataflow/match/test.py @@ -29,32 +29,32 @@ def SINK_F(x): def test_guard(): match SOURCE: - case x if SINK(x): #$ flow="SOURCE, l:-1 -> x" + case x if SINK(x): # $ flow="SOURCE, l:-1 -> x" pass @expects(2) def test_as_pattern(): match SOURCE: case x as y: - SINK(x) #$ flow="SOURCE, l:-2 -> x" - SINK(y) #$ flow="SOURCE, l:-3 -> y" + SINK(x) # $ flow="SOURCE, l:-2 -> x" + SINK(y) # $ flow="SOURCE, l:-3 -> y" def test_or_pattern(): match SOURCE: # We cannot use NONSOURCE in place of "" below, since it would be seen as a variable. case ("" as x) | x: - SINK(x) #$ flow="SOURCE, l:-3 -> x" + SINK(x) # $ flow="SOURCE, l:-3 -> x" # No flow for literal pattern def test_literal_pattern(): match SOURCE: case "source" as x: - SINK(x) #$ flow="SOURCE, l:-2 -> x" flow="'source', l:-1 -> x" + SINK(x) # $ flow="SOURCE, l:-2 -> x" flow="'source', l:-1 -> x" def test_capture_pattern(): match SOURCE: case x: - SINK(x) #$ flow="SOURCE, l:-2 -> x" + SINK(x) # $ flow="SOURCE, l:-2 -> x" # No flow for wildcard pattern @@ -64,21 +64,21 @@ class Unsafe: def test_value_pattern(): match SOURCE: case Unsafe.VALUE as x: - SINK(x) #$ flow="SOURCE, l:-2 -> x" flow="SOURCE, l:-5 -> x" + SINK(x) # $ flow="SOURCE, l:-2 -> x" flow="SOURCE, l:-5 -> x" @expects(2) def test_sequence_pattern_tuple(): match (NONSOURCE, SOURCE): case (x, y): SINK_F(x) - SINK(y) #$ flow="SOURCE, l:-3 -> y" + SINK(y) # $ flow="SOURCE, l:-3 -> y" @expects(2) def test_sequence_pattern_list(): match [NONSOURCE, SOURCE]: case [x, y]: - SINK_F(x) #$ SPURIOUS: flow="SOURCE, l:-2 -> x" - SINK(y) #$ flow="SOURCE, l:-3 -> y" + SINK_F(x) # $ SPURIOUS: flow="SOURCE, l:-2 -> x" + SINK(y) # $ flow="SOURCE, l:-3 -> y" # Sets are excluded from sequence patterns, # see https://www.python.org/dev/peps/pep-0635/#sequence-patterns @@ -88,35 +88,35 @@ def test_star_pattern_tuple(): match (NONSOURCE, SOURCE): case (x, *y): SINK_F(x) - SINK(y[0]) #$ flow="SOURCE, l:-3 -> y[0]" + SINK(y[0]) # $ flow="SOURCE, l:-3 -> y[0]" @expects(2) def test_star_pattern_tuple_exclusion(): match (SOURCE, NONSOURCE): case (x, *y): - SINK(x) #$ flow="SOURCE, l:-2 -> x" + SINK(x) # $ flow="SOURCE, l:-2 -> x" SINK_F(y[0]) @expects(2) def test_star_pattern_list(): match [NONSOURCE, SOURCE]: case [x, *y]: - SINK_F(x) #$ SPURIOUS: flow="SOURCE, l:-2 -> x" - SINK(y[0]) #$ flow="SOURCE, l:-3 -> y[0]" + SINK_F(x) # $ SPURIOUS: flow="SOURCE, l:-2 -> x" + SINK(y[0]) # $ flow="SOURCE, l:-3 -> y[0]" @expects(2) def test_star_pattern_list_exclusion(): match [SOURCE, NONSOURCE]: case [x, *y]: - SINK(x) #$ flow="SOURCE, l:-2 -> x" - SINK_F(y[0]) #$ SPURIOUS: flow="SOURCE, l:-3 -> y[0]" + SINK(x) # $ flow="SOURCE, l:-2 -> x" + SINK_F(y[0]) # $ SPURIOUS: flow="SOURCE, l:-3 -> y[0]" @expects(2) def test_mapping_pattern(): match {"a": NONSOURCE, "b": SOURCE}: case {"a": x, "b": y}: SINK_F(x) - SINK(y) #$ flow="SOURCE, l:-3 -> y" + SINK(y) # $ flow="SOURCE, l:-3 -> y" # also tests the key value pattern @expects(2) @@ -124,13 +124,13 @@ def test_double_star_pattern(): match {"a": NONSOURCE, "b": SOURCE}: case {"a": x, **y}: SINK_F(x) - SINK(y["b"]) #$ flow="SOURCE, l:-3 -> y['b']" + SINK(y["b"]) # $ flow="SOURCE, l:-3 -> y['b']" @expects(2) def test_double_star_pattern_exclusion(): match {"a": SOURCE, "b": NONSOURCE}: case {"a": x, **y}: - SINK(x) #$ flow="SOURCE, l:-2 -> x" + SINK(x) # $ flow="SOURCE, l:-2 -> x" SINK_F(y["b"]) try: SINK_F(y["a"]) @@ -149,7 +149,7 @@ def test_class_pattern(): match bad_cell: case Cell(value = x): - SINK(x) #$ flow="SOURCE, l:-5 -> x" + SINK(x) # $ flow="SOURCE, l:-5 -> x" match good_cell: case Cell(value = x): diff --git a/python/ql/test/library-tests/dataflow/module-initialization/multiphase.py b/python/ql/test/library-tests/dataflow/module-initialization/multiphase.py index 9a3512732f5..71c0ca2e62d 100644 --- a/python/ql/test/library-tests/dataflow/module-initialization/multiphase.py +++ b/python/ql/test/library-tests/dataflow/module-initialization/multiphase.py @@ -1,42 +1,42 @@ -import sys #$ importTimeFlow="ImportExpr -> sys" -import os #$ importTimeFlow="ImportExpr -> os" +import sys # $ importTimeFlow="ImportExpr -> sys" +import os # $ importTimeFlow="ImportExpr -> os" sys.path.append(os.path.dirname(os.path.dirname((__file__)))) -from testlib import expects #$ importTimeFlow="ImportMember -> expects" +from testlib import expects # $ importTimeFlow="ImportMember -> expects" # These are defined so that we can evaluate the test code. -NONSOURCE = "not a source" #$ importTimeFlow="'not a source' -> NONSOURCE" -SOURCE = "source" #$ importTimeFlow="'source' -> SOURCE" +NONSOURCE = "not a source" # $ importTimeFlow="'not a source' -> NONSOURCE" +SOURCE = "source" # $ importTimeFlow="'source' -> SOURCE" -def is_source(x): #$ importTimeFlow="FunctionExpr -> is_source" +def is_source(x): # $ importTimeFlow="FunctionExpr -> is_source" return x == "source" or x == b"source" or x == 42 or x == 42.0 or x == 42j -def SINK(x): #$ importTimeFlow="FunctionExpr -> SINK" - if is_source(x): #$ runtimeFlow="ModuleVariableNode in Module multiphase for is_source, l:-17 -> is_source" - print("OK") #$ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-18 -> print" +def SINK(x): # $ importTimeFlow="FunctionExpr -> SINK" + if is_source(x): # $ runtimeFlow="ModuleVariableNode in Module multiphase for is_source, l:-17 -> is_source" + print("OK") # $ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-18 -> print" else: - print("Unexpected flow", x) #$ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-20 -> print" + print("Unexpected flow", x) # $ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-20 -> print" -def SINK_F(x): #$ importTimeFlow="FunctionExpr -> SINK_F" - if is_source(x): #$ runtimeFlow="ModuleVariableNode in Module multiphase for is_source, l:-24 -> is_source" - print("Unexpected flow", x) #$ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-25 -> print" +def SINK_F(x): # $ importTimeFlow="FunctionExpr -> SINK_F" + if is_source(x): # $ runtimeFlow="ModuleVariableNode in Module multiphase for is_source, l:-24 -> is_source" + print("Unexpected flow", x) # $ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-25 -> print" else: - print("OK") #$ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-27 -> print" + print("OK") # $ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-27 -> print" -def set_foo(): #$ importTimeFlow="FunctionExpr -> set_foo" +def set_foo(): # $ importTimeFlow="FunctionExpr -> set_foo" global foo - foo = SOURCE #$ runtimeFlow="ModuleVariableNode in Module multiphase for SOURCE, l:-31 -> SOURCE" # missing final definition of foo + foo = SOURCE # $ runtimeFlow="ModuleVariableNode in Module multiphase for SOURCE, l:-31 -> SOURCE" # missing final definition of foo -foo = NONSOURCE #$ importTimeFlow="NONSOURCE -> foo" +foo = NONSOURCE # $ importTimeFlow="NONSOURCE -> foo" set_foo() @expects(2) -def test_phases(): #$ importTimeFlow="expects(..)(..), l:-1 -> test_phases" +def test_phases(): # $ importTimeFlow="expects(..)(..), l:-1 -> test_phases" global foo - SINK(foo) #$ runtimeFlow="ModuleVariableNode in Module multiphase for SINK, l:-39 -> SINK" runtimeFlow="ModuleVariableNode in Module multiphase for foo, l:-39 -> foo" - foo = NONSOURCE #$ runtimeFlow="ModuleVariableNode in Module multiphase for NONSOURCE, l:-40 -> NONSOURCE" - set_foo() #$ runtimeFlow="ModuleVariableNode in Module multiphase for set_foo, l:-41 -> set_foo" - SINK(foo) #$ runtimeFlow="ModuleVariableNode in Module multiphase for SINK, l:-42 -> SINK" runtimeFlow="ModuleVariableNode in Module multiphase for foo, l:-42 -> foo" + SINK(foo) # $ runtimeFlow="ModuleVariableNode in Module multiphase for SINK, l:-39 -> SINK" runtimeFlow="ModuleVariableNode in Module multiphase for foo, l:-39 -> foo" + foo = NONSOURCE # $ runtimeFlow="ModuleVariableNode in Module multiphase for NONSOURCE, l:-40 -> NONSOURCE" + set_foo() # $ runtimeFlow="ModuleVariableNode in Module multiphase for set_foo, l:-41 -> set_foo" + SINK(foo) # $ runtimeFlow="ModuleVariableNode in Module multiphase for SINK, l:-42 -> SINK" runtimeFlow="ModuleVariableNode in Module multiphase for foo, l:-42 -> foo" diff --git a/python/ql/test/library-tests/dataflow/typetracking/attribute_tests.py b/python/ql/test/library-tests/dataflow/typetracking/attribute_tests.py index f79597b65e5..c49cdf77fcd 100644 --- a/python/ql/test/library-tests/dataflow/typetracking/attribute_tests.py +++ b/python/ql/test/library-tests/dataflow/typetracking/attribute_tests.py @@ -107,7 +107,7 @@ def getattr_indirect_read(): attr = "foo" x = SomeClass() # $ tracked=foo x.foo = tracked # $ tracked tracked=foo - y = getattr(x, attr) #$tracked tracked=foo + y = getattr(x, attr) # $ tracked tracked=foo do_stuff(y) # $ tracked # Via `__dict__` -- not currently implemented. diff --git a/python/ql/test/library-tests/dataflow/variable-capture/by_value.py b/python/ql/test/library-tests/dataflow/variable-capture/by_value.py index 01b2ed83a46..4aeeca92852 100644 --- a/python/ql/test/library-tests/dataflow/variable-capture/by_value.py +++ b/python/ql/test/library-tests/dataflow/variable-capture/by_value.py @@ -33,7 +33,7 @@ def SINK_F(x): def by_value1(): a = SOURCE def inner(a_val=a): - SINK(a_val) #$ captured + SINK(a_val) # $ captured SINK_F(a) a = NONSOURCE inner() @@ -41,7 +41,7 @@ def by_value1(): def by_value2(): a = NONSOURCE def inner(a_val=a): - SINK(a) #$ captured + SINK(a) # $ captured SINK_F(a_val) a = SOURCE inner() diff --git a/python/ql/test/library-tests/dataflow/variable-capture/dict.py b/python/ql/test/library-tests/dataflow/variable-capture/dict.py index 8a8165d6674..978a9722c0c 100644 --- a/python/ql/test/library-tests/dataflow/variable-capture/dict.py +++ b/python/ql/test/library-tests/dataflow/variable-capture/dict.py @@ -37,7 +37,7 @@ def out(): def captureOut1(): sinkO1["x"] = SOURCE captureOut1() - SINK(sinkO1["x"]) #$ captured + SINK(sinkO1["x"]) # $ captured sinkO2 = { "x": "" } def captureOut2(): @@ -45,7 +45,7 @@ def out(): sinkO2["x"] = SOURCE m() captureOut2() - SINK(sinkO2["x"]) #$ captured + SINK(sinkO2["x"]) # $ captured nonSink0 = { "x": "" } def captureOut1NotCalled(): @@ -67,7 +67,7 @@ def through(tainted): def captureOut1(): sinkO1["x"] = tainted captureOut1() - SINK(sinkO1["x"]) #$ captured + SINK(sinkO1["x"]) # $ captured sinkO2 = { "x": "" } def captureOut2(): @@ -75,7 +75,7 @@ def through(tainted): sinkO2["x"] = tainted m() captureOut2() - SINK(sinkO2["x"]) #$ captured + SINK(sinkO2["x"]) # $ captured nonSink1 = { "x": "" } def captureOut1NotCalled(): diff --git a/python/ql/test/library-tests/dataflow/variable-capture/global.py b/python/ql/test/library-tests/dataflow/variable-capture/global.py index 92d273592b8..c4833ac1f85 100644 --- a/python/ql/test/library-tests/dataflow/variable-capture/global.py +++ b/python/ql/test/library-tests/dataflow/variable-capture/global.py @@ -42,7 +42,7 @@ def out(): global sinkO1 sinkO1 = SOURCE captureOut1() - SINK(sinkO1) #$ captured + SINK(sinkO1) # $ captured def captureOut2(): def m(): @@ -50,12 +50,12 @@ def out(): sinkO2 = SOURCE m() captureOut2() - SINK(sinkO2) #$ captured + SINK(sinkO2) # $ captured def captureOut1NotCalled(): global nonSink1 nonSink1 = SOURCE - SINK_F(nonSink1) #$ SPURIOUS: captured + SINK_F(nonSink1) # $ SPURIOUS: captured def captureOut2NotCalled(): # notice that `m` is not called @@ -63,7 +63,7 @@ def out(): global nonSink2 nonSink2 = SOURCE captureOut2NotCalled() - SINK_F(nonSink2) #$ SPURIOUS: captured + SINK_F(nonSink2) # $ SPURIOUS: captured @expects(4) def test_out(): @@ -78,7 +78,7 @@ def through(tainted): global sinkT1 sinkT1 = tainted captureOut1() - SINK(sinkT1) #$ captured + SINK(sinkT1) # $ captured def captureOut2(): def m(): @@ -86,7 +86,7 @@ def through(tainted): sinkT2 = tainted m() captureOut2() - SINK(sinkT2) #$ captured + SINK(sinkT2) # $ captured def captureOut1NotCalled(): global nonSinkT1 diff --git a/python/ql/test/library-tests/dataflow/variable-capture/in.py b/python/ql/test/library-tests/dataflow/variable-capture/in.py index 35fad035355..c4d73a3a0a2 100644 --- a/python/ql/test/library-tests/dataflow/variable-capture/in.py +++ b/python/ql/test/library-tests/dataflow/variable-capture/in.py @@ -34,17 +34,17 @@ def SINK_F(x): def inParam(tainted): def captureIn1(): sinkI1 = tainted - SINK(sinkI1) #$ captured + SINK(sinkI1) # $ captured captureIn1() def captureIn2(): def m(): sinkI2 = tainted - SINK(sinkI2) #$ captured + SINK(sinkI2) # $ captured m() captureIn2() - captureIn3 = lambda arg: SINK(tainted) #$ captured + captureIn3 = lambda arg: SINK(tainted) # $ captured captureIn3("") def captureIn1NotCalled(): @@ -68,17 +68,17 @@ def inLocal(): def captureIn1(): sinkI1 = tainted - SINK(sinkI1) #$ captured + SINK(sinkI1) # $ captured captureIn1() def captureIn2(): def m(): sinkI2 = tainted - SINK(sinkI2) #$ captured + SINK(sinkI2) # $ captured m() captureIn2() - captureIn3 = lambda arg: SINK(tainted) #$ captured + captureIn3 = lambda arg: SINK(tainted) # $ captured captureIn3("") def captureIn1NotCalled(): diff --git a/python/ql/test/library-tests/dataflow/variable-capture/nonlocal.py b/python/ql/test/library-tests/dataflow/variable-capture/nonlocal.py index 91a06aae639..f89d4960878 100644 --- a/python/ql/test/library-tests/dataflow/variable-capture/nonlocal.py +++ b/python/ql/test/library-tests/dataflow/variable-capture/nonlocal.py @@ -38,7 +38,7 @@ def out(): nonlocal sinkO1 sinkO1 = SOURCE captureOut1() - SINK(sinkO1) #$ captured + SINK(sinkO1) # $ captured sinkO2 = "" def captureOut2(): @@ -47,7 +47,7 @@ def out(): sinkO2 = SOURCE m() captureOut2() - SINK(sinkO2) #$ captured + SINK(sinkO2) # $ captured nonSink1 = "" def captureOut1NotCalled(): @@ -74,7 +74,7 @@ def through(tainted): nonlocal sinkO1 sinkO1 = tainted captureOut1() - SINK(sinkO1) #$ captured + SINK(sinkO1) # $ captured sinkO2 = "" def captureOut2(): @@ -83,7 +83,7 @@ def through(tainted): sinkO2 = tainted m() captureOut2() - SINK(sinkO2) #$ captured + SINK(sinkO2) # $ captured nonSink1 = "" def captureOut1NotCalled(): diff --git a/python/ql/test/library-tests/dataflow/variable-capture/test_collections.py b/python/ql/test/library-tests/dataflow/variable-capture/test_collections.py index 5d47f06595c..1e903ac3f3b 100644 --- a/python/ql/test/library-tests/dataflow/variable-capture/test_collections.py +++ b/python/ql/test/library-tests/dataflow/variable-capture/test_collections.py @@ -34,16 +34,16 @@ l = [NONSOURCE] SINK_F(l[0]) l_mod = [SOURCE for x in l] -SINK(l_mod[0]) #$ captured +SINK(l_mod[0]) # $ captured l_mod_lambda = [(lambda a : SOURCE)(x) for x in l] -SINK(l_mod_lambda[0]) #$ captured +SINK(l_mod_lambda[0]) # $ captured def mod(x): return SOURCE l_mod_function = [mod(x) for x in l] -SINK(l_mod_function[0]) #$ captured +SINK(l_mod_function[0]) # $ captured def mod_list(l): def mod_local(x): @@ -52,7 +52,7 @@ def mod_list(l): return [mod_local(x) for x in l] l_modded = mod_list(l) -SINK(l_modded[0]) #$ captured +SINK(l_modded[0]) # $ captured def mod_list_first(l): def mod_local(x): @@ -61,4 +61,4 @@ def mod_list_first(l): return [mod_local(l[0])] l_modded_first = mod_list_first(l) -SINK(l_modded_first[0]) #$ captured +SINK(l_modded_first[0]) # $ captured diff --git a/python/ql/test/library-tests/dataflow/variable-capture/test_fields.py b/python/ql/test/library-tests/dataflow/variable-capture/test_fields.py index 79f2c4d04f4..023300248a8 100644 --- a/python/ql/test/library-tests/dataflow/variable-capture/test_fields.py +++ b/python/ql/test/library-tests/dataflow/variable-capture/test_fields.py @@ -38,7 +38,7 @@ def test_captured_field(): foo.setFoo(NONSOURCE) def test(): - SINK(foo.getFoo()) #$ captured + SINK(foo.getFoo()) # $ captured def read(): return foo.getFoo() @@ -48,4 +48,4 @@ def test_captured_field(): foo.setFoo(SOURCE) test() - SINK(read()) #$ captured \ No newline at end of file + SINK(read()) # $ captured diff --git a/python/ql/test/library-tests/dataflow/variable-capture/test_library_calls.py b/python/ql/test/library-tests/dataflow/variable-capture/test_library_calls.py index 5db25fc8348..b7d28dd252e 100644 --- a/python/ql/test/library-tests/dataflow/variable-capture/test_library_calls.py +++ b/python/ql/test/library-tests/dataflow/variable-capture/test_library_calls.py @@ -45,4 +45,4 @@ def test_library_call(): for x in map(set, [1]): pass - SINK(captured["x"]) #$ captured + SINK(captured["x"]) # $ captured diff --git a/python/ql/test/library-tests/frameworks/django-v2-v3/testproj/settings.py b/python/ql/test/library-tests/frameworks/django-v2-v3/testproj/settings.py index c6b69c25346..648152f5a53 100644 --- a/python/ql/test/library-tests/frameworks/django-v2-v3/testproj/settings.py +++ b/python/ql/test/library-tests/frameworks/django-v2-v3/testproj/settings.py @@ -13,7 +13,7 @@ https://docs.djangoproject.com/en/3.1/ref/settings/ from pathlib import Path # Build paths inside the project like this: BASE_DIR / 'subdir'. -BASE_DIR = Path(__file__).resolve().parent.parent #$ getAPathArgument=Path(..) +BASE_DIR = Path(__file__).resolve().parent.parent # $ getAPathArgument=Path(..) # Quick-start development settings - unsuitable for production diff --git a/python/ql/test/library-tests/regex/charRangeTest.py b/python/ql/test/library-tests/regex/charRangeTest.py index 706037df7d0..338d0e7b752 100644 --- a/python/ql/test/library-tests/regex/charRangeTest.py +++ b/python/ql/test/library-tests/regex/charRangeTest.py @@ -1,46 +1,46 @@ import re -re.compile(r'[A-Z]') #$ charRange=1:2-3:4 +re.compile(r'[A-Z]') # $ charRange=1:2-3:4 try: - re.compile(r'[]-[]') #$ SPURIOUS: charRange=1:2-3:4 + re.compile(r'[]-[]') # $ SPURIOUS: charRange=1:2-3:4 raise Exception("this should not be reached") except re.error: pass -re.compile(r'[---]') #$ charRange=1:2-3:4 -re.compile(r'[\---]') #$ charRange=1:3-4:5 -re.compile(r'[--\-]') #$ charRange=1:2-3:5 -re.compile(r'[\--\-]') #$ charRange=1:3-4:6 -re.compile(r'[0-9-A-Z]') #$ charRange=1:2-3:4 charRange=5:6-7:8 -re.compile(r'[0\-9-A-Z]') #$ charRange=4:5-6:7 +re.compile(r'[---]') # $ charRange=1:2-3:4 +re.compile(r'[\---]') # $ charRange=1:3-4:5 +re.compile(r'[--\-]') # $ charRange=1:2-3:5 +re.compile(r'[\--\-]') # $ charRange=1:3-4:6 +re.compile(r'[0-9-A-Z]') # $ charRange=1:2-3:4 charRange=5:6-7:8 +re.compile(r'[0\-9-A-Z]') # $ charRange=4:5-6:7 try: - re.compile(r'[0--9-A-Z]') #$ SPURIOUS: charRange=1:2-3:4 charRange=4:5-6:7 + re.compile(r'[0--9-A-Z]') # $ SPURIOUS: charRange=1:2-3:4 charRange=4:5-6:7 raise Exception("this should not be reached") except re.error: pass -re.compile(r'[^A-Z]') #$ charRange=2:3-4:5 +re.compile(r'[^A-Z]') # $ charRange=2:3-4:5 -re.compile(r'[\0-\09]') #$ charRange=1:3-4:6 -re.compile(r'[\0-\07]') #$ charRange=1:3-4:7 +re.compile(r'[\0-\09]') # $ charRange=1:3-4:6 +re.compile(r'[\0-\07]') # $ charRange=1:3-4:7 -re.compile(r'[\0123-5]') #$ charRange=5:6-7:8 +re.compile(r'[\0123-5]') # $ charRange=5:6-7:8 #Negative lookahead -re.compile(r'(?!not-this)^[A-Z_]+$') #$ charRange=14:15-16:17 +re.compile(r'(?!not-this)^[A-Z_]+$') # $ charRange=14:15-16:17 #Negative lookbehind -re.compile(r'^[A-Z_]+$(?[\w]+)|') #$ charSet=9:13 -re.compile(r'\|\[\][123]|\{\}') #$ charSet=6:11 -re.compile(r'[^A-Z]') #$ charSet=0:6 -re.compile("[]]") #$ charSet=0:3 -re.compile("[][]") #$ charSet=0:4 -re.compile("[^][^]") #$ charSet=0:6 -re.compile("[.][.]") #$ charSet=0:3 charSet=3:6 -re.compile("[[]]") #$ charSet=0:3 -re.compile("[^]]") #$ charSet=0:4 -re.compile("[^-]") #$ charSet=0:4 +re.compile(r'\A[+-]?\d+') # $ charSet=2:6 +re.compile(r'(?P[\w]+)|') # $ charSet=9:13 +re.compile(r'\|\[\][123]|\{\}') # $ charSet=6:11 +re.compile(r'[^A-Z]') # $ charSet=0:6 +re.compile("[]]") # $ charSet=0:3 +re.compile("[][]") # $ charSet=0:4 +re.compile("[^][^]") # $ charSet=0:6 +re.compile("[.][.]") # $ charSet=0:3 charSet=3:6 +re.compile("[[]]") # $ charSet=0:3 +re.compile("[^]]") # $ charSet=0:4 +re.compile("[^-]") # $ charSet=0:4 try: - re.compile("[]-[]") #$ SPURIOUS: charSet=0:5 + re.compile("[]-[]") # $ SPURIOUS: charSet=0:5 raise Exception("this should not be reached") except re.error: pass try: - re.compile("[^]-[]") #$ SPURIOUS: charSet=0:6 + re.compile("[^]-[]") # $ SPURIOUS: charSet=0:6 raise Exception("this should not be reached") except re.error: pass -re.compile("]]][[[[]") #$ charSet=3:8 +re.compile("]]][[[[]") # $ charSet=3:8 #Half Surrogate pairs -re.compile(u'[\uD800-\uDBFF][\uDC00-\uDFFF]') #$ charSet=0:5 charSet=5:10 +re.compile(u'[\uD800-\uDBFF][\uDC00-\uDFFF]') # $ charSet=0:5 charSet=5:10 #Outside BMP -re.compile(u'[\U00010000-\U0010ffff]') #$ charSet=0:5 +re.compile(u'[\U00010000-\U0010ffff]') # $ charSet=0:5 #Misparsed -re.compile(r"\[(?P[^[]*)\]\((?P[^)]*)") #$ charSet=10:14 charSet=28:32 +re.compile(r"\[(?P[^[]*)\]\((?P[^)]*)") # $ charSet=10:14 charSet=28:32 # parses wrongly, sees this \|/ as a char set start -re.compile(r'''(?:[\s;,"'<>(){}|[\]@=+*]|:(?![/\\]))+''') #$ charSet=3:25 charSet=30:35 +re.compile(r'''(?:[\s;,"'<>(){}|[\]@=+*]|:(?![/\\]))+''') # $ charSet=3:25 charSet=30:35 diff --git a/python/ql/test/library-tests/regex/escapedCharacterTest.py b/python/ql/test/library-tests/regex/escapedCharacterTest.py index 79cac6db623..9a3fc07bbd8 100644 --- a/python/ql/test/library-tests/regex/escapedCharacterTest.py +++ b/python/ql/test/library-tests/regex/escapedCharacterTest.py @@ -1,19 +1,19 @@ import re -re.compile(r'\b') #$ escapedCharacter=0:2 -re.compile(r'''\b''') #$ escapedCharacter=0:2 -re.compile(r"\b") #$ escapedCharacter=0:2 +re.compile(r'\b') # $ escapedCharacter=0:2 +re.compile(r'''\b''') # $ escapedCharacter=0:2 +re.compile(r"\b") # $ escapedCharacter=0:2 re.compile(u"\b") # not escape re.compile("\b") # not escape -re.compile(r'\\\b') #$ escapedCharacter=0:2 escapedCharacter=2:4 -re.compile(r'[\---]') #$ escapedCharacter=1:3 -re.compile(r'[--\-]') #$ escapedCharacter=3:5 -re.compile(r'[\--\-]') #$ escapedCharacter=1:3 escapedCharacter=4:6 -re.compile(r'[0\-9-A-Z]') #$ escapedCharacter=2:4 -re.compile(r'[\0-\09]') #$ escapedCharacter=1:3 escapedCharacter=4:6 -re.compile(r'[\0-\07]') #$ escapedCharacter=1:3 escapedCharacter=4:7 -re.compile(r'[\0123-5]') #$ escapedCharacter=1:5 -re.compile(r'\1754\1854\17\18\07\08') #$ escapedCharacter=0:4 escapedCharacter=16:19 escapedCharacter=19:21 +re.compile(r'\\\b') # $ escapedCharacter=0:2 escapedCharacter=2:4 +re.compile(r'[\---]') # $ escapedCharacter=1:3 +re.compile(r'[--\-]') # $ escapedCharacter=3:5 +re.compile(r'[\--\-]') # $ escapedCharacter=1:3 escapedCharacter=4:6 +re.compile(r'[0\-9-A-Z]') # $ escapedCharacter=2:4 +re.compile(r'[\0-\09]') # $ escapedCharacter=1:3 escapedCharacter=4:6 +re.compile(r'[\0-\07]') # $ escapedCharacter=1:3 escapedCharacter=4:7 +re.compile(r'[\0123-5]') # $ escapedCharacter=1:5 +re.compile(r'\1754\1854\17\18\07\08') # $ escapedCharacter=0:4 escapedCharacter=16:19 escapedCharacter=19:21 #ODASA-3985 #Half Surrogate pairs @@ -22,10 +22,10 @@ re.compile(u'[\uD800-\uDBFF][\uDC00-\uDFFF]') # not escapes re.compile(u'[\U00010000-\U0010ffff]') # not escapes #Misparsed -re.compile(r"\[(?P[^[]*)\]\((?P[^)]*)") #$ escapedCharacter=0:2 escapedCharacter=16:18 escapedCharacter=18:20 +re.compile(r"\[(?P[^[]*)\]\((?P[^)]*)") # $ escapedCharacter=0:2 escapedCharacter=16:18 escapedCharacter=18:20 #Non-raw string -re_blank = re.compile('(\n|\r|\\s)*\n', re.M) #$ escapedCharacter=5:7 +re_blank = re.compile('(\n|\r|\\s)*\n', re.M) # $ escapedCharacter=5:7 #Backreference confusion -re.compile(r'\+0') #$ escapedCharacter=0:2 +re.compile(r'\+0') # $ escapedCharacter=0:2 diff --git a/python/ql/test/library-tests/regex/groupTest.py b/python/ql/test/library-tests/regex/groupTest.py index 2cb96801f77..bd1f16d2d95 100644 --- a/python/ql/test/library-tests/regex/groupTest.py +++ b/python/ql/test/library-tests/regex/groupTest.py @@ -1,4 +1,4 @@ import re -re.compile(r'(?P\w+) (?P\w+)') #$ group=0:14 group=15:30 -re.compile(r'([)(])') #$ group=0:6 +re.compile(r'(?P\w+) (?P\w+)') # $ group=0:14 group=15:30 +re.compile(r'([)(])') # $ group=0:6 diff --git a/python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/test.py b/python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/test.py index ca7bb71d760..b047f4ddc64 100644 --- a/python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/test.py +++ b/python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/test.py @@ -1,31 +1,31 @@ # Not OK def simple(l = [0]): - l[0] = 1 #$ modification=l + l[0] = 1 # $ modification=l return l # Not OK def slice(l = [0]): - l[0:1] = 1 #$ modification=l + l[0:1] = 1 # $ modification=l return l # Not OK def list_del(l = [0]): - del l[0] #$ modification=l + del l[0] # $ modification=l return l # Not OK def append_op(l = []): - l += [1, 2, 3] #$ modification=l + l += [1, 2, 3] # $ modification=l return l # Not OK def repeat_op(l = [0]): - l *= 3 #$ modification=l + l *= 3 # $ modification=l return l # Not OK def append(l = []): - l.append(1) #$ modification=l + l.append(1) # $ modification=l return l # OK @@ -36,7 +36,7 @@ def includes(l = []): return x def extends(l): - l.extend([1]) #$ modification=l + l.extend([1]) # $ modification=l return l # Not OK @@ -46,26 +46,26 @@ def deferred(l = []): # Not OK def nonempty(l = [5]): - l.append(1) #$ modification=l + l.append(1) # $ modification=l return l # Not OK def dict(d = {}): - d['a'] = 1 #$ modification=d + d['a'] = 1 # $ modification=d return d # Not OK def dict_nonempty(d = {'a': 1}): - d['a'] = 2 #$ modification=d + d['a'] = 2 # $ modification=d return d # OK def dict_nonempty_nochange(d = {'a': 1}): - d['a'] = 1 #$ SPURIOUS: modification=d + d['a'] = 1 # $ SPURIOUS: modification=d return d def modifies(d): - d['a'] = 1 #$ modification=d + d['a'] = 1 # $ modification=d return d # Not OK @@ -75,21 +75,21 @@ def dict_deferred(d = {}): # Not OK def dict_method(d = {}): - d.update({'a': 1}) #$ modification=d + d.update({'a': 1}) # $ modification=d return d # Not OK def dict_method_nonempty(d = {'a': 1}): - d.update({'a': 2}) #$ modification=d + d.update({'a': 2}) # $ modification=d return d # OK def dict_method_nonempty_nochange(d = {'a': 1}): - d.update({'a': 1}) #$ SPURIOUS:modification=d + d.update({'a': 1}) # $ SPURIOUS:modification=d return d def modifies_method(d): - d.update({'a': 1}) #$ modification=d + d.update({'a': 1}) # $ modification=d return d # Not OK @@ -106,55 +106,55 @@ def dict_includes(d = {}): # Not OK def dict_del(d = {'a': 1}): - del d['a'] #$ modification=d + del d['a'] # $ modification=d return d # Not OK def dict_update_op(d = {}): x = {'a': 1} - d |= x #$ modification=d + d |= x # $ modification=d return d # OK def dict_update_op_nochange(d = {}): x = {} - d |= x #$ SPURIOUS: modification=d + d |= x # $ SPURIOUS: modification=d return d def sanitizer(l = []): if l: l.append(1) else: - l.append(1) #$ modification=l + l.append(1) # $ modification=l return l def sanitizer_negated(l = [1]): if not l: l.append(1) else: - l.append(1) #$ modification=l + l.append(1) # $ modification=l return l def sanitizer(l = []): if not l: - l.append(1) #$ modification=l + l.append(1) # $ modification=l else: l.append(1) return l def sanitizer_negated(l = [1]): if l: - l.append(1) #$ modification=l + l.append(1) # $ modification=l else: l.append(1) return l # indirect modification of parameter with default def aug_assign_argument(x): - x += ['x'] #$ modification=x + x += ['x'] # $ modification=x def mutate_argument(x): - x.append('x') #$ modification=x + x.append('x') # $ modification=x def indirect_modification(y = []): aug_assign_argument(y) @@ -182,9 +182,9 @@ def do_stuff_based_on_type(x): if isinstance(x, str): x = x.split() elif isinstance(x, dict): - x.setdefault('foo', 'bar') #$ modification=x + x.setdefault('foo', 'bar') # $ modification=x elif isinstance(x, list): - x.append(5) #$ modification=x + x.append(5) # $ modification=x elif isinstance(x, tuple): x = x.unknown_method() diff --git a/python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/Exceptions.py b/python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/Exceptions.py index f2aa049fc1d..4da2e96009d 100644 --- a/python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/Exceptions.py +++ b/python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/Exceptions.py @@ -1,10 +1,10 @@ try: 1+2 -except Exception as e: #$ exceptionInfo +except Exception as e: # $ exceptionInfo e def test_exception(): try: 1+2 - except Exception as e: #$ exceptionInfo + except Exception as e: # $ exceptionInfo e diff --git a/python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/Stacktrace.py b/python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/Stacktrace.py index 118fe54c9f2..f3092e68aa1 100644 --- a/python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/Stacktrace.py +++ b/python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/Stacktrace.py @@ -3,13 +3,13 @@ import sys, traceback try: 1/0 except: - exc_type, exc_value, exc_traceback = sys.exc_info() #$ exceptionInfo + exc_type, exc_value, exc_traceback = sys.exc_info() # $ exceptionInfo - tb = traceback.extract_tb(exc_traceback) #$ exceptionInfo - stack = traceback.extract_stack() #$ exceptionInfo - print(traceback.format_exc(1, tb)) #$ exceptionInfo - print(traceback.format_exception(exc_type, exc_value, exc_traceback)) #$ exceptionInfo - print(traceback.format_exception_only(None, exc_value)) #$ exceptionInfo - print(traceback.format_list(stack)) #$ exceptionInfo - print(traceback.format_stack()) #$ exceptionInfo - print(traceback.format_tb(exc_traceback)) #$ exceptionInfo + tb = traceback.extract_tb(exc_traceback) # $ exceptionInfo + stack = traceback.extract_stack() # $ exceptionInfo + print(traceback.format_exc(1, tb)) # $ exceptionInfo + print(traceback.format_exception(exc_type, exc_value, exc_traceback)) # $ exceptionInfo + print(traceback.format_exception_only(None, exc_value)) # $ exceptionInfo + print(traceback.format_list(stack)) # $ exceptionInfo + print(traceback.format_stack()) # $ exceptionInfo + print(traceback.format_tb(exc_traceback)) # $ exceptionInfo diff --git a/python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/test.py b/python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/test.py index 3bcafbaf5dc..96bfba9cf57 100644 --- a/python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/test.py +++ b/python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/test.py @@ -13,14 +13,14 @@ def server_bad(): try: do_computation() except Exception: - return traceback.format_exc() #$ exceptionInfo + return traceback.format_exc() # $ exceptionInfo # BAD @app.route('/bad/direct') def server_bad_direct(): try: do_computation() - except Exception as e: #$ exceptionInfo + except Exception as e: # $ exceptionInfo return e # BAD @@ -28,7 +28,7 @@ def server_bad_direct(): def server_bad_traceback(): try: do_computation() - except Exception as e: #$ exceptionInfo + except Exception as e: # $ exceptionInfo return e.__traceback__ # GOOD @@ -37,7 +37,7 @@ def server_good(): try: do_computation() except Exception: - log(traceback.format_exc()) #$ exceptionInfo + log(traceback.format_exc()) # $ exceptionInfo return "An internal error has occurred!" #BAD @@ -46,7 +46,7 @@ def server_bad_flow(): try: do_computation() except Exception: - err = traceback.format_exc() #$ exceptionInfo + err = traceback.format_exc() # $ exceptionInfo return format_error(err) def format_error(msg): diff --git a/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/flask_mongoengine_bad.py b/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/flask_mongoengine_bad.py index 76ac28edf79..098611adce4 100644 --- a/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/flask_mongoengine_bad.py +++ b/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/flask_mongoengine_bad.py @@ -19,7 +19,7 @@ def subclass_objects(): unsafe_search = request.args['search'] json_search = json.loads(unsafe_search) - return Movie.objects(__raw__=json_search) #$ result=BAD + return Movie.objects(__raw__=json_search) # $ result=BAD @app.route("/get_db_find") def get_db_find(): @@ -27,7 +27,7 @@ def get_db_find(): json_search = json.loads(unsafe_search) retrieved_db = db.get_db() - return retrieved_db["Movie"].find({'name': json_search}) #$ result=BAD + return retrieved_db["Movie"].find({'name': json_search}) # $ result=BAD # if __name__ == "__main__": # app.run(debug=True) diff --git a/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/flask_mongoengine_good.py b/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/flask_mongoengine_good.py index 1ce065569f2..3cb08a4db7a 100644 --- a/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/flask_mongoengine_good.py +++ b/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/flask_mongoengine_good.py @@ -21,7 +21,7 @@ def subclass_objects(): json_search = json.loads(unsafe_search) safe_search = sanitize(json_search) - return Movie.objects(__raw__=safe_search) #$ result=OK + return Movie.objects(__raw__=safe_search) # $ result=OK # if __name__ == "__main__": # app.run(debug=True) diff --git a/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/flask_pymongo_bad.py b/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/flask_pymongo_bad.py index 735fbff9b34..e9799c055dd 100644 --- a/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/flask_pymongo_bad.py +++ b/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/flask_pymongo_bad.py @@ -11,7 +11,7 @@ def home_page(): unsafe_search = request.args['search'] json_search = json.loads(unsafe_search) - return mongo.db.user.find({'name': json_search}) #$ result=BAD + return mongo.db.user.find({'name': json_search}) # $ result=BAD # if __name__ == "__main__": # app.run(debug=True) diff --git a/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/flask_pymongo_good.py b/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/flask_pymongo_good.py index f2458f91b89..790455da064 100644 --- a/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/flask_pymongo_good.py +++ b/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/flask_pymongo_good.py @@ -13,7 +13,7 @@ def home_page(): json_search = json.loads(unsafe_search) safe_search = sanitize(json_search) - return mongo.db.user.find({'name': safe_search}) #$ result=OK + return mongo.db.user.find({'name': safe_search}) # $ result=OK # if __name__ == "__main__": # app.run(debug=True) diff --git a/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/mongoengine_bad.py b/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/mongoengine_bad.py index 8dcedda62a2..7ad4323bba9 100644 --- a/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/mongoengine_bad.py +++ b/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/mongoengine_bad.py @@ -19,7 +19,7 @@ def connect_find(): json_search = json.loads(unsafe_search) db = me.connect('mydb') - return db.movie.find({'name': json_search}) #$ result=BAD + return db.movie.find({'name': json_search}) # $ result=BAD @app.route("/connection_connect_find") def connection_connect_find(): @@ -27,7 +27,7 @@ def connection_connect_find(): json_search = json.loads(unsafe_search) db = connect('mydb') - return db.movie.find({'name': json_search}) #$ result=BAD + return db.movie.find({'name': json_search}) # $ result=BAD @app.route("/get_db_find") def get_db_find(): @@ -35,7 +35,7 @@ def get_db_find(): json_search = json.loads(unsafe_search) db = me.get_db() - return db.movie.find({'name': json_search}) #$ result=BAD + return db.movie.find({'name': json_search}) # $ result=BAD @app.route("/connection_get_db_find") def connection_get_db_find(): @@ -43,14 +43,14 @@ def connection_get_db_find(): json_search = json.loads(unsafe_search) db = get_db() - return db.movie.find({'name': json_search}) #$ result=BAD + return db.movie.find({'name': json_search}) # $ result=BAD @app.route("/subclass_objects") def subclass_objects(): unsafe_search = request.args['search'] json_search = json.loads(unsafe_search) - return Movie.objects(__raw__=json_search) #$ result=BAD + return Movie.objects(__raw__=json_search) # $ result=BAD @app.route("/subscript_find") def subscript_find(): @@ -58,7 +58,7 @@ def subscript_find(): json_search = json.loads(unsafe_search) db = me.connect('mydb') - return db['movie'].find({'name': json_search}) #$ result=BAD + return db['movie'].find({'name': json_search}) # $ result=BAD # if __name__ == "__main__": # app.run(debug=True) diff --git a/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/mongoengine_good.py b/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/mongoengine_good.py index e8ac68cccba..a813a9f3c70 100644 --- a/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/mongoengine_good.py +++ b/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/mongoengine_good.py @@ -20,8 +20,8 @@ def connect_find(): json_search = json.loads(unsafe_search) safe_search = sanitize(json_search) - db = me.connect('mydb') - return db.movie.find({'name': safe_search}) #$ result=OK + db = me.connect('mydb') + return db.movie.find({'name': safe_search}) # $ result=OK # if __name__ == "__main__": # app.run(debug=True) diff --git a/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/pymongo_test.py b/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/pymongo_test.py index 69377260715..1ba7558d287 100644 --- a/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/pymongo_test.py +++ b/python/ql/test/query-tests/Security/CWE-943-NoSqlInjection/pymongo_test.py @@ -12,7 +12,7 @@ def bad(): unsafe_search = request.args['search'] json_search = json.loads(unsafe_search) - return client.db.collection.find_one({'data': json_search}) #$ result=BAD + return client.db.collection.find_one({'data': json_search}) # $ result=BAD @app.route("/good") @@ -21,7 +21,7 @@ def good(): json_search = json.loads(unsafe_search) safe_search = sanitize(json_search) - return client.db.collection.find_one({'data': safe_search}) #$ result=OK + return client.db.collection.find_one({'data': safe_search}) # $ result=OK @app.route("/bad2") @@ -30,7 +30,7 @@ def bad2(): client = MongoClient("localhost", 27017, maxPoolSize=50) db = client.localhost collection = db['collection'] - cursor = collection.find_one({"$where": f"this._id == '${event_id}'"}) #$ result=BAD + cursor = collection.find_one({"$where": f"this._id == '${event_id}'"}) # $ result=BAD @app.route("/bad3") @@ -40,7 +40,7 @@ def bad3(): client = MongoClient("localhost", 27017, maxPoolSize=50) db = client.get_database(name="localhost") collection = db.get_collection("collection") - cursor = collection.find_one({"$where": f"this._id == '${event_id}'"}) #$ result=BAD + cursor = collection.find_one({"$where": f"this._id == '${event_id}'"}) # $ result=BAD @app.route("/bad4")