Python: Add missing global flow test

python/ql/test/experimental/dataflow/tainttracking/taintlib.py

@@ -3,6 +3,8 @@ TAINTED_BYTES = b"TAINTED_BYTES"
 TAINTED_LIST = ["tainted-{}".format(i) for i in range(5)]
 TAINTED_DICT = {"name": TAINTED_STRING, "some key": "foo"}
 
+NOT_TAINTED = "NOT_TAINTED"
+
 def ensure_tainted(*args):
     print("- ensure_tainted")
     for i, arg in enumerate(args):

python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/test.py

@@ -0,0 +1,32 @@
+import sys; import os; sys.path.append(os.path.dirname(os.path.dirname((__file__))))
+from taintlib import *
+
+# Various instances where flow is undesirable
+
+tainted = NOT_TAINTED
+ensure_not_tainted(tainted)
+
+def write_global():
+    global tainted
+    tainted = TAINTED_STRING
+
+tainted2 = TAINTED_STRING
+len(tainted2)
+tainted2 = NOT_TAINTED
+ensure_not_tainted(tainted2)
+
+def use_of_tainted2():
+    global tainted2
+    tainted2 = NOT_TAINTED
+
+# Flow via global assigment
+
+def write_tainted():
+    global g
+    g = TAINTED_STRING
+
+def sink_global():
+    ensure_tainted(g)
+
+write_tainted()
+sink_global()

python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/testTaint.expected

@@ -0,0 +1,3 @@
+| test.py:7 | ok   | test | tainted |
+| test.py:16 | ok   | test | tainted2 |
+| test.py:29 | ok   | sink_global | g |

python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/testTaint.ql

@@ -0,0 +1 @@
+import experimental.dataflow.tainttracking.TestTaintLib