Python: Improve sanitizer/guards tests

Based on review conversation
2026-05-05 21:55:19 +02:00 · 2022-02-18 14:12:41 +01:00
parent 7aa559f4aa
commit 9d81fd3b95
3 changed files with 45 additions and 11 deletions
--- a/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/InlineTaintTest.expected
+++ b/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/InlineTaintTest.expected
@@ -3,18 +3,21 @@ untaintedArgumentToEnsureTaintedNotMarkedAsMissing
 failures
 isSanitizer
 | TestTaintTrackingConfiguration | test.py:21:39:21:39 | ControlFlowNode for s |
-| TestTaintTrackingConfiguration | test.py:53:10:53:29 | ControlFlowNode for emulated_escaping() |
+| TestTaintTrackingConfiguration | test.py:34:39:34:39 | ControlFlowNode for s |
+| TestTaintTrackingConfiguration | test.py:66:10:66:29 | ControlFlowNode for emulated_escaping() |
 isSanitizerGuard
-| TestTaintTrackingConfiguration | test.py:38:8:38:26 | ControlFlowNode for emulated_is_safe() |
+| TestTaintTrackingConfiguration | test.py:51:8:51:26 | ControlFlowNode for emulated_is_safe() |
 | TestTaintTrackingConfiguration | test_logical.py:29:8:29:17 | ControlFlowNode for is_safe() |
 | TestTaintTrackingConfiguration | test_logical.py:44:8:44:17 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:52:12:52:21 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:72:8:72:17 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:80:12:80:21 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:104:8:104:17 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:127:12:127:21 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:132:16:132:25 | ControlFlowNode for is_safe() |
-| TestTaintTrackingConfiguration | test_logical.py:137:20:137:29 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:49:8:49:17 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:59:8:59:17 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:67:12:67:21 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:87:8:87:17 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:95:12:95:21 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:119:8:119:17 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:142:12:142:21 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:147:16:147:25 | ControlFlowNode for is_safe() |
+| TestTaintTrackingConfiguration | test_logical.py:152:20:152:29 | ControlFlowNode for is_safe() |
 | TestTaintTrackingConfiguration | test_reference.py:30:8:30:17 | ControlFlowNode for is_safe() |
 | TestTaintTrackingConfiguration | test_reference.py:40:8:40:25 | ControlFlowNode for is_safe() |
 | TestTaintTrackingConfiguration | test_reference.py:55:8:55:21 | ControlFlowNode for is_safe() |
--- a/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/test.py
+++ b/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/test.py
@@ -14,7 +14,7 @@ def emulated_authentication_check(arg):
        raise Exception("user unauthenticated")


-def test_custom_sanitizer_exception():
+def test_custom_sanitizer_exception_raise():
    s = TAINTED_STRING

    try:
@@ -27,6 +27,19 @@ def test_custom_sanitizer_exception():
    ensure_not_tainted(s)


+def test_custom_sanitizer_exception_pass():
+    s = TAINTED_STRING
+
+    try:
+        emulated_authentication_check(s)
+        ensure_not_tainted(s)
+    except:
+        ensure_tainted(s) # $ tainted
+        pass
+
+    ensure_tainted(s) # $ tainted
+
+
 def emulated_is_safe(arg):
    # emulating something we won't be able to look at source code for
    return eval("False")
@@ -52,12 +65,14 @@ def test_escape():

    s2 = emulated_escaping(s)
    ensure_not_tainted(s2)
+    ensure_tainted(s) # $ tainted


 # Make tests runable

+test_custom_sanitizer_exception_pass()
 try:
-    test_custom_sanitizer_exception()
+    test_custom_sanitizer_exception_raise()
 except Exception:
    pass
 test_custom_sanitizer_guard()
--- a/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/test_logical.py
+++ b/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/test_logical.py
@@ -37,6 +37,21 @@ def test_basic():
        ensure_not_tainted(s) # $ SPURIOUS: tainted


+def test_if_in_depth():
+    s = TAINTED_STRING
+
+    # ensure that value is still considered tainted after guard check
+    if is_safe(s):
+        ensure_not_tainted(s)
+    ensure_tainted(s) # $ tainted
+
+    # ensure new tainted assignment to variable is not treated as safe by guard
+    if is_safe(s):
+        ensure_not_tainted(s)
+        s = TAINTED_STRING
+        ensure_tainted(s) # $ tainted
+
+
 def test_or():
    s = TAINTED_STRING

@@ -160,6 +175,7 @@ def test_with_exception():
 # Make tests runable

 test_basic()
+test_if_in_depth()
 test_or()
 test_and()
 test_tricky()