Python: Move json tests to be part of stdlib

This is better, since the modeling is also part of Stdlib.qll
2026-04-30 11:15:13 +02:00 · 2021-05-11 15:19:06 +02:00
parent 51a25e45fe
commit 9dbb364cca
2 changed files with 40 additions and 53 deletions
--- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_json.py
+++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_json.py
@@ -1,53 +0,0 @@
-# Add taintlib to PATH so it can be imported during runtime without any hassle
-import sys; import os; sys.path.append(os.path.dirname(os.path.dirname((__file__))))
-from taintlib import *
-
-# This has no runtime impact, but allows autocomplete to work
-from typing import TYPE_CHECKING
-if TYPE_CHECKING:
-    from ..taintlib import *
-
-
-# Actual tests
-
-from io import StringIO
-import json
-
-def test():
-    print("\n# test")
-    ts = TAINTED_STRING
-
-    encoded = json.dumps(ts)
-
-    ensure_tainted(
-        encoded, # $ tainted
-        json.dumps(ts), # $ tainted
-        json.dumps(obj=ts), # $ tainted
-        json.loads(encoded), # $ tainted
-        json.loads(s=encoded), # $ tainted
-    )
-
-    # load/dump with file-like
-    tainted_filelike = StringIO()
-    json.dump(ts, tainted_filelike)
-
-    tainted_filelike.seek(0)
-    ensure_tainted(
-        tainted_filelike, # $ tainted
-        json.load(tainted_filelike), # $ tainted
-    )
-
-    # load/dump with file-like using keyword-args
-    tainted_filelike = StringIO()
-    json.dump(obj=ts, fp=tainted_filelike)
-
-    tainted_filelike.seek(0)
-    ensure_tainted(
-        tainted_filelike, # $ tainted
-        json.load(fp=tainted_filelike), # $ tainted
-    )
-
-
-# Make tests runable
-
-test()
--- a/python/ql/test/library-tests/frameworks/stdlib/test_json.py
+++ b/python/ql/test/library-tests/frameworks/stdlib/test_json.py
@@ -0,0 +1,40 @@
+from io import StringIO
+import json
+
+def test():
+    print("\n# test")
+    ts = TAINTED_STRING
+
+    encoded = json.dumps(ts) # $ encodeOutput=json.dumps(..) encodeFormat=JSON encodeInput=ts
+
+    ensure_tainted(
+        encoded, # $ tainted
+        json.dumps(ts), # $ tainted encodeOutput=json.dumps(..) encodeFormat=JSON encodeInput=ts
+        json.dumps(obj=ts), # $ tainted encodeOutput=json.dumps(..) encodeFormat=JSON encodeInput=ts
+        json.loads(encoded), # $ tainted decodeOutput=json.loads(..) decodeFormat=JSON decodeInput=encoded
+        json.loads(s=encoded), # $ tainted decodeOutput=json.loads(..) decodeFormat=JSON decodeInput=encoded
+    )
+
+    # load/dump with file-like
+    tainted_filelike = StringIO()
+    json.dump(ts, tainted_filelike) # $ encodeFormat=JSON encodeInput=ts
+
+    tainted_filelike.seek(0)
+    ensure_tainted(
+        tainted_filelike, # $ tainted
+        json.load(tainted_filelike), # $ tainted decodeOutput=json.load(..) decodeFormat=JSON decodeInput=tainted_filelike
+    )
+
+    # load/dump with file-like using keyword-args
+    tainted_filelike = StringIO()
+    json.dump(obj=ts, fp=tainted_filelike) # $ encodeFormat=JSON encodeInput=ts
+
+    tainted_filelike.seek(0)
+    ensure_tainted(
+        tainted_filelike, # $ tainted
+        json.load(fp=tainted_filelike), # $ tainted decodeOutput=json.load(..) decodeFormat=JSON decodeInput=tainted_filelike
+    )
+
+
+# Make tests runable
+test()