Python: Adjust tag format

python/ql/test/experimental/library-tests/frameworks/dill/Decoding.py

@@ -1,4 +1,4 @@
 import dill
 
-dill.loads(payload)  # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute() $UNSAFE_getFormat=dill
-dill.loads(payload, encoding='latin1')  # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute() $UNSAFE_getFormat=dill
+dill.loads(payload)  # $decodeInput=payload $decodeOutput=Attribute() $decodeFormat=dill $decodeUnsafe=
+dill.loads(payload, encoding='latin1')  # $decodeInput=payload $decodeOutput=Attribute() $decodeFormat=dill $decodeUnsafe=

python/ql/test/experimental/library-tests/frameworks/stdlib/Decoding.py

@@ -10,6 +10,6 @@ app = Flask(__name__)
 @app.route("/")
 def hello():
     payload = request.args.get("payload")
-    pickle.loads(payload)  # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute() $UNSAFE_getFormat=pickle
-    pickle.loads(payload, encoding='latin1')  # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute() $UNSAFE_getFormat=pickle
-    marshal.loads(payload)  # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute() $UNSAFE_getFormat=marshal
+    pickle.loads(payload)  # $decodeInput=payload $decodeOutput=Attribute() $decodeFormat=pickle $decodeUnsafe=
+    pickle.loads(payload, encoding='latin1')  # $decodeInput=payload $decodeOutput=Attribute() $decodeFormat=pickle $decodeUnsafe=
+    marshal.loads(payload)  # $decodeInput=payload $decodeOutput=Attribute() $decodeFormat=pickle $decodeUnsafe=

python/ql/test/experimental/library-tests/frameworks/yaml/Decoding.py

@@ -10,5 +10,5 @@ app = Flask(__name__)
 @app.route("/")
 def hello():
     payload = request.args.get("payload")
-    yaml.load(payload)  # $UNSAFE_getAnInput=payload $UNSAFE_getOutput=Attribute() $UNSAFE_getFormat=YAML
-    yaml.load(payload, Loader=SafeLoader)  # $getAnInput=payload $getOutput=Attribute() $getFormat=YAML
+    yaml.load(payload)  # $decodeInput=payload $decodeOutput=Attribute() $decodeFormat=YAML $decodeUnsafe=
+    yaml.load(payload, Loader=SafeLoader)  # $decodeInput=payload $decodeOutput=Attribute() $decodeFormat=YAML

python/ql/test/experimental/meta/ConceptsTest.qll

@@ -36,16 +36,13 @@ class SystemCommandExecutionTest extends InlineExpectationsTest {
 class DecodingTest extends InlineExpectationsTest {
   DecodingTest() { this = "DecodingTest" }
 
-  override string getARelevantTag() { result in ["getAnInput", "getOutput", "getFormat"] }
+  override string getARelevantTag() {
+    result in ["decodeInput", "decodeOutput", "decodeFormat", "decodeUnsafe"]
+  }
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     exists(location.getFile().getRelativePath()) and
-    exists(Decoding d, string unsafe |
-      (
-        d.unsafe() and unsafe = "UNSAFE_"
-        or
-        not d.unsafe() and unsafe = ""
-      ) and
+    exists(Decoding d |
       (
         exists(DataFlow::Node data |
           location = data.getLocation() and
@@ -53,10 +50,10 @@ class DecodingTest extends InlineExpectationsTest {
           value = value_from_expr(data.asExpr()) and
           (
             data = d.getAnInput() and
-            tag = unsafe + "getAnInput"
+            tag = "decodeInput"
             or
             data = d.getOutput() and
-            tag = unsafe + "getOutput"
+            tag = "decodeOutput"
           )
         )
         or
@@ -65,8 +62,14 @@ class DecodingTest extends InlineExpectationsTest {
           element = format and
           value = format and
           format = d.getFormat() and
-          tag = unsafe + "getFormat"
+          tag = "decodeFormat"
         )
+        or
+        d.unsafe() and
+        location = d.getLocation() and
+        element = d.toString() and
+        value = "" and
+        tag = "decodeUnsafe"
       )
     )
   }