hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Add more examples of what is ok with new taint tests

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2021-04-19 14:56:20 +02:00
parent 3e7dc12246
commit b2cb284ff2
2 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
python/ql/test/experimental/meta/inline-taint-test-demo/InlineTaintTest.expected
View File

@@ -1,5 +1,7 @@
argumentToEnsureNotTaintedNotMarkedAsSpurious
| ERROR, you should add `SPURIOUS:` to this annotation | taint_test.py:36:9:36:29 | taint_test.py:36 | should_not_be_tainted |
| ERROR, you should add `SPURIOUS:` to this annotation | taint_test.py:48:9:48:29 | taint_test.py:48 | should_not_be_tainted |
untaintedArgumentToEnsureTaintedNotMarkedAsMissing
| ERROR, you should add `# $ MISSING: tainted` annotation | taint_test.py:28:9:28:25 | taint_test.py:28 |
| ERROR, you should add `# $ MISSING: tainted` annotation | taint_test.py:32:9:32:25 | taint_test.py:32 |
| ERROR, you should add `# $ MISSING: tainted` annotation | taint_test.py:37:24:37:40 | taint_test.py:37 |
failures
| taint_test.py:41:20:41:21 | ts | Fixed missing result:tainted= |

12
python/ql/test/experimental/meta/inline-taint-test-demo/taint_test.py
View File

@@ -9,6 +9,10 @@ def expected_usage():
should_be_tainted, # $ MISSING: tainted
)
# having one annotation for multiple arguments is OK, as long as all arguments
# fulfil the same annotation
ensure_tainted(ts, ts) # $ tainted
# simulating handling something we _want_ to treat at untainted, but we currently treat as tainted
should_not_be_tainted = "pretend this is now safe" + ts
ensure_not_tainted(
@@ -28,6 +32,14 @@ def bad_usage():
should_be_tainted,
)
# using one annotation for multiple arguments i not OK when it's mixed whether our
# taint-tracking works as expected
ensure_tainted(ts, should_be_tainted) # $ tainted
# if you try to get around it by adding BOTH annotations, that results in a problem
# from the default set of inline-test-expectation rules
ensure_tainted(ts, should_be_tainted) # $ tainted MISSING: tainted
# simulating handling something we _want_ to treat at untainted, but we currently treat as tainted
should_not_be_tainted = "pretend this is now safe" + ts