Python: Add a few more collection taint tests

2026-04-30 11:15:13 +02:00 · 2020-08-26 19:16:20 +02:00
parent 32f9d30136
commit b6049765a8
2 changed files with 39 additions and 22 deletions
--- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/TestTaint.expected
+++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/TestTaint.expected
@@ -14,27 +14,35 @@
 | collections.py:48 | ok   | test_access | tainted_list[0] |
 | collections.py:49 | ok   | test_access | tainted_list[x] |
 | collections.py:50 | ok   | test_access | tainted_list[Slice] |
-| collections.py:54 | fail | test_access | a |
-| collections.py:54 | fail | test_access | b |
-| collections.py:54 | fail | test_access | c |
-| collections.py:57 | fail | test_access | h |
-| collections.py:59 | fail | test_access | i |
-| collections.py:66 | ok   | test_dict_access | tainted_dict["name"] |
-| collections.py:67 | ok   | test_dict_access | tainted_dict[x] |
-| collections.py:68 | fail | test_dict_access | tainted_dict.copy() |
-| collections.py:72 | fail | test_dict_access | v |
-| collections.py:74 | fail | test_dict_access | v |
-| collections.py:82 | fail | test_named_tuple | point[0] |
-| collections.py:83 | fail | test_named_tuple | point.x |
-| collections.py:87 | ok   | test_named_tuple | point[1] |
-| collections.py:88 | ok   | test_named_tuple | point.y |
-| collections.py:92 | fail | test_named_tuple | a |
-| collections.py:93 | ok   | test_named_tuple | b |
-| collections.py:101 | fail | test_defaultdict | tainted_default_dict["name"] |
-| collections.py:102 | fail | test_defaultdict | tainted_default_dict[x] |
-| collections.py:103 | fail | test_defaultdict | tainted_default_dict.copy() |
-| collections.py:106 | fail | test_defaultdict | v |
-| collections.py:108 | fail | test_defaultdict | v |
+| collections.py:52 | fail | test_access | sorted(..) |
+| collections.py:53 | fail | test_access | reversed(..) |
+| collections.py:54 | fail | test_access | iter(..) |
+| collections.py:55 | fail | test_access | next(..) |
+| collections.py:56 | fail | test_access | copy(..) |
+| collections.py:57 | ok   | test_access | deepcopy(..) |
+| collections.py:61 | fail | test_access | a |
+| collections.py:61 | fail | test_access | b |
+| collections.py:61 | fail | test_access | c |
+| collections.py:64 | fail | test_access | h |
+| collections.py:66 | fail | test_access | i |
+| collections.py:73 | ok   | test_dict_access | tainted_dict["name"] |
+| collections.py:74 | fail | test_dict_access | tainted_dict.get(..) |
+| collections.py:75 | ok   | test_dict_access | tainted_dict[x] |
+| collections.py:76 | fail | test_dict_access | tainted_dict.copy() |
+| collections.py:80 | fail | test_dict_access | v |
+| collections.py:82 | fail | test_dict_access | v |
+| collections.py:90 | fail | test_named_tuple | point[0] |
+| collections.py:91 | fail | test_named_tuple | point.x |
+| collections.py:95 | ok   | test_named_tuple | point[1] |
+| collections.py:96 | ok   | test_named_tuple | point.y |
+| collections.py:100 | fail | test_named_tuple | a |
+| collections.py:101 | ok   | test_named_tuple | b |
+| collections.py:109 | fail | test_defaultdict | tainted_default_dict["name"] |
+| collections.py:110 | fail | test_defaultdict | tainted_default_dict.get(..) |
+| collections.py:111 | fail | test_defaultdict | tainted_default_dict[x] |
+| collections.py:112 | fail | test_defaultdict | tainted_default_dict.copy() |
+| collections.py:115 | fail | test_defaultdict | v |
+| collections.py:117 | fail | test_defaultdict | v |
 | json.py:26 | ok   | test | json.dumps(..) |
 | json.py:27 | ok   | test | json.loads(..) |
 | json.py:34 | fail | test | tainted_filelike |
--- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/collections.py
+++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/collections.py
@@ -11,7 +11,7 @@ if TYPE_CHECKING:
 # Actual tests

 from collections import defaultdict, namedtuple
-
+from copy import copy, deepcopy

 def test_construction():
    tainted_string = TAINTED_STRING
@@ -48,6 +48,13 @@ def test_access(x, y, z):
        tainted_list[0],
        tainted_list[x],
        tainted_list[y:z],
+
+        sorted(tainted_list),
+        reversed(tainted_list),
+        iter(tainted_list),
+        next(iter(tainted_list)),
+        copy(tainted_list),
+        deepcopy(tainted_list)
    )

    a, b, c = tainted_list[0:3]
@@ -64,6 +71,7 @@ def test_dict_access(x):

    ensure_tainted(
        tainted_dict["name"],
+        tainted_dict.get("name"),
        tainted_dict[x],
        tainted_dict.copy(),
    )
@@ -99,6 +107,7 @@ def test_defaultdict(key, x): # TODO: defaultdict currently not handled

    ensure_tainted(
        tainted_default_dict["name"],
+        tainted_default_dict.get("name"),
        tainted_default_dict[x],
        tainted_default_dict.copy(),
    )