diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultSanitizer/TestTaint.expected b/python/ql/test/experimental/dataflow/tainttracking/defaultSanitizer/TestTaint.expected new file mode 100644 index 00000000000..a5ce4c08735 --- /dev/null +++ b/python/ql/test/experimental/dataflow/tainttracking/defaultSanitizer/TestTaint.expected @@ -0,0 +1,5 @@ +| test.py:16 | fail | const_eq_clears_taint | ts | +| test.py:18 | ok | const_eq_clears_taint | ts | +| test.py:24 | fail | const_eq_clears_taint2 | ts | +| test.py:29 | ok | non_const_eq_preserves_taint | ts | +| test.py:31 | ok | non_const_eq_preserves_taint | ts | diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultSanitizer/TestTaint.ql b/python/ql/test/experimental/dataflow/tainttracking/defaultSanitizer/TestTaint.ql new file mode 100644 index 00000000000..80625505fa2 --- /dev/null +++ b/python/ql/test/experimental/dataflow/tainttracking/defaultSanitizer/TestTaint.ql @@ -0,0 +1 @@ +import experimental.dataflow.tainttracking.TestTaintLib diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultSanitizer/test.py b/python/ql/test/experimental/dataflow/tainttracking/defaultSanitizer/test.py new file mode 100644 index 00000000000..baaa3fb2b8f --- /dev/null +++ b/python/ql/test/experimental/dataflow/tainttracking/defaultSanitizer/test.py @@ -0,0 +1,38 @@ +# Add taintlib to PATH so it can be imported during runtime without any hassle +import sys; import os; sys.path.append(os.path.dirname(os.path.dirname((__file__)))) +from taintlib import * + +# This has no runtime impact, but allows autocomplete to work +from typing import TYPE_CHECKING +if TYPE_CHECKING: + from ..taintlib import * + + +# Actual tests + +def const_eq_clears_taint(): + ts = TAINTED_STRING + if ts == "safe": + ensure_not_tainted(ts) + # ts should still be tainted after exiting the if block + ensure_tainted(ts) + +def const_eq_clears_taint2(): + ts = TAINTED_STRING + if ts != "safe": + return + ensure_not_tainted(ts) + +def non_const_eq_preserves_taint(x="foo"): + ts = TAINTED_STRING + if ts == ts: + ensure_tainted(ts) + if ts == x: + ensure_tainted(ts) + + +# Make tests runable + +const_eq_clears_taint() +const_eq_clears_taint2() +non_const_eq_preserves_taint()