Python: Change variable capture tests to use fresh variable names

Instead of reusing `nonSink0` for both captureOut1NotCalled and captureOut2NotCalled tests (I used 1/2 naming scheme to match things up nicely). I also added a comment highlighting that `m` is the function that is not called (since I overlooked that initially :O)
2026-04-27 09:45:15 +02:00 · 2023-05-02 13:56:55 +02:00
parent 54ced06ada
commit c89b57997a
4 changed files with 53 additions and 41 deletions
--- a/python/ql/test/experimental/dataflow/variable-capture/dict.py
+++ b/python/ql/test/experimental/dataflow/variable-capture/dict.py
@@ -77,16 +77,18 @@ def through(tainted):
    captureOut2()
    SINK(sinkO2["x"]) #$ MISSING:captured

-    nonSink0 = { "x": "" }
+    nonSink1 = { "x": "" }
    def captureOut1NotCalled():
-        nonSink0["x"] = tainted
-    SINK_F(nonSink0["x"])
+        nonSink1["x"] = tainted
+    SINK_F(nonSink1["x"])

+    nonSink2 = { "x": "" }
    def captureOut2NotCalled():
+        # notice that `m` is not called
        def m():
-            nonSink0["x"] = tainted
+            nonSink2["x"] = tainted
    captureOut2NotCalled()
-    SINK_F(nonSink0["x"])
+    SINK_F(nonSink2["x"])

@expects(4)
 def test_through():
--- a/python/ql/test/experimental/dataflow/variable-capture/global.py
+++ b/python/ql/test/experimental/dataflow/variable-capture/global.py
@@ -34,7 +34,8 @@ def SINK_F(x):

 sinkO1 = ""
 sinkO2 = ""
-nonSink0 = ""
+nonSink1 = ""
+nonSink2 = ""

 def out():
    def captureOut1():
@@ -52,16 +53,17 @@ def out():
    SINK(sinkO2) #$ captured

    def captureOut1NotCalled():
-        global nonSink0
-        nonSink0 = SOURCE
-    SINK_F(nonSink0) #$ SPURIOUS: captured
+        global nonSink1
+        nonSink1 = SOURCE
+    SINK_F(nonSink1) #$ SPURIOUS: captured

    def captureOut2NotCalled():
+        # notice that `m` is not called
        def m():
-            global nonSink0
-            nonSink0 = SOURCE
+            global nonSink2
+            nonSink2 = SOURCE
    captureOut2NotCalled()
-    SINK_F(nonSink0) #$ SPURIOUS: captured
+    SINK_F(nonSink2) #$ SPURIOUS: captured

@expects(4)
 def test_out():
@@ -69,7 +71,8 @@ def test_out():

 sinkT1 = ""
 sinkT2 = ""
-nonSinkT0 = ""
+nonSinkT1 = ""
+nonSinkT2 = ""
 def through(tainted):
    def captureOut1():
        global sinkT1
@@ -86,16 +89,17 @@ def through(tainted):
    SINK(sinkT2) #$ MISSING:captured

    def captureOut1NotCalled():
-        global nonSinkT0
-        nonSinkT0 = tainted
-    SINK_F(nonSinkT0)
+        global nonSinkT1
+        nonSinkT1 = tainted
+    SINK_F(nonSinkT1)

    def captureOut2NotCalled():
+        # notice that `m` is not called
        def m():
-            global nonSinkT0
-            nonSinkT0 = tainted
+            global nonSinkT2
+            nonSinkT2 = tainted
    captureOut2NotCalled()
-    SINK_F(nonSinkT0)
+    SINK_F(nonSinkT2)

@expects(4)
 def test_through():
--- a/python/ql/test/experimental/dataflow/variable-capture/in.py
+++ b/python/ql/test/experimental/dataflow/variable-capture/in.py
@@ -48,13 +48,14 @@ def inParam(tainted):
    captureIn3("")

    def captureIn1NotCalled():
-        nonSink0 = tainted
-        SINK_F(nonSink0)
+        nonSink1 = tainted
+        SINK_F(nonSink1)

    def captureIn2NotCalled():
+        # notice that `m` is not called
        def m():
-            nonSink0 = tainted
-            SINK_F(nonSink0)
+            nonSink1 = tainted
+            SINK_F(nonSink1)
    captureIn2NotCalled()

@expects(3)
@@ -81,13 +82,14 @@ def inLocal():
    captureIn3("")

    def captureIn1NotCalled():
-        nonSink0 = tainted
-        SINK_F(nonSink0)
+        nonSink1 = tainted
+        SINK_F(nonSink1)

    def captureIn2NotCalled():
+        # notice that `m` is not called
        def m():
-            nonSink0 = tainted
-            SINK_F(nonSink0)
+            nonSink2 = tainted
+            SINK_F(nonSink2)
    captureIn2NotCalled()

@expects(3)
--- a/python/ql/test/experimental/dataflow/variable-capture/nonlocal.py
+++ b/python/ql/test/experimental/dataflow/variable-capture/nonlocal.py
@@ -49,18 +49,20 @@ def out():
    captureOut2()
    SINK(sinkO2) #$ MISSING:captured

-    nonSink0 = ""
+    nonSink1 = ""
    def captureOut1NotCalled():
-        nonlocal nonSink0
-        nonSink0 = SOURCE
-    SINK_F(nonSink0)
+        nonlocal nonSink1
+        nonSink1 = SOURCE
+    SINK_F(nonSink1)

+    nonSink2 = ""
    def captureOut2NotCalled():
+        # notice that `m` is not called
        def m():
-            nonlocal nonSink0
-            nonSink0 = SOURCE
+            nonlocal nonSink2
+            nonSink2 = SOURCE
    captureOut2NotCalled()
-    SINK_F(nonSink0)
+    SINK_F(nonSink2)

@expects(4)
 def test_out():
@@ -83,18 +85,20 @@ def through(tainted):
    captureOut2()
    SINK(sinkO2) #$ MISSING:captured

-    nonSink0 = ""
+    nonSink1 = ""
    def captureOut1NotCalled():
-        nonlocal nonSink0
-        nonSink0 = tainted
-    SINK_F(nonSink0)
+        nonlocal nonSink1
+        nonSink1 = tainted
+    SINK_F(nonSink1)

+    nonSink2 = ""
    def captureOut2NotCalled():
+        # notice that `m` is not called
        def m():
-            nonlocal nonSink0
-            nonSink0 = tainted
+            nonlocal nonSink2
+            nonSink2 = tainted
    captureOut2NotCalled()
-    SINK_F(nonSink0)
+    SINK_F(nonSink2)

@expects(4)
 def test_through():