hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 04:39:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into py/CsvInjection

Browse Source
This commit is contained in:
yoff
2022-05-30 13:41:31 +02:00
committed by GitHub
parent a726340bb3 7a6646dcaf
commit cd46f31cba
351 changed files with 10835 additions and 5351 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
python/ql/test/experimental/meta/MaDTest.qll Normal file
View File

@@ -0,0 +1,46 @@
import python
private import semmle.python.dataflow.new.DataFlow
private import semmle.python.dataflow.new.internal.PrintNode
private import semmle.python.frameworks.data.ModelsAsData
// need to import Frameworks to get the actual modeling imported
private import semmle.python.Frameworks
// this import needs to be public to get the query predicates propagated to the actual test files
import TestUtilities.InlineExpectationsTest
class MadSinkTest extends InlineExpectationsTest {
MadSinkTest() { this = "MadSinkTest" }
override string getARelevantTag() {
exists(string kind | exists(ModelOutput::getASinkNode(kind)) | result = "mad-sink__" + kind)
}
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(location.getFile().getRelativePath()) and
exists(DataFlow::Node sink, string kind |
sink = ModelOutput::getASinkNode(kind).getARhs() and
location = sink.getLocation() and
element = sink.toString() and
value = prettyNodeForInlineTest(sink) and
tag = "mad-sink__" + kind
)
}
}
class MadSourceTest extends InlineExpectationsTest {
MadSourceTest() { this = "MadSourceTest" }
override string getARelevantTag() {
exists(string kind | exists(ModelOutput::getASourceNode(kind)) | result = "mad-source__" + kind)
}
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(location.getFile().getRelativePath()) and
exists(DataFlow::Node source, string kind |
source = ModelOutput::getASourceNode(kind).getAnImmediateUse() and
location = source.getLocation() and
element = source.toString() and
value = prettyNodeForInlineTest(source) and
tag = "mad-source__" + kind
)
}
}