hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Add markupsafe tests

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2021-06-15 14:39:10 +02:00
parent 19305a217a
commit d18b9a2704
5 changed files with 84 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
python/ql/test/library-tests/frameworks/markupsafe/ConceptsTest.expected Normal file
View File

2
python/ql/test/library-tests/frameworks/markupsafe/ConceptsTest.ql Normal file
View File

@@ -0,0 +1,2 @@
import python
import experimental.meta.ConceptsTest

3
python/ql/test/library-tests/frameworks/markupsafe/InlineTaintTest.expected Normal file
View File

@@ -0,0 +1,3 @@
argumentToEnsureNotTaintedNotMarkedAsSpurious
untaintedArgumentToEnsureTaintedNotMarkedAsMissing
failures

1
python/ql/test/library-tests/frameworks/markupsafe/InlineTaintTest.ql Normal file
View File

@@ -0,0 +1 @@
import experimental.meta.InlineTaintTest

78
python/ql/test/library-tests/frameworks/markupsafe/taint_test.py Normal file
View File

@@ -0,0 +1,78 @@
from markupsafe import escape, escape_silent, Markup
def ensure_tainted(*args):
print("ensure_tainted")
for x in args: print(" ", x)
def ensure_not_tainted(*args):
print("ensure_not_tainted")
for x in args: print(" ", x)
# these contain `{}` so we can use .format
TAINTED_STRING = '<"TAINTED_STRING" {}>'
SAFE = "SAFE {}"
def test():
ts = TAINTED_STRING
# class `Markup` can be used for things that are already safe.
# if used with any text in a string operation, that other text will be escaped.
#
# see https://markupsafe.palletsprojects.com/en/2.0.x/
m_unsafe = Markup(TAINTED_STRING)
m_safe = Markup(SAFE)
# this 3 tests might look strange, but the purpose is to check we still treat `ts`
# as tainted even after it has been escaped in some place. This _might_ not be the
# case since data-flow library has taint-steps from adjacent uses...
ensure_tainted(ts) # $ tainted
ensure_not_tainted(escape(ts))
ensure_tainted(ts) # $ tainted
ensure_tainted(
ts, # $ tainted
m_unsafe, # $ MISSING: tainted
m_unsafe + SAFE, # $ MISSING: tainted
SAFE + m_unsafe, # $ MISSING: tainted
m_unsafe.format(SAFE), # $ MISSING: tainted
m_unsafe + ts, # $ tainted
m_safe.format(m_unsafe), # $ MISSING: tainted
escape(ts).unescape(), # $ MISSING: tainted
escape_silent(ts).unescape(), # $ MISSING: tainted
)
ensure_not_tainted(
escape(ts),
escape_silent(ts),
Markup.escape(ts),
m_safe,
m_safe + ts, # $ SPURIOUS: tainted
ts + m_safe, # $ SPURIOUS: tainted
m_safe.format(ts), # $ SPURIOUS: tainted
escape(ts) + ts, # $ SPURIOUS: tainted
escape_silent(ts) + ts, # $ SPURIOUS: tainted
Markup.escape(ts) + ts, # $ SPURIOUS: tainted
)
# flask re-exports these, as:
# flask.escape = markupsafe.escape
# flask.Markup = markupsafe.Markup
import flask
ensure_tainted(
flask.Markup(ts), # $ MISSING: tainted
)
ensure_not_tainted(
flask.escape(ts),
flask.Markup.escape(ts),
)
test()