diff --git a/python/ql/test/experimental/dataflow/TestUtil/DataflowQueryTest.qll b/python/ql/test/experimental/dataflow/TestUtil/DataflowQueryTest.qll index 1c9259038bc..74a43bb4cc4 100644 --- a/python/ql/test/experimental/dataflow/TestUtil/DataflowQueryTest.qll +++ b/python/ql/test/experimental/dataflow/TestUtil/DataflowQueryTest.qll @@ -3,12 +3,10 @@ import semmle.python.dataflow.new.DataFlow import TestUtilities.InlineExpectationsTest private import semmle.python.dataflow.new.internal.PrintNode -class DataFlowQueryTest extends InlineExpectationsTest { - DataFlowQueryTest() { this = "DataFlowQueryTest" } +module DataFlowQueryTest implements TestSig { + string getARelevantTag() { result = "result" } - override string getARelevantTag() { result = "result" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(DataFlow::Configuration cfg, DataFlow::Node sink | cfg.hasFlowTo(sink) | location = sink.getLocation() and tag = "result" and @@ -22,7 +20,7 @@ class DataFlowQueryTest extends InlineExpectationsTest { // Sometimes a line contains both an alert and a safe sink. // In this situation, the annotation form `OK(safe sink)` // can be useful. - override predicate hasOptionalResult(Location location, string element, string tag, string value) { + predicate hasOptionalResult(Location location, string element, string tag, string value) { exists(DataFlow::Configuration cfg, DataFlow::Node sink | cfg.isSink(sink) or cfg.isSink(sink, _) | @@ -34,6 +32,8 @@ class DataFlowQueryTest extends InlineExpectationsTest { } } +import MakeTest + query predicate missingAnnotationOnSink(Location location, string error, string element) { error = "ERROR, you should add `# $ MISSING: result=BAD` or `result=OK` annotation" and exists(DataFlow::Node sink | @@ -42,13 +42,13 @@ query predicate missingAnnotationOnSink(Location location, string error, string location = sink.getLocation() and element = prettyExpr(sink.asExpr()) and not exists(DataFlow::Configuration cfg | cfg.hasFlowTo(sink)) and - not exists(FalseNegativeExpectation missingResult | + not exists(FalseNegativeTestExpectation missingResult | missingResult.getTag() = "result" and missingResult.getValue() = "BAD" and missingResult.getLocation().getFile() = location.getFile() and missingResult.getLocation().getStartLine() = location.getStartLine() ) and - not exists(GoodExpectation okResult | + not exists(GoodTestExpectation okResult | okResult.getTag() = "result" and okResult.getValue() in ["OK", "OK(" + prettyNode(sink) + ")"] and okResult.getLocation().getFile() = location.getFile() and diff --git a/python/ql/test/experimental/dataflow/TestUtil/FlowTest.qll b/python/ql/test/experimental/dataflow/TestUtil/FlowTest.qll index 2f5d7de5952..e6abf741b36 100644 --- a/python/ql/test/experimental/dataflow/TestUtil/FlowTest.qll +++ b/python/ql/test/experimental/dataflow/TestUtil/FlowTest.qll @@ -3,22 +3,21 @@ import semmle.python.dataflow.new.DataFlow import TestUtilities.InlineExpectationsTest private import semmle.python.dataflow.new.internal.PrintNode -abstract class FlowTest extends InlineExpectationsTest { - bindingset[this] - FlowTest() { any() } +signature module FlowTestSig { + string flowTag(); - abstract string flowTag(); + predicate relevantFlow(DataFlow::Node fromNode, DataFlow::Node toNode); +} - abstract predicate relevantFlow(DataFlow::Node fromNode, DataFlow::Node toNode); +private module FlowTest implements TestSig { + string getARelevantTag() { result = Impl::flowTag() } - override string getARelevantTag() { result = this.flowTag() } - - override predicate hasActualResult(Location location, string element, string tag, string value) { - exists(DataFlow::Node fromNode, DataFlow::Node toNode | this.relevantFlow(fromNode, toNode) | + predicate hasActualResult(Location location, string element, string tag, string value) { + exists(DataFlow::Node fromNode, DataFlow::Node toNode | Impl::relevantFlow(fromNode, toNode) | location = toNode.getLocation() and - tag = this.flowTag() and + tag = Impl::flowTag() and value = - "\"" + prettyNode(fromNode).replaceAll("\"", "'") + this.lineStr(fromNode, toNode) + " -> " + + "\"" + prettyNode(fromNode).replaceAll("\"", "'") + lineStr(fromNode, toNode) + " -> " + prettyNode(toNode).replaceAll("\"", "'") + "\"" and element = toNode.toString() ) @@ -38,3 +37,11 @@ abstract class FlowTest extends InlineExpectationsTest { ) } } + +module MakeFlowTest { + import MakeTest> +} + +module MakeFlowTest2 { + import MakeTest, FlowTest>> +} diff --git a/python/ql/test/experimental/dataflow/TestUtil/LocalFlowStepTest.qll b/python/ql/test/experimental/dataflow/TestUtil/LocalFlowStepTest.qll index c2c180627ec..6cbfe917fd4 100644 --- a/python/ql/test/experimental/dataflow/TestUtil/LocalFlowStepTest.qll +++ b/python/ql/test/experimental/dataflow/TestUtil/LocalFlowStepTest.qll @@ -2,12 +2,12 @@ import python import semmle.python.dataflow.new.DataFlow import FlowTest -class LocalFlowStepTest extends FlowTest { - LocalFlowStepTest() { this = "LocalFlowStepTest" } +module LocalFlowStepTest implements FlowTestSig { + string flowTag() { result = "step" } - override string flowTag() { result = "step" } - - override predicate relevantFlow(DataFlow::Node fromNode, DataFlow::Node toNode) { + predicate relevantFlow(DataFlow::Node fromNode, DataFlow::Node toNode) { DataFlow::localFlowStep(fromNode, toNode) } } + +import MakeFlowTest diff --git a/python/ql/test/experimental/dataflow/TestUtil/MaximalFlowTest.qll b/python/ql/test/experimental/dataflow/TestUtil/MaximalFlowTest.qll index 6615afb9247..681e51ca604 100644 --- a/python/ql/test/experimental/dataflow/TestUtil/MaximalFlowTest.qll +++ b/python/ql/test/experimental/dataflow/TestUtil/MaximalFlowTest.qll @@ -3,25 +3,23 @@ import semmle.python.dataflow.new.DataFlow private import semmle.python.dataflow.new.internal.DataFlowPrivate import FlowTest -class MaximalFlowTest extends FlowTest { - MaximalFlowTest() { this = "MaximalFlowTest" } +module MaximalFlowTest implements FlowTestSig { + string flowTag() { result = "flow" } - override string flowTag() { result = "flow" } - - override predicate relevantFlow(DataFlow::Node source, DataFlow::Node sink) { + predicate relevantFlow(DataFlow::Node source, DataFlow::Node sink) { source != sink and - exists(MaximalFlowsConfig cfg | cfg.hasFlow(source, sink)) + MaximalFlows::flow(source, sink) } } +import MakeFlowTest + /** * A configuration to find all "maximal" flows. * To be used on small programs. */ -class MaximalFlowsConfig extends DataFlow::Configuration { - MaximalFlowsConfig() { this = "MaximalFlowsConfig" } - - override predicate isSource(DataFlow::Node node) { +module MaximalFlowsConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { exists(node.getLocation().getFile().getRelativePath()) and not node.asCfgNode() instanceof CallNode and not node.asCfgNode().getNode() instanceof Return and @@ -32,7 +30,7 @@ class MaximalFlowsConfig extends DataFlow::Configuration { not DataFlow::localFlowStep(_, node) } - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { exists(node.getLocation().getFile().getRelativePath()) and not any(CallNode c).getArg(_) = node.asCfgNode() and not node instanceof DataFlow::ArgumentNode and @@ -40,3 +38,5 @@ class MaximalFlowsConfig extends DataFlow::Configuration { not DataFlow::localFlowStep(node, _) } } + +module MaximalFlows = DataFlow::Global; diff --git a/python/ql/test/experimental/dataflow/TestUtil/NormalDataflowTest.qll b/python/ql/test/experimental/dataflow/TestUtil/NormalDataflowTest.qll index f526a1f43ae..a327886fedd 100644 --- a/python/ql/test/experimental/dataflow/TestUtil/NormalDataflowTest.qll +++ b/python/ql/test/experimental/dataflow/TestUtil/NormalDataflowTest.qll @@ -3,20 +3,20 @@ import experimental.dataflow.TestUtil.FlowTest import experimental.dataflow.testConfig private import semmle.python.dataflow.new.internal.PrintNode -class DataFlowTest extends FlowTest { - DataFlowTest() { this = "DataFlowTest" } +module DataFlowTest implements FlowTestSig { + string flowTag() { result = "flow" } - override string flowTag() { result = "flow" } - - override predicate relevantFlow(DataFlow::Node source, DataFlow::Node sink) { - exists(TestConfiguration cfg | cfg.hasFlow(source, sink)) + predicate relevantFlow(DataFlow::Node source, DataFlow::Node sink) { + TestFlow::flow(source, sink) } } +import MakeFlowTest + query predicate missingAnnotationOnSink(Location location, string error, string element) { error = "ERROR, you should add `# $ MISSING: flow` annotation" and exists(DataFlow::Node sink | - any(TestConfiguration config).isSink(sink) and + TestConfig::isSink(sink) and // note: we only care about `SINK` and not `SINK_F`, so we have to reconstruct manually. exists(DataFlow::CallCfgNode call | call.getFunction().asCfgNode().(NameNode).getId() = "SINK" and @@ -24,8 +24,8 @@ query predicate missingAnnotationOnSink(Location location, string error, string ) and location = sink.getLocation() and element = prettyExpr(sink.asExpr()) and - not any(TestConfiguration config).hasFlow(_, sink) and - not exists(FalseNegativeExpectation missingResult | + not TestFlow::flowTo(sink) and + not exists(FalseNegativeTestExpectation missingResult | missingResult.getTag() = "flow" and missingResult.getLocation().getFile() = location.getFile() and missingResult.getLocation().getStartLine() = location.getStartLine() diff --git a/python/ql/test/experimental/dataflow/TestUtil/NormalTaintTrackingTest.qll b/python/ql/test/experimental/dataflow/TestUtil/NormalTaintTrackingTest.qll index 9619679da03..4a07dc4d2d6 100644 --- a/python/ql/test/experimental/dataflow/TestUtil/NormalTaintTrackingTest.qll +++ b/python/ql/test/experimental/dataflow/TestUtil/NormalTaintTrackingTest.qll @@ -3,16 +3,16 @@ import experimental.dataflow.TestUtil.FlowTest import experimental.dataflow.testTaintConfig private import semmle.python.dataflow.new.internal.PrintNode -class DataFlowTest extends FlowTest { - DataFlowTest() { this = "DataFlowTest" } +module DataFlowTest implements FlowTestSig { + string flowTag() { result = "flow" } - override string flowTag() { result = "flow" } - - override predicate relevantFlow(DataFlow::Node source, DataFlow::Node sink) { - exists(TestConfiguration cfg | cfg.hasFlow(source, sink)) + predicate relevantFlow(DataFlow::Node source, DataFlow::Node sink) { + TestFlow::flow(source, sink) } } +import MakeFlowTest + query predicate missingAnnotationOnSink(Location location, string error, string element) { error = "ERROR, you should add `# $ MISSING: flow` annotation" and exists(DataFlow::Node sink | @@ -23,8 +23,8 @@ query predicate missingAnnotationOnSink(Location location, string error, string ) and location = sink.getLocation() and element = prettyExpr(sink.asExpr()) and - not any(TestConfiguration config).hasFlow(_, sink) and - not exists(FalseNegativeExpectation missingResult | + not TestFlow::flowTo(sink) and + not exists(FalseNegativeTestExpectation missingResult | missingResult.getTag() = "flow" and missingResult.getLocation().getFile() = location.getFile() and missingResult.getLocation().getStartLine() = location.getStartLine() diff --git a/python/ql/test/experimental/dataflow/TestUtil/UnresolvedCalls.qll b/python/ql/test/experimental/dataflow/TestUtil/UnresolvedCalls.qll index 003d02ba530..9b26d8c9175 100644 --- a/python/ql/test/experimental/dataflow/TestUtil/UnresolvedCalls.qll +++ b/python/ql/test/experimental/dataflow/TestUtil/UnresolvedCalls.qll @@ -4,11 +4,11 @@ private import semmle.python.dataflow.new.internal.DataFlowPrivate as DataFlowPr private import semmle.python.ApiGraphs import TestUtilities.InlineExpectationsTest -class UnresolvedCallExpectations extends InlineExpectationsTest { - UnresolvedCallExpectations() { this = "UnresolvedCallExpectations" } - - override string getARelevantTag() { result = "unresolved_call" } +signature module UnresolvedCallExpectationsSig { + predicate unresolvedCall(CallNode call); +} +module DefaultUnresolvedCallExpectations implements UnresolvedCallExpectationsSig { predicate unresolvedCall(CallNode call) { not exists(DataFlowPrivate::DataFlowCall dfc | exists(dfc.getCallable()) and dfc.getNode() = call @@ -16,14 +16,22 @@ class UnresolvedCallExpectations extends InlineExpectationsTest { not DataFlowPrivate::resolveClassCall(call, _) and not call = API::builtin(_).getACall().asCfgNode() } - - override predicate hasActualResult(Location location, string element, string tag, string value) { - exists(location.getFile().getRelativePath()) and - exists(CallNode call | this.unresolvedCall(call) | - location = call.getLocation() and - tag = "unresolved_call" and - value = prettyExpr(call.getNode()) and - element = call.toString() - ) - } +} + +module MakeUnresolvedCallExpectations { + private module UnresolvedCallExpectations implements TestSig { + string getARelevantTag() { result = "unresolved_call" } + + predicate hasActualResult(Location location, string element, string tag, string value) { + exists(location.getFile().getRelativePath()) and + exists(CallNode call | Impl::unresolvedCall(call) | + location = call.getLocation() and + tag = "unresolved_call" and + value = prettyExpr(call.getNode()) and + element = call.toString() + ) + } + } + + import MakeTest } diff --git a/python/ql/test/experimental/dataflow/basic/localFlowStepTest.expected b/python/ql/test/experimental/dataflow/basic/localFlowStepTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/experimental/dataflow/basic/localFlowStepTest.expected +++ b/python/ql/test/experimental/dataflow/basic/localFlowStepTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/experimental/dataflow/basic/maximalFlowTest.expected b/python/ql/test/experimental/dataflow/basic/maximalFlowTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/experimental/dataflow/basic/maximalFlowTest.expected +++ b/python/ql/test/experimental/dataflow/basic/maximalFlowTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/experimental/dataflow/coverage/NormalDataflowTest.expected b/python/ql/test/experimental/dataflow/coverage/NormalDataflowTest.expected index 3875da4e143..04431311999 100644 --- a/python/ql/test/experimental/dataflow/coverage/NormalDataflowTest.expected +++ b/python/ql/test/experimental/dataflow/coverage/NormalDataflowTest.expected @@ -1,2 +1,3 @@ missingAnnotationOnSink failures +testFailures diff --git a/python/ql/test/experimental/dataflow/exceptions/NormalDataflowTest.expected b/python/ql/test/experimental/dataflow/exceptions/NormalDataflowTest.expected index 3875da4e143..04431311999 100644 --- a/python/ql/test/experimental/dataflow/exceptions/NormalDataflowTest.expected +++ b/python/ql/test/experimental/dataflow/exceptions/NormalDataflowTest.expected @@ -1,2 +1,3 @@ missingAnnotationOnSink failures +testFailures diff --git a/python/ql/test/experimental/dataflow/fieldflow/NormalDataflowTest.expected b/python/ql/test/experimental/dataflow/fieldflow/NormalDataflowTest.expected index 3875da4e143..04431311999 100644 --- a/python/ql/test/experimental/dataflow/fieldflow/NormalDataflowTest.expected +++ b/python/ql/test/experimental/dataflow/fieldflow/NormalDataflowTest.expected @@ -1,2 +1,3 @@ missingAnnotationOnSink failures +testFailures diff --git a/python/ql/test/experimental/dataflow/fieldflow/UnresolvedCalls.expected b/python/ql/test/experimental/dataflow/fieldflow/UnresolvedCalls.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/experimental/dataflow/fieldflow/UnresolvedCalls.expected +++ b/python/ql/test/experimental/dataflow/fieldflow/UnresolvedCalls.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/experimental/dataflow/fieldflow/UnresolvedCalls.ql b/python/ql/test/experimental/dataflow/fieldflow/UnresolvedCalls.ql index af73ca552fc..3c7498bd651 100644 --- a/python/ql/test/experimental/dataflow/fieldflow/UnresolvedCalls.ql +++ b/python/ql/test/experimental/dataflow/fieldflow/UnresolvedCalls.ql @@ -2,11 +2,13 @@ import python import experimental.dataflow.TestUtil.UnresolvedCalls private import semmle.python.dataflow.new.DataFlow -class IgnoreDictMethod extends UnresolvedCallExpectations { - override predicate unresolvedCall(CallNode call) { - super.unresolvedCall(call) and +module IgnoreDictMethod implements UnresolvedCallExpectationsSig { + predicate unresolvedCall(CallNode call) { + DefaultUnresolvedCallExpectations::unresolvedCall(call) and not any(DataFlow::MethodCallNode methodCall | methodCall.getMethodName() in ["get", "setdefault"] ).asCfgNode() = call } } + +import MakeUnresolvedCallExpectations diff --git a/python/ql/test/experimental/dataflow/match/NormalDataflowTest.expected b/python/ql/test/experimental/dataflow/match/NormalDataflowTest.expected index 3875da4e143..04431311999 100644 --- a/python/ql/test/experimental/dataflow/match/NormalDataflowTest.expected +++ b/python/ql/test/experimental/dataflow/match/NormalDataflowTest.expected @@ -1,2 +1,3 @@ missingAnnotationOnSink failures +testFailures diff --git a/python/ql/test/experimental/dataflow/module-initialization/localFlow.expected b/python/ql/test/experimental/dataflow/module-initialization/localFlow.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/experimental/dataflow/module-initialization/localFlow.expected +++ b/python/ql/test/experimental/dataflow/module-initialization/localFlow.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/experimental/dataflow/module-initialization/localFlow.ql b/python/ql/test/experimental/dataflow/module-initialization/localFlow.ql index 635902e7045..8ef3860955d 100644 --- a/python/ql/test/experimental/dataflow/module-initialization/localFlow.ql +++ b/python/ql/test/experimental/dataflow/module-initialization/localFlow.ql @@ -4,12 +4,10 @@ import experimental.dataflow.TestUtil.FlowTest private import semmle.python.dataflow.new.internal.PrintNode private import semmle.python.dataflow.new.internal.DataFlowPrivate as DP -class ImportTimeLocalFlowTest extends FlowTest { - ImportTimeLocalFlowTest() { this = "ImportTimeLocalFlowTest" } +module ImportTimeLocalFlowTest implements FlowTestSig { + string flowTag() { result = "importTimeFlow" } - override string flowTag() { result = "importTimeFlow" } - - override predicate relevantFlow(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { + predicate relevantFlow(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { nodeFrom.getLocation().getFile().getBaseName() = "multiphase.py" and // results are displayed next to `nodeTo`, so we need a line to write on nodeTo.getLocation().getStartLine() > 0 and @@ -18,12 +16,10 @@ class ImportTimeLocalFlowTest extends FlowTest { } } -class RuntimeLocalFlowTest extends FlowTest { - RuntimeLocalFlowTest() { this = "RuntimeLocalFlowTest" } +module RuntimeLocalFlowTest implements FlowTestSig { + string flowTag() { result = "runtimeFlow" } - override string flowTag() { result = "runtimeFlow" } - - override predicate relevantFlow(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { + predicate relevantFlow(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { nodeFrom.getLocation().getFile().getBaseName() = "multiphase.py" and // results are displayed next to `nodeTo`, so we need a line to write on nodeTo.getLocation().getStartLine() > 0 and @@ -34,3 +30,5 @@ class RuntimeLocalFlowTest extends FlowTest { DP::runtimeJumpStep(nodeFrom, nodeTo) } } + +import MakeFlowTest2 diff --git a/python/ql/test/experimental/dataflow/regression/dataflow.ql b/python/ql/test/experimental/dataflow/regression/dataflow.ql index c95b2f2111f..39763fa4814 100644 --- a/python/ql/test/experimental/dataflow/regression/dataflow.ql +++ b/python/ql/test/experimental/dataflow/regression/dataflow.ql @@ -9,5 +9,5 @@ import python import experimental.dataflow.testConfig from DataFlow::Node source, DataFlow::Node sink -where exists(TestConfiguration cfg | cfg.hasFlow(source, sink)) +where TestFlow::flow(source, sink) select source, sink diff --git a/python/ql/test/experimental/dataflow/summaries/NormalTaintTrackingTest.expected b/python/ql/test/experimental/dataflow/summaries/NormalTaintTrackingTest.expected index 3875da4e143..04431311999 100644 --- a/python/ql/test/experimental/dataflow/summaries/NormalTaintTrackingTest.expected +++ b/python/ql/test/experimental/dataflow/summaries/NormalTaintTrackingTest.expected @@ -1,2 +1,3 @@ missingAnnotationOnSink failures +testFailures diff --git a/python/ql/test/experimental/dataflow/summaries/summaries.ql b/python/ql/test/experimental/dataflow/summaries/summaries.ql index f2c0a522279..d3c0206d41f 100644 --- a/python/ql/test/experimental/dataflow/summaries/summaries.ql +++ b/python/ql/test/experimental/dataflow/summaries/summaries.ql @@ -4,7 +4,7 @@ import python import semmle.python.dataflow.new.FlowSummary -import DataFlow::PathGraph +import TestFlow::PathGraph import semmle.python.dataflow.new.TaintTracking import semmle.python.dataflow.new.internal.FlowSummaryImpl import semmle.python.ApiGraphs @@ -16,6 +16,6 @@ query predicate invalidSpecComponent(SummarizedCallable sc, string s, string c) Private::External::invalidSpecComponent(s, c) } -from DataFlow::PathNode source, DataFlow::PathNode sink, TestConfiguration conf -where conf.hasFlowPath(source, sink) +from TestFlow::PathNode source, TestFlow::PathNode sink +where TestFlow::flowPath(source, sink) select sink, source, sink, "$@", source, source.toString() diff --git a/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/InlineTaintTest.expected b/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/InlineTaintTest.expected +++ b/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/InlineTaintTest.ql b/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/InlineTaintTest.ql index 048d530dd41..46263250a9b 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/InlineTaintTest.ql +++ b/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/InlineTaintTest.ql @@ -1,6 +1,12 @@ import experimental.meta.InlineTaintTest import semmle.python.dataflow.new.BarrierGuards -class CustomSanitizerOverrides extends TestTaintTrackingConfiguration { - override predicate isSanitizer(DataFlow::Node node) { node instanceof StringConstCompareBarrier } +module CustomSanitizerOverridesConfig implements DataFlow::ConfigSig { + predicate isSource = TestTaintTrackingConfig::isSource/1; + + predicate isSink = TestTaintTrackingConfig::isSink/1; + + predicate isBarrier(DataFlow::Node node) { node instanceof StringConstCompareBarrier } } + +import MakeInlineTaintTest diff --git a/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/InlineTaintTest.expected b/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/InlineTaintTest.expected index fdad063534b..6e4a1c072bc 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/InlineTaintTest.expected +++ b/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/InlineTaintTest.expected @@ -1,25 +1,26 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures isSanitizer -| TestTaintTrackingConfiguration | test.py:21:39:21:39 | ControlFlowNode for s | -| TestTaintTrackingConfiguration | test.py:34:39:34:39 | ControlFlowNode for s | -| TestTaintTrackingConfiguration | test.py:52:28:52:28 | ControlFlowNode for s | -| TestTaintTrackingConfiguration | test.py:66:10:66:29 | ControlFlowNode for emulated_escaping() | -| TestTaintTrackingConfiguration | test_logical.py:33:28:33:28 | ControlFlowNode for s | -| TestTaintTrackingConfiguration | test_logical.py:40:28:40:28 | ControlFlowNode for s | -| TestTaintTrackingConfiguration | test_logical.py:48:28:48:28 | ControlFlowNode for s | -| TestTaintTrackingConfiguration | test_logical.py:53:28:53:28 | ControlFlowNode for s | -| TestTaintTrackingConfiguration | test_logical.py:92:28:92:28 | ControlFlowNode for s | -| TestTaintTrackingConfiguration | test_logical.py:103:28:103:28 | ControlFlowNode for s | -| TestTaintTrackingConfiguration | test_logical.py:111:28:111:28 | ControlFlowNode for s | -| TestTaintTrackingConfiguration | test_logical.py:130:28:130:28 | ControlFlowNode for s | -| TestTaintTrackingConfiguration | test_logical.py:137:28:137:28 | ControlFlowNode for s | -| TestTaintTrackingConfiguration | test_logical.py:148:28:148:28 | ControlFlowNode for s | -| TestTaintTrackingConfiguration | test_logical.py:151:28:151:28 | ControlFlowNode for s | -| TestTaintTrackingConfiguration | test_logical.py:158:28:158:28 | ControlFlowNode for s | -| TestTaintTrackingConfiguration | test_logical.py:167:24:167:24 | ControlFlowNode for s | -| TestTaintTrackingConfiguration | test_logical.py:176:24:176:24 | ControlFlowNode for s | -| TestTaintTrackingConfiguration | test_logical.py:185:24:185:24 | ControlFlowNode for s | -| TestTaintTrackingConfiguration | test_logical.py:193:24:193:24 | ControlFlowNode for s | -| TestTaintTrackingConfiguration | test_reference.py:31:28:31:28 | ControlFlowNode for s | +| test.py:21:39:21:39 | ControlFlowNode for s | +| test.py:34:39:34:39 | ControlFlowNode for s | +| test.py:52:28:52:28 | ControlFlowNode for s | +| test.py:66:10:66:29 | ControlFlowNode for emulated_escaping() | +| test_logical.py:33:28:33:28 | ControlFlowNode for s | +| test_logical.py:40:28:40:28 | ControlFlowNode for s | +| test_logical.py:48:28:48:28 | ControlFlowNode for s | +| test_logical.py:53:28:53:28 | ControlFlowNode for s | +| test_logical.py:92:28:92:28 | ControlFlowNode for s | +| test_logical.py:103:28:103:28 | ControlFlowNode for s | +| test_logical.py:111:28:111:28 | ControlFlowNode for s | +| test_logical.py:130:28:130:28 | ControlFlowNode for s | +| test_logical.py:137:28:137:28 | ControlFlowNode for s | +| test_logical.py:148:28:148:28 | ControlFlowNode for s | +| test_logical.py:151:28:151:28 | ControlFlowNode for s | +| test_logical.py:158:28:158:28 | ControlFlowNode for s | +| test_logical.py:167:24:167:24 | ControlFlowNode for s | +| test_logical.py:176:24:176:24 | ControlFlowNode for s | +| test_logical.py:185:24:185:24 | ControlFlowNode for s | +| test_logical.py:193:24:193:24 | ControlFlowNode for s | +| test_reference.py:31:28:31:28 | ControlFlowNode for s | diff --git a/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/InlineTaintTest.ql b/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/InlineTaintTest.ql index 984cf74d036..597f368b02f 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/InlineTaintTest.ql +++ b/python/ql/test/experimental/dataflow/tainttracking/customSanitizer/InlineTaintTest.ql @@ -12,8 +12,12 @@ predicate isUnsafeCheck(DataFlow::GuardNode g, ControlFlowNode node, boolean bra branch = false } -class CustomSanitizerOverrides extends TestTaintTrackingConfiguration { - override predicate isSanitizer(DataFlow::Node node) { +module CustomSanitizerOverridesConfig implements DataFlow::ConfigSig { + predicate isSource = TestTaintTrackingConfig::isSource/1; + + predicate isSink = TestTaintTrackingConfig::isSink/1; + + predicate isBarrier(DataFlow::Node node) { exists(Call call | call.getFunc().(Name).getId() = "emulated_authentication_check" and call.getArg(0) = node.asExpr() @@ -27,7 +31,9 @@ class CustomSanitizerOverrides extends TestTaintTrackingConfiguration { } } -query predicate isSanitizer(TestTaintTrackingConfiguration conf, DataFlow::Node node) { +import MakeInlineTaintTest + +query predicate isSanitizer(DataFlow::Node node) { exists(node.getLocation().getFile().getRelativePath()) and - conf.isSanitizer(node) + CustomSanitizerOverridesConfig::isBarrier(node) } diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/InlineTaintTest.expected b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/InlineTaintTest.expected +++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/InlineTaintTest.ql b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/InlineTaintTest.ql +++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/InlineTaintTest.expected b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/InlineTaintTest.expected +++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/InlineTaintTest.ql b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/InlineTaintTest.ql +++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/experimental/dataflow/tainttracking/generator-flow/InlineTaintTest.expected b/python/ql/test/experimental/dataflow/tainttracking/generator-flow/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/generator-flow/InlineTaintTest.expected +++ b/python/ql/test/experimental/dataflow/tainttracking/generator-flow/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/experimental/dataflow/tainttracking/generator-flow/InlineTaintTest.ql b/python/ql/test/experimental/dataflow/tainttracking/generator-flow/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/generator-flow/InlineTaintTest.ql +++ b/python/ql/test/experimental/dataflow/tainttracking/generator-flow/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/experimental/dataflow/tainttracking/generator-flow/NormalDataflowTest.expected b/python/ql/test/experimental/dataflow/tainttracking/generator-flow/NormalDataflowTest.expected index 3875da4e143..04431311999 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/generator-flow/NormalDataflowTest.expected +++ b/python/ql/test/experimental/dataflow/tainttracking/generator-flow/NormalDataflowTest.expected @@ -1,2 +1,3 @@ missingAnnotationOnSink failures +testFailures diff --git a/python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/InlineTaintTest.expected b/python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/InlineTaintTest.expected +++ b/python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/InlineTaintTest.ql b/python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/InlineTaintTest.ql +++ b/python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/experimental/dataflow/testConfig.qll b/python/ql/test/experimental/dataflow/testConfig.qll index ab5f125d898..887f9e48e8e 100644 --- a/python/ql/test/experimental/dataflow/testConfig.qll +++ b/python/ql/test/experimental/dataflow/testConfig.qll @@ -23,10 +23,8 @@ private import python import semmle.python.dataflow.new.DataFlow -class TestConfiguration extends DataFlow::Configuration { - TestConfiguration() { this = "TestConfiguration" } - - override predicate isSource(DataFlow::Node node) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node.(DataFlow::CfgNode).getNode().(NameNode).getId() = "SOURCE" or node.(DataFlow::CfgNode).getNode().getNode().(StrConst).getS() = "source" @@ -37,7 +35,7 @@ class TestConfiguration extends DataFlow::Configuration { // No support for complex numbers } - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { exists(DataFlow::CallCfgNode call | call.getFunction().asCfgNode().(NameNode).getId() in ["SINK", "SINK_F"] and (node = call.getArg(_) or node = call.getArgByName(_)) and @@ -45,5 +43,7 @@ class TestConfiguration extends DataFlow::Configuration { ) } - override predicate isBarrierIn(DataFlow::Node node) { this.isSource(node) } + predicate isBarrierIn(DataFlow::Node node) { isSource(node) } } + +module TestFlow = DataFlow::Global; diff --git a/python/ql/test/experimental/dataflow/testTaintConfig.qll b/python/ql/test/experimental/dataflow/testTaintConfig.qll index 09496895c9a..89e9593c89f 100644 --- a/python/ql/test/experimental/dataflow/testTaintConfig.qll +++ b/python/ql/test/experimental/dataflow/testTaintConfig.qll @@ -24,10 +24,8 @@ private import python import semmle.python.dataflow.new.DataFlow import semmle.python.dataflow.new.TaintTracking -class TestConfiguration extends TaintTracking::Configuration { - TestConfiguration() { this = "TestConfiguration" } - - override predicate isSource(DataFlow::Node node) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node.(DataFlow::CfgNode).getNode().(NameNode).getId() = "SOURCE" or node.(DataFlow::CfgNode).getNode().getNode().(StrConst).getS() = "source" @@ -38,12 +36,14 @@ class TestConfiguration extends TaintTracking::Configuration { // No support for complex numbers } - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { exists(CallNode call | call.getFunction().(NameNode).getId() in ["SINK", "SINK_F"] and node.(DataFlow::CfgNode).getNode() = call.getAnArg() ) } - override predicate isSanitizerIn(DataFlow::Node node) { this.isSource(node) } + predicate isBarrierIn(DataFlow::Node node) { isSource(node) } } + +module TestFlow = TaintTracking::Global; diff --git a/python/ql/test/experimental/dataflow/typetracking/tracked.expected b/python/ql/test/experimental/dataflow/typetracking/tracked.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/experimental/dataflow/typetracking/tracked.expected +++ b/python/ql/test/experimental/dataflow/typetracking/tracked.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/experimental/dataflow/typetracking/tracked.ql b/python/ql/test/experimental/dataflow/typetracking/tracked.ql index c0ed62e258f..b6aa9d268d0 100644 --- a/python/ql/test/experimental/dataflow/typetracking/tracked.ql +++ b/python/ql/test/experimental/dataflow/typetracking/tracked.ql @@ -14,12 +14,10 @@ private DataFlow::TypeTrackingNode tracked(TypeTracker t) { exists(TypeTracker t2 | result = tracked(t2).track(t2, t)) } -class TrackedTest extends InlineExpectationsTest { - TrackedTest() { this = "TrackedTest" } +module TrackedTest implements TestSig { + string getARelevantTag() { result = "tracked" } - override string getARelevantTag() { result = "tracked" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(DataFlow::Node e, TypeTracker t | tracked(t).flowsTo(e) and // Module variables have no sensible location, and hence can't be annotated. @@ -54,12 +52,10 @@ private DataFlow::TypeTrackingNode string_type(TypeTracker t) { exists(TypeTracker t2 | result = string_type(t2).track(t2, t)) } -class TrackedIntTest extends InlineExpectationsTest { - TrackedIntTest() { this = "TrackedIntTest" } +module TrackedIntTest implements TestSig { + string getARelevantTag() { result = "int" } - override string getARelevantTag() { result = "int" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(DataFlow::Node e, TypeTracker t | int_type(t).flowsTo(e) and tag = "int" and @@ -70,12 +66,10 @@ class TrackedIntTest extends InlineExpectationsTest { } } -class TrackedStringTest extends InlineExpectationsTest { - TrackedStringTest() { this = "TrackedStringTest" } +module TrackedStringTest implements TestSig { + string getARelevantTag() { result = "str" } - override string getARelevantTag() { result = "str" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(DataFlow::Node e, TypeTracker t | string_type(t).flowsTo(e) and tag = "str" and @@ -100,12 +94,10 @@ private DataFlow::TypeTrackingNode tracked_self(TypeTracker t) { exists(TypeTracker t2 | result = tracked_self(t2).track(t2, t)) } -class TrackedSelfTest extends InlineExpectationsTest { - TrackedSelfTest() { this = "TrackedSelfTest" } +module TrackedSelfTest implements TestSig { + string getARelevantTag() { result = "tracked_self" } - override string getARelevantTag() { result = "tracked_self" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(DataFlow::Node e, TypeTracker t | tracked_self(t).flowsTo(e) and // Module variables have no sensible location, and hence can't be annotated. @@ -161,12 +153,10 @@ private DataFlow::TypeTrackingNode foo_bar_baz(DataFlow::TypeTracker t) { /** Gets a reference to `foo.bar.baz` (fictive attribute on `foo.bar` module). */ DataFlow::Node foo_bar_baz() { foo_bar_baz(DataFlow::TypeTracker::end()).flowsTo(result) } -class TrackedFooBarBaz extends InlineExpectationsTest { - TrackedFooBarBaz() { this = "TrackedFooBarBaz" } +module TrackedFooBarBaz implements TestSig { + string getARelevantTag() { result = "tracked_foo_bar_baz" } - override string getARelevantTag() { result = "tracked_foo_bar_baz" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(DataFlow::Node e | e = foo_bar_baz() and // Module variables have no sensible location, and hence can't be annotated. @@ -178,3 +168,5 @@ class TrackedFooBarBaz extends InlineExpectationsTest { ) } } + +import MakeTest> diff --git a/python/ql/test/experimental/dataflow/typetracking_imports/tracked.expected b/python/ql/test/experimental/dataflow/typetracking_imports/tracked.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/experimental/dataflow/typetracking_imports/tracked.expected +++ b/python/ql/test/experimental/dataflow/typetracking_imports/tracked.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/experimental/dataflow/variable-capture/CaptureTest.ql b/python/ql/test/experimental/dataflow/variable-capture/CaptureTest.ql index 68d15822cf6..a1c754e8ee5 100644 --- a/python/ql/test/experimental/dataflow/variable-capture/CaptureTest.ql +++ b/python/ql/test/experimental/dataflow/variable-capture/CaptureTest.ql @@ -7,7 +7,7 @@ module CaptureTest implements TestSig { string getARelevantTag() { result = "captured" } predicate hasActualResult(Location location, string element, string tag, string value) { - exists(DataFlow::Node sink | exists(TestConfiguration cfg | cfg.hasFlowTo(sink)) | + exists(DataFlow::Node sink | TestFlow::flowTo(sink) | location = sink.getLocation() and tag = "captured" and value = "" and diff --git a/python/ql/test/experimental/meta/ConceptsTest.qll b/python/ql/test/experimental/meta/ConceptsTest.qll index 27c8cb99ab4..48803e11fb4 100644 --- a/python/ql/test/experimental/meta/ConceptsTest.qll +++ b/python/ql/test/experimental/meta/ConceptsTest.qll @@ -4,12 +4,10 @@ import semmle.python.Concepts import TestUtilities.InlineExpectationsTest private import semmle.python.dataflow.new.internal.PrintNode -class SystemCommandExecutionTest extends InlineExpectationsTest { - SystemCommandExecutionTest() { this = "SystemCommandExecutionTest" } +module SystemCommandExecutionTest implements TestSig { + string getARelevantTag() { result = "getCommand" } - override string getARelevantTag() { result = "getCommand" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(SystemCommandExecution sce, DataFlow::Node command | command = sce.getCommand() and @@ -21,14 +19,12 @@ class SystemCommandExecutionTest extends InlineExpectationsTest { } } -class DecodingTest extends InlineExpectationsTest { - DecodingTest() { this = "DecodingTest" } - - override string getARelevantTag() { +module DecodingTest implements TestSig { + string getARelevantTag() { result in ["decodeInput", "decodeOutput", "decodeFormat", "decodeMayExecuteInput"] } - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(Decoding d | exists(DataFlow::Node data | @@ -61,12 +57,10 @@ class DecodingTest extends InlineExpectationsTest { } } -class EncodingTest extends InlineExpectationsTest { - EncodingTest() { this = "EncodingTest" } +module EncodingTest implements TestSig { + string getARelevantTag() { result in ["encodeInput", "encodeOutput", "encodeFormat"] } - override string getARelevantTag() { result in ["encodeInput", "encodeOutput", "encodeFormat"] } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(Encoding e | exists(DataFlow::Node data | @@ -93,12 +87,10 @@ class EncodingTest extends InlineExpectationsTest { } } -class LoggingTest extends InlineExpectationsTest { - LoggingTest() { this = "LoggingTest" } +module LoggingTest implements TestSig { + string getARelevantTag() { result = "loggingInput" } - override string getARelevantTag() { result = "loggingInput" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(Logging logging, DataFlow::Node data | location = data.getLocation() and @@ -110,12 +102,10 @@ class LoggingTest extends InlineExpectationsTest { } } -class CodeExecutionTest extends InlineExpectationsTest { - CodeExecutionTest() { this = "CodeExecutionTest" } +module CodeExecutionTest implements TestSig { + string getARelevantTag() { result = "getCode" } - override string getARelevantTag() { result = "getCode" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(CodeExecution ce, DataFlow::Node code | exists(location.getFile().getRelativePath()) and @@ -128,12 +118,10 @@ class CodeExecutionTest extends InlineExpectationsTest { } } -class SqlConstructionTest extends InlineExpectationsTest { - SqlConstructionTest() { this = "SqlConstructionTest" } +module SqlConstructionTest implements TestSig { + string getARelevantTag() { result = "constructedSql" } - override string getARelevantTag() { result = "constructedSql" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(SqlConstruction e, DataFlow::Node sql | exists(location.getFile().getRelativePath()) and @@ -146,12 +134,10 @@ class SqlConstructionTest extends InlineExpectationsTest { } } -class SqlExecutionTest extends InlineExpectationsTest { - SqlExecutionTest() { this = "SqlExecutionTest" } +module SqlExecutionTest implements TestSig { + string getARelevantTag() { result = "getSql" } - override string getARelevantTag() { result = "getSql" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(SqlExecution e, DataFlow::Node sql | exists(location.getFile().getRelativePath()) and @@ -164,12 +150,10 @@ class SqlExecutionTest extends InlineExpectationsTest { } } -class XPathConstructionTest extends InlineExpectationsTest { - XPathConstructionTest() { this = "XPathConstructionTest" } +module XPathConstructionTest implements TestSig { + string getARelevantTag() { result = "constructedXPath" } - override string getARelevantTag() { result = "constructedXPath" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(XML::XPathConstruction e, DataFlow::Node xpath | exists(location.getFile().getRelativePath()) and @@ -182,12 +166,10 @@ class XPathConstructionTest extends InlineExpectationsTest { } } -class XPathExecutionTest extends InlineExpectationsTest { - XPathExecutionTest() { this = "XPathExecutionTest" } +module XPathExecutionTest implements TestSig { + string getARelevantTag() { result = "getXPath" } - override string getARelevantTag() { result = "getXPath" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(XML::XPathExecution e, DataFlow::Node xpath | exists(location.getFile().getRelativePath()) and @@ -200,12 +182,10 @@ class XPathExecutionTest extends InlineExpectationsTest { } } -class EscapingTest extends InlineExpectationsTest { - EscapingTest() { this = "EscapingTest" } +module EscapingTest implements TestSig { + string getARelevantTag() { result in ["escapeInput", "escapeOutput", "escapeKind"] } - override string getARelevantTag() { result in ["escapeInput", "escapeOutput", "escapeKind"] } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(Escaping esc | exists(DataFlow::Node data | @@ -232,12 +212,10 @@ class EscapingTest extends InlineExpectationsTest { } } -class HttpServerRouteSetupTest extends InlineExpectationsTest { - HttpServerRouteSetupTest() { this = "HttpServerRouteSetupTest" } +module HttpServerRouteSetupTest implements TestSig { + string getARelevantTag() { result = "routeSetup" } - override string getARelevantTag() { result = "routeSetup" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(Http::Server::RouteSetup setup | location = setup.getLocation() and @@ -253,12 +231,10 @@ class HttpServerRouteSetupTest extends InlineExpectationsTest { } } -class HttpServerRequestHandlerTest extends InlineExpectationsTest { - HttpServerRequestHandlerTest() { this = "HttpServerRequestHandlerTest" } +module HttpServerRequestHandlerTest implements TestSig { + string getARelevantTag() { result in ["requestHandler", "routedParameter"] } - override string getARelevantTag() { result in ["requestHandler", "routedParameter"] } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and ( exists(Http::Server::RequestHandler handler | @@ -330,12 +306,10 @@ class HttpServerHttpResponseTest extends InlineExpectationsTest { } } -class HttpServerHttpRedirectResponseTest extends InlineExpectationsTest { - HttpServerHttpRedirectResponseTest() { this = "HttpServerHttpRedirectResponseTest" } +module HttpServerHttpRedirectResponseTest implements TestSig { + string getARelevantTag() { result in ["HttpRedirectResponse", "redirectLocation"] } - override string getARelevantTag() { result in ["HttpRedirectResponse", "redirectLocation"] } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and ( exists(Http::Server::HttpRedirectResponse redirect | @@ -355,14 +329,12 @@ class HttpServerHttpRedirectResponseTest extends InlineExpectationsTest { } } -class HttpServerCookieWriteTest extends InlineExpectationsTest { - HttpServerCookieWriteTest() { this = "HttpServerCookieWriteTest" } - - override string getARelevantTag() { +module HttpServerCookieWriteTest implements TestSig { + string getARelevantTag() { result in ["CookieWrite", "CookieRawHeader", "CookieName", "CookieValue"] } - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(Http::Server::CookieWrite cookieWrite | location = cookieWrite.getLocation() and @@ -387,12 +359,10 @@ class HttpServerCookieWriteTest extends InlineExpectationsTest { } } -class FileSystemAccessTest extends InlineExpectationsTest { - FileSystemAccessTest() { this = "FileSystemAccessTest" } +module FileSystemAccessTest implements TestSig { + string getARelevantTag() { result = "getAPathArgument" } - override string getARelevantTag() { result = "getAPathArgument" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(FileSystemAccess a, DataFlow::Node path | path = a.getAPathArgument() and @@ -404,12 +374,10 @@ class FileSystemAccessTest extends InlineExpectationsTest { } } -class FileSystemWriteAccessTest extends InlineExpectationsTest { - FileSystemWriteAccessTest() { this = "FileSystemWriteAccessTest" } +module FileSystemWriteAccessTest implements TestSig { + string getARelevantTag() { result = "fileWriteData" } - override string getARelevantTag() { result = "fileWriteData" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(FileSystemWriteAccess write, DataFlow::Node data | data = write.getADataNode() and @@ -421,12 +389,10 @@ class FileSystemWriteAccessTest extends InlineExpectationsTest { } } -class PathNormalizationTest extends InlineExpectationsTest { - PathNormalizationTest() { this = "PathNormalizationTest" } +module PathNormalizationTest implements TestSig { + string getARelevantTag() { result = "pathNormalization" } - override string getARelevantTag() { result = "pathNormalization" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(Path::PathNormalization n | location = n.getLocation() and @@ -437,12 +403,10 @@ class PathNormalizationTest extends InlineExpectationsTest { } } -class SafeAccessCheckTest extends InlineExpectationsTest { - SafeAccessCheckTest() { this = "SafeAccessCheckTest" } +module SafeAccessCheckTest implements TestSig { + string getARelevantTag() { result = "SafeAccessCheck" } - override string getARelevantTag() { result = "SafeAccessCheck" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(Path::SafeAccessCheck c | location = c.getLocation() and @@ -453,12 +417,10 @@ class SafeAccessCheckTest extends InlineExpectationsTest { } } -class PublicKeyGenerationTest extends InlineExpectationsTest { - PublicKeyGenerationTest() { this = "PublicKeyGenerationTest" } +module PublicKeyGenerationTest implements TestSig { + string getARelevantTag() { result in ["PublicKeyGeneration", "keySize"] } - override string getARelevantTag() { result in ["PublicKeyGeneration", "keySize"] } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(Cryptography::PublicKey::KeyGeneration keyGen | location = keyGen.getLocation() and @@ -475,17 +437,15 @@ class PublicKeyGenerationTest extends InlineExpectationsTest { } } -class CryptographicOperationTest extends InlineExpectationsTest { - CryptographicOperationTest() { this = "CryptographicOperationTest" } - - override string getARelevantTag() { +module CryptographicOperationTest implements TestSig { + string getARelevantTag() { result in [ "CryptographicOperation", "CryptographicOperationInput", "CryptographicOperationAlgorithm", "CryptographicOperationBlockMode" ] } - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(Cryptography::CryptographicOperation cryptoOperation | location = cryptoOperation.getLocation() and @@ -510,14 +470,12 @@ class CryptographicOperationTest extends InlineExpectationsTest { } } -class HttpClientRequestTest extends InlineExpectationsTest { - HttpClientRequestTest() { this = "HttpClientRequestTest" } - - override string getARelevantTag() { +module HttpClientRequestTest implements TestSig { + string getARelevantTag() { result in ["clientRequestUrlPart", "clientRequestCertValidationDisabled"] } - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(Http::Client::Request req, DataFlow::Node url | url = req.getAUrlPart() and @@ -538,12 +496,10 @@ class HttpClientRequestTest extends InlineExpectationsTest { } } -class CsrfProtectionSettingTest extends InlineExpectationsTest { - CsrfProtectionSettingTest() { this = "CsrfProtectionSettingTest" } +module CsrfProtectionSettingTest implements TestSig { + string getARelevantTag() { result = "CsrfProtectionSetting" } - override string getARelevantTag() { result = "CsrfProtectionSetting" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(Http::Server::CsrfProtectionSetting setting | location = setting.getLocation() and @@ -554,12 +510,10 @@ class CsrfProtectionSettingTest extends InlineExpectationsTest { } } -class CsrfLocalProtectionSettingTest extends InlineExpectationsTest { - CsrfLocalProtectionSettingTest() { this = "CsrfLocalProtectionSettingTest" } +module CsrfLocalProtectionSettingTest implements TestSig { + string getARelevantTag() { result = "CsrfLocalProtection" + ["Enabled", "Disabled"] } - override string getARelevantTag() { result = "CsrfLocalProtection" + ["Enabled", "Disabled"] } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(Http::Server::CsrfLocalProtectionSetting p | location = p.getLocation() and @@ -572,12 +526,10 @@ class CsrfLocalProtectionSettingTest extends InlineExpectationsTest { } } -class XmlParsingTest extends InlineExpectationsTest { - XmlParsingTest() { this = "XmlParsingTest" } +module XmlParsingTest implements TestSig { + string getARelevantTag() { result = "xmlVuln" } - override string getARelevantTag() { result = "xmlVuln" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(XML::XmlParsing parsing, XML::XmlParsingVulnerabilityKind kind | parsing.vulnerableTo(kind) and @@ -588,3 +540,14 @@ class XmlParsingTest extends InlineExpectationsTest { ) } } + +import MakeTest, + MergeTests5, + MergeTests4, + MergeTests5, + MergeTests5>> diff --git a/python/ql/test/experimental/meta/InlineTaintTest.qll b/python/ql/test/experimental/meta/InlineTaintTest.qll index 9982ec961d4..24f67bcf2a4 100644 --- a/python/ql/test/experimental/meta/InlineTaintTest.qll +++ b/python/ql/test/experimental/meta/InlineTaintTest.qll @@ -33,10 +33,8 @@ DataFlow::Node shouldNotBeTainted() { // this module allows the configuration to be imported in other `.ql` files without the // top level query predicates of this file coming into scope. module Conf { - class TestTaintTrackingConfiguration extends TaintTracking::Configuration { - TestTaintTrackingConfiguration() { this = "TestTaintTrackingConfiguration" } - - override predicate isSource(DataFlow::Node source) { + module TestTaintTrackingConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asCfgNode().(NameNode).getId() in [ "TAINTED_STRING", "TAINTED_BYTES", "TAINTED_LIST", "TAINTED_DICT" ] @@ -50,7 +48,7 @@ module Conf { source instanceof RemoteFlowSource } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink = shouldBeTainted() or sink = shouldNotBeTainted() @@ -60,49 +58,53 @@ module Conf { import Conf -class InlineTaintTest extends InlineExpectationsTest { - InlineTaintTest() { this = "InlineTaintTest" } +module MakeInlineTaintTest { + private module Flow = TaintTracking::Global; - override string getARelevantTag() { result = "tainted" } + private module InlineTaintTest implements TestSig { + string getARelevantTag() { result = "tainted" } - override predicate hasActualResult(Location location, string element, string tag, string value) { - exists(location.getFile().getRelativePath()) and + predicate hasActualResult(Location location, string element, string tag, string value) { + exists(location.getFile().getRelativePath()) and + exists(DataFlow::Node sink | + Flow::flowTo(sink) and + location = sink.getLocation() and + element = prettyExpr(sink.asExpr()) and + value = "" and + tag = "tainted" + ) + } + } + + import MakeTest + + query predicate argumentToEnsureNotTaintedNotMarkedAsSpurious( + Location location, string error, string element + ) { + error = "ERROR, you should add `SPURIOUS:` to this annotation" and + location = shouldNotBeTainted().getLocation() and + InlineTaintTest::hasActualResult(location, element, "tainted", _) and + exists(GoodTestExpectation good, ActualTestResult actualResult | + good.matchesActualResult(actualResult) and + actualResult.getLocation() = location and + actualResult.toString() = element + ) + } + + query predicate untaintedArgumentToEnsureTaintedNotMarkedAsMissing( + Location location, string error, string element + ) { + error = "ERROR, you should add `# $ MISSING: tainted` annotation" and exists(DataFlow::Node sink | - any(TestTaintTrackingConfiguration config).hasFlow(_, sink) and - location = sink.getLocation() and + sink = shouldBeTainted() and element = prettyExpr(sink.asExpr()) and - value = "" and - tag = "tainted" + not Flow::flowTo(sink) and + location = sink.getLocation() and + not exists(FalseNegativeTestExpectation missingResult | + missingResult.getTag() = "tainted" and + missingResult.getLocation().getFile() = location.getFile() and + missingResult.getLocation().getStartLine() = location.getStartLine() + ) ) } } - -query predicate argumentToEnsureNotTaintedNotMarkedAsSpurious( - Location location, string error, string element -) { - error = "ERROR, you should add `SPURIOUS:` to this annotation" and - location = shouldNotBeTainted().getLocation() and - any(InlineTaintTest test).hasActualResult(location, element, "tainted", _) and - exists(GoodExpectation good, ActualResult actualResult | - good.matchesActualResult(actualResult) and - actualResult.getLocation() = location and - actualResult.toString() = element - ) -} - -query predicate untaintedArgumentToEnsureTaintedNotMarkedAsMissing( - Location location, string error, string element -) { - error = "ERROR, you should add `# $ MISSING: tainted` annotation" and - exists(DataFlow::Node sink | - sink = shouldBeTainted() and - element = prettyExpr(sink.asExpr()) and - not any(TestTaintTrackingConfiguration config).hasFlow(_, sink) and - location = sink.getLocation() and - not exists(FalseNegativeExpectation missingResult | - missingResult.getTag() = "tainted" and - missingResult.getLocation().getFile() = location.getFile() and - missingResult.getLocation().getStartLine() = location.getStartLine() - ) - ) -} diff --git a/python/ql/test/experimental/meta/MaDTest.qll b/python/ql/test/experimental/meta/MaDTest.qll index a4b5877f5ea..9b6bd59287a 100644 --- a/python/ql/test/experimental/meta/MaDTest.qll +++ b/python/ql/test/experimental/meta/MaDTest.qll @@ -7,16 +7,14 @@ private import semmle.python.Frameworks // this import needs to be public to get the query predicates propagated to the actual test files import TestUtilities.InlineExpectationsTest -class MadSinkTest extends InlineExpectationsTest { - MadSinkTest() { this = "MadSinkTest" } - - override string getARelevantTag() { +module MadSinkTest implements TestSig { + string getARelevantTag() { exists(string kind | exists(ModelOutput::getASinkNode(kind)) | result = "mad-sink[" + kind + "]" ) } - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(DataFlow::Node sink, string kind | sink = ModelOutput::getASinkNode(kind).asSink() and @@ -28,14 +26,12 @@ class MadSinkTest extends InlineExpectationsTest { } } -class MadSourceTest extends InlineExpectationsTest { - MadSourceTest() { this = "MadSourceTest" } - - override string getARelevantTag() { +module MadSourceTest implements TestSig { + string getARelevantTag() { exists(string kind | exists(ModelOutput::getASourceNode(kind)) | result = "mad-source__" + kind) } - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and exists(DataFlow::Node source, string kind | source = ModelOutput::getASourceNode(kind).asSource() and @@ -46,3 +42,5 @@ class MadSourceTest extends InlineExpectationsTest { ) } } + +import MakeTest> diff --git a/python/ql/test/experimental/meta/debug/InlineTaintTestPaths.ql b/python/ql/test/experimental/meta/debug/InlineTaintTestPaths.ql index 98ad634484e..3f082f21fa4 100644 --- a/python/ql/test/experimental/meta/debug/InlineTaintTestPaths.ql +++ b/python/ql/test/experimental/meta/debug/InlineTaintTestPaths.ql @@ -13,11 +13,9 @@ import semmle.python.dataflow.new.TaintTracking import experimental.meta.InlineTaintTest::Conf module Config implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { - any(TestTaintTrackingConfiguration c).isSource(source) - } + predicate isSource(DataFlow::Node source) { TestTaintTrackingConfig::isSource(source) } - predicate isSink(DataFlow::Node source) { any(TestTaintTrackingConfiguration c).isSink(source) } + predicate isSink(DataFlow::Node source) { TestTaintTrackingConfig::isSink(source) } } module Flows = TaintTracking::Global; diff --git a/python/ql/test/experimental/meta/debug/dataflowTestPaths.ql b/python/ql/test/experimental/meta/debug/dataflowTestPaths.ql index 087787f4fc1..3e2d625de77 100644 --- a/python/ql/test/experimental/meta/debug/dataflowTestPaths.ql +++ b/python/ql/test/experimental/meta/debug/dataflowTestPaths.ql @@ -12,9 +12,9 @@ import semmle.python.dataflow.new.DataFlow import experimental.dataflow.testConfig module Config implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { any(TestConfiguration c).isSource(source) } + predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } - predicate isSink(DataFlow::Node source) { any(TestConfiguration c).isSink(source) } + predicate isSink(DataFlow::Node source) { TestConfig::isSink(source) } } module Flows = DataFlow::Global; diff --git a/python/ql/test/experimental/meta/inline-taint-test-demo/InlineTaintTest.expected b/python/ql/test/experimental/meta/inline-taint-test-demo/InlineTaintTest.expected index 745561a5e65..511dc50d5ca 100644 --- a/python/ql/test/experimental/meta/inline-taint-test-demo/InlineTaintTest.expected +++ b/python/ql/test/experimental/meta/inline-taint-test-demo/InlineTaintTest.expected @@ -1,7 +1,8 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious | taint_test.py:48:9:48:29 | taint_test.py:48 | ERROR, you should add `SPURIOUS:` to this annotation | should_not_be_tainted | untaintedArgumentToEnsureTaintedNotMarkedAsMissing | taint_test.py:32:9:32:25 | taint_test.py:32 | ERROR, you should add `# $ MISSING: tainted` annotation | should_be_tainted | | taint_test.py:37:24:37:40 | taint_test.py:37 | ERROR, you should add `# $ MISSING: tainted` annotation | should_be_tainted | -failures +testFailures | taint_test.py:41:20:41:21 | ts | Fixed missing result:tainted= | diff --git a/python/ql/test/experimental/meta/inline-taint-test-demo/InlineTaintTest.ql b/python/ql/test/experimental/meta/inline-taint-test-demo/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/experimental/meta/inline-taint-test-demo/InlineTaintTest.ql +++ b/python/ql/test/experimental/meta/inline-taint-test-demo/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/DataflowQueryTest.expected b/python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/DataflowQueryTest.expected index 3875da4e143..04431311999 100644 --- a/python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/DataflowQueryTest.expected +++ b/python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/DataflowQueryTest.expected @@ -1,2 +1,3 @@ missingAnnotationOnSink failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/aioch/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/aioch/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/aioch/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/aioch/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/aiohttp/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/aiohttp/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/aiohttp/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/aiohttp/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/aiohttp/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/aiohttp/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/library-tests/frameworks/aiohttp/InlineTaintTest.expected +++ b/python/ql/test/library-tests/frameworks/aiohttp/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/aiohttp/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/aiohttp/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/library-tests/frameworks/aiohttp/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/aiohttp/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/frameworks/aiomysql/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/aiomysql/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/aiomysql/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/aiomysql/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/aiopg/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/aiopg/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/aiopg/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/aiopg/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/aiosqlite/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/aiosqlite/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/aiosqlite/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/aiosqlite/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/asyncpg/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/asyncpg/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/asyncpg/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/asyncpg/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/asyncpg/MaDTest.expected b/python/ql/test/library-tests/frameworks/asyncpg/MaDTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/asyncpg/MaDTest.expected +++ b/python/ql/test/library-tests/frameworks/asyncpg/MaDTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/cassandra-driver/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/cassandra-driver/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/cassandra-driver/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/cassandra-driver/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/clickhouse_driver/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/clickhouse_driver/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/clickhouse_driver/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/clickhouse_driver/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/crypto/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/crypto/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/crypto/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/crypto/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/cryptodome/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/cryptodome/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/cryptodome/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/cryptodome/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/cryptography/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/cryptography/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/cryptography/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/cryptography/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/cx_Oracle/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/cx_Oracle/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/cx_Oracle/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/cx_Oracle/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/dill/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/dill/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/dill/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/dill/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/django-orm/NormalDataflowTest.expected b/python/ql/test/library-tests/frameworks/django-orm/NormalDataflowTest.expected index 3875da4e143..04431311999 100644 --- a/python/ql/test/library-tests/frameworks/django-orm/NormalDataflowTest.expected +++ b/python/ql/test/library-tests/frameworks/django-orm/NormalDataflowTest.expected @@ -1,2 +1,3 @@ missingAnnotationOnSink failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/django-v1/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/django-v1/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/django-v1/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/django-v1/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/django-v2-v3/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/django-v2-v3/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/django-v2-v3/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/django-v2-v3/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/django-v2-v3/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/django-v2-v3/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/library-tests/frameworks/django-v2-v3/InlineTaintTest.expected +++ b/python/ql/test/library-tests/frameworks/django-v2-v3/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/django-v2-v3/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/django-v2-v3/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/library-tests/frameworks/django-v2-v3/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/django-v2-v3/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/frameworks/django/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/django/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/django/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/django/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/fabric/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/fabric/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/fabric/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/fabric/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/fabric/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/fabric/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/library-tests/frameworks/fabric/InlineTaintTest.expected +++ b/python/ql/test/library-tests/frameworks/fabric/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/fabric/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/fabric/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/library-tests/frameworks/fabric/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/fabric/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/frameworks/fastapi/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/fastapi/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/fastapi/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/fastapi/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/fastapi/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/fastapi/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/library-tests/frameworks/fastapi/InlineTaintTest.expected +++ b/python/ql/test/library-tests/frameworks/fastapi/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/fastapi/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/fastapi/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/library-tests/frameworks/fastapi/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/fastapi/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/frameworks/flask/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/flask/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/flask/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/flask/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/flask/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/flask/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/library-tests/frameworks/flask/InlineTaintTest.expected +++ b/python/ql/test/library-tests/frameworks/flask/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/flask/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/flask/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/library-tests/frameworks/flask/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/flask/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/frameworks/flask_admin/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/flask_admin/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/flask_admin/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/flask_admin/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/flask_admin/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/flask_admin/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/library-tests/frameworks/flask_admin/InlineTaintTest.expected +++ b/python/ql/test/library-tests/frameworks/flask_admin/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/flask_admin/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/flask_admin/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/library-tests/frameworks/flask_admin/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/flask_admin/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/frameworks/flask_sqlalchemy/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/flask_sqlalchemy/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/flask_sqlalchemy/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/flask_sqlalchemy/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/flask_sqlalchemy/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/flask_sqlalchemy/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/library-tests/frameworks/flask_sqlalchemy/InlineTaintTest.expected +++ b/python/ql/test/library-tests/frameworks/flask_sqlalchemy/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/flask_sqlalchemy/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/flask_sqlalchemy/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/library-tests/frameworks/flask_sqlalchemy/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/flask_sqlalchemy/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/frameworks/httpx/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/httpx/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/httpx/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/httpx/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/idna/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/idna/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/idna/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/idna/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/idna/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/idna/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/library-tests/frameworks/idna/InlineTaintTest.expected +++ b/python/ql/test/library-tests/frameworks/idna/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/idna/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/idna/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/library-tests/frameworks/idna/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/idna/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/frameworks/invoke/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/invoke/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/invoke/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/invoke/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/jmespath/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/jmespath/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/jmespath/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/jmespath/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/jmespath/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/jmespath/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/library-tests/frameworks/jmespath/InlineTaintTest.expected +++ b/python/ql/test/library-tests/frameworks/jmespath/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/jmespath/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/jmespath/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/library-tests/frameworks/jmespath/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/jmespath/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/frameworks/libtaxii/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/libtaxii/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/libtaxii/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/libtaxii/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/lxml/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/lxml/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/lxml/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/lxml/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/markupsafe/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/markupsafe/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/markupsafe/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/markupsafe/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/markupsafe/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/markupsafe/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/library-tests/frameworks/markupsafe/InlineTaintTest.expected +++ b/python/ql/test/library-tests/frameworks/markupsafe/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/markupsafe/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/markupsafe/InlineTaintTest.ql index 993da68784e..8fd0d08c56a 100644 --- a/python/ql/test/library-tests/frameworks/markupsafe/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/markupsafe/InlineTaintTest.ql @@ -1,7 +1,11 @@ import experimental.meta.InlineTaintTest import semmle.python.Concepts -class HtmlSpecialization extends TestTaintTrackingConfiguration { +module HtmlSpecializationConfig implements DataFlow::ConfigSig { + predicate isSource = TestTaintTrackingConfig::isSource/1; + + predicate isSink = TestTaintTrackingConfig::isSink/1; + // TODO: For now, since there is not an `isSanitizingStep` member-predicate part of a // `TaintTracking::Configuration`, we use treat the output is a taint-sanitizer. This // is slightly imprecise, which you can see in the `m_unsafe + SAFE` test-case in @@ -9,5 +13,7 @@ class HtmlSpecialization extends TestTaintTrackingConfiguration { // // However, it is better than `getAnInput()`. Due to use-use flow, that would remove // the taint-flow to `SINK()` in `some_escape(tainted); SINK(tainted)`. - override predicate isSanitizer(DataFlow::Node node) { node = any(HtmlEscaping esc).getOutput() } + predicate isBarrier(DataFlow::Node node) { node = any(HtmlEscaping esc).getOutput() } } + +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/frameworks/multidict/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/multidict/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/multidict/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/multidict/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/multidict/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/multidict/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/library-tests/frameworks/multidict/InlineTaintTest.expected +++ b/python/ql/test/library-tests/frameworks/multidict/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/multidict/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/multidict/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/library-tests/frameworks/multidict/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/multidict/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/frameworks/mysql-connector-python/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/mysql-connector-python/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/mysql-connector-python/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/mysql-connector-python/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/mysqldb/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/mysqldb/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/mysqldb/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/mysqldb/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/oracledb/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/oracledb/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/oracledb/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/oracledb/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/peewee/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/peewee/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/peewee/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/peewee/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/peewee/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/peewee/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/library-tests/frameworks/peewee/InlineTaintTest.expected +++ b/python/ql/test/library-tests/frameworks/peewee/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/peewee/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/peewee/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/library-tests/frameworks/peewee/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/peewee/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/frameworks/phoenixdb/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/phoenixdb/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/phoenixdb/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/phoenixdb/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/pycurl/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/pycurl/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/pycurl/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/pycurl/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/pymssql/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/pymssql/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/pymssql/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/pymssql/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/pymysql/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/pymysql/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/pymysql/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/pymysql/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/pyodbc/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/pyodbc/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/pyodbc/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/pyodbc/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/requests/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/requests/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/requests/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/requests/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/requests/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/requests/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/library-tests/frameworks/requests/InlineTaintTest.expected +++ b/python/ql/test/library-tests/frameworks/requests/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/requests/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/requests/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/library-tests/frameworks/requests/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/requests/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/frameworks/rest_framework/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/rest_framework/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/rest_framework/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/rest_framework/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/rest_framework/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/rest_framework/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/library-tests/frameworks/rest_framework/InlineTaintTest.expected +++ b/python/ql/test/library-tests/frameworks/rest_framework/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/rest_framework/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/rest_framework/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/library-tests/frameworks/rest_framework/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/rest_framework/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/frameworks/rsa/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/rsa/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/rsa/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/rsa/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/rsa/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/rsa/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/library-tests/frameworks/rsa/InlineTaintTest.expected +++ b/python/ql/test/library-tests/frameworks/rsa/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/rsa/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/rsa/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/library-tests/frameworks/rsa/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/rsa/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/frameworks/ruamel.yaml/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/ruamel.yaml/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/ruamel.yaml/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/ruamel.yaml/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/simplejson/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/simplejson/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/simplejson/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/simplejson/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/simplejson/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/simplejson/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/library-tests/frameworks/simplejson/InlineTaintTest.expected +++ b/python/ql/test/library-tests/frameworks/simplejson/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/simplejson/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/simplejson/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/library-tests/frameworks/simplejson/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/simplejson/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/frameworks/sqlalchemy/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/sqlalchemy/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/sqlalchemy/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/sqlalchemy/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/sqlalchemy/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/sqlalchemy/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/library-tests/frameworks/sqlalchemy/InlineTaintTest.expected +++ b/python/ql/test/library-tests/frameworks/sqlalchemy/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/sqlalchemy/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/sqlalchemy/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/library-tests/frameworks/sqlalchemy/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/sqlalchemy/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/frameworks/stdlib-py2/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/stdlib-py2/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/stdlib-py2/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/stdlib-py2/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/stdlib-py3/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/stdlib-py3/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/stdlib-py3/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/stdlib-py3/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/stdlib/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/stdlib/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/stdlib/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/stdlib/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/stdlib/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/stdlib/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/library-tests/frameworks/stdlib/InlineTaintTest.expected +++ b/python/ql/test/library-tests/frameworks/stdlib/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/stdlib/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/stdlib/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/library-tests/frameworks/stdlib/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/stdlib/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/frameworks/toml/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/toml/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/toml/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/toml/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/tornado/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/tornado/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/tornado/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/tornado/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/tornado/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/tornado/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/library-tests/frameworks/tornado/InlineTaintTest.expected +++ b/python/ql/test/library-tests/frameworks/tornado/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/tornado/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/tornado/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/library-tests/frameworks/tornado/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/tornado/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/frameworks/twisted/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/twisted/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/twisted/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/twisted/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/twisted/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/twisted/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/library-tests/frameworks/twisted/InlineTaintTest.expected +++ b/python/ql/test/library-tests/frameworks/twisted/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/twisted/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/twisted/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/library-tests/frameworks/twisted/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/twisted/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/frameworks/ujson/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/ujson/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/ujson/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/ujson/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/ujson/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/ujson/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/library-tests/frameworks/ujson/InlineTaintTest.expected +++ b/python/ql/test/library-tests/frameworks/ujson/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/ujson/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/ujson/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/library-tests/frameworks/ujson/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/ujson/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/frameworks/urllib3/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/urllib3/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/urllib3/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/urllib3/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/xmltodict/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/xmltodict/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/xmltodict/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/xmltodict/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/yaml/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/yaml/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/yaml/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/yaml/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/yarl/ConceptsTest.expected b/python/ql/test/library-tests/frameworks/yarl/ConceptsTest.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/frameworks/yarl/ConceptsTest.expected +++ b/python/ql/test/library-tests/frameworks/yarl/ConceptsTest.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/yarl/InlineTaintTest.expected b/python/ql/test/library-tests/frameworks/yarl/InlineTaintTest.expected index 79d760d87f4..4a72c551661 100644 --- a/python/ql/test/library-tests/frameworks/yarl/InlineTaintTest.expected +++ b/python/ql/test/library-tests/frameworks/yarl/InlineTaintTest.expected @@ -1,3 +1,4 @@ +failures argumentToEnsureNotTaintedNotMarkedAsSpurious untaintedArgumentToEnsureTaintedNotMarkedAsMissing -failures +testFailures diff --git a/python/ql/test/library-tests/frameworks/yarl/InlineTaintTest.ql b/python/ql/test/library-tests/frameworks/yarl/InlineTaintTest.ql index 027ad8667be..8524da5fe7d 100644 --- a/python/ql/test/library-tests/frameworks/yarl/InlineTaintTest.ql +++ b/python/ql/test/library-tests/frameworks/yarl/InlineTaintTest.ql @@ -1 +1,2 @@ import experimental.meta.InlineTaintTest +import MakeInlineTaintTest diff --git a/python/ql/test/library-tests/regex/SubstructureTests.expected b/python/ql/test/library-tests/regex/SubstructureTests.expected index e69de29bb2d..48de9172b36 100644 --- a/python/ql/test/library-tests/regex/SubstructureTests.expected +++ b/python/ql/test/library-tests/regex/SubstructureTests.expected @@ -0,0 +1,2 @@ +failures +testFailures diff --git a/python/ql/test/library-tests/regex/SubstructureTests.ql b/python/ql/test/library-tests/regex/SubstructureTests.ql index e189c13b15e..f575670e16a 100644 --- a/python/ql/test/library-tests/regex/SubstructureTests.ql +++ b/python/ql/test/library-tests/regex/SubstructureTests.ql @@ -2,12 +2,10 @@ import python import TestUtilities.InlineExpectationsTest private import semmle.python.regex -class CharacterSetTest extends InlineExpectationsTest { - CharacterSetTest() { this = "CharacterSetTest" } +module CharacterSetTest implements TestSig { + string getARelevantTag() { result = "charSet" } - override string getARelevantTag() { result = "charSet" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and location.getFile().getBaseName() = "charSetTest.py" and exists(RegExp re, int start, int end | @@ -20,12 +18,10 @@ class CharacterSetTest extends InlineExpectationsTest { } } -class CharacterRangeTest extends InlineExpectationsTest { - CharacterRangeTest() { this = "CharacterRangeTest" } +module CharacterRangeTest implements TestSig { + string getARelevantTag() { result = "charRange" } - override string getARelevantTag() { result = "charRange" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and location.getFile().getBaseName() = "charRangeTest.py" and exists(RegExp re, int start, int lower_end, int upper_start, int end | @@ -38,12 +34,10 @@ class CharacterRangeTest extends InlineExpectationsTest { } } -class EscapeTest extends InlineExpectationsTest { - EscapeTest() { this = "EscapeTest" } +module EscapeTest implements TestSig { + string getARelevantTag() { result = "escapedCharacter" } - override string getARelevantTag() { result = "escapedCharacter" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and location.getFile().getBaseName() = "escapedCharacterTest.py" and exists(RegExp re, int start, int end | @@ -56,12 +50,10 @@ class EscapeTest extends InlineExpectationsTest { } } -class GroupTest extends InlineExpectationsTest { - GroupTest() { this = "GroupTest" } +module GroupTest implements TestSig { + string getARelevantTag() { result = "group" } - override string getARelevantTag() { result = "group" } - - override predicate hasActualResult(Location location, string element, string tag, string value) { + predicate hasActualResult(Location location, string element, string tag, string value) { exists(location.getFile().getRelativePath()) and location.getFile().getBaseName() = "groupTest.py" and exists(RegExp re, int start, int end | @@ -73,3 +65,5 @@ class GroupTest extends InlineExpectationsTest { ) } } + +import MakeTest> diff --git a/python/ql/test/query-tests/Security/CWE-022-PathInjection/DataflowQueryTest.expected b/python/ql/test/query-tests/Security/CWE-022-PathInjection/DataflowQueryTest.expected index 3875da4e143..04431311999 100644 --- a/python/ql/test/query-tests/Security/CWE-022-PathInjection/DataflowQueryTest.expected +++ b/python/ql/test/query-tests/Security/CWE-022-PathInjection/DataflowQueryTest.expected @@ -1,2 +1,3 @@ missingAnnotationOnSink failures +testFailures diff --git a/python/ql/test/query-tests/Security/CWE-078-CommandInjection/DataflowQueryTest.expected b/python/ql/test/query-tests/Security/CWE-078-CommandInjection/DataflowQueryTest.expected index 3875da4e143..04431311999 100644 --- a/python/ql/test/query-tests/Security/CWE-078-CommandInjection/DataflowQueryTest.expected +++ b/python/ql/test/query-tests/Security/CWE-078-CommandInjection/DataflowQueryTest.expected @@ -1,2 +1,3 @@ missingAnnotationOnSink failures +testFailures diff --git a/python/ql/test/query-tests/Security/CWE-078-UnsafeShellCommandConstruction/DataflowQueryTest.expected b/python/ql/test/query-tests/Security/CWE-078-UnsafeShellCommandConstruction/DataflowQueryTest.expected index 3875da4e143..04431311999 100644 --- a/python/ql/test/query-tests/Security/CWE-078-UnsafeShellCommandConstruction/DataflowQueryTest.expected +++ b/python/ql/test/query-tests/Security/CWE-078-UnsafeShellCommandConstruction/DataflowQueryTest.expected @@ -1,2 +1,3 @@ missingAnnotationOnSink failures +testFailures