Python: Update comments for new taint tests

I see I didn't keep them up to date as I implemented things
2026-04-30 03:05:15 +02:00 · 2020-09-01 11:58:11 +02:00
parent cda88a5e64
commit e0cfe8123e
2 changed files with 9 additions and 9 deletions
--- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py
+++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py
@@ -16,7 +16,7 @@ def test_construction():
    tainted_string = TAINTED_STRING
    tainted_list = [tainted_string]
    tainted_tuple = (tainted_string,)
-    tainted_set = {tainted_string} # TODO: set currently not handled
+    tainted_set = {tainted_string}
    tainted_dict = {'key': tainted_string}

    ensure_tainted(
@@ -30,13 +30,13 @@ def test_construction():
    ensure_tainted(
        list(tainted_list),
        list(tainted_tuple),
-        list(tainted_set), # TODO: set currently not handled
+        list(tainted_set),
        list(tainted_dict.values()),
-        list(tainted_dict.items()), # TODO: dict.items() currently not handled
+        list(tainted_dict.items()),

        tuple(tainted_list),
        set(tainted_list),
-        frozenset(tainted_list), # TODO: frozenset constructor currently not handled
+        frozenset(tainted_list),
    )


@@ -75,7 +75,7 @@ def test_dict_access(x):

    for v in tainted_dict.values():
        ensure_tainted(v)
-    for k, v in tainted_dict.items(): # TODO: dict.items() currently not handled
+    for k, v in tainted_dict.items():
        ensure_tainted(v)


--- a/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_unpacking.py
+++ b/python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_unpacking.py
@@ -51,17 +51,17 @@ def contrived_1():
    tainted_list = TAINTED_LIST[0:3]
    no_taint_list = [1,2,3]

-    # We don't handle this case currently, since we mark `d`, `e` and `f` as tainted.
    (a, b, c), (d, e, f) = tainted_list, no_taint_list
    ensure_tainted(a, b, c)
-    ensure_not_tainted(d, e, f)
+    ensure_not_tainted(d, e, f) # FP: we mark `d`, `e` and `f` as tainted.


 def contrived_2():
    # A contrived example. Don't know why anyone would ever actually do this.

-    # We currently only handle taint nested 2 levels.
-    [[[ (a,b,c) ]]] = [[[ TAINTED_LIST[0:3] ]]]
+    # Old taint tracking was only able to handle taint nested 2 levels in sequences,
+    # so would not mark a, b, c as tainted
+    [[[ (a, b, c) ]]] = [[[ TAINTED_LIST[0:3] ]]]
    ensure_tainted(a, b, c)