From ef139f2ee9e5e63d53a80651b127ddec31926e3d Mon Sep 17 00:00:00 2001 From: Rasmus Wriedt Larsen Date: Thu, 17 Aug 2023 15:32:17 +0200 Subject: [PATCH] Python: Delete `XsltSinks.ql` test --- .../CWE-091-XsltInjection/XsltSinks.expected | 12 ---- .../CWE-091-XsltInjection/XsltSinks.ql | 6 -- .../CWE-091-XsltInjection/xsltSinks.py | 56 ------------------- 3 files changed, 74 deletions(-) delete mode 100644 python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltSinks.expected delete mode 100644 python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltSinks.ql delete mode 100644 python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/xsltSinks.py diff --git a/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltSinks.expected b/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltSinks.expected deleted file mode 100644 index 7150b3046e2..00000000000 --- a/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltSinks.expected +++ /dev/null @@ -1,12 +0,0 @@ -| xslt.py:14:29:14:37 | lxml.etree.parse.xslt | lxml etree xml | -| xsltInjection.py:12:28:12:36 | lxml.etree.XSLT | lxml etree xml | -| xsltInjection.py:21:29:21:37 | lxml.etree.parse.xslt | lxml etree xml | -| xsltInjection.py:31:24:31:32 | lxml.etree.parse.xslt | lxml etree xml | -| xsltInjection.py:40:24:40:32 | lxml.etree.parse.xslt | lxml etree xml | -| xsltInjection.py:50:24:50:32 | lxml.etree.parse.xslt | lxml etree xml | -| xsltInjection.py:60:24:60:32 | lxml.etree.parse.xslt | lxml etree xml | -| xsltInjection.py:69:24:69:32 | lxml.etree.parse.xslt | lxml etree xml | -| xsltInjection.py:79:24:79:32 | lxml.etree.parse.xslt | lxml etree xml | -| xsltSinks.py:17:28:17:36 | lxml.etree.XSLT | lxml etree xml | -| xsltSinks.py:30:29:30:37 | lxml.etree.parse.xslt | lxml etree xml | -| xsltSinks.py:44:24:44:32 | lxml.etree.parse.xslt | lxml etree xml | diff --git a/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltSinks.ql b/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltSinks.ql deleted file mode 100644 index 6ce8fdc4fb5..00000000000 --- a/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/XsltSinks.ql +++ /dev/null @@ -1,6 +0,0 @@ -import python -import experimental.semmle.python.security.injection.XSLT - -from XsltInjection::XsltInjectionSink sink, TaintKind kind -where sink.sinks(kind) -select sink, kind diff --git a/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/xsltSinks.py b/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/xsltSinks.py deleted file mode 100644 index a82fc0c6c5f..00000000000 --- a/python/ql/test/experimental/query-tests/Security/CWE-091-XsltInjection/xsltSinks.py +++ /dev/null @@ -1,56 +0,0 @@ -from lxml import etree -from io import StringIO - -from django.urls import path -from django.http import HttpResponse -from django.template import Template, Context, Engine, engines - - -def a(request): - xslt_root = etree.XML('''\ - - - - - ''') - transform = etree.XSLT(xslt_root) - - -def b(request): - xslt_root = etree.XML('''\ - - - - - ''') - f = StringIO('') - tree = etree.parse(f) - result_tree = tree.xslt(xslt_root) - - -def c(request): - xslt_root = etree.XML('''\ - - - - - ''') - - f = StringIO('') - tree = etree.parse(f) - result = tree.xslt(xslt_root, a="'A'") - - -urlpatterns = [ - path('a', a), - path('b', b), - path('c', c) -] - -if __name__ == "__main__": - a(None) - b(None) - c(None)