Python: Add taint-tests for SQLAlchemy

2026-04-29 18:55:14 +02:00 · 2021-06-29 11:03:40 +02:00
parent cb112395f8
commit ef48734206
3 changed files with 17 additions and 0 deletions
--- a/python/ql/test/experimental/library-tests/frameworks/sqlalchemy/InlineTaintTest.expected
+++ b/python/ql/test/experimental/library-tests/frameworks/sqlalchemy/InlineTaintTest.expected
@@ -0,0 +1,3 @@
+argumentToEnsureNotTaintedNotMarkedAsSpurious
+untaintedArgumentToEnsureTaintedNotMarkedAsMissing
+failures
--- a/python/ql/test/experimental/library-tests/frameworks/sqlalchemy/InlineTaintTest.ql
+++ b/python/ql/test/experimental/library-tests/frameworks/sqlalchemy/InlineTaintTest.ql
@@ -0,0 +1,2 @@
+import experimental.meta.InlineTaintTest
+import experimental.semmle.python.frameworks.SqlAlchemy
--- a/python/ql/test/experimental/library-tests/frameworks/sqlalchemy/taint_test.py
+++ b/python/ql/test/experimental/library-tests/frameworks/sqlalchemy/taint_test.py
@@ -0,0 +1,12 @@
+import sqlalchemy
+
+def test_taint():
+    ts = TAINTED_STRING
+
+    ensure_tainted(
+        ts, # $ tainted
+        sqlalchemy.text(ts), # $ MISSING: tainted
+        sqlalchemy.sql.text(ts),# $ MISSING: tainted
+        sqlalchemy.sql.expression.text(ts),# $ MISSING: tainted
+        sqlalchemy.sql.expression.TextClause(ts),# $ MISSING: tainted
+    )