hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 18:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Removing commented out test cases.

Browse Source
This commit is contained in:
REDMOND\brodes
2026-02-06 11:28:48 -05:00
parent 4f11913ee5
commit f6c302b68c
1 changed files with 0 additions and 200 deletions
Download Patch File Download Diff File Expand all files Collapse all files

200
python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_azure_client.py
View File

@@ -23,203 +23,3 @@ def azure_sdk_test(credential, output_path):
download_blob_from_url(blob_url=url, output=output_path, credential=credential, overwrite=True ) # $ Alert[py/partial-ssrf]
download_blob_from_url(blob_url=full_url, output=output_path, credential=credential, overwrite=True) # $ Alert[py/full-ssrf]
# if URIValidator.in_domain(url, trusted_domain):
# # Testing Azure sink
# c = SecretClient(vault_url=url, credential=credential)# OK
# c = ShareFileClient.from_file_url(url) # OK
# c = KeyClient(url, credential)# OK
# c = ContainerClient.from_container_url(container_url=url, credential=credential) # OK
# download_blob_from_url(
# blob_url=url, # OK
# output=output_path,
# credential=credential,
# overwrite=True
# )
# else:
# # Testing Azure sink
# c = SecretClient(vault_url=url, credential=credential)# NOT OK -- user only controlled fragment
# c = ShareFileClient.from_file_url(url) # NOT OK -- user only controlled fragment
# c = KeyClient(url, credential)# NOT OK -- user only controlled fragment
# c = ContainerClient.from_container_url(container_url=url, credential=credential) # NOT OK -- user only controlled fragment
# download_blob_from_url(
# blob_url=url, # NOT OK -- user only controlled fragment
# output=output_path,
# credential=credential,
# overwrite=True
# )
# if URIValidator.in_domain(full_url, trusted_domain):
# # Testing Azure sink
# c = SecretClient(vault_url=full_url, credential=credential) # OK
# c = ShareFileClient.from_file_url(full_url) # OK
# c = KeyClient(full_url, credential) # OK
# c = ContainerClient.from_container_url(container_url=full_url, credential=credential) # OK
# download_blob_from_url(
# blob_url=full_url, # OK
# output=output_path,
# credential=credential,
# overwrite=True
# )
# else:
# # Testing Azure sink
# c = SecretClient(vault_url=full_url, credential=credential) # NOT OK -- user has full control
# c = ShareFileClient.from_file_url(full_url) # NOT OK -- user has full control
# c = KeyClient(full_url, credential) # NOT OK -- user has full control
# c = ContainerClient.from_container_url(container_url=full_url, credential=credential) # NOT OK -- user has full control
# download_blob_from_url(
# blob_url=full_url, # NOT OK -- user has full control
# output=output_path,
# credential=credential,
# overwrite=True
# )
# if URIValidator.in_azure_keyvault_domain(url):
# # Testing Azure sink
# c = SecretClient(vault_url=url, credential=credential)# OK
# c = ShareFileClient.from_file_url(url) # OK
# c = KeyClient(url, credential)# OK
# c = ContainerClient.from_container_url(container_url=url, credential=credential) # OK
# download_blob_from_url(
# blob_url=url, # OK
# output=output_path,
# credential=credential,
# overwrite=True
# )
# else:
# # Testing Azure sink
# c = SecretClient(vault_url=url, credential=credential)# NOT OK -- user only controlled fragment
# c = ShareFileClient.from_file_url(url) # NOT OK -- user only controlled fragment
# c = KeyClient(url, credential)# NOT OK -- user only controlled fragment
# c = ContainerClient.from_container_url(container_url=url, credential=credential) # NOT OK -- user only controlled fragment
# download_blob_from_url(
# blob_url=url, # NOT OK -- user only controlled fragment
# output=output_path,
# credential=credential,
# overwrite=True
# )
# if URIValidator.in_azure_keyvault_domain(full_url):
# # Testing Azure sink
# c = SecretClient(vault_url=full_url, credential=credential) # OK
# c = ShareFileClient.from_file_url(full_url) # OK
# c = KeyClient(full_url, credential) # OK
# c = ContainerClient.from_container_url(container_url=full_url, credential=credential) # OK
# download_blob_from_url(
# blob_url=full_url, # OK
# output=output_path,
# credential=credential,
# overwrite=True
# )
# else:
# # Testing Azure sink
# c = SecretClient(vault_url=full_url, credential=credential) # NOT OK -- user has full control
# c = ShareFileClient.from_file_url(full_url) # NOT OK -- user has full control
# c = KeyClient(full_url, credential) # NOT OK -- user has full control
# c = ContainerClient.from_container_url(container_url=full_url, credential=credential) # NOT OK -- user has full control
# download_blob_from_url(
# blob_url=full_url, # NOT OK -- user has full control
# output=output_path,
# credential=credential,
# overwrite=True
# )
# if URIValidator.in_azure_storage_domain(url):
# # Testing Azure sink
# c = SecretClient(vault_url=url, credential=credential)# OK
# c = ShareFileClient.from_file_url(url) # OK
# c = KeyClient(url, credential)# OK
# c = ContainerClient.from_container_url(container_url=url, credential=credential) # OK
# download_blob_from_url(
# blob_url=url, # OK
# output=output_path,
# credential=credential,
# overwrite=True
# )
# else:
# # Testing Azure sink
# c = SecretClient(vault_url=url, credential=credential)# NOT OK -- user only controlled fragment
# c = ShareFileClient.from_file_url(url) # NOT OK -- user only controlled fragment
# c = KeyClient(url, credential)# NOT OK -- user only controlled fragment
# c = ContainerClient.from_container_url(container_url=url, credential=credential) # NOT OK -- user only controlled fragment
# download_blob_from_url(
# blob_url=url, # NOT OK -- user only controlled fragment
# output=output_path,
# credential=credential,
# overwrite=True
# )
# if URIValidator.in_azure_storage_domain(full_url):
# # Testing Azure sink
# c = SecretClient(vault_url=full_url, credential=credential) # OK
# c = ShareFileClient.from_file_url(full_url) # OK
# c = KeyClient(full_url, credential) # OK
# c = ContainerClient.from_container_url(container_url=full_url, credential=credential) # OK
# download_blob_from_url(
# blob_url=full_url, # OK
# output=output_path,
# credential=credential,
# overwrite=True
# )
# else:
# # Testing Azure sink
# c = SecretClient(vault_url=full_url, credential=credential) # NOT OK -- user has full control
# c = ShareFileClient.from_file_url(full_url) # NOT OK -- user has full control
# c = KeyClient(full_url, credential) # NOT OK -- user has full control
# c = ContainerClient.from_container_url(container_url=full_url, credential=credential) # NOT OK -- user has full control
# download_blob_from_url(
# blob_url=full_url, # NOT OK -- user has full control
# output=output_path,
# credential=credential,
# overwrite=True
# )
# def azure_sdk_logic_sanity_test(credential, output_path, trusted_domain):
# user_input = request.args['untrusted_input']
# full_url = f"https://{user_input}"
# if not URIValidator.in_azure_storage_domain(full_url):
# # Testing Azure sink
# c = SecretClient(vault_url=full_url, credential=credential) # NOT OK -- user has full control
# else:
# # Testing Azure sink
# c = SecretClient(vault_url=full_url, credential=credential) # OK
# if not not URIValidator.in_azure_storage_domain(full_url):
# # Testing Azure sink
# c = SecretClient(vault_url=full_url, credential=credential) # OK
# else:
# # Testing Azure sink
# c = SecretClient(vault_url=full_url, credential=credential) # NOT OK -- user has full control
# if URIValidator.URIValidator.in_domain(full_url, trusted_domain) and trusted_domain == "example.com":
# # Testing Azure sink
# c = SecretClient(vault_url=full_url, credential=credential) # OK
# else:
# # Testing Azure sink
# c = SecretClient(vault_url=full_url, credential=credential) # NOT OK -- user has full control
# if not (URIValidator.URIValidator.in_domain(full_url, trusted_domain) and trusted_domain == "example.com"):
# # Testing Azure sink
# c = SecretClient(vault_url=full_url, credential=credential) # NOT OK -- user has full control
# else:
# # Testing Azure sink
# c = SecretClient(vault_url=full_url, credential=credential) # OK