Python: Copy old test

2026-04-30 11:15:13 +02:00 · 2020-10-23 14:52:07 +02:00
parent 462e839a83
commit f87845b1ec
3 changed files with 50 additions and 0 deletions
--- a/python/ql/test/experimental/query-tests/Security-new-dataflow/CWE-022/PathInjection.expected
+++ b/python/ql/test/experimental/query-tests/Security-new-dataflow/CWE-022/PathInjection.expected
@@ -0,0 +1,13 @@
+edges
+| path_injection.py:9:12:9:23 | ControlFlowNode for Attribute | path_injection.py:10:14:10:44 | ControlFlowNode for Attribute() |
+| path_injection.py:16:13:16:61 | ControlFlowNode for Attribute() | path_injection.py:17:14:17:18 | ControlFlowNode for npath |
+| path_injection.py:25:13:25:61 | ControlFlowNode for Attribute() | path_injection.py:28:14:28:18 | ControlFlowNode for npath |
+nodes
+| path_injection.py:9:12:9:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
+| path_injection.py:10:14:10:44 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+| path_injection.py:16:13:16:61 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+| path_injection.py:17:14:17:18 | ControlFlowNode for npath | semmle.label | ControlFlowNode for npath |
+| path_injection.py:25:13:25:61 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+| path_injection.py:28:14:28:18 | ControlFlowNode for npath | semmle.label | ControlFlowNode for npath |
+#select
+| path_injection.py:10:14:10:44 | ControlFlowNode for Attribute() | path_injection.py:9:12:9:23 | ControlFlowNode for Attribute | path_injection.py:10:14:10:44 | ControlFlowNode for Attribute() | This path depends on $@. | path_injection.py:9:12:9:23 | ControlFlowNode for Attribute | a user-provided value |
--- a/python/ql/test/experimental/query-tests/Security-new-dataflow/CWE-022/PathInjection.qlref
+++ b/python/ql/test/experimental/query-tests/Security-new-dataflow/CWE-022/PathInjection.qlref
@@ -0,0 +1 @@
+experimental/Security-new-dataflow/CWE-022/PathInjection.ql
--- a/python/ql/test/experimental/query-tests/Security-new-dataflow/CWE-022/path_injection.py
+++ b/python/ql/test/experimental/query-tests/Security-new-dataflow/CWE-022/path_injection.py
@@ -0,0 +1,36 @@
+
+import os.path
+
+from flask import Flask, request
+app = Flask(__name__)
+
+@app.route("/path1")
+def path_injection():
+    path = request.args.get('path', '')
+    f = open(os.path.join(os.getcwd(), path))
+
+@app.route("/path2")
+def path_injection():
+    # Normalized, but not checked
+    path = request.args.get('path', '')
+    npath = os.path.normpath(os.path.join(os.getcwd(), path))
+    f = open(npath)  # Path not found
+
+SAFE = "/tmp/scratch_area/"
+
+@app.route("/path3")
+def safe_path():
+    # Normalized, but check doesn't reach open().
+    path = request.args.get('path', '')
+    npath = os.path.normpath(os.path.join(os.getcwd(), path))
+    if npath.startswith(SAFE):
+        pass
+    f = open(npath)  # Path not found
+
+@app.route("/path4")
+def safe_path():
+    # Normalized, and checked properly
+    path = request.args.get('path', '')
+    npath = os.path.normpath(os.path.join(os.getcwd(), path))
+    if npath.startswith(SAFE):
+        f = open(npath)
				`@@ -0,0 +1 @@`
				`experimental/Security-new-dataflow/CWE-022/PathInjection.ql`