Python: Consolidate tests for django

The tests in 3/ was not Python 3 specific anymore
2026-05-05 13:45:19 +02:00 · 2019-10-21 16:39:55 +02:00
parent 91f269ed7b
commit fb864b7262
25 changed files with 161 additions and 264 deletions
--- a/python/ql/test/3/library-tests/web/django/Sinks.expected
+++ b/python/ql/test/3/library-tests/web/django/Sinks.expected
@@ -1,6 +0,0 @@
-| models.py:9 | key | externally controlled string |
-| rawsql.py:4 | BinaryExpr | externally controlled string |
-| rawsql.py:13 | BinaryExpr | externally controlled string |
-| rawsql.py:18 | BinaryExpr | externally controlled string |
-| rawsql.py:22 | BinaryExpr | externally controlled string |
-| views.py:8 | Attribute() | externally controlled string |
--- a/python/ql/test/3/library-tests/web/django/Sinks.ql
+++ b/python/ql/test/3/library-tests/web/django/Sinks.ql
@@ -1,13 +0,0 @@
-
-import python
-
-
-import semmle.python.web.django.Request
-import semmle.python.web.django.Model
-import semmle.python.web.django.Db
-import semmle.python.web.django.Response
-import semmle.python.security.strings.Untrusted
-
-from TaintSink sink, TaintKind kind
-where sink.sinks(kind)
-select sink.getLocation().toString(), sink.(ControlFlowNode).getNode().toString(), kind.toString()
--- a/python/ql/test/3/library-tests/web/django/Sources.expected
+++ b/python/ql/test/3/library-tests/web/django/Sources.expected
@@ -1,8 +0,0 @@
-| models.py:9 | Attribute | django.db.models.Model.objects |
-| rawsql.py:13 | Attribute | django.db.models.Model.objects |
-| rawsql.py:16 | Attribute | django.db.models.Model.objects |
-| rawsql.py:21 | Attribute | django.db.models.Model.objects |
-| views.py:6 | request | django.request.HttpRequest |
-| views.py:8 | HttpResponse() | django.response.HttpResponse |
-| views.py:11 | path | externally controlled string |
-| views.py:11 | request | django.request.HttpRequest |
--- a/python/ql/test/3/library-tests/web/django/Sources.ql
+++ b/python/ql/test/3/library-tests/web/django/Sources.ql
@@ -1,12 +0,0 @@
-
-import python
-
-
-import semmle.python.web.django.Request
-import semmle.python.web.django.Model
-import semmle.python.web.django.Response
-import semmle.python.security.strings.Untrusted
-
-from TaintSource src, TaintKind kind
-where src.isSourceOf(kind)
-select src.getLocation().toString(), src.(ControlFlowNode).getNode().toString(), kind.toString()
--- a/python/ql/test/3/library-tests/web/django/Taint.expected
+++ b/python/ql/test/3/library-tests/web/django/Taint.expected
@@ -1,24 +0,0 @@
-| models.py:9 | Attribute | django.db.models.Model.objects |
-| rawsql.py:13 | Attribute | django.db.models.Model.objects |
-| rawsql.py:13 | Attribute() | django.db.models.Model.objects |
-| rawsql.py:16 | Attribute | django.db.models.Model.objects |
-| rawsql.py:16 | Attribute() | django.db.models.Model.objects |
-| rawsql.py:17 | Attribute() | django.db.models.Model.objects |
-| rawsql.py:17 | m | django.db.models.Model.objects |
-| rawsql.py:18 | Attribute() | django.db.models.Model.objects |
-| rawsql.py:18 | m | django.db.models.Model.objects |
-| rawsql.py:21 | Attribute | django.db.models.Model.objects |
-| rawsql.py:21 | Attribute() | django.db.models.Model.objects |
-| rawsql.py:22 | Attribute() | django.db.models.Model.objects |
-| rawsql.py:22 | m | django.db.models.Model.objects |
-| views.py:6 | request | django.request.HttpRequest |
-| views.py:8 | Attribute | django.http.request.QueryDict |
-| views.py:8 | Attribute() | externally controlled string |
-| views.py:8 | HttpResponse() | django.response.HttpResponse |
-| views.py:8 | request | django.request.HttpRequest |
-| views.py:11 | path | externally controlled string |
-| views.py:11 | request | django.request.HttpRequest |
-| views.py:12 | Dict | {externally controlled string} |
-| views.py:12 | path | externally controlled string |
-| views.py:13 | env | {externally controlled string} |
-| views.py:13 | request | django.request.HttpRequest |
--- a/python/ql/test/3/library-tests/web/django/Taint.ql
+++ b/python/ql/test/3/library-tests/web/django/Taint.ql
@@ -1,14 +0,0 @@
-
-import python
-
-
-import semmle.python.web.django.Request
-import semmle.python.web.django.Model
-import semmle.python.web.django.Response
-import semmle.python.security.strings.Untrusted
-
-
-from TaintedNode node
-
-select node.getLocation().toString(), node.getAstNode().toString(), node.getTaintKind().toString()
-
--- a/python/ql/test/3/library-tests/web/django/django/init.py
+++ b/python/ql/test/3/library-tests/web/django/django/init.py
@@ -1 +0,0 @@
-#Fake django package
--- a/python/ql/test/3/library-tests/web/django/django/conf/init.py
+++ b/python/ql/test/3/library-tests/web/django/django/conf/init.py
@@ -1 +0,0 @@
-#Fake django package
--- a/python/ql/test/3/library-tests/web/django/django/conf/urls.py
+++ b/python/ql/test/3/library-tests/web/django/django/conf/urls.py
@@ -1,3 +0,0 @@
-
-def url(regex, view):
-    pass
--- a/python/ql/test/3/library-tests/web/django/django/db/init.py
+++ b/python/ql/test/3/library-tests/web/django/django/db/init.py
@@ -1 +0,0 @@
-#Fake django package
--- a/python/ql/test/3/library-tests/web/django/django/db/models/init.py
+++ b/python/ql/test/3/library-tests/web/django/django/db/models/init.py
@@ -1,2 +0,0 @@
-class Model:
-    pass
--- a/python/ql/test/3/library-tests/web/django/django/db/models/expressions.py
+++ b/python/ql/test/3/library-tests/web/django/django/db/models/expressions.py
@@ -1,2 +0,0 @@
-class RawSQL:
-    pass
--- a/python/ql/test/3/library-tests/web/django/django/http/init.py
+++ b/python/ql/test/3/library-tests/web/django/django/http/init.py
@@ -1,2 +0,0 @@
-
-from .response import HttpResponse
--- a/python/ql/test/3/library-tests/web/django/django/http/response.py
+++ b/python/ql/test/3/library-tests/web/django/django/http/response.py
@@ -1,5 +0,0 @@
-
-class HttpResponse:
-
-    def __init__(self, *args):
-        pass
--- a/python/ql/test/3/library-tests/web/django/models.py
+++ b/python/ql/test/3/library-tests/web/django/models.py
@@ -1,10 +0,0 @@
-
-from django.db import models
-
-class MyModel(models.Model):
-    title = models.CharField(max_length=500)
-    summary = models.TextField(blank=True)
-
-def update_my_model(key, title):
-    item = MyModel.objects.get(pk=key)
-    item.title = title
--- a/python/ql/test/3/library-tests/web/django/rawsql.py
+++ b/python/ql/test/3/library-tests/web/django/rawsql.py
@@ -1,23 +0,0 @@
-from django.db.models.expressions import RawSQL
-
-def raw1(arg):
-    return RawSQL("select foo from bar where baz = %s" % arg, "")
-
-
-from django.db import models
-
-class MyModel(models.Model):
-    pass
-
-def raw2(arg):
-    MyModel.objects.raw("select foo from bar where baz = %s" % arg)
-
-def raw3(arg):
-    m = MyModel.objects.filter('foo')
-    m = m.filter('bar')
-    m.raw("select foo from bar where baz = %s" % arg)
-
-def raw4(arg):
-    m = MyModel.objects.filter('foo')
-    m.extra("select foo from bar where baz = %s" % arg)
-
--- a/python/ql/test/3/library-tests/web/django/urls.py
+++ b/python/ql/test/3/library-tests/web/django/urls.py
@@ -1,9 +0,0 @@
-from django.conf.urls import url
-import views
-
-urlpatterns = [
-
-    url(r'^route1$', views.view_func1),
-    url(r'^(?P<path>.*)$', views.view_func2),
-    url(r'^route2$', views.ClassView.as_view())
-]
--- a/python/ql/test/3/library-tests/web/django/views.py
+++ b/python/ql/test/3/library-tests/web/django/views.py
@@ -1,19 +0,0 @@
-
-from django.http import HttpResponse
-from django.shortcuts import redirect, render
-from django.views.generic import View
-
-def view_func1(request):
-    # Whether this is safe depends on template.html -- annoyingly
-    return HttpResponse(request.GET.get("untrusted"))
-
-
-def view_func2(request, path='default'):
-    env = {'path': path}
-    return render(request, 'vulnerable-path.html', env)
-
-
-class ClassView(View):
-
-    def get(self, request):
-        pass
--- a/python/ql/test/3/library-tests/web/options
+++ b/python/ql/test/3/library-tests/web/options
@@ -1 +0,0 @@
-semmle-extractor-options: --max-import-depth=3 --lang=3
				`@@ -1 +0,0 @@`
				`semmle-extractor-options: --max-import-depth=3 --lang=3`