hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.23.4
codeql/python/ql/test/library-tests/frameworks/stdlib/test_json.py
Rasmus Wriedt Larsen 61ad5d0673 Python: Allow printing PostUpdateNode in ConceptsTest.qll 
See how this works in `test_json.py`
2021-05-19 17:10:33 +02:00

41 lines
1.5 KiB
Python
Raw Permalink Blame History

from io import StringIO
import json
def test():
print("\n# test")
ts = TAINTED_STRING
encoded = json.dumps(ts) # $ encodeOutput=json.dumps(..) encodeFormat=JSON encodeInput=ts
ensure_tainted(
encoded, # $ tainted
json.dumps(ts), # $ tainted encodeOutput=json.dumps(..) encodeFormat=JSON encodeInput=ts
json.dumps(obj=ts), # $ tainted encodeOutput=json.dumps(..) encodeFormat=JSON encodeInput=ts
json.loads(encoded), # $ tainted decodeOutput=json.loads(..) decodeFormat=JSON decodeInput=encoded
json.loads(s=encoded), # $ tainted decodeOutput=json.loads(..) decodeFormat=JSON decodeInput=encoded
)
# load/dump with file-like
tainted_filelike = StringIO()
json.dump(ts, tainted_filelike) # $ encodeOutput=[post]tainted_filelike encodeFormat=JSON encodeInput=ts
tainted_filelike.seek(0)
ensure_tainted(
tainted_filelike, # $ tainted
json.load(tainted_filelike), # $ tainted decodeOutput=json.load(..) decodeFormat=JSON decodeInput=tainted_filelike
)
# load/dump with file-like using keyword-args
tainted_filelike = StringIO()
json.dump(obj=ts, fp=tainted_filelike) # $ encodeOutput=[post]tainted_filelike encodeFormat=JSON encodeInput=ts
tainted_filelike.seek(0)
ensure_tainted(
tainted_filelike, # $ tainted
json.load(fp=tainted_filelike), # $ tainted decodeOutput=json.load(..) decodeFormat=JSON decodeInput=tainted_filelike
)
# Make tests runable
test()
Reference in New Issue View Git Blame Copy Permalink