mirror of
https://github.com/github/codeql.git
synced 2025-12-20 02:44:30 +01:00
3e7dc12246
The meat of this PR is described in the new python/ql/test/experimental/meta/InlineTaintTest.qll file: > Defines a InlineExpectationsTest for checking whether any arguments in > `ensure_tainted` and `ensure_not_tainted` calls are tainted. > > Also defines query predicates to ensure that: > - if any arguments to `ensure_not_tainted` are tainted, their annotation is marked with `SPURIOUS`. > - if any arguments to `ensure_tainted` are not tainted, their annotation is marked with `MISSING`. > > The functionality of this module is tested in `ql/test/experimental/meta/inline-taint-test-demo`.
59 lines
1.2 KiB
Python
59 lines
1.2 KiB
Python
import sys; import os; sys.path.append(os.path.dirname(os.path.dirname((__file__))))
|
|
from taintlib import *
|
|
|
|
# This has no runtime impact, but allows autocomplete to work
|
|
from typing import TYPE_CHECKING
|
|
if TYPE_CHECKING:
|
|
from ..taintlib import *
|
|
|
|
|
|
# Actual tests
|
|
|
|
def emulated_authentication_check(arg):
|
|
if not arg == "safe":
|
|
raise Exception("user unauthenticated")
|
|
|
|
|
|
def test_custom_sanitizer():
|
|
s = TAINTED_STRING
|
|
|
|
try:
|
|
emulated_authentication_check(s)
|
|
ensure_not_tainted(s)
|
|
except:
|
|
pass
|
|
|
|
|
|
def emulated_is_safe(arg):
|
|
# emulating something we won't be able to look at source code for
|
|
return eval("False")
|
|
|
|
|
|
def test_custom_sanitizer_guard():
|
|
s = TAINTED_STRING
|
|
|
|
if emulated_is_safe(s):
|
|
ensure_not_tainted(s)
|
|
s = TAINTED_STRING
|
|
ensure_tainted(s) # $ tainted
|
|
else:
|
|
ensure_tainted(s) # $ tainted
|
|
|
|
|
|
def emulated_escaping(arg):
|
|
return arg.replace("<", "?").replace(">", "?").replace("'", "?").replace("\"", "?")
|
|
|
|
|
|
def test_escape():
|
|
s = TAINTED_STRING
|
|
|
|
s2 = emulated_escaping(s)
|
|
ensure_not_tainted(s2)
|
|
|
|
|
|
# Make tests runable
|
|
|
|
test_custom_sanitizer()
|
|
test_custom_sanitizer_guard()
|
|
test_escape()
|