Python: Expand string-const-compare tests

RasmusWL · RasmusWL · commit 18041fd0597c · 2020-11-23T10:36:49.000+01:00
Also moved file to reflect that. Added tests of

+ `!=`
+ `in`
+ `not in`
diff --git a/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/TestTaint.expected b/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/TestTaint.expected
@@ -1,11 +1,27 @@
-| test_string_eq.py:16 | ok   | const_eq_clears_taint | ts |
-| test_string_eq.py:18 | ok   | const_eq_clears_taint | ts |
-| test_string_eq.py:20 | ok   | const_eq_clears_taint | ts |
-| test_string_eq.py:27 | fail | const_eq_clears_taint2 | ts |
-| test_string_eq.py:33 | fail | const_eq_clears_taint3 | ts |
-| test_string_eq.py:35 | ok   | const_eq_clears_taint3 | ts |
-| test_string_eq.py:41 | ok   | non_const_eq_preserves_taint | ts |
-| test_string_eq.py:43 | ok   | non_const_eq_preserves_taint | ts |
-| test_string_eq.py:53 | fail | const_eq_through_func | ts |
-| test_string_eq.py:55 | ok   | const_eq_through_func | ts |
-| test_string_eq.py:57 | ok   | const_eq_through_func | ts |
+| test_string_const_compare.py:16 | ok   | test_eq | ts |
+| test_string_const_compare.py:18 | ok   | test_eq | ts |
+| test_string_const_compare.py:20 | ok   | test_eq | ts |
+| test_string_const_compare.py:27 | ok   | test_eq_unsafe | ts |
+| test_string_const_compare.py:29 | ok   | test_eq_unsafe | ts |
+| test_string_const_compare.py:35 | fail | test_eq_with_or | ts |
+| test_string_const_compare.py:37 | ok   | test_eq_with_or | ts |
+| test_string_const_compare.py:43 | ok   | test_non_eq1 | ts |
+| test_string_const_compare.py:45 | fail | test_non_eq1 | ts |
+| test_string_const_compare.py:51 | ok   | test_non_eq2 | ts |
+| test_string_const_compare.py:53 | fail | test_non_eq2 | ts |
+| test_string_const_compare.py:59 | fail | test_in_list | ts |
+| test_string_const_compare.py:61 | ok   | test_in_list | ts |
+| test_string_const_compare.py:67 | fail | test_in_tuple | ts |
+| test_string_const_compare.py:69 | ok   | test_in_tuple | ts |
+| test_string_const_compare.py:75 | fail | test_in_set | ts |
+| test_string_const_compare.py:77 | ok   | test_in_set | ts |
+| test_string_const_compare.py:83 | ok   | test_in_unsafe1 | ts |
+| test_string_const_compare.py:85 | ok   | test_in_unsafe1 | ts |
+| test_string_const_compare.py:91 | ok   | test_in_unsafe2 | ts |
+| test_string_const_compare.py:93 | ok   | test_in_unsafe2 | ts |
+| test_string_const_compare.py:99 | ok   | test_not_in1 | ts |
+| test_string_const_compare.py:101 | fail | test_not_in1 | ts |
+| test_string_const_compare.py:107 | ok   | test_not_in2 | ts |
+| test_string_const_compare.py:109 | fail | test_not_in2 | ts |
+| test_string_const_compare.py:119 | fail | test_eq_thorugh_func | ts |
+| test_string_const_compare.py:121 | ok   | test_eq_thorugh_func | ts |
diff --git a/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/test_string_const_compare.py b/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/test_string_const_compare.py
@@ -0,0 +1,138 @@
+# Add taintlib to PATH so it can be imported during runtime without any hassle
+import sys; import os; sys.path.append(os.path.dirname(os.path.dirname((__file__))))
+from taintlib import *
+
+# This has no runtime impact, but allows autocomplete to work
+from typing import TYPE_CHECKING
+if TYPE_CHECKING:
+    from ..taintlib import *
+
+
+# Actual tests
+
+def test_eq():
+    ts = TAINTED_STRING
+    if ts == "safe":
+        ensure_not_tainted(ts)
+    else:
+        ensure_tainted(ts)
+    # ts should still be tainted after exiting the if block
+    ensure_tainted(ts)
+
+
+def test_eq_unsafe(x="foo"):
+    """This test-case might seem strange, but it was a FP in our old points-to based analysis."""
+    ts = TAINTED_STRING
+    if ts == ts:
+        ensure_tainted(ts)
+    if ts == x:
+        ensure_tainted(ts)
+
+
+def test_eq_with_or():
+    ts = TAINTED_STRING
+    if ts == "safe" or ts == "also_safe":
+        ensure_not_tainted(ts)
+    else:
+        ensure_tainted(ts)
+
+
+def test_non_eq1():
+    ts = TAINTED_STRING
+    if ts != "safe":
+        ensure_tainted(ts)
+    else:
+        ensure_not_tainted(ts)
+
+
+def test_non_eq2():
+    ts = TAINTED_STRING
+    if not ts == "safe":
+        ensure_tainted(ts)
+    else:
+        ensure_not_tainted(ts)
+
+
+def test_in_list():
+    ts = TAINTED_STRING
+    if ts in ["safe", "also_safe"]:
+        ensure_not_tainted(ts)
+    else:
+        ensure_tainted(ts)
+
+
+def test_in_tuple():
+    ts = TAINTED_STRING
+    if ts in ("safe", "also_safe"):
+        ensure_not_tainted(ts)
+    else:
+        ensure_tainted(ts)
+
+
+def test_in_set():
+    ts = TAINTED_STRING
+    if ts in {"safe", "also_safe"}:
+        ensure_not_tainted(ts)
+    else:
+        ensure_tainted(ts)
+
+
+def test_in_unsafe1(xs):
+    ts = TAINTED_STRING
+    if ts in xs:
+        ensure_tainted(ts)
+    else:
+        ensure_tainted(ts)
+
+
+def test_in_unsafe2(x):
+    ts = TAINTED_STRING
+    if ts in ["safe", x]:
+        ensure_tainted(ts)
+    else:
+        ensure_tainted(ts)
+
+
+def test_not_in1():
+    ts = TAINTED_STRING
+    if ts not in ["safe", "also_safe"]:
+        ensure_tainted(ts)
+    else:
+        ensure_not_tainted(ts)
+
+
+def test_not_in2():
+    ts = TAINTED_STRING
+    if not ts in ["safe", "also_safe"]:
+        ensure_tainted(ts)
+    else:
+        ensure_not_tainted(ts)
+
+
+def is_safe(x):
+    return x == "safe"
+
+
+def test_eq_thorugh_func():
+    ts = TAINTED_STRING
+    if is_safe(ts):
+        ensure_not_tainted(ts)
+    else:
+        ensure_tainted(ts)
+
+
+# Make tests runable
+
+test_eq()
+test_eq_unsafe()
+test_eq_with_or()
+test_non_eq1()
+test_non_eq2()
+test_in_list()
+test_in_tuple()
+test_in_set()
+test_in_unsafe1(["unsafe", "foo"])
+test_in_unsafe2("unsafe")
+test_not_in1()
+test_not_in2()
+test_eq_thorugh_func()
diff --git a/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/test_string_eq.py b/python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/test_string_eq.py
