Python: TaintTracking: Move tests of py3 string methods

RasmusWL · RasmusWL · commit 2dbf83b579d3 · 2020-08-25T13:06:27.000+02:00
diff --git a/python/ql/test/experimental/dataflow/tainttracking/string-py3/TestTaint.expected b/python/ql/test/experimental/dataflow/tainttracking/string-py3/TestTaint.expected
@@ -1,7 +1,10 @@
-| test.py:28 | fail | binary_decode_encode | base64.a85encode(..) |
-| test.py:29 | fail | binary_decode_encode | base64.a85decode(..) |
-| test.py:32 | fail | binary_decode_encode | base64.b85encode(..) |
-| test.py:33 | fail | binary_decode_encode | base64.b85decode(..) |
-| test.py:36 | fail | binary_decode_encode | base64.encodebytes(..) |
-| test.py:37 | fail | binary_decode_encode | base64.decodebytes(..) |
-| test.py:45 | ok   | f_strings | Fstring |
+| test.py:26 | ok   | str_methods | ts.casefold() |
+| test.py:28 | ok   | str_methods | ts.format_map(..) |
+| test.py:29 | fail | str_methods | "{unsafe}".format_map(..) |
+| test.py:40 | fail | binary_decode_encode | base64.a85encode(..) |
+| test.py:41 | fail | binary_decode_encode | base64.a85decode(..) |
+| test.py:44 | fail | binary_decode_encode | base64.b85encode(..) |
+| test.py:45 | fail | binary_decode_encode | base64.b85decode(..) |
+| test.py:48 | fail | binary_decode_encode | base64.encodebytes(..) |
+| test.py:49 | fail | binary_decode_encode | base64.decodebytes(..) |
+| test.py:57 | ok   | f_strings | Fstring |
diff --git a/python/ql/test/experimental/dataflow/tainttracking/string-py3/test.py b/python/ql/test/experimental/dataflow/tainttracking/string-py3/test.py
@@ -18,6 +18,18 @@ def ensure_not_tainted(*args):
 
 # Actual tests
 
+def str_methods():
+    print("\n# str_methods")
+    ts = TAINTED_STRING
+    tb = TAINTED_BYTES
+    ensure_tainted(
+        ts.casefold(),
+
+        ts.format_map({}),
+        "{unsafe}".format_map({"unsafe": ts}),
+    )
+
+
 def binary_decode_encode():
     print("\n#percent_fmt")
     tb = TAINTED_BYTES
@@ -47,5 +59,6 @@ def f_strings():
 
 # Make tests runable
 
+str_methods()
 binary_decode_encode()
 f_strings()
diff --git a/python/ql/test/experimental/dataflow/tainttracking/string/TestTaint.expected b/python/ql/test/experimental/dataflow/tainttracking/string/TestTaint.expected
@@ -10,56 +10,53 @@
 | test.py:41 | ok   | str_operations | bytes(..) |
 | test.py:42 | ok   | str_operations | unicode(..) |
 | test.py:51 | ok   | str_methods | ts.capitalize() |
-| test.py:52 | ok   | str_methods | ts.casefold() |
-| test.py:53 | ok   | str_methods | ts.center(..) |
-| test.py:54 | ok   | str_methods | ts.expandtabs() |
-| test.py:56 | ok   | str_methods | ts.format() |
-| test.py:57 | ok   | str_methods | "{}".format(..) |
-| test.py:58 | ok   | str_methods | "{unsafe}".format(..) |
-| test.py:60 | ok   | str_methods | ts.format_map(..) |
-| test.py:61 | fail | str_methods | "{unsafe}".format_map(..) |
-| test.py:63 | ok   | str_methods | ts.join(..) |
-| test.py:64 | fail | str_methods | "".join(..) |
-| test.py:66 | ok   | str_methods | ts.ljust(..) |
-| test.py:67 | ok   | str_methods | ts.lstrip() |
-| test.py:68 | ok   | str_methods | ts.lower() |
-| test.py:70 | ok   | str_methods | ts.replace(..) |
-| test.py:71 | ok   | str_methods | "safe".replace(..) |
-| test.py:73 | ok   | str_methods | ts.rjust(..) |
-| test.py:74 | ok   | str_methods | ts.rstrip() |
-| test.py:75 | ok   | str_methods | ts.strip() |
-| test.py:76 | ok   | str_methods | ts.swapcase() |
-| test.py:77 | ok   | str_methods | ts.title() |
-| test.py:78 | ok   | str_methods | ts.upper() |
-| test.py:79 | ok   | str_methods | ts.zfill(..) |
-| test.py:81 | ok   | str_methods | ts.encode(..) |
-| test.py:82 | ok   | str_methods | ts.encode(..).decode(..) |
-| test.py:84 | ok   | str_methods | tb.decode(..) |
-| test.py:85 | ok   | str_methods | tb.decode(..).encode(..) |
-| test.py:88 | ok   | str_methods | ts.partition(..) |
-| test.py:89 | ok   | str_methods | ts.rpartition(..) |
-| test.py:90 | ok   | str_methods | ts.rsplit(..) |
-| test.py:91 | ok   | str_methods | ts.split(..) |
-| test.py:92 | ok   | str_methods | ts.splitlines() |
-| test.py:97 | ok   | str_methods | "safe".replace(..) |
-| test.py:99 | fail | str_methods | ts.join(..) |
-| test.py:100 | fail | str_methods | ts.join(..) |
-| test.py:110 | fail | non_syntactic | meth() |
-| test.py:111 | fail | non_syntactic | _str(..) |
-| test.py:120 | ok   | percent_fmt | BinaryExpr |
-| test.py:121 | ok   | percent_fmt | BinaryExpr |
-| test.py:122 | fail | percent_fmt | BinaryExpr |
-| test.py:132 | fail | binary_decode_encode | base64.b64encode(..) |
-| test.py:133 | fail | binary_decode_encode | base64.b64decode(..) |
-| test.py:135 | fail | binary_decode_encode | base64.standard_b64encode(..) |
-| test.py:136 | fail | binary_decode_encode | base64.standard_b64decode(..) |
-| test.py:138 | fail | binary_decode_encode | base64.urlsafe_b64encode(..) |
-| test.py:139 | fail | binary_decode_encode | base64.urlsafe_b64decode(..) |
-| test.py:141 | fail | binary_decode_encode | base64.b32encode(..) |
-| test.py:142 | fail | binary_decode_encode | base64.b32decode(..) |
-| test.py:144 | fail | binary_decode_encode | base64.b16encode(..) |
-| test.py:145 | fail | binary_decode_encode | base64.b16decode(..) |
-| test.py:160 | fail | binary_decode_encode | base64.encodestring(..) |
-| test.py:161 | fail | binary_decode_encode | base64.decodestring(..) |
-| test.py:166 | fail | binary_decode_encode | quopri.encodestring(..) |
-| test.py:167 | fail | binary_decode_encode | quopri.decodestring(..) |
+| test.py:52 | ok   | str_methods | ts.center(..) |
+| test.py:53 | ok   | str_methods | ts.expandtabs() |
+| test.py:55 | ok   | str_methods | ts.format() |
+| test.py:56 | ok   | str_methods | "{}".format(..) |
+| test.py:57 | ok   | str_methods | "{unsafe}".format(..) |
+| test.py:59 | ok   | str_methods | ts.join(..) |
+| test.py:60 | fail | str_methods | "".join(..) |
+| test.py:62 | ok   | str_methods | ts.ljust(..) |
+| test.py:63 | ok   | str_methods | ts.lstrip() |
+| test.py:64 | ok   | str_methods | ts.lower() |
+| test.py:66 | ok   | str_methods | ts.replace(..) |
+| test.py:67 | ok   | str_methods | "safe".replace(..) |
+| test.py:69 | ok   | str_methods | ts.rjust(..) |
+| test.py:70 | ok   | str_methods | ts.rstrip() |
+| test.py:71 | ok   | str_methods | ts.strip() |
+| test.py:72 | ok   | str_methods | ts.swapcase() |
+| test.py:73 | ok   | str_methods | ts.title() |
+| test.py:74 | ok   | str_methods | ts.upper() |
+| test.py:75 | ok   | str_methods | ts.zfill(..) |
+| test.py:77 | ok   | str_methods | ts.encode(..) |
+| test.py:78 | ok   | str_methods | ts.encode(..).decode(..) |
+| test.py:80 | ok   | str_methods | tb.decode(..) |
+| test.py:81 | ok   | str_methods | tb.decode(..).encode(..) |
+| test.py:84 | ok   | str_methods | ts.partition(..) |
+| test.py:85 | ok   | str_methods | ts.rpartition(..) |
+| test.py:86 | ok   | str_methods | ts.rsplit(..) |
+| test.py:87 | ok   | str_methods | ts.split(..) |
+| test.py:88 | ok   | str_methods | ts.splitlines() |
+| test.py:93 | ok   | str_methods | "safe".replace(..) |
+| test.py:95 | fail | str_methods | ts.join(..) |
+| test.py:96 | fail | str_methods | ts.join(..) |
+| test.py:106 | fail | non_syntactic | meth() |
+| test.py:107 | fail | non_syntactic | _str(..) |
+| test.py:116 | ok   | percent_fmt | BinaryExpr |
+| test.py:117 | ok   | percent_fmt | BinaryExpr |
+| test.py:118 | fail | percent_fmt | BinaryExpr |
+| test.py:128 | fail | binary_decode_encode | base64.b64encode(..) |
+| test.py:129 | fail | binary_decode_encode | base64.b64decode(..) |
+| test.py:131 | fail | binary_decode_encode | base64.standard_b64encode(..) |
+| test.py:132 | fail | binary_decode_encode | base64.standard_b64decode(..) |
+| test.py:134 | fail | binary_decode_encode | base64.urlsafe_b64encode(..) |
+| test.py:135 | fail | binary_decode_encode | base64.urlsafe_b64decode(..) |
+| test.py:137 | fail | binary_decode_encode | base64.b32encode(..) |
+| test.py:138 | fail | binary_decode_encode | base64.b32decode(..) |
+| test.py:140 | fail | binary_decode_encode | base64.b16encode(..) |
+| test.py:141 | fail | binary_decode_encode | base64.b16decode(..) |
+| test.py:156 | fail | binary_decode_encode | base64.encodestring(..) |
+| test.py:157 | fail | binary_decode_encode | base64.decodestring(..) |
+| test.py:162 | fail | binary_decode_encode | quopri.encodestring(..) |
+| test.py:163 | fail | binary_decode_encode | quopri.decodestring(..) |
diff --git a/python/ql/test/experimental/dataflow/tainttracking/string/test.py b/python/ql/test/experimental/dataflow/tainttracking/string/test.py
@@ -49,17 +49,13 @@ def str_methods():
     tb = TAINTED_BYTES
     ensure_tainted(
         ts.capitalize(),
-        ts.casefold(),
         ts.center(100),
         ts.expandtabs(),
 
         ts.format(),
         "{}".format(ts),
         "{unsafe}".format(unsafe=ts),
 
-        ts.format_map({}),
-        "{unsafe}".format_map({"unsafe": ts}),
-
         ts.join(["", ""]),
         "".join([ts]),
 
