Python: remaining c# tests, except lambdas

yoff · yoff · commit 71830abda076 · 2020-11-17T08:28:11.000+01:00
both via nonlocal and via dict
diff --git a/python/ql/test/experimental/dataflow/validTest.py b/python/ql/test/experimental/dataflow/validTest.py
@@ -53,4 +53,5 @@ def check_tests_valid(testFile):
     check_tests_valid("coverage.classes")
     check_tests_valid("coverage.test")
     check_tests_valid("coverage.argumentPassing")
-    check_tests_valid("variable-capture.test")
+    check_tests_valid("variable-capture.nonlocal")
+    check_tests_valid("variable-capture.dict")
diff --git a/python/ql/test/experimental/dataflow/variable-capture/dict.py b/python/ql/test/experimental/dataflow/variable-capture/dict.py
@@ -0,0 +1,123 @@
+# All functions starting with "test_" should run and execute `print("OK")` exactly once.
+# This can be checked by running validTest.py.
+
+import sys
+import os
+
+sys.path.append(os.path.dirname(os.path.dirname((__file__))))
+from testlib import *
+
+# These are defined so that we can evaluate the test code.
+NONSOURCE = "not a source"
+SOURCE = "source"
+
+def is_source(x):
+    return x == "source" or x == b"source" or x == 42 or x == 42.0 or x == 42j
+
+
+def SINK(x):
+    if is_source(x):
+        print("OK")
+    else:
+        print("Unexpected flow", x)
+
+
+def SINK_F(x):
+    if is_source(x):
+        print("Unexpected flow", x)
+    else:
+        print("OK")
+
+
+def In(tainted):
+    def captureIn1():
+        sinkI1 = tainted
+        SINK(sinkI1) #$ MISSING:captured
+    captureIn1()
+
+    def captureIn2():
+        def m():
+            sinkI2 = tainted
+            SINK(sinkI2) #$ MISSING:captured
+        m()
+    captureIn2()
+
+    # captureIn3 = lambda arg:(
+    #     sinkI3 = tainted;
+    #     check(sinkI3);
+    #     return arg)
+    # [ captureIn3(x) for x in " " ]
+
+    def captureIn1NotCalled():
+        nonSink0 = tainted
+        SINK_F(nonSink0)
+
+    def captureIn2NotCalled():
+        def m():
+            nonSink0 = tainted
+            SINK_F(nonSink0)
+    captureIn2NotCalled()
+
+@expects(2)
+def test_In():
+    In(SOURCE)
+
+def Out():
+    sinkO1 = { "x": "" }
+    def captureOut1():
+        sinkO1["x"] = "source"
+    captureOut1()
+    SINK(sinkO1["x"]) #$ MISSING:captured
+
+    sinkO2 = { "x": "" }
+    def captureOut2():
+        def m():
+            sinkO2["x"] = "source"
+        m()
+    captureOut2()
+    SINK(sinkO2["x"]) #$ MISSING:captured
+
+    nonSink0 = { "x": "" }
+    def captureOut1NotCalled():
+        nonSink0["x"] = "source"
+    SINK_F(nonSink0["x"])
+
+    def captureOut2NotCalled():
+        def m():
+            nonSink0["x"] = "source"
+    captureOut2NotCalled()
+    SINK_F(nonSink0["x"])
+
+@expects(4)
+def test_Out():
+    Out()
+
+def Through(tainted):
+    sinkO1 = { "x": "" }
+    def captureOut1():
+        sinkO1["x"] = tainted
+    captureOut1()
+    SINK(sinkO1["x"]) #$ MISSING:captured
+
+    sinkO2 = { "x": "" }
+    def captureOut2():
+        def m():
+            sinkO2["x"] = tainted
+        m()
+    captureOut2()
+    SINK(sinkO2["x"]) #$ MISSING:captured
+
+    nonSink0 = { "x": "" }
+    def captureOut1NotCalled():
+        nonSink0["x"] = tainted
+    SINK_F(nonSink0["x"])
+
+    def captureOut2NotCalled():
+        def m():
+            nonSink0["x"] = tainted
+    captureOut2NotCalled()
+    SINK_F(nonSink0["x"])
+
+@expects(4)
+def test_Through():
+    Through(SOURCE)
diff --git a/python/ql/test/experimental/dataflow/variable-capture/nonlocal.py b/python/ql/test/experimental/dataflow/variable-capture/nonlocal.py
@@ -79,6 +79,53 @@ def m():
     captureOut2()
     SINK(sinkO2) #$ MISSING:captured
 
-@expects(2)
+    nonSink0 = ""
+    def captureOut1NotCalled():
+        nonlocal nonSink0
+        nonSink0 = "source"
+    SINK_F(nonSink0)
+
+    def captureOut2NotCalled():
+        def m():
+            nonlocal nonSink0
+            nonSink0 = "source"
+    captureOut2NotCalled()
+    SINK_F(nonSink0)
+
+@expects(4)
 def test_Out():
     Out()
+
+def Through(tainted):
+    sinkO1 = ""
+    def captureOut1():
+        nonlocal sinkO1
+        sinkO1 = tainted
+    captureOut1()
+    SINK(sinkO1) #$ MISSING:captured
+
+    sinkO2 = ""
+    def captureOut2():
+        def m():
+            nonlocal sinkO2
+            sinkO2 = tainted
+        m()
+    captureOut2()
+    SINK(sinkO2) #$ MISSING:captured
+
+    nonSink0 = ""
+    def captureOut1NotCalled():
+        nonlocal nonSink0
+        nonSink0 = tainted
+    SINK_F(nonSink0)
+
+    def captureOut2NotCalled():
+        def m():
+            nonlocal nonSink0
+            nonSink0 = tainted
+    captureOut2NotCalled()
+    SINK_F(nonSink0)
+
+@expects(4)
+def test_Through():
+    Through(SOURCE)
