Python: Add basic shared taint tracking test

RasmusWL · RasmusWL · commit 7fb8e0e2774c · 2020-08-20T14:49:17.000+02:00
diff --git a/python/ql/test/experimental/dataflow/tainttracking/basic/GlobalTaintTracking.expected b/python/ql/test/experimental/dataflow/tainttracking/basic/GlobalTaintTracking.expected
@@ -0,0 +1,2 @@
+| test.py:3:11:3:16 | ControlFlowNode for SOURCE | test.py:4:6:4:12 | ControlFlowNode for tainted |
+| test.py:7:20:7:25 | ControlFlowNode for SOURCE | test.py:8:10:8:21 | ControlFlowNode for also_tainted |
diff --git a/python/ql/test/experimental/dataflow/tainttracking/basic/GlobalTaintTracking.ql b/python/ql/test/experimental/dataflow/tainttracking/basic/GlobalTaintTracking.ql
@@ -0,0 +1,22 @@
+import python
+import experimental.dataflow.TaintTracking
+import experimental.dataflow.DataFlow
+
+class TestTaintTrackingConfiguration extends TaintTracking::Configuration {
+  TestTaintTrackingConfiguration() { this = "TestTaintTrackingConfiguration" }
+
+  override predicate isSource(DataFlow::Node source) {
+    source.(DataFlow::CfgNode).getNode().(NameNode).getId() = "SOURCE"
+  }
+
+  override predicate isSink(DataFlow::Node sink) {
+    exists(CallNode call |
+      call.getFunction().(NameNode).getId() = "SINK" and
+      sink.(DataFlow::CfgNode).getNode() = call.getAnArg()
+    )
+  }
+}
+
+from TestTaintTrackingConfiguration config, DataFlow::Node source, DataFlow::Node sink
+where config.hasFlow(source, sink)
+select source, sink
diff --git a/python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.expected b/python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.expected
@@ -0,0 +1,5 @@
+| test.py:0:0:0:0 | SSA variable $ | test.py:0:0:0:0 | Exit node for Module test |
+| test.py:7:5:7:16 | SSA variable also_tainted | test.py:8:5:8:22 | SSA variable also_tainted |
+| test.py:7:5:7:16 | SSA variable also_tainted | test.py:8:10:8:21 | ControlFlowNode for also_tainted |
+| test.py:7:20:7:25 | ControlFlowNode for SOURCE | test.py:7:5:7:16 | SSA variable also_tainted |
+| test.py:8:5:8:22 | SSA variable also_tainted | test.py:6:1:6:11 | Exit node for Function func |
diff --git a/python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.ql b/python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.ql
@@ -0,0 +1,7 @@
+import python
+import experimental.dataflow.TaintTracking
+import experimental.dataflow.DataFlow
+
+from DataFlow::Node nodeFrom, DataFlow::Node nodeTo
+where TaintTracking::localTaintStep(nodeFrom, nodeTo)
+select nodeFrom, nodeTo
diff --git a/python/ql/test/experimental/dataflow/tainttracking/basic/test.py b/python/ql/test/experimental/dataflow/tainttracking/basic/test.py
@@ -0,0 +1,8 @@
+# Module level taint is different from inside functions, since shared dataflow library
+# relies on `getEnclosingCallable`
+tainted = SOURCE
+SINK(tainted)
+
+def func():
+    also_tainted = SOURCE
+    SINK(also_tainted)

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+\| test.py:3:11:3:16 \| ControlFlowNode for SOURCE \| test.py:4:6:4:12 \| ControlFlowNode for tainted \|`
	`2`	`+\| test.py:7:20:7:25 \| ControlFlowNode for SOURCE \| test.py:8:10:8:21 \| ControlFlowNode for also_tainted \|`