Python tests: Fix up CWE-327 tests to use new sensitive-data library.

Author: markshannon

python/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected

@@ -1,2 +1,2 @@
-| test_cryptography.py:7:29:7:37 | Use of weak crypto algorithm | Sensitive data from $@ is used in a broken or weak cryptographic algorithm. | test_cryptography.py:4:17:4:30 | sensitive.data.source | sensitive.data.source |
-| test_pycrypto.py:6:27:6:35 | Use of weak crypto algorithm ARC4 | Sensitive data from $@ is used in a broken or weak cryptographic algorithm. | test_pycrypto.py:4:17:4:30 | sensitive.data.source | sensitive.data.source |
+| test_cryptography.py:8:29:8:37 | Use of weak crypto algorithm | Sensitive data from $@ is used in a broken or weak cryptographic algorithm. | test_cryptography.py:5:17:5:30 | Taint source | Taint source |
+| test_pycrypto.py:7:27:7:35 | Use of weak crypto algorithm ARC4 | Sensitive data from $@ is used in a broken or weak cryptographic algorithm. | test_pycrypto.py:5:17:5:30 | Taint source | Taint source |

python/ql/test/query-tests/Security/CWE-327/TestNode.expected

@@ -1,14 +1,18 @@
-| Taint Crypto.Cipher.ARC4 | test_pycrypto.py:5:14:5:27 | test_pycrypto.py:5 | test_pycrypto.py:5:14:5:27 | Attribute() |  |
-| Taint Crypto.Cipher.ARC4 | test_pycrypto.py:6:12:6:17 | test_pycrypto.py:6 | test_pycrypto.py:6:12:6:17 | cipher |  |
-| Taint cryptography.Cipher.RC4 | test_cryptography.py:5:14:5:47 | test_cryptography.py:5 | test_cryptography.py:5:14:5:47 | Cipher() |  |
-| Taint cryptography.Cipher.RC4 | test_cryptography.py:6:17:6:22 | test_cryptography.py:6 | test_cryptography.py:6:17:6:22 | cipher |  |
-| Taint cryptography.encryptor.RC4 | test_cryptography.py:6:17:6:34 | test_cryptography.py:6 | test_cryptography.py:6:17:6:34 | Attribute() |  |
-| Taint cryptography.encryptor.RC4 | test_cryptography.py:7:12:7:20 | test_cryptography.py:7 | test_cryptography.py:7:12:7:20 | encryptor |  |
-| Taint cryptography.encryptor.RC4 | test_cryptography.py:7:42:7:50 | test_cryptography.py:7 | test_cryptography.py:7:42:7:50 | encryptor |  |
-| Taint sensitive.data | test_cryptography.py:4:17:4:28 | test_cryptography.py:4 | test_cryptography.py:4:17:4:28 | get_password |  |
-| Taint sensitive.data | test_cryptography.py:4:17:4:30 | test_cryptography.py:4 | test_cryptography.py:4:17:4:30 | get_password() |  |
-| Taint sensitive.data | test_cryptography.py:7:29:7:37 | test_cryptography.py:7 | test_cryptography.py:7:29:7:37 | dangerous |  |
-| Taint sensitive.data | test_cryptography.py:7:42:7:50 | test_cryptography.py:7 | test_cryptography.py:7:42:7:50 | encryptor |  |
-| Taint sensitive.data | test_pycrypto.py:4:17:4:28 | test_pycrypto.py:4 | test_pycrypto.py:4:17:4:28 | get_password |  |
-| Taint sensitive.data | test_pycrypto.py:4:17:4:30 | test_pycrypto.py:4 | test_pycrypto.py:4:17:4:30 | get_password() |  |
-| Taint sensitive.data | test_pycrypto.py:6:27:6:35 | test_pycrypto.py:6 | test_pycrypto.py:6:27:6:35 | dangerous |  |
+| Taint Crypto.Cipher.ARC4 | test_pycrypto.py:6:14:6:27 | test_pycrypto.py:6 | test_pycrypto.py:6:14:6:27 | Attribute() |  |
+| Taint Crypto.Cipher.ARC4 | test_pycrypto.py:7:12:7:17 | test_pycrypto.py:7 | test_pycrypto.py:7:12:7:17 | cipher |  |
+| Taint cryptography.Cipher.RC4 | test_cryptography.py:6:14:6:47 | test_cryptography.py:6 | test_cryptography.py:6:14:6:47 | Cipher() |  |
+| Taint cryptography.Cipher.RC4 | test_cryptography.py:7:17:7:22 | test_cryptography.py:7 | test_cryptography.py:7:17:7:22 | cipher |  |
+| Taint cryptography.encryptor.RC4 | test_cryptography.py:7:17:7:34 | test_cryptography.py:7 | test_cryptography.py:7:17:7:34 | Attribute() |  |
+| Taint cryptography.encryptor.RC4 | test_cryptography.py:8:12:8:20 | test_cryptography.py:8 | test_cryptography.py:8:12:8:20 | encryptor |  |
+| Taint cryptography.encryptor.RC4 | test_cryptography.py:8:42:8:50 | test_cryptography.py:8 | test_cryptography.py:8:42:8:50 | encryptor |  |
+| Taint sensitive.data.certificate | InsecureProtocol.py:6:1:6:47 | InsecureProtocol.py:6 | InsecureProtocol.py:6:1:6:47 | Attribute() |  |
+| Taint sensitive.data.certificate | InsecureProtocol.py:7:1:7:47 | InsecureProtocol.py:7 | InsecureProtocol.py:7:1:7:47 | Attribute() |  |
+| Taint sensitive.data.certificate | InsecureProtocol.py:8:1:8:47 | InsecureProtocol.py:8 | InsecureProtocol.py:8:1:8:47 | Attribute() |  |
+| Taint sensitive.data.certificate | InsecureProtocol.py:36:1:36:49 | InsecureProtocol.py:36 | InsecureProtocol.py:36:1:36:49 | Attribute() |  |
+| Taint sensitive.data.certificate | InsecureProtocol.py:41:1:41:17 | InsecureProtocol.py:41 | InsecureProtocol.py:41:1:41:17 | Attribute() |  |
+| Taint sensitive.data.certificate | InsecureProtocol.py:48:1:48:43 | InsecureProtocol.py:48 | InsecureProtocol.py:48:1:48:43 | Attribute() |  |
+| Taint sensitive.data.password | test_cryptography.py:5:17:5:30 | test_cryptography.py:5 | test_cryptography.py:5:17:5:30 | get_password() |  |
+| Taint sensitive.data.password | test_cryptography.py:8:29:8:37 | test_cryptography.py:8 | test_cryptography.py:8:29:8:37 | dangerous |  |
+| Taint sensitive.data.password | test_cryptography.py:8:42:8:50 | test_cryptography.py:8 | test_cryptography.py:8:42:8:50 | encryptor |  |
+| Taint sensitive.data.password | test_pycrypto.py:5:17:5:30 | test_pycrypto.py:5 | test_pycrypto.py:5:17:5:30 | get_password() |  |
+| Taint sensitive.data.password | test_pycrypto.py:7:27:7:35 | test_pycrypto.py:7 | test_pycrypto.py:7:27:7:35 | dangerous |  |

python/ql/test/query-tests/Security/CWE-327/test_cryptography.py

@@ -1,4 +1,5 @@
 from cryptography.hazmat.primitives.ciphers import Cipher, algorithms
+from secrets_store import get_password
 
 def get_badly_encrypted_password():
     dangerous = get_password()

python/ql/test/query-tests/Security/CWE-327/test_pycrypto.py

@@ -1,4 +1,5 @@
 from Crypto.Cipher import ARC4
+from secrets_store import get_password
 
 def get_badly_encrypted_password():
     dangerous = get_password()