Skip to content

Commit ae60ac2

Browse files
committed
Python: Annotate django v1 routing tests
Again need to remove trailing $, since inline-expectation tests still don't handle $
1 parent 78ab637 commit ae60ac2

File tree

3 files changed

+21
-19
lines changed

3 files changed

+21
-19
lines changed

python/ql/test/experimental/library-tests/frameworks/django-v1/ConceptsTest.expected

Whitespace-only changes.
Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
import python
2+
import experimental.meta.ConceptsTest

python/ql/test/experimental/library-tests/frameworks/django-v1/routing_test.py

Lines changed: 19 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -4,19 +4,19 @@
44
from django.views.generic import View
55

66

7-
def url_match_xss(request, foo, bar, no_taint=None):
7+
def url_match_xss(request, foo, bar, no_taint=None): # $f-:routeHandler $f-:routedParameter=foo $f-:routedParameter=bar
88
return HttpResponse('url_match_xss: {} {}'.format(foo, bar))
99

1010

11-
def get_params_xss(request):
11+
def get_params_xss(request): # $f-:routeHandler
1212
return HttpResponse(request.GET.get("untrusted"))
1313

1414

15-
def post_params_xss(request):
15+
def post_params_xss(request): # $f-:routeHandler
1616
return HttpResponse(request.POST.get("untrusted"))
1717

1818

19-
def http_resp_write(request):
19+
def http_resp_write(request): # $f-:routeHandler
2020
rsp = HttpResponse()
2121
rsp.write(request.GET.get("untrusted"))
2222
return rsp
@@ -26,54 +26,54 @@ class Foo(object):
2626
# Note: since Foo is used as the super type in a class view, it will be able to handle requests.
2727

2828

29-
def post(self, request, untrusted):
29+
def post(self, request, untrusted): # $f-:routeHandler $f-:routedParameter=untrusted
3030
return HttpResponse('Foo post: {}'.format(untrusted))
3131

3232

3333
class ClassView(View, Foo):
3434

35-
def get(self, request, untrusted):
35+
def get(self, request, untrusted): # $f-:routeHandler $f-:routedParameter=untrusted
3636
return HttpResponse('ClassView get: {}'.format(untrusted))
3737

3838

39-
def show_articles(request, page_number=1):
39+
def show_articles(request, page_number=1): # $f-:routeHandler $f-:routedParameter=page_number
4040
page_number = int(page_number)
4141
return HttpResponse('articles page: {}'.format(page_number))
4242

4343

44-
def xxs_positional_arg(request, arg0, arg1, no_taint=None):
44+
def xxs_positional_arg(request, arg0, arg1, no_taint=None): # $f-:routeHandler $f-:routedParameter=arg0 $f-:routedParameter=arg1
4545
return HttpResponse('xxs_positional_arg: {} {}'.format(arg0, arg1))
4646

4747

4848
urlpatterns = [
49-
url(r'^url_match/(?P<foo>[^/]+)/(?P<bar>[^/]+)$', url_match_xss),
50-
url(r'^get_params$', get_params_xss),
51-
url(r'^post_params$', post_params_xss),
52-
url(r'^http_resp_write$', http_resp_write),
53-
url(r'^class_view/(?P<untrusted>.+)$', ClassView.as_view()),
49+
url(r"^url_match/(?P<foo>[^/]+)/(?P<bar>[^/]+)", url_match_xss), # $f-:routeSetup="^url_match/(?P<foo>[^/]+)/(?P<bar>[^/]+)"
50+
url(r"^get_params", get_params_xss), # $f-:routeSetup="^get_params"
51+
url(r"^post_params", post_params_xss), # $f-:routeSetup="^post_params"
52+
url(r"^http_resp_write", http_resp_write), # $f-:routeSetup="^http_resp_write"
53+
url(r"^class_view/(?P<untrusted>.+)", ClassView.as_view()), # $f-:routeSetup="^class_view/(?P<untrusted>.+)"
5454

5555
# one pattern to support `articles/page-<n>` and ensuring that articles/ goes to page-1
56-
url(r'articles/^(?:page-(?P<page_number>\d+)/)?$', show_articles),
56+
url(r"articles/^(?:page-(?P<page_number>\d+)/)?", show_articles), # $f-:routeSetup="articles/^(?:page-(?P<page_number>\d+)/)?"
5757
# passing as positional argument is not the recommended way of doing things, but it is certainly
5858
# possible
59-
url(r'^([^/]+)/(?:foo|bar)/([^/]+)$', xxs_positional_arg, name='xxs_positional_arg'),
59+
url(r"^([^/]+)/(?:foo|bar)/([^/]+)", xxs_positional_arg, name='xxs_positional_arg'), # $f-:routeSetup="^([^/]+)/(?:foo|bar)/([^/]+)"
6060
]
6161

6262
################################################################################
6363
# Using patterns() for routing
6464

65-
def show_user(request, username):
65+
def show_user(request, username): # $f-:routeHandler $f-:routedParameter=username
6666
return HttpResponse('show_user {}'.format(username))
6767

6868

69-
urlpatterns = patterns(url(r'^users/(?P<username>[^/]+)$', show_user))
69+
urlpatterns = patterns(url(r"^users/(?P<username>[^/]+)", show_user)) # $f-:routeSetup="^users/(?P<username>[^/]+)"
7070

7171
################################################################################
7272
# Show we understand the keyword arguments to django.conf.urls.url
7373

74-
def kw_args(request):
74+
def kw_args(request): # $f-:routeHandler
7575
return HttpResponse('kw_args')
7676

7777
urlpatterns = [
78-
url(view=kw_args, regex=r'^kw_args$')
78+
url(view=kw_args, regex=r"^kw_args") # $f-:routeSetup="^kw_args"
7979
]

0 commit comments

Comments
 (0)