Merge pull request #4056 from yoff/SharedDataflow_ParameterTests

Python: Shared dataflow, parameter routing tests

Author: tausbn

python/ql/test/experimental/dataflow/coverage/argumentRouting1.expected

@@ -0,0 +1,30 @@
+import experimental.dataflow.DataFlow
+
+/**
+ * A configuration to check routing of arguments through magic methods.
+ */
+class ArgumentRoutingConfig extends DataFlow::Configuration {
+  ArgumentRoutingConfig() { this = "ArgumentRoutingConfig" }
+
+  override predicate isSource(DataFlow::Node node) {
+    exists(AssignmentDefinition def |
+      def.getVariable() = node.(DataFlow::EssaNode).getVar() and
+      def.getValue().(DataFlow::DataFlowCall).getCallable().getName().matches("With\\_%")
+    ) and
+    node.(DataFlow::EssaNode).getVar().getName().matches("with\\_%")
+  }
+
+  override predicate isSink(DataFlow::Node node) {
+    exists(CallNode call |
+      call.getFunction().(NameNode).getId() = "SINK1" and
+      node.(DataFlow::CfgNode).getNode() = call.getAnArg()
+    )
+  }
+}
+
+from DataFlow::Node source, DataFlow::Node sink
+where
+  source.getLocation().getFile().getBaseName() = "classes.py" and
+  sink.getLocation().getFile().getBaseName() = "classes.py" and
+  exists(ArgumentRoutingConfig cfg | cfg.hasFlow(source, sink))
+select source, sink

python/ql/test/experimental/dataflow/coverage/argumentRouting1.ql

@@ -0,0 +1,26 @@
+import experimental.dataflow.DataFlow
+
+/**
+ * A configuration to check routing of arguments through magic methods.
+ */
+class ArgumentRoutingConfig extends DataFlow::Configuration {
+  ArgumentRoutingConfig() { this = "ArgumentRoutingConfig" }
+
+  override predicate isSource(DataFlow::Node node) {
+    node.(DataFlow::CfgNode).getNode().(NameNode).getId() = "arg2"
+  }
+
+  override predicate isSink(DataFlow::Node node) {
+    exists(CallNode call |
+      call.getFunction().(NameNode).getId() = "SINK2" and
+      node.(DataFlow::CfgNode).getNode() = call.getAnArg()
+    )
+  }
+}
+
+from DataFlow::Node source, DataFlow::Node sink
+where
+  source.getLocation().getFile().getBaseName() = "classes.py" and
+  sink.getLocation().getFile().getBaseName() = "classes.py" and
+  exists(ArgumentRoutingConfig cfg | cfg.hasFlow(source, sink))
+select source, sink

python/ql/test/experimental/dataflow/coverage/argumentRouting2.expected

@@ -0,0 +1,26 @@
+import experimental.dataflow.DataFlow
+
+/**
+ * A configuration to check routing of arguments through magic methods.
+ */
+class ArgumentRoutingConfig extends DataFlow::Configuration {
+  ArgumentRoutingConfig() { this = "ArgumentRoutingConfig" }
+
+  override predicate isSource(DataFlow::Node node) {
+    node.(DataFlow::CfgNode).getNode().(NameNode).getId() = "arg3"
+  }
+
+  override predicate isSink(DataFlow::Node node) {
+    exists(CallNode call |
+      call.getFunction().(NameNode).getId() = "SINK3" and
+      node.(DataFlow::CfgNode).getNode() = call.getAnArg()
+    )
+  }
+}
+
+from DataFlow::Node source, DataFlow::Node sink
+where
+  source.getLocation().getFile().getBaseName() = "classes.py" and
+  sink.getLocation().getFile().getBaseName() = "classes.py" and
+  exists(ArgumentRoutingConfig cfg | cfg.hasFlow(source, sink))
+select source, sink

python/ql/test/experimental/dataflow/coverage/argumentRouting2.ql

@@ -0,0 +1,26 @@
+import experimental.dataflow.DataFlow
+
+/**
+ * A configuration to check routing of arguments through magic methods.
+ */
+class ArgumentRoutingConfig extends DataFlow::Configuration {
+  ArgumentRoutingConfig() { this = "ArgumentRoutingConfig" }
+
+  override predicate isSource(DataFlow::Node node) {
+    node.(DataFlow::CfgNode).getNode().(NameNode).getId() = "arg4"
+  }
+
+  override predicate isSink(DataFlow::Node node) {
+    exists(CallNode call |
+      call.getFunction().(NameNode).getId() = "SINK4" and
+      node.(DataFlow::CfgNode).getNode() = call.getAnArg()
+    )
+  }
+}
+
+from DataFlow::Node source, DataFlow::Node sink
+where
+  source.getLocation().getFile().getBaseName() = "classes.py" and
+  sink.getLocation().getFile().getBaseName() = "classes.py" and
+  exists(ArgumentRoutingConfig cfg | cfg.hasFlow(source, sink))
+select source, sink