Add testcase

RasmusWL · RasmusWL · commit bf197b9f2035 · 2019-10-10T15:34:54.000+02:00
diff --git a/python/ql/test/library-tests/taint/flowpath_regression/Config.qll b/python/ql/test/library-tests/taint/flowpath_regression/Config.qll
@@ -0,0 +1,45 @@
+import python
+import semmle.python.security.TaintTracking
+import semmle.python.security.strings.Untrusted
+
+class FooSource extends TaintSource {
+    FooSource() { this.(CallNode).getFunction().(NameNode).getId() = "foo_source" }
+
+    override predicate isSourceOf(TaintKind kind) { kind instanceof UntrustedStringKind }
+
+    override string toString() { result = "FooSource" }
+}
+
+class FooSink extends TaintSink {
+    FooSink() {
+        exists(CallNode call |
+            call.getFunction().(NameNode).getId() = "foo_sink" and
+            call.getAnArg() = this
+        )
+    }
+
+    override predicate sinks(TaintKind kind) { kind instanceof UntrustedStringKind }
+
+    override string toString() { result = "FooSink" }
+}
+
+class FooConfig extends TaintTracking::Configuration {
+    FooConfig() { this = "FooConfig" }
+
+    override predicate isSource(TaintTracking::Source source) { source instanceof FooSource }
+
+    override predicate isSink(TaintTracking::Sink sink) { sink instanceof FooSink }
+}
+
+class BarSink extends TaintSink {
+    BarSink() {
+        exists(CallNode call |
+            call.getFunction().(NameNode).getId() = "bar_sink" and
+            call.getAnArg() = this
+        )
+    }
+
+    override predicate sinks(TaintKind kind) { kind instanceof UntrustedStringKind }
+
+    override string toString() { result = "BarSink" }
+}
diff --git a/python/ql/test/library-tests/taint/flowpath_regression/Path.expected b/python/ql/test/library-tests/taint/flowpath_regression/Path.expected
@@ -0,0 +1 @@
+| test.py:16:9:16:20 | foo_source() | test.py:17:14:17:14 | x |
diff --git a/python/ql/test/library-tests/taint/flowpath_regression/Path.ql b/python/ql/test/library-tests/taint/flowpath_regression/Path.ql
@@ -0,0 +1,6 @@
+import python
+import Config
+
+from FooConfig config, TaintedPathSource src, TaintedPathSink sink
+where config.hasFlowPath(src, sink)
+select src.getSource(), sink.getSink()
diff --git a/python/ql/test/library-tests/taint/flowpath_regression/test.py b/python/ql/test/library-tests/taint/flowpath_regression/test.py
@@ -0,0 +1,22 @@
+def foo_source():
+    return 'foo'
+
+
+def foo_sink(x):
+    if x == 'foo':
+        print('fire the foo missiles')
+
+
+def bar_sink(x):
+    if x == 'bar':
+        print('fire the bar missiles')
+
+
+def should_report():
+    x = foo_source()
+    foo_sink(x)
+
+
+def should_not_report():
+    x = foo_source()
+    bar_sink(x)

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+\| test.py:16:9:16:20 \| foo_source() \| test.py:17:14:17:14 \| x \|`