Python: Clean up tests

Author: tausbn

python/ql/test/experimental/dataflow/global-flow/test.py

@@ -18,7 +18,10 @@
 # Modification by reassignment
 
 g_mod = []
-# The following assignment should not be a `ModuleVariableNode`, but currently our analysis thinks `g_mod` might be used in the `print` call
+# This assignment does not produce any flow, since `g_mod` is immediately reassigned.
+
+# The following assignment should not be a `ModuleVariableNode`,
+# but currently our analysis thinks `g_mod` might be used in the `print` call
 g_mod = [10] # $f+:writes=g_mod
 print("foo")
 g_mod = [100] # $writes=g_mod
@@ -27,7 +30,7 @@
 
 g_ins = [50] # $writes=g_ins
 print(g_ins)
-g_ins.insert(75)
+g_ins.append(75)
 
 # A global with multiple potential definitions
 
@@ -37,11 +40,11 @@
 else:
     g_mult = [300] # $writes=g_mult
 
-# A global with multiple potential definitions
+# A global variable that may be redefined depending on some unknown value
 
-g_mult2 = [400] # $writes=g_mult2
+g_redef = [400] # $writes=g_redef
 if unknown_module.attr:
-    g_mult2 = [500] # $writes=g_mult2
+    g_redef = [500] # $writes=g_redef
 
 def global_access():
     l = 5
@@ -51,7 +54,7 @@ def global_access():
     print(g_mod) # $reads=g_mod
     print(g_ins) # $reads=g_ins
     print(g_mult) # $reads=g_mult
-    print(g_mult2) # $reads=g_mult2
+    print(g_redef) # $reads=g_redef
 
 def print_g_mod(): # $writes=print_g_mod
     print(g_mod) # $reads=g_mod

python/ql/test/experimental/dataflow/tainttracking/TestTaintLib.qll

@@ -43,7 +43,7 @@ private string repr(Expr e) {
   result = repr(e.(Attribute).getObject()) + "." + e.(Attribute).getName()
 }
 
-query predicate test_taint(string arg_location, string test_res, string function_name, string repr) {
+query predicate test_taint(string arg_location, string test_res, string scope_name, string repr) {
   exists(Call call, Expr arg, boolean expected_taint, boolean has_taint |
     // only consider files that are extracted as part of the test
     exists(call.getLocation().getFile().getRelativePath()) and
@@ -68,7 +68,7 @@ query predicate test_taint(string arg_location, string test_res, string function
     // select
     arg_location = arg.getLocation().toString() and
     test_res = test_res and
-    function_name = call.getScope().(Function).getName() and
+    scope_name = call.getScope().getName() and
     repr = repr(arg)
   )
 }

python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.expected

@@ -1,25 +1,7 @@
-| test.py:0:0:0:0 | GSSA Variable tainted3 | test.py:4:1:4:13 | GSSA Variable tainted3 |
 | test.py:3:1:3:7 | GSSA Variable tainted | test.py:4:1:4:13 | GSSA Variable tainted |
 | test.py:3:1:3:7 | GSSA Variable tainted | test.py:4:6:4:12 | ControlFlowNode for tainted |
 | test.py:3:11:3:16 | ControlFlowNode for SOURCE | test.py:3:1:3:7 | GSSA Variable tainted |
-| test.py:3:11:3:16 | ControlFlowNode for SOURCE | test.py:20:12:20:17 | ControlFlowNode for SOURCE |
-| test.py:4:1:4:4 | ControlFlowNode for SINK | test.py:14:1:14:4 | ControlFlowNode for SINK |
 | test.py:6:1:6:11 | ControlFlowNode for FunctionExpr | test.py:6:5:6:8 | GSSA Variable func |
-| test.py:6:1:6:11 | GSSA Variable tainted2 | test.py:8:5:8:22 | GSSA Variable tainted2 |
-| test.py:6:1:6:11 | GSSA Variable tainted3 | test.py:8:5:8:22 | GSSA Variable tainted3 |
 | test.py:7:5:7:16 | SSA variable also_tainted | test.py:8:5:8:22 | SSA variable also_tainted |
 | test.py:7:5:7:16 | SSA variable also_tainted | test.py:8:10:8:21 | ControlFlowNode for also_tainted |
 | test.py:7:20:7:25 | ControlFlowNode for SOURCE | test.py:7:5:7:16 | SSA variable also_tainted |
-| test.py:13:1:13:8 | GSSA Variable tainted2 | test.py:14:1:14:14 | GSSA Variable tainted2 |
-| test.py:13:1:13:8 | GSSA Variable tainted2 | test.py:14:6:14:13 | ControlFlowNode for tainted2 |
-| test.py:13:12:13:21 | ControlFlowNode for NON_SOURCE | test.py:13:1:13:8 | GSSA Variable tainted2 |
-| test.py:13:12:13:21 | ControlFlowNode for NON_SOURCE | test.py:21:12:21:21 | ControlFlowNode for NON_SOURCE |
-| test.py:14:1:14:4 | ControlFlowNode for SINK | test.py:22:1:22:4 | ControlFlowNode for SINK |
-| test.py:14:1:14:14 | GSSA Variable tainted2 | test.py:22:1:22:14 | GSSA Variable tainted2 |
-| test.py:16:1:16:19 | ControlFlowNode for FunctionExpr | test.py:16:5:16:16 | GSSA Variable write_global |
-| test.py:18:16:18:21 | ControlFlowNode for SOURCE | test.py:18:5:18:12 | GSSA Variable tainted2 |
-| test.py:21:1:21:8 | GSSA Variable tainted3 | test.py:22:1:22:14 | GSSA Variable tainted3 |
-| test.py:21:1:21:8 | GSSA Variable tainted3 | test.py:22:6:22:13 | ControlFlowNode for tainted3 |
-| test.py:21:12:21:21 | ControlFlowNode for NON_SOURCE | test.py:21:1:21:8 | GSSA Variable tainted3 |
-| test.py:24:1:24:22 | ControlFlowNode for FunctionExpr | test.py:24:5:24:19 | GSSA Variable use_of_tainted3 |
-| test.py:26:16:26:25 | ControlFlowNode for NON_SOURCE | test.py:26:5:26:12 | GSSA Variable tainted3 |

python/ql/test/experimental/dataflow/tainttracking/basic/test.py

@@ -6,21 +6,3 @@
 def func():
     also_tainted = SOURCE
     SINK(also_tainted)
-
-
-# Various instances where flow is undesirable
-
-tainted2 = NON_SOURCE
-SINK(tainted2)
-
-def write_global():
-    global tainted2
-    tainted2 = SOURCE
-
-tainted3 = SOURCE
-tainted3 = NON_SOURCE
-SINK(tainted3)
-
-def use_of_tainted3():
-    global tainted3
-    tainted3 = NON_SOURCE