From bf34b07605b4db81e8fddf74ad79b08ffc60aadb Mon Sep 17 00:00:00 2001
From: Rasmus Wriedt Larsen <rasmuswl@github.com>
Date: Wed, 2 Sep 2020 16:56:05 +0200
Subject: [PATCH] Python: Add a few taint tests for default sanitizer

specifically the ones removes from dataflow tests in https://github.com/yoff/codeql/pull/1
---
 .../defaultSanitizer/TestTaint.expected       |  5 +++
 .../defaultSanitizer/TestTaint.ql             |  1 +
 .../tainttracking/defaultSanitizer/test.py    | 38 +++++++++++++++++++
 3 files changed, 44 insertions(+)
 create mode 100644 python/ql/test/experimental/dataflow/tainttracking/defaultSanitizer/TestTaint.expected
 create mode 100644 python/ql/test/experimental/dataflow/tainttracking/defaultSanitizer/TestTaint.ql
 create mode 100644 python/ql/test/experimental/dataflow/tainttracking/defaultSanitizer/test.py

diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultSanitizer/TestTaint.expected b/python/ql/test/experimental/dataflow/tainttracking/defaultSanitizer/TestTaint.expected
new file mode 100644
index 000000000000..a5ce4c087351
--- /dev/null
+++ b/python/ql/test/experimental/dataflow/tainttracking/defaultSanitizer/TestTaint.expected
@@ -0,0 +1,5 @@
+| test.py:16 | fail | const_eq_clears_taint | ts |
+| test.py:18 | ok   | const_eq_clears_taint | ts |
+| test.py:24 | fail | const_eq_clears_taint2 | ts |
+| test.py:29 | ok   | non_const_eq_preserves_taint | ts |
+| test.py:31 | ok   | non_const_eq_preserves_taint | ts |
diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultSanitizer/TestTaint.ql b/python/ql/test/experimental/dataflow/tainttracking/defaultSanitizer/TestTaint.ql
new file mode 100644
index 000000000000..80625505fa24
--- /dev/null
+++ b/python/ql/test/experimental/dataflow/tainttracking/defaultSanitizer/TestTaint.ql
@@ -0,0 +1 @@
+import experimental.dataflow.tainttracking.TestTaintLib
diff --git a/python/ql/test/experimental/dataflow/tainttracking/defaultSanitizer/test.py b/python/ql/test/experimental/dataflow/tainttracking/defaultSanitizer/test.py
new file mode 100644
index 000000000000..baaa3fb2b8f2
--- /dev/null
+++ b/python/ql/test/experimental/dataflow/tainttracking/defaultSanitizer/test.py
@@ -0,0 +1,38 @@
+# Add taintlib to PATH so it can be imported during runtime without any hassle
+import sys; import os; sys.path.append(os.path.dirname(os.path.dirname((__file__))))
+from taintlib import *
+
+# This has no runtime impact, but allows autocomplete to work
+from typing import TYPE_CHECKING
+if TYPE_CHECKING:
+    from ..taintlib import *
+
+
+# Actual tests
+
+def const_eq_clears_taint():
+    ts = TAINTED_STRING
+    if ts == "safe":
+        ensure_not_tainted(ts)
+    # ts should still be tainted after exiting the if block
+    ensure_tainted(ts)
+
+def const_eq_clears_taint2():
+    ts = TAINTED_STRING
+    if ts != "safe":
+        return
+    ensure_not_tainted(ts)
+
+def non_const_eq_preserves_taint(x="foo"):
+    ts = TAINTED_STRING
+    if ts == ts:
+        ensure_tainted(ts)
+    if ts == x:
+        ensure_tainted(ts)
+
+
+# Make tests runable
+
+const_eq_clears_taint()
+const_eq_clears_taint2()
+non_const_eq_preserves_taint()