codeql/python/ql/test/library-tests/examples/custom-sanitizer/test.py at f73876e6ce848e74fb35578f11438e7d508f5f0e · github/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
def random_choice():
    return bool(GLOBAL_UNKOWN_VAR)

def is_safe(arg):
    return UNKNOWN_FUNC(arg)

def true_func():
    return True

def test_basic():
    s = TAINTED_STRING

    if is_safe(s):
        ensure_not_tainted(s)
    else:
        ensure_tainted(s)

    if not is_safe(s):
        ensure_tainted(s)
    else:
        ensure_not_tainted(s)


def test_or():
    s = TAINTED_STRING

    # x or y
    if is_safe(s) or random_choice():
        ensure_tainted(s) # might be tainted
    else:
        ensure_tainted(s) # must be tainted

    # not (x or y)
    if not(is_safe(s) or random_choice()):
        ensure_tainted(s) # must be tainted
    else:
        ensure_tainted(s) # might be tainted

    # not (x or y) == not x and not y   [de Morgan's laws]
    if not is_safe(s) and not random_choice():
        ensure_tainted(s) # must be tainted
    else:
        ensure_tainted(s) # might be tainted


def test_and():
    s = TAINTED_STRING

    # x and y
    if is_safe(s) and random_choice():
        ensure_not_tainted(s) # must not be tainted
    else:
        ensure_tainted(s) # might be tainted

    # not (x and y)
    if not(is_safe(s) and random_choice()):
        ensure_tainted(s) # might be tainted
    else:
        ensure_not_tainted(s)

    # not (x and y) == not x or not y   [de Morgan's laws]
    if not is_safe(s) or not random_choice():
        ensure_tainted(s) # might be tainted
    else:
        ensure_not_tainted(s)


def test_tricky():
    s = TAINTED_STRING

    x = is_safe(s)
    if x:
        ensure_not_tainted(s) # FP

    s_ = s
    if is_safe(s):
        ensure_not_tainted(s_) # FP

def test_nesting_not():
    s = TAINTED_STRING

    if not(not(is_safe(s))):
        ensure_not_tainted(s)
    else:
        ensure_tainted(s)

    if not(not(not(is_safe(s)))):
        ensure_tainted(s)
    else:
        ensure_not_tainted(s)

# Adding `and True` makes the sanitizer trigger when it would otherwise not. See output in
# SanitizedEdges.expected and compare with `test_nesting_not` and `test_basic`
def test_nesting_not_with_and_true():
    s = TAINTED_STRING

    if not(is_safe(s) and True):
        ensure_tainted(s)
    else:
        ensure_not_tainted(s)

    if not(not(is_safe(s) and True)):
        ensure_not_tainted(s)
    else:
        ensure_tainted(s)

    if not(not(not(is_safe(s) and True))):
        ensure_tainted(s)
    else:
        ensure_not_tainted(s)