Python: Highlight that any comparison will clear taint

RasmusWL · RasmusWL · commit 1498145415d8 · 2020-01-21T15:24:56.000+01:00
diff --git a/python/ql/test/library-tests/taint/general/TestDefn.expected b/python/ql/test/library-tests/taint/general/TestDefn.expected
@@ -93,3 +93,6 @@
 | test.py:208 | List | test.py:208 | Taint sequence of simple.test | seq |
 | test.py:209 | For | test.py:209 | Taint simple.test | i |
 | test.py:213 | For | test.py:213 | Taint simple.test | x |
+| test.py:217 | SOURCE | test.py:217 | Taint simple.test | tainted |
+| test.py:223 | SOURCE | test.py:223 | Taint simple.test | tainted |
+| test.py:229 | SOURCE | test.py:229 | Taint simple.test | tainted |
diff --git a/python/ql/test/library-tests/taint/general/TestSink.expected b/python/ql/test/library-tests/taint/general/TestSink.expected
@@ -38,3 +38,4 @@
 | simple.test | test.py:195 | 197 | t | simple.test |
 | simple.test | test.py:195 | 199 | t | simple.test |
 | simple.test | test.py:208 | 214 | x | simple.test |
+| simple.test | test.py:217 | 220 | tainted | simple.test |
diff --git a/python/ql/test/library-tests/taint/general/TestSource.expected b/python/ql/test/library-tests/taint/general/TestSource.expected
@@ -45,3 +45,6 @@
 | test.py:195 | SOURCE | simple.test |
 | test.py:202 | ITERABLE_SOURCE | iterable.simple |
 | test.py:208 | SOURCE | simple.test |
+| test.py:217 | SOURCE | simple.test |
+| test.py:223 | SOURCE | simple.test |
+| test.py:229 | SOURCE | simple.test |
diff --git a/python/ql/test/library-tests/taint/general/TestStep.expected b/python/ql/test/library-tests/taint/general/TestStep.expected
@@ -199,3 +199,7 @@
 | simple.test | test.py:210 | i |  | --> | iterable.simple | test.py:213 | flow_in_generator() |  |
 | simple.test | test.py:210 | i |  | --> | sequence of simple.test | test.py:213 | flow_in_generator() |  |
 | simple.test | test.py:213 | For |  | --> | simple.test | test.py:214 | x |  |
+| simple.test | test.py:217 | SOURCE |  | --> | simple.test | test.py:218 | tainted |  |
+| simple.test | test.py:217 | SOURCE |  | --> | simple.test | test.py:220 | tainted |  |
+| simple.test | test.py:223 | SOURCE |  | --> | simple.test | test.py:224 | tainted |  |
+| simple.test | test.py:229 | SOURCE |  | --> | simple.test | test.py:230 | tainted |  |
diff --git a/python/ql/test/library-tests/taint/general/TestVar.expected b/python/ql/test/library-tests/taint/general/TestVar.expected
@@ -193,3 +193,10 @@
 | test.py:213 | x_0 | test.py:213 | Taint simple.test |
 | test.py:213 | x_1 | test.py:213 | Taint simple.test |
 | test.py:214 | x_2 | test.py:214 | Taint simple.test |
+| test.py:217 | tainted_0 | test.py:217 | Taint simple.test |
+| test.py:220 | tainted_3 | test.py:220 | Taint simple.test |
+| test.py:220 | tainted_4 | test.py:220 | Taint simple.test |
+| test.py:220 | tainted_5 | test.py:220 | Taint simple.test |
+| test.py:223 | tainted_0 | test.py:223 | Taint simple.test |
+| test.py:225 | tainted_1 | test.py:225 | Taint simple.test |
+| test.py:229 | tainted_0 | test.py:229 | Taint simple.test |
diff --git a/python/ql/test/library-tests/taint/general/test.py b/python/ql/test/library-tests/taint/general/test.py
@@ -213,3 +213,21 @@ def flow_from_generator():
     for x in flow_in_generator():
         SINK(x)
 
+def const_eq_clears_taint():
+    tainted = SOURCE
+    if tainted == "safe":
+        SINK(tainted) # safe
+    SINK(tainted) # unsafe
+
+def const_eq_clears_taint2():
+    tainted = SOURCE
+    if tainted != "safe":
+        return
+    SINK(tainted) # safe
+
+def non_const_eq_preserves_taint(x):
+    tainted = SOURCE
+    if tainted == tainted:
+        SINK(tainted) # unsafe
+    if tainted == x:
+        SINK(tainted) # unsafe
