Python: Add tests for extended iterable unpacking

Author: RasmusWL

python/ql/test/3/library-tests/taint/unpacking/Taint.qll

@@ -0,0 +1,27 @@
+import python
+import semmle.python.security.TaintTracking
+import semmle.python.security.strings.Untrusted
+
+class SimpleSource extends TaintSource {
+    SimpleSource() { this.(NameNode).getId() = "TAINTED_STRING" }
+
+    override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringKind }
+
+    override string toString() { result = "taint source" }
+}
+
+class ListSource extends TaintSource {
+    ListSource() { this.(NameNode).getId() = "TAINTED_LIST" }
+
+    override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringSequenceKind }
+
+    override string toString() { result = "list taint source" }
+}
+
+class DictSource extends TaintSource {
+    DictSource() { this.(NameNode).getId() = "TAINTED_DICT" }
+
+    override predicate isSourceOf(TaintKind kind) { kind instanceof ExternalStringDictKind }
+
+    override string toString() { result = "dict taint source" }
+}

python/ql/test/3/library-tests/taint/unpacking/TestTaint.expected

@@ -0,0 +1,6 @@
+| test.py:11 | extended_unpacking | first | externally controlled string |
+| test.py:11 | extended_unpacking | last | externally controlled string |
+| test.py:11 | extended_unpacking | rest | NO TAINT |
+| test.py:16 | also_allowed | a | NO TAINT |
+| test.py:24 | also_allowed | b | NO TAINT |
+| test.py:24 | also_allowed | c | NO TAINT |

python/ql/test/3/library-tests/taint/unpacking/TestTaint.ql

@@ -0,0 +1,18 @@
+import python
+import semmle.python.security.TaintTracking
+import Taint
+
+from Call call, Expr arg, string taint_string
+where
+    call.getLocation().getFile().getShortName() = "test.py" and
+    call.getFunc().(Name).getId() = "test" and
+    arg = call.getAnArg() and
+    (
+        not exists(TaintedNode tainted | tainted.getAstNode() = arg) and
+        taint_string = "NO TAINT"
+        or
+        exists(TaintedNode tainted | tainted.getAstNode() = arg |
+            taint_string = tainted.getTaintKind().toString()
+        )
+    )
+select arg.getLocation().toString(), call.getScope().(Function).getName(), arg.toString(), taint_string

python/ql/test/3/library-tests/taint/unpacking/test.py

@@ -0,0 +1,24 @@
+# Extended Iterable Unpacking -- PEP 3132
+# https://www.python.org/dev/peps/pep-3132/
+
+
+def test(*args):
+    pass
+
+
+def extended_unpacking():
+    first, *rest, last = TAINTED_LIST
+    test(first, rest, last) # TODO: mark `rest` as [taint]
+
+
+def also_allowed():
+    *a, = TAINTED_LIST
+    test(a) # TODO: mark `a` as [taint]
+
+    # for b, *c in [(1, 2, 3), (4, 5, 6, 7)]:
+        # print(c)
+        # i=0; c=[2,3]
+        # i=1; c=[5,6,7]
+
+    for b, *c in [TAINTED_LIST, TAINTED_LIST]:
+        test(b, c) # TODO: mark `c` as [taint]