Python: Update test results for path queries.

Author: Mark Shannon

python/ql/test/query-tests/Security/CWE-022/PathInjection.expected

@@ -1,3 +1,54 @@
-| path_injection.py:10:14:10:44 | argument to open() | This path depends on $@. | path_injection.py:9:12:9:23 | flask.request.args | a user-provided value |
-| path_injection.py:17:14:17:18 | argument to open() | This path depends on $@. | path_injection.py:15:12:15:23 | flask.request.args | a user-provided value |
-| path_injection.py:28:14:28:18 | argument to open() | This path depends on $@. | path_injection.py:24:12:24:23 | flask.request.args | a user-provided value |
+edges
+| ../lib/os/path.py:1:13:1:13 | Taint externally controlled string at ../lib/os/path.py:1 | ../lib/os/path.py:2:22:2:22 | Taint externally controlled string at ../lib/os/path.py:2 |
+| ../lib/os/path.py:1:13:1:13 | Taint externally controlled string at ../lib/os/path.py:1 | ../lib/os/path.py:2:22:2:22 | Taint externally controlled string at ../lib/os/path.py:2 |
+| ../lib/os/path.py:1:13:1:13 | Taint externally controlled string at ../lib/os/path.py:1 | ../lib/os/path.py:2:22:2:22 | Taint externally controlled string at ../lib/os/path.py:2 |
+| ../lib/os/path.py:1:13:1:13 | Taint externally controlled string at ../lib/os/path.py:1 | ../lib/os/path.py:2:22:2:22 | Taint externally controlled string at ../lib/os/path.py:2 |
+| ../lib/os/path.py:2:12:2:22 | Taint externally controlled string at ../lib/os/path.py:2 | path_injection.py:10:14:10:44 | Taint externally controlled string at path_injection.py:10 |
+| ../lib/os/path.py:2:12:2:22 | Taint externally controlled string at ../lib/os/path.py:2 | path_injection.py:16:30:16:60 | Taint externally controlled string at path_injection.py:16 |
+| ../lib/os/path.py:2:12:2:22 | Taint externally controlled string at ../lib/os/path.py:2 | path_injection.py:25:30:25:60 | Taint externally controlled string at path_injection.py:25 |
+| ../lib/os/path.py:2:12:2:22 | Taint externally controlled string at ../lib/os/path.py:2 | path_injection.py:34:30:34:60 | Taint externally controlled string at path_injection.py:34 |
+| ../lib/os/path.py:2:22:2:22 | Taint externally controlled string at ../lib/os/path.py:2 | ../lib/os/path.py:2:12:2:22 | Taint externally controlled string at ../lib/os/path.py:2 |
+| ../lib/os/path.py:2:22:2:22 | Taint externally controlled string at ../lib/os/path.py:2 | ../lib/os/path.py:2:12:2:22 | Taint externally controlled string at ../lib/os/path.py:2 |
+| ../lib/os/path.py:2:22:2:22 | Taint externally controlled string at ../lib/os/path.py:2 | ../lib/os/path.py:2:12:2:22 | Taint externally controlled string at ../lib/os/path.py:2 |
+| ../lib/os/path.py:2:22:2:22 | Taint externally controlled string at ../lib/os/path.py:2 | ../lib/os/path.py:2:12:2:22 | Taint externally controlled string at ../lib/os/path.py:2 |
+| ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 | ../lib/os/path.py:5:12:5:12 | Taint externally controlled string at ../lib/os/path.py:5 |
+| ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 | ../lib/os/path.py:5:12:5:12 | Taint externally controlled string at ../lib/os/path.py:5 |
+| ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 | ../lib/os/path.py:5:12:5:12 | Taint externally controlled string at ../lib/os/path.py:5 |
+| path_injection.py:9:12:9:23 | Taint {externally controlled string} at path_injection.py:9 | path_injection.py:9:12:9:39 | Taint externally controlled string at path_injection.py:9 |
+| path_injection.py:9:12:9:39 | Taint externally controlled string at path_injection.py:9 | path_injection.py:10:40:10:43 | Taint externally controlled string at path_injection.py:10 |
+| path_injection.py:10:40:10:43 | Taint externally controlled string at path_injection.py:10 | ../lib/os/path.py:1:13:1:13 | Taint externally controlled string at ../lib/os/path.py:1 |
+| path_injection.py:10:40:10:43 | Taint externally controlled string at path_injection.py:10 | path_injection.py:10:14:10:44 | Taint externally controlled string at path_injection.py:10 |
+| path_injection.py:15:12:15:23 | Taint {externally controlled string} at path_injection.py:15 | path_injection.py:15:12:15:39 | Taint externally controlled string at path_injection.py:15 |
+| path_injection.py:15:12:15:39 | Taint externally controlled string at path_injection.py:15 | path_injection.py:16:56:16:59 | Taint externally controlled string at path_injection.py:16 |
+| path_injection.py:16:13:16:61 | Taint normalized.path.injection at path_injection.py:16 | path_injection.py:17:14:17:18 | Taint normalized.path.injection at path_injection.py:17 |
+| path_injection.py:16:30:16:60 | Taint externally controlled string at path_injection.py:16 | ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 |
+| path_injection.py:16:30:16:60 | Taint externally controlled string at path_injection.py:16 | path_injection.py:16:13:16:61 | Taint normalized.path.injection at path_injection.py:16 |
+| path_injection.py:16:56:16:59 | Taint externally controlled string at path_injection.py:16 | ../lib/os/path.py:1:13:1:13 | Taint externally controlled string at ../lib/os/path.py:1 |
+| path_injection.py:16:56:16:59 | Taint externally controlled string at path_injection.py:16 | path_injection.py:16:30:16:60 | Taint externally controlled string at path_injection.py:16 |
+| path_injection.py:24:12:24:23 | Taint {externally controlled string} at path_injection.py:24 | path_injection.py:24:12:24:39 | Taint externally controlled string at path_injection.py:24 |
+| path_injection.py:24:12:24:39 | Taint externally controlled string at path_injection.py:24 | path_injection.py:25:56:25:59 | Taint externally controlled string at path_injection.py:25 |
+| path_injection.py:25:13:25:61 | Taint normalized.path.injection at path_injection.py:25 | path_injection.py:26:8:26:12 | Taint normalized.path.injection at path_injection.py:26 |
+| path_injection.py:25:13:25:61 | Taint normalized.path.injection at path_injection.py:25 | path_injection.py:28:14:28:18 | Taint normalized.path.injection at path_injection.py:28 |
+| path_injection.py:25:30:25:60 | Taint externally controlled string at path_injection.py:25 | ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 |
+| path_injection.py:25:30:25:60 | Taint externally controlled string at path_injection.py:25 | path_injection.py:25:13:25:61 | Taint normalized.path.injection at path_injection.py:25 |
+| path_injection.py:25:56:25:59 | Taint externally controlled string at path_injection.py:25 | ../lib/os/path.py:1:13:1:13 | Taint externally controlled string at ../lib/os/path.py:1 |
+| path_injection.py:25:56:25:59 | Taint externally controlled string at path_injection.py:25 | path_injection.py:25:30:25:60 | Taint externally controlled string at path_injection.py:25 |
+| path_injection.py:33:12:33:23 | Taint {externally controlled string} at path_injection.py:33 | path_injection.py:33:12:33:39 | Taint externally controlled string at path_injection.py:33 |
+| path_injection.py:33:12:33:39 | Taint externally controlled string at path_injection.py:33 | path_injection.py:34:56:34:59 | Taint externally controlled string at path_injection.py:34 |
+| path_injection.py:34:13:34:61 | Taint normalized.path.injection at path_injection.py:34 | path_injection.py:35:8:35:12 | Taint normalized.path.injection at path_injection.py:35 |
+| path_injection.py:34:30:34:60 | Taint externally controlled string at path_injection.py:34 | ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 |
+| path_injection.py:34:30:34:60 | Taint externally controlled string at path_injection.py:34 | path_injection.py:34:13:34:61 | Taint normalized.path.injection at path_injection.py:34 |
+| path_injection.py:34:56:34:59 | Taint externally controlled string at path_injection.py:34 | ../lib/os/path.py:1:13:1:13 | Taint externally controlled string at ../lib/os/path.py:1 |
+| path_injection.py:34:56:34:59 | Taint externally controlled string at path_injection.py:34 | path_injection.py:34:30:34:60 | Taint externally controlled string at path_injection.py:34 |
+parents
+| ../lib/os/path.py:1:13:1:13 | Taint externally controlled string at ../lib/os/path.py:1 | path_injection.py:10:40:10:43 | Taint externally controlled string at path_injection.py:10 |
+| ../lib/os/path.py:1:13:1:13 | Taint externally controlled string at ../lib/os/path.py:1 | path_injection.py:16:56:16:59 | Taint externally controlled string at path_injection.py:16 |
+| ../lib/os/path.py:1:13:1:13 | Taint externally controlled string at ../lib/os/path.py:1 | path_injection.py:25:56:25:59 | Taint externally controlled string at path_injection.py:25 |
+| ../lib/os/path.py:1:13:1:13 | Taint externally controlled string at ../lib/os/path.py:1 | path_injection.py:34:56:34:59 | Taint externally controlled string at path_injection.py:34 |
+| ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 | path_injection.py:16:30:16:60 | Taint externally controlled string at path_injection.py:16 |
+| ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 | path_injection.py:25:30:25:60 | Taint externally controlled string at path_injection.py:25 |
+| ../lib/os/path.py:4:14:4:14 | Taint externally controlled string at ../lib/os/path.py:4 | path_injection.py:34:30:34:60 | Taint externally controlled string at path_injection.py:34 |
+#select
+| path_injection.py:10:14:10:44 | argument to open() | path_injection.py:9:12:9:23 | Taint {externally controlled string} at path_injection.py:9 | path_injection.py:10:14:10:44 | Taint externally controlled string at path_injection.py:10 | This path depends on $@. | path_injection.py:9:12:9:23 | flask.request.args | a user-provided value |
+| path_injection.py:17:14:17:18 | argument to open() | path_injection.py:15:12:15:23 | Taint {externally controlled string} at path_injection.py:15 | path_injection.py:17:14:17:18 | Taint normalized.path.injection at path_injection.py:17 | This path depends on $@. | path_injection.py:15:12:15:23 | flask.request.args | a user-provided value |
+| path_injection.py:28:14:28:18 | argument to open() | path_injection.py:24:12:24:23 | Taint {externally controlled string} at path_injection.py:24 | path_injection.py:28:14:28:18 | Taint normalized.path.injection at path_injection.py:28 | This path depends on $@. | path_injection.py:24:12:24:23 | flask.request.args | a user-provided value |

python/ql/test/query-tests/Security/CWE-078/CommandInjection.expected

@@ -1,3 +1,19 @@
-| command_injection.py:12:15:12:27 | shell command | This command depends on $@. | command_injection.py:10:13:10:24 | flask.request.args | a user-provided value |
-| command_injection.py:19:22:19:34 | shell command | This command depends on $@. | command_injection.py:17:13:17:24 | flask.request.args | a user-provided value |
-| command_injection.py:25:22:25:36 | OS command first argument | This command depends on $@. | command_injection.py:24:11:24:22 | flask.request.args | a user-provided value |
+edges
+| command_injection.py:10:13:10:24 | Taint {externally controlled string} at command_injection.py:10 | command_injection.py:10:13:10:41 | Taint externally controlled string at command_injection.py:10 |
+| command_injection.py:10:13:10:41 | Taint externally controlled string at command_injection.py:10 | command_injection.py:12:23:12:27 | Taint externally controlled string at command_injection.py:12 |
+| command_injection.py:12:15:12:27 | Taint externally controlled string at command_injection.py:12 | ../lib/os/__init__.py:1:12:1:14 | Taint externally controlled string at ../lib/os/__init__.py:1 |
+| command_injection.py:12:23:12:27 | Taint externally controlled string at command_injection.py:12 | command_injection.py:12:15:12:27 | Taint externally controlled string at command_injection.py:12 |
+| command_injection.py:17:13:17:24 | Taint {externally controlled string} at command_injection.py:17 | command_injection.py:17:13:17:41 | Taint externally controlled string at command_injection.py:17 |
+| command_injection.py:17:13:17:41 | Taint externally controlled string at command_injection.py:17 | command_injection.py:19:29:19:33 | Taint externally controlled string at command_injection.py:19 |
+| command_injection.py:19:29:19:33 | Taint externally controlled string at command_injection.py:19 | command_injection.py:19:22:19:34 | Taint [externally controlled string] at command_injection.py:19 |
+| command_injection.py:24:11:24:22 | Taint {externally controlled string} at command_injection.py:24 | command_injection.py:24:11:24:37 | Taint externally controlled string at command_injection.py:24 |
+| command_injection.py:24:11:24:37 | Taint externally controlled string at command_injection.py:24 | command_injection.py:25:23:25:25 | Taint externally controlled string at command_injection.py:25 |
+| command_injection.py:25:23:25:25 | Taint externally controlled string at command_injection.py:25 | command_injection.py:25:22:25:36 | Taint [externally controlled string] at command_injection.py:25 |
+| command_injection.py:25:23:25:25 | Taint externally controlled string at command_injection.py:25 | command_injection.py:25:22:25:36 | Taint sequence[externally controlled string][0] at command_injection.py:25 |
+parents
+| ../lib/os/__init__.py:1:12:1:14 | Taint externally controlled string at ../lib/os/__init__.py:1 | command_injection.py:12:15:12:27 | Taint externally controlled string at command_injection.py:12 |
+#select
+| command_injection.py:12:15:12:27 | shell command | command_injection.py:10:13:10:24 | Taint {externally controlled string} at command_injection.py:10 | command_injection.py:12:15:12:27 | Taint externally controlled string at command_injection.py:12 | This command depends on $@. | command_injection.py:10:13:10:24 | flask.request.args | a user-provided value |
+| command_injection.py:19:22:19:34 | shell command | command_injection.py:17:13:17:24 | Taint {externally controlled string} at command_injection.py:17 | command_injection.py:19:22:19:34 | Taint [externally controlled string] at command_injection.py:19 | This command depends on $@. | command_injection.py:17:13:17:24 | flask.request.args | a user-provided value |
+| command_injection.py:25:22:25:36 | OS command first argument | command_injection.py:24:11:24:22 | Taint {externally controlled string} at command_injection.py:24 | command_injection.py:25:22:25:36 | Taint [externally controlled string] at command_injection.py:25 | This command depends on $@. | command_injection.py:24:11:24:22 | flask.request.args | a user-provided value |
+| command_injection.py:25:22:25:36 | OS command first argument | command_injection.py:24:11:24:22 | Taint {externally controlled string} at command_injection.py:24 | command_injection.py:25:22:25:36 | Taint sequence[externally controlled string][0] at command_injection.py:25 | This command depends on $@. | command_injection.py:24:11:24:22 | flask.request.args | a user-provided value |

python/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected

@@ -1 +1,13 @@
-| ../lib/flask/__init__.py:16:25:16:26 | flask.response.argument | Cross-site scripting vulnerability due to $@. | reflected_xss.py:7:18:7:29 | flask.request.args | user-provided value |
+edges
+| ../lib/flask/__init__.py:14:19:14:20 | Taint externally controlled string at ../lib/flask/__init__.py:14 | ../lib/flask/__init__.py:15:19:15:20 | Taint externally controlled string at ../lib/flask/__init__.py:15 |
+| ../lib/flask/__init__.py:14:19:14:20 | Taint externally controlled string at ../lib/flask/__init__.py:14 | ../lib/flask/__init__.py:16:25:16:26 | Taint externally controlled string at ../lib/flask/__init__.py:16 |
+| reflected_xss.py:7:18:7:29 | Taint {externally controlled string} at reflected_xss.py:7 | reflected_xss.py:7:18:7:45 | Taint externally controlled string at reflected_xss.py:7 |
+| reflected_xss.py:7:18:7:45 | Taint externally controlled string at reflected_xss.py:7 | reflected_xss.py:8:44:8:53 | Taint externally controlled string at reflected_xss.py:8 |
+| reflected_xss.py:8:26:8:53 | Taint externally controlled string at reflected_xss.py:8 | ../lib/flask/__init__.py:14:19:14:20 | Taint externally controlled string at ../lib/flask/__init__.py:14 |
+| reflected_xss.py:8:44:8:53 | Taint externally controlled string at reflected_xss.py:8 | reflected_xss.py:8:26:8:53 | Taint externally controlled string at reflected_xss.py:8 |
+| reflected_xss.py:12:18:12:29 | Taint {externally controlled string} at reflected_xss.py:12 | reflected_xss.py:12:18:12:45 | Taint externally controlled string at reflected_xss.py:12 |
+| reflected_xss.py:12:18:12:45 | Taint externally controlled string at reflected_xss.py:12 | reflected_xss.py:13:51:13:60 | Taint externally controlled string at reflected_xss.py:13 |
+parents
+| ../lib/flask/__init__.py:14:19:14:20 | Taint externally controlled string at ../lib/flask/__init__.py:14 | reflected_xss.py:8:26:8:53 | Taint externally controlled string at reflected_xss.py:8 |
+#select
+| ../lib/flask/__init__.py:16:25:16:26 | flask.response.argument | reflected_xss.py:7:18:7:29 | Taint {externally controlled string} at reflected_xss.py:7 | ../lib/flask/__init__.py:16:25:16:26 | Taint externally controlled string at ../lib/flask/__init__.py:16 | Cross-site scripting vulnerability due to $@. | reflected_xss.py:7:18:7:29 | flask.request.args | user-provided value |

python/ql/test/query-tests/Security/CWE-089/SqlInjection.expected

@@ -1,4 +1,13 @@
-| sql_injection.py:19:13:19:66 | db.connection.execute | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
-| sql_injection.py:22:38:22:91 | django.db.models.expressions.RawSQL(sink,...) | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
-| sql_injection.py:23:26:23:79 | django.models.QuerySet.raw(sink,...) | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
-| sql_injection.py:24:28:24:81 | django.models.QuerySet.extra(sink,...) | This SQL query depends on $@. | sql_injection.py:9:15:9:21 | Django request source | a user-provided value |
+edges
+| sql_injection.py:5:15:5:21 | Taint django.request.HttpRequest at sql_injection.py:5 | sql_injection.py:7:8:7:14 | Taint django.request.HttpRequest at sql_injection.py:7 |
+| sql_injection.py:5:15:5:21 | Taint django.request.HttpRequest at sql_injection.py:5 | sql_injection.py:8:16:8:22 | Taint django.request.HttpRequest at sql_injection.py:8 |
+| sql_injection.py:8:16:8:22 | Taint django.request.HttpRequest at sql_injection.py:8 | sql_injection.py:8:16:8:27 | Taint django.http.request.QueryDict at sql_injection.py:8 |
+| sql_injection.py:8:16:8:27 | Taint django.http.request.QueryDict at sql_injection.py:8 | sql_injection.py:8:16:8:39 | Taint externally controlled string at sql_injection.py:8 |
+| sql_injection.py:8:16:8:39 | Taint externally controlled string at sql_injection.py:8 | sql_injection.py:12:62:12:65 | Taint externally controlled string at sql_injection.py:12 |
+| sql_injection.py:8:16:8:39 | Taint externally controlled string at sql_injection.py:8 | sql_injection.py:15:63:15:66 | Taint externally controlled string at sql_injection.py:15 |
+| sql_injection.py:9:16:9:34 | Taint django.db.connection.cursor at sql_injection.py:9 | sql_injection.py:11:9:11:12 | Taint django.db.connection.cursor at sql_injection.py:11 |
+| sql_injection.py:9:16:9:34 | Taint django.db.connection.cursor at sql_injection.py:9 | sql_injection.py:14:9:14:12 | Taint django.db.connection.cursor at sql_injection.py:14 |
+| sql_injection.py:15:63:15:66 | Taint externally controlled string at sql_injection.py:15 | sql_injection.py:15:13:15:66 | Taint externally controlled string at sql_injection.py:15 |
+parents
+#select
+| sql_injection.py:15:13:15:66 | db.connection.execute | sql_injection.py:5:15:5:21 | Taint django.request.HttpRequest at sql_injection.py:5 | sql_injection.py:15:13:15:66 | Taint externally controlled string at sql_injection.py:15 | This SQL query depends on $@. | sql_injection.py:5:15:5:21 | Django request source | a user-provided value |