Python: Add more urlsplit tests

RasmusWL · RasmusWL · commit 798db91f7153 · 2020-02-21T15:51:33.000+01:00
diff --git a/python/ql/test/library-tests/taint/namedtuple/TestTaint.expected b/python/ql/test/library-tests/taint/namedtuple/TestTaint.expected
@@ -5,7 +5,10 @@
 | test.py:13 | test_basic | urlsplit_res | [externally controlled string] |
 | test.py:20 | test_sanitizer | Attribute | NO TAINT |
 | test.py:23 | test_sanitizer | Subscript | NO TAINT |
-| test.py:33 | test_namedtuple | a | NO TAINT |
-| test.py:33 | test_namedtuple | b | NO TAINT |
-| test.py:33 | test_namedtuple | c | NO TAINT |
-| test.py:33 | test_namedtuple | d | NO TAINT |
+| test.py:26 | test_sanitizer | Attribute | NO TAINT |
+| test.py:29 | test_sanitizer | Attribute | externally controlled string |
+| test.py:32 | test_sanitizer | Attribute | externally controlled string |
+| test.py:42 | test_namedtuple | a | NO TAINT |
+| test.py:42 | test_namedtuple | b | NO TAINT |
+| test.py:42 | test_namedtuple | c | NO TAINT |
+| test.py:42 | test_namedtuple | d | NO TAINT |
diff --git a/python/ql/test/library-tests/taint/namedtuple/test.py b/python/ql/test/library-tests/taint/namedtuple/test.py
@@ -22,6 +22,15 @@ def test_sanitizer():
     if urlsplit_res[2] == "OK":
         test(urlsplit_res[0])
 
+    if urlsplit_res.netloc == "OK":
+        test(urlsplit_res.path) # FN
+
+    if urlsplit_res.netloc in ["OK"]:
+        test(urlsplit_res.netloc) # FP
+
+    if urlsplit_res.netloc in ["OK", non_constant()]:
+        test(urlsplit_res.netloc) # should be tainted
+
 def test_namedtuple():
     tainted_string = TAINTED_STRING
     Point = namedtuple('Point', ['x', 'y'])
