def test_label_contains(self):
cfg_node = Node('label', None, line_number=None, path=None)
trigger_words = [Source('get')]
list_ = list(vulnerabilities.label_contains(cfg_node, trigger_words))
self.assert_length(list_, expected_length=0)
cfg_node = Node('request.get("stefan")',
None,
line_number=None,
path=None)
trigger_words = [Sink('request'), Source('get')]
list_ = list(vulnerabilities.label_contains(cfg_node, trigger_words))
self.assert_length(list_, expected_length=2)
trigger_node_1 = list_[0]
trigger_node_2 = list_[1]
self.assertEqual(trigger_node_1.trigger_word, 'request')
self.assertEqual(trigger_node_1.cfg_node, cfg_node)
self.assertEqual(trigger_node_2.trigger_word, 'get')
self.assertEqual(trigger_node_2.cfg_node, cfg_node)
cfg_node = Node('request.get("stefan")',
None,
line_number=None,
path=None)
trigger_words = [Source('get'), Source('get'), Sink('get(')]
list_ = list(vulnerabilities.label_contains(cfg_node, trigger_words))
self.assert_length(list_, expected_length=3)
def test_find_triggers(self):
self.cfg_create_from_file('examples/vulnerable_code/XSS.py')
cfg_list = [self.cfg]
FrameworkAdaptor(cfg_list, [], [], is_flask_route_function)
XSS1 = cfg_list[1]
trigger_words = [Source('get')]
list_ = vulnerabilities.find_triggers(XSS1.nodes,
trigger_words,
nosec_lines=set())
self.assert_length(list_, expected_length=1)