def test_label_contains(self):
cfg_node = Node('label', None, line_number=None, path=None)
trigger_words = [('get', [])]
l = list(vulnerabilities.label_contains(cfg_node, trigger_words))
self.assert_length(l, expected_length=0)
cfg_node = Node('request.get("stefan")',
None,
line_number=None,
path=None)
trigger_words = [('get', []), ('request', [])]
l = list(vulnerabilities.label_contains(cfg_node, trigger_words))
self.assert_length(l, expected_length=2)
trigger_node_1 = l[0]
trigger_node_2 = l[1]
self.assertEqual(trigger_node_1.trigger_word, 'get')
self.assertEqual(trigger_node_1.cfg_node, cfg_node)
self.assertEqual(trigger_node_2.trigger_word, 'request')
self.assertEqual(trigger_node_2.cfg_node, cfg_node)
cfg_node = Node('request.get("stefan")',
None,
line_number=None,
path=None)
trigger_words = [('get', []), ('get', [])]
l = list(vulnerabilities.label_contains(cfg_node, trigger_words))
self.assert_length(l, expected_length=2)
def test_is_sanitised_true(self):
cfg_node_1 = Node('Awesome sanitiser',
None,
line_number=None,
path=None)
cfg_node_2 = Node('something.replace("this", "with this")',
None,
line_number=None,
path=None)
sinks_in_file = [
vulnerabilities.TriggerNode('replace', ['escape'], cfg_node_2)
]
sanitiser_dict = {'escape': [cfg_node_1]}
# We should use mock instead
orginal_get_lattice_elements = ReachingDefinitionsTaintAnalysis.get_lattice_elements
ReachingDefinitionsTaintAnalysis.get_lattice_elements = self.get_lattice_elements
lattice = Lattice([cfg_node_1, cfg_node_2],
analysis_type=ReachingDefinitionsTaintAnalysis)
constraint_table[cfg_node_2] = 0b1
result = vulnerabilities.is_sanitised(sinks_in_file[0], sanitiser_dict,
lattice)
self.assertEqual(result, True)
# Clean up
ReachingDefinitionsTaintAnalysis.get_lattice_elements = orginal_get_lattice_elements
def test_find_sanitiser_nodes(self):
cfg_node = Node(None, None, line_number=None, path=None)
sanitiser_tuple = vulnerabilities.Sanitiser('escape', cfg_node)
sanitiser = 'escape'
result = list(vulnerabilities.find_sanitiser_nodes(sanitiser, [sanitiser_tuple]))
self.assert_length(result, expected_length=1)
self.assertEqual(result[0], cfg_node)
def test_is_sanitized_false(self):
cfg_node_1 = Node('Not sanitising at all',
None,
line_number=None,
path=None)
cfg_node_2 = Node('something.replace("this", "with this")',
None,
line_number=None,
path=None)
sinks_in_file = [
vulnerabilities.TriggerNode('replace', ['escape'], cfg_node_2)
]
sanitiser_dict = {'escape': [cfg_node_1]}
ReachingDefinitionsTaintAnalysis.get_lattice_elements = self.get_lattice_elements
lattice = Lattice([cfg_node_1, cfg_node_2],
analysis_type=ReachingDefinitionsTaintAnalysis)
constraint_table[cfg_node_1] = 0
constraint_table[cfg_node_2] = 0
result = vulnerabilities.is_sanitized(sinks_in_file[0], sanitiser_dict,
lattice)
self.assertEqual(result, False)
def test_build_sanitiser_node_dict(self):
self.cfg_create_from_file('example/vulnerable_code/XSS_sanitised.py')
cfg_list = [self.cfg]
FrameworkAdaptor(cfg_list, [], [], is_flask_route_function)
cfg = cfg_list[1]
cfg_node = Node(None, None, line_number=None, path=None)
sinks_in_file = [vulnerabilities.TriggerNode('replace', ['escape'], cfg_node)]
sanitiser_dict = vulnerabilities.build_sanitiser_node_dict(cfg, sinks_in_file)
self.assert_length(sanitiser_dict, expected_length=1)
self.assertIn('escape', sanitiser_dict.keys())
self.assertEqual(sanitiser_dict['escape'][0], cfg.nodes[3])