def test_label_contains(self): cfg_node = Node('label', None, line_number=None, path=None) trigger_words = [('get', [])] l = list(vulnerabilities.label_contains(cfg_node, trigger_words)) self.assert_length(l, expected_length=0) cfg_node = Node('request.get("stefan")', None, line_number=None, path=None) trigger_words = [('get', []), ('request', [])] l = list(vulnerabilities.label_contains(cfg_node, trigger_words)) self.assert_length(l, expected_length=2) trigger_node_1 = l[0] trigger_node_2 = l[1] self.assertEqual(trigger_node_1.trigger_word, 'get') self.assertEqual(trigger_node_1.cfg_node, cfg_node) self.assertEqual(trigger_node_2.trigger_word, 'request') self.assertEqual(trigger_node_2.cfg_node, cfg_node) cfg_node = Node('request.get("stefan")', None, line_number=None, path=None) trigger_words = [('get', []), ('get', [])] l = list(vulnerabilities.label_contains(cfg_node, trigger_words)) self.assert_length(l, expected_length=2)
def test_find_sanitiser_nodes(self): cfg_node = Node(None, None, line_number=None, path=None) sanitiser_tuple = vulnerabilities.Sanitiser('escape', cfg_node) sanitiser = 'escape' result = list(vulnerabilities.find_sanitiser_nodes(sanitiser, [sanitiser_tuple])) self.assert_length(result, expected_length=1) self.assertEqual(result[0], cfg_node)
def test_is_sanitised_true(self): cfg_node_1 = Node('Awesome sanitiser', None, line_number=None, path=None) cfg_node_2 = Node('something.replace("this", "with this")', None, line_number=None, path=None) sinks_in_file = [vulnerabilities.TriggerNode('replace', ['escape'], cfg_node_2)] sanitiser_dict = {'escape': [cfg_node_1]} # We should use mock instead orginal_get_lattice_elements = ReachingDefinitionsTaintAnalysis.get_lattice_elements ReachingDefinitionsTaintAnalysis.get_lattice_elements = self.get_lattice_elements lattice = Lattice([cfg_node_1, cfg_node_2], analysis_type=ReachingDefinitionsTaintAnalysis) constraint_table[cfg_node_2] = 0b1 result = vulnerabilities.is_sanitised(sinks_in_file[0], sanitiser_dict, lattice) self.assertEqual(result, True) # Clean up ReachingDefinitionsTaintAnalysis.get_lattice_elements = orginal_get_lattice_elements
def test_build_sanitiser_node_dict(self): self.cfg_create_from_file('examples/vulnerable_code/XSS_sanitised.py') cfg_list = [self.cfg] FrameworkAdaptor(cfg_list, [], [], is_flask_route_function) cfg = cfg_list[1] cfg_node = Node(None, None, line_number=None, path=None) sinks_in_file = [vulnerabilities.TriggerNode('replace', ['escape'], cfg_node)] sanitiser_dict = vulnerabilities.build_sanitiser_node_dict(cfg, sinks_in_file) self.assert_length(sanitiser_dict, expected_length=1) self.assertIn('escape', sanitiser_dict.keys()) self.assertEqual(sanitiser_dict['escape'][0], cfg.nodes[3])