Python: Use getCommand as tag in ConceptsTest

RasmusWL · RasmusWL · commit e5b9ac8d9c38 · 2020-10-02T14:12:41.000+02:00
diff --git a/python/ql/test/experimental/library-tests/frameworks/stdlib/SystemCommandExecution.py b/python/ql/test/experimental/library-tests/frameworks/stdlib/SystemCommandExecution.py
@@ -13,8 +13,8 @@
 
 # can't use a string literal with spaces in the tags of an InlineExpectationsTest, so using variables :|
 
-os.popen("cmd1; cmd2")  # $SystemCommandExecution_getCommand="cmd1; cmd2"
-os.system("cmd1; cmd2")  # $SystemCommandExecution_getCommand="cmd1; cmd2"
+os.popen("cmd1; cmd2")  # $getCommand="cmd1; cmd2"
+os.system("cmd1; cmd2")  # $getCommand="cmd1; cmd2"
 
 
 def os_members():
@@ -24,8 +24,8 @@ def os_members():
     # :|
     from os import popen, system
 
-    popen("cmd1; cmd2")  # $SystemCommandExecution_getCommand="cmd1; cmd2"
-    system("cmd1; cmd2")  # $SystemCommandExecution_getCommand="cmd1; cmd2"
+    popen("cmd1; cmd2")  # $getCommand="cmd1; cmd2"
+    system("cmd1; cmd2")  # $getCommand="cmd1; cmd2"
 
 
 ########################################
@@ -36,92 +36,92 @@ def os_members():
 # clever in our analysis that discards that code, I used `if UNKNOWN` instead
 if UNKNOWN:
     env = {"FOO": "foo"}
-    os.execl("executable", "<progname>", "arg0")  # $SystemCommandExecution_getCommand="executable"
-    os.execle("executable", "<progname>", "arg0", env)  # $SystemCommandExecution_getCommand="executable"
-    os.execlp("executable", "<progname>", "arg0")  # $SystemCommandExecution_getCommand="executable"
-    os.execlpe("executable", "<progname>", "arg0", env)  # $SystemCommandExecution_getCommand="executable"
-    os.execv("executable", ["<progname>", "arg0"])  # $SystemCommandExecution_getCommand="executable"
-    os.execve("executable", ["<progname>", "arg0"], env)  # $SystemCommandExecution_getCommand="executable"
-    os.execvp("executable", ["<progname>", "arg0"])  # $SystemCommandExecution_getCommand="executable"
-    os.execvpe("executable", ["<progname>", "arg0"], env)  # $SystemCommandExecution_getCommand="executable"
+    os.execl("executable", "<progname>", "arg0")  # $getCommand="executable"
+    os.execle("executable", "<progname>", "arg0", env)  # $getCommand="executable"
+    os.execlp("executable", "<progname>", "arg0")  # $getCommand="executable"
+    os.execlpe("executable", "<progname>", "arg0", env)  # $getCommand="executable"
+    os.execv("executable", ["<progname>", "arg0"])  # $getCommand="executable"
+    os.execve("executable", ["<progname>", "arg0"], env)  # $getCommand="executable"
+    os.execvp("executable", ["<progname>", "arg0"])  # $getCommand="executable"
+    os.execvpe("executable", ["<progname>", "arg0"], env)  # $getCommand="executable"
 
 
 ########################################
 # https://docs.python.org/3.8/library/os.html#os.spawnl
 env = {"FOO": "foo"}
-os.spawnl(os.P_WAIT, "executable", "<progname>", "arg0")  # $SystemCommandExecution_getCommand="executable"
-os.spawnle(os.P_WAIT, "executable", "<progname>", "arg0", env)  # $SystemCommandExecution_getCommand="executable"
-os.spawnlp(os.P_WAIT, "executable", "<progname>", "arg0")  # $SystemCommandExecution_getCommand="executable"
-os.spawnlpe(os.P_WAIT, "executable", "<progname>", "arg0", env)  # $SystemCommandExecution_getCommand="executable"
-os.spawnv(os.P_WAIT, "executable", ["<progname>", "arg0"])  # $SystemCommandExecution_getCommand="executable"
-os.spawnve(os.P_WAIT, "executable", ["<progname>", "arg0"], env)  # $SystemCommandExecution_getCommand="executable"
-os.spawnvp(os.P_WAIT, "executable", ["<progname>", "arg0"])  # $SystemCommandExecution_getCommand="executable"
-os.spawnvpe(os.P_WAIT, "executable", ["<progname>", "arg0"], env)  # $SystemCommandExecution_getCommand="executable"
+os.spawnl(os.P_WAIT, "executable", "<progname>", "arg0")  # $getCommand="executable"
+os.spawnle(os.P_WAIT, "executable", "<progname>", "arg0", env)  # $getCommand="executable"
+os.spawnlp(os.P_WAIT, "executable", "<progname>", "arg0")  # $getCommand="executable"
+os.spawnlpe(os.P_WAIT, "executable", "<progname>", "arg0", env)  # $getCommand="executable"
+os.spawnv(os.P_WAIT, "executable", ["<progname>", "arg0"])  # $getCommand="executable"
+os.spawnve(os.P_WAIT, "executable", ["<progname>", "arg0"], env)  # $getCommand="executable"
+os.spawnvp(os.P_WAIT, "executable", ["<progname>", "arg0"])  # $getCommand="executable"
+os.spawnvpe(os.P_WAIT, "executable", ["<progname>", "arg0"], env)  # $getCommand="executable"
 
 # Added in Python 3.8
-os.posix_spawn("executable", ["<progname>", "arg0"], env)  # $SystemCommandExecution_getCommand="executable"
-os.posix_spawnp("executable", ["<progname>", "arg0"], env)  # $SystemCommandExecution_getCommand="executable"
+os.posix_spawn("executable", ["<progname>", "arg0"], env)  # $getCommand="executable"
+os.posix_spawnp("executable", ["<progname>", "arg0"], env)  # $getCommand="executable"
 
 ########################################
 
 import subprocess
 
-subprocess.Popen("cmd1; cmd2", shell=True)  # $SystemCommandExecution_getCommand="cmd1; cmd2"
-subprocess.Popen("cmd1; cmd2", shell="truthy string")  # $SystemCommandExecution_getCommand="cmd1; cmd2"
-subprocess.Popen(["cmd1; cmd2", "shell-arg"], shell=True)  # $SystemCommandExecution_getCommand="cmd1; cmd2"
-subprocess.Popen("cmd1; cmd2", shell=True, executable="/bin/bash")  # $SystemCommandExecution_getCommand="cmd1; cmd2" $SystemCommandExecution_getCommand="/bin/bash"
+subprocess.Popen("cmd1; cmd2", shell=True)  # $getCommand="cmd1; cmd2"
+subprocess.Popen("cmd1; cmd2", shell="truthy string")  # $getCommand="cmd1; cmd2"
+subprocess.Popen(["cmd1; cmd2", "shell-arg"], shell=True)  # $getCommand="cmd1; cmd2"
+subprocess.Popen("cmd1; cmd2", shell=True, executable="/bin/bash")  # $getCommand="cmd1; cmd2" $getCommand="/bin/bash"
 
-subprocess.Popen("executable")  # $SystemCommandExecution_getCommand="executable"
-subprocess.Popen(["executable", "arg0"])  # $SystemCommandExecution_getCommand="executable"
-subprocess.Popen("<progname>", executable="executable")  # $SystemCommandExecution_getCommand="executable"
-subprocess.Popen(["<progname>", "arg0"], executable="executable")  # $SystemCommandExecution_getCommand="executable"
+subprocess.Popen("executable")  # $getCommand="executable"
+subprocess.Popen(["executable", "arg0"])  # $getCommand="executable"
+subprocess.Popen("<progname>", executable="executable")  # $getCommand="executable"
+subprocess.Popen(["<progname>", "arg0"], executable="executable")  # $getCommand="executable"
 
 # call/check_call/check_output/run all work like Popen from a command execution point of view
-subprocess.call(["executable", "arg0"])  # $SystemCommandExecution_getCommand="executable"
-subprocess.check_call(["executable", "arg0"])  # $SystemCommandExecution_getCommand="executable"
-subprocess.check_output(["executable", "arg0"])  # $SystemCommandExecution_getCommand="executable"
-subprocess.run(["executable", "arg0"])  # $SystemCommandExecution_getCommand="executable"
+subprocess.call(["executable", "arg0"])  # $getCommand="executable"
+subprocess.check_call(["executable", "arg0"])  # $getCommand="executable"
+subprocess.check_output(["executable", "arg0"])  # $getCommand="executable"
+subprocess.run(["executable", "arg0"])  # $getCommand="executable"
 
 
 ########################################
 # actively using known shell as the executable
 
-subprocess.Popen(["/bin/sh", "-c", "vuln"])  # $SystemCommandExecution_getCommand="/bin/sh" $f-:SystemCommandExecution_getCommand="vuln"
-subprocess.Popen(["/bin/bash", "-c", "vuln"])  # $SystemCommandExecution_getCommand="/bin/bash" $f-:SystemCommandExecution_getCommand="vuln"
-subprocess.Popen(["/bin/dash", "-c", "vuln"])  # $SystemCommandExecution_getCommand="/bin/dash" $f-:SystemCommandExecution_getCommand="vuln"
-subprocess.Popen(["/bin/zsh", "-c", "vuln"])  # $SystemCommandExecution_getCommand="/bin/zsh" $f-:SystemCommandExecution_getCommand="vuln"
+subprocess.Popen(["/bin/sh", "-c", "vuln"])  # $getCommand="/bin/sh" $f-:getCommand="vuln"
+subprocess.Popen(["/bin/bash", "-c", "vuln"])  # $getCommand="/bin/bash" $f-:getCommand="vuln"
+subprocess.Popen(["/bin/dash", "-c", "vuln"])  # $getCommand="/bin/dash" $f-:getCommand="vuln"
+subprocess.Popen(["/bin/zsh", "-c", "vuln"])  # $getCommand="/bin/zsh" $f-:getCommand="vuln"
 
-subprocess.Popen(["sh", "-c", "vuln"])  # $SystemCommandExecution_getCommand="sh" $f-:SystemCommandExecution_getCommand="vuln"
-subprocess.Popen(["bash", "-c", "vuln"])  # $SystemCommandExecution_getCommand="bash" $f-:SystemCommandExecution_getCommand="vuln"
-subprocess.Popen(["dash", "-c", "vuln"])  # $SystemCommandExecution_getCommand="dash" $f-:SystemCommandExecution_getCommand="vuln"
-subprocess.Popen(["zsh", "-c", "vuln"])  # $SystemCommandExecution_getCommand="zsh" $f-:SystemCommandExecution_getCommand="vuln"
+subprocess.Popen(["sh", "-c", "vuln"])  # $getCommand="sh" $f-:getCommand="vuln"
+subprocess.Popen(["bash", "-c", "vuln"])  # $getCommand="bash" $f-:getCommand="vuln"
+subprocess.Popen(["dash", "-c", "vuln"])  # $getCommand="dash" $f-:getCommand="vuln"
+subprocess.Popen(["zsh", "-c", "vuln"])  # $getCommand="zsh" $f-:getCommand="vuln"
 
 # Check that we don't consider ANY argument a command injection sink
-subprocess.Popen(["sh", "/bin/python"])  # $SystemCommandExecution_getCommand="sh"
+subprocess.Popen(["sh", "/bin/python"])  # $getCommand="sh"
 
-subprocess.Popen(["cmd.exe", "/c", "vuln"])  # $SystemCommandExecution_getCommand="cmd.exe" $f-:SystemCommandExecution_getCommand="vuln"
-subprocess.Popen(["cmd.exe", "/C", "vuln"])  # $SystemCommandExecution_getCommand="cmd.exe" $f-:SystemCommandExecution_getCommand="vuln"
-subprocess.Popen(["cmd", "/c", "vuln"])  # $SystemCommandExecution_getCommand="cmd" $f-:SystemCommandExecution_getCommand="vuln"
-subprocess.Popen(["cmd", "/C", "vuln"])  # $SystemCommandExecution_getCommand="cmd" $f-:SystemCommandExecution_getCommand="vuln"
+subprocess.Popen(["cmd.exe", "/c", "vuln"])  # $getCommand="cmd.exe" $f-:getCommand="vuln"
+subprocess.Popen(["cmd.exe", "/C", "vuln"])  # $getCommand="cmd.exe" $f-:getCommand="vuln"
+subprocess.Popen(["cmd", "/c", "vuln"])  # $getCommand="cmd" $f-:getCommand="vuln"
+subprocess.Popen(["cmd", "/C", "vuln"])  # $getCommand="cmd" $f-:getCommand="vuln"
 
-subprocess.Popen(["<progname>", "-c", "vuln"], executable="/bin/bash")  # $SystemCommandExecution_getCommand="/bin/bash" $f-:SystemCommandExecution_getCommand="vuln"
+subprocess.Popen(["<progname>", "-c", "vuln"], executable="/bin/bash")  # $getCommand="/bin/bash" $f-:getCommand="vuln"
 
 if UNKNOWN:
-    os.execl("/bin/sh", "<progname>", "-c", "vuln")  # $SystemCommandExecution_getCommand="/bin/sh" $f-:SystemCommandExecution_getCommand="vuln"
+    os.execl("/bin/sh", "<progname>", "-c", "vuln")  # $getCommand="/bin/sh" $f-:getCommand="vuln"
 
-os.spawnl(os.P_WAIT, "/bin/sh", "<progname>", "-c", "vuln")  # $SystemCommandExecution_getCommand="/bin/sh" $f-:SystemCommandExecution_getCommand="vuln"
+os.spawnl(os.P_WAIT, "/bin/sh", "<progname>", "-c", "vuln")  # $getCommand="/bin/sh" $f-:getCommand="vuln"
 
 
 ########################################
 # Passing arguments by reference
 
 args = ["/bin/sh", "-c", "vuln"]
-subprocess.Popen(args)  # $SystemCommandExecution_getCommand=args
+subprocess.Popen(args)  # $getCommand=args
 
 args = "<progname>"
 use_shell = False
 exe = "executable"
-subprocess.Popen(args, shell=use_shell, executable=exe)  # $f+:SystemCommandExecution_getCommand=args $SystemCommandExecution_getCommand=exe
+subprocess.Popen(args, shell=use_shell, executable=exe)  # $f+:getCommand=args $getCommand=exe
 
 
 ################################################################################
diff --git a/python/ql/test/experimental/meta/ConceptsTest.qll b/python/ql/test/experimental/meta/ConceptsTest.qll
@@ -19,7 +19,7 @@ string value_from_expr(Expr e) {
 class SystemCommandExecutionTest extends InlineExpectationsTest {
   SystemCommandExecutionTest() { this = "SystemCommandExecutionTest" }
 
-  override string getARelevantTag() { result = "SystemCommandExecution_getCommand" }
+  override string getARelevantTag() { result = "getCommand" }
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     exists(SystemCommandExecution sce, DataFlow::Node command |
@@ -28,7 +28,7 @@ class SystemCommandExecutionTest extends InlineExpectationsTest {
       location = command.getLocation() and
       element = command.toString() and
       value = value_from_expr(command.asExpr()) and
-      tag = "SystemCommandExecution_getCommand"
+      tag = "getCommand"
     )
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ string value_from_expr(Expr e) {`
`19`	`19`	`class SystemCommandExecutionTest extends InlineExpectationsTest {`
`20`	`20`	`SystemCommandExecutionTest() { this = "SystemCommandExecutionTest" }`
`21`	`21`
`22`		`- override string getARelevantTag() { result = "SystemCommandExecution_getCommand" }`
	`22`	`+ override string getARelevantTag() { result = "getCommand" }`
`23`	`23`
`24`	`24`	`override predicate hasActualResult(Location location, string element, string tag, string value) {`
`25`	`25`	`exists(SystemCommandExecution sce, DataFlow::Node command \|`
`@@ -28,7 +28,7 @@ class SystemCommandExecutionTest extends InlineExpectationsTest {`
`28`	`28`	`location = command.getLocation() and`
`29`	`29`	`element = command.toString() and`
`30`	`30`	`value = value_from_expr(command.asExpr()) and`
`31`		`- tag = "SystemCommandExecution_getCommand"`
	`31`	`+ tag = "getCommand"`
`32`	`32`	`)`
`33`	`33`	`}`
`34`	`34`	`}`