(fixtures, fuzzy_rule_match)
| 50 | |
| 51 | |
| 52 | def test_flask_app(fixtures, fuzzy_rule_match): |
| 53 | output = fixtures.scan_test_file('flask_app.py') |
| 54 | assert len(output['detections']) > 0, output |
| 55 | |
| 56 | # TODO: also perhaps 24? `eval(self.code)` |
| 57 | # TODO: cover the case at vuln5:72 |
| 58 | lines = [17, 34, 36, 45, 53, 61, 88] |
| 59 | |
| 60 | matches = [ |
| 61 | { |
| 62 | 'type': 'TaintAnomaly', |
| 63 | 'line_no': x, |
| 64 | 'message': 'Tainted input is passed to the sink' |
| 65 | } for x in lines |
| 66 | ] |
| 67 | |
| 68 | output_line_nos = {x['line_no'] for x in output['detections']} - set(lines) |
| 69 | |
| 70 | for x in matches: |
| 71 | assert any(fuzzy_rule_match(h, x) for h in output['detections']), (output_line_nos, x) |
| 72 | |
| 73 | excluded = [105, 111] |
| 74 | for hit in output['detections']: |
| 75 | if hit.get('type') != 'TaintAnomaly': |
| 76 | continue |
| 77 | |
| 78 | assert hit.get('line_no') not in excluded, hit |
| 79 | |
| 80 | |
| 81 | def test_taint_log_flask_app(fixtures, fuzzy_rule_match): |
nothing calls this directly
no test coverage detected