From 7854cb45f35481278e11cb7726422fcb51da3c0b Mon Sep 17 00:00:00 2001 From: Kevin Hock Date: Wed, 13 Jun 2018 19:16:22 -0700 Subject: [PATCH] [flake8] Just fix flake8 errors for PR #114 --- pyt/__main__.py | 2 +- pyt/cfg/stmt_visitor.py | 2 +- pyt/core/ast_helper.py | 2 +- pyt/core/project_handler.py | 20 ++- .../reaching_definitions_taint_test.py | 62 +++++--- tests/cfg/cfg_test.py | 147 +++++++++++------- .../vulnerabilities_across_files_test.py | 7 +- tests/vulnerabilities/vulnerabilities_test.py | 42 ++--- 8 files changed, 175 insertions(+), 109 deletions(-) diff --git a/pyt/__main__.py b/pyt/__main__.py index b2302113..52275da6 100644 --- a/pyt/__main__.py +++ b/pyt/__main__.py @@ -30,7 +30,7 @@ ) -def main(command_line_args=sys.argv[1:]): +def main(command_line_args=sys.argv[1:]): # noqa: C901 args = parse_args(command_line_args) ui_mode = UImode.NORMAL diff --git a/pyt/cfg/stmt_visitor.py b/pyt/cfg/stmt_visitor.py index 06a985e5..c10548c0 100644 --- a/pyt/cfg/stmt_visitor.py +++ b/pyt/cfg/stmt_visitor.py @@ -717,7 +717,7 @@ def append_node(self, node): self.nodes.append(node) return node - def add_module( + def add_module( # noqa: C901 self, module, module_or_package_name, diff --git a/pyt/core/ast_helper.py b/pyt/core/ast_helper.py index e741ac50..17013128 100644 --- a/pyt/core/ast_helper.py +++ b/pyt/core/ast_helper.py @@ -15,7 +15,7 @@ def convert_to_3(path): # pragma: no cover try: print('##### Trying to convert file to Python 3. #####') subprocess.call(['2to3', '-w', path]) - except: + except subprocess.SubprocessError: print('Check if 2to3 is installed. ' 'https://docs.python.org/2/library/2to3.html') exit(1) diff --git a/pyt/core/project_handler.py b/pyt/core/project_handler.py index 7d50b1e8..4a16ff96 100644 --- a/pyt/core/project_handler.py +++ b/pyt/core/project_handler.py @@ -40,12 +40,26 @@ def get_modules(path): for root, directories, filenames in os.walk(path): for filename in filenames: if is_python_file(filename): - directory = os.path.dirname(os.path.realpath(os.path.join(root, filename))).split(module_root)[-1].replace(os.sep, '.') + directory = os.path.dirname( + os.path.realpath( + os.path.join( + root, + filename + ) + ) + ).split(module_root)[-1].replace( + os.sep, # e.g. '/' + '.' + ) directory = directory.replace('.', '', 1) if directory: - modules.append(('.'.join((module_root, directory, filename.replace('.py', ''))), os.path.join(root, filename))) + modules.append( + ('.'.join((module_root, directory, filename.replace('.py', ''))), os.path.join(root, filename)) + ) else: - modules.append(('.'.join((module_root, filename.replace('.py', ''))), os.path.join(root, filename))) + modules.append( + ('.'.join((module_root, filename.replace('.py', ''))), os.path.join(root, filename)) + ) return modules diff --git a/tests/analysis/reaching_definitions_taint_test.py b/tests/analysis/reaching_definitions_taint_test.py index 20f50b5a..3c34508c 100644 --- a/tests/analysis/reaching_definitions_taint_test.py +++ b/tests/analysis/reaching_definitions_taint_test.py @@ -13,8 +13,10 @@ def test_linear_program(self): "Label: ~call_1 = ret_input(): Label: ~call_1 = ret_input()", "Label: x = ~call_1: Label: x = ~call_1, Label: ~call_1 = ret_input()", "Label: y = x - 1: Label: y = x - 1, Label: x = ~call_1, Label: ~call_1 = ret_input()", - "Label: ~call_2 = ret_print(x): Label: ~call_2 = ret_print(x), Label: y = x - 1, Label: x = ~call_1, Label: ~call_1 = ret_input()", - "Label: Exit module: Label: ~call_2 = ret_print(x), Label: y = x - 1, Label: x = ~call_1, Label: ~call_1 = ret_input()" + """Label: ~call_2 = ret_print(x): Label: ~call_2 = ret_print(x), Label: y = x - 1, + Label: x = ~call_1, Label: ~call_1 = ret_input()""", + """Label: Exit module: Label: ~call_2 = ret_print(x), Label: y = x - 1, Label: x = ~call_1, + Label: ~call_1 = ret_input()""" ] i = 0 for k, v in constraint_table.items(): @@ -31,8 +33,10 @@ def test_if_program(self): "Label: x = ~call_1: Label: x = ~call_1, Label: ~call_1 = ret_input()", "Label: if x > 0:: Label: x = ~call_1, Label: ~call_1 = ret_input()", "Label: y = x + 1: Label: y = x + 1, Label: x = ~call_1, Label: ~call_1 = ret_input()", - "Label: ~call_2 = ret_print(x): Label: ~call_2 = ret_print(x), Label: y = x + 1, Label: x = ~call_1, Label: ~call_1 = ret_input()", - "Label: Exit module: Label: ~call_2 = ret_print(x), Label: y = x + 1, Label: x = ~call_1, Label: ~call_1 = ret_input()" + """Label: ~call_2 = ret_print(x): Label: ~call_2 = ret_print(x), Label: y = x + 1, + Label: x = ~call_1, Label: ~call_1 = ret_input()""", + """Label: Exit module: Label: ~call_2 = ret_print(x), Label: y = x + 1, Label: x = ~call_1, + Label: ~call_1 = ret_input()""" ] i = 0 for k, v in constraint_table.items(): @@ -49,16 +53,28 @@ def test_example(self): "Label: x = ~call_1: Label: x = ~call_1, Label: ~call_1 = ret_input()", "Label: ~call_2 = ret_int(x): Label: ~call_2 = ret_int(x), Label: x = ~call_1, Label: ~call_1 = ret_input()", "Label: x = ~call_2: Label: x = ~call_2, Label: ~call_2 = ret_int(x), Label: ~call_1 = ret_input()", - "Label: while x > 1:: Label: z = z - 1, Label: x = x / 2, Label: z = x - 4, Label: x = x - y, Label: y = x / 2, Label: x = ~call_2, Label: ~call_2 = ret_int(x), Label: ~call_1 = ret_input()", - "Label: y = x / 2: Label: z = z - 1, Label: x = x / 2, Label: z = x - 4, Label: x = x - y, Label: y = x / 2, Label: x = ~call_2, Label: ~call_2 = ret_int(x), Label: ~call_1 = ret_input()", - "Label: if y > 3:: Label: z = z - 1, Label: x = x / 2, Label: z = x - 4, Label: x = x - y, Label: y = x / 2, Label: x = ~call_2, Label: ~call_2 = ret_int(x), Label: ~call_1 = ret_input()", - "Label: x = x - y: Label: z = z - 1, Label: x = x / 2, Label: z = x - 4, Label: x = x - y, Label: y = x / 2, Label: x = ~call_2, Label: ~call_2 = ret_int(x), Label: ~call_1 = ret_input()", - "Label: z = x - 4: Label: x = x / 2, Label: z = x - 4, Label: x = x - y, Label: y = x / 2, Label: x = ~call_2, Label: ~call_2 = ret_int(x), Label: ~call_1 = ret_input()", - "Label: if z > 0:: Label: x = x / 2, Label: z = x - 4, Label: x = x - y, Label: y = x / 2, Label: x = ~call_2, Label: ~call_2 = ret_int(x), Label: ~call_1 = ret_input()", - "Label: x = x / 2: Label: x = x / 2, Label: z = x - 4, Label: x = x - y, Label: y = x / 2, Label: x = ~call_2, Label: ~call_2 = ret_int(x), Label: ~call_1 = ret_input()", - "Label: z = z - 1: Label: z = z - 1, Label: x = x / 2, Label: z = x - 4, Label: x = x - y, Label: y = x / 2, Label: x = ~call_2, Label: ~call_2 = ret_int(x), Label: ~call_1 = ret_input()", - "Label: ~call_3 = ret_print(x): Label: ~call_3 = ret_print(x), Label: z = z - 1, Label: x = x / 2, Label: z = x - 4, Label: x = x - y, Label: y = x / 2, Label: x = ~call_2, Label: ~call_2 = ret_int(x), Label: ~call_1 = ret_input()", - "Label: Exit module: Label: ~call_3 = ret_print(x), Label: z = z - 1, Label: x = x / 2, Label: z = x - 4, Label: x = x - y, Label: y = x / 2, Label: x = ~call_2, Label: ~call_2 = ret_int(x), Label: ~call_1 = ret_input()" + """Label: while x > 1:: Label: z = z - 1, Label: x = x / 2, Label: z = x - 4, Label: x = x - y, Label: y = x / 2, + Label: x = ~call_2, Label: ~call_2 = ret_int(x), Label: ~call_1 = ret_input()""", + """Label: y = x / 2: Label: z = z - 1, Label: x = x / 2, Label: z = x - 4, Label: x = x - y, Label: y = x / 2, + Label: x = ~call_2, Label: ~call_2 = ret_int(x), Label: ~call_1 = ret_input()""", + """Label: if y > 3:: Label: z = z - 1, Label: x = x / 2, Label: z = x - 4, Label: x = x - y, Label: y = x / 2, + Label: x = ~call_2, Label: ~call_2 = ret_int(x), Label: ~call_1 = ret_input()""", + """Label: x = x - y: Label: z = z - 1, Label: x = x / 2, Label: z = x - 4, Label: x = x - y, Label: y = x / 2, + Label: x = ~call_2, Label: ~call_2 = ret_int(x), Label: ~call_1 = ret_input()""", + """Label: z = x - 4: Label: x = x / 2, Label: z = x - 4, Label: x = x - y, Label: y = x / 2, Label: x = ~call_2, + Label: ~call_2 = ret_int(x), Label: ~call_1 = ret_input()""", + """Label: if z > 0:: Label: x = x / 2, Label: z = x - 4, Label: x = x - y, Label: y = x / 2, Label: x = ~call_2, + Label: ~call_2 = ret_int(x), Label: ~call_1 = ret_input()""", + """Label: x = x / 2: Label: x = x / 2, Label: z = x - 4, Label: x = x - y, Label: y = x / 2, Label: x = ~call_2, + Label: ~call_2 = ret_int(x), Label: ~call_1 = ret_input()""", + """Label: z = z - 1: Label: z = z - 1, Label: x = x / 2, Label: z = x - 4, Label: x = x - y, Label: y = x / 2, + Label: x = ~call_2, Label: ~call_2 = ret_int(x), Label: ~call_1 = ret_input()""", + """Label: ~call_3 = ret_print(x): Label: ~call_3 = ret_print(x), Label: z = z - 1, Label: x = x / 2, Label: z = x - 4, + Label: x = x - y, Label: y = x / 2, Label: x = ~call_2, Label: ~call_2 = ret_int(x), + Label: ~call_1 = ret_input()""", + """Label: Exit module: Label: ~call_3 = ret_print(x), Label: z = z - 1, Label: x = x / 2, Label: z = x - 4, + Label: x = x - y, Label: y = x / 2, Label: x = ~call_2, Label: ~call_2 = ret_int(x), + Label: ~call_1 = ret_input()""" ] i = 0 for k, v in constraint_table.items(): @@ -88,13 +104,19 @@ def test_while(self): "Label: ~call_2 = ret_input(): Label: ~call_2 = ret_input()", "Label: ~call_1 = ret_int(~call_2): Label: ~call_1 = ret_int(~call_2), Label: ~call_2 = ret_input()", "Label: x = ~call_1: Label: x = ~call_1, Label: ~call_1 = ret_int(~call_2), Label: ~call_2 = ret_input()", - "Label: while x < 10:: Label: x = x + 1, Label: x = ~call_1, Label: ~call_1 = ret_int(~call_2), Label: ~call_2 = ret_input(", - "Label: x = x + 1: Label: x = x + 1, Label: x = ~call_1, Label: ~call_1 = ret_int(~call_2), Label: ~call_2 = ret_input()", - "Label: if x == 5:: Label: x = x + 1, Label: x = ~call_1, Label: ~call_1 = ret_int(~call_2), Label: ~call_2 = ret_input()", - "Label: BreakNode: Label: x = x + 1, Label: x = ~call_1, Label: ~call_1 = ret_int(~call_2), Label: ~call_2 = ret_input()", + """Label: while x < 10:: Label: x = x + 1, Label: x = ~call_1, Label: ~call_1 = ret_int(~call_2), + Label: ~call_2 = ret_input(""", + """Label: x = x + 1: Label: x = x + 1, Label: x = ~call_1, Label: ~call_1 = ret_int(~call_2), + Label: ~call_2 = ret_input()""", + """Label: if x == 5:: Label: x = x + 1, Label: x = ~call_1, Label: ~call_1 = ret_int(~call_2), + Label: ~call_2 = ret_input()""", + """Label: BreakNode: Label: x = x + 1, Label: x = ~call_1, Label: ~call_1 = ret_int(~call_2), + Label: ~call_2 = ret_input()""", "Label: x = 6: Label: x = 6, Label: ~call_1 = ret_int(~call_2), Label: ~call_2 = ret_input()", - "Label: ~call_3 = ret_print(x): Label: ~call_3 = ret_print(x), Label: x = 6, Label: x = x + 1, Label: x = ~call_1, Label: ~call_1 = ret_int(~call_2), Label: ~call_2 = ret_input()", - "Label: Exit module: Label: ~call_3 = ret_print(x), Label: x = 6, Label: x = x + 1, Label: x = ~call_1, Label: ~call_1 = ret_int(~call_2), Label: ~call_2 = ret_input()" + """Label: ~call_3 = ret_print(x): Label: ~call_3 = ret_print(x), Label: x = 6, Label: x = x + 1, + Label: x = ~call_1, Label: ~call_1 = ret_int(~call_2), Label: ~call_2 = ret_input()""", + """Label: Exit module: Label: ~call_3 = ret_print(x), Label: x = 6, Label: x = x + 1, Label: x = ~call_1, + Label: ~call_1 = ret_int(~call_2), Label: ~call_2 = ret_input()""" ] i = 0 for k, v in constraint_table.items(): diff --git a/tests/cfg/cfg_test.py b/tests/cfg/cfg_test.py index f4862487..a42ac4e0 100644 --- a/tests/cfg/cfg_test.py +++ b/tests/cfg/cfg_test.py @@ -82,14 +82,16 @@ def test_for_complete(self): self.assertEqual(self.cfg.nodes[else_body_2].label, '~call_3 = ret_print(y)') self.assertEqual(self.cfg.nodes[next_node].label, 'x = 3') - self.assertInCfg([(for_node, entry), - (body_1, for_node), - (else_body_1, for_node), - (body_2, body_1), - (for_node, body_2), - (else_body_2, else_body_1), - (next_node, else_body_2), - (exit_node, next_node)]) + self.assertInCfg([ + (for_node, entry), + (body_1, for_node), + (else_body_1, for_node), + (body_2, body_1), + (for_node, body_2), + (else_body_2, else_body_1), + (next_node, else_body_2), + (exit_node, next_node) + ]) def test_for_no_orelse(self): self.cfg_create_from_file('examples/example_inputs/for_no_orelse.py') @@ -105,7 +107,14 @@ def test_for_no_orelse(self): next_node = 4 exit_node = 5 - self.assertInCfg([(for_node, entry), (body_1, for_node), (body_2, body_1), (for_node, body_2), (next_node, for_node), (exit_node, next_node)]) + self.assertInCfg([ + (for_node, entry), + (body_1, for_node), + (body_2, body_1), + (for_node, body_2), + (next_node, for_node), + (exit_node, next_node) + ]) def test_for_tuple_target(self): self.cfg_create_from_file('examples/example_inputs/for_tuple_target.py') @@ -307,7 +316,7 @@ def test_try_orelse_with_no_variables_to_save_and_no_args(self): self.nodes = self.cfg_list_to_dict(self.cfg.nodes) self.assert_length(self.cfg.nodes, expected_length=13) - + entry = 0 try_ = 1 print_a5 = 2 @@ -323,21 +332,21 @@ def test_try_orelse_with_no_variables_to_save_and_no_args(self): _exit = 12 self.assertInCfg([ - self.connected(entry, try_), - self.connected(try_, print_a5), - self.connected(print_a5, except_im), - self.connected(print_a5, function_entry), - self.connected(print_a5, print_good), - self.connected(except_im, print_wagyu), - self.connected(print_wagyu, print_good), - self.connected(function_entry, ret_subprocess_call), - self.connected(ret_subprocess_call, ret_does_this_kill_us_4), - self.connected(ret_does_this_kill_us_4, exit_does_this_kill_us), - self.connected(exit_does_this_kill_us, ret_does_this_kill_us_3), - self.connected(ret_does_this_kill_us_3, print_so), - self.connected(print_so, print_good), - self.connected(print_good, _exit) - ]) + self.connected(entry, try_), + self.connected(try_, print_a5), + self.connected(print_a5, except_im), + self.connected(print_a5, function_entry), + self.connected(print_a5, print_good), + self.connected(except_im, print_wagyu), + self.connected(print_wagyu, print_good), + self.connected(function_entry, ret_subprocess_call), + self.connected(ret_subprocess_call, ret_does_this_kill_us_4), + self.connected(ret_does_this_kill_us_4, exit_does_this_kill_us), + self.connected(exit_does_this_kill_us, ret_does_this_kill_us_3), + self.connected(ret_does_this_kill_us_3, print_so), + self.connected(print_so, print_good), + self.connected(print_good, _exit) + ]) def test_final(self): self.cfg_create_from_file('examples/example_inputs/try_final.py') @@ -354,15 +363,17 @@ def test_final(self): print_final = 5 _exit = 6 - self.assertInCfg([self.connected(entry, try_), - self.connected(try_, try_body), - self.connected(try_body, except_im), - self.connected(try_body, print_final), - self.connected(try_body, _exit), - self.connected(except_im, except_im_body_1), - self.connected(except_im_body_1, _exit), - self.connected(except_im_body_1, print_final), - self.connected(print_final, _exit)]) + self.assertInCfg([ + self.connected(entry, try_), + self.connected(try_, try_body), + self.connected(try_body, except_im), + self.connected(try_body, print_final), + self.connected(try_body, _exit), + self.connected(except_im, except_im_body_1), + self.connected(except_im_body_1, _exit), + self.connected(except_im_body_1, print_final), + self.connected(print_final, _exit) + ]) class CFGIfTest(CFGBaseTestCase): @@ -714,10 +725,8 @@ def test_multiple_assignment(self): self.assert_length(self.cfg.nodes, expected_length=4) - # start_node = self.cfg.nodes[0] assign_y = self.cfg.nodes[1] assign_x = self.cfg.nodes[2] - # exit_node = self.cfg.nodes[-1] self.assertEqual(assign_x.label, 'x = 5') self.assertEqual(assign_y.label, 'y = 5') @@ -731,9 +740,13 @@ def test_assign_list_comprehension(self): call = self.cfg.nodes[1] self.assertEqual(call.label, "~call_1 = ret_''.join((x.n for x in range(16)))") - l = zip(range(1, length), range(length)) - - self.assertInCfg(list(l)) + self.assertInCfg( + list( + zip( + range(1, length), range(length) + ) + ) + ) def test_assignment_tuple_value(self): self.cfg_create_from_file('examples/example_inputs/assignment_tuple_value.py') @@ -742,7 +755,6 @@ def test_assignment_tuple_value(self): start_node = 0 node = 1 exit_node = 2 - # print(self.cfg) self.assertInCfg([(node, start_node), (exit_node, node)]) @@ -867,19 +879,21 @@ def test_function_parameters(self): restore_actual_y = 12 _exit = 13 - self.assertInCfg([self.connected(entry, input_call), - self.connected(input_call, y_assignment), - self.connected(y_assignment, save_y), - self.connected(save_y, save_actual_y), - self.connected(save_actual_y, bar_local_y), - self.connected(bar_local_y, entry_bar), - self.connected(entry_bar, another_input_call), - self.connected(another_input_call, bar_y_assignment), - self.connected(bar_y_assignment, bar_print_y), - self.connected(bar_print_y, bar_print_x), - self.connected(bar_print_x, exit_bar), - self.connected(exit_bar, restore_actual_y), - self.connected(restore_actual_y, _exit)]) + self.assertInCfg([ + self.connected(entry, input_call), + self.connected(input_call, y_assignment), + self.connected(y_assignment, save_y), + self.connected(save_y, save_actual_y), + self.connected(save_actual_y, bar_local_y), + self.connected(bar_local_y, entry_bar), + self.connected(entry_bar, another_input_call), + self.connected(another_input_call, bar_y_assignment), + self.connected(bar_y_assignment, bar_print_y), + self.connected(bar_print_y, bar_print_x), + self.connected(bar_print_x, exit_bar), + self.connected(exit_bar, restore_actual_y), + self.connected(restore_actual_y, _exit) + ]) def test_function_with_return(self): path = 'examples/example_inputs/simple_function_with_return.py' @@ -887,8 +901,13 @@ def test_function_with_return(self): self.assert_length(self.cfg.nodes, expected_length=19) - l = zip(range(1, len(self.cfg.nodes)), range(len(self.cfg.nodes))) - self.assertInCfg(list(l)) + self.assertInCfg( + list( + zip( + range(1, len(self.cfg.nodes)), range(len(self.cfg.nodes)) + ) + ) + ) def test_function_multiple_return(self): path = 'examples/example_inputs/function_with_multiple_return.py' @@ -1238,9 +1257,14 @@ def test_multiple_parameters(self): length = len(self.cfg.nodes) self.assertEqual(length, 21) - l = zip(range(1, length), range(length)) - self.assertInCfg(list(l)) + self.assertInCfg( + list( + zip( + range(1, length), range(length) + ) + ) + ) def test_call_on_call(self): path = 'examples/example_inputs/call_on_call.py' @@ -1258,8 +1282,13 @@ def test_call_with_attribute(self): call = self.cfg.nodes[2] self.assertEqual(call.label, "~call_1 = ret_request.args.get('param', 'not set')") - l = zip(range(1, length), range(length)) - self.assertInCfg(list(l)) + self.assertInCfg( + list( + zip( + range(1, length), range(length) + ) + ) + ) def test_call_with_attribute_line_numbers(self): call = self.cfg.nodes[2] diff --git a/tests/vulnerabilities/vulnerabilities_across_files_test.py b/tests/vulnerabilities/vulnerabilities_across_files_test.py index d8bd3840..c0985723 100644 --- a/tests/vulnerabilities/vulnerabilities_across_files_test.py +++ b/tests/vulnerabilities/vulnerabilities_across_files_test.py @@ -56,7 +56,7 @@ def test_find_vulnerabilities_absolute_from_file_command_injection_2(self): self.assert_length(vulnerabilities, expected_length=1) def test_no_false_positive_absolute_from_file_command_injection_3(self): - vulnerabilities = self.run_analysis('examples/vulnerable_code_across_files/no_false_positive_absolute_from_file_command_injection_3.py') + vulnerabilities = self.run_analysis('examples/vulnerable_code_across_files/no_false_positive_absolute_from_file_command_injection_3.py') # noqa: E501 self.assert_length(vulnerabilities, expected_length=0) def test_blackbox_library_call(self): @@ -79,7 +79,8 @@ def test_blackbox_library_call(self): File: examples/vulnerable_code_across_files/blackbox_library_call.py > reaches line 17, sink "subprocess.call(": ~call_3 = ret_subprocess.call(hey, shell=True) - This vulnerability is unknown due to: Label: ~call_2 = ret_scrypt.encrypt('echo ' + param + ' >> ' + 'menu.txt', 'password') + This vulnerability is unknown due to: + Label: ~call_2 = ret_scrypt.encrypt('echo ' + param + ' >> ' + 'menu.txt', 'password') """ self.assertTrue(self.string_compare_alpha(vulnerability_description, EXPECTED_VULNERABILITY_DESCRIPTION)) @@ -295,5 +296,5 @@ def test_find_vulnerabilities_import_file_command_injection_2(self): self.assert_length(vulnerabilities, expected_length=1) def test_no_false_positive_import_file_command_injection_3(self): - vulnerabilities = self.run_analysis('examples/vulnerable_code_across_files/no_false_positive_import_file_command_injection_3.py') + vulnerabilities = self.run_analysis('examples/vulnerable_code_across_files/no_false_positive_import_file_command_injection_3.py') # noqa: E501 self.assert_length(vulnerabilities, expected_length=0) diff --git a/tests/vulnerabilities/vulnerabilities_test.py b/tests/vulnerabilities/vulnerabilities_test.py index 5e40a60f..4c0dd2eb 100644 --- a/tests/vulnerabilities/vulnerabilities_test.py +++ b/tests/vulnerabilities/vulnerabilities_test.py @@ -40,31 +40,31 @@ def test_parse(self): self.assert_length(definitions.sinks[1][1], expected_length=3) def test_parse_section(self): - l = list(trigger_definitions_parser.parse_section(iter(['get']))) - self.assert_length(l, expected_length=1) - self.assertEqual(l[0][0], 'get') - self.assertEqual(l[0][1], list()) - - l = list(trigger_definitions_parser.parse_section(iter(['get', 'get -> a, b, c d s aq a']))) - self.assert_length(l, expected_length=2) - self.assertEqual(l[0][0], 'get') - self.assertEqual(l[1][0], 'get') - self.assertEqual(l[1][1], ['a', 'b', 'c d s aq a']) - self.assert_length(l[1][1], expected_length=3) + list_ = list(trigger_definitions_parser.parse_section(iter(['get']))) + self.assert_length(list_, expected_length=1) + self.assertEqual(list_[0][0], 'get') + self.assertEqual(list_[0][1], list()) + + list_ = list(trigger_definitions_parser.parse_section(iter(['get', 'get -> a, b, c d s aq a']))) + self.assert_length(list_, expected_length=2) + self.assertEqual(list_[0][0], 'get') + self.assertEqual(list_[1][0], 'get') + self.assertEqual(list_[1][1], ['a', 'b', 'c d s aq a']) + self.assert_length(list_[1][1], expected_length=3) def test_label_contains(self): cfg_node = Node('label', None, line_number=None, path=None) trigger_words = [('get', [])] - l = list(vulnerabilities.label_contains(cfg_node, trigger_words)) - self.assert_length(l, expected_length=0) + list_ = list(vulnerabilities.label_contains(cfg_node, trigger_words)) + self.assert_length(list_, expected_length=0) cfg_node = Node('request.get("stefan")', None, line_number=None, path=None) trigger_words = [('get', []), ('request', [])] - l = list(vulnerabilities.label_contains(cfg_node, trigger_words)) - self.assert_length(l, expected_length=2) + list_ = list(vulnerabilities.label_contains(cfg_node, trigger_words)) + self.assert_length(list_, expected_length=2) - trigger_node_1 = l[0] - trigger_node_2 = l[1] + trigger_node_1 = list_[0] + trigger_node_2 = list_[1] self.assertEqual(trigger_node_1.trigger_word, 'get') self.assertEqual(trigger_node_1.cfg_node, cfg_node) self.assertEqual(trigger_node_2.trigger_word, 'request') @@ -72,8 +72,8 @@ def test_label_contains(self): cfg_node = Node('request.get("stefan")', None, line_number=None, path=None) trigger_words = [('get', []), ('get', [])] - l = list(vulnerabilities.label_contains(cfg_node, trigger_words)) - self.assert_length(l, expected_length=2) + list_ = list(vulnerabilities.label_contains(cfg_node, trigger_words)) + self.assert_length(list_, expected_length=2) def test_find_triggers(self): self.cfg_create_from_file('examples/vulnerable_code/XSS.py') @@ -85,12 +85,12 @@ def test_find_triggers(self): XSS1 = cfg_list[1] trigger_words = [('get', [])] - l = vulnerabilities.find_triggers( + list_ = vulnerabilities.find_triggers( XSS1.nodes, trigger_words, nosec_lines=set() ) - self.assert_length(l, expected_length=1) + self.assert_length(list_, expected_length=1) def test_find_sanitiser_nodes(self): cfg_node = Node(None, None, line_number=None, path=None)