Reduce query tests with cases covered by concept tests

python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/flask_tests.py

@@ -14,46 +14,6 @@ def werkzeug_headers():
     response.headers = headers 
     return response
 
-
-@app.route("/flask_Response")
-def flask_Response():
-    rfs_header = request.args["rfs_header"]
-    response = Response()
-    response.headers['HeaderName'] = rfs_header # GOOD
-    response.headers[rfs_header] = "HeaderValue" # BAD
-    return response
-
-
-@app.route("/flask_make_response")
-def flask_make_response():
-    rfs_header = request.args["rfs_header"]
-    response = make_response("hello")
-    response.headers['HeaderName'] = rfs_header # GOOD
-    response.headers[rfs_header] = "HeaderValue" # BAD
-    return response
-
-
-@app.route("/flask_make_response_extend")
-def flask_make_response_extend():
-    rfs_header = request.args["rfs_header"]
-    resp = make_response("hello")
-    resp.headers.extend(
-        {'HeaderName': rfs_header}) # GOOD
-    resp.headers.extend(
-        {rfs_header: "HeaderValue"}) # BAD
-    return resp
-
-
-@app.route("/Response_arg")
-def Response_arg():
-    return Response(headers={'HeaderName': request.args["rfs_header"], request.args["rfs_header"]: "HeaderValue"}) # BAD
-
-@app.route("/flask_make_response_header_arg3")
-def flask_make_response_header_arg3():
-    rfs_header = request.args["rfs_header"]
-    resp = make_response("hello", 200, {request.args["rfs_header"]: "HeaderValue"}) # BAD
-    return resp
-
 @app.route("/flask_make_response_header_arg2")
 def flask_make_response_header_arg2():
     rfs_header = request.args["rfs_header"]
@@ -66,26 +26,14 @@ def flask_escaped():
     resp = make_response("hello", {rfs_header.replace("\n", ""): "HeaderValue"}) # GOOD - Newlines are removed from the input.
     return resp
 
-@app.route("/werkzeug_methods")
-def werkzeug_methods():
+@app.route("/flask_extend")
+def flask_extend():
     rfs_header = request.args["rfs_header"]
     response = Response()
-    headers = Headers()
-    headers.add(rfs_header, "HeaderValue") # BAD
-    headers.add_header(rfs_header, "HeaderValue") # BAD
-    headers.set(rfs_header, "HeaderValue") # BAD
-    headers.setdefault(rfs_header, "HeaderValue") # BAD
-    headers.__setitem__(rfs_header, "HeaderValue") # BAD
-    headers[rfs_header] = "HeaderValue" # BAD
     h1 = {rfs_header: "HeaderValue"}
-    headers.extend(h1) # BAD
+    response.headers.extend(h1) # BAD
     h2 = [(rfs_header, "HeaderValue")]
-    headers.extend(h2) # BAD
-    response.headers = headers 
-    h3 = {rfs_header: "HeaderValue"}
-    h4 = [(rfs_header, "HeaderValue")]
-    resp2 = make_response("hi", h3) # BAD
-    resp3 = make_response("hi", h4) # BAD
+    response.headers.extend(h2) # BAD
     return response
 
 # if __name__ == "__main__":

python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests1/wsgiref_tests.py

@@ -9,24 +9,7 @@ def test_app(environ, start_response):
     start_response(status, headers) # BAD
     return [b"Hello"]
 
-def test_app2(environ, start_response):
-    status = "200 OK"
-    h_name = environ["source_n"]
-    h_val = environ["source_v"]
-    headers = Headers([(h_name, "val"), ("name", h_val)]) # BAD
-    headers.add_header(h_name, h_val) # BAD
-    headers.setdefault(h_name, h_val) # BAD
-    headers.__setitem__(h_name, h_val) # BAD
-    headers[h_name] = h_val # BAD
-    start_response(status, headers)
-    return [b"Hello"]
-
 def main1():
     with make_server('', 8000, test_app) as httpd:
-        print("Serving on port 8000...")
-        httpd.serve_forever()
-
-def main2():
-    with make_server('', 8000, test_app2) as httpd:
         print("Serving on port 8000...")
         httpd.serve_forever()

python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests2/HeaderWriteTest.expected

@@ -1,17 +1,8 @@
 source
 | wsgiref_tests.py:5:14:5:20 | ControlFlowNode for environ |
-| wsgiref_tests.py:13:15:13:21 | ControlFlowNode for environ |
 sink
 headerWrite
-| wsgiref_tests.py:10:5:10:35 | ControlFlowNode for start_response() | wsgiref_tests.py:9:17:9:22 | ControlFlowNode for h_name | wsgiref_tests.py:9:25:9:29 | ControlFlowNode for Str | false | false |
+| wsgiref_tests.py:10:5:10:35 | ControlFlowNode for start_response() | wsgiref_tests.py:9:17:9:22 | ControlFlowNode for h_name | wsgiref_tests.py:9:25:9:29 | ControlFlowNode for StringLiteral | false | false |
 | wsgiref_tests.py:10:5:10:35 | ControlFlowNode for start_response() | wsgiref_tests.py:9:17:9:22 | ControlFlowNode for h_name | wsgiref_tests.py:9:42:9:46 | ControlFlowNode for h_val | false | false |
-| wsgiref_tests.py:10:5:10:35 | ControlFlowNode for start_response() | wsgiref_tests.py:9:34:9:39 | ControlFlowNode for Str | wsgiref_tests.py:9:25:9:29 | ControlFlowNode for Str | false | false |
-| wsgiref_tests.py:10:5:10:35 | ControlFlowNode for start_response() | wsgiref_tests.py:9:34:9:39 | ControlFlowNode for Str | wsgiref_tests.py:9:42:9:46 | ControlFlowNode for h_val | false | false |
-| wsgiref_tests.py:17:15:17:57 | ControlFlowNode for Headers() | wsgiref_tests.py:17:25:17:30 | ControlFlowNode for h_name | wsgiref_tests.py:17:33:17:37 | ControlFlowNode for Str | false | false |
-| wsgiref_tests.py:17:15:17:57 | ControlFlowNode for Headers() | wsgiref_tests.py:17:25:17:30 | ControlFlowNode for h_name | wsgiref_tests.py:17:50:17:54 | ControlFlowNode for h_val | false | false |
-| wsgiref_tests.py:17:15:17:57 | ControlFlowNode for Headers() | wsgiref_tests.py:17:42:17:47 | ControlFlowNode for Str | wsgiref_tests.py:17:33:17:37 | ControlFlowNode for Str | false | false |
-| wsgiref_tests.py:17:15:17:57 | ControlFlowNode for Headers() | wsgiref_tests.py:17:42:17:47 | ControlFlowNode for Str | wsgiref_tests.py:17:50:17:54 | ControlFlowNode for h_val | false | false |
-| wsgiref_tests.py:18:5:18:37 | ControlFlowNode for Attribute() | wsgiref_tests.py:18:24:18:29 | ControlFlowNode for h_name | wsgiref_tests.py:18:32:18:36 | ControlFlowNode for h_val | false | false |
-| wsgiref_tests.py:19:5:19:37 | ControlFlowNode for Attribute() | wsgiref_tests.py:19:24:19:29 | ControlFlowNode for h_name | wsgiref_tests.py:19:32:19:36 | ControlFlowNode for h_val | false | false |
-| wsgiref_tests.py:20:5:20:38 | ControlFlowNode for Attribute() | wsgiref_tests.py:20:25:20:30 | ControlFlowNode for h_name | wsgiref_tests.py:20:33:20:37 | ControlFlowNode for h_val | false | false |
-| wsgiref_tests.py:21:5:21:19 | ControlFlowNode for Subscript | wsgiref_tests.py:21:13:21:18 | ControlFlowNode for h_name | wsgiref_tests.py:21:23:21:27 | ControlFlowNode for h_val | false | false |
+| wsgiref_tests.py:10:5:10:35 | ControlFlowNode for start_response() | wsgiref_tests.py:9:34:9:39 | ControlFlowNode for StringLiteral | wsgiref_tests.py:9:25:9:29 | ControlFlowNode for StringLiteral | false | false |
+| wsgiref_tests.py:10:5:10:35 | ControlFlowNode for start_response() | wsgiref_tests.py:9:34:9:39 | ControlFlowNode for StringLiteral | wsgiref_tests.py:9:42:9:46 | ControlFlowNode for h_val | false | false |

python/ql/test/query-tests/Security/CWE-113-HeaderInjection/Tests2/wsgiref_tests.py

@@ -10,24 +10,7 @@ def test_app(environ, start_response):
     start_response(status, headers) # GOOD - the application is validated, so headers containing newlines will be rejected.
     return [b"Hello"]
 
-def test_app2(environ, start_response):
-    status = "200 OK"
-    h_name = environ["source_n"]
-    h_val = environ["source_v"]
-    headers = Headers([(h_name, "val"), ("name", h_val)]) # GOOD
-    headers.add_header(h_name, h_val) # GOOD
-    headers.setdefault(h_name, h_val) # GOOD
-    headers.__setitem__(h_name, h_val) # GOOD
-    headers[h_name] = h_val # GOOD
-    start_response(status, headers)
-    return [b"Hello"]
-
 def main1():
     with make_server('', 8000, validator(test_app)) as httpd:
-        print("Serving on port 8000...")
-        httpd.serve_forever()
-
-def main2():
-    with make_server('', 8000, validator(test_app2)) as httpd:
         print("Serving on port 8000...")
         httpd.serve_forever()