Python: Remove duplicated SSTI tests

Besides the Cheetah tests, which were missing from the query tests.
2023-08-18 10:20:16 +02:00 · 2023-08-18 10:20:16 +02:00 · 38577e6a5c
--- a/python/ql/test/experimental/query-tests/Security/CWE-074-TemplateInjection/CheetahSinks.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-074-TemplateInjection/CheetahSinks.py
@ -0,0 +1,22 @@
 from flask import Flask, request
 from Cheetah.Template import Template
 app = Flask(__name__)
@app.route('/other')
 def a():
    template = request.args.get('template')
    return Template(template)
 class Template3(Template):
    title = 'Hello World Example!'
    contents = 'Hello World!'
@app.route('/other2')
 def b():
    template = request.args.get('template')
    t3 = Template3(template)
--- a/python/ql/test/experimental/semmle/python/templates/Airspeed.py
+++ b/python/ql/test/experimental/semmle/python/templates/Airspeed.py
@ -1,10 +0,0 @@
 from bottle import Bottle, route, request, redirect, response
 import airspeed
 app = Bottle()
@route('/other')
 def a():
    return airspeed.Template("sink")
--- a/python/ql/test/experimental/semmle/python/templates/AirspeedSSTISinks.expected
+++ b/python/ql/test/experimental/semmle/python/templates/AirspeedSSTISinks.expected
@ -1,2 +0,0 @@
 WARNING: Type SSTISink has been deprecated and may be removed in future (AirspeedSSTISinks.ql:4,6-14)
 | Airspeed.py:10:30:10:35 | argument to airspeed.Template() |
--- a/python/ql/test/experimental/semmle/python/templates/AirspeedSSTISinks.ql
+++ b/python/ql/test/experimental/semmle/python/templates/AirspeedSSTISinks.ql
@ -1,5 +0,0 @@
 import python
 import experimental.semmle.python.templates.Airspeed
 from SSTISink s
 select s
--- a/python/ql/test/experimental/semmle/python/templates/Bottle.py
+++ b/python/ql/test/experimental/semmle/python/templates/Bottle.py
@ -1,17 +0,0 @@
 from bottle import Bottle, route, request, redirect, response, SimpleTemplate
 from bottle import template as temp
 app = Bottle()
@route('/other')
 def a():
    template = "test"
    tpl = SimpleTemplate(template)
@route('/other2')
 def b():
    template = "test"
    return temp(template, name='World')
--- a/python/ql/test/experimental/semmle/python/templates/BottleSSTISinks.expected
+++ b/python/ql/test/experimental/semmle/python/templates/BottleSSTISinks.expected
@ -1,3 +0,0 @@
 WARNING: Type SSTISink has been deprecated and may be removed in future (BottleSSTISinks.ql:4,6-14)
 | Bottle.py:11:26:11:33 | argument to bottle.SimpleTemplate() |
 | Bottle.py:17:17:17:24 | argument to bottle.template() |
--- a/python/ql/test/experimental/semmle/python/templates/BottleSSTISinks.ql
+++ b/python/ql/test/experimental/semmle/python/templates/BottleSSTISinks.ql
@ -1,5 +0,0 @@
 import python
 import experimental.semmle.python.templates.Bottle
 from SSTISink s
 select s
--- a/python/ql/test/experimental/semmle/python/templates/Chameleon.py
+++ b/python/ql/test/experimental/semmle/python/templates/Chameleon.py
@ -1,5 +0,0 @@
 from chameleon import PageTemplate
 def chameleon():
    template = PageTemplate("sink")
--- a/python/ql/test/experimental/semmle/python/templates/ChameleonSSTISinks.expected
+++ b/python/ql/test/experimental/semmle/python/templates/ChameleonSSTISinks.expected
@ -1,2 +0,0 @@
 WARNING: Type SSTISink has been deprecated and may be removed in future (ChameleonSSTISinks.ql:4,6-14)
 | Chameleon.py:5:29:5:34 | argument to Chameleon.PageTemplate() |
--- a/python/ql/test/experimental/semmle/python/templates/ChameleonSSTISinks.ql
+++ b/python/ql/test/experimental/semmle/python/templates/ChameleonSSTISinks.ql
@ -1,5 +0,0 @@
 import python
 import experimental.semmle.python.templates.Chameleon
 from SSTISink s
 select s
--- a/python/ql/test/experimental/semmle/python/templates/CheetahSSTISinks.expected
+++ b/python/ql/test/experimental/semmle/python/templates/CheetahSSTISinks.expected
@ -1,3 +0,0 @@
 WARNING: Type SSTISink has been deprecated and may be removed in future (CheetahSSTISinks.ql:4,6-14)
 | CheetahSinks.py:10:21:10:26 | argument to Cheetah.Template.Template() |
 | CheetahSinks.py:20:20:20:25 | argument to Cheetah.Template.Template() |
--- a/python/ql/test/experimental/semmle/python/templates/CheetahSSTISinks.ql
+++ b/python/ql/test/experimental/semmle/python/templates/CheetahSSTISinks.ql
@ -1,5 +0,0 @@
 import python
 import experimental.semmle.python.templates.Cheetah
 from SSTISink s
 select s
--- a/python/ql/test/experimental/semmle/python/templates/CheetahSinks.py
+++ b/python/ql/test/experimental/semmle/python/templates/CheetahSinks.py
@ -1,20 +0,0 @@
 from bottle import Bottle, route, request, redirect, response, SimpleTemplate
 from Cheetah.Template import Template
 app = Bottle()
@route('/other')
 def a():
    return Template("sink")
 class Template3(Template):
    title = 'Hello World Example!'
    contents = 'Hello World!'
@route('/other2')
 def b():
    t3 = Template3("sink")
--- a/python/ql/test/experimental/semmle/python/templates/ChevronSSTISinks.expected
+++ b/python/ql/test/experimental/semmle/python/templates/ChevronSSTISinks.expected
@ -1,2 +0,0 @@
 WARNING: Type SSTISink has been deprecated and may be removed in future (ChevronSSTISinks.ql:4,6-14)
 | ChevronSinks.py:10:27:10:32 | argument to chevron.render() |
--- a/python/ql/test/experimental/semmle/python/templates/ChevronSSTISinks.ql
+++ b/python/ql/test/experimental/semmle/python/templates/ChevronSSTISinks.ql
@ -1,5 +0,0 @@
 import python
 import experimental.semmle.python.templates.Chevron
 from SSTISink s
 select s
--- a/python/ql/test/experimental/semmle/python/templates/ChevronSinks.py
+++ b/python/ql/test/experimental/semmle/python/templates/ChevronSinks.py
@ -1,22 +0,0 @@
 from bottle import Bottle, route, request, redirect, response, SimpleTemplate
 import chevron
 app = Bottle()
@route('/other')
 def a():
    return chevron.render("sink", {"key": "value"})
@route('/other2')
 def b():
    sink = {
        'template': "template",
        'data': {
            'key': 'value'
        }
    }
    return chevron.render(**sink)
--- a/python/ql/test/experimental/semmle/python/templates/DjangoSSTISinks.expected
+++ b/python/ql/test/experimental/semmle/python/templates/DjangoSSTISinks.expected
@ -1,2 +0,0 @@
 WARNING: Type SSTISink has been deprecated and may be removed in future (DjangoSSTISinks.ql:4,6-14)
 | DjangoTemplates.py:9:18:9:25 | argument to Django.template() |
--- a/python/ql/test/experimental/semmle/python/templates/DjangoSSTISinks.ql
+++ b/python/ql/test/experimental/semmle/python/templates/DjangoSSTISinks.ql
@ -1,5 +0,0 @@
 import python
 import experimental.semmle.python.templates.DjangoTemplate
 from SSTISink s
 select s
--- a/python/ql/test/experimental/semmle/python/templates/DjangoTemplates.py
+++ b/python/ql/test/experimental/semmle/python/templates/DjangoTemplates.py
@ -1,39 +0,0 @@
 from django.urls import path
 from django.http import HttpResponse
 from django.template import Template, Context, Engine, engines
 def dj(request):
    # Load the template
    template = request.GET['template']
    t = Template(template)
    ctx = Context(locals())
    html = t.render(ctx)
    return HttpResponse(html)
 def djEngine(request):
    # Load the template
    template = request.GET['template']
    django_engine = engines['django']
    t = django_engine.from_string(template)
    ctx = Context(locals())
    html = t.render(ctx)
    return HttpResponse(html)
 def djEngineJinja(request):
    # Load the template
    template = request.GET['template']
    django_engine = engines['jinja']
    t = django_engine.from_string(template)
    ctx = Context(locals())
    html = t.render(ctx)
    return HttpResponse(html)
 urlpatterns = [
    path('', dj)
 ]
--- a/python/ql/test/experimental/semmle/python/templates/Genshi.py
+++ b/python/ql/test/experimental/semmle/python/templates/Genshi.py
@ -1,10 +0,0 @@
 def genshi1():
    from genshi.template import MarkupTemplate
    tmpl = MarkupTemplate('sink')
 def genshi2():
    from genshi.template import TextTemplate
    tmpl = TextTemplate('sink')
--- a/python/ql/test/experimental/semmle/python/templates/GenshiSSTISinks.expected
+++ b/python/ql/test/experimental/semmle/python/templates/GenshiSSTISinks.expected
@ -1,3 +0,0 @@
 WARNING: Type SSTISink has been deprecated and may be removed in future (GenshiSSTISinks.ql:4,6-14)
 | Genshi.py:5:27:5:32 | argument to genshi.template.MarkupTemplate() |
 | Genshi.py:10:25:10:30 | argument to genshi.template.TextTemplate() |
--- a/python/ql/test/experimental/semmle/python/templates/GenshiSSTISinks.ql
+++ b/python/ql/test/experimental/semmle/python/templates/GenshiSSTISinks.ql
@ -1,5 +0,0 @@
 import python
 import experimental.semmle.python.templates.Genshi
 from SSTISink s
 select s
--- a/python/ql/test/experimental/semmle/python/templates/Jinja2Templates.py
+++ b/python/ql/test/experimental/semmle/python/templates/Jinja2Templates.py
@ -1,17 +0,0 @@
 from jinja2 import Template as Jinja2_Template
 from jinja2 import Environment, DictLoader, escape
 def jinja():
    t = Jinja2_Template("sink")
 def jinja2():
    random = "esdad" + "asdad"
    t = Jinja2_Template(random)
 def jinja3():
    random = 1234
    t = Jinja2_Template("sink"+random)
--- a/python/ql/test/experimental/semmle/python/templates/JinjaSSTISinks.expected
+++ b/python/ql/test/experimental/semmle/python/templates/JinjaSSTISinks.expected
@ -1,4 +0,0 @@
 WARNING: Type SSTISink has been deprecated and may be removed in future (JinjaSSTISinks.ql:4,6-14)
 | Jinja2Templates.py:6:25:6:30 | argument to jinja2.Template() |
 | Jinja2Templates.py:11:25:11:30 | argument to jinja2.Template() |
 | Jinja2Templates.py:16:25:16:37 | argument to jinja2.Template() |
--- a/python/ql/test/experimental/semmle/python/templates/JinjaSSTISinks.ql
+++ b/python/ql/test/experimental/semmle/python/templates/JinjaSSTISinks.ql
@ -1,5 +0,0 @@
 import python
 import experimental.semmle.python.templates.Jinja
 from SSTISink s
 select s
--- a/python/ql/test/experimental/semmle/python/templates/Mako.py
+++ b/python/ql/test/experimental/semmle/python/templates/Mako.py
@ -1,5 +0,0 @@
 def mako():
    from mako.template import Template
    mytemplate = Template("sink")
--- a/python/ql/test/experimental/semmle/python/templates/MakoSSTISinks.expected
+++ b/python/ql/test/experimental/semmle/python/templates/MakoSSTISinks.expected
@ -1,2 +0,0 @@
 WARNING: Type SSTISink has been deprecated and may be removed in future (MakoSSTISinks.ql:4,6-14)
 | Mako.py:5:27:5:32 | argument to mako.template.Template() |
--- a/python/ql/test/experimental/semmle/python/templates/MakoSSTISinks.ql
+++ b/python/ql/test/experimental/semmle/python/templates/MakoSSTISinks.ql
@ -1,5 +0,0 @@
 import python
 import experimental.semmle.python.templates.Mako
 from SSTISink s
 select s
--- a/python/ql/test/experimental/semmle/python/templates/TRender.py
+++ b/python/ql/test/experimental/semmle/python/templates/TRender.py
@ -1,6 +0,0 @@
 def trender():
    from trender import TRender
    template = '@greet world!'
    compiled = TRender(template)
--- a/python/ql/test/experimental/semmle/python/templates/TRenderSSTISinks.expected
+++ b/python/ql/test/experimental/semmle/python/templates/TRenderSSTISinks.expected
@ -1,2 +0,0 @@
 WARNING: Type SSTISink has been deprecated and may be removed in future (TRenderSSTISinks.ql:4,6-14)
 | TRender.py:6:24:6:31 | argument to trender.TRender() |
--- a/python/ql/test/experimental/semmle/python/templates/TRenderSSTISinks.ql
+++ b/python/ql/test/experimental/semmle/python/templates/TRenderSSTISinks.ql
@ -1,5 +0,0 @@
 import python
 import experimental.semmle.python.templates.TRender
 from SSTISink s
 select s
--- a/python/ql/test/experimental/semmle/python/templates/options
+++ b/python/ql/test/experimental/semmle/python/templates/options
@ -1 +0,0 @@
 semmle-extractor-options: --lang=3 --max-import-depth=3 -p ../../../../../query-tests/Security/lib/
		`@ -1,2 +0,0 @@`
			`WARNING: Type SSTISink has been deprecated and may be removed in future (AirspeedSSTISinks.ql:4,6-14)`
			`\| Airspeed.py:10:30:10:35 \| argument to airspeed.Template() \|`
		`@ -1,2 +0,0 @@`
			`WARNING: Type SSTISink has been deprecated and may be removed in future (ChameleonSSTISinks.ql:4,6-14)`
			`\| Chameleon.py:5:29:5:34 \| argument to Chameleon.PageTemplate() \|`
		`@ -1,2 +0,0 @@`
			`WARNING: Type SSTISink has been deprecated and may be removed in future (ChevronSSTISinks.ql:4,6-14)`
			`\| ChevronSinks.py:10:27:10:32 \| argument to chevron.render() \|`
		`@ -1,2 +0,0 @@`
			`WARNING: Type SSTISink has been deprecated and may be removed in future (DjangoSSTISinks.ql:4,6-14)`
			`\| DjangoTemplates.py:9:18:9:25 \| argument to Django.template() \|`
		`@ -1,2 +0,0 @@`
			`WARNING: Type SSTISink has been deprecated and may be removed in future (MakoSSTISinks.ql:4,6-14)`
			`\| Mako.py:5:27:5:32 \| argument to mako.template.Template() \|`
		`@ -1,2 +0,0 @@`
			`WARNING: Type SSTISink has been deprecated and may be removed in future (TRenderSSTISinks.ql:4,6-14)`
			`\| TRender.py:6:24:6:31 \| argument to trender.TRender() \|`
		`@ -1 +0,0 @@`
			`semmle-extractor-options: --lang=3 --max-import-depth=3 -p ../../../../../query-tests/Security/lib/`