Python: add tests

Author: yoff

python/ql/src/experimental/semmle/python/frameworks/MysqlConnectorPython.qll

@@ -1,6 +1,8 @@
 /**
  * Provides classes modeling security-relevant aspects of the `mysql-connector-python` package.
- * See https://dev.mysql.com/doc/dev/connector-python/.
+ * See
+ * - https://dev.mysql.com/doc/connector-python/en/
+ * - https://dev.mysql.com/doc/connector-python/en/connector-python-example-connecting.html
  */
 
 private import python
@@ -11,7 +13,9 @@ private import PEP249
 
 /**
  * Provides models for the `mysql-connector-python` package.
- * See https://dev.mysql.com/doc/dev/connector-python/.
+ * See
+ * - https://dev.mysql.com/doc/connector-python/en/
+ * - https://dev.mysql.com/doc/connector-python/en/connector-python-example-connecting.html
  */
 module MysqlConnectorPython {
   // ---------------------------------------------------------------------------

python/ql/test/experimental/library-tests/frameworks/mysql-connector-python/ConceptsTest.expected

@@ -0,0 +1,2 @@
+import python
+import experimental.meta.ConceptsTest

python/ql/test/experimental/library-tests/frameworks/mysql-connector-python/ConceptsTest.ql

@@ -0,0 +1,37 @@
+# taken from https://dev.mysql.com/doc/connector-python/en/connector-python-example-cursor-transaction.html
+from __future__ import print_function
+from datetime import date, datetime, timedelta
+import mysql.connector
+
+cnx = mysql.connector.connect(user='scott', database='employees')
+cursor = cnx.cursor()
+
+tomorrow = datetime.now().date() + timedelta(days=1)
+
+add_employee = ("INSERT INTO employees "
+               "(first_name, last_name, hire_date, gender, birth_date) "
+               "VALUES (%s, %s, %s, %s, %s)")
+add_salary = ("INSERT INTO salaries "
+              "(emp_no, salary, from_date, to_date) "
+              "VALUES (%(emp_no)s, %(salary)s, %(from_date)s, %(to_date)s)")
+
+data_employee = ('Geert', 'Vanderkelen', tomorrow, 'M', date(1977, 6, 14))
+
+# Insert new employee
+cursor.execute(add_employee, data_employee)  # $getSql=add_employee
+emp_no = cursor.lastrowid
+
+# Insert salary information
+data_salary = {
+  'emp_no': emp_no,
+  'salary': 50000,
+  'from_date': tomorrow,
+  'to_date': date(9999, 1, 1),
+}
+cursor.execute(add_salary, data_salary)  # $getSql=add_salary
+
+# Make sure data is committed to the database
+cnx.commit()
+
+cursor.close()
+cnx.close()

python/ql/test/experimental/library-tests/frameworks/mysql-connector-python/pep249.py

@@ -0,0 +1,2 @@
+import python
+import experimental.meta.ConceptsTest

python/ql/test/experimental/library-tests/frameworks/mysqldb/ConceptsTest.expected

@@ -0,0 +1,7 @@
+# taken from https://mysqlclient.readthedocs.io/user_guide.html#some-examples
+import MySQLdb
+db=MySQLdb.connect(passwd="moonpie",db="thangs")
+
+c=db.cursor()
+max_price=5
+c.execute("some sql", (max_price,))  # $getSql="some sql"