From 080d14ea50483f16bba65b37cfe08f78588393cc Mon Sep 17 00:00:00 2001
From: Sauyon Lee <sauyon@github.com>
Date: Fri, 27 Mar 2020 04:21:49 -0700
Subject: [PATCH] Add a test for the Read taint step

---
 .../frameworks/TaintSteps/TaintStep.expected  | 36 ++++++++++---------
 .../semmle/go/frameworks/TaintSteps/main.go   |  7 ++++
 2 files changed, 27 insertions(+), 16 deletions(-)

diff --git a/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected b/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected
index 242e8ec4d37..d912d745d7a 100644
--- a/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected
+++ b/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected
@@ -5,19 +5,23 @@
 | crypto.go:11:18:11:57 | call to Open | crypto.go:11:2:11:57 | ... := ...[0] |
 | crypto.go:11:18:11:57 | call to Open | crypto.go:11:2:11:57 | ... := ...[1] |
 | crypto.go:11:42:11:51 | ciphertext | crypto.go:11:2:11:57 | ... := ...[0] |
-| main.go:10:12:10:26 | call to Marshal | main.go:10:2:10:26 | ... := ...[0] |
-| main.go:10:12:10:26 | call to Marshal | main.go:10:2:10:26 | ... := ...[1] |
-| main.go:10:25:10:25 | v | main.go:10:2:10:26 | ... := ...[0] |
-| main.go:12:14:12:52 | call to MarshalIndent | main.go:12:2:12:52 | ... := ...[0] |
-| main.go:12:14:12:52 | call to MarshalIndent | main.go:12:2:12:52 | ... := ...[1] |
-| main.go:12:33:12:33 | v | main.go:12:2:12:52 | ... := ...[0] |
-| main.go:13:25:13:25 | b | main.go:13:9:13:41 | composite literal |
-| main.go:13:28:13:30 | err | main.go:13:9:13:41 | composite literal |
-| main.go:13:33:13:34 | b2 | main.go:13:9:13:41 | composite literal |
-| main.go:13:37:13:40 | err2 | main.go:13:9:13:41 | composite literal |
-| main.go:18:18:18:42 | call to DecodeString | main.go:18:2:18:42 | ... := ...[0] |
-| main.go:18:18:18:42 | call to DecodeString | main.go:18:2:18:42 | ... := ...[1] |
-| main.go:18:35:18:41 | encoded | main.go:18:2:18:42 | ... := ...[0] |
-| main.go:22:25:22:31 | decoded | main.go:22:9:22:48 | composite literal |
-| main.go:22:34:22:36 | err | main.go:22:9:22:48 | composite literal |
-| main.go:22:39:22:47 | reEncoded | main.go:22:9:22:48 | composite literal |
+| main.go:11:12:11:26 | call to Marshal | main.go:11:2:11:26 | ... := ...[0] |
+| main.go:11:12:11:26 | call to Marshal | main.go:11:2:11:26 | ... := ...[1] |
+| main.go:11:25:11:25 | v | main.go:11:2:11:26 | ... := ...[0] |
+| main.go:13:14:13:52 | call to MarshalIndent | main.go:13:2:13:52 | ... := ...[0] |
+| main.go:13:14:13:52 | call to MarshalIndent | main.go:13:2:13:52 | ... := ...[1] |
+| main.go:13:33:13:33 | v | main.go:13:2:13:52 | ... := ...[0] |
+| main.go:14:25:14:25 | b | main.go:14:9:14:41 | composite literal |
+| main.go:14:28:14:30 | err | main.go:14:9:14:41 | composite literal |
+| main.go:14:33:14:34 | b2 | main.go:14:9:14:41 | composite literal |
+| main.go:14:37:14:40 | err2 | main.go:14:9:14:41 | composite literal |
+| main.go:19:18:19:42 | call to DecodeString | main.go:19:2:19:42 | ... := ...[0] |
+| main.go:19:18:19:42 | call to DecodeString | main.go:19:2:19:42 | ... := ...[1] |
+| main.go:19:35:19:41 | encoded | main.go:19:2:19:42 | ... := ...[0] |
+| main.go:23:25:23:31 | decoded | main.go:23:9:23:48 | composite literal |
+| main.go:23:34:23:36 | err | main.go:23:9:23:48 | composite literal |
+| main.go:23:39:23:47 | reEncoded | main.go:23:9:23:48 | composite literal |
+| main.go:28:2:28:4 | implicit dereference | main.go:26:15:26:17 | definition of req |
+| main.go:28:2:28:4 | implicit dereference | main.go:28:2:28:9 | selection of Body |
+| main.go:28:2:28:4 | req | main.go:28:2:28:4 | implicit dereference |
+| main.go:28:2:28:9 | selection of Body | main.go:27:2:27:2 | definition of b |
diff --git a/ql/test/library-tests/semmle/go/frameworks/TaintSteps/main.go b/ql/test/library-tests/semmle/go/frameworks/TaintSteps/main.go
index cd8ffe20f16..79e7040c296 100644
--- a/ql/test/library-tests/semmle/go/frameworks/TaintSteps/main.go
+++ b/ql/test/library-tests/semmle/go/frameworks/TaintSteps/main.go
@@ -3,6 +3,7 @@ package main
 import (
 	"encoding/hex"
 	"encoding/json"
+	"net/http"
 )
 
 func jsonTest(v interface{}) []interface{} {
@@ -21,3 +22,9 @@ func hexTest(encoded string) []interface{} {
 	reEncoded := hex.EncodeToString(decoded)
 	return [](interface{}){decoded, err, reEncoded}
 }
+
+func readTest(req *http.Request) string {
+	b := make([]byte, 8)
+	req.Body.Read(b)
+	return string(b)
+}