hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Merge pull request #18235 from owen-mc/go/varargs-out-param"

Browse Source 
This reverts commit 4f8645b4dd, reversing
changes made to 22aaf74184.
This commit is contained in:
Dave Bartolomeo
2025-01-07 14:59:31 -05:00
parent 3dcf49cea0
commit 1323b3f067
26 changed files with 9 additions and 350 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
go/ql/lib/change-notes/2024-12-06-improve-flow-out-of-variadic-parameter.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Data flow out of variadic parameters now works in more situations. Summary models defined using models-as-data work. Source models defined using models-as-data do not work yet.

5
go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll
View File

@@ -66,11 +66,6 @@ predicate containerReadStep(Node node1, Node node2, Content c) {
(
node2.(Read).readsElement(node1, _)
or
exists(ImplicitVarargsSlice ivs |
node1.(PostUpdateNode).getPreUpdateNode() = ivs and
node2.(PostUpdateNode).getPreUpdateNode() = ivs.getCallNode().getAnImplicitVarargsArgument()
)
or
node2.(RangeElementNode).getBase() = node1
or
// To model data flow from array elements of the base of a `SliceNode` to

3
go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll
View File

@@ -845,9 +845,6 @@ module Public {
or
preupd = getAWrittenNode()
or
preupd instanceof ImplicitVarargsSlice and
mutableType(preupd.(ImplicitVarargsSlice).getType().(SliceType).getElementType())
or
preupd = any(ArgumentNode arg).getACorrespondingSyntacticArgument() and
mutableType(preupd.getType())
) and

4
go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ql
View File

@@ -9,9 +9,9 @@ import semmle.go.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
import utils.test.InlineFlowTest
module Config implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { sourceNode(source, "qltest") }
predicate isSource(DataFlow::Node src) { sourceNode(src, "qltest") }
predicate isSink(DataFlow::Node sink) { sinkNode(sink, "qltest") }
predicate isSink(DataFlow::Node src) { sinkNode(src, "qltest") }
}
import ValueFlowTest<Config>

12
go/ql/test/library-tests/semmle/go/dataflow/VarArgs/main.go
View File

@@ -4,7 +4,7 @@ func source() string {
return "untrusted data"
}
func sink(any) {
func sink(string) {
}
type A struct {
@@ -19,10 +19,6 @@ func functionWithVarArgsParameter(s ...string) string {
return s[1]
}
func functionWithVarArgsOutParameter(in string, out ...*string) {
*out[0] = in
}
func functionWithSliceOfStructsParameter(s []A) string {
return s[1].f
}
@@ -42,12 +38,6 @@ func main() {
sink(functionWithVarArgsParameter(sSlice...)) // $ hasValueFlow="call to functionWithVarArgsParameter"
sink(functionWithVarArgsParameter(s0, s1)) // $ hasValueFlow="call to functionWithVarArgsParameter"
var out1 *string
var out2 *string
functionWithVarArgsOutParameter(source(), out1, out2)
sink(out1) // $ MISSING: hasValueFlow="out1"
sink(out2) // $ MISSING: hasValueFlow="out2"
sliceOfStructs := []A{{f: source()}}
sink(sliceOfStructs[0].f) // $ hasValueFlow="selection of f"

2
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.expected
View File

@@ -1,2 +0,0 @@
testFailures
invalidModelRow

21
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ext.yml
View File

@@ -1,21 +0,0 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["github.com/nonexistent/test", "", False, "FunctionWithParameter", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
- ["github.com/nonexistent/test", "", False, "FunctionWithSliceParameter", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
- ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsParameter", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
- ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsOutParameter", "", "", "Argument[0]", "Argument[1].ArrayElement", "value", "manual"]
- ["github.com/nonexistent/test", "", False, "FunctionWithSliceOfStructsParameter", "", "", "Argument[0].ArrayElement.Field[github.com/nonexistent/test.A.Field]", "ReturnValue", "value", "manual"]
- ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsOfStructsParameter", "", "", "Argument[0].ArrayElement.Field[github.com/nonexistent/test.A.Field]", "ReturnValue", "value", "manual"]
- addsTo:
pack: codeql/go-all
extensible: sourceModel
data:
- ["github.com/nonexistent/test", "", False, "VariadicSource", "", "", "Argument[0]", "qltest", "manual"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/nonexistent/test", "", False, "VariadicSink", "", "", "Argument[0]", "qltest", "manual"]

22
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ql
View File

@@ -1,22 +0,0 @@
import go
import semmle.go.dataflow.ExternalFlow
import ModelValidation
import utils.test.InlineFlowTest
module Config implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
sourceNode(source, "qltest")
or
exists(Function fn | fn.hasQualifiedName(_, ["source", "taint"]) |
source = fn.getACall().getResult()
)
}
predicate isSink(DataFlow::Node sink) {
sinkNode(sink, "qltest")
or
exists(Function fn | fn.hasQualifiedName(_, "sink") | sink = fn.getACall().getAnArgument())
}
}
import FlowTest<Config, Config>

5
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/go.mod
View File

@@ -1,5 +0,0 @@
module semmle.go.Packages
go 1.23
require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000

51
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/main.go
View File

@@ -1,51 +0,0 @@
package main
import (
"github.com/nonexistent/test"
)
func source() string {
return "untrusted data"
}
func sink(any) {
}
func main() {
s := source()
sink(test.FunctionWithParameter(s)) // $ hasValueFlow="call to FunctionWithParameter"
stringSlice := []string{source()}
sink(stringSlice[0]) // $ hasValueFlow="index expression"
s0 := ""
s1 := source()
sSlice := []string{s0, s1}
sink(test.FunctionWithParameter(sSlice[1])) // $ hasValueFlow="call to FunctionWithParameter"
sink(test.FunctionWithSliceParameter(sSlice)) // $ hasValueFlow="call to FunctionWithSliceParameter"
sink(test.FunctionWithVarArgsParameter(sSlice...)) // $ hasValueFlow="call to FunctionWithVarArgsParameter"
sink(test.FunctionWithVarArgsParameter(s0, s1)) // $ hasValueFlow="call to FunctionWithVarArgsParameter"
var out1 *string
var out2 *string
test.FunctionWithVarArgsOutParameter(source(), out1, out2)
sink(out1) // $ hasValueFlow="out1"
sink(out2) // $ hasValueFlow="out2"
sliceOfStructs := []test.A{{Field: source()}}
sink(sliceOfStructs[0].Field) // $ hasValueFlow="selection of Field"
a0 := test.A{Field: ""}
a1 := test.A{Field: source()}
aSlice := []test.A{a0, a1}
sink(test.FunctionWithSliceOfStructsParameter(aSlice)) // $ hasValueFlow="call to FunctionWithSliceOfStructsParameter"
sink(test.FunctionWithVarArgsOfStructsParameter(aSlice...)) // $ hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
sink(test.FunctionWithVarArgsOfStructsParameter(a0, a1)) // $ hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
var variadicSource string
test.VariadicSource(&variadicSource)
sink(variadicSource) // $ MISSING: hasTaintFlow="variadicSource"
test.VariadicSink(source()) // $ hasTaintFlow="[]type{args}"
}

31
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/github.com/nonexistent/test/stub.go generated vendored
View File

@@ -1,31 +0,0 @@
package test
type A struct {
Field string
}
func FunctionWithParameter(s string) string {
return ""
}
func FunctionWithSliceParameter(s []string) string {
return ""
}
func FunctionWithVarArgsParameter(s ...string) string {
return ""
}
func FunctionWithVarArgsOutParameter(in string, out ...*string) {
}
func FunctionWithSliceOfStructsParameter(s []A) string {
return ""
}
func FunctionWithVarArgsOfStructsParameter(s ...A) string {
return ""
}
func VariadicSource(s ...*string) {}
func VariadicSink(s ...string) {}

3
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/modules.txt vendored
View File

@@ -1,3 +0,0 @@
# github.com/nonexistent/test v0.0.0-20200203000000-0000000000000
## explicit
github.com/nonexistent/test

3
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/Flows.ql
View File

@@ -19,9 +19,6 @@ class SummaryModelTest extends DataFlow::FunctionModel {
this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithVarArgsParameter") and
(inp.isParameter(_) and outp.isResult())
or
this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithVarArgsOutParameter") and
(inp.isParameter(0) and outp.isParameter(any(int i | i >= 1)))
or
this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithSliceOfStructsParameter") and
(inp.isParameter(0) and outp.isResult())
or

2
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/go.mod
View File

@@ -1,5 +1,5 @@
module semmle.go.Packages
go 1.23
go 1.17
require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000

20
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/main.go
View File

@@ -8,7 +8,7 @@ func source() string {
return "untrusted data"
}
func sink(any) {
func sink(string) {
}
func main() {
@@ -21,17 +21,10 @@ func main() {
s0 := ""
s1 := source()
sSlice := []string{s0, s1}
sink(test.FunctionWithParameter(sSlice[1])) // $ hasValueFlow="call to FunctionWithParameter"
sink(test.FunctionWithSliceParameter(sSlice)) // $ hasTaintFlow="call to FunctionWithSliceParameter" MISSING: hasValueFlow="call to FunctionWithSliceParameter"
sink(test.FunctionWithVarArgsParameter(sSlice...)) // $ hasTaintFlow="call to FunctionWithVarArgsParameter" MISSING: hasValueFlow="call to FunctionWithVarArgsParameter"
randomFunctionWithMoreThanOneParameter(1, 2, 3, 4, 5) // This is needed to make the next line pass, because we need to have seen a call to a function with at least 2 parameters for ParameterInput to exist with index 1.
sink(test.FunctionWithVarArgsParameter(s0, s1)) // $ hasValueFlow="call to FunctionWithVarArgsParameter"
var out1 *string
var out2 *string
test.FunctionWithVarArgsOutParameter(source(), out1, out2)
sink(out1) // $ hasValueFlow="out1"
sink(out2) // $ hasValueFlow="out2"
sink(test.FunctionWithParameter(sSlice[1])) // $ hasValueFlow="call to FunctionWithParameter"
sink(test.FunctionWithSliceParameter(sSlice)) // $ hasTaintFlow="call to FunctionWithSliceParameter" MISSING: hasValueFlow="call to FunctionWithSliceParameter"
sink(test.FunctionWithVarArgsParameter(sSlice...)) // $ hasTaintFlow="call to FunctionWithVarArgsParameter" MISSING: hasValueFlow="call to FunctionWithVarArgsParameter"
sink(test.FunctionWithVarArgsParameter(s0, s1)) // $ MISSING: hasValueFlow="call to FunctionWithVarArgsParameter"
sliceOfStructs := []test.A{{Field: source()}}
sink(sliceOfStructs[0].Field) // $ hasValueFlow="selection of Field"
@@ -44,6 +37,3 @@ func main() {
sink(test.FunctionWithVarArgsOfStructsParameter(aSlice...)) // $ MISSING: hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
sink(test.FunctionWithVarArgsOfStructsParameter(a0, a1)) // $ MISSING: hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
}
func randomFunctionWithMoreThanOneParameter(i1, i2, i3, i4, i5 int) {
}

BIN
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/semmle.go.Packages Executable file
View File

Binary file not shown.

2
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/vendor/github.com/nonexistent/test/stub.go generated vendored
View File

@@ -15,8 +15,6 @@ func FunctionWithSliceParameter(s []string) string {
func FunctionWithVarArgsParameter(s ...string) string {
return ""
}
func FunctionWithVarArgsOutParameter(in string, out ...*string) {
}
func FunctionWithSliceOfStructsParameter(s []A) string {
return ""

6
go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected
View File

@@ -24,11 +24,7 @@ edges
| test.go:148:16:148:23 | &... | test.go:149:13:149:39 | type conversion | provenance | |
| test.go:152:15:152:24 | &... | test.go:153:13:153:47 | type conversion | provenance | |
| test.go:156:18:156:30 | &... | test.go:157:13:157:38 | type conversion | provenance | |
| test.go:160:2:160:23 | []type{args} [array] | test.go:160:14:160:22 | &... | provenance | |
| test.go:160:14:160:22 | &... | test.go:160:2:160:23 | []type{args} [array] | provenance | |
| test.go:160:14:160:22 | &... | test.go:161:13:161:28 | type conversion | provenance | |
| test.go:164:2:164:25 | []type{args} [array] | test.go:164:15:164:24 | &... | provenance | |
| test.go:164:15:164:24 | &... | test.go:164:2:164:25 | []type{args} [array] | provenance | |
| test.go:164:15:164:24 | &... | test.go:165:13:165:32 | type conversion | provenance | |
nodes
| test.go:80:13:80:16 | &... | semmle.label | &... |
@@ -80,10 +76,8 @@ nodes
| test.go:153:13:153:47 | type conversion | semmle.label | type conversion |
| test.go:156:18:156:30 | &... | semmle.label | &... |
| test.go:157:13:157:38 | type conversion | semmle.label | type conversion |
| test.go:160:2:160:23 | []type{args} [array] | semmle.label | []type{args} [array] |
| test.go:160:14:160:22 | &... | semmle.label | &... |
| test.go:161:13:161:28 | type conversion | semmle.label | type conversion |
| test.go:164:2:164:25 | []type{args} [array] | semmle.label | []type{args} [array] |
| test.go:164:15:164:24 | &... | semmle.label | &... |
| test.go:165:13:165:32 | type conversion | semmle.label | type conversion |
subpaths

3
go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected
View File

@@ -3,15 +3,12 @@
edges
| StoredCommand.go:11:2:11:27 | ... := ...[0] | StoredCommand.go:13:2:13:5 | rows | provenance | |
| StoredCommand.go:13:2:13:5 | rows | StoredCommand.go:13:12:13:19 | &... | provenance | FunctionModel |
| StoredCommand.go:13:2:13:20 | []type{args} [array] | StoredCommand.go:13:12:13:19 | &... | provenance | |
| StoredCommand.go:13:12:13:19 | &... | StoredCommand.go:13:2:13:20 | []type{args} [array] | provenance | |
| StoredCommand.go:13:12:13:19 | &... | StoredCommand.go:14:22:14:28 | cmdName | provenance | Sink:MaD:1 |
models
| 1 | Sink: os/exec; ; false; Command; ; ; Argument[0]; command-injection; manual |
nodes
| StoredCommand.go:11:2:11:27 | ... := ...[0] | semmle.label | ... := ...[0] |
| StoredCommand.go:13:2:13:5 | rows | semmle.label | rows |
| StoredCommand.go:13:2:13:20 | []type{args} [array] | semmle.label | []type{args} [array] |
| StoredCommand.go:13:12:13:19 | &... | semmle.label | &... |
| StoredCommand.go:14:22:14:28 | cmdName | semmle.label | cmdName |
subpaths

39
go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
View File

@@ -32,10 +32,8 @@ edges
| contenttype.go:113:10:113:28 | call to FormValue | contenttype.go:114:50:114:53 | data | provenance | Src:MaD:8 |
| reflectedxsstest.go:31:2:31:44 | ... := ...[0] | reflectedxsstest.go:32:34:32:37 | file | provenance | Src:MaD:7 |
| reflectedxsstest.go:31:2:31:44 | ... := ...[1] | reflectedxsstest.go:34:46:34:60 | selection of Filename | provenance | Src:MaD:7 |
| reflectedxsstest.go:32:2:32:8 | definition of content | reflectedxsstest.go:33:49:33:55 | content | provenance | |
| reflectedxsstest.go:32:2:32:38 | ... := ...[0] | reflectedxsstest.go:33:49:33:55 | content | provenance | |
| reflectedxsstest.go:32:34:32:37 | file | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | provenance | MaD:13 |
| reflectedxsstest.go:33:17:33:56 | []type{args} [array] | reflectedxsstest.go:32:2:32:8 | definition of content | provenance | |
| reflectedxsstest.go:33:17:33:56 | []type{args} [array] | reflectedxsstest.go:33:17:33:56 | call to Sprintf | provenance | MaD:12 |
| reflectedxsstest.go:33:17:33:56 | call to Sprintf | reflectedxsstest.go:33:10:33:57 | type conversion | provenance | |
| reflectedxsstest.go:33:49:33:55 | content | reflectedxsstest.go:33:17:33:56 | []type{args} [array] | provenance | |
@@ -65,33 +63,11 @@ edges
| tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:34 | call to Get | provenance | Src:MaD:6 MaD:18 |
| tst.go:48:14:48:34 | call to Get | tst.go:53:12:53:26 | type conversion | provenance | |
| websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | provenance | Src:MaD:5 |
| websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | provenance | Src:MaD:5 |
| websocketXss.go:32:3:32:28 | []type{args} [array] | websocketXss.go:30:7:30:10 | definition of xnet | provenance | |
| websocketXss.go:32:24:32:27 | xnet | websocketXss.go:32:3:32:28 | []type{args} [array] | provenance | |
| websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | provenance | Src:MaD:4 |
| websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | provenance | Src:MaD:4 |
| websocketXss.go:36:3:36:29 | []type{args} [array] | websocketXss.go:34:3:34:7 | definition of xnet2 | provenance | |
| websocketXss.go:36:24:36:28 | xnet2 | websocketXss.go:36:3:36:29 | []type{args} [array] | provenance | |
| websocketXss.go:40:3:40:40 | ... := ...[1] | websocketXss.go:41:24:41:29 | nhooyr | provenance | Src:MaD:11 |
| websocketXss.go:40:3:40:40 | ... := ...[1] | websocketXss.go:41:24:41:29 | nhooyr | provenance | Src:MaD:11 |
| websocketXss.go:40:6:40:11 | definition of nhooyr | websocketXss.go:41:24:41:29 | nhooyr | provenance | |
| websocketXss.go:40:6:40:11 | definition of nhooyr | websocketXss.go:41:24:41:29 | nhooyr | provenance | |
| websocketXss.go:41:3:41:30 | []type{args} [array] | websocketXss.go:40:6:40:11 | definition of nhooyr | provenance | |
| websocketXss.go:41:24:41:29 | nhooyr | websocketXss.go:41:3:41:30 | []type{args} [array] | provenance | |
| websocketXss.go:46:7:46:16 | definition of gorillaMsg | websocketXss.go:48:24:48:33 | gorillaMsg | provenance | Src:MaD:1 |
| websocketXss.go:46:7:46:16 | definition of gorillaMsg | websocketXss.go:48:24:48:33 | gorillaMsg | provenance | Src:MaD:1 |
| websocketXss.go:48:3:48:34 | []type{args} [array] | websocketXss.go:46:7:46:16 | definition of gorillaMsg | provenance | |
| websocketXss.go:48:24:48:33 | gorillaMsg | websocketXss.go:48:3:48:34 | []type{args} [array] | provenance | |
| websocketXss.go:50:3:50:10 | definition of gorilla2 | websocketXss.go:52:24:52:31 | gorilla2 | provenance | Src:MaD:2 |
| websocketXss.go:50:3:50:10 | definition of gorilla2 | websocketXss.go:52:24:52:31 | gorilla2 | provenance | Src:MaD:2 |
| websocketXss.go:52:3:52:32 | []type{args} [array] | websocketXss.go:50:3:50:10 | definition of gorilla2 | provenance | |
| websocketXss.go:52:24:52:31 | gorilla2 | websocketXss.go:52:3:52:32 | []type{args} [array] | provenance | |
| websocketXss.go:54:3:54:38 | ... := ...[1] | websocketXss.go:55:24:55:31 | gorilla3 | provenance | Src:MaD:3 |
| websocketXss.go:54:3:54:38 | ... := ...[1] | websocketXss.go:55:24:55:31 | gorilla3 | provenance | Src:MaD:3 |
| websocketXss.go:54:6:54:13 | definition of gorilla3 | websocketXss.go:55:24:55:31 | gorilla3 | provenance | |
| websocketXss.go:54:6:54:13 | definition of gorilla3 | websocketXss.go:55:24:55:31 | gorilla3 | provenance | |
| websocketXss.go:55:3:55:32 | []type{args} [array] | websocketXss.go:54:6:54:13 | definition of gorilla3 | provenance | |
| websocketXss.go:55:24:55:31 | gorilla3 | websocketXss.go:55:3:55:32 | []type{args} [array] | provenance | |
models
| 1 | Source: github.com/gorilla/websocket; ; false; ReadJSON; ; ; Argument[1]; remote; manual |
| 2 | Source: github.com/gorilla/websocket; Conn; true; ReadJSON; ; ; Argument[0]; remote; manual |
@@ -132,7 +108,6 @@ nodes
| contenttype.go:114:50:114:53 | data | semmle.label | data |
| reflectedxsstest.go:31:2:31:44 | ... := ...[0] | semmle.label | ... := ...[0] |
| reflectedxsstest.go:31:2:31:44 | ... := ...[1] | semmle.label | ... := ...[1] |
| reflectedxsstest.go:32:2:32:8 | definition of content | semmle.label | definition of content |
| reflectedxsstest.go:32:2:32:38 | ... := ...[0] | semmle.label | ... := ...[0] |
| reflectedxsstest.go:32:34:32:37 | file | semmle.label | file |
| reflectedxsstest.go:33:10:33:57 | type conversion | semmle.label | type conversion |
@@ -167,29 +142,15 @@ nodes
| tst.go:48:14:48:34 | call to Get | semmle.label | call to Get |
| tst.go:53:12:53:26 | type conversion | semmle.label | type conversion |
| websocketXss.go:30:7:30:10 | definition of xnet | semmle.label | definition of xnet |
| websocketXss.go:32:3:32:28 | []type{args} [array] | semmle.label | []type{args} [array] |
| websocketXss.go:32:24:32:27 | xnet | semmle.label | xnet |
| websocketXss.go:32:24:32:27 | xnet | semmle.label | xnet |
| websocketXss.go:34:3:34:7 | definition of xnet2 | semmle.label | definition of xnet2 |
| websocketXss.go:36:3:36:29 | []type{args} [array] | semmle.label | []type{args} [array] |
| websocketXss.go:36:24:36:28 | xnet2 | semmle.label | xnet2 |
| websocketXss.go:36:24:36:28 | xnet2 | semmle.label | xnet2 |
| websocketXss.go:40:3:40:40 | ... := ...[1] | semmle.label | ... := ...[1] |
| websocketXss.go:40:6:40:11 | definition of nhooyr | semmle.label | definition of nhooyr |
| websocketXss.go:41:3:41:30 | []type{args} [array] | semmle.label | []type{args} [array] |
| websocketXss.go:41:24:41:29 | nhooyr | semmle.label | nhooyr |
| websocketXss.go:41:24:41:29 | nhooyr | semmle.label | nhooyr |
| websocketXss.go:46:7:46:16 | definition of gorillaMsg | semmle.label | definition of gorillaMsg |
| websocketXss.go:48:3:48:34 | []type{args} [array] | semmle.label | []type{args} [array] |
| websocketXss.go:48:24:48:33 | gorillaMsg | semmle.label | gorillaMsg |
| websocketXss.go:48:24:48:33 | gorillaMsg | semmle.label | gorillaMsg |
| websocketXss.go:50:3:50:10 | definition of gorilla2 | semmle.label | definition of gorilla2 |
| websocketXss.go:52:3:52:32 | []type{args} [array] | semmle.label | []type{args} [array] |
| websocketXss.go:52:24:52:31 | gorilla2 | semmle.label | gorilla2 |
| websocketXss.go:52:24:52:31 | gorilla2 | semmle.label | gorilla2 |
| websocketXss.go:54:3:54:38 | ... := ...[1] | semmle.label | ... := ...[1] |
| websocketXss.go:54:6:54:13 | definition of gorilla3 | semmle.label | definition of gorilla3 |
| websocketXss.go:55:3:55:32 | []type{args} [array] | semmle.label | []type{args} [array] |
| websocketXss.go:55:24:55:31 | gorilla3 | semmle.label | gorilla3 |
| websocketXss.go:55:24:55:31 | gorilla3 | semmle.label | gorilla3 |
subpaths

7
go/ql/test/query-tests/Security/CWE-079/StoredXss.expected
View File

@@ -1,12 +1,7 @@
edges
| StoredXss.go:13:21:13:31 | call to Name | StoredXss.go:13:21:13:36 | ...+... | provenance | |
| stored.go:18:3:18:28 | ... := ...[0] | stored.go:25:14:25:17 | rows | provenance | |
| stored.go:25:14:25:17 | rows | stored.go:25:24:25:26 | &... | provenance | FunctionModel |
| stored.go:25:14:25:17 | rows | stored.go:25:29:25:33 | &... | provenance | FunctionModel |
| stored.go:25:14:25:34 | []type{args} [array] | stored.go:25:24:25:26 | &... | provenance | |
| stored.go:25:14:25:34 | []type{args} [array] | stored.go:25:29:25:33 | &... | provenance | |
| stored.go:25:24:25:26 | &... | stored.go:25:14:25:34 | []type{args} [array] | provenance | |
| stored.go:25:29:25:33 | &... | stored.go:25:14:25:34 | []type{args} [array] | provenance | |
| stored.go:25:29:25:33 | &... | stored.go:30:22:30:25 | name | provenance | |
| stored.go:59:30:59:33 | definition of path | stored.go:61:22:61:25 | path | provenance | |
nodes
@@ -14,8 +9,6 @@ nodes
| StoredXss.go:13:21:13:36 | ...+... | semmle.label | ...+... |
| stored.go:18:3:18:28 | ... := ...[0] | semmle.label | ... := ...[0] |
| stored.go:25:14:25:17 | rows | semmle.label | rows |
| stored.go:25:14:25:34 | []type{args} [array] | semmle.label | []type{args} [array] |
| stored.go:25:24:25:26 | &... | semmle.label | &... |
| stored.go:25:29:25:33 | &... | semmle.label | &... |
| stored.go:30:22:30:25 | name | semmle.label | name |
| stored.go:59:30:59:33 | definition of path | semmle.label | definition of path |

9
go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
View File

@@ -26,7 +26,6 @@
| mongoDB.go:81:18:81:25 | pipeline | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:81:18:81:25 | pipeline | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
edges
| SqlInjection.go:10:7:11:30 | []type{args} [array] | SqlInjection.go:10:7:11:30 | call to Sprintf | provenance | MaD:23 |
| SqlInjection.go:10:7:11:30 | []type{args} [array] | SqlInjection.go:11:3:11:29 | index expression | provenance | |
| SqlInjection.go:10:7:11:30 | call to Sprintf | SqlInjection.go:12:11:12:11 | q | provenance | Sink:MaD:1 |
| SqlInjection.go:11:3:11:9 | selection of URL | SqlInjection.go:11:3:11:17 | call to Query | provenance | Src:MaD:21 MaD:26 |
| SqlInjection.go:11:3:11:17 | call to Query | SqlInjection.go:11:3:11:29 | index expression | provenance | |
@@ -37,7 +36,6 @@ edges
| issue48.go:18:17:18:17 | b | issue48.go:18:20:18:39 | &... | provenance | MaD:22 |
| issue48.go:18:20:18:39 | &... | issue48.go:21:3:21:33 | index expression | provenance | |
| issue48.go:20:8:21:34 | []type{args} [array] | issue48.go:20:8:21:34 | call to Sprintf | provenance | MaD:23 |
| issue48.go:20:8:21:34 | []type{args} [array] | issue48.go:21:3:21:33 | index expression | provenance | |
| issue48.go:20:8:21:34 | call to Sprintf | issue48.go:22:11:22:12 | q3 | provenance | Sink:MaD:1 |
| issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | []type{args} [array] | provenance | |
| issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | call to Sprintf | provenance | FunctionModel |
@@ -46,7 +44,6 @@ edges
| issue48.go:28:17:28:18 | b2 | issue48.go:28:21:28:41 | &... | provenance | MaD:22 |
| issue48.go:28:21:28:41 | &... | issue48.go:31:3:31:31 | selection of Category | provenance | |
| issue48.go:30:8:31:32 | []type{args} [array] | issue48.go:30:8:31:32 | call to Sprintf | provenance | MaD:23 |
| issue48.go:30:8:31:32 | []type{args} [array] | issue48.go:31:3:31:31 | selection of Category | provenance | |
| issue48.go:30:8:31:32 | call to Sprintf | issue48.go:32:11:32:12 | q4 | provenance | Sink:MaD:1 |
| issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | []type{args} [array] | provenance | |
| issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | call to Sprintf | provenance | FunctionModel |
@@ -55,13 +52,11 @@ edges
| issue48.go:37:24:37:38 | call to Query | issue48.go:37:17:37:50 | type conversion | provenance | |
| issue48.go:37:53:37:73 | &... | issue48.go:40:3:40:31 | selection of Category | provenance | |
| issue48.go:39:8:40:32 | []type{args} [array] | issue48.go:39:8:40:32 | call to Sprintf | provenance | MaD:23 |
| issue48.go:39:8:40:32 | []type{args} [array] | issue48.go:40:3:40:31 | selection of Category | provenance | |
| issue48.go:39:8:40:32 | call to Sprintf | issue48.go:41:11:41:12 | q5 | provenance | Sink:MaD:1 |
| issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | []type{args} [array] | provenance | |
| issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | call to Sprintf | provenance | FunctionModel |
| main.go:11:11:11:16 | selection of Form | main.go:11:11:11:28 | index expression | provenance | Src:MaD:18 Sink:MaD:1 |
| main.go:15:11:15:84 | []type{args} [array] | main.go:15:11:15:84 | call to Sprintf | provenance | MaD:23 Sink:MaD:2 |
| main.go:15:11:15:84 | []type{args} [array] | main.go:15:63:15:83 | index expression | provenance | |
| main.go:15:63:15:67 | selection of URL | main.go:15:63:15:75 | call to Query | provenance | Src:MaD:21 MaD:26 |
| main.go:15:63:15:75 | call to Query | main.go:15:63:15:83 | index expression | provenance | |
| main.go:15:63:15:83 | index expression | main.go:15:11:15:84 | []type{args} [array] | provenance | |
@@ -76,7 +71,6 @@ edges
| main.go:30:13:30:27 | call to Query | main.go:30:13:30:39 | index expression | provenance | |
| main.go:30:13:30:39 | index expression | main.go:28:18:31:2 | struct literal [Category] | provenance | |
| main.go:33:7:34:23 | []type{args} [array] | main.go:33:7:34:23 | call to Sprintf | provenance | MaD:23 |
| main.go:33:7:34:23 | []type{args} [array] | main.go:34:3:34:22 | selection of Category | provenance | |
| main.go:33:7:34:23 | call to Sprintf | main.go:35:11:35:11 | q | provenance | Sink:MaD:1 |
| main.go:34:3:34:13 | RequestData [pointer, Category] | main.go:34:3:34:13 | implicit dereference [Category] | provenance | |
| main.go:34:3:34:13 | implicit dereference [Category] | main.go:34:3:34:22 | selection of Category | provenance | |
@@ -90,7 +84,6 @@ edges
| main.go:40:25:40:39 | call to Query | main.go:40:25:40:51 | index expression | provenance | |
| main.go:40:25:40:51 | index expression | main.go:40:2:40:12 | implicit dereference [Category] | provenance | |
| main.go:42:7:43:23 | []type{args} [array] | main.go:42:7:43:23 | call to Sprintf | provenance | MaD:23 |
| main.go:42:7:43:23 | []type{args} [array] | main.go:43:3:43:22 | selection of Category | provenance | |
| main.go:42:7:43:23 | call to Sprintf | main.go:44:11:44:11 | q | provenance | Sink:MaD:1 |
| main.go:43:3:43:13 | RequestData [pointer, Category] | main.go:43:3:43:13 | implicit dereference [Category] | provenance | |
| main.go:43:3:43:13 | implicit dereference [Category] | main.go:43:3:43:22 | selection of Category | provenance | |
@@ -104,7 +97,6 @@ edges
| main.go:49:28:49:42 | call to Query | main.go:49:28:49:54 | index expression | provenance | |
| main.go:49:28:49:54 | index expression | main.go:49:3:49:14 | star expression [Category] | provenance | |
| main.go:51:7:52:23 | []type{args} [array] | main.go:51:7:52:23 | call to Sprintf | provenance | MaD:23 |
| main.go:51:7:52:23 | []type{args} [array] | main.go:52:3:52:22 | selection of Category | provenance | |
| main.go:51:7:52:23 | call to Sprintf | main.go:53:11:53:11 | q | provenance | Sink:MaD:1 |
| main.go:52:3:52:13 | RequestData [pointer, Category] | main.go:52:3:52:13 | implicit dereference [Category] | provenance | |
| main.go:52:3:52:13 | implicit dereference [Category] | main.go:52:3:52:22 | selection of Category | provenance | |
@@ -118,7 +110,6 @@ edges
| main.go:58:28:58:42 | call to Query | main.go:58:28:58:54 | index expression | provenance | |
| main.go:58:28:58:54 | index expression | main.go:58:3:58:14 | star expression [Category] | provenance | |
| main.go:60:7:61:26 | []type{args} [array] | main.go:60:7:61:26 | call to Sprintf | provenance | MaD:23 |
| main.go:60:7:61:26 | []type{args} [array] | main.go:61:3:61:25 | selection of Category | provenance | |
| main.go:60:7:61:26 | call to Sprintf | main.go:62:11:62:11 | q | provenance | Sink:MaD:1 |
| main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | []type{args} [array] | provenance | |
| main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | call to Sprintf | provenance | FunctionModel |

8
go/ql/test/query-tests/Security/CWE-089/StringBreak.expected
View File

@@ -3,12 +3,7 @@
| StringBreakMismatched.go:17:26:17:32 | escaped | StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | StringBreakMismatched.go:17:26:17:32 | escaped | If this $@ contains a single quote, it could break out of the enclosing quotes. | StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | JSON value |
| StringBreakMismatched.go:29:27:29:33 | escaped | StringBreakMismatched.go:24:2:24:40 | ... := ...[0] | StringBreakMismatched.go:29:27:29:33 | escaped | If this $@ contains a double quote, it could break out of the enclosing quotes. | StringBreakMismatched.go:24:2:24:40 | ... := ...[0] | JSON value |
edges
| StringBreak.go:10:2:10:12 | definition of versionJSON | StringBreak.go:14:47:14:57 | versionJSON | provenance | |
| StringBreak.go:10:2:10:12 | definition of versionJSON | StringBreak.go:14:47:14:57 | versionJSON | provenance | |
| StringBreak.go:10:2:10:40 | ... := ...[0] | StringBreak.go:14:47:14:57 | versionJSON | provenance | |
| StringBreak.go:10:2:10:40 | ... := ...[0] | StringBreak.go:14:47:14:57 | versionJSON | provenance | |
| StringBreak.go:14:22:14:58 | []type{args} [array] | StringBreak.go:10:2:10:12 | definition of versionJSON | provenance | |
| StringBreak.go:14:47:14:57 | versionJSON | StringBreak.go:14:22:14:58 | []type{args} [array] | provenance | |
| StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | StringBreakMismatched.go:13:29:13:47 | type conversion | provenance | |
| StringBreakMismatched.go:13:13:13:62 | call to Replace | StringBreakMismatched.go:17:26:17:32 | escaped | provenance | |
| StringBreakMismatched.go:13:29:13:47 | type conversion | StringBreakMismatched.go:13:13:13:62 | call to Replace | provenance | MaD:1 |
@@ -18,10 +13,7 @@ edges
models
| 1 | Summary: strings; ; false; Replace; ; ; Argument[0]; ReturnValue; taint; manual |
nodes
| StringBreak.go:10:2:10:12 | definition of versionJSON | semmle.label | definition of versionJSON |
| StringBreak.go:10:2:10:40 | ... := ...[0] | semmle.label | ... := ...[0] |
| StringBreak.go:14:22:14:58 | []type{args} [array] | semmle.label | []type{args} [array] |
| StringBreak.go:14:47:14:57 | versionJSON | semmle.label | versionJSON |
| StringBreak.go:14:47:14:57 | versionJSON | semmle.label | versionJSON |
| StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | semmle.label | ... := ...[0] |
| StringBreakMismatched.go:13:13:13:62 | call to Replace | semmle.label | call to Replace |

8
go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected
View File

@@ -1,16 +1,8 @@
edges
| test.go:14:2:14:4 | definition of buf | test.go:17:10:17:12 | buf | provenance | |
| test.go:14:2:14:4 | definition of buf | test.go:20:29:20:31 | buf | provenance | |
| test.go:15:2:15:4 | definition of buf | test.go:17:10:17:12 | buf | provenance | |
| test.go:15:2:15:4 | definition of buf | test.go:20:29:20:31 | buf | provenance | |
| test.go:20:2:20:32 | []type{args} [array] | test.go:15:2:15:4 | definition of buf | provenance | |
| test.go:20:29:20:31 | buf | test.go:20:2:20:32 | []type{args} [array] | provenance | |
nodes
| test.go:14:2:14:4 | definition of buf | semmle.label | definition of buf |
| test.go:15:2:15:4 | definition of buf | semmle.label | definition of buf |
| test.go:17:10:17:12 | buf | semmle.label | buf |
| test.go:20:2:20:32 | []type{args} [array] | semmle.label | []type{args} [array] |
| test.go:20:29:20:31 | buf | semmle.label | buf |
subpaths
#select
| test.go:17:10:17:12 | buf | test.go:14:2:14:4 | definition of buf | test.go:17:10:17:12 | buf | HTTP response depends on $@ and may be exposed to an external user. | test.go:14:2:14:4 | definition of buf | stack trace information |

53
go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
View File

@@ -64,61 +64,28 @@ edges
| passwords.go:8:12:8:12 | definition of x | passwords.go:9:14:9:14 | x | provenance | |
| passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | definition of x | provenance | |
| passwords.go:34:28:34:35 | password | passwords.go:34:14:34:35 | ...+... | provenance | Config |
| passwords.go:36:2:36:5 | definition of obj1 | passwords.go:39:14:39:17 | obj1 | provenance | |
| passwords.go:36:2:36:5 | definition of obj1 | passwords.go:39:14:39:17 | obj1 | provenance | |
| passwords.go:36:10:38:2 | struct literal | passwords.go:39:14:39:17 | obj1 | provenance | |
| passwords.go:36:10:38:2 | struct literal | passwords.go:39:14:39:17 | obj1 | provenance | |
| passwords.go:37:13:37:13 | x | passwords.go:36:10:38:2 | struct literal | provenance | Config |
| passwords.go:39:2:39:18 | []type{args} [array] | passwords.go:36:2:36:5 | definition of obj1 | provenance | |
| passwords.go:39:14:39:17 | obj1 | passwords.go:39:2:39:18 | []type{args} [array] | provenance | |
| passwords.go:41:2:41:5 | definition of obj2 | passwords.go:44:14:44:17 | obj2 | provenance | |
| passwords.go:41:2:41:5 | definition of obj2 | passwords.go:44:14:44:17 | obj2 | provenance | |
| passwords.go:41:10:43:2 | struct literal | passwords.go:44:14:44:17 | obj2 | provenance | |
| passwords.go:41:10:43:2 | struct literal | passwords.go:44:14:44:17 | obj2 | provenance | |
| passwords.go:42:6:42:13 | password | passwords.go:41:10:43:2 | struct literal | provenance | Config |
| passwords.go:44:2:44:18 | []type{args} [array] | passwords.go:41:2:41:5 | definition of obj2 | provenance | |
| passwords.go:44:14:44:17 | obj2 | passwords.go:44:2:44:18 | []type{args} [array] | provenance | |
| passwords.go:46:6:46:9 | definition of obj3 | passwords.go:47:14:47:17 | obj3 | provenance | |
| passwords.go:46:6:46:9 | definition of obj3 | passwords.go:47:14:47:17 | obj3 | provenance | |
| passwords.go:47:2:47:18 | []type{args} [array] | passwords.go:46:6:46:9 | definition of obj3 | provenance | |
| passwords.go:47:14:47:17 | obj3 | passwords.go:47:2:47:18 | []type{args} [array] | provenance | |
| passwords.go:48:11:48:18 | password | passwords.go:46:6:46:9 | definition of obj3 | provenance | Config |
| passwords.go:85:2:85:14 | definition of utilityObject | passwords.go:88:14:88:26 | utilityObject | provenance | |
| passwords.go:85:2:85:14 | definition of utilityObject | passwords.go:88:14:88:26 | utilityObject | provenance | |
| passwords.go:85:19:87:2 | struct literal | passwords.go:88:14:88:26 | utilityObject | provenance | |
| passwords.go:85:19:87:2 | struct literal | passwords.go:88:14:88:26 | utilityObject | provenance | |
| passwords.go:86:16:86:36 | call to make | passwords.go:85:19:87:2 | struct literal | provenance | Config |
| passwords.go:88:2:88:27 | []type{args} [array] | passwords.go:85:2:85:14 | definition of utilityObject | provenance | |
| passwords.go:88:14:88:26 | utilityObject | passwords.go:88:2:88:27 | []type{args} [array] | provenance | |
| passwords.go:90:12:90:19 | password | passwords.go:91:23:91:28 | secret | provenance | |
| passwords.go:101:33:101:40 | password | passwords.go:101:15:101:40 | ...+... | provenance | Config |
| passwords.go:107:34:107:41 | password | passwords.go:107:16:107:41 | ...+... | provenance | Config |
| passwords.go:112:33:112:40 | password | passwords.go:112:15:112:40 | ...+... | provenance | Config |
| passwords.go:116:28:116:36 | password1 | passwords.go:116:28:116:45 | call to String | provenance | Config |
| passwords.go:116:28:116:45 | call to String | passwords.go:116:14:116:45 | ...+... | provenance | Config |
| passwords.go:118:2:118:7 | definition of config | passwords.go:125:14:125:19 | config | provenance | |
| passwords.go:118:2:118:7 | definition of config | passwords.go:125:14:125:19 | config | provenance | |
| passwords.go:118:2:118:7 | definition of config [x] | passwords.go:125:14:125:19 | config [x] | provenance | |
| passwords.go:118:2:118:7 | definition of config [x] | passwords.go:126:14:126:19 | config [x] | provenance | |
| passwords.go:118:2:118:7 | definition of config [y] | passwords.go:125:14:125:19 | config [y] | provenance | |
| passwords.go:118:2:118:7 | definition of config [y] | passwords.go:127:14:127:19 | config [y] | provenance | |
| passwords.go:118:12:123:2 | struct literal | passwords.go:125:14:125:19 | config | provenance | |
| passwords.go:118:12:123:2 | struct literal | passwords.go:125:14:125:19 | config | provenance | |
| passwords.go:118:12:123:2 | struct literal [x] | passwords.go:125:14:125:19 | config [x] | provenance | |
| passwords.go:118:12:123:2 | struct literal [x] | passwords.go:126:14:126:19 | config [x] | provenance | |
| passwords.go:118:12:123:2 | struct literal [y] | passwords.go:125:14:125:19 | config [y] | provenance | |
| passwords.go:118:12:123:2 | struct literal [y] | passwords.go:127:14:127:19 | config [y] | provenance | |
| passwords.go:119:13:119:13 | x | passwords.go:118:12:123:2 | struct literal | provenance | Config |
| passwords.go:121:13:121:20 | password | passwords.go:118:12:123:2 | struct literal | provenance | Config |
| passwords.go:121:13:121:20 | password | passwords.go:118:12:123:2 | struct literal [x] | provenance | |
| passwords.go:122:13:122:25 | call to getPassword | passwords.go:118:12:123:2 | struct literal | provenance | Config |
| passwords.go:122:13:122:25 | call to getPassword | passwords.go:118:12:123:2 | struct literal [y] | provenance | |
| passwords.go:125:2:125:20 | []type{args} [array, x] | passwords.go:118:2:118:7 | definition of config [x] | provenance | |
| passwords.go:125:2:125:20 | []type{args} [array, y] | passwords.go:118:2:118:7 | definition of config [y] | provenance | |
| passwords.go:125:2:125:20 | []type{args} [array] | passwords.go:118:2:118:7 | definition of config | provenance | |
| passwords.go:125:14:125:19 | config | passwords.go:125:2:125:20 | []type{args} [array] | provenance | |
| passwords.go:125:14:125:19 | config [x] | passwords.go:125:2:125:20 | []type{args} [array, x] | provenance | |
| passwords.go:125:14:125:19 | config [y] | passwords.go:125:2:125:20 | []type{args} [array, y] | provenance | |
| passwords.go:126:14:126:19 | config [x] | passwords.go:126:14:126:21 | selection of x | provenance | |
| passwords.go:127:14:127:19 | config [y] | passwords.go:127:14:127:21 | selection of y | provenance | |
| protobuf.go:11:2:11:6 | definition of query [pointer, Description] | protobuf.go:12:2:12:6 | query [pointer, Description] | provenance | |
@@ -182,29 +149,18 @@ nodes
| passwords.go:32:12:32:19 | password | semmle.label | password |
| passwords.go:34:14:34:35 | ...+... | semmle.label | ...+... |
| passwords.go:34:28:34:35 | password | semmle.label | password |
| passwords.go:36:2:36:5 | definition of obj1 | semmle.label | definition of obj1 |
| passwords.go:36:10:38:2 | struct literal | semmle.label | struct literal |
| passwords.go:37:13:37:13 | x | semmle.label | x |
| passwords.go:39:2:39:18 | []type{args} [array] | semmle.label | []type{args} [array] |
| passwords.go:39:14:39:17 | obj1 | semmle.label | obj1 |
| passwords.go:39:14:39:17 | obj1 | semmle.label | obj1 |
| passwords.go:41:2:41:5 | definition of obj2 | semmle.label | definition of obj2 |
| passwords.go:41:10:43:2 | struct literal | semmle.label | struct literal |
| passwords.go:42:6:42:13 | password | semmle.label | password |
| passwords.go:44:2:44:18 | []type{args} [array] | semmle.label | []type{args} [array] |
| passwords.go:44:14:44:17 | obj2 | semmle.label | obj2 |
| passwords.go:44:14:44:17 | obj2 | semmle.label | obj2 |
| passwords.go:46:6:46:9 | definition of obj3 | semmle.label | definition of obj3 |
| passwords.go:47:2:47:18 | []type{args} [array] | semmle.label | []type{args} [array] |
| passwords.go:47:14:47:17 | obj3 | semmle.label | obj3 |
| passwords.go:47:14:47:17 | obj3 | semmle.label | obj3 |
| passwords.go:48:11:48:18 | password | semmle.label | password |
| passwords.go:51:14:51:27 | fixed_password | semmle.label | fixed_password |
| passwords.go:85:2:85:14 | definition of utilityObject | semmle.label | definition of utilityObject |
| passwords.go:85:19:87:2 | struct literal | semmle.label | struct literal |
| passwords.go:86:16:86:36 | call to make | semmle.label | call to make |
| passwords.go:88:2:88:27 | []type{args} [array] | semmle.label | []type{args} [array] |
| passwords.go:88:14:88:26 | utilityObject | semmle.label | utilityObject |
| passwords.go:88:14:88:26 | utilityObject | semmle.label | utilityObject |
| passwords.go:90:12:90:19 | password | semmle.label | password |
| passwords.go:91:23:91:28 | secret | semmle.label | secret |
@@ -217,22 +173,13 @@ nodes
| passwords.go:116:14:116:45 | ...+... | semmle.label | ...+... |
| passwords.go:116:28:116:36 | password1 | semmle.label | password1 |
| passwords.go:116:28:116:45 | call to String | semmle.label | call to String |
| passwords.go:118:2:118:7 | definition of config | semmle.label | definition of config |
| passwords.go:118:2:118:7 | definition of config [x] | semmle.label | definition of config [x] |
| passwords.go:118:2:118:7 | definition of config [y] | semmle.label | definition of config [y] |
| passwords.go:118:12:123:2 | struct literal | semmle.label | struct literal |
| passwords.go:118:12:123:2 | struct literal [x] | semmle.label | struct literal [x] |
| passwords.go:118:12:123:2 | struct literal [y] | semmle.label | struct literal [y] |
| passwords.go:119:13:119:13 | x | semmle.label | x |
| passwords.go:121:13:121:20 | password | semmle.label | password |
| passwords.go:122:13:122:25 | call to getPassword | semmle.label | call to getPassword |
| passwords.go:125:2:125:20 | []type{args} [array, x] | semmle.label | []type{args} [array, x] |
| passwords.go:125:2:125:20 | []type{args} [array, y] | semmle.label | []type{args} [array, y] |
| passwords.go:125:2:125:20 | []type{args} [array] | semmle.label | []type{args} [array] |
| passwords.go:125:14:125:19 | config | semmle.label | config |
| passwords.go:125:14:125:19 | config | semmle.label | config |
| passwords.go:125:14:125:19 | config [x] | semmle.label | config [x] |
| passwords.go:125:14:125:19 | config [y] | semmle.label | config [y] |
| passwords.go:126:14:126:19 | config [x] | semmle.label | config [x] |
| passwords.go:126:14:126:21 | selection of x | semmle.label | selection of x |
| passwords.go:127:14:127:19 | config [y] | semmle.label | config [y] |

36
go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected
View File

@@ -19,41 +19,17 @@ edges
| main.go:46:21:46:31 | call to Referer | main.go:52:46:52:59 | untrustedInput | provenance | Src:MaD:2 |
| main.go:46:21:46:31 | call to Referer | main.go:53:52:53:65 | untrustedInput | provenance | Src:MaD:2 |
| main.go:58:21:58:31 | call to Referer | main.go:60:47:60:60 | untrustedInput | provenance | Src:MaD:2 |
| main.go:60:3:60:9 | definition of content | main.go:63:16:63:22 | content | provenance | |
| main.go:60:3:60:9 | definition of content | main.go:63:16:63:22 | content | provenance | |
| main.go:60:14:60:61 | call to NewContent | main.go:63:16:63:22 | content | provenance | |
| main.go:60:14:60:61 | call to NewContent | main.go:63:16:63:22 | content | provenance | |
| main.go:60:47:60:60 | untrustedInput | main.go:60:14:60:61 | call to NewContent | provenance | MaD:3 |
| main.go:63:3:63:23 | []type{args} [array] | main.go:60:3:60:9 | definition of content | provenance | |
| main.go:63:16:63:22 | content | main.go:63:3:63:23 | []type{args} [array] | provenance | |
| main.go:68:21:68:31 | call to Referer | main.go:74:47:74:60 | untrustedInput | provenance | Src:MaD:2 |
| main.go:74:3:74:9 | definition of content | main.go:76:50:76:56 | content | provenance | |
| main.go:74:3:74:9 | definition of content | main.go:76:50:76:56 | content | provenance | |
| main.go:74:3:74:9 | definition of content | main.go:76:59:76:65 | content | provenance | |
| main.go:74:3:74:9 | definition of content | main.go:76:59:76:65 | content | provenance | |
| main.go:74:3:74:9 | definition of content | main.go:77:16:77:22 | content | provenance | |
| main.go:74:3:74:9 | definition of content | main.go:77:16:77:22 | content | provenance | |
| main.go:74:14:74:61 | call to NewContent | main.go:76:50:76:56 | content | provenance | |
| main.go:74:14:74:61 | call to NewContent | main.go:76:50:76:56 | content | provenance | |
| main.go:74:14:74:61 | call to NewContent | main.go:76:59:76:65 | content | provenance | |
| main.go:74:14:74:61 | call to NewContent | main.go:76:59:76:65 | content | provenance | |
| main.go:74:14:74:61 | call to NewContent | main.go:77:16:77:22 | content | provenance | |
| main.go:74:14:74:61 | call to NewContent | main.go:77:16:77:22 | content | provenance | |
| main.go:74:47:74:60 | untrustedInput | main.go:74:14:74:61 | call to NewContent | provenance | MaD:3 |
| main.go:76:8:76:66 | []type{args} [array] | main.go:74:3:74:9 | definition of content | provenance | |
| main.go:76:50:76:56 | content | main.go:76:8:76:66 | []type{args} [array] | provenance | |
| main.go:76:59:76:65 | content | main.go:76:8:76:66 | []type{args} [array] | provenance | |
| main.go:77:3:77:23 | []type{args} [array] | main.go:74:3:74:9 | definition of content | provenance | |
| main.go:77:16:77:22 | content | main.go:77:3:77:23 | []type{args} [array] | provenance | |
| main.go:82:21:82:31 | call to Referer | main.go:89:37:89:50 | untrustedInput | provenance | Src:MaD:2 |
| main.go:82:21:82:31 | call to Referer | main.go:91:48:91:61 | untrustedInput | provenance | Src:MaD:2 |
| main.go:91:3:91:10 | definition of content2 | main.go:93:16:93:23 | content2 | provenance | |
| main.go:91:3:91:10 | definition of content2 | main.go:93:16:93:23 | content2 | provenance | |
| main.go:91:15:91:62 | call to NewContent | main.go:93:16:93:23 | content2 | provenance | |
| main.go:91:15:91:62 | call to NewContent | main.go:93:16:93:23 | content2 | provenance | |
| main.go:91:48:91:61 | untrustedInput | main.go:91:15:91:62 | call to NewContent | provenance | MaD:3 |
| main.go:93:3:93:24 | []type{args} [array] | main.go:91:3:91:10 | definition of content2 | provenance | |
| main.go:93:16:93:23 | content2 | main.go:93:3:93:24 | []type{args} [array] | provenance | |
models
| 1 | Source: net/http; Request; true; Header; ; ; ; remote; manual |
| 2 | Source: net/http; Request; true; Referer; ; ; ReturnValue; remote; manual |
@@ -73,30 +49,18 @@ nodes
| main.go:52:46:52:59 | untrustedInput | semmle.label | untrustedInput |
| main.go:53:52:53:65 | untrustedInput | semmle.label | untrustedInput |
| main.go:58:21:58:31 | call to Referer | semmle.label | call to Referer |
| main.go:60:3:60:9 | definition of content | semmle.label | definition of content |
| main.go:60:14:60:61 | call to NewContent | semmle.label | call to NewContent |
| main.go:60:47:60:60 | untrustedInput | semmle.label | untrustedInput |
| main.go:63:3:63:23 | []type{args} [array] | semmle.label | []type{args} [array] |
| main.go:63:16:63:22 | content | semmle.label | content |
| main.go:63:16:63:22 | content | semmle.label | content |
| main.go:68:21:68:31 | call to Referer | semmle.label | call to Referer |
| main.go:74:3:74:9 | definition of content | semmle.label | definition of content |
| main.go:74:14:74:61 | call to NewContent | semmle.label | call to NewContent |
| main.go:74:47:74:60 | untrustedInput | semmle.label | untrustedInput |
| main.go:76:8:76:66 | []type{args} [array] | semmle.label | []type{args} [array] |
| main.go:76:50:76:56 | content | semmle.label | content |
| main.go:76:50:76:56 | content | semmle.label | content |
| main.go:76:59:76:65 | content | semmle.label | content |
| main.go:76:59:76:65 | content | semmle.label | content |
| main.go:77:3:77:23 | []type{args} [array] | semmle.label | []type{args} [array] |
| main.go:77:16:77:22 | content | semmle.label | content |
| main.go:77:16:77:22 | content | semmle.label | content |
| main.go:82:21:82:31 | call to Referer | semmle.label | call to Referer |
| main.go:89:37:89:50 | untrustedInput | semmle.label | untrustedInput |
| main.go:91:3:91:10 | definition of content2 | semmle.label | definition of content2 |
| main.go:91:15:91:62 | call to NewContent | semmle.label | call to NewContent |
| main.go:91:48:91:61 | untrustedInput | semmle.label | untrustedInput |
| main.go:93:3:93:24 | []type{args} [array] | semmle.label | []type{args} [array] |
| main.go:93:16:93:23 | content2 | semmle.label | content2 |
| main.go:93:16:93:23 | content2 | semmle.label | content2 |
subpaths