From 16fdb9aa113e9ce2c5583fdde4d25967e0f7fa13 Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Mon, 6 Dec 2021 15:16:20 -0500
Subject: [PATCH] Do not test ReturnValue as input for sink

The documentation in ExternalFlow.qll does not specify
that "ReturnValue" can be used as the input column.
---
 .../go/dataflow/ExternalFlow/sinks.expected   | 51 ++++++++++---------
 .../semmle/go/dataflow/ExternalFlow/sinks.ql  |  2 +-
 .../go/dataflow/ExternalFlow/srcs.expected    | 34 ++++++-------
 .../go/dataflow/ExternalFlow/steps.expected   | 28 +++++-----
 .../semmle/go/dataflow/ExternalFlow/test.go   |  4 +-
 5 files changed, 59 insertions(+), 60 deletions(-)

diff --git a/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/sinks.expected b/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/sinks.expected
index a2416f07656..fabba9c5dd7 100644
--- a/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/sinks.expected
+++ b/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/sinks.expected
@@ -1,27 +1,28 @@
 invalidModelRow
 #select
-| test.go:49:10:49:12 | arg | qltest |
-| test.go:63:10:63:15 | taint1 | qltest |
-| test.go:66:10:66:15 | taint2 | qltest |
-| test.go:70:10:70:15 | taint3 | qltest |
-| test.go:74:10:74:15 | taint4 | qltest |
-| test.go:77:10:77:15 | taint5 | qltest |
-| test.go:81:10:81:15 | taint6 | qltest |
-| test.go:84:10:84:15 | taint7 | qltest |
-| test.go:87:10:87:18 | index expression | qltest |
-| test.go:91:10:91:15 | taint9 | qltest |
-| test.go:94:10:94:33 | call to GetElement | qltest |
-| test.go:95:10:95:18 | <-... | qltest |
-| test.go:99:10:99:16 | taint11 | qltest |
-| test.go:102:10:102:32 | call to GetMapKey | qltest |
-| test.go:104:11:104:11 | k | qltest |
-| test.go:107:11:107:11 | k | qltest |
-| test.go:112:10:112:16 | taint13 | qltest |
-| test.go:115:10:115:20 | index expression | qltest |
-| test.go:119:10:119:16 | taint15 | qltest |
-| test.go:123:10:123:17 | index expression | qltest |
-| test.go:128:10:128:16 | taint16 | qltest |
-| test.go:132:10:132:13 | selection of F | qltest |
-| test.go:135:10:135:17 | call to Get | qltest |
-| test.go:139:10:139:17 | call to Get | qltest |
-| test.go:144:10:144:17 | call to Get | qltest |
+| test.go:47:10:47:12 | arg | qltest |
+| test.go:48:2:48:13 | type assertion | qltest |
+| test.go:61:10:61:15 | taint1 | qltest |
+| test.go:64:10:64:15 | taint2 | qltest |
+| test.go:68:10:68:15 | taint3 | qltest |
+| test.go:72:10:72:15 | taint4 | qltest |
+| test.go:75:10:75:15 | taint5 | qltest |
+| test.go:79:10:79:15 | taint6 | qltest |
+| test.go:82:10:82:15 | taint7 | qltest |
+| test.go:85:10:85:18 | index expression | qltest |
+| test.go:89:10:89:15 | taint9 | qltest |
+| test.go:92:10:92:33 | call to GetElement | qltest |
+| test.go:93:10:93:18 | <-... | qltest |
+| test.go:97:10:97:16 | taint11 | qltest |
+| test.go:100:10:100:32 | call to GetMapKey | qltest |
+| test.go:102:11:102:11 | k | qltest |
+| test.go:105:11:105:11 | k | qltest |
+| test.go:110:10:110:16 | taint13 | qltest |
+| test.go:113:10:113:20 | index expression | qltest |
+| test.go:117:10:117:16 | taint15 | qltest |
+| test.go:121:10:121:17 | index expression | qltest |
+| test.go:126:10:126:16 | taint16 | qltest |
+| test.go:130:10:130:13 | selection of F | qltest |
+| test.go:133:10:133:17 | call to Get | qltest |
+| test.go:137:10:137:17 | call to Get | qltest |
+| test.go:142:10:142:17 | call to Get | qltest |
diff --git a/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/sinks.ql b/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/sinks.ql
index ef8af3a321c..855cf265f83 100644
--- a/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/sinks.ql
+++ b/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/sinks.ql
@@ -9,7 +9,7 @@ class SinkModelTest extends SinkModelCsv {
       [
         //`namespace; type; subtypes; name; -; ext; input; kind`
         "github.com/nonexistent/test;B;false;Sink1;;;Argument[0];qltest",
-        "github.com/nonexistent/test;B;false;SinkMethod;;;ReturnValue;qltest"
+        "github.com/nonexistent/test;B;false;SinkMethod;;;Argument[-1];qltest"
       ]
   }
 }
diff --git a/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/srcs.expected b/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/srcs.expected
index 8dbc04ba58f..7b721110c67 100644
--- a/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/srcs.expected
+++ b/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/srcs.expected
@@ -1,19 +1,19 @@
 invalidModelRow
 #select
-| test.go:12:6:12:8 | definition of arg | qltest-arg |
-| test.go:40:8:40:15 | call to Src1 | qltest |
-| test.go:41:8:41:15 | call to Src2 | qltest |
-| test.go:41:8:41:15 | call to Src2 | qltest-w-subtypes |
-| test.go:42:8:42:16 | call to Src2 | qltest-w-subtypes |
-| test.go:43:2:43:21 | ... = ...[0] | qltest |
-| test.go:43:2:43:21 | ... = ...[1] | qltest-w-subtypes |
-| test.go:44:2:44:22 | ... = ...[1] | qltest-w-subtypes |
-| test.go:60:9:60:16 | call to Src1 | qltest |
-| test.go:93:46:93:53 | call to Src1 | qltest |
-| test.go:97:35:97:42 | call to Src1 | qltest |
-| test.go:101:42:101:49 | call to Src1 | qltest |
-| test.go:126:8:126:15 | call to Src1 | qltest |
-| test.go:131:9:131:16 | call to Src1 | qltest |
-| test.go:134:15:134:22 | call to Src1 | qltest |
-| test.go:138:9:138:16 | call to Src1 | qltest |
-| test.go:142:9:142:16 | call to Src1 | qltest |
+| test.go:10:6:10:8 | definition of arg | qltest-arg |
+| test.go:38:8:38:15 | call to Src1 | qltest |
+| test.go:39:8:39:15 | call to Src2 | qltest |
+| test.go:39:8:39:15 | call to Src2 | qltest-w-subtypes |
+| test.go:40:8:40:16 | call to Src2 | qltest-w-subtypes |
+| test.go:41:2:41:21 | ... = ...[0] | qltest |
+| test.go:41:2:41:21 | ... = ...[1] | qltest-w-subtypes |
+| test.go:42:2:42:22 | ... = ...[1] | qltest-w-subtypes |
+| test.go:58:9:58:16 | call to Src1 | qltest |
+| test.go:91:46:91:53 | call to Src1 | qltest |
+| test.go:95:35:95:42 | call to Src1 | qltest |
+| test.go:99:42:99:49 | call to Src1 | qltest |
+| test.go:124:8:124:15 | call to Src1 | qltest |
+| test.go:129:9:129:16 | call to Src1 | qltest |
+| test.go:132:15:132:22 | call to Src1 | qltest |
+| test.go:136:9:136:16 | call to Src1 | qltest |
+| test.go:140:9:140:16 | call to Src1 | qltest |
diff --git a/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/steps.expected b/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/steps.expected
index dd46cd2a5a2..9173869eac9 100644
--- a/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/steps.expected
+++ b/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/steps.expected
@@ -1,16 +1,16 @@
 invalidModelRow
 #select
-| test.go:19:23:19:25 | arg | test.go:19:10:19:26 | call to StepArgRes |
-| test.go:20:27:20:29 | arg | test.go:20:2:20:30 | ... = ...[1] |
-| test.go:21:15:21:17 | arg | test.go:13:6:13:9 | definition of arg1 |
-| test.go:22:16:22:18 | arg | test.go:15:6:15:6 | definition of t |
-| test.go:23:10:23:10 | t | test.go:23:10:23:24 | call to StepQualRes |
-| test.go:24:2:24:2 | t | test.go:12:6:12:8 | definition of arg |
-| test.go:25:32:25:34 | arg | test.go:25:10:25:35 | call to StepArgResNoQual |
-| test.go:62:25:62:27 | src | test.go:62:12:62:28 | call to StepArgRes |
-| test.go:65:29:65:31 | src | test.go:65:2:65:32 | ... := ...[1] |
-| test.go:69:15:69:17 | src | test.go:68:6:68:11 | definition of taint3 |
-| test.go:73:21:73:23 | src | test.go:72:6:72:11 | definition of taint4 |
-| test.go:76:13:76:25 | type assertion | test.go:76:12:76:40 | call to StepQualRes |
-| test.go:80:3:80:15 | type assertion | test.go:79:6:79:11 | definition of taint6 |
-| test.go:83:34:83:36 | src | test.go:83:12:83:37 | call to StepArgResNoQual |
+| test.go:17:23:17:25 | arg | test.go:17:10:17:26 | call to StepArgRes |
+| test.go:18:27:18:29 | arg | test.go:18:2:18:30 | ... = ...[1] |
+| test.go:19:15:19:17 | arg | test.go:11:6:11:9 | definition of arg1 |
+| test.go:20:16:20:18 | arg | test.go:13:6:13:6 | definition of t |
+| test.go:21:10:21:10 | t | test.go:21:10:21:24 | call to StepQualRes |
+| test.go:22:2:22:2 | t | test.go:10:6:10:8 | definition of arg |
+| test.go:23:32:23:34 | arg | test.go:23:10:23:35 | call to StepArgResNoQual |
+| test.go:60:25:60:27 | src | test.go:60:12:60:28 | call to StepArgRes |
+| test.go:63:29:63:31 | src | test.go:63:2:63:32 | ... := ...[1] |
+| test.go:67:15:67:17 | src | test.go:66:6:66:11 | definition of taint3 |
+| test.go:71:21:71:23 | src | test.go:70:6:70:11 | definition of taint4 |
+| test.go:74:13:74:25 | type assertion | test.go:74:12:74:40 | call to StepQualRes |
+| test.go:78:3:78:15 | type assertion | test.go:77:6:77:11 | definition of taint6 |
+| test.go:81:34:81:36 | src | test.go:81:12:81:37 | call to StepArgResNoQual |
diff --git a/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/test.go b/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/test.go
index 009bea3d627..93c680f6742 100644
--- a/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/test.go
+++ b/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/test.go
@@ -1,8 +1,6 @@
 package main
 
 import (
-	"io"
-
 	"github.com/nonexistent/test"
 )
 
@@ -47,7 +45,7 @@ func main() {
 	var b test.B
 
 	b.Sink1(arg)
-	b.SinkMethod().(io.Writer).Write(arg.([]byte))
+	arg.(test.B).SinkMethod()
 
 	use(arg, arg1, t, taint, taintSlice, src, src1)
 }