From 1da53996521d1764899bb7e3584d1f4de783bfca Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 1 Apr 2022 17:03:17 +0100 Subject: [PATCH] Fix obvious test failures --- .../go/frameworks/Beego/ReflectedXss.expected | 6 +++--- .../go/frameworks/BeegoOrm/StoredXss.expected | 18 +++++++++--------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected b/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected index 05af1e46d56..2de1ce81fff 100644 --- a/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected +++ b/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected @@ -8,7 +8,7 @@ edges | test.go:30:20:30:26 | selection of c : subBindMe | test.go:30:13:30:29 | type conversion | | test.go:35:20:35:42 | call to Cookie : string | test.go:35:13:35:43 | type conversion | | test.go:40:20:40:31 | call to Data : map type | test.go:40:13:40:52 | type conversion | -| test.go:45:20:45:43 | call to GetData : interface type | test.go:45:13:45:53 | type conversion | +| test.go:45:20:45:43 | call to GetData : basic interface type | test.go:45:13:45:53 | type conversion | | test.go:50:20:50:42 | call to Header : string | test.go:50:13:50:43 | type conversion | | test.go:55:20:55:41 | call to Param : string | test.go:55:13:55:42 | type conversion | | test.go:60:20:60:33 | call to Params : map type | test.go:60:13:60:45 | type conversion | @@ -153,7 +153,7 @@ nodes | test.go:40:13:40:52 | type conversion | semmle.label | type conversion | | test.go:40:20:40:31 | call to Data : map type | semmle.label | call to Data : map type | | test.go:45:13:45:53 | type conversion | semmle.label | type conversion | -| test.go:45:20:45:43 | call to GetData : interface type | semmle.label | call to GetData : interface type | +| test.go:45:20:45:43 | call to GetData : basic interface type | semmle.label | call to GetData : basic interface type | | test.go:50:13:50:43 | type conversion | semmle.label | type conversion | | test.go:50:20:50:42 | call to Header : string | semmle.label | call to Header : string | | test.go:55:13:55:42 | type conversion | semmle.label | type conversion | @@ -267,7 +267,7 @@ subpaths | test.go:30:13:30:29 | type conversion | test.go:26:6:26:10 | definition of bound : bindMe | test.go:30:13:30:29 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:26:6:26:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:35:13:35:43 | type conversion | test.go:35:20:35:42 | call to Cookie : string | test.go:35:13:35:43 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:35:20:35:42 | call to Cookie | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:40:13:40:52 | type conversion | test.go:40:20:40:31 | call to Data : map type | test.go:40:13:40:52 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:40:20:40:31 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:45:13:45:53 | type conversion | test.go:45:20:45:43 | call to GetData : interface type | test.go:45:13:45:53 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:45:20:45:43 | call to GetData | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:45:13:45:53 | type conversion | test.go:45:20:45:43 | call to GetData : basic interface type | test.go:45:13:45:53 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:45:20:45:43 | call to GetData | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:50:13:50:43 | type conversion | test.go:50:20:50:42 | call to Header : string | test.go:50:13:50:43 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:50:20:50:42 | call to Header | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:55:13:55:42 | type conversion | test.go:55:20:55:41 | call to Param : string | test.go:55:13:55:42 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:55:20:55:41 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:60:13:60:45 | type conversion | test.go:60:20:60:33 | call to Params : map type | test.go:60:13:60:45 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:60:20:60:33 | call to Params | user-provided value | test.go:0:0:0:0 | test.go | | diff --git a/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected b/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected index dcd3a2f1029..e0d6b678335 100644 --- a/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected +++ b/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected @@ -9,13 +9,13 @@ edges | test.go:82:22:82:26 | &... : pointer type | test.go:83:13:83:30 | type conversion | | test.go:86:21:86:25 | &... : pointer type | test.go:87:13:87:30 | type conversion | | test.go:92:20:92:36 | call to Value : string | test.go:92:13:92:37 | type conversion | -| test.go:93:20:93:39 | call to RawValue : interface type | test.go:93:13:93:49 | type conversion | +| test.go:93:20:93:39 | call to RawValue : basic interface type | test.go:93:13:93:49 | type conversion | | test.go:94:20:94:37 | call to String : string | test.go:94:13:94:38 | type conversion | | test.go:95:20:95:36 | call to Value : string | test.go:95:13:95:37 | type conversion | -| test.go:96:20:96:39 | call to RawValue : interface type | test.go:96:13:96:49 | type conversion | +| test.go:96:20:96:39 | call to RawValue : basic interface type | test.go:96:13:96:49 | type conversion | | test.go:97:20:97:37 | call to String : string | test.go:97:13:97:38 | type conversion | | test.go:98:20:98:37 | call to Value : string | test.go:98:13:98:38 | type conversion | -| test.go:99:20:99:40 | call to RawValue : interface type | test.go:99:13:99:50 | type conversion | +| test.go:99:20:99:40 | call to RawValue : basic interface type | test.go:99:13:99:50 | type conversion | | test.go:100:20:100:38 | call to String : string | test.go:100:13:100:39 | type conversion | | test.go:106:9:106:13 | &... : pointer type | test.go:107:13:107:33 | type conversion | | test.go:106:9:106:13 | &... : pointer type | test.go:107:20:107:26 | implicit dereference : MyStruct | @@ -52,19 +52,19 @@ nodes | test.go:92:13:92:37 | type conversion | semmle.label | type conversion | | test.go:92:20:92:36 | call to Value : string | semmle.label | call to Value : string | | test.go:93:13:93:49 | type conversion | semmle.label | type conversion | -| test.go:93:20:93:39 | call to RawValue : interface type | semmle.label | call to RawValue : interface type | +| test.go:93:20:93:39 | call to RawValue : basic interface type | semmle.label | call to RawValue : basic interface type | | test.go:94:13:94:38 | type conversion | semmle.label | type conversion | | test.go:94:20:94:37 | call to String : string | semmle.label | call to String : string | | test.go:95:13:95:37 | type conversion | semmle.label | type conversion | | test.go:95:20:95:36 | call to Value : string | semmle.label | call to Value : string | | test.go:96:13:96:49 | type conversion | semmle.label | type conversion | -| test.go:96:20:96:39 | call to RawValue : interface type | semmle.label | call to RawValue : interface type | +| test.go:96:20:96:39 | call to RawValue : basic interface type | semmle.label | call to RawValue : basic interface type | | test.go:97:13:97:38 | type conversion | semmle.label | type conversion | | test.go:97:20:97:37 | call to String : string | semmle.label | call to String : string | | test.go:98:13:98:38 | type conversion | semmle.label | type conversion | | test.go:98:20:98:37 | call to Value : string | semmle.label | call to Value : string | | test.go:99:13:99:50 | type conversion | semmle.label | type conversion | -| test.go:99:20:99:40 | call to RawValue : interface type | semmle.label | call to RawValue : interface type | +| test.go:99:20:99:40 | call to RawValue : basic interface type | semmle.label | call to RawValue : basic interface type | | test.go:100:13:100:39 | type conversion | semmle.label | type conversion | | test.go:100:20:100:38 | call to String : string | semmle.label | call to String : string | | test.go:106:9:106:13 | &... : pointer type | semmle.label | &... : pointer type | @@ -104,13 +104,13 @@ subpaths | test.go:83:13:83:30 | type conversion | test.go:82:22:82:26 | &... : pointer type | test.go:83:13:83:30 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:82:22:82:26 | &... | stored value | | test.go:87:13:87:30 | type conversion | test.go:86:21:86:25 | &... : pointer type | test.go:87:13:87:30 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:86:21:86:25 | &... | stored value | | test.go:92:13:92:37 | type conversion | test.go:92:20:92:36 | call to Value : string | test.go:92:13:92:37 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:92:20:92:36 | call to Value | stored value | -| test.go:93:13:93:49 | type conversion | test.go:93:20:93:39 | call to RawValue : interface type | test.go:93:13:93:49 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:93:20:93:39 | call to RawValue | stored value | +| test.go:93:13:93:49 | type conversion | test.go:93:20:93:39 | call to RawValue : basic interface type | test.go:93:13:93:49 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:93:20:93:39 | call to RawValue | stored value | | test.go:94:13:94:38 | type conversion | test.go:94:20:94:37 | call to String : string | test.go:94:13:94:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:94:20:94:37 | call to String | stored value | | test.go:95:13:95:37 | type conversion | test.go:95:20:95:36 | call to Value : string | test.go:95:13:95:37 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:95:20:95:36 | call to Value | stored value | -| test.go:96:13:96:49 | type conversion | test.go:96:20:96:39 | call to RawValue : interface type | test.go:96:13:96:49 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:96:20:96:39 | call to RawValue | stored value | +| test.go:96:13:96:49 | type conversion | test.go:96:20:96:39 | call to RawValue : basic interface type | test.go:96:13:96:49 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:96:20:96:39 | call to RawValue | stored value | | test.go:97:13:97:38 | type conversion | test.go:97:20:97:37 | call to String : string | test.go:97:13:97:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:97:20:97:37 | call to String | stored value | | test.go:98:13:98:38 | type conversion | test.go:98:20:98:37 | call to Value : string | test.go:98:13:98:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:98:20:98:37 | call to Value | stored value | -| test.go:99:13:99:50 | type conversion | test.go:99:20:99:40 | call to RawValue : interface type | test.go:99:13:99:50 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:99:20:99:40 | call to RawValue | stored value | +| test.go:99:13:99:50 | type conversion | test.go:99:20:99:40 | call to RawValue : basic interface type | test.go:99:13:99:50 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:99:20:99:40 | call to RawValue | stored value | | test.go:100:13:100:39 | type conversion | test.go:100:20:100:38 | call to String : string | test.go:100:13:100:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:100:20:100:38 | call to String | stored value | | test.go:107:13:107:33 | type conversion | test.go:106:9:106:13 | &... : pointer type | test.go:107:13:107:33 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:106:9:106:13 | &... | stored value | | test.go:111:13:111:29 | type conversion | test.go:110:9:110:12 | &... : pointer type | test.go:111:13:111:29 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:110:9:110:12 | &... | stored value |