hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into jca_signature_extensions

Browse Source
This commit is contained in:
Nicolas Will
2025-10-06 14:50:15 +02:00
committed by GitHub
parent 579da1dbd6 1f2cca7d00
commit 378eb18db5
218 changed files with 3106 additions and 2157 deletions
Download Patch File Download Diff File Expand all files Collapse all files

140
Cargo.lock generated
View File

@@ -84,9 +84,9 @@ dependencies = [
[[package]]
name = "anyhow"
version = "1.0.99"
version = "1.0.100"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b0674a1ddeecb70197781e945de4b3b8ffb61fa939a5597bcf48503737663100"
checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61"
[[package]]
name = "argfile"
@@ -328,7 +328,7 @@ dependencies = [
"chalk-derive 0.103.0",
"chalk-ir 0.103.0",
"ena",
"indexmap 2.11.1",
"indexmap 2.11.4",
"itertools 0.12.1",
"petgraph",
"rustc-hash 1.1.0",
@@ -351,9 +351,9 @@ dependencies = [
[[package]]
name = "clap"
version = "4.5.47"
version = "4.5.48"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7eac00902d9d136acd712710d71823fb8ac8004ca445a89e73a41d45aa712931"
checksum = "e2134bb3ea021b78629caa971416385309e0131b351b25e01dc16fb54e1b5fae"
dependencies = [
"clap_builder",
"clap_derive",
@@ -361,9 +361,9 @@ dependencies = [
[[package]]
name = "clap_builder"
version = "4.5.47"
version = "4.5.48"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2ad9bbf750e73b5884fb8a211a9424a1906c1e156724260fdae972f31d70e1d6"
checksum = "c2ba64afa3c0a6df7fa517765e31314e983f51dda798ffba27b988194fb65dc9"
dependencies = [
"anstream",
"anstyle",
@@ -472,7 +472,7 @@ dependencies = [
"serde",
"serde_json",
"serde_with",
"toml 0.9.5",
"toml 0.9.7",
"tracing",
"tracing-flame",
"tracing-subscriber",
@@ -557,9 +557,9 @@ checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28"
[[package]]
name = "darling"
version = "0.20.11"
version = "0.21.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fc7f46116c46ff9ab3eb1597a45688b6715c6e628b5c133e288e709a29bcb4ee"
checksum = "9cdf337090841a411e2a7f3deb9187445851f91b309c0c0a29e05f74a00a48c0"
dependencies = [
"darling_core",
"darling_macro",
@@ -567,9 +567,9 @@ dependencies = [
[[package]]
name = "darling_core"
version = "0.20.11"
version = "0.21.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0d00b9596d185e565c2207a0b01f8bd1a135483d02d9b7b0a54b11da8d53412e"
checksum = "1247195ecd7e3c85f83c8d2a366e4210d588e802133e1e355180a9870b517ea4"
dependencies = [
"fnv",
"ident_case",
@@ -581,9 +581,9 @@ dependencies = [
[[package]]
name = "darling_macro"
version = "0.20.11"
version = "0.21.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fc34b93ccb385b40dc71c6fceac4b2ad23662c7eeb248cf10d529b7e055b6ead"
checksum = "d38308df82d1080de0afee5d069fa14b0326a88c14f15c5ccda35b4a6c414c81"
dependencies = [
"darling_core",
"quote",
@@ -1059,13 +1059,14 @@ dependencies = [
[[package]]
name = "indexmap"
version = "2.11.1"
version = "2.11.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "206a8042aec68fa4a62e8d3f7aa4ceb508177d9324faf261e1959e495b7a1921"
checksum = "4b0f83760fb341a774ed326568e19f5a863af4a952def8c39f9ab92fd95b88e5"
dependencies = [
"equivalent",
"hashbrown 0.15.5",
"serde",
"serde_core",
]
[[package]]
@@ -1490,7 +1491,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b4c5cc86750666a3ed20bdaf5ca2a0344f9c67674cae0515bec2da16fbaa47db"
dependencies = [
"fixedbitset",
"indexmap 2.11.1",
"indexmap 2.11.4",
]
[[package]]
@@ -1559,9 +1560,9 @@ dependencies = [
[[package]]
name = "quote"
version = "1.0.40"
version = "1.0.41"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d"
checksum = "ce25767e7b499d1b604768e7cde645d14cc8584231ea6b295e9c9eb22c02e1d1"
dependencies = [
"proc-macro2",
]
@@ -1666,7 +1667,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e876bb2c3e52a8d4e6684526a2d4e81f9d028b939ee4dc5dc775fe10deb44d59"
dependencies = [
"dashmap",
"indexmap 2.11.1",
"indexmap 2.11.4",
"la-arena",
"ra_ap_cfg",
"ra_ap_intern",
@@ -1708,7 +1709,7 @@ checksum = "ebffdc134eccabc17209d7760cfff7fd12ed18ab6e21188c5e084b97aa38504c"
dependencies = [
"arrayvec",
"either",
"indexmap 2.11.1",
"indexmap 2.11.4",
"itertools 0.14.0",
"ra_ap_base_db",
"ra_ap_cfg",
@@ -1738,7 +1739,7 @@ dependencies = [
"drop_bomb",
"either",
"fst",
"indexmap 2.11.1",
"indexmap 2.11.4",
"itertools 0.14.0",
"la-arena",
"ra-ap-rustc_abi",
@@ -1807,7 +1808,7 @@ dependencies = [
"cov-mark",
"either",
"ena",
"indexmap 2.11.1",
"indexmap 2.11.4",
"itertools 0.14.0",
"la-arena",
"oorandom",
@@ -1845,7 +1846,7 @@ dependencies = [
"crossbeam-channel",
"either",
"fst",
"indexmap 2.11.1",
"indexmap 2.11.4",
"itertools 0.14.0",
"line-index",
"memchr",
@@ -1947,7 +1948,7 @@ version = "0.0.301"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "45db9e2df587d56f0738afa89fb2c100ff7c1e9cbe49e07f6a8b62342832211b"
dependencies = [
"indexmap 2.11.1",
"indexmap 2.11.4",
"ra_ap_intern",
"ra_ap_paths",
"ra_ap_span",
@@ -2106,7 +2107,7 @@ checksum = "6c174d6b9b7a7f54687df7e00c3e75ed6f082a7943a9afb1d54f33c0c12773de"
dependencies = [
"crossbeam-channel",
"fst",
"indexmap 2.11.1",
"indexmap 2.11.4",
"nohash-hasher",
"ra_ap_paths",
"ra_ap_stdx",
@@ -2211,9 +2212,9 @@ dependencies = [
[[package]]
name = "regex"
version = "1.11.2"
version = "1.11.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "23d7fd106d8c02486a8d64e778353d1cffe08ce79ac2e82f540c86d0facf6912"
checksum = "8b5288124840bee7b386bc413c487869b360b2b4ec421ea56425128692f2a82c"
dependencies = [
"aho-corasick",
"memchr",
@@ -2223,9 +2224,9 @@ dependencies = [
[[package]]
name = "regex-automata"
version = "0.4.10"
version = "0.4.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6b9458fa0bfeeac22b5ca447c63aaf45f28439a709ccd244698632f9aa6394d6"
checksum = "833eb9ce86d40ef33cb1306d8accf7bc8ec2bfea4355cbdebb3df68b40925cad"
dependencies = [
"aho-corasick",
"memchr",
@@ -2316,7 +2317,7 @@ dependencies = [
"crossbeam-utils",
"hashbrown 0.15.5",
"hashlink",
"indexmap 2.11.1",
"indexmap 2.11.4",
"intrusive-collections",
"papaya",
"parking_lot",
@@ -2414,10 +2415,11 @@ dependencies = [
[[package]]
name = "serde"
version = "1.0.219"
version = "1.0.228"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6"
checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e"
dependencies = [
"serde_core",
"serde_derive",
]
@@ -2443,10 +2445,19 @@ dependencies = [
]
[[package]]
name = "serde_derive"
version = "1.0.219"
name = "serde_core"
version = "1.0.228"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00"
checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad"
dependencies = [
"serde_derive",
]
[[package]]
name = "serde_derive"
version = "1.0.228"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
dependencies = [
"proc-macro2",
"quote",
@@ -2455,15 +2466,16 @@ dependencies = [
[[package]]
name = "serde_json"
version = "1.0.143"
version = "1.0.145"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d401abef1d108fbd9cbaebc3e46611f4b1021f714a0597a71f41ee463f5f4a5a"
checksum = "402a6f66d8c709116cf22f558eab210f5a50187f702eb4d7e5ef38d9a7f1c79c"
dependencies = [
"indexmap 2.11.1",
"indexmap 2.11.4",
"itoa",
"memchr",
"ryu",
"serde",
"serde_core",
]
[[package]]
@@ -2477,24 +2489,24 @@ dependencies = [
[[package]]
name = "serde_spanned"
version = "1.0.0"
version = "1.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "40734c41988f7306bb04f0ecf60ec0f3f1caa34290e4e8ea471dcd3346483b83"
checksum = "5417783452c2be558477e104686f7de5dae53dba813c28435e0e70f82d9b04ee"
dependencies = [
"serde",
"serde_core",
]
[[package]]
name = "serde_with"
version = "3.14.0"
version = "3.14.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f2c45cd61fefa9db6f254525d46e392b852e0e61d9a1fd36e5bd183450a556d5"
checksum = "c522100790450cf78eeac1507263d0a350d4d5b30df0c8e1fe051a10c22b376e"
dependencies = [
"base64",
"chrono",
"hex",
"indexmap 1.9.3",
"indexmap 2.11.1",
"indexmap 2.11.4",
"schemars 0.9.0",
"schemars 1.0.4",
"serde",
@@ -2506,9 +2518,9 @@ dependencies = [
[[package]]
name = "serde_with_macros"
version = "3.14.0"
version = "3.14.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "de90945e6565ce0d9a25098082ed4ee4002e047cb59892c318d66821e14bb30f"
checksum = "327ada00f7d64abaac1e55a6911e90cf665aa051b9a561c7006c157f4633135e"
dependencies = [
"darling",
"proc-macro2",
@@ -2522,7 +2534,7 @@ version = "0.9.34+deprecated"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6a8b1a1a2ebf674015cc02edccce75287f1a0130d394307b36743c2f5d504b47"
dependencies = [
"indexmap 2.11.1",
"indexmap 2.11.4",
"itoa",
"ryu",
"serde",
@@ -2701,14 +2713,14 @@ dependencies = [
[[package]]
name = "toml"
version = "0.9.5"
version = "0.9.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "75129e1dc5000bfbaa9fee9d1b21f974f9fbad9daec557a521ee6e080825f6e8"
checksum = "00e5e5d9bf2475ac9d4f0d9edab68cc573dc2fd644b0dba36b0c30a92dd9eaa0"
dependencies = [
"indexmap 2.11.1",
"serde",
"serde_spanned 1.0.0",
"toml_datetime 0.7.0",
"indexmap 2.11.4",
"serde_core",
"serde_spanned 1.0.2",
"toml_datetime 0.7.2",
"toml_parser",
"toml_writer",
"winnow",
@@ -2725,11 +2737,11 @@ dependencies = [
[[package]]
name = "toml_datetime"
version = "0.7.0"
version = "0.7.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bade1c3e902f58d73d3f294cd7f20391c1cb2fbcb643b73566bc773971df91e3"
checksum = "32f1085dec27c2b6632b04c80b3bb1b4300d6495d1e129693bdda7d91e72eec1"
dependencies = [
"serde",
"serde_core",
]
[[package]]
@@ -2738,7 +2750,7 @@ version = "0.22.27"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "41fe8c660ae4257887cf66394862d21dbca4a6ddd26f04a3560410406a2f819a"
dependencies = [
"indexmap 2.11.1",
"indexmap 2.11.4",
"serde",
"serde_spanned 0.6.9",
"toml_datetime 0.6.11",
@@ -2748,9 +2760,9 @@ dependencies = [
[[package]]
name = "toml_parser"
version = "1.0.2"
version = "1.0.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b551886f449aa90d4fe2bdaa9f4a2577ad2dde302c61ecf262d80b116db95c10"
checksum = "4cf893c33be71572e0e9aa6dd15e6677937abd686b066eac3f8cd3531688a627"
dependencies = [
"winnow",
]
@@ -2763,9 +2775,9 @@ checksum = "5d99f8c9a7727884afe522e9bd5edbfc91a3312b36a77b5fb8926e4c31a41801"
[[package]]
name = "toml_writer"
version = "1.0.2"
version = "1.0.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fcc842091f2def52017664b53082ecbbeb5c7731092bad69d2c63050401dfd64"
checksum = "d163a63c116ce562a22cda521fcc4d79152e7aba014456fb5eb442f6d6a10109"
[[package]]
name = "tracing"
@@ -2855,9 +2867,9 @@ dependencies = [
[[package]]
name = "tree-sitter-embedded-template"
version = "0.23.2"
version = "0.25.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "790063ef14e5b67556abc0b3be0ed863fb41d65ee791cf8c0b20eb42a1fa46af"
checksum = "833d528e8fcb4e49ddb04d4d6450ddb8ac08f282a58fec94ce981c9c5dbf7e3a"
dependencies = [
"cc",
"tree-sitter-language",

18
MODULE.bazel
View File

@@ -98,11 +98,11 @@ use_repo(
tree_sitter_extractors_deps = use_extension("//misc/bazel/3rdparty:tree_sitter_extractors_extension.bzl", "r")
use_repo(
tree_sitter_extractors_deps,
"vendor_ts__anyhow-1.0.99",
"vendor_ts__anyhow-1.0.100",
"vendor_ts__argfile-0.2.1",
"vendor_ts__chalk-ir-0.104.0",
"vendor_ts__chrono-0.4.42",
"vendor_ts__clap-4.5.47",
"vendor_ts__clap-4.5.48",
"vendor_ts__dunce-1.0.5",
"vendor_ts__either-1.15.0",
"vendor_ts__encoding-0.2.33",
@@ -116,7 +116,7 @@ use_repo(
"vendor_ts__num-traits-0.2.19",
"vendor_ts__num_cpus-1.17.0",
"vendor_ts__proc-macro2-1.0.101",
"vendor_ts__quote-1.0.40",
"vendor_ts__quote-1.0.41",
"vendor_ts__ra_ap_base_db-0.0.301",
"vendor_ts__ra_ap_cfg-0.0.301",
"vendor_ts__ra_ap_hir-0.0.301",
@@ -135,17 +135,17 @@ use_repo(
"vendor_ts__ra_ap_vfs-0.0.301",
"vendor_ts__rand-0.9.2",
"vendor_ts__rayon-1.11.0",
"vendor_ts__regex-1.11.2",
"vendor_ts__serde-1.0.219",
"vendor_ts__serde_json-1.0.143",
"vendor_ts__serde_with-3.14.0",
"vendor_ts__regex-1.11.3",
"vendor_ts__serde-1.0.228",
"vendor_ts__serde_json-1.0.145",
"vendor_ts__serde_with-3.14.1",
"vendor_ts__syn-2.0.106",
"vendor_ts__toml-0.9.5",
"vendor_ts__toml-0.9.7",
"vendor_ts__tracing-0.1.41",
"vendor_ts__tracing-flame-0.2.0",
"vendor_ts__tracing-subscriber-0.3.20",
"vendor_ts__tree-sitter-0.25.9",
"vendor_ts__tree-sitter-embedded-template-0.23.2",
"vendor_ts__tree-sitter-embedded-template-0.25.0",
"vendor_ts__tree-sitter-json-0.24.8",
"vendor_ts__tree-sitter-ql-0.23.1",
"vendor_ts__tree-sitter-ruby-0.23.1",

1
cpp/ql/lib/semmle/code/cpp/Element.qll
View File

@@ -87,6 +87,7 @@ class ElementBase extends @element {
*/
class Element extends ElementBase {
/** Gets the primary file where this element occurs. */
pragma[nomagic]
File getFile() { result = this.getLocation().getFile() }
/**

5
go/ql/lib/change-notes/2025-09-19-api-changes.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: breaking
---
* The member predicate `writesField` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing a struct literal. A new member predicate `writesFieldPreUpdate` has been added for cases where this behaviour is not desired.
* The member predicate `writesElement` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing an array/slice/map literal. A new member predicate `writesElementPreUpdate` has been added for cases where this behaviour is not desired.

4
go/ql/lib/change-notes/2025-09-19-use-use-flow-proper-post-update-nodes.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: majorAnalysis
---
* The shape of the Go data-flow graph has changed. Previously for code like `x := def(); use1(x); use2(x)`, there would be edges from the definition of `x` to each use. Now there is an edge from the definition to the first use, then another from the first use to the second, and so on. This means that data-flow barriers work differently - flow will not reach any uses after the barrier node. Where this is not desired it may be be necessary to add an additional flow step to propagate the flow forward. Additionally, when a variable may be subject to a side-effect, such as updating an array, passing a pointer to a function that might write through it or writing to a field of a struct, there is now a dedicated post-update node representing the variable after this side-effect has taken place. Previously post-update nodes were aliases for either a variable's definition, or were equal to the pre-update node. This led to backwards steps in the data-flow graph, which could cause false positives. For example, in the previous code there would be an edge from `x` in `use2(x)` back to the definition of `x`. If we define our sources as any argument of `use2` and our sinks as any argument of `use1` then this would lead to a false positive path. Now there are distinct post-update nodes and no backwards edge to the definition, so we will not find this false positive path.

4
go/ql/lib/change-notes/2025-10-02-unvalidated-url-redirection-struct-init-fix.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* For the query `go/unvalidated-url-redirection`, when untrusted data is assigned to the `Host` field of a `url.URL` struct, we consider the whole struct untrusted. We now also include the case when this happens during struct initialization, for example `&url.URL{Host: untrustedData}`.

4
go/ql/lib/change-notes/2025-10-02-writenode-writescomponent-deprecated.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: deprecated
---
* The member predicate `writesComponent` on `DataFlow::Write` has been deprecated. Instead, use `writesFieldPreUpdate` and `writesElementPreUpdate`, or their new versions `writesField` and `writesElement`.

99
go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll
View File

@@ -118,6 +118,8 @@ module ControlFlow {
/** Gets the left-hand side of this write. */
IR::WriteTarget getLhs() { result = super.getLhs() }
private predicate isInitialization() { super.isInitialization() }
/** Gets the right-hand side of this write. */
DataFlow::Node getRhs() { super.getRhs() = result.asInstruction() }
@@ -132,21 +134,45 @@ module ControlFlow {
/**
* Holds if this node sets the value of field `f` on `base` (or its implicit dereference) to
* `rhs`.
* `rhs`, where `base` represents the post-update value.
*
* For example, for the assignment `x.width = newWidth`, `base` is the post-update node of
* either the data-flow node corresponding to `x` or (if `x` is a pointer) the data-flow node
* corresponding to the implicit dereference `*x`, `f` is the field referenced by `width`, and
* `rhs` is the data-flow node corresponding to `newWidth`. If this `WriteNode` is a struct
* initialization then there is no post-update node and `base` is the struct literal being
* initialized.
*/
predicate writesField(DataFlow::Node base, Field f, DataFlow::Node rhs) {
exists(DataFlow::Node b | this.writesFieldPreUpdate(b, f, rhs) |
this.isInitialization() and base = b
or
not this.isInitialization() and
b = base.(DataFlow::PostUpdateNode).getPreUpdateNode()
)
}
/**
* Holds if this node sets the value of field `f` on `base` (or its implicit dereference) to
* `rhs`, where `base` represents the pre-update value.
*
* For example, for the assignment `x.width = newWidth`, `base` is either the data-flow node
* corresponding to `x` or (if `x` is a pointer) the data-flow node corresponding to the
* implicit dereference `*x`, `f` is the field referenced by `width`, and `rhs` is the data-flow
* node corresponding to `newWidth`.
* implicit dereference `*x`, `f` is the field referenced by `width`, and `rhs` is the
* data-flow node corresponding to `newWidth`.
*/
predicate writesField(DataFlow::Node base, Field f, DataFlow::Node rhs) {
predicate writesFieldPreUpdate(DataFlow::Node base, Field f, DataFlow::Node rhs) {
this.writesFieldInsn(base.asInstruction(), f, rhs.asInstruction())
}
private predicate writesFieldInsn(IR::Instruction base, Field f, IR::Instruction rhs) {
exists(IR::FieldTarget trg | trg = super.getLhs() |
(
trg.getBase() = base.asInstruction() or
trg.getBase() = MkImplicitDeref(base.asExpr())
trg.getBase() = base or
trg.getBase() = MkImplicitDeref(base.(IR::EvalInstruction).getExpr())
) and
trg.getField() = f and
super.getRhs() = rhs.asInstruction()
super.getRhs() = rhs
)
}
@@ -154,27 +180,66 @@ module ControlFlow {
* Holds if this node sets the value of element `index` on `base` (or its implicit dereference)
* to `rhs`.
*
* For example, for the assignment `xs[i] = v`, `base` is either the data-flow node
* corresponding to `xs` or (if `xs` is a pointer) the data-flow node corresponding to the
* implicit dereference `*xs`, `index` is the data-flow node corresponding to `i`, and `rhs`
* is the data-flow node corresponding to `base`.
* For example, for the assignment `xs[i] = v`, `base` is the post-update node of the data-flow
* node corresponding to `xs` or (if `xs` is a pointer) the implicit dereference `*xs`, `index`
* is the data-flow node corresponding to `i`, and `rhs` is the data-flow node corresponding to
* `base`. If this `WriteNode` corresponds to the initialization of an array/slice/map then
* there is no need for a post-update node and `base` is the array/slice/map literal being
* initialized.
*/
predicate writesElement(DataFlow::Node base, DataFlow::Node index, DataFlow::Node rhs) {
exists(DataFlow::Node b | this.writesElementPreUpdate(b, index, rhs) |
this.isInitialization() and base = b
or
not this.isInitialization() and
b = base.(DataFlow::PostUpdateNode).getPreUpdateNode()
)
}
/**
* Holds if this node sets the value of element `index` on `base` (or its implicit dereference)
* to `rhs`.
*
* For example, for the assignment `xs[i] = v`, `base` is the post-update node of the data-flow
* node corresponding to `xs` or (if `xs` is a pointer) the implicit dereference `*xs`, `index`
* is the data-flow node corresponding to `i`, and `rhs` is the data-flow node corresponding to
* `base`. If this `WriteNode` corresponds to the initialization of an array/slice/map then
* there is no need for a post-update node and `base` is the array/slice/map literal being
* initialized.
*/
predicate writesElementPreUpdate(DataFlow::Node base, DataFlow::Node index, DataFlow::Node rhs) {
this.writesElementInsn(base.asInstruction(), index.asInstruction(), rhs.asInstruction())
}
private predicate writesElementInsn(
IR::Instruction base, IR::Instruction index, IR::Instruction rhs
) {
exists(IR::ElementTarget trg | trg = super.getLhs() |
(
trg.getBase() = base.asInstruction() or
trg.getBase() = MkImplicitDeref(base.asExpr())
trg.getBase() = base or
trg.getBase() = MkImplicitDeref(base.(IR::EvalInstruction).getExpr())
) and
trg.getIndex() = index.asInstruction() and
super.getRhs() = rhs.asInstruction()
trg.getIndex() = index and
super.getRhs() = rhs
)
}
/**
* DEPRECATED: Use the disjunct of `writesElement` and `writesField`, or `writesFieldPreUpdate`
* and `writesElementPreUpdate`, instead.
*
* Holds if this node sets any field or element of `base` (or its implicit dereference) to
* `rhs`, where `base` represents the pre-update value.
*/
deprecated predicate writesComponent(DataFlow::Node base, DataFlow::Node rhs) {
this.writesElementPreUpdate(base, _, rhs) or this.writesFieldPreUpdate(base, _, rhs)
}
/**
* Holds if this node sets any field or element of `base` to `rhs`.
*/
predicate writesComponent(DataFlow::Node base, DataFlow::Node rhs) {
this.writesElement(base, _, rhs) or this.writesField(base, _, rhs)
predicate writesComponentInstruction(IR::Instruction base, IR::Instruction rhs) {
this.writesElementInsn(base, _, rhs) or this.writesFieldInsn(base, _, rhs)
}
}

15
go/ql/lib/semmle/go/controlflow/IR.qll
View File

@@ -430,18 +430,25 @@ module IR {
*/
class WriteInstruction extends Instruction {
WriteTarget lhs;
Boolean initialization;
WriteInstruction() {
lhs = MkLhs(this, _)
(
lhs = MkLhs(this, _)
or
lhs = MkResultWriteTarget(this)
) and
initialization = false
or
lhs = MkLiteralElementTarget(this)
or
lhs = MkResultWriteTarget(this)
lhs = MkLiteralElementTarget(this) and initialization = true
}
/** Gets the target to which this instruction writes. */
WriteTarget getLhs() { result = lhs }
/** Holds if this instruction initializes a literal. */
predicate isInitialization() { initialization = true }
/** Gets the instruction computing the value this instruction writes. */
Instruction getRhs() { none() }

16
go/ql/lib/semmle/go/dataflow/SSA.qll
View File

@@ -166,6 +166,13 @@ class SsaDefinition extends TSsaDefinition {
) {
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
/**
* Gets the first instruction that the value of this `SsaDefinition` can
* reach without passing through any other instructions, but possibly through
* phi nodes.
*/
IR::Instruction getAFirstUse() { firstUse(this, result) }
}
/**
@@ -410,3 +417,12 @@ DataFlow::Node getASimilarReadNode(DataFlow::Node node) {
result = readFields.similar().getAUse()
)
}
/**
* Gets an instruction such that `pred` and `result` form an adjacent
* use-use-pair of the same`SsaSourceVariable`, that is, the value read in
* `pred` can reach `result` without passing through any other use or any SSA
* definition of the variable except for phi nodes and uncertain implicit
* updates.
*/
IR::Instruction getAnAdjacentUse(IR::Instruction pred) { adjacentUseUse(pred, result) }

168
go/ql/lib/semmle/go/dataflow/SsaImpl.qll
View File

@@ -199,6 +199,8 @@ private module Internal {
/**
* Holds if the `i`th node of `bb` is a use or an SSA definition of variable `v`, with
* `k` indicating whether it is the former or the latter.
*
* Note this includes phi nodes, whereas `ref` above only includes explicit writes and captures.
*/
private predicate ssaRef(ReachableBasicBlock bb, int i, SsaSourceVariable v, RefKind k) {
useAt(bb, i, v) and k = ReadRef()
@@ -290,6 +292,172 @@ private module Internal {
or
rewindReads(bb, i, v) = 1 and result = getDefReachingEndOf(bb.getImmediateDominator(), v)
}
private module AdjacentUsesImpl {
/** Holds if `v` is defined or used in `b`. */
private predicate varOccursInBlock(SsaSourceVariable v, ReachableBasicBlock b) {
ssaRef(b, _, v, _)
}
/** Holds if `v` occurs in `b` or one of `b`'s transitive successors. */
private predicate blockPrecedesVar(SsaSourceVariable v, ReachableBasicBlock b) {
varOccursInBlock(v, b)
or
exists(getDefReachingEndOf(b, v))
}
/**
* Holds if `v` occurs in `b1` and `b2` is one of `b1`'s successors.
*
* Factored out of `varBlockReaches` to force join order compared to the larger
* set `blockPrecedesVar(v, b2)`.
*/
pragma[noinline]
private predicate varBlockReachesBaseCand(
SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2
) {
varOccursInBlock(v, b1) and
b2 = b1.getASuccessor()
}
/**
* Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and
* in `b2` or one of its transitive successors but not in any block on the path
* between `b1` and `b2`. Unlike `varBlockReaches` this may include blocks `b2`
* where `v` is dead.
*
* Factored out of `varBlockReaches` to force join order compared to the larger
* set `blockPrecedesVar(v, b2)`.
*/
pragma[noinline]
private predicate varBlockReachesRecCand(
SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock mid, ReachableBasicBlock b2
) {
varBlockReaches(v, b1, mid) and
not varOccursInBlock(v, mid) and
b2 = mid.getASuccessor()
}
/**
* Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and
* in `b2` or one of its transitive successors but not in any block on the path
* between `b1` and `b2`.
*/
private predicate varBlockReaches(
SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2
) {
varBlockReachesBaseCand(v, b1, b2) and
blockPrecedesVar(v, b2)
or
varBlockReachesRecCand(v, b1, _, b2) and
blockPrecedesVar(v, b2)
}
/**
* Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and
* `b2` but not in any block on the path between `b1` and `b2`.
*/
private predicate varBlockStep(
SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2
) {
varBlockReaches(v, b1, b2) and
varOccursInBlock(v, b2)
}
/**
* Gets the maximum rank among all SSA references to `v` in basic block `bb`.
*/
private int maxSsaRefRank(ReachableBasicBlock bb, SsaSourceVariable v) {
result = max(ssaRefRank(bb, _, v, _))
}
/**
* Holds if `v` occurs at index `i1` in `b1` and at index `i2` in `b2` and
* there is a path between them without any occurrence of `v`.
*/
pragma[nomagic]
predicate adjacentVarRefs(
SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2
) {
exists(int rankix |
b1 = b2 and
ssaRefRank(b1, i1, v, _) = rankix and
ssaRefRank(b2, i2, v, _) = rankix + 1
)
or
maxSsaRefRank(b1, v) = ssaRefRank(b1, i1, v, _) and
varBlockStep(v, b1, b2) and
ssaRefRank(b2, i2, v, _) = 1
}
predicate variableUse(SsaSourceVariable v, IR::Instruction use, ReachableBasicBlock bb, int i) {
bb.getNode(i) = use and
exists(SsaVariable sv |
sv.getSourceVariable() = v and
use = sv.getAUse()
)
}
}
private import AdjacentUsesImpl
/**
* Holds if the value defined at `def` can reach `use` without passing through
* any other uses, but possibly through phi nodes.
*/
cached
predicate firstUse(SsaDefinition def, IR::Instruction use) {
exists(SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2 |
adjacentVarRefs(v, b1, i1, b2, i2) and
def.definesAt(b1, i1, v) and
variableUse(v, use, b2, i2)
)
or
exists(
SsaSourceVariable v, SsaPhiNode redef, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2,
int i2
|
adjacentVarRefs(v, b1, i1, b2, i2) and
def.definesAt(b1, i1, v) and
redef.definesAt(b2, i2, v) and
firstUse(redef, use)
)
}
/**
* Holds if `use1` and `use2` form an adjacent use-use-pair of the same SSA
* variable, that is, the value read in `use1` can reach `use2` without passing
* through any other use or any SSA definition of the variable.
*/
cached
predicate adjacentUseUseSameVar(IR::Instruction use1, IR::Instruction use2) {
exists(SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2 |
adjacentVarRefs(v, b1, i1, b2, i2) and
variableUse(v, use1, b1, i1) and
variableUse(v, use2, b2, i2)
)
}
/**
* Holds if `use1` and `use2` form an adjacent use-use-pair of the same
* `SsaSourceVariable`, that is, the value read in `use1` can reach `use2`
* without passing through any other use or any SSA definition of the variable
* except for phi nodes and uncertain implicit updates.
*/
cached
predicate adjacentUseUse(IR::Instruction use1, IR::Instruction use2) {
adjacentUseUseSameVar(use1, use2)
or
exists(
SsaSourceVariable v, SsaPhiNode def, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2,
int i2
|
adjacentVarRefs(v, b1, i1, b2, i2) and
variableUse(v, use1, b1, i1) and
def.definesAt(b2, i2, v) and
firstUse(def, use2)
)
}
}
import Internal

12
go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll
View File

@@ -22,7 +22,7 @@ predicate containerStoreStep(Node node1, Node node2, Content c) {
t instanceof SliceType
) and
(
exists(Write w | w.writesElement(node2.(PostUpdateNode).getPreUpdateNode(), _, node1))
exists(Write w | w.writesElement(node2, _, node1))
or
node1 = node2.(ImplicitVarargsSlice).getCallNode().getAnImplicitVarargsArgument()
or
@@ -36,17 +36,19 @@ predicate containerStoreStep(Node node1, Node node2, Content c) {
)
or
c instanceof CollectionContent and
exists(SendStmt send |
send.getChannel() = node2.(ExprNode).asExpr() and send.getValue() = node1.(ExprNode).asExpr()
exists(SendStmt send, Node channelExprNode |
send.getChannel() = channelExprNode.(ExprNode).asExpr() and
node2.(PostUpdateNode).getPreUpdateNode() = channelExprNode and
send.getValue() = node1.(ExprNode).asExpr()
)
or
c instanceof MapKeyContent and
t instanceof MapType and
exists(Write w | w.writesElement(node2.(PostUpdateNode).getPreUpdateNode(), node1, _))
exists(Write w | w.writesElement(node2, node1, _))
or
c instanceof MapValueContent and
t instanceof MapType and
exists(Write w | w.writesElement(node2.(PostUpdateNode).getPreUpdateNode(), _, node1))
exists(Write w | w.writesElement(node2, _, node1))
)
}

94
go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll
View File

@@ -12,7 +12,8 @@ private newtype TNode =
MkGlobalFunctionNode(Function f) or
MkImplicitVarargsSlice(CallExpr c) { c.hasImplicitVarargs() } or
MkSliceElementNode(SliceExpr se) or
MkFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn)
MkFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn) or
MkDefaultPostUpdateNode(IR::Instruction insn) { insnHasPostUpdateNode(insn) }
/** Nodes intended for only use inside the data-flow libraries. */
module Private {
@@ -760,18 +761,27 @@ module Public {
predicate isReceiverOf(MethodDecl m) { parm.isReceiverOf(m) }
}
private Node getADirectlyWrittenNode() {
exists(Write w | w.writesComponent(result, _)) or
result = DataFlow::exprNode(any(SendStmt s).getChannel())
}
private DataFlow::Node getAccessPathPredecessor(DataFlow::Node node) {
result = node.(PointerDereferenceNode).getOperand()
private IR::Instruction getADirectlyWrittenInsn() {
exists(Write w | w.writesComponentInstruction(result, _))
or
result = node.(ComponentReadNode).getBase()
result = IR::evalExprInstruction(any(SendStmt s).getChannel())
}
private Node getAWrittenNode() { result = getAccessPathPredecessor*(getADirectlyWrittenNode()) }
private IR::Instruction getAccessPathPredecessorInsn(IR::Instruction insn) {
exists(Expr e1, Expr e2 |
insn = IR::evalExprInstruction(e1) and result = IR::evalExprInstruction(e2)
|
e2 = e1.(DerefExpr).getOperand() or e2 = e1.(StarExpr).getBase()
)
or
exists(Expr e | insn = IR::implicitDerefInstruction(e) and result = IR::evalExprInstruction(e))
or
result = insn.(IR::ComponentReadInstruction).getBase()
}
private IR::Instruction getAWrittenInsn() {
result = getAccessPathPredecessorInsn*(getADirectlyWrittenInsn())
}
/**
* Holds if `tp` is a type that may (directly or indirectly) reference a memory location.
@@ -807,31 +817,51 @@ module Public {
abstract Node getPreUpdateNode();
}
private class DefaultPostUpdateNode extends PostUpdateNode {
/** Holds if the node corresponding to `insn` has a post-update node. */
predicate insnHasPostUpdateNode(IR::Instruction insn) {
exists(Expr e | insn.(IR::EvalInstruction).getExpr() = e |
e instanceof AddressExpr or
e = any(AddressExpr ae).getOperand() or
e = any(StarExpr ae).getBase() or
e = any(DerefExpr ae).getOperand() or
e = any(IR::EvalImplicitDerefInstruction eidi).getOperand()
)
or
exists(CallExpr ce |
ce.getArgument(0).getType() instanceof TupleType and
insn = IR::extractTupleElement(IR::evalExprInstruction(ce.getArgument(0)), _)
or
not ce.getArgument(0).getType() instanceof TupleType and
insn = IR::evalExprInstruction(ce.getAnArgument())
or
// Receiver of a method call
exists(IR::MethodReadInstruction mri |
ce.getTarget() instanceof Method and
mri = IR::evalExprInstruction(ce.getCalleeExpr()) and
insn = mri.getReceiver()
)
) and
mutableType(insn.getResultType())
or
insn = getAWrittenInsn()
}
private class DefaultPostUpdateNode extends PostUpdateNode, MkDefaultPostUpdateNode {
Node preupd;
DefaultPostUpdateNode() {
(
preupd instanceof AddressOperationNode
or
preupd = any(AddressOperationNode addr).getOperand()
or
preupd = any(PointerDereferenceNode deref).getOperand()
or
preupd = getAWrittenNode()
or
preupd = any(ArgumentNode arg).getACorrespondingSyntacticArgument() and
mutableType(preupd.getType())
) and
(
preupd = this.(SsaNode).getAUse()
or
preupd = this and
not basicLocalFlowStep(_, this)
)
}
DefaultPostUpdateNode() { this = MkDefaultPostUpdateNode(preupd.asInstruction()) }
override Node getPreUpdateNode() { result = preupd }
override ControlFlow::Root getRoot() { result = preupd.getRoot() }
override Type getType() { result = preupd.getType() }
override string getNodeKind() { result = "post-update node" }
override string toString() { result = preupd.toString() + " [postupdate]" }
override Location getLocation() { result = preupd.getLocation() }
}
/**
@@ -866,7 +896,7 @@ module Public {
int getPosition() { result = i }
/**
* Gets a data-flow node for a syntactic argument corresponding this this
* Gets a data-flow node for a syntactic argument corresponding to this
* argument. If this argument is not an implicit varargs slice then this
* will just be the argument itself. If this argument is an implicit
* varargs slice then this will be a data-flow node that for an argument

61
go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll
View File

@@ -65,23 +65,30 @@ predicate basicLocalFlowStep(Node nodeFrom, Node nodeTo) {
else nodeTo.asInstruction() = evalAssert
)
or
// Instruction -> SSA
// Instruction -> SSA defn
exists(IR::Instruction pred, SsaExplicitDefinition succ |
succ.getRhs() = pred and
nodeFrom = instructionNode(pred) and
nodeTo = ssaNode(succ)
(
nodeFrom = instructionNode(pred) or
nodeFrom.(PostUpdateNode).getPreUpdateNode() = instructionNode(pred)
) and
nodeTo = ssaNode(succ.getVariable())
)
or
// SSA -> SSA
exists(SsaDefinition pred, SsaPseudoDefinition succ | succ.getAnInput() = pred |
nodeFrom = ssaNode(pred) and
nodeTo = ssaNode(succ)
// SSA defn -> first SSA use
exists(SsaDefinition pred, IR::Instruction succ | succ = pred.getAFirstUse() |
(pred instanceof SsaExplicitDefinition or pred instanceof SsaVariableCapture) and
nodeFrom = ssaNode(pred.getVariable()) and
nodeTo = instructionNode(succ)
)
or
// SSA -> Instruction
exists(SsaDefinition pred, IR::Instruction succ |
succ = pred.getVariable().getAUse() and
nodeFrom = ssaNode(pred) and
// SSA use -> successive SSA use
// Note this case includes Phi node traversal
exists(IR::Instruction pred, IR::Instruction succ | succ = getAnAdjacentUse(pred) |
(
nodeFrom = instructionNode(pred) or
nodeFrom.(PostUpdateNode).getPreUpdateNode() = instructionNode(pred)
) and
nodeTo = instructionNode(succ)
)
or
@@ -96,6 +103,10 @@ private Field getASparselyUsedChannelTypedField() {
count(result.getARead()) = 2
}
bindingset[v]
pragma[inline_late]
private predicate isValueEntityRead(ValueEntity v, Node n) { n = v.getARead() }
/**
* Holds if data can flow from `node1` to `node2` in a way that loses the
* calling context. For example, this would happen with flow through a
@@ -110,14 +121,22 @@ predicate jumpStep(Node n1, Node n2) {
or
n1.(DataFlow::PostUpdateNode).getPreUpdateNode() = v.getARead()
) and
n2 = v.getARead()
isValueEntityRead(v, n2)
)
or
exists(SsaDefinition pred, SsaDefinition succ |
succ.(SsaVariableCapture).getSourceVariable() = pred.(SsaExplicitDefinition).getSourceVariable()
|
n1 = ssaNode(pred) and
exists(SsaExplicitDefinition def, SsaVariableCapture succ |
succ.getSourceVariable() = def.getSourceVariable() and
n2 = ssaNode(succ)
|
not exists(def.getAFirstUse()) and n1 = ssaNode(def)
or
exists(IR::Instruction lastUse |
lastUse = getAnAdjacentUse*(def.getAFirstUse()) and
not exists(getAnAdjacentUse(lastUse))
|
n1 = instructionNode(lastUse) or
n1.(DataFlow::PostUpdateNode).getPreUpdateNode() = instructionNode(lastUse)
)
)
or
// If a channel-typed field is referenced exactly once in the context of
@@ -145,15 +164,17 @@ predicate jumpStep(Node n1, Node n2) {
*/
predicate storeStep(Node node1, ContentSet cs, Node node2) {
exists(Content c | cs.asOneContent() = c |
// a write `(*p).f = rhs` is modeled as two store steps: `rhs` is flows into field `f` of `(*p)`,
// which in turn flows into the pointer content of `p`
// a write `(*p).f = rhs` is modeled as two store steps: `rhs` is flows into field `f` of the
// post-update node of `(*p)`, which in turn flows into the pointer content of the post-update
// node of `p`
exists(Write w, Field f, DataFlow::Node base, DataFlow::Node rhs | w.writesField(base, f, rhs) |
node1 = rhs and
node2.(PostUpdateNode).getPreUpdateNode() = base and
node2 = base and
c = any(DataFlow::FieldContent fc | fc.getField() = f)
or
node1 = base and
node2.(PostUpdateNode).getPreUpdateNode() = node1.(PointerDereferenceNode).getOperand() and
node2.(PostUpdateNode).getPreUpdateNode() =
node1.(PostUpdateNode).getPreUpdateNode().(PointerDereferenceNode).getOperand() and
c = any(DataFlow::PointerContent pc | pc.getPointerType() = node2.getType())
)
or

2
go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -442,7 +442,7 @@ module SourceSinkInterpretationInput implements
f = e.asFieldEntity()
|
c = "" and
fw.writesField(base, f, node.asNode()) and
fw.writesFieldPreUpdate(base, f, node.asNode()) and
pragma[only_bind_into](e) = getElementWithQualifier(f, base)
)
or

92
go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll
View File

@@ -83,23 +83,25 @@ class AdditionalTaintStep extends Unit {
abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);
}
/**
* Holds if the additional step from `pred` to `succ` should be included in all
* global taint flow configurations.
*/
predicate localAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ, string model) {
(
referenceStep(pred, succ) or
elementWriteStep(pred, succ) or
fieldReadStep(pred, succ) or
elementStep(pred, succ) or
tupleStep(pred, succ) or
stringConcatStep(pred, succ) or
sliceStep(pred, succ)
private predicate localAdditionalForwardTaintStep(
DataFlow::Node pred, DataFlow::Node succ, string model
) {
exists(DataFlow::Node pred2 |
pred2 = pred
or
pred2 = pred.(DataFlow::PostUpdateNode).getPreUpdateNode()
|
referenceStep(pred2, succ) or
elementWriteStep(pred2, succ) or
fieldReadStep(pred2, succ) or
elementStep(pred2, succ) or
tupleStep(pred2, succ) or
stringConcatStep(pred2, succ) or
sliceStep(pred2, succ)
) and
model = ""
or
any(FunctionModel fm).taintStep(pred, succ) and model = "FunctionModel"
any(FunctionModel fm).forwardTaintStep(pred, succ) and model = "FunctionModel"
or
any(AdditionalTaintStep a).step(pred, succ) and model = "AdditionalTaintStep"
or
@@ -107,6 +109,43 @@ predicate localAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ, str
.getSummaryNode(), succ.(DataFlowPrivate::FlowSummaryNode).getSummaryNode(), false, model)
}
/**
* This is a helper predicate for `localAdditionalBackwardTaintStep`. It mixes
* local data flow with local forward taint steps. It should only ever be used
* via its transitive closure, which gives local forward taint flow, that is
* with backward steps excluded.
*/
private predicate partialLocalForwardTaintFlow(DataFlow::Node pred, DataFlow::Node succ) {
DataFlow::localFlow(pred, succ) or
localAdditionalForwardTaintStep(pred, succ, _) or
// Simple flow through library code is included in the exposed local
// step relation, even though flow is technically inter-procedural
FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(pred, succ, _)
}
/**
* Holds if taint flows backwards from `pred` to `succ` via a function model.
*/
private predicate localAdditionalBackwardTaintStep(
DataFlow::Node pred, DataFlow::Node succ, string model
) {
// backward step through function model
exists(FunctionModel m, DataFlow::Node resultNode |
m.backwardTaintStep(resultNode, succ) and
partialLocalForwardTaintFlow+(resultNode, pred.(DataFlow::PostUpdateNode).getPreUpdateNode())
) and
model = "FunctionModel"
}
/**
* Holds if the additional step from `pred` to `succ` should be included in all
* global taint flow configurations.
*/
predicate localAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ, string model) {
localAdditionalForwardTaintStep(pred, succ, model) or
localAdditionalBackwardTaintStep(pred, succ, model)
}
/**
* Holds if taint flows from `pred` to `succ` via a reference or dereference.
*
@@ -140,7 +179,7 @@ predicate referenceStep(DataFlow::Node pred, DataFlow::Node succ) {
* `succ`.
*/
predicate elementWriteStep(DataFlow::Node pred, DataFlow::Node succ) {
any(DataFlow::Write w).writesElement(succ.(DataFlow::PostUpdateNode).getPreUpdateNode(), _, pred)
any(DataFlow::Write w).writesElement(succ, _, pred)
or
FlowSummaryImpl::Private::Steps::summaryStoreStep(pred.(DataFlowPrivate::FlowSummaryNode)
.getSummaryNode(), any(DataFlow::ArrayContent ac).asContentSet(),
@@ -195,23 +234,36 @@ abstract class FunctionModel extends Function {
abstract predicate hasTaintFlow(FunctionInput input, FunctionOutput output);
/** Gets an input node for this model for the call `c`. */
DataFlow::Node getAnInputNode(DataFlow::CallNode c) { this.taintStepForCall(result, _, c) }
DataFlow::Node getAnInputNode(DataFlow::CallNode c) { this.taintStepForCall(result, _, c, _) }
/** Gets an output node for this model for the call `c`. */
DataFlow::Node getAnOutputNode(DataFlow::CallNode c) { this.taintStepForCall(_, result, c) }
DataFlow::Node getAnOutputNode(DataFlow::CallNode c) { this.taintStepForCall(_, result, c, _) }
/** Holds if this function model causes taint to flow from `pred` to `succ` for the call `c`. */
predicate taintStepForCall(DataFlow::Node pred, DataFlow::Node succ, DataFlow::CallNode c) {
predicate taintStepForCall(
DataFlow::Node pred, DataFlow::Node succ, DataFlow::CallNode c, Boolean forward
) {
c = this.getACall() and
exists(FunctionInput inp, FunctionOutput outp | this.hasTaintFlow(inp, outp) |
pred = pragma[only_bind_out](inp).getNode(c) and
succ = pragma[only_bind_out](outp).getNode(c)
succ = pragma[only_bind_out](outp).getNode(c) and
if inp.isResult() or inp.isResult(_) then forward = false else forward = true
)
}
/** Holds if this function model causes taint to flow from `pred` to `succ`. */
predicate taintStep(DataFlow::Node pred, DataFlow::Node succ) {
this.taintStepForCall(pred, succ, _)
this.taintStepForCall(pred, succ, _, _)
}
/** Holds if this function model causes taint to flow forward from `pred` to `succ`. */
predicate forwardTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
this.taintStepForCall(pred, succ, _, true)
}
/** Holds if this function model causes taint to flow backwards from `pred` to `succ`. */
predicate backwardTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
this.taintStepForCall(pred, succ, _, false)
}
}

9
go/ql/lib/semmle/go/frameworks/Email.qll
View File

@@ -26,9 +26,14 @@ module EmailData {
private class SmtpData extends Range {
SmtpData() {
// func (c *Client) Data() (io.WriteCloser, error)
exists(Method data |
exists(Method data, DataFlow::Node n |
data.hasQualifiedName("net/smtp", "Client", "Data") and
this.(DataFlow::SsaNode).getInit() = data.getACall().getResult(0)
// Deal with cases like
// w, _ := s.Data()
// io.WriteString(w, source()) // $ Alert
// w.Write(source()) // $ Alert
DataFlow::localFlow(data.getACall().getResult(0), n) and
this.(DataFlow::PostUpdateNode).getPreUpdateNode() = n
)
or
// func SendMail(addr string, a Auth, from string, to []string, msg []byte) error

17
go/ql/lib/semmle/go/frameworks/GinCors.qll
View File

@@ -27,7 +27,7 @@ module GinCors {
AllowCredentialsWrite() {
exists(Field f, Write w |
f.hasQualifiedName(packagePath(), "Config", "AllowCredentials") and
w.writesField(base, f, this) and
w.writesFieldPreUpdate(base, f, this) and
this.getType() instanceof BoolType
)
}
@@ -61,7 +61,7 @@ module GinCors {
AllowOriginsWrite() {
exists(Field f, Write w |
f.hasQualifiedName(packagePath(), "Config", "AllowOrigins") and
w.writesField(base, f, this) and
w.writesFieldPreUpdate(base, f, this) and
this.asExpr() instanceof SliceLit
)
}
@@ -95,7 +95,7 @@ module GinCors {
AllowAllOriginsWrite() {
exists(Field f, Write w |
f.hasQualifiedName(packagePath(), "Config", "AllowAllOrigins") and
w.writesField(base, f, this) and
w.writesFieldPreUpdate(base, f, this) and
this.getType() instanceof BoolType
)
}
@@ -109,14 +109,9 @@ module GinCors {
* Get config variable holding header values
*/
override GinConfig getConfig() {
exists(GinConfig gc |
(
gc.getV().getBaseVariable().getDefinition().(SsaExplicitDefinition).getRhs() =
base.asInstruction() or
gc.getV().getAUse() = base
) and
result = gc
)
result.getV().getBaseVariable().getDefinition().(SsaExplicitDefinition).getRhs() =
base.asInstruction() or
result.getV().getAUse() = base
}
}

5
go/ql/lib/semmle/go/frameworks/NoSQL.qll
View File

@@ -38,9 +38,8 @@ module NoSql {
*/
predicate isAdditionalMongoTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
// Taint an entry if the `Value` is tainted
exists(Write w, DataFlow::Node base, Field f | w.writesField(base, f, pred) |
base = succ.(DataFlow::PostUpdateNode).getPreUpdateNode() and
base.getType().hasQualifiedName(package("go.mongodb.org/mongo-driver", "bson/primitive"), "E") and
exists(Write w, Field f | w.writesField(succ, f, pred) |
succ.getType().hasQualifiedName(package("go.mongodb.org/mongo-driver", "bson/primitive"), "E") and
f.getName() = "Value"
)
}

11
go/ql/lib/semmle/go/frameworks/Protobuf.qll
View File

@@ -64,11 +64,10 @@ module Protobuf {
*/
private class MarshalStateStep extends TaintTracking::AdditionalTaintStep {
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
exists(DataFlow::PostUpdateNode marshalInput, DataFlow::CallNode marshalStateCall |
exists(DataFlow::Node marshalInput, DataFlow::CallNode marshalStateCall |
marshalStateCall = marshalStateMethod().getACall() and
// pred -> marshalInput.Message
any(DataFlow::Write w)
.writesField(marshalInput.getPreUpdateNode(), inputMessageField(), pred) and
any(DataFlow::Write w).writesField(marshalInput, inputMessageField(), pred) and
// marshalInput -> marshalStateCall
marshalStateCall.getArgument(0) = globalValueNumber(marshalInput).getANode() and
// marshalStateCall -> succ
@@ -142,10 +141,10 @@ module Protobuf {
private class WriteMessageFieldStep extends TaintTracking::AdditionalTaintStep {
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
[succ.getType(), succ.getType().getPointerType()] instanceof MessageType and
exists(DataFlow::ReadNode base |
succ.(DataFlow::PostUpdateNode).getPreUpdateNode() = getUnderlyingNode(base)
exists(DataFlow::Write w, DataFlow::ReadNode base |
w.writesElementPreUpdate(base, _, pred) or w.writesFieldPreUpdate(base, _, pred)
|
any(DataFlow::Write w).writesComponent(base, pred)
succ.(DataFlow::PostUpdateNode).getPreUpdateNode() = getUnderlyingNode(base)
)
}
}

6
go/ql/lib/semmle/go/frameworks/RsCors.qll
View File

@@ -54,7 +54,7 @@ module RsCors {
AllowCredentialsWrite() {
exists(Field f, Write w |
f.hasQualifiedName(packagePath(), "Options", "AllowCredentials") and
w.writesField(base, f, this) and
w.writesFieldPreUpdate(base, f, this) and
this.getType() instanceof BoolType
)
}
@@ -82,7 +82,7 @@ module RsCors {
AllowOriginsWrite() {
exists(Field f, Write w |
f.hasQualifiedName(packagePath(), "Options", "AllowedOrigins") and
w.writesField(base, f, this) and
w.writesFieldPreUpdate(base, f, this) and
this.asExpr() instanceof SliceLit
)
}
@@ -113,7 +113,7 @@ module RsCors {
AllowAllOriginsWrite() {
exists(Field f, Write w |
f.hasQualifiedName(packagePath(), "Options", "AllowAllOrigins") and
w.writesField(base, f, this) and
w.writesFieldPreUpdate(base, f, this) and
this.getType() instanceof BoolType
)
}

2
go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
View File

@@ -52,7 +52,7 @@ module NetHttp {
MapWrite() {
this.getType().hasQualifiedName("net/http", "Header") and
any(Write write).writesElement(this, index, rhs)
any(Write write).writesElementPreUpdate(this, index, rhs)
}
override DataFlow::Node getName() { result = index }

23
go/ql/lib/semmle/go/security/AllocationSizeOverflowCustomizations.qll
View File

@@ -32,7 +32,10 @@ module AllocationSizeOverflow {
/**
* A data-flow node that is an operand to an operation that may overflow.
*/
abstract class OverflowProneOperand extends DataFlow::Node { }
abstract class OverflowProneOperand extends DataFlow::Node {
/** Gets the operation that may overflow that `this` is an operand of. */
abstract DataFlow::Node getOverflowProneOperation();
}
/**
* A data-flow node that represents the size argument of an allocation, such as the `n` in
@@ -91,8 +94,7 @@ module AllocationSizeOverflow {
AllocationSize allocsz;
DefaultSink() {
this instanceof OverflowProneOperand and
localStep*(this, allocsz) and
localStep*(this.(OverflowProneOperand).getOverflowProneOperation(), allocsz) and
not allocsz instanceof AllocationSizeCheckBarrier
}
@@ -134,15 +136,18 @@ module AllocationSizeOverflow {
/** An operand of an arithmetic expression that could cause overflow. */
private class DefaultOverflowProneOperand extends OverflowProneOperand {
OperatorExpr parent;
DefaultOverflowProneOperand() {
exists(OperatorExpr parent | isOverflowProne(parent) |
this.asExpr() = parent.getAnOperand() and
// only consider outermost operands to avoid double reporting
not exists(OperatorExpr grandparent | parent = grandparent.getAnOperand().stripParens() |
isOverflowProne(grandparent)
)
isOverflowProne(parent) and
this.asExpr() = parent.getAnOperand() and
// only consider outermost operands to avoid double reporting
not exists(OperatorExpr grandparent | parent = grandparent.getAnOperand().stripParens() |
isOverflowProne(grandparent)
)
}
override DataFlow::Node getOverflowProneOperation() { result.asExpr() = parent }
}
/**

4
go/ql/lib/semmle/go/security/CleartextLogging.qll
View File

@@ -35,9 +35,7 @@ module CleartextLogging {
predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) {
// A taint propagating data-flow edge through structs: a tainted write taints the entire struct.
exists(Write write |
write.writesField(trg.(DataFlow::PostUpdateNode).getPreUpdateNode(), _, src)
)
exists(Write write | write.writesField(trg, _, src))
or
// taint steps that do not include flow through fields. Field reads would produce FPs due to
// the additional taint step above that taints whole structs from individual field writes.

4
go/ql/lib/semmle/go/security/CleartextLoggingCustomizations.qll
View File

@@ -55,6 +55,8 @@ module CleartextLogging {
|
this.asExpr().(Ident).getName() = name
or
this.(DataFlow::SsaNode).getSourceVariable().getName() = name
or
this.(DataFlow::FieldReadNode).getFieldName() = name
or
this.(DataFlow::CallNode).getCalleeName() = name
@@ -143,7 +145,7 @@ module CleartextLogging {
not this instanceof NonCleartextPassword and
name.regexpMatch(maybePassword()) and
(
this.asExpr().(Ident).getName() = name
this.(DataFlow::SsaNode).getSourceVariable().getName() = name
or
exists(DataFlow::FieldReadNode fn |
fn = this and

22
go/ql/lib/semmle/go/security/CommandInjection.qll
View File

@@ -84,6 +84,28 @@ module CommandInjection {
}
predicate observeDiffInformedIncrementalMode() { any() }
// Hack: with use-use flow, we might have x (use at line 1) -> x (use at line 2),
// x (use at line 1) -> array at line 1 and x (use at line 2) -> array at line 2,
// in the context
//
// array1 := {"--", x}
// array2 := {x, "--"}
//
// We want to taint array2 but not array1, which suggests excluding the edge x (use 1) -> array1
// However isSanitizer only allows us to remove nodes (isSanitizerIn/Out permit removing all outgoing
// or incoming edges); we can't remove an individual edge, so instead we supply extra edges connecting
// the definition with the next use.
predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(
ArgumentArrayWithDoubleDash array, DataFlow::InstructionNode sanitized,
DataFlow::SsaNode defn
|
sanitized = array.getASanitizedElement() and sanitized = defn.getAUse()
|
pred = defn and succ = sanitized.getASuccessor()
)
}
}
/**

12
go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll
View File

@@ -290,13 +290,17 @@ private predicate integerTypeBound(IntegerType it, int bitSize, int architecture
* the type assertion succeeded. If it is not checked then there will be a
* run-time panic if the type assertion fails, so we can assume it succeeded.
*/
class TypeAssertionCheck extends DataFlow::ExprNode, FlowStateTransformer {
class TypeAssertionCheck extends DataFlow::InstructionNode, FlowStateTransformer {
IntegerType it;
TypeAssertionCheck() {
exists(TypeAssertExpr tae |
this = DataFlow::exprNode(tae.getExpr()) and
it = tae.getTypeExpr().getType().getUnderlyingType()
exists(IR::Instruction evalAssert, TypeAssertExpr assert |
it = assert.getTypeExpr().getType().getUnderlyingType() and
evalAssert = IR::evalExprInstruction(assert)
|
if exists(IR::extractTupleElement(evalAssert, _))
then this.asInstruction() = IR::extractTupleElement(evalAssert, 0)
else this.asInstruction() = evalAssert
)
}

32
go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll
View File

@@ -35,7 +35,15 @@ module LogInjection {
/** An argument to a logging mechanism. */
class LoggerSink extends Sink {
LoggerSink() { this = any(LoggerCall log).getAValueFormattedMessageComponent() }
LoggerSink() {
exists(LoggerCall call |
this = call.getAValueFormattedMessageComponent() and
// exclude arguments to `call` which have a safe format argument, which
// aren't caught by SafeFormatArgumentSanitizer as that sanitizes the
// result of the call.
not safeFormatArgument(this, call)
)
}
}
/**
@@ -47,6 +55,22 @@ module LogInjection {
ReplaceSanitizer() { this.getReplacedString() = ["\r", "\n"] }
}
/**
* Holds if `arg` is an argument to `call` that is formatted using the `%q`
* directive. This formatting directive replaces newline characters with
* escape sequences, so `arg` would not be a sink for log injection.
*/
private predicate safeFormatArgument(
DataFlow::Node arg, StringOps::Formatting::StringFormatCall call
) {
exists(string safeDirective |
// Mark "%q" formats as safe, but not "%#q", which would preserve newline characters.
safeDirective.regexpMatch("%[^%#]*q")
|
arg = call.getOperand(_, safeDirective)
)
}
/**
* An argument that is formatted using the `%q` directive, considered as a sanitizer
* for log injection.
@@ -55,10 +79,8 @@ module LogInjection {
*/
private class SafeFormatArgumentSanitizer extends Sanitizer {
SafeFormatArgumentSanitizer() {
exists(StringOps::Formatting::StringFormatCall call, string safeDirective |
this = call.getOperand(_, safeDirective) and
// Mark "%q" formats as safe, but not "%#q", which would preserve newline characters.
safeDirective.regexpMatch("%[^%#]*q")
exists(StringOps::Formatting::StringFormatCall call | safeFormatArgument(_, call) |
this = call.getAResult()
)
}
}

10
go/ql/lib/semmle/go/security/OpenUrlRedirect.qll
View File

@@ -33,8 +33,8 @@ module OpenUrlRedirect {
any(AdditionalStep s).hasTaintStep(pred, succ)
or
// propagate to a URL when its host is assigned to
exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") |
w.writesField(v.getAUse(), f, pred) and succ = v.getAUse()
exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") |
w.writesField(succ, f, pred)
)
or
// propagate out of most URL fields, but not `ForceQuery` and `Scheme`
@@ -48,8 +48,10 @@ module OpenUrlRedirect {
predicate isBarrierOut(DataFlow::Node node) {
// block propagation of this unsafe value when its host is overwritten
exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") |
w.writesField(node.getASuccessor(), f, _)
exists(Write w, Field f, DataFlow::Node base |
f.hasQualifiedName("net/url", "URL", "Host") and
w.writesField(base, f, _) and
base.(DataFlow::PostUpdateNode).getPreUpdateNode() = node
)
or
hostnameSanitizingPrefixEdge(node, _)

19
go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll
View File

@@ -75,25 +75,18 @@ module OpenUrlRedirect {
}
}
bindingset[var, w]
pragma[inline_late]
private predicate useIsDominated(SsaWithFields var, Write w, DataFlow::ReadNode sanitizedRead) {
w.dominatesNode(sanitizedRead.asInstruction()) and
sanitizedRead = var.getAUse()
}
/**
* An access to a variable that is preceded by an assignment to its `Path` field.
* An assignment of a safe value to the field `Path`, considered as a barrier for sanitizing
* untrusted URLs.
*
* This is overapproximate; this will currently remove flow through all `Url.Path` assignments
* which contain a substring that could sanitize data.
*/
class PathAssignmentBarrier extends Barrier, Read {
class PathAssignmentBarrier extends Barrier {
PathAssignmentBarrier() {
exists(Write w, SsaWithFields var |
hasHostnameSanitizingSubstring(w.getRhs()) and
w.writesField(var.getAUse(), any(Field f | f.getName() = "Path"), _) and
useIsDominated(var, w, this)
exists(Write w, DataFlow::Node rhs |
hasHostnameSanitizingSubstring(rhs) and
w.writesFieldPreUpdate(this, any(Field f | f.getName() = "Path"), rhs)
)
}
}

4
go/ql/lib/semmle/go/security/RequestForgery.qll
View File

@@ -27,8 +27,8 @@ module RequestForgery {
predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
// propagate to a URL when its host is assigned to
exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") |
w.writesField(v.getAUse(), f, pred) and succ = v.getAUse()
exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") |
w.writesField(succ, f, pred)
)
}

17
go/ql/lib/semmle/go/security/SafeUrlFlow.qll
View File

@@ -22,18 +22,21 @@ module SafeUrlFlow {
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
// propagate to a URL when its host is assigned to
exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") |
w.writesField(v.getAUse(), f, node1) and node2 = v.getAUse()
// propagate taint to the post-update node of a URL when its host is
// assigned to
exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") |
w.writesField(node2, f, node1)
)
}
predicate isBarrierOut(DataFlow::Node node) {
// block propagation of this safe value when its host is overwritten
exists(Write w, DataFlow::Node b, Field f |
f.hasQualifiedName("net/url", "URL", "Host") and
b = node.getASuccessor() and
w.writesField(b, f, _)
exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") |
// We sanitize the pre-update node to block flow from previous value.
// This fits in with the additional flow step above propagating taint
// from the value written to the Host field to the post-update node of
// the URL.
w.writesFieldPreUpdate(node, f, _)
)
or
node instanceof SanitizerEdge

12
go/ql/src/InconsistentCode/MissingErrorCheck.ql
View File

@@ -73,6 +73,16 @@ predicate checksValue(IR::Instruction instruction, DataFlow::SsaNode value) {
)
}
// Now that we have use-use flow, phi nodes aren't directly involved in the flow graph. TODO: change this?
DataFlow::SsaNode phiDefinedFrom(DataFlow::SsaNode node) {
result.getDefinition().(SsaPseudoDefinition).getAnInput() = node.getDefinition().getVariable()
}
DataFlow::SsaNode definedFrom(DataFlow::SsaNode node) {
DataFlow::localFlow(node, result) or
result = phiDefinedFrom*(node)
}
/**
* Matches if `call` is a function returning (`ptr`, `err`) where `ptr` may be nil, and neither
* `ptr` not `err` has been checked for validity as of `node`.
@@ -99,7 +109,7 @@ predicate returnUncheckedAtNode(
// localFlow is used to permit checks via either an SSA phi node or ordinary assignment.
returnUncheckedAtNode(call, node.getAPredecessor(), ptr, err) and
not exists(DataFlow::SsaNode checked |
DataFlow::localFlow(ptr, checked) or DataFlow::localFlow(err, checked)
checked = definedFrom(ptr) or checked = definedFrom(err)
|
checksValue(node, checked)
)

4
go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql
View File

@@ -70,8 +70,8 @@ predicate unhandledCall(DataFlow::CallNode call) {
*/
predicate isWritableFileHandle(DataFlow::Node source, DataFlow::CallNode call) {
exists(OpenFileFun f, DataFlow::Node flags, QualifiedName flag |
// check that the source is a result of the call
source = call.getAResult() and
// check that the source is the first result of the call
source = call.getResult(0) and
// find a call to the os.OpenFile function
f.getACall() = call and
// get the flags expression used for opening the file

2
go/ql/src/RedundantCode/DeadStoreOfField.ql
View File

@@ -89,7 +89,7 @@ Type getTypeEmbeddedViaPointer(Type t) {
from Write w, LocalVariable v, Field f
where
// `w` writes `f` on `v`
w.writesField(v.getARead(), f, _) and
w.writesFieldPreUpdate(v.getARead(), f, _) and
// but `f` is never read on `v`
not exists(Read r | r.readsField(v.getARead(), f)) and
// exclude pointer-typed `v`; there may be reads through an alias

4
go/ql/src/RedundantCode/ImpossibleInterfaceNilCheck.ql
View File

@@ -35,7 +35,9 @@ predicate flowsToInterfaceNilCheck(DataFlow::Node nd) {
*/
predicate nonNilWrapper(DataFlow::Node nd) {
flowsToInterfaceNilCheck(nd) and
forex(DataFlow::Node pred | pred = nd.getAPredecessor() |
forex(DataFlow::Node pred |
pred = nd.getAPredecessor() and not pred instanceof DataFlow::PostUpdateNode
|
exists(Type predtp | predtp = pred.getType().getUnderlyingType() |
not predtp instanceof InterfaceType and
not predtp instanceof NilLiteralType and

2
go/ql/src/Security/CWE-295/DisabledCertificateCheck.ql
View File

@@ -34,7 +34,7 @@ predicate becomesPartOf(DataFlow::Node part, DataFlow::Node whole) {
or
whole.(DataFlow::AddressOperationNode).getOperand() = part
or
exists(Write w | w.writesField(whole.(DataFlow::PostUpdateNode).getPreUpdateNode(), _, part))
exists(Write w | w.writesField(whole, _, part))
}
/**

4
go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql
View File

@@ -98,8 +98,8 @@ predicate hostCheckReachesSink(Flow::PathNode sink) {
Flow::flowPath(source, otherSink) and
Config::writeIsSink(sink.getNode(), sinkWrite) and
Config::writeIsSink(otherSink.getNode(), otherSinkWrite) and
sinkWrite.writesField(sinkAccessPath.getAUse(), _, sink.getNode()) and
otherSinkWrite.writesField(otherSinkAccessPath.getAUse(), _, otherSink.getNode()) and
sinkWrite.writesFieldPreUpdate(sinkAccessPath.getAUse(), _, sink.getNode()) and
otherSinkWrite.writesFieldPreUpdate(otherSinkAccessPath.getAUse(), _, otherSink.getNode()) and
otherSinkAccessPath = sinkAccessPath.similar()
)
)

4
go/ql/src/Security/CWE-327/InsecureTLS.ql
View File

@@ -65,7 +65,7 @@ module TlsVersionFlowConfig implements DataFlow::ConfigSig {
*/
additional predicate isSink(DataFlow::Node sink, Field fld, DataFlow::Node base, Write fieldWrite) {
fld.hasQualifiedName("crypto/tls", "Config", ["MinVersion", "MaxVersion"]) and
fieldWrite.writesField(base, fld, sink)
fieldWrite.writesFieldPreUpdate(base, fld, sink)
}
predicate isSource(DataFlow::Node source) { intIsSource(source, _) }
@@ -190,7 +190,7 @@ module TlsInsecureCipherSuitesFlowConfig implements DataFlow::ConfigSig {
*/
additional predicate isSink(DataFlow::Node sink, Field fld, DataFlow::Node base, Write fieldWrite) {
fld.hasQualifiedName("crypto/tls", "Config", "CipherSuites") and
fieldWrite.writesField(base, fld, sink)
fieldWrite.writesFieldPreUpdate(base, fld, sink)
}
predicate isSink(DataFlow::Node sink) { isSink(sink, _, _, _) }

2
go/ql/src/Security/CWE-352/ConstantOauth2State.ql
View File

@@ -61,7 +61,7 @@ predicate isUrlTaintingConfigStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(Write w, Field f |
f.hasQualifiedName(package("golang.org/x/oauth2", ""), "Config", "RedirectURL")
|
w.writesField(succ.(DataFlow::PostUpdateNode).getPreUpdateNode(), f, pred)
w.writesField(succ, f, pred)
)
}

3
go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql
View File

@@ -18,7 +18,8 @@ import semmle.go.security.IncorrectIntegerConversionLib
import Flow::PathGraph
from
Flow::PathNode source, Flow::PathNode sink, DataFlow::CallNode call, DataFlow::Node sinkConverted
Flow::PathNode source, Flow::PathNode sink, DataFlow::CallNode call,
DataFlow::TypeCastNode sinkConverted
where
Flow::flowPath(source, sink) and
call.getResult(0) = source.getNode() and

12
go/ql/src/experimental/CWE-1004/AuthCookie.qll
View File

@@ -28,7 +28,7 @@ private class GorillaSessionOptionsField extends Field {
private DataFlow::Node getValueForFieldWrite(StructLit sl, string field) {
exists(Write w, DataFlow::Node base, Field f |
f.getName() = field and
w.writesField(base, f, result) and
w.writesFieldPreUpdate(base, f, result) and
(
sl = base.asExpr()
or
@@ -209,10 +209,7 @@ private module GorillaSessionOptionsTrackingConfig implements DataFlow::ConfigSi
predicate isSink(DataFlow::Node sink) { sink instanceof GorillaSessionSaveSink }
predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(GorillaSessionOptionsField f, DataFlow::Write w, DataFlow::Node base |
w.writesField(base, f, pred) and
succ = base
)
exists(GorillaSessionOptionsField f, DataFlow::Write w | w.writesField(succ, f, pred))
}
}
@@ -236,10 +233,7 @@ private module BoolToGorillaSessionOptionsTrackingConfig implements DataFlow::Co
sl = succ.asExpr()
)
or
exists(GorillaSessionOptionsField f, DataFlow::Write w, DataFlow::Node base |
w.writesField(base, f, pred) and
succ = base
)
exists(GorillaSessionOptionsField f, DataFlow::Write w | w.writesField(succ, f, pred))
}
}

4
go/ql/src/experimental/CWE-918/SSRF.qll
View File

@@ -22,8 +22,8 @@ module ServerSideRequestForgery {
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
// propagate to a URL when its host is assigned to
exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") |
w.writesField(v.getAUse(), f, node1) and node2 = v.getAUse()
exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") |
w.writesField(node2, f, node1)
)
}

1
go/ql/test/example-tests/snippets/typeinfo.expected
View File

@@ -5,3 +5,4 @@
| main.go:18:12:18:14 | argument corresponding to req |
| main.go:18:12:18:14 | definition of req |
| main.go:20:5:20:7 | req |
| main.go:20:5:20:7 | req [postupdate] |

408
go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected
View File

@@ -1,90 +1,54 @@
edges
| CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | CookieWithoutHttpOnly.go:15:21:15:21 | c | provenance | |
| CookieWithoutHttpOnly.go:12:10:12:18 | "session" | CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:15:20:15:21 | &... | CookieWithoutHttpOnly.go:15:21:15:21 | c | provenance | |
| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | CookieWithoutHttpOnly.go:15:21:15:21 | c | provenance | |
| CookieWithoutHttpOnly.go:15:21:15:21 | c | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:15:21:15:21 | c | CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | provenance | |
| CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance | |
| CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance | |
| CookieWithoutHttpOnly.go:20:13:20:21 | "session" | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:22:13:22:17 | false | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance | |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance | |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance | |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance | |
| CookieWithoutHttpOnly.go:24:21:24:21 | c | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:24:21:24:21 | c | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:24:21:24:21 | c | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | provenance | |
| CookieWithoutHttpOnly.go:24:21:24:21 | c | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | provenance | |
| CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance | |
| CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance | |
| CookieWithoutHttpOnly.go:29:13:29:21 | "session" | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:31:13:31:16 | true | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance | |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance | |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance | |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance | |
| CookieWithoutHttpOnly.go:33:21:33:21 | c | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:33:21:33:21 | c | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:33:21:33:21 | c | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | provenance | |
| CookieWithoutHttpOnly.go:33:21:33:21 | c | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | provenance | |
| CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance | |
| CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance | |
| CookieWithoutHttpOnly.go:38:10:38:18 | "session" | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:41:15:41:18 | true | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance | |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance | |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance | |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance | |
| CookieWithoutHttpOnly.go:42:21:42:21 | c | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:42:21:42:21 | c | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:42:21:42:21 | c | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | provenance | |
| CookieWithoutHttpOnly.go:42:21:42:21 | c | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | provenance | |
| CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance | |
| CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance | |
| CookieWithoutHttpOnly.go:47:10:47:18 | "session" | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:50:15:50:19 | false | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance | |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance | |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance | |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance | |
| CookieWithoutHttpOnly.go:51:21:51:21 | c | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:51:21:51:21 | c | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:51:21:51:21 | c | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | provenance | |
@@ -93,20 +57,12 @@ edges
| CookieWithoutHttpOnly.go:55:9:55:13 | false | CookieWithoutHttpOnly.go:59:13:59:15 | val | provenance | |
| CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance | |
| CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance | |
| CookieWithoutHttpOnly.go:57:13:57:21 | "session" | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:59:13:59:15 | val | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance | |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance | |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance | |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance | |
| CookieWithoutHttpOnly.go:61:21:61:21 | c | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:61:21:61:21 | c | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:61:21:61:21 | c | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | provenance | |
@@ -115,20 +71,12 @@ edges
| CookieWithoutHttpOnly.go:65:9:65:12 | true | CookieWithoutHttpOnly.go:69:13:69:15 | val | provenance | |
| CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance | |
| CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance | |
| CookieWithoutHttpOnly.go:67:13:67:21 | "session" | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:69:13:69:15 | val | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance | |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance | |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance | |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance | |
| CookieWithoutHttpOnly.go:71:21:71:21 | c | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:71:21:71:21 | c | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:71:21:71:21 | c | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | provenance | |
@@ -137,20 +85,12 @@ edges
| CookieWithoutHttpOnly.go:75:9:75:12 | true | CookieWithoutHttpOnly.go:80:15:80:17 | val | provenance | |
| CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance | |
| CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance | |
| CookieWithoutHttpOnly.go:77:10:77:18 | "session" | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:80:15:80:17 | val | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance | |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance | |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance | |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance | |
| CookieWithoutHttpOnly.go:81:21:81:21 | c | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:81:21:81:21 | c | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:81:21:81:21 | c | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | provenance | |
@@ -159,51 +99,31 @@ edges
| CookieWithoutHttpOnly.go:85:9:85:13 | false | CookieWithoutHttpOnly.go:90:15:90:17 | val | provenance | |
| CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance | |
| CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance | |
| CookieWithoutHttpOnly.go:87:10:87:18 | "session" | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:90:15:90:17 | val | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance | |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance | |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance | |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance | |
| CookieWithoutHttpOnly.go:91:21:91:21 | c | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:91:21:91:21 | c | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:91:21:91:21 | c | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | provenance | |
| CookieWithoutHttpOnly.go:91:21:91:21 | c | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | provenance | |
| CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | CookieWithoutHttpOnly.go:100:21:100:21 | c | provenance | |
| CookieWithoutHttpOnly.go:99:15:99:19 | false | CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:100:20:100:21 | &... | CookieWithoutHttpOnly.go:100:21:100:21 | c | provenance | |
| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | CookieWithoutHttpOnly.go:100:21:100:21 | c | provenance | |
| CookieWithoutHttpOnly.go:100:21:100:21 | c | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:100:21:100:21 | c | CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | provenance | |
| CookieWithoutHttpOnly.go:104:10:104:18 | "session" | CookieWithoutHttpOnly.go:106:10:106:13 | name | provenance | |
| CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance | |
| CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance | |
| CookieWithoutHttpOnly.go:106:10:106:13 | name | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:109:15:109:19 | false | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance | |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance | |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance | |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance | |
| CookieWithoutHttpOnly.go:110:21:110:21 | c | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:110:21:110:21 | c | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:110:21:110:21 | c | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | provenance | |
@@ -211,20 +131,12 @@ edges
| CookieWithoutHttpOnly.go:114:13:114:24 | "login_name" | CookieWithoutHttpOnly.go:116:10:116:16 | session | provenance | |
| CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance | |
| CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance | |
| CookieWithoutHttpOnly.go:116:10:116:16 | session | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:119:15:119:19 | false | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance | |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance | |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance | |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance | |
| CookieWithoutHttpOnly.go:120:21:120:21 | c | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:120:21:120:21 | c | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | |
| CookieWithoutHttpOnly.go:120:21:120:21 | c | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | provenance | |
@@ -235,233 +147,83 @@ edges
| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | |
| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | |
| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | |
| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | |
| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | |
| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | |
| CookieWithoutHttpOnly.go:126:2:126:43 | ... := ...[0] | CookieWithoutHttpOnly.go:129:2:129:8 | session | provenance | |
| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:126:2:126:43 | ... := ...[0] | provenance | Config |
| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | |
| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | |
| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | |
| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | |
| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | |
| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | |
| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | |
| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | |
| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | |
| CookieWithoutHttpOnly.go:133:2:133:9 | definition of httpOnly | CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | provenance | |
| CookieWithoutHttpOnly.go:133:14:133:18 | false | CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | provenance | |
| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | |
| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | |
| CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | |
| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | |
| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | provenance | Config |
| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | |
| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | |
| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | |
| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | |
| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | |
| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | |
| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | |
| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | |
| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | |
| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | |
| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | |
| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | |
| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | |
| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | |
| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | |
| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | |
| CookieWithoutHttpOnly.go:137:2:137:8 | session | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:137:2:137:8 | session | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | Config |
| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | Config |
| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | Config |
| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | Config |
| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | provenance | |
| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | provenance | |
| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | provenance | |
| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | provenance | |
| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | |
| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | |
| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | |
| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | |
| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | provenance | Config |
| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | provenance | Config |
| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | provenance | Config |
| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | provenance | Config |
| CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | CookieWithoutHttpOnly.go:137:20:140:2 | &... | provenance | |
| CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | CookieWithoutHttpOnly.go:137:20:140:2 | &... | provenance | |
| CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | |
| CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | |
| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | |
| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | |
| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | provenance | Config |
| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | |
| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | |
| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | |
| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | |
| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | |
| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | |
| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | |
| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:149:2:149:8 | session | provenance | |
| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | |
| CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:149:2:149:8 | session | provenance | |
| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | |
| CookieWithoutHttpOnly.go:149:2:149:8 | session | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance | Config |
| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | session | provenance | Config |
| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] | provenance | |
| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] [pointer] | provenance | |
| CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | |
| CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | |
| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference [postupdate] | provenance | Config |
| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] | provenance | Config |
| CookieWithoutHttpOnly.go:149:21:151:2 | struct literal | CookieWithoutHttpOnly.go:149:20:151:2 | &... | provenance | |
| CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly | CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | provenance | |
| CookieWithoutHttpOnly.go:157:14:157:17 | true | CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | provenance | |
| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | |
| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | |
| CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | |
| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | |
| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | |
| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | |
| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | provenance | Config |
| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | |
| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | |
| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | |
| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | |
| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | |
| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | |
| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | |
| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | |
| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | |
| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | |
| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | |
| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | |
| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | |
| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | |
| CookieWithoutHttpOnly.go:161:2:161:8 | session | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:161:2:161:8 | session | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | Config |
| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | Config |
| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | Config |
| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | Config |
| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | provenance | |
| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | provenance | |
| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | provenance | |
| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | provenance | |
| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | |
| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | |
| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | |
| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | |
| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | provenance | Config |
| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | provenance | Config |
| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | provenance | Config |
| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | provenance | Config |
| CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | CookieWithoutHttpOnly.go:161:20:164:2 | &... | provenance | |
| CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | CookieWithoutHttpOnly.go:161:20:164:2 | &... | provenance | |
| CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:169:56:169:63 | argument corresponding to httpOnly | CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | provenance | |
| CookieWithoutHttpOnly.go:169:56:169:63 | definition of httpOnly | CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | provenance | |
| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | |
| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | |
| CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | |
| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | |
| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | |
| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | |
| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | |
| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | provenance | Config |
| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | |
| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | |
| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | |
| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | |
| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | |
| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | |
| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | |
| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | |
| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | |
| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | provenance | |
| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | |
| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | |
| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | |
| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | |
| CookieWithoutHttpOnly.go:173:2:173:8 | session | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:173:2:173:8 | session | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | |
| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | Config |
| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | Config |
| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | Config |
| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | Config |
| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | provenance | |
| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | provenance | |
| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | provenance | |
| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | provenance | |
| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | provenance | |
| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | |
| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | |
| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | |
| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | |
| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | provenance | Config |
| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | provenance | Config |
| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | provenance | Config |
| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | provenance | Config |
| CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | CookieWithoutHttpOnly.go:173:20:176:2 | &... | provenance | |
| CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | CookieWithoutHttpOnly.go:173:20:176:2 | &... | provenance | |
| CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | provenance | Config |
| CookieWithoutHttpOnly.go:183:2:183:43 | ... := ...[0] | CookieWithoutHttpOnly.go:191:19:191:25 | session | provenance | |
| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | |
| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | |
| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | |
| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | |
| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | |
| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:183:2:183:43 | ... := ...[0] | provenance | Config |
| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | |
| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | |
| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | |
| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | |
| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | |
| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | |
| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | |
| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | |
| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | |
| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | |
| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | |
| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | |
| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | |
| CookieWithoutHttpOnly.go:195:2:195:43 | ... := ...[0] | CookieWithoutHttpOnly.go:202:19:202:25 | session | provenance | |
| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | |
| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | |
| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | |
| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | |
| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | |
| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | |
| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | |
| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:195:2:195:43 | ... := ...[0] | provenance | Config |
| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | |
| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | |
| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | |
| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | |
| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | |
| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | |
| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | |
| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | |
| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | |
| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | |
| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | |
nodes
| CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | semmle.label | struct literal |
| CookieWithoutHttpOnly.go:12:10:12:18 | "session" | semmle.label | "session" |
| CookieWithoutHttpOnly.go:15:20:15:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:15:20:15:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | semmle.label | &... [pointer] |
| CookieWithoutHttpOnly.go:15:21:15:21 | c | semmle.label | c |
| CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | semmle.label | struct literal |
@@ -470,8 +232,6 @@ nodes
| CookieWithoutHttpOnly.go:22:13:22:17 | false | semmle.label | false |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | semmle.label | &... [pointer] |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | semmle.label | &... [pointer] |
| CookieWithoutHttpOnly.go:24:21:24:21 | c | semmle.label | c |
@@ -482,8 +242,6 @@ nodes
| CookieWithoutHttpOnly.go:31:13:31:16 | true | semmle.label | true |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | semmle.label | &... [pointer] |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | semmle.label | &... [pointer] |
| CookieWithoutHttpOnly.go:33:21:33:21 | c | semmle.label | c |
@@ -494,8 +252,6 @@ nodes
| CookieWithoutHttpOnly.go:41:15:41:18 | true | semmle.label | true |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | semmle.label | &... [pointer] |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | semmle.label | &... [pointer] |
| CookieWithoutHttpOnly.go:42:21:42:21 | c | semmle.label | c |
@@ -506,8 +262,6 @@ nodes
| CookieWithoutHttpOnly.go:50:15:50:19 | false | semmle.label | false |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | semmle.label | &... [pointer] |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | semmle.label | &... [pointer] |
| CookieWithoutHttpOnly.go:51:21:51:21 | c | semmle.label | c |
@@ -520,8 +274,6 @@ nodes
| CookieWithoutHttpOnly.go:59:13:59:15 | val | semmle.label | val |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | semmle.label | &... [pointer] |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | semmle.label | &... [pointer] |
| CookieWithoutHttpOnly.go:61:21:61:21 | c | semmle.label | c |
@@ -534,8 +286,6 @@ nodes
| CookieWithoutHttpOnly.go:69:13:69:15 | val | semmle.label | val |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | semmle.label | &... [pointer] |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | semmle.label | &... [pointer] |
| CookieWithoutHttpOnly.go:71:21:71:21 | c | semmle.label | c |
@@ -548,8 +298,6 @@ nodes
| CookieWithoutHttpOnly.go:80:15:80:17 | val | semmle.label | val |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | semmle.label | &... [pointer] |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | semmle.label | &... [pointer] |
| CookieWithoutHttpOnly.go:81:21:81:21 | c | semmle.label | c |
@@ -562,8 +310,6 @@ nodes
| CookieWithoutHttpOnly.go:90:15:90:17 | val | semmle.label | val |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | semmle.label | &... [pointer] |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | semmle.label | &... [pointer] |
| CookieWithoutHttpOnly.go:91:21:91:21 | c | semmle.label | c |
@@ -571,7 +317,6 @@ nodes
| CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | semmle.label | struct literal |
| CookieWithoutHttpOnly.go:99:15:99:19 | false | semmle.label | false |
| CookieWithoutHttpOnly.go:100:20:100:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:100:20:100:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | semmle.label | &... [pointer] |
| CookieWithoutHttpOnly.go:100:21:100:21 | c | semmle.label | c |
| CookieWithoutHttpOnly.go:104:10:104:18 | "session" | semmle.label | "session" |
@@ -581,8 +326,6 @@ nodes
| CookieWithoutHttpOnly.go:109:15:109:19 | false | semmle.label | false |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | semmle.label | &... [pointer] |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | semmle.label | &... [pointer] |
| CookieWithoutHttpOnly.go:110:21:110:21 | c | semmle.label | c |
@@ -594,8 +337,6 @@ nodes
| CookieWithoutHttpOnly.go:119:15:119:19 | false | semmle.label | false |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | semmle.label | &... [pointer] |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | semmle.label | &... [pointer] |
| CookieWithoutHttpOnly.go:120:21:120:21 | c | semmle.label | c |
@@ -606,20 +347,14 @@ nodes
| CookieWithoutHttpOnly.go:129:2:129:8 | session | semmle.label | session |
| CookieWithoutHttpOnly.go:133:2:133:9 | definition of httpOnly | semmle.label | definition of httpOnly |
| CookieWithoutHttpOnly.go:133:14:133:18 | false | semmle.label | false |
| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | semmle.label | definition of session [pointer] |
| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | semmle.label | definition of session [pointer] |
| CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | semmle.label | ... := ...[0] |
| CookieWithoutHttpOnly.go:134:16:134:20 | store | semmle.label | store |
| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | semmle.label | implicit dereference |
| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | semmle.label | implicit dereference |
| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | semmle.label | session [pointer] |
| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | semmle.label | session [pointer] |
| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | semmle.label | implicit dereference |
| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | semmle.label | implicit dereference |
| CookieWithoutHttpOnly.go:137:2:137:8 | session | semmle.label | session |
| CookieWithoutHttpOnly.go:137:2:137:8 | session | semmle.label | session |
| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | semmle.label | session [pointer] |
| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | semmle.label | session [pointer] |
| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | semmle.label | session [postupdate] |
| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | semmle.label | session [postupdate] |
| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] |
| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] |
| CookieWithoutHttpOnly.go:137:20:140:2 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:137:20:140:2 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | semmle.label | struct literal |
@@ -628,34 +363,25 @@ nodes
| CookieWithoutHttpOnly.go:142:2:142:8 | session | semmle.label | session |
| CookieWithoutHttpOnly.go:142:2:142:8 | session | semmle.label | session |
| CookieWithoutHttpOnly.go:142:2:142:8 | session | semmle.label | session |
| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | semmle.label | definition of session [pointer] |
| CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | semmle.label | ... := ...[0] |
| CookieWithoutHttpOnly.go:146:16:146:20 | store | semmle.label | store |
| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | semmle.label | implicit dereference |
| CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] | semmle.label | session [pointer] |
| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | semmle.label | implicit dereference |
| CookieWithoutHttpOnly.go:149:2:149:8 | session | semmle.label | session |
| CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | semmle.label | session [pointer] |
| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
| CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] | semmle.label | session [postupdate] |
| CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] |
| CookieWithoutHttpOnly.go:149:20:151:2 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:149:21:151:2 | struct literal | semmle.label | struct literal |
| CookieWithoutHttpOnly.go:153:2:153:8 | session | semmle.label | session |
| CookieWithoutHttpOnly.go:153:2:153:8 | session | semmle.label | session |
| CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly | semmle.label | definition of httpOnly |
| CookieWithoutHttpOnly.go:157:14:157:17 | true | semmle.label | true |
| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | semmle.label | definition of session [pointer] |
| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | semmle.label | definition of session [pointer] |
| CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | semmle.label | ... := ...[0] |
| CookieWithoutHttpOnly.go:158:16:158:20 | store | semmle.label | store |
| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | semmle.label | implicit dereference |
| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | semmle.label | implicit dereference |
| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | semmle.label | session [pointer] |
| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | semmle.label | session [pointer] |
| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | semmle.label | implicit dereference |
| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | semmle.label | implicit dereference |
| CookieWithoutHttpOnly.go:161:2:161:8 | session | semmle.label | session |
| CookieWithoutHttpOnly.go:161:2:161:8 | session | semmle.label | session |
| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | semmle.label | session [pointer] |
| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | semmle.label | session [pointer] |
| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | semmle.label | session [postupdate] |
| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | semmle.label | session [postupdate] |
| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] |
| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] |
| CookieWithoutHttpOnly.go:161:20:164:2 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:161:20:164:2 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | semmle.label | struct literal |
@@ -666,20 +392,14 @@ nodes
| CookieWithoutHttpOnly.go:166:2:166:8 | session | semmle.label | session |
| CookieWithoutHttpOnly.go:169:56:169:63 | argument corresponding to httpOnly | semmle.label | argument corresponding to httpOnly |
| CookieWithoutHttpOnly.go:169:56:169:63 | definition of httpOnly | semmle.label | definition of httpOnly |
| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | semmle.label | definition of session [pointer] |
| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | semmle.label | definition of session [pointer] |
| CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | semmle.label | ... := ...[0] |
| CookieWithoutHttpOnly.go:170:16:170:20 | store | semmle.label | store |
| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | semmle.label | implicit dereference |
| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | semmle.label | implicit dereference |
| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | semmle.label | session [pointer] |
| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | semmle.label | session [pointer] |
| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | semmle.label | implicit dereference |
| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | semmle.label | implicit dereference |
| CookieWithoutHttpOnly.go:173:2:173:8 | session | semmle.label | session |
| CookieWithoutHttpOnly.go:173:2:173:8 | session | semmle.label | session |
| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | semmle.label | session [pointer] |
| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | semmle.label | session [pointer] |
| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | semmle.label | session [postupdate] |
| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | semmle.label | session [postupdate] |
| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] |
| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] |
| CookieWithoutHttpOnly.go:173:20:176:2 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:173:20:176:2 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | semmle.label | struct literal |
@@ -690,11 +410,9 @@ nodes
| CookieWithoutHttpOnly.go:178:2:178:8 | session | semmle.label | session |
| CookieWithoutHttpOnly.go:183:2:183:43 | ... := ...[0] | semmle.label | ... := ...[0] |
| CookieWithoutHttpOnly.go:183:16:183:20 | store | semmle.label | store |
| CookieWithoutHttpOnly.go:191:2:191:6 | store | semmle.label | store |
| CookieWithoutHttpOnly.go:191:19:191:25 | session | semmle.label | session |
| CookieWithoutHttpOnly.go:195:2:195:43 | ... := ...[0] | semmle.label | ... := ...[0] |
| CookieWithoutHttpOnly.go:195:16:195:20 | store | semmle.label | store |
| CookieWithoutHttpOnly.go:202:2:202:6 | store | semmle.label | store |
| CookieWithoutHttpOnly.go:202:19:202:25 | session | semmle.label | session |
| CookieWithoutHttpOnly.go:214:66:214:70 | false | semmle.label | false |
subpaths

4
go/ql/test/experimental/CWE-321-V2/HardCodedKeys.expected
View File

@@ -1,16 +1,12 @@
edges
| go-jose.v3.go:13:14:13:34 | type conversion | go-jose.v3.go:24:32:24:37 | JwtKey | provenance | |
| go-jose.v3.go:13:14:13:34 | type conversion | go-jose.v3.go:24:32:24:37 | JwtKey | provenance | |
| go-jose.v3.go:13:21:13:33 | "AllYourBase" | go-jose.v3.go:13:14:13:34 | type conversion | provenance | |
| go-jose.v3.go:24:32:24:37 | JwtKey | go-jose.v3.go:24:32:24:37 | JwtKey | provenance | |
| go-jose.v3.go:24:32:24:37 | JwtKey | go-jose.v3.go:24:32:24:37 | JwtKey | provenance | |
| golang-jwt-v5.go:19:15:19:35 | type conversion | golang-jwt-v5.go:27:9:27:15 | JwtKey1 | provenance | |
| golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | golang-jwt-v5.go:19:15:19:35 | type conversion | provenance | |
nodes
| go-jose.v3.go:13:14:13:34 | type conversion | semmle.label | type conversion |
| go-jose.v3.go:13:21:13:33 | "AllYourBase" | semmle.label | "AllYourBase" |
| go-jose.v3.go:24:32:24:37 | JwtKey | semmle.label | JwtKey |
| go-jose.v3.go:24:32:24:37 | JwtKey | semmle.label | JwtKey |
| golang-jwt-v5.go:19:15:19:35 | type conversion | semmle.label | type conversion |
| golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | semmle.label | "AllYourBase" |
| golang-jwt-v5.go:27:9:27:15 | JwtKey1 | semmle.label | JwtKey1 |

2
go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected
View File

@@ -68,9 +68,9 @@ edges
| test.go:91:15:91:26 | selection of Body | test.go:555:19:555:22 | definition of file | provenance | Src:MaD:1 |
| test.go:93:5:93:16 | selection of Body | test.go:580:9:580:12 | definition of file | provenance | Src:MaD:1 |
| test.go:128:20:128:27 | definition of filename | test.go:130:33:130:40 | filename | provenance | |
| test.go:128:20:128:27 | definition of filename | test.go:143:51:143:58 | filename | provenance | |
| test.go:130:2:130:41 | ... := ...[0] | test.go:132:12:132:12 | f | provenance | |
| test.go:130:33:130:40 | filename | test.go:130:2:130:41 | ... := ...[0] | provenance | Config |
| test.go:130:33:130:40 | filename | test.go:143:51:143:58 | filename | provenance | |
| test.go:132:3:132:19 | ... := ...[0] | test.go:134:37:134:38 | rc | provenance | |
| test.go:132:12:132:12 | f | test.go:132:3:132:19 | ... := ...[0] | provenance | MaD:4 |
| test.go:143:2:143:59 | ... := ...[0] | test.go:145:12:145:12 | f | provenance | |

16
go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected
View File

@@ -7,17 +7,14 @@ edges
| Dsn.go:28:11:28:110 | call to Sprintf | Dsn.go:29:29:29:33 | dbDSN | provenance | |
| Dsn.go:28:102:28:109 | index expression | Dsn.go:28:11:28:110 | []type{args} [array] | provenance | |
| Dsn.go:28:102:28:109 | index expression | Dsn.go:28:11:28:110 | call to Sprintf | provenance | FunctionModel |
| Dsn.go:62:2:62:4 | definition of cfg [pointer] | Dsn.go:63:9:63:11 | cfg [pointer] | provenance | |
| Dsn.go:62:2:62:4 | definition of cfg [pointer] | Dsn.go:67:102:67:104 | cfg [pointer] | provenance | |
| Dsn.go:63:9:63:11 | cfg [pointer] | Dsn.go:63:9:63:11 | implicit dereference | provenance | |
| Dsn.go:63:9:63:11 | implicit dereference | Dsn.go:62:2:62:4 | definition of cfg [pointer] | provenance | |
| Dsn.go:63:9:63:11 | implicit dereference | Dsn.go:67:102:67:108 | selection of dsn | provenance | |
| Dsn.go:63:9:63:11 | cfg [postupdate] [pointer] | Dsn.go:67:102:67:104 | cfg [pointer] | provenance | |
| Dsn.go:63:9:63:11 | implicit dereference [postupdate] | Dsn.go:63:9:63:11 | cfg [postupdate] [pointer] | provenance | |
| Dsn.go:63:9:63:11 | implicit dereference [postupdate] | Dsn.go:67:102:67:108 | selection of dsn | provenance | |
| Dsn.go:63:19:63:25 | selection of Args | Dsn.go:63:19:63:29 | slice expression | provenance | Src:MaD:1 |
| Dsn.go:63:19:63:29 | slice expression | Dsn.go:63:9:63:11 | implicit dereference | provenance | FunctionModel |
| Dsn.go:63:19:63:29 | slice expression | Dsn.go:63:9:63:11 | implicit dereference [postupdate] | provenance | FunctionModel |
| Dsn.go:67:11:67:109 | []type{args} [array] | Dsn.go:67:11:67:109 | call to Sprintf | provenance | MaD:2 |
| Dsn.go:67:11:67:109 | call to Sprintf | Dsn.go:68:29:68:33 | dbDSN | provenance | |
| Dsn.go:67:102:67:104 | cfg [pointer] | Dsn.go:67:102:67:104 | implicit dereference | provenance | |
| Dsn.go:67:102:67:104 | implicit dereference | Dsn.go:63:9:63:11 | implicit dereference | provenance | |
| Dsn.go:67:102:67:104 | implicit dereference | Dsn.go:67:102:67:108 | selection of dsn | provenance | |
| Dsn.go:67:102:67:108 | selection of dsn | Dsn.go:67:11:67:109 | []type{args} [array] | provenance | |
| Dsn.go:67:102:67:108 | selection of dsn | Dsn.go:67:11:67:109 | call to Sprintf | provenance | FunctionModel |
@@ -30,9 +27,8 @@ nodes
| Dsn.go:28:11:28:110 | call to Sprintf | semmle.label | call to Sprintf |
| Dsn.go:28:102:28:109 | index expression | semmle.label | index expression |
| Dsn.go:29:29:29:33 | dbDSN | semmle.label | dbDSN |
| Dsn.go:62:2:62:4 | definition of cfg [pointer] | semmle.label | definition of cfg [pointer] |
| Dsn.go:63:9:63:11 | cfg [pointer] | semmle.label | cfg [pointer] |
| Dsn.go:63:9:63:11 | implicit dereference | semmle.label | implicit dereference |
| Dsn.go:63:9:63:11 | cfg [postupdate] [pointer] | semmle.label | cfg [postupdate] [pointer] |
| Dsn.go:63:9:63:11 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
| Dsn.go:63:19:63:25 | selection of Args | semmle.label | selection of Args |
| Dsn.go:63:19:63:29 | slice expression | semmle.label | slice expression |
| Dsn.go:67:11:67:109 | []type{args} [array] | semmle.label | []type{args} [array] |

94
go/ql/test/experimental/CWE-918/SSRF.expected
View File

@@ -1,12 +1,13 @@
#select
| builtin.go:22:12:22:63 | call to Get | builtin.go:19:12:19:34 | call to FormValue | builtin.go:22:21:22:62 | ...+... | The URL of this request depends on a user-provided value. |
| builtin.go:88:12:88:53 | call to Dial | builtin.go:83:21:83:31 | call to Referer | builtin.go:88:27:88:40 | untrustedInput | The URL of this request depends on a user-provided value. |
| builtin.go:102:13:102:40 | call to DialConfig | builtin.go:97:21:97:31 | call to Referer | builtin.go:101:36:101:49 | untrustedInput | The URL of this request depends on a user-provided value. |
| builtin.go:114:3:114:39 | call to Dial | builtin.go:111:21:111:31 | call to Referer | builtin.go:114:15:114:28 | untrustedInput | The URL of this request depends on a user-provided value. |
| builtin.go:132:3:132:62 | call to DialContext | builtin.go:129:21:129:31 | call to Referer | builtin.go:132:38:132:51 | untrustedInput | The URL of this request depends on a user-provided value. |
| new-tests.go:31:2:31:58 | call to Get | new-tests.go:26:26:26:30 | &... | new-tests.go:31:11:31:57 | call to Sprintf | The URL of this request depends on a user-provided value. |
| new-tests.go:32:2:32:58 | call to Get | new-tests.go:26:26:26:30 | &... | new-tests.go:32:11:32:57 | call to Sprintf | The URL of this request depends on a user-provided value. |
| new-tests.go:35:3:35:59 | call to Get | new-tests.go:26:26:26:30 | &... | new-tests.go:35:12:35:58 | call to Sprintf | The URL of this request depends on a user-provided value. |
| builtin.go:23:12:23:63 | call to Get | builtin.go:20:12:20:34 | call to FormValue | builtin.go:23:21:23:62 | ...+... | The URL of this request depends on a user-provided value. |
| builtin.go:89:12:89:53 | call to Dial | builtin.go:84:21:84:31 | call to Referer | builtin.go:89:27:89:40 | untrustedInput | The URL of this request depends on a user-provided value. |
| builtin.go:103:13:103:40 | call to DialConfig | builtin.go:98:21:98:31 | call to Referer | builtin.go:102:36:102:49 | untrustedInput | The URL of this request depends on a user-provided value. |
| builtin.go:115:3:115:39 | call to Dial | builtin.go:112:21:112:31 | call to Referer | builtin.go:115:15:115:28 | untrustedInput | The URL of this request depends on a user-provided value. |
| builtin.go:133:3:133:62 | call to DialContext | builtin.go:130:21:130:31 | call to Referer | builtin.go:133:38:133:51 | untrustedInput | The URL of this request depends on a user-provided value. |
| builtin.go:156:12:156:33 | call to Get | builtin.go:151:16:151:36 | call to FormValue | builtin.go:156:21:156:32 | call to String | The URL of this request depends on a user-provided value. |
| new-tests.go:31:2:31:58 | call to Get | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:31:11:31:57 | call to Sprintf | The URL of this request depends on a user-provided value. |
| new-tests.go:32:2:32:58 | call to Get | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:32:11:32:57 | call to Sprintf | The URL of this request depends on a user-provided value. |
| new-tests.go:35:3:35:59 | call to Get | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:35:12:35:58 | call to Sprintf | The URL of this request depends on a user-provided value. |
| new-tests.go:47:2:47:47 | call to Get | new-tests.go:39:18:39:30 | call to Param | new-tests.go:47:11:47:46 | ...+... | The URL of this request depends on a user-provided value. |
| new-tests.go:50:2:50:47 | call to Get | new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... | The URL of this request depends on a user-provided value. |
| new-tests.go:68:2:68:58 | call to Get | new-tests.go:62:31:62:38 | selection of Body | new-tests.go:68:11:68:57 | call to Sprintf | The URL of this request depends on a user-provided value. |
@@ -17,14 +18,20 @@
| new-tests.go:88:2:88:47 | call to Get | new-tests.go:86:10:86:20 | call to Vars | new-tests.go:88:11:88:46 | ...+... | The URL of this request depends on a user-provided value. |
| new-tests.go:96:2:96:47 | call to Get | new-tests.go:95:18:95:45 | call to URLParam | new-tests.go:96:11:96:46 | ...+... | The URL of this request depends on a user-provided value. |
edges
| builtin.go:19:12:19:34 | call to FormValue | builtin.go:22:21:22:62 | ...+... | provenance | Src:MaD:7 |
| builtin.go:83:21:83:31 | call to Referer | builtin.go:88:27:88:40 | untrustedInput | provenance | Src:MaD:8 |
| builtin.go:97:21:97:31 | call to Referer | builtin.go:101:36:101:49 | untrustedInput | provenance | Src:MaD:8 |
| builtin.go:111:21:111:31 | call to Referer | builtin.go:114:15:114:28 | untrustedInput | provenance | Src:MaD:8 |
| builtin.go:129:21:129:31 | call to Referer | builtin.go:132:38:132:51 | untrustedInput | provenance | Src:MaD:8 |
| new-tests.go:26:26:26:30 | &... | new-tests.go:31:48:31:56 | selection of word | provenance | Src:MaD:3 |
| new-tests.go:26:26:26:30 | &... | new-tests.go:32:48:32:56 | selection of safe | provenance | Src:MaD:3 |
| new-tests.go:26:26:26:30 | &... | new-tests.go:35:49:35:57 | selection of word | provenance | Src:MaD:3 |
| builtin.go:20:12:20:34 | call to FormValue | builtin.go:23:21:23:62 | ...+... | provenance | Src:MaD:7 |
| builtin.go:84:21:84:31 | call to Referer | builtin.go:89:27:89:40 | untrustedInput | provenance | Src:MaD:8 |
| builtin.go:98:21:98:31 | call to Referer | builtin.go:102:36:102:49 | untrustedInput | provenance | Src:MaD:8 |
| builtin.go:112:21:112:31 | call to Referer | builtin.go:115:15:115:28 | untrustedInput | provenance | Src:MaD:8 |
| builtin.go:130:21:130:31 | call to Referer | builtin.go:133:38:133:51 | untrustedInput | provenance | Src:MaD:8 |
| builtin.go:151:16:151:36 | call to FormValue | builtin.go:154:13:154:22 | unsafehost | provenance | Src:MaD:7 |
| builtin.go:154:2:154:4 | implicit dereference [postupdate] | builtin.go:154:2:154:4 | url [postupdate] | provenance | |
| builtin.go:154:2:154:4 | url [postupdate] | builtin.go:156:21:156:23 | url | provenance | |
| builtin.go:154:13:154:22 | unsafehost | builtin.go:154:2:154:4 | implicit dereference [postupdate] | provenance | Config |
| builtin.go:154:13:154:22 | unsafehost | builtin.go:154:2:154:4 | url [postupdate] | provenance | Config |
| builtin.go:156:21:156:23 | url | builtin.go:156:21:156:32 | call to String | provenance | MaD:12 |
| new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:31:48:31:56 | selection of word | provenance | Src:MaD:3 |
| new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:32:48:32:56 | selection of safe | provenance | Src:MaD:3 |
| new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:35:49:35:57 | selection of word | provenance | Src:MaD:3 |
| new-tests.go:31:11:31:57 | []type{args} [array] | new-tests.go:31:11:31:57 | call to Sprintf | provenance | MaD:11 |
| new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | []type{args} [array] | provenance | |
| new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | call to Sprintf | provenance | FunctionModel |
@@ -37,11 +44,11 @@ edges
| new-tests.go:39:18:39:30 | call to Param | new-tests.go:47:11:47:46 | ...+... | provenance | Src:MaD:1 |
| new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... | provenance | Src:MaD:2 |
| new-tests.go:62:2:62:39 | ... := ...[0] | new-tests.go:63:17:63:23 | reqBody | provenance | |
| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] | provenance | Src:MaD:6 MaD:12 |
| new-tests.go:63:17:63:23 | reqBody | new-tests.go:63:26:63:30 | &... | provenance | MaD:10 |
| new-tests.go:63:26:63:30 | &... | new-tests.go:68:48:68:56 | selection of word | provenance | |
| new-tests.go:63:26:63:30 | &... | new-tests.go:69:48:69:56 | selection of safe | provenance | |
| new-tests.go:63:26:63:30 | &... | new-tests.go:74:49:74:57 | selection of word | provenance | |
| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] | provenance | Src:MaD:6 MaD:13 |
| new-tests.go:63:17:63:23 | reqBody | new-tests.go:63:26:63:30 | &... [postupdate] | provenance | MaD:10 |
| new-tests.go:63:26:63:30 | &... [postupdate] | new-tests.go:68:48:68:56 | selection of word | provenance | |
| new-tests.go:63:26:63:30 | &... [postupdate] | new-tests.go:69:48:69:56 | selection of safe | provenance | |
| new-tests.go:63:26:63:30 | &... [postupdate] | new-tests.go:74:49:74:57 | selection of word | provenance | |
| new-tests.go:68:11:68:57 | []type{args} [array] | new-tests.go:68:11:68:57 | call to Sprintf | provenance | MaD:11 |
| new-tests.go:68:48:68:56 | selection of word | new-tests.go:68:11:68:57 | []type{args} [array] | provenance | |
| new-tests.go:68:48:68:56 | selection of word | new-tests.go:68:11:68:57 | call to Sprintf | provenance | FunctionModel |
@@ -51,12 +58,12 @@ edges
| new-tests.go:74:12:74:58 | []type{args} [array] | new-tests.go:74:12:74:58 | call to Sprintf | provenance | MaD:11 |
| new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | []type{args} [array] | provenance | |
| new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | call to Sprintf | provenance | FunctionModel |
| new-tests.go:78:18:78:24 | selection of URL | new-tests.go:78:18:78:32 | call to Query | provenance | Src:MaD:9 MaD:13 |
| new-tests.go:78:18:78:32 | call to Query | new-tests.go:78:18:78:46 | call to Get | provenance | MaD:14 |
| new-tests.go:78:18:78:24 | selection of URL | new-tests.go:78:18:78:32 | call to Query | provenance | Src:MaD:9 MaD:14 |
| new-tests.go:78:18:78:32 | call to Query | new-tests.go:78:18:78:46 | call to Get | provenance | MaD:15 |
| new-tests.go:78:18:78:46 | call to Get | new-tests.go:79:11:79:46 | ...+... | provenance | |
| new-tests.go:81:18:81:67 | call to TrimPrefix | new-tests.go:82:11:82:46 | ...+... | provenance | |
| new-tests.go:81:37:81:43 | selection of URL | new-tests.go:81:37:81:48 | selection of Path | provenance | Src:MaD:9 |
| new-tests.go:81:37:81:48 | selection of Path | new-tests.go:81:18:81:67 | call to TrimPrefix | provenance | MaD:15 |
| new-tests.go:81:37:81:48 | selection of Path | new-tests.go:81:18:81:67 | call to TrimPrefix | provenance | MaD:16 |
| new-tests.go:86:10:86:20 | call to Vars | new-tests.go:88:11:88:46 | ...+... | provenance | Src:MaD:5 |
| new-tests.go:95:18:95:45 | call to URLParam | new-tests.go:96:11:96:46 | ...+... | provenance | Src:MaD:4 |
models
@@ -71,22 +78,29 @@ models
| 9 | Source: net/http; Request; true; URL; ; ; ; remote; manual |
| 10 | Summary: encoding/json; ; false; Unmarshal; ; ; Argument[0]; Argument[1]; taint; manual |
| 11 | Summary: fmt; ; false; Sprintf; ; ; Argument[1].ArrayElement; ReturnValue; taint; manual |
| 12 | Summary: io/ioutil; ; false; ReadAll; ; ; Argument[0]; ReturnValue[0]; taint; manual |
| 13 | Summary: net/url; URL; true; Query; ; ; Argument[receiver]; ReturnValue; taint; manual |
| 14 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
| 15 | Summary: strings; ; false; TrimPrefix; ; ; Argument[0]; ReturnValue; taint; manual |
| 12 | Summary: fmt; Stringer; true; String; ; ; Argument[receiver]; ReturnValue; taint; manual |
| 13 | Summary: io/ioutil; ; false; ReadAll; ; ; Argument[0]; ReturnValue[0]; taint; manual |
| 14 | Summary: net/url; URL; true; Query; ; ; Argument[receiver]; ReturnValue; taint; manual |
| 15 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
| 16 | Summary: strings; ; false; TrimPrefix; ; ; Argument[0]; ReturnValue; taint; manual |
nodes
| builtin.go:19:12:19:34 | call to FormValue | semmle.label | call to FormValue |
| builtin.go:22:21:22:62 | ...+... | semmle.label | ...+... |
| builtin.go:83:21:83:31 | call to Referer | semmle.label | call to Referer |
| builtin.go:88:27:88:40 | untrustedInput | semmle.label | untrustedInput |
| builtin.go:97:21:97:31 | call to Referer | semmle.label | call to Referer |
| builtin.go:101:36:101:49 | untrustedInput | semmle.label | untrustedInput |
| builtin.go:111:21:111:31 | call to Referer | semmle.label | call to Referer |
| builtin.go:114:15:114:28 | untrustedInput | semmle.label | untrustedInput |
| builtin.go:129:21:129:31 | call to Referer | semmle.label | call to Referer |
| builtin.go:132:38:132:51 | untrustedInput | semmle.label | untrustedInput |
| new-tests.go:26:26:26:30 | &... | semmle.label | &... |
| builtin.go:20:12:20:34 | call to FormValue | semmle.label | call to FormValue |
| builtin.go:23:21:23:62 | ...+... | semmle.label | ...+... |
| builtin.go:84:21:84:31 | call to Referer | semmle.label | call to Referer |
| builtin.go:89:27:89:40 | untrustedInput | semmle.label | untrustedInput |
| builtin.go:98:21:98:31 | call to Referer | semmle.label | call to Referer |
| builtin.go:102:36:102:49 | untrustedInput | semmle.label | untrustedInput |
| builtin.go:112:21:112:31 | call to Referer | semmle.label | call to Referer |
| builtin.go:115:15:115:28 | untrustedInput | semmle.label | untrustedInput |
| builtin.go:130:21:130:31 | call to Referer | semmle.label | call to Referer |
| builtin.go:133:38:133:51 | untrustedInput | semmle.label | untrustedInput |
| builtin.go:151:16:151:36 | call to FormValue | semmle.label | call to FormValue |
| builtin.go:154:2:154:4 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
| builtin.go:154:2:154:4 | url [postupdate] | semmle.label | url [postupdate] |
| builtin.go:154:13:154:22 | unsafehost | semmle.label | unsafehost |
| builtin.go:156:21:156:23 | url | semmle.label | url |
| builtin.go:156:21:156:32 | call to String | semmle.label | call to String |
| new-tests.go:26:26:26:30 | &... [postupdate] | semmle.label | &... [postupdate] |
| new-tests.go:31:11:31:57 | []type{args} [array] | semmle.label | []type{args} [array] |
| new-tests.go:31:11:31:57 | call to Sprintf | semmle.label | call to Sprintf |
| new-tests.go:31:48:31:56 | selection of word | semmle.label | selection of word |
@@ -103,7 +117,7 @@ nodes
| new-tests.go:62:2:62:39 | ... := ...[0] | semmle.label | ... := ...[0] |
| new-tests.go:62:31:62:38 | selection of Body | semmle.label | selection of Body |
| new-tests.go:63:17:63:23 | reqBody | semmle.label | reqBody |
| new-tests.go:63:26:63:30 | &... | semmle.label | &... |
| new-tests.go:63:26:63:30 | &... [postupdate] | semmle.label | &... [postupdate] |
| new-tests.go:68:11:68:57 | []type{args} [array] | semmle.label | []type{args} [array] |
| new-tests.go:68:11:68:57 | call to Sprintf | semmle.label | call to Sprintf |
| new-tests.go:68:48:68:56 | selection of word | semmle.label | selection of word |

4
go/ql/test/experimental/CWE-918/SSRF.qlref
View File

@@ -1,2 +1,4 @@
query: experimental/CWE-918/SSRF.ql
postprocess: utils/test/PrettyPrintModels.ql
postprocess:
- utils/test/PrettyPrintModels.ql
- utils/test/InlineExpectationsTestQuery.ql

36
go/ql/test/experimental/CWE-918/builtin.go
View File

@@ -8,6 +8,7 @@ import (
"fmt"
"log"
"net/http"
"net/url"
"regexp"
"strings"
@@ -16,10 +17,10 @@ import (
)
func handler(w http.ResponseWriter, req *http.Request) {
target := req.FormValue("target")
target := req.FormValue("target") // $ Source
// BAD: `target` is controlled by the attacker
_, err := http.Get("https://" + target + ".example.com/data/")
_, err := http.Get("https://" + target + ".example.com/data/") // $ Alert
if err != nil {
// error handling
}
@@ -80,12 +81,12 @@ func test() {
// x net websocket dial bad
http.HandleFunc("/ex2", func(w http.ResponseWriter, r *http.Request) {
untrustedInput := r.Referer()
untrustedInput := r.Referer() // $ Source
origin := "http://localhost/"
// bad as input is directly passed to dial function
ws, _ := websocket.Dial(untrustedInput, "", origin) // SSRF
ws, _ := websocket.Dial(untrustedInput, "", origin) // $ Alert
var msg = make([]byte, 512)
var n int
n, _ = ws.Read(msg)
@@ -94,12 +95,12 @@ func test() {
// x net websocket dialConfig bad
http.HandleFunc("/ex3", func(w http.ResponseWriter, r *http.Request) {
untrustedInput := r.Referer()
untrustedInput := r.Referer() // $ Source
origin := "http://localhost/"
// bad as input is directly used
config, _ := websocket.NewConfig(untrustedInput, origin) // SSRF
ws2, _ := websocket.DialConfig(config)
config, _ := websocket.NewConfig(untrustedInput, origin) // $ Sink
ws2, _ := websocket.DialConfig(config) // $ Alert
var msg = make([]byte, 512)
var n int
n, _ = ws2.Read(msg)
@@ -108,10 +109,10 @@ func test() {
// gorilla websocket Dialer.Dial bad
http.HandleFunc("/ex6", func(w http.ResponseWriter, r *http.Request) {
untrustedInput := r.Referer()
untrustedInput := r.Referer() // $ Source
dialer := gorilla.Dialer{}
dialer.Dial(untrustedInput, r.Header) //SSRF
dialer.Dial(untrustedInput, r.Header) // $ Alert
})
// gorilla websocket Dialer.Dial good
@@ -126,10 +127,10 @@ func test() {
// gorilla websocket Dialer.DialContext bad
http.HandleFunc("/ex8", func(w http.ResponseWriter, r *http.Request) {
untrustedInput := r.Referer()
untrustedInput := r.Referer() // $ Source
dialer := gorilla.Dialer{}
dialer.DialContext(context.TODO(), untrustedInput, r.Header) //SSRF
dialer.DialContext(context.TODO(), untrustedInput, r.Header) // $ Alert
})
// gorilla websocket Dialer.DialContext good
@@ -145,3 +146,16 @@ func test() {
log.Println(http.ListenAndServe(":80", nil))
}
func handler2(w http.ResponseWriter, req *http.Request) {
unsafehost := req.FormValue("host") // $ Source
url, _ := url.Parse("http://example.com/data")
url.Host = unsafehost
// BAD: `target` is controlled by the attacker
_, err := http.Get(url.String()) // $ Alert
if err != nil {
// error handling
}
// process request response
}

40
go/ql/test/experimental/CWE-918/new-tests.go
View File

@@ -23,20 +23,20 @@ func HandlerGin(c *gin.Context) {
safe string `binding:"alphanum"`
}
err := c.ShouldBindJSON(&body)
err := c.ShouldBindJSON(&body) // $ Source
http.Get(fmt.Sprintf("http://example.com/%d", body.integer)) // OK
http.Get(fmt.Sprintf("http://example.com/%v", body.float)) // OK
http.Get(fmt.Sprintf("http://example.com/%v", body.boolean)) // OK
http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // SSRF
http.Get(fmt.Sprintf("http://example.com/%s", body.safe)) // SSRF
http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // $ Alert
http.Get(fmt.Sprintf("http://example.com/%s", body.safe)) // $ Alert
if err == nil {
http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // SSRF
http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // $ Alert
http.Get(fmt.Sprintf("http://example.com/%s", body.safe)) // OK
}
taintedParam := c.Param("id")
taintedParam := c.Param("id") // $ Source
validate := validator.New()
err = validate.Var(taintedParam, "alpha")
@@ -44,10 +44,10 @@ func HandlerGin(c *gin.Context) {
http.Get("http://example.com/" + taintedParam) // OK
}
http.Get("http://example.com/" + taintedParam) //SSRF
http.Get("http://example.com/" + taintedParam) // $ Alert
taintedQuery := c.Query("id")
http.Get("http://example.com/" + taintedQuery) //SSRF
taintedQuery := c.Query("id") // $ Source
http.Get("http://example.com/" + taintedQuery) // $ Alert
}
func HandlerHttp(req *http.Request) {
@@ -59,41 +59,41 @@ func HandlerHttp(req *http.Request) {
word string
safe string `validate:"alphanum"`
}
reqBody, _ := ioutil.ReadAll(req.Body)
reqBody, _ := ioutil.ReadAll(req.Body) // $ Source
json.Unmarshal(reqBody, &body)
http.Get(fmt.Sprintf("http://example.com/%d", body.integer)) // OK
http.Get(fmt.Sprintf("http://example.com/%v", body.float)) // OK
http.Get(fmt.Sprintf("http://example.com/%v", body.boolean)) // OK
http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // SSRF
http.Get(fmt.Sprintf("http://example.com/%s", body.safe)) // SSRF
http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // $ Alert
http.Get(fmt.Sprintf("http://example.com/%s", body.safe)) // $ Alert
validate := validator.New()
err := validate.Struct(body)
if err == nil {
http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // SSRF
http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // $ Alert
http.Get(fmt.Sprintf("http://example.com/%s", body.safe)) // OK
}
taintedQuery := req.URL.Query().Get("param1")
http.Get("http://example.com/" + taintedQuery) // SSRF
taintedQuery := req.URL.Query().Get("param1") // $ Source
http.Get("http://example.com/" + taintedQuery) // $ Alert
taintedParam := strings.TrimPrefix(req.URL.Path, "/example-path/")
http.Get("http://example.com/" + taintedParam) // SSRF
taintedParam := strings.TrimPrefix(req.URL.Path, "/example-path/") // $ Source
http.Get("http://example.com/" + taintedParam) // $ Alert
}
func HandlerMux(r *http.Request) {
vars := mux.Vars(r)
vars := mux.Vars(r) // $ Source
taintedParam := vars["id"]
http.Get("http://example.com/" + taintedParam) // SSRF
http.Get("http://example.com/" + taintedParam) // $ Alert
numericID, _ := strconv.Atoi(taintedParam)
http.Get(fmt.Sprintf("http://example.com/%d", numericID)) // OK
}
func HandlerChi(r *http.Request) {
taintedParam := chi.URLParam(r, "articleID")
http.Get("http://example.com/" + taintedParam) // SSRF
taintedParam := chi.URLParam(r, "articleID") // $ Source
http.Get("http://example.com/" + taintedParam) // $ Alert
b, _ := strconv.ParseBool(taintedParam)
http.Get(fmt.Sprintf("http://example.com/%t", b)) // OK

14
go/ql/test/library-tests/semmle/go/dataflow/ChannelField/test.expected
View File

@@ -1,22 +1,14 @@
invalidModelRow
edges
| test.go:9:9:9:11 | selection of c [collection] | test.go:9:7:9:11 | <-... | provenance | |
| test.go:13:16:13:16 | definition of s [pointer, c, collection] | test.go:16:2:16:2 | s [pointer, c, collection] | provenance | |
| test.go:15:10:15:17 | call to source | test.go:16:9:16:12 | data | provenance | |
| test.go:16:2:16:2 | implicit dereference [c, collection] | test.go:13:16:13:16 | definition of s [pointer, c, collection] | provenance | |
| test.go:16:2:16:2 | implicit dereference [c, collection] | test.go:16:2:16:4 | selection of c [collection] | provenance | |
| test.go:16:2:16:2 | s [pointer, c, collection] | test.go:16:2:16:2 | implicit dereference [c, collection] | provenance | |
| test.go:16:2:16:4 | selection of c [collection] | test.go:9:9:9:11 | selection of c [collection] | provenance | |
| test.go:16:2:16:4 | selection of c [collection] | test.go:16:2:16:2 | implicit dereference [c, collection] | provenance | |
| test.go:16:9:16:12 | data | test.go:16:2:16:4 | selection of c [collection] | provenance | |
| test.go:16:2:16:4 | selection of c [postupdate] [collection] | test.go:9:9:9:11 | selection of c [collection] | provenance | |
| test.go:16:9:16:12 | data | test.go:16:2:16:4 | selection of c [postupdate] [collection] | provenance | |
nodes
| test.go:9:7:9:11 | <-... | semmle.label | <-... |
| test.go:9:9:9:11 | selection of c [collection] | semmle.label | selection of c [collection] |
| test.go:13:16:13:16 | definition of s [pointer, c, collection] | semmle.label | definition of s [pointer, c, collection] |
| test.go:15:10:15:17 | call to source | semmle.label | call to source |
| test.go:16:2:16:2 | implicit dereference [c, collection] | semmle.label | implicit dereference [c, collection] |
| test.go:16:2:16:2 | s [pointer, c, collection] | semmle.label | s [pointer, c, collection] |
| test.go:16:2:16:4 | selection of c [collection] | semmle.label | selection of c [collection] |
| test.go:16:2:16:4 | selection of c [postupdate] [collection] | semmle.label | selection of c [postupdate] [collection] |
| test.go:16:9:16:12 | data | semmle.label | data |
subpaths
#select

30
go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected
View File

@@ -4,27 +4,27 @@ models
| 3 | Summary: io; Reader; true; Read; ; ; Argument[receiver]; Argument[0]; taint; manual |
| 4 | Summary: os; File; true; Read; ; ; Argument[receiver]; Argument[0]; taint; manual |
edges
| Builtin.go:6:2:6:2 | definition of b | Builtin.go:8:9:8:17 | type conversion | provenance | |
| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | Src:MaD:1 MaD:2 |
| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | Src:MaD:1 MaD:3 |
| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | Src:MaD:1 MaD:4 |
| Builtin.go:12:2:12:2 | definition of b | Builtin.go:17:9:17:17 | type conversion | provenance | |
| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:12:2:12:2 | definition of b | provenance | Src:MaD:1 MaD:2 |
| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:12:2:12:2 | definition of b | provenance | Src:MaD:1 MaD:3 |
| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:12:2:12:2 | definition of b | provenance | Src:MaD:1 MaD:4 |
| Builtin.go:21:2:21:2 | definition of b | Builtin.go:24:10:24:18 | type conversion | provenance | |
| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:21:2:21:2 | definition of b | provenance | Src:MaD:1 MaD:2 |
| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:21:2:21:2 | definition of b | provenance | Src:MaD:1 MaD:3 |
| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:21:2:21:2 | definition of b | provenance | Src:MaD:1 MaD:4 |
| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:7:22:7:22 | b [postupdate] | provenance | Src:MaD:1 MaD:2 |
| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:7:22:7:22 | b [postupdate] | provenance | Src:MaD:1 MaD:3 |
| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:7:22:7:22 | b [postupdate] | provenance | Src:MaD:1 MaD:4 |
| Builtin.go:7:22:7:22 | b [postupdate] | Builtin.go:8:9:8:17 | type conversion | provenance | |
| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:13:22:13:22 | b [postupdate] | provenance | Src:MaD:1 MaD:2 |
| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:13:22:13:22 | b [postupdate] | provenance | Src:MaD:1 MaD:3 |
| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:13:22:13:22 | b [postupdate] | provenance | Src:MaD:1 MaD:4 |
| Builtin.go:13:22:13:22 | b [postupdate] | Builtin.go:17:9:17:17 | type conversion | provenance | |
| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:22:22:22:22 | b [postupdate] | provenance | Src:MaD:1 MaD:2 |
| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:22:22:22:22 | b [postupdate] | provenance | Src:MaD:1 MaD:3 |
| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:22:22:22:22 | b [postupdate] | provenance | Src:MaD:1 MaD:4 |
| Builtin.go:22:22:22:22 | b [postupdate] | Builtin.go:24:10:24:18 | type conversion | provenance | |
nodes
| Builtin.go:6:2:6:2 | definition of b | semmle.label | definition of b |
| Builtin.go:7:2:7:15 | selection of Body | semmle.label | selection of Body |
| Builtin.go:7:22:7:22 | b [postupdate] | semmle.label | b [postupdate] |
| Builtin.go:8:9:8:17 | type conversion | semmle.label | type conversion |
| Builtin.go:12:2:12:2 | definition of b | semmle.label | definition of b |
| Builtin.go:13:2:13:15 | selection of Body | semmle.label | selection of Body |
| Builtin.go:13:22:13:22 | b [postupdate] | semmle.label | b [postupdate] |
| Builtin.go:17:9:17:17 | type conversion | semmle.label | type conversion |
| Builtin.go:21:2:21:2 | definition of b | semmle.label | definition of b |
| Builtin.go:22:2:22:15 | selection of Body | semmle.label | selection of Body |
| Builtin.go:22:22:22:22 | b [postupdate] | semmle.label | b [postupdate] |
| Builtin.go:24:10:24:18 | type conversion | semmle.label | type conversion |
subpaths
#select

2
go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected
View File

@@ -1,6 +1,5 @@
invalidModelRow
#select
| test.go:10:6:10:8 | definition of arg | qltest-arg |
| test.go:39:8:39:15 | call to Src1 | qltest |
| test.go:40:8:40:15 | call to Src2 | qltest |
| test.go:40:8:40:15 | call to Src2 | qltest-w-subtypes |
@@ -8,6 +7,7 @@ invalidModelRow
| test.go:42:2:42:21 | ... = ...[0] | qltest |
| test.go:42:2:42:21 | ... = ...[1] | qltest-w-subtypes |
| test.go:43:2:43:22 | ... = ...[1] | qltest-w-subtypes |
| test.go:44:11:44:13 | arg [postupdate] | qltest-arg |
| test.go:59:9:59:16 | call to Src1 | qltest |
| test.go:102:46:102:53 | call to Src1 | qltest |
| test.go:112:35:112:42 | call to Src1 | qltest |

14
go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/steps.expected
View File

@@ -2,18 +2,18 @@ invalidModelRow
#select
| test.go:17:23:17:25 | arg | test.go:17:10:17:26 | call to StepArgRes |
| test.go:18:27:18:29 | arg | test.go:18:2:18:30 | ... = ...[1] |
| test.go:19:15:19:17 | arg | test.go:11:6:11:9 | definition of arg1 |
| test.go:21:16:21:18 | arg | test.go:13:6:13:6 | definition of t |
| test.go:19:15:19:17 | arg | test.go:19:20:19:23 | arg1 [postupdate] |
| test.go:21:16:21:18 | arg | test.go:21:2:21:2 | t [postupdate] |
| test.go:22:10:22:10 | t | test.go:22:10:22:24 | call to StepQualRes |
| test.go:23:2:23:2 | t | test.go:10:6:10:8 | definition of arg |
| test.go:23:2:23:2 | t | test.go:23:16:23:18 | arg [postupdate] |
| test.go:24:32:24:34 | arg | test.go:24:10:24:35 | call to StepArgResNoQual |
| test.go:61:25:61:27 | src | test.go:61:12:61:28 | call to StepArgRes |
| test.go:64:29:64:31 | src | test.go:64:2:64:32 | ... := ...[1] |
| test.go:68:15:68:17 | src | test.go:67:6:67:11 | definition of taint3 |
| test.go:76:21:76:23 | src | test.go:75:6:75:11 | definition of taint4 |
| test.go:68:15:68:17 | src | test.go:68:20:68:25 | taint3 [postupdate] |
| test.go:76:21:76:23 | src | test.go:76:2:76:7 | taint4 [postupdate] |
| test.go:79:13:79:25 | type assertion | test.go:79:12:79:40 | call to StepQualRes |
| test.go:83:3:83:15 | type assertion | test.go:82:6:82:11 | definition of taint6 |
| test.go:83:3:83:15 | type assertion | test.go:83:30:83:35 | taint6 [postupdate] |
| test.go:86:34:86:36 | src | test.go:86:12:86:37 | call to StepArgResNoQual |
| test.go:149:10:149:27 | []type{args} | test.go:149:10:149:27 | call to append |
| test.go:149:17:149:21 | slice | test.go:149:10:149:27 | call to append |
| test.go:155:15:155:20 | slice1 | test.go:154:2:154:7 | definition of slice2 |
| test.go:155:15:155:20 | slice1 | test.go:155:7:155:12 | slice2 [postupdate] |

2
go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go
View File

@@ -158,7 +158,7 @@ func simpleflow() {
ch := make(chan string)
ch <- a.Src1().(string)
taint16 := test.StepArgCollectionContentRes(ch)
b.Sink1(taint16) // $ MISSING: hasTaintFlow="taint16" // currently fails due to lack of post-update nodes after send statements
b.Sink1(taint16) // $ hasTaintFlow="taint16"
c1 := test.C{""}
c1.Set(a.Src1().(string))

2
go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected
View File

@@ -1,6 +1,5 @@
invalidModelRow
#select
| test.go:10:6:10:8 | definition of arg | qltest-arg |
| test.go:39:8:39:15 | call to Src1 | qltest |
| test.go:40:8:40:15 | call to Src2 | qltest |
| test.go:40:8:40:15 | call to Src2 | qltest-w-subtypes |
@@ -8,6 +7,7 @@ invalidModelRow
| test.go:42:2:42:21 | ... = ...[0] | qltest |
| test.go:42:2:42:21 | ... = ...[1] | qltest-w-subtypes |
| test.go:43:2:43:22 | ... = ...[1] | qltest-w-subtypes |
| test.go:44:11:44:13 | arg [postupdate] | qltest-arg |
| test.go:59:9:59:16 | call to Src1 | qltest |
| test.go:102:46:102:53 | call to Src1 | qltest |
| test.go:112:35:112:42 | call to Src1 | qltest |

12
go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.expected
View File

@@ -2,17 +2,17 @@ invalidModelRow
#select
| test.go:17:23:17:25 | arg | test.go:17:10:17:26 | call to StepArgRes |
| test.go:18:27:18:29 | arg | test.go:18:2:18:30 | ... = ...[1] |
| test.go:19:15:19:17 | arg | test.go:11:6:11:9 | definition of arg1 |
| test.go:21:16:21:18 | arg | test.go:13:6:13:6 | definition of t |
| test.go:19:15:19:17 | arg | test.go:19:20:19:23 | arg1 [postupdate] |
| test.go:21:16:21:18 | arg | test.go:21:2:21:2 | t [postupdate] |
| test.go:22:10:22:10 | t | test.go:22:10:22:24 | call to StepQualRes |
| test.go:23:2:23:2 | t | test.go:10:6:10:8 | definition of arg |
| test.go:23:2:23:2 | t | test.go:23:16:23:18 | arg [postupdate] |
| test.go:24:32:24:34 | arg | test.go:24:10:24:35 | call to StepArgResNoQual |
| test.go:61:25:61:27 | src | test.go:61:12:61:28 | call to StepArgRes |
| test.go:64:29:64:31 | src | test.go:64:2:64:32 | ... := ...[1] |
| test.go:68:15:68:17 | src | test.go:67:6:67:11 | definition of taint3 |
| test.go:76:21:76:23 | src | test.go:75:6:75:11 | definition of taint4 |
| test.go:68:15:68:17 | src | test.go:68:20:68:25 | taint3 [postupdate] |
| test.go:76:21:76:23 | src | test.go:76:2:76:7 | taint4 [postupdate] |
| test.go:79:13:79:25 | type assertion | test.go:79:12:79:40 | call to StepQualRes |
| test.go:83:3:83:15 | type assertion | test.go:82:6:82:11 | definition of taint6 |
| test.go:83:3:83:15 | type assertion | test.go:83:30:83:35 | taint6 [postupdate] |
| test.go:86:34:86:36 | src | test.go:86:12:86:37 | call to StepArgResNoQual |
| test.go:202:14:202:19 | srcInt | test.go:202:10:202:26 | call to max |
| test.go:202:22:202:22 | 0 | test.go:202:10:202:26 | call to max |

2
go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go
View File

@@ -158,7 +158,7 @@ func simpleflow() {
ch := make(chan string)
ch <- a.Src1().(string)
taint16 := test.StepArgCollectionContentRes(ch)
b.Sink1(taint16) // $ MISSING: hasValueFlow="taint16" // currently fails due to lack of post-update nodes after send statements
b.Sink1(taint16) // $ hasValueFlow="taint16"
c1 := test.C{""}
c1.Set(a.Src1().(string))

99
go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected
View File

@@ -49,21 +49,21 @@
| main.go:3:6:3:10 | function test1 | main.go:34:2:34:6 | test1 |
| main.go:3:12:3:12 | argument corresponding to x | main.go:3:12:3:12 | definition of x |
| main.go:3:12:3:12 | definition of x | main.go:5:5:5:5 | x |
| main.go:3:12:3:12 | definition of x | main.go:6:7:6:7 | x |
| main.go:3:12:3:12 | definition of x | main.go:8:8:8:8 | x |
| main.go:3:12:3:12 | definition of x | main.go:10:7:10:7 | x |
| main.go:3:12:3:12 | definition of x | main.go:10:22:10:22 | x |
| main.go:3:19:3:20 | argument corresponding to fn | main.go:3:19:3:20 | definition of fn |
| main.go:3:19:3:20 | definition of fn | main.go:10:24:10:25 | fn |
| main.go:6:3:6:3 | definition of y | main.go:10:2:10:2 | y = phi(def@6:3, def@8:3) |
| main.go:5:5:5:5 | x | main.go:6:7:6:7 | x |
| main.go:5:5:5:5 | x | main.go:8:8:8:8 | x |
| main.go:6:3:6:3 | definition of y | main.go:10:12:10:12 | y |
| main.go:6:7:6:7 | x | main.go:6:3:6:3 | definition of y |
| main.go:8:3:8:3 | definition of y | main.go:10:2:10:2 | y = phi(def@6:3, def@8:3) |
| main.go:6:7:6:7 | x | main.go:10:7:10:7 | x |
| main.go:8:3:8:3 | definition of y | main.go:10:12:10:12 | y |
| main.go:8:7:8:8 | -... | main.go:8:3:8:3 | definition of y |
| main.go:8:8:8:8 | x | main.go:10:7:10:7 | x |
| main.go:10:2:10:2 | definition of z | main.go:11:14:11:14 | z |
| main.go:10:2:10:2 | y = phi(def@6:3, def@8:3) | main.go:10:12:10:12 | y |
| main.go:10:2:10:2 | y = phi(def@6:3, def@8:3) | main.go:10:17:10:17 | y |
| main.go:10:7:10:7 | x | main.go:10:22:10:22 | x |
| main.go:10:7:10:12 | ...<=... | main.go:10:7:10:27 | ...&&... |
| main.go:10:7:10:27 | ...&&... | main.go:10:2:10:2 | definition of z |
| main.go:10:12:10:12 | y | main.go:10:17:10:17 | y |
| main.go:10:17:10:27 | ...>=... | main.go:10:7:10:27 | ...&&... |
| main.go:11:14:11:14 | z | main.go:11:9:11:15 | type conversion |
| main.go:14:6:14:10 | function test2 | main.go:34:8:34:12 | test2 |
@@ -84,50 +84,54 @@
| main.go:26:5:26:6 | definition of ok | main.go:27:5:27:6 | ok |
| main.go:26:11:26:11 | x | main.go:26:2:26:17 | ... := ...[0] |
| main.go:38:2:38:2 | definition of s | main.go:39:15:39:15 | s |
| main.go:38:2:38:2 | definition of s | main.go:40:15:40:15 | s |
| main.go:38:2:38:2 | definition of s | main.go:42:7:42:7 | s |
| main.go:38:7:38:20 | slice literal | main.go:38:2:38:2 | definition of s |
| main.go:38:7:38:20 | slice literal [postupdate] | main.go:38:2:38:2 | definition of s |
| main.go:39:2:39:3 | definition of s1 | main.go:40:18:40:19 | s1 |
| main.go:39:8:39:25 | call to append | main.go:39:2:39:3 | definition of s1 |
| main.go:39:15:39:15 | s | main.go:40:15:40:15 | s |
| main.go:39:15:39:15 | s [postupdate] | main.go:40:15:40:15 | s |
| main.go:40:2:40:3 | definition of s2 | main.go:43:9:43:10 | s2 |
| main.go:40:8:40:23 | call to append | main.go:40:2:40:3 | definition of s2 |
| main.go:40:15:40:15 | s | main.go:42:7:42:7 | s |
| main.go:40:15:40:15 | s [postupdate] | main.go:42:7:42:7 | s |
| main.go:41:2:41:3 | definition of s4 | main.go:42:10:42:11 | s4 |
| main.go:41:8:41:21 | call to make | main.go:41:2:41:3 | definition of s4 |
| main.go:46:13:46:14 | argument corresponding to xs | main.go:46:13:46:14 | definition of xs |
| main.go:46:13:46:14 | definition of xs | main.go:47:20:47:21 | xs |
| main.go:46:24:46:27 | definition of keys | main.go:47:20:47:21 | keys = phi(def@46:24, def@49:3) |
| main.go:46:24:46:27 | definition of keys | main.go:46:24:46:27 | implicit read of keys |
| main.go:46:24:46:27 | definition of keys | main.go:49:3:49:6 | keys |
| main.go:46:24:46:27 | zero value for keys | main.go:46:24:46:27 | definition of keys |
| main.go:46:34:46:37 | definition of vals | main.go:47:20:47:21 | vals = phi(def@46:34, def@48:3) |
| main.go:46:34:46:37 | definition of vals | main.go:46:34:46:37 | implicit read of vals |
| main.go:46:34:46:37 | definition of vals | main.go:48:3:48:6 | vals |
| main.go:46:34:46:37 | zero value for vals | main.go:46:34:46:37 | definition of vals |
| main.go:47:2:50:2 | range statement[0] | main.go:47:6:47:6 | definition of k |
| main.go:47:2:50:2 | range statement[1] | main.go:47:9:47:9 | definition of v |
| main.go:47:6:47:6 | definition of k | main.go:49:11:49:11 | k |
| main.go:47:9:47:9 | definition of v | main.go:48:11:48:11 | v |
| main.go:47:20:47:21 | keys = phi(def@46:24, def@49:3) | main.go:46:24:46:27 | implicit read of keys |
| main.go:47:20:47:21 | keys = phi(def@46:24, def@49:3) | main.go:49:3:49:6 | keys |
| main.go:47:20:47:21 | vals = phi(def@46:34, def@48:3) | main.go:46:34:46:37 | implicit read of vals |
| main.go:47:20:47:21 | vals = phi(def@46:34, def@48:3) | main.go:48:3:48:6 | vals |
| main.go:48:3:48:6 | definition of vals | main.go:47:20:47:21 | vals = phi(def@46:34, def@48:3) |
| main.go:48:3:48:6 | definition of vals | main.go:46:34:46:37 | implicit read of vals |
| main.go:48:3:48:6 | definition of vals | main.go:48:3:48:6 | vals |
| main.go:48:3:48:11 | ... += ... | main.go:48:3:48:6 | definition of vals |
| main.go:49:3:49:6 | definition of keys | main.go:47:20:47:21 | keys = phi(def@46:24, def@49:3) |
| main.go:49:3:49:6 | definition of keys | main.go:46:24:46:27 | implicit read of keys |
| main.go:49:3:49:6 | definition of keys | main.go:49:3:49:6 | keys |
| main.go:49:3:49:11 | ... += ... | main.go:49:3:49:6 | definition of keys |
| main.go:55:6:55:7 | definition of ch | main.go:56:2:56:3 | ch |
| main.go:55:6:55:7 | definition of ch | main.go:57:4:57:5 | ch |
| main.go:55:6:55:7 | zero value for ch | main.go:55:6:55:7 | definition of ch |
| main.go:56:2:56:3 | ch | main.go:57:4:57:5 | ch |
| main.go:56:2:56:3 | ch [postupdate] | main.go:57:4:57:5 | ch |
| main.go:61:2:61:2 | definition of x | main.go:64:11:64:11 | x |
| main.go:61:2:61:2 | definition of x | main.go:65:11:65:11 | x |
| main.go:61:7:61:7 | 1 | main.go:61:2:61:2 | definition of x |
| main.go:62:2:62:2 | definition of y | main.go:64:14:64:14 | y |
| main.go:62:2:62:2 | definition of y | main.go:65:14:65:14 | y |
| main.go:62:7:62:7 | 2 | main.go:62:2:62:2 | definition of y |
| main.go:63:2:63:2 | definition of z | main.go:64:17:64:17 | z |
| main.go:63:2:63:2 | definition of z | main.go:65:17:65:17 | z |
| main.go:63:7:63:7 | 3 | main.go:63:2:63:2 | definition of z |
| main.go:64:2:64:2 | definition of a | main.go:66:9:66:9 | a |
| main.go:64:7:64:18 | call to min | main.go:64:2:64:2 | definition of a |
| main.go:64:11:64:11 | x | main.go:64:7:64:18 | call to min |
| main.go:64:11:64:11 | x | main.go:65:11:65:11 | x |
| main.go:64:14:64:14 | y | main.go:64:7:64:18 | call to min |
| main.go:64:14:64:14 | y | main.go:65:14:65:14 | y |
| main.go:64:17:64:17 | z | main.go:64:7:64:18 | call to min |
| main.go:64:17:64:17 | z | main.go:65:17:65:17 | z |
| main.go:65:2:65:2 | definition of b | main.go:66:12:66:12 | b |
| main.go:65:7:65:18 | call to max | main.go:65:2:65:2 | definition of b |
| main.go:65:11:65:11 | x | main.go:65:7:65:18 | call to max |
@@ -135,62 +139,71 @@
| main.go:65:17:65:17 | z | main.go:65:7:65:18 | call to max |
| strings.go:8:12:8:12 | argument corresponding to s | strings.go:8:12:8:12 | definition of s |
| strings.go:8:12:8:12 | definition of s | strings.go:9:24:9:24 | s |
| strings.go:8:12:8:12 | definition of s | strings.go:10:27:10:27 | s |
| strings.go:9:2:9:3 | definition of s2 | strings.go:11:20:11:21 | s2 |
| strings.go:9:2:9:3 | definition of s2 | strings.go:11:48:11:49 | s2 |
| strings.go:9:8:9:38 | call to Replace | strings.go:9:2:9:3 | definition of s2 |
| strings.go:9:24:9:24 | s | strings.go:10:27:10:27 | s |
| strings.go:10:2:10:3 | definition of s3 | strings.go:11:24:11:25 | s3 |
| strings.go:10:2:10:3 | definition of s3 | strings.go:11:67:11:68 | s3 |
| strings.go:10:8:10:42 | call to ReplaceAll | strings.go:10:2:10:3 | definition of s3 |
| strings.go:11:20:11:21 | s2 | strings.go:11:48:11:49 | s2 |
| strings.go:11:24:11:25 | s3 | strings.go:11:67:11:68 | s3 |
| url.go:8:12:8:12 | argument corresponding to b | url.go:8:12:8:12 | definition of b |
| url.go:8:12:8:12 | definition of b | url.go:11:5:11:5 | b |
| url.go:8:20:8:20 | argument corresponding to s | url.go:8:20:8:20 | definition of s |
| url.go:8:20:8:20 | definition of s | url.go:12:46:12:46 | s |
| url.go:8:20:8:20 | definition of s | url.go:14:48:14:48 | s |
| url.go:12:3:12:5 | definition of res | url.go:16:5:16:7 | res = phi(def@12:3, def@14:3) |
| url.go:12:3:12:5 | definition of res | url.go:19:9:19:11 | res |
| url.go:12:3:12:48 | ... = ...[0] | url.go:12:3:12:5 | definition of res |
| url.go:12:3:12:48 | ... = ...[1] | url.go:12:8:12:10 | definition of err |
| url.go:12:8:12:10 | definition of err | url.go:16:5:16:7 | err = phi(def@12:8, def@14:8) |
| url.go:14:3:14:5 | definition of res | url.go:16:5:16:7 | res = phi(def@12:3, def@14:3) |
| url.go:12:8:12:10 | definition of err | url.go:16:5:16:7 | err |
| url.go:14:3:14:5 | definition of res | url.go:19:9:19:11 | res |
| url.go:14:3:14:50 | ... = ...[0] | url.go:14:3:14:5 | definition of res |
| url.go:14:3:14:50 | ... = ...[1] | url.go:14:8:14:10 | definition of err |
| url.go:14:8:14:10 | definition of err | url.go:16:5:16:7 | err = phi(def@12:8, def@14:8) |
| url.go:16:5:16:7 | err = phi(def@12:8, def@14:8) | url.go:16:5:16:7 | err |
| url.go:16:5:16:7 | res = phi(def@12:3, def@14:3) | url.go:19:9:19:11 | res |
| url.go:14:8:14:10 | definition of err | url.go:16:5:16:7 | err |
| url.go:22:12:22:12 | argument corresponding to i | url.go:22:12:22:12 | definition of i |
| url.go:22:12:22:12 | definition of i | url.go:24:5:24:5 | i |
| url.go:22:19:22:19 | argument corresponding to s | url.go:22:19:22:19 | definition of s |
| url.go:22:19:22:19 | definition of s | url.go:23:20:23:20 | s |
| url.go:22:19:22:19 | definition of s | url.go:27:29:27:29 | s |
| url.go:23:2:23:2 | definition of u | url.go:25:10:25:10 | u |
| url.go:23:2:23:21 | ... := ...[0] | url.go:23:2:23:2 | definition of u |
| url.go:23:20:23:20 | s | url.go:27:29:27:29 | s |
| url.go:27:2:27:2 | definition of u | url.go:28:14:28:14 | u |
| url.go:27:2:27:2 | definition of u | url.go:29:14:29:14 | u |
| url.go:27:2:27:2 | definition of u | url.go:30:11:30:11 | u |
| url.go:27:2:27:2 | definition of u | url.go:32:9:32:9 | u |
| url.go:27:2:27:30 | ... = ...[0] | url.go:27:2:27:2 | definition of u |
| url.go:28:14:28:14 | u | url.go:29:14:29:14 | u |
| url.go:28:14:28:14 | u [postupdate] | url.go:29:14:29:14 | u |
| url.go:29:14:29:14 | u | url.go:30:11:30:11 | u |
| url.go:29:14:29:14 | u [postupdate] | url.go:30:11:30:11 | u |
| url.go:30:2:30:3 | definition of bs | url.go:31:14:31:15 | bs |
| url.go:30:2:30:27 | ... := ...[0] | url.go:30:2:30:3 | definition of bs |
| url.go:30:11:30:11 | u | url.go:32:9:32:9 | u |
| url.go:30:11:30:11 | u [postupdate] | url.go:32:9:32:9 | u |
| url.go:32:2:32:2 | definition of u | url.go:33:14:33:14 | u |
| url.go:32:2:32:2 | definition of u | url.go:34:14:34:14 | u |
| url.go:32:2:32:2 | definition of u | url.go:35:14:35:14 | u |
| url.go:32:2:32:2 | definition of u | url.go:36:6:36:6 | u |
| url.go:32:2:32:2 | definition of u | url.go:36:25:36:25 | u |
| url.go:32:2:32:23 | ... = ...[0] | url.go:32:2:32:2 | definition of u |
| url.go:33:14:33:14 | u | url.go:34:14:34:14 | u |
| url.go:33:14:33:14 | u [postupdate] | url.go:34:14:34:14 | u |
| url.go:34:14:34:14 | u | url.go:35:14:35:14 | u |
| url.go:34:14:34:14 | u [postupdate] | url.go:35:14:35:14 | u |
| url.go:35:14:35:14 | u | url.go:36:6:36:6 | u |
| url.go:35:14:35:14 | u [postupdate] | url.go:36:6:36:6 | u |
| url.go:36:2:36:2 | definition of u | url.go:37:9:37:9 | u |
| url.go:36:6:36:6 | u | url.go:36:25:36:25 | u |
| url.go:36:6:36:6 | u [postupdate] | url.go:36:25:36:25 | u |
| url.go:36:6:36:26 | call to ResolveReference | url.go:36:2:36:2 | definition of u |
| url.go:42:2:42:3 | definition of ui | url.go:43:11:43:12 | ui |
| url.go:42:2:42:3 | definition of ui | url.go:45:14:45:15 | ui |
| url.go:42:2:42:3 | definition of ui | url.go:46:9:46:10 | ui |
| url.go:42:7:42:38 | call to UserPassword | url.go:42:2:42:3 | definition of ui |
| url.go:43:2:43:3 | definition of pw | url.go:44:14:44:15 | pw |
| url.go:43:2:43:23 | ... := ...[0] | url.go:43:2:43:3 | definition of pw |
| url.go:43:11:43:12 | ui | url.go:45:14:45:15 | ui |
| url.go:43:11:43:12 | ui [postupdate] | url.go:45:14:45:15 | ui |
| url.go:45:14:45:15 | ui | url.go:46:9:46:10 | ui |
| url.go:45:14:45:15 | ui [postupdate] | url.go:46:9:46:10 | ui |
| url.go:49:12:49:12 | argument corresponding to q | url.go:49:12:49:12 | definition of q |
| url.go:49:12:49:12 | definition of q | url.go:50:25:50:25 | q |
| url.go:50:2:50:2 | definition of v | url.go:51:14:51:14 | v |
| url.go:50:2:50:2 | definition of v | url.go:52:14:52:14 | v |
| url.go:50:2:50:2 | definition of v | url.go:53:9:53:9 | v |
| url.go:50:2:50:26 | ... := ...[0] | url.go:50:2:50:2 | definition of v |
| url.go:51:14:51:14 | v | url.go:52:14:52:14 | v |
| url.go:51:14:51:14 | v [postupdate] | url.go:52:14:52:14 | v |
| url.go:52:14:52:14 | v | url.go:53:9:53:9 | v |
| url.go:52:14:52:14 | v [postupdate] | url.go:53:9:53:9 | v |
| url.go:56:12:56:12 | argument corresponding to q | url.go:56:12:56:12 | definition of q |
| url.go:56:12:56:12 | definition of q | url.go:57:29:57:29 | q |
| url.go:57:2:57:8 | definition of joined1 | url.go:58:38:58:44 | joined1 |

2
go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected
View File

@@ -7,7 +7,7 @@
| main.go:39:15:39:15 | s | main.go:39:8:39:25 | call to append |
| main.go:40:15:40:15 | s | main.go:40:8:40:23 | call to append |
| main.go:40:18:40:19 | s1 | main.go:40:8:40:23 | call to append |
| main.go:42:10:42:11 | s4 | main.go:38:2:38:2 | definition of s |
| main.go:42:10:42:11 | s4 | main.go:42:7:42:7 | s [postupdate] |
| main.go:47:20:47:21 | next key-value pair in range | main.go:47:2:50:2 | range statement[0] |
| main.go:47:20:47:21 | next key-value pair in range | main.go:47:2:50:2 | range statement[1] |
| main.go:47:20:47:21 | xs | main.go:47:2:50:2 | range statement[1] |

6
go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionModelStep.expected
View File

@@ -1,3 +1,3 @@
| file://:0:0:0:0 | NewEncoder | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:9:6:9:6 | definition of w |
| file://:0:0:0:0 | ReadFrom | tst.go:10:23:10:28 | reader | tst.go:9:2:9:12 | definition of bytesBuffer |
| file://:0:0:0:0 | Reset | reset.go:12:15:12:20 | source | reset.go:11:6:11:11 | definition of reader |
| file://:0:0:0:0 | NewEncoder | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:10:25:10:25 | w [postupdate] |
| file://:0:0:0:0 | ReadFrom | tst.go:10:23:10:28 | reader | tst.go:10:2:10:12 | bytesBuffer [postupdate] |
| file://:0:0:0:0 | Reset | reset.go:12:15:12:20 | source | reset.go:12:2:12:7 | reader [postupdate] |

20
go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionOutput_getExitNode.expected
View File

@@ -1,13 +1,13 @@
| parameter 0 | reset.go:12:2:12:21 | call to Reset | reset.go:9:2:9:7 | definition of source |
| parameter 0 | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:9:6:9:6 | definition of w |
| parameter 0 | tst2.go:10:9:10:39 | call to Encode | tst2.go:8:12:8:15 | definition of data |
| parameter 0 | tst.go:10:2:10:29 | call to ReadFrom | tst.go:8:12:8:17 | definition of reader |
| parameter 0 | tst.go:16:2:16:12 | call to test5 | tst.go:15:12:15:12 | definition of x |
| parameter 1 | tst.go:16:2:16:12 | call to test5 | tst.go:15:15:15:15 | definition of y |
| receiver | main.go:53:14:53:21 | call to bump | main.go:52:2:52:2 | definition of c |
| receiver | reset.go:12:2:12:21 | call to Reset | reset.go:11:6:11:11 | definition of reader |
| receiver | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:9:10:26 | call to NewEncoder |
| receiver | tst.go:10:2:10:29 | call to ReadFrom | tst.go:9:2:9:12 | definition of bytesBuffer |
| parameter 0 | reset.go:12:2:12:21 | call to Reset | reset.go:12:15:12:20 | source [postupdate] |
| parameter 0 | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:10:25:10:25 | w [postupdate] |
| parameter 0 | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:35:10:38 | data [postupdate] |
| parameter 0 | tst.go:10:2:10:29 | call to ReadFrom | tst.go:10:23:10:28 | reader [postupdate] |
| parameter 0 | tst.go:16:2:16:12 | call to test5 | tst.go:16:8:16:8 | x [postupdate] |
| parameter 1 | tst.go:16:2:16:12 | call to test5 | tst.go:16:11:16:11 | y [postupdate] |
| receiver | main.go:53:14:53:21 | call to bump | main.go:53:14:53:14 | c [postupdate] |
| receiver | reset.go:12:2:12:21 | call to Reset | reset.go:12:2:12:7 | reader [postupdate] |
| receiver | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:9:10:26 | call to NewEncoder [postupdate] |
| receiver | tst.go:10:2:10:29 | call to ReadFrom | tst.go:10:2:10:12 | bytesBuffer [postupdate] |
| result | main.go:51:2:51:14 | call to op | main.go:51:2:51:14 | call to op |
| result | main.go:53:2:53:22 | call to op2 | main.go:53:2:53:22 | call to op2 |
| result | main.go:53:14:53:21 | call to bump | main.go:53:14:53:21 | call to bump |

52
go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/test.expected
View File

@@ -1,26 +1,26 @@
| file://:0:0:0:0 | [summary] to write: Argument[0] in copy | file://:0:0:0:0 | [summary param] 0 in copy |
| test.go:22:2:22:2 | definition of a | test.go:23:2:23:2 | a |
| test.go:22:2:22:2 | definition of a | test.go:24:2:24:2 | a |
| test.go:22:2:22:2 | definition of a | test.go:25:2:25:2 | a |
| test.go:22:2:22:2 | definition of a | test.go:26:2:26:2 | a |
| test.go:22:2:22:2 | definition of a | test.go:29:6:29:6 | a |
| test.go:22:2:22:2 | definition of a | test.go:30:7:30:7 | a |
| test.go:22:2:22:2 | definition of a | test.go:35:4:35:4 | a |
| test.go:22:2:22:2 | definition of a | test.go:36:5:36:5 | a |
| test.go:23:11:23:14 | &... | test.go:23:11:23:14 | &... |
| test.go:23:12:23:14 | selection of b | test.go:23:12:23:14 | selection of b |
| test.go:24:2:24:5 | selection of bs | test.go:24:2:24:5 | selection of bs |
| test.go:24:2:24:8 | index expression | test.go:24:2:24:8 | index expression |
| test.go:24:17:24:20 | &... | test.go:24:17:24:20 | &... |
| test.go:24:18:24:20 | struct literal | test.go:24:18:24:20 | struct literal |
| test.go:25:2:25:5 | selection of bs | test.go:25:2:25:5 | selection of bs |
| test.go:25:2:25:8 | index expression | test.go:25:2:25:8 | index expression |
| test.go:25:2:25:13 | implicit dereference | test.go:25:2:25:13 | implicit dereference |
| test.go:25:2:25:13 | selection of cptr | test.go:25:2:25:13 | selection of cptr |
| test.go:26:2:26:7 | implicit dereference | test.go:26:2:26:7 | implicit dereference |
| test.go:26:2:26:7 | selection of bptr | test.go:26:2:26:7 | selection of bptr |
| test.go:26:2:26:12 | implicit dereference | test.go:26:2:26:12 | implicit dereference |
| test.go:26:2:26:12 | selection of cptr | test.go:26:2:26:12 | selection of cptr |
| test.go:28:2:28:2 | definition of c | test.go:29:2:29:2 | c |
| test.go:28:2:28:2 | definition of c | test.go:30:2:30:2 | c |
| test.go:28:7:28:10 | struct literal | test.go:28:7:28:10 | struct literal |
| file://:0:0:0:0 | [summary param] 0 in copy | file://:0:0:0:0 | [summary] to write: Argument[0] in copy |
| test.go:23:2:23:2 | a | test.go:23:2:23:2 | a [postupdate] |
| test.go:23:11:23:14 | &... | test.go:23:11:23:14 | &... [postupdate] |
| test.go:23:12:23:14 | selection of b | test.go:23:12:23:14 | selection of b [postupdate] |
| test.go:24:2:24:2 | a | test.go:24:2:24:2 | a [postupdate] |
| test.go:24:2:24:5 | selection of bs | test.go:24:2:24:5 | selection of bs [postupdate] |
| test.go:24:2:24:8 | index expression | test.go:24:2:24:8 | index expression [postupdate] |
| test.go:24:17:24:20 | &... | test.go:24:17:24:20 | &... [postupdate] |
| test.go:24:18:24:20 | struct literal | test.go:24:18:24:20 | struct literal [postupdate] |
| test.go:25:2:25:2 | a | test.go:25:2:25:2 | a [postupdate] |
| test.go:25:2:25:5 | selection of bs | test.go:25:2:25:5 | selection of bs [postupdate] |
| test.go:25:2:25:8 | index expression | test.go:25:2:25:8 | index expression [postupdate] |
| test.go:25:2:25:13 | implicit dereference | test.go:25:2:25:13 | implicit dereference [postupdate] |
| test.go:25:2:25:13 | selection of cptr | test.go:25:2:25:13 | selection of cptr [postupdate] |
| test.go:26:2:26:2 | a | test.go:26:2:26:2 | a [postupdate] |
| test.go:26:2:26:7 | implicit dereference | test.go:26:2:26:7 | implicit dereference [postupdate] |
| test.go:26:2:26:7 | selection of bptr | test.go:26:2:26:7 | selection of bptr [postupdate] |
| test.go:26:2:26:12 | implicit dereference | test.go:26:2:26:12 | implicit dereference [postupdate] |
| test.go:26:2:26:12 | selection of cptr | test.go:26:2:26:12 | selection of cptr [postupdate] |
| test.go:28:7:28:10 | struct literal | test.go:28:7:28:10 | struct literal [postupdate] |
| test.go:29:2:29:2 | c | test.go:29:2:29:2 | c [postupdate] |
| test.go:29:6:29:6 | a | test.go:29:6:29:6 | a [postupdate] |
| test.go:30:2:30:2 | c | test.go:30:2:30:2 | c [postupdate] |
| test.go:30:7:30:7 | a | test.go:30:7:30:7 | a [postupdate] |
| test.go:35:4:35:4 | a | test.go:35:4:35:4 | a [postupdate] |
| test.go:36:5:36:5 | a | test.go:36:5:36:5 | a [postupdate] |

2
go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/test.ql
View File

@@ -1,4 +1,4 @@
import go
from DataFlow::PostUpdateNode pun
select pun, pun.getPreUpdateNode()
select pun.getPreUpdateNode(), pun

142
go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected
View File

@@ -79,106 +79,136 @@
| main.go:7:6:7:9 | function sink | main.go:149:2:149:5 | sink |
| main.go:7:6:7:9 | function sink | main.go:150:2:150:5 | sink |
| main.go:22:2:22:6 | definition of outer | main.go:25:7:25:11 | outer |
| main.go:22:2:22:6 | definition of outer | main.go:26:7:26:11 | outer |
| main.go:22:2:22:6 | definition of outer | main.go:27:7:27:11 | outer |
| main.go:22:2:22:6 | definition of outer | main.go:28:7:28:11 | outer |
| main.go:22:11:24:2 | struct literal | main.go:22:2:22:6 | definition of outer |
| main.go:22:11:24:2 | struct literal [postupdate] | main.go:22:2:22:6 | definition of outer |
| main.go:25:7:25:11 | outer | main.go:26:7:26:11 | outer |
| main.go:26:7:26:11 | outer | main.go:27:7:27:11 | outer |
| main.go:27:7:27:11 | outer | main.go:28:7:28:11 | outer |
| main.go:30:2:30:7 | definition of outerp | main.go:33:7:33:12 | outerp |
| main.go:30:2:30:7 | definition of outerp | main.go:34:7:34:12 | outerp |
| main.go:30:2:30:7 | definition of outerp | main.go:35:7:35:12 | outerp |
| main.go:30:2:30:7 | definition of outerp | main.go:36:7:36:12 | outerp |
| main.go:30:12:32:2 | &... | main.go:30:2:30:7 | definition of outerp |
| main.go:30:12:32:2 | &... [postupdate] | main.go:30:2:30:7 | definition of outerp |
| main.go:33:7:33:12 | outerp | main.go:34:7:34:12 | outerp |
| main.go:33:7:33:12 | outerp [postupdate] | main.go:34:7:34:12 | outerp |
| main.go:34:7:34:12 | outerp | main.go:35:7:35:12 | outerp |
| main.go:34:7:34:12 | outerp [postupdate] | main.go:35:7:35:12 | outerp |
| main.go:35:7:35:12 | outerp | main.go:36:7:36:12 | outerp |
| main.go:35:7:35:12 | outerp [postupdate] | main.go:36:7:36:12 | outerp |
| main.go:40:2:40:6 | definition of outer | main.go:41:7:41:11 | outer |
| main.go:40:2:40:6 | definition of outer | main.go:42:7:42:11 | outer |
| main.go:40:2:40:6 | definition of outer | main.go:43:7:43:11 | outer |
| main.go:40:2:40:6 | definition of outer | main.go:44:7:44:11 | outer |
| main.go:40:11:40:40 | struct literal | main.go:40:2:40:6 | definition of outer |
| main.go:40:11:40:40 | struct literal [postupdate] | main.go:40:2:40:6 | definition of outer |
| main.go:41:7:41:11 | outer | main.go:42:7:42:11 | outer |
| main.go:42:7:42:11 | outer | main.go:43:7:43:11 | outer |
| main.go:43:7:43:11 | outer | main.go:44:7:44:11 | outer |
| main.go:46:2:46:7 | definition of outerp | main.go:47:7:47:12 | outerp |
| main.go:46:2:46:7 | definition of outerp | main.go:48:7:48:12 | outerp |
| main.go:46:2:46:7 | definition of outerp | main.go:49:7:49:12 | outerp |
| main.go:46:2:46:7 | definition of outerp | main.go:50:7:50:12 | outerp |
| main.go:46:12:46:42 | &... | main.go:46:2:46:7 | definition of outerp |
| main.go:46:12:46:42 | &... [postupdate] | main.go:46:2:46:7 | definition of outerp |
| main.go:47:7:47:12 | outerp | main.go:48:7:48:12 | outerp |
| main.go:47:7:47:12 | outerp [postupdate] | main.go:48:7:48:12 | outerp |
| main.go:48:7:48:12 | outerp | main.go:49:7:49:12 | outerp |
| main.go:48:7:48:12 | outerp [postupdate] | main.go:49:7:49:12 | outerp |
| main.go:49:7:49:12 | outerp | main.go:50:7:50:12 | outerp |
| main.go:49:7:49:12 | outerp [postupdate] | main.go:50:7:50:12 | outerp |
| main.go:54:2:54:6 | definition of inner | main.go:55:19:55:23 | inner |
| main.go:54:11:54:25 | struct literal | main.go:54:2:54:6 | definition of inner |
| main.go:54:11:54:25 | struct literal [postupdate] | main.go:54:2:54:6 | definition of inner |
| main.go:55:2:55:7 | definition of middle | main.go:56:17:56:22 | middle |
| main.go:55:12:55:24 | struct literal | main.go:55:2:55:7 | definition of middle |
| main.go:55:12:55:24 | struct literal [postupdate] | main.go:55:2:55:7 | definition of middle |
| main.go:56:2:56:6 | definition of outer | main.go:57:7:57:11 | outer |
| main.go:56:2:56:6 | definition of outer | main.go:58:7:58:11 | outer |
| main.go:56:2:56:6 | definition of outer | main.go:59:7:59:11 | outer |
| main.go:56:2:56:6 | definition of outer | main.go:60:7:60:11 | outer |
| main.go:56:11:56:23 | struct literal | main.go:56:2:56:6 | definition of outer |
| main.go:56:11:56:23 | struct literal [postupdate] | main.go:56:2:56:6 | definition of outer |
| main.go:57:7:57:11 | outer | main.go:58:7:58:11 | outer |
| main.go:58:7:58:11 | outer | main.go:59:7:59:11 | outer |
| main.go:59:7:59:11 | outer | main.go:60:7:60:11 | outer |
| main.go:62:2:62:7 | definition of innerp | main.go:63:20:63:25 | innerp |
| main.go:62:12:62:26 | struct literal | main.go:62:2:62:7 | definition of innerp |
| main.go:62:12:62:26 | struct literal [postupdate] | main.go:62:2:62:7 | definition of innerp |
| main.go:63:2:63:8 | definition of middlep | main.go:64:18:64:24 | middlep |
| main.go:63:13:63:26 | struct literal | main.go:63:2:63:8 | definition of middlep |
| main.go:63:13:63:26 | struct literal [postupdate] | main.go:63:2:63:8 | definition of middlep |
| main.go:64:2:64:7 | definition of outerp | main.go:65:7:65:12 | outerp |
| main.go:64:2:64:7 | definition of outerp | main.go:66:7:66:12 | outerp |
| main.go:64:2:64:7 | definition of outerp | main.go:67:7:67:12 | outerp |
| main.go:64:2:64:7 | definition of outerp | main.go:68:7:68:12 | outerp |
| main.go:64:12:64:25 | struct literal | main.go:64:2:64:7 | definition of outerp |
| main.go:64:12:64:25 | struct literal [postupdate] | main.go:64:2:64:7 | definition of outerp |
| main.go:65:7:65:12 | outerp | main.go:66:7:66:12 | outerp |
| main.go:66:7:66:12 | outerp | main.go:67:7:67:12 | outerp |
| main.go:67:7:67:12 | outerp | main.go:68:7:68:12 | outerp |
| main.go:72:2:72:6 | definition of inner | main.go:73:26:73:30 | inner |
| main.go:72:11:72:25 | struct literal | main.go:72:2:72:6 | definition of inner |
| main.go:72:11:72:25 | struct literal [postupdate] | main.go:72:2:72:6 | definition of inner |
| main.go:73:2:73:7 | definition of middle | main.go:74:25:74:30 | middle |
| main.go:73:12:73:31 | struct literal | main.go:73:2:73:7 | definition of middle |
| main.go:73:12:73:31 | struct literal [postupdate] | main.go:73:2:73:7 | definition of middle |
| main.go:74:2:74:6 | definition of outer | main.go:75:7:75:11 | outer |
| main.go:74:2:74:6 | definition of outer | main.go:76:7:76:11 | outer |
| main.go:74:2:74:6 | definition of outer | main.go:77:7:77:11 | outer |
| main.go:74:2:74:6 | definition of outer | main.go:78:7:78:11 | outer |
| main.go:74:11:74:31 | struct literal | main.go:74:2:74:6 | definition of outer |
| main.go:74:11:74:31 | struct literal [postupdate] | main.go:74:2:74:6 | definition of outer |
| main.go:75:7:75:11 | outer | main.go:76:7:76:11 | outer |
| main.go:76:7:76:11 | outer | main.go:77:7:77:11 | outer |
| main.go:77:7:77:11 | outer | main.go:78:7:78:11 | outer |
| main.go:80:2:80:7 | definition of innerp | main.go:81:27:81:32 | innerp |
| main.go:80:12:80:26 | struct literal | main.go:80:2:80:7 | definition of innerp |
| main.go:80:12:80:26 | struct literal [postupdate] | main.go:80:2:80:7 | definition of innerp |
| main.go:81:2:81:8 | definition of middlep | main.go:82:26:82:32 | middlep |
| main.go:81:13:81:33 | struct literal | main.go:81:2:81:8 | definition of middlep |
| main.go:81:13:81:33 | struct literal [postupdate] | main.go:81:2:81:8 | definition of middlep |
| main.go:82:2:82:7 | definition of outerp | main.go:83:7:83:12 | outerp |
| main.go:82:2:82:7 | definition of outerp | main.go:84:7:84:12 | outerp |
| main.go:82:2:82:7 | definition of outerp | main.go:85:7:85:12 | outerp |
| main.go:82:2:82:7 | definition of outerp | main.go:86:7:86:12 | outerp |
| main.go:82:12:82:33 | struct literal | main.go:82:2:82:7 | definition of outerp |
| main.go:82:12:82:33 | struct literal [postupdate] | main.go:82:2:82:7 | definition of outerp |
| main.go:83:7:83:12 | outerp | main.go:84:7:84:12 | outerp |
| main.go:84:7:84:12 | outerp | main.go:85:7:85:12 | outerp |
| main.go:85:7:85:12 | outerp | main.go:86:7:86:12 | outerp |
| main.go:90:6:90:10 | definition of outer | main.go:91:2:91:6 | outer |
| main.go:90:6:90:10 | definition of outer | main.go:92:7:92:11 | outer |
| main.go:90:6:90:10 | definition of outer | main.go:93:7:93:11 | outer |
| main.go:90:6:90:10 | definition of outer | main.go:94:7:94:11 | outer |
| main.go:90:6:90:10 | definition of outer | main.go:95:7:95:11 | outer |
| main.go:90:6:90:10 | zero value for outer | main.go:90:6:90:10 | definition of outer |
| main.go:91:2:91:6 | outer | main.go:92:7:92:11 | outer |
| main.go:91:2:91:6 | outer [postupdate] | main.go:92:7:92:11 | outer |
| main.go:92:7:92:11 | outer | main.go:93:7:93:11 | outer |
| main.go:93:7:93:11 | outer | main.go:94:7:94:11 | outer |
| main.go:94:7:94:11 | outer | main.go:95:7:95:11 | outer |
| main.go:97:6:97:11 | definition of outerp | main.go:98:2:98:7 | outerp |
| main.go:97:6:97:11 | definition of outerp | main.go:99:7:99:12 | outerp |
| main.go:97:6:97:11 | definition of outerp | main.go:100:7:100:12 | outerp |
| main.go:97:6:97:11 | definition of outerp | main.go:101:7:101:12 | outerp |
| main.go:97:6:97:11 | definition of outerp | main.go:102:7:102:12 | outerp |
| main.go:97:6:97:11 | zero value for outerp | main.go:97:6:97:11 | definition of outerp |
| main.go:98:2:98:7 | outerp | main.go:99:7:99:12 | outerp |
| main.go:98:2:98:7 | outerp [postupdate] | main.go:99:7:99:12 | outerp |
| main.go:99:7:99:12 | outerp | main.go:100:7:100:12 | outerp |
| main.go:100:7:100:12 | outerp | main.go:101:7:101:12 | outerp |
| main.go:101:7:101:12 | outerp | main.go:102:7:102:12 | outerp |
| main.go:106:6:106:10 | definition of outer | main.go:107:2:107:6 | outer |
| main.go:106:6:106:10 | definition of outer | main.go:108:7:108:11 | outer |
| main.go:106:6:106:10 | definition of outer | main.go:109:7:109:11 | outer |
| main.go:106:6:106:10 | definition of outer | main.go:110:7:110:11 | outer |
| main.go:106:6:106:10 | definition of outer | main.go:111:7:111:11 | outer |
| main.go:106:6:106:10 | zero value for outer | main.go:106:6:106:10 | definition of outer |
| main.go:107:2:107:6 | outer | main.go:108:7:108:11 | outer |
| main.go:107:2:107:6 | outer [postupdate] | main.go:108:7:108:11 | outer |
| main.go:108:7:108:11 | outer | main.go:109:7:109:11 | outer |
| main.go:109:7:109:11 | outer | main.go:110:7:110:11 | outer |
| main.go:110:7:110:11 | outer | main.go:111:7:111:11 | outer |
| main.go:113:6:113:11 | definition of outerp | main.go:114:2:114:7 | outerp |
| main.go:113:6:113:11 | definition of outerp | main.go:115:7:115:12 | outerp |
| main.go:113:6:113:11 | definition of outerp | main.go:116:7:116:12 | outerp |
| main.go:113:6:113:11 | definition of outerp | main.go:117:7:117:12 | outerp |
| main.go:113:6:113:11 | definition of outerp | main.go:118:7:118:12 | outerp |
| main.go:113:6:113:11 | zero value for outerp | main.go:113:6:113:11 | definition of outerp |
| main.go:114:2:114:7 | outerp | main.go:115:7:115:12 | outerp |
| main.go:114:2:114:7 | outerp [postupdate] | main.go:115:7:115:12 | outerp |
| main.go:115:7:115:12 | outerp | main.go:116:7:116:12 | outerp |
| main.go:116:7:116:12 | outerp | main.go:117:7:117:12 | outerp |
| main.go:117:7:117:12 | outerp | main.go:118:7:118:12 | outerp |
| main.go:122:6:122:10 | definition of outer | main.go:123:2:123:6 | outer |
| main.go:122:6:122:10 | definition of outer | main.go:124:7:124:11 | outer |
| main.go:122:6:122:10 | definition of outer | main.go:125:7:125:11 | outer |
| main.go:122:6:122:10 | definition of outer | main.go:126:7:126:11 | outer |
| main.go:122:6:122:10 | definition of outer | main.go:127:7:127:11 | outer |
| main.go:122:6:122:10 | zero value for outer | main.go:122:6:122:10 | definition of outer |
| main.go:123:2:123:6 | outer | main.go:124:7:124:11 | outer |
| main.go:123:2:123:6 | outer [postupdate] | main.go:124:7:124:11 | outer |
| main.go:124:7:124:11 | outer | main.go:125:7:125:11 | outer |
| main.go:125:7:125:11 | outer | main.go:126:7:126:11 | outer |
| main.go:126:7:126:11 | outer | main.go:127:7:127:11 | outer |
| main.go:129:6:129:11 | definition of outerp | main.go:130:2:130:7 | outerp |
| main.go:129:6:129:11 | definition of outerp | main.go:131:7:131:12 | outerp |
| main.go:129:6:129:11 | definition of outerp | main.go:132:7:132:12 | outerp |
| main.go:129:6:129:11 | definition of outerp | main.go:133:7:133:12 | outerp |
| main.go:129:6:129:11 | definition of outerp | main.go:134:7:134:12 | outerp |
| main.go:129:6:129:11 | zero value for outerp | main.go:129:6:129:11 | definition of outerp |
| main.go:130:2:130:7 | outerp | main.go:131:7:131:12 | outerp |
| main.go:130:2:130:7 | outerp [postupdate] | main.go:131:7:131:12 | outerp |
| main.go:131:7:131:12 | outerp | main.go:132:7:132:12 | outerp |
| main.go:132:7:132:12 | outerp | main.go:133:7:133:12 | outerp |
| main.go:133:7:133:12 | outerp | main.go:134:7:134:12 | outerp |
| main.go:138:6:138:10 | definition of outer | main.go:139:2:139:6 | outer |
| main.go:138:6:138:10 | definition of outer | main.go:140:7:140:11 | outer |
| main.go:138:6:138:10 | definition of outer | main.go:141:7:141:11 | outer |
| main.go:138:6:138:10 | definition of outer | main.go:142:7:142:11 | outer |
| main.go:138:6:138:10 | definition of outer | main.go:143:7:143:11 | outer |
| main.go:138:6:138:10 | zero value for outer | main.go:138:6:138:10 | definition of outer |
| main.go:139:2:139:6 | outer | main.go:140:7:140:11 | outer |
| main.go:139:2:139:6 | outer [postupdate] | main.go:140:7:140:11 | outer |
| main.go:140:7:140:11 | outer | main.go:141:7:141:11 | outer |
| main.go:141:7:141:11 | outer | main.go:142:7:142:11 | outer |
| main.go:142:7:142:11 | outer | main.go:143:7:143:11 | outer |
| main.go:145:6:145:11 | definition of outerp | main.go:146:2:146:7 | outerp |
| main.go:145:6:145:11 | definition of outerp | main.go:147:7:147:12 | outerp |
| main.go:145:6:145:11 | definition of outerp | main.go:148:7:148:12 | outerp |
| main.go:145:6:145:11 | definition of outerp | main.go:149:7:149:12 | outerp |
| main.go:145:6:145:11 | definition of outerp | main.go:150:7:150:12 | outerp |
| main.go:145:6:145:11 | zero value for outerp | main.go:145:6:145:11 | definition of outerp |
| main.go:146:2:146:7 | outerp | main.go:147:7:147:12 | outerp |
| main.go:146:2:146:7 | outerp [postupdate] | main.go:147:7:147:12 | outerp |
| main.go:147:7:147:12 | outerp | main.go:148:7:148:12 | outerp |
| main.go:148:7:148:12 | outerp | main.go:149:7:149:12 | outerp |
| main.go:149:7:149:12 | outerp | main.go:150:7:150:12 | outerp |

6
go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/writesElement.expected
View File

@@ -1,3 +1,3 @@
| tst.go:19:2:19:6 | assignment to element | tst.go:19:2:19:3 | xs | tst.go:19:5:19:5 | 0 | tst.go:19:10:19:14 | index expression |
| tst.go:20:2:20:6 | assignment to element | tst.go:20:2:20:3 | implicit dereference | tst.go:20:5:20:5 | 0 | tst.go:20:10:20:14 | index expression |
| tst.go:20:2:20:6 | assignment to element | tst.go:20:2:20:3 | ps | tst.go:20:5:20:5 | 0 | tst.go:20:10:20:14 | index expression |
| tst.go:19:2:19:6 | assignment to element | tst.go:19:2:19:3 | xs [postupdate] | tst.go:19:5:19:5 | 0 | tst.go:19:10:19:14 | index expression |
| tst.go:20:2:20:6 | assignment to element | tst.go:20:2:20:3 | implicit dereference [postupdate] | tst.go:20:5:20:5 | 0 | tst.go:20:10:20:14 | index expression |
| tst.go:20:2:20:6 | assignment to element | tst.go:20:2:20:3 | ps [postupdate] | tst.go:20:5:20:5 | 0 | tst.go:20:10:20:14 | index expression |

6
go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/writesField.expected
View File

@@ -1,3 +1,3 @@
| tst.go:8:2:8:4 | assignment to field f | tst.go:8:2:8:2 | implicit dereference | tst.go:4:2:4:2 | f | tst.go:8:8:8:14 | ...+... |
| tst.go:8:2:8:4 | assignment to field f | tst.go:8:2:8:2 | t | tst.go:4:2:4:2 | f | tst.go:8:8:8:14 | ...+... |
| tst.go:17:2:17:4 | assignment to field f | tst.go:17:2:17:2 | x | tst.go:4:2:4:2 | f | tst.go:17:8:17:14 | ...+... |
| tst.go:8:2:8:4 | assignment to field f | tst.go:8:2:8:2 | implicit dereference [postupdate] | tst.go:4:2:4:2 | f | tst.go:8:8:8:14 | ...+... |
| tst.go:8:2:8:4 | assignment to field f | tst.go:8:2:8:2 | t [postupdate] | tst.go:4:2:4:2 | f | tst.go:8:8:8:14 | ...+... |
| tst.go:17:2:17:4 | assignment to field f | tst.go:17:2:17:2 | x [postupdate] | tst.go:4:2:4:2 | f | tst.go:17:8:17:14 | ...+... |

12
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go
View File

@@ -30,9 +30,9 @@ func gogf_Core(g gdb.Core) {
g.GetStruct(&v7, "SELECT user from users") // $ source
sink(v7) // $ hasTaintFlow="v7"
var v8 []User // $ source
g.GetStructs(v8, "SELECT user from users")
sink(v8) // $ hasTaintFlow="v8"
var v8 []User
g.GetStructs(v8, "SELECT user from users") // $ source
sink(v8) // $ hasTaintFlow="v8"
v9, _ := g.GetValue("SELECT user from users") // $ source
sink(v9) // $ hasTaintFlow="v9"
@@ -132,9 +132,9 @@ func gogf_TX(g gdb.TX) {
g.GetStruct(&v4, "SELECT user from users") // $ source
sink(v4) // $ hasTaintFlow="v4"
var v5 []User // $ source
g.GetStructs(v5, "SELECT user from users")
sink(v5) // $ hasTaintFlow="v5"
var v5 []User
g.GetStructs(v5, "SELECT user from users") // $ source
sink(v5) // $ hasTaintFlow="v5"
v6, _ := g.GetValue("SELECT user from users") // $ source
sink(v6) // $ hasTaintFlow="v6"

103
go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected
View File

@@ -1,5 +1,40 @@
edges
| test.go:153:17:153:24 | definition of password | test.go:154:14:154:21 | password | provenance | |
| test.go:153:17:153:24 | definition of password | test.go:155:17:155:24 | password | provenance | |
| test.go:153:17:153:24 | definition of password | test.go:156:14:156:21 | password | provenance | |
| test.go:153:17:153:24 | definition of password | test.go:157:18:157:25 | password | provenance | |
| test.go:153:17:153:24 | definition of password | test.go:158:14:158:21 | password | provenance | |
| test.go:153:17:153:24 | definition of password | test.go:159:13:159:20 | password | provenance | |
| test.go:153:17:153:24 | definition of password | test.go:160:22:160:29 | password | provenance | |
| test.go:153:17:153:24 | definition of password | test.go:161:15:161:22 | password | provenance | |
| test.go:153:17:153:24 | definition of password | test.go:162:14:162:21 | password | provenance | |
| test.go:153:17:153:24 | definition of password | test.go:163:13:163:20 | password | provenance | |
| test.go:153:17:153:24 | definition of password | test.go:164:16:164:23 | password | provenance | |
| test.go:153:17:153:24 | definition of password | test.go:165:13:165:20 | password | provenance | Sink:MaD:380 |
| test.go:153:17:153:24 | definition of password | test.go:166:16:166:23 | password | provenance | Sink:MaD:381 |
| test.go:153:17:153:24 | definition of password | test.go:167:13:167:20 | password | provenance | Sink:MaD:382 |
| test.go:153:17:153:24 | definition of password | test.go:168:17:168:24 | password | provenance | Sink:MaD:383 |
| test.go:153:17:153:24 | definition of password | test.go:169:13:169:20 | password | provenance | Sink:MaD:384 |
| test.go:153:17:153:24 | definition of password | test.go:170:12:170:19 | password | provenance | Sink:MaD:385 |
| test.go:153:17:153:24 | definition of password | test.go:171:21:171:28 | password | provenance | Sink:MaD:386 |
| test.go:153:17:153:24 | definition of password | test.go:172:14:172:21 | password | provenance | Sink:MaD:387 |
| test.go:153:17:153:24 | definition of password | test.go:173:13:173:20 | password | provenance | Sink:MaD:388 |
| test.go:153:17:153:24 | definition of password | test.go:174:12:174:19 | password | provenance | Sink:MaD:389 |
| test.go:153:17:153:24 | definition of password | test.go:175:15:175:22 | password | provenance | Sink:MaD:390 |
| test.go:153:17:153:24 | definition of password | test.go:176:15:176:22 | password | provenance | Sink:MaD:391 |
| test.go:153:17:153:24 | definition of password | test.go:177:18:177:25 | password | provenance | Sink:MaD:392 |
| test.go:153:17:153:24 | definition of password | test.go:178:15:178:22 | password | provenance | Sink:MaD:393 |
| test.go:153:17:153:24 | definition of password | test.go:179:19:179:26 | password | provenance | Sink:MaD:394 |
| test.go:153:17:153:24 | definition of password | test.go:180:15:180:22 | password | provenance | Sink:MaD:395 |
| test.go:153:17:153:24 | definition of password | test.go:181:14:181:21 | password | provenance | Sink:MaD:396 |
| test.go:153:17:153:24 | definition of password | test.go:182:23:182:30 | password | provenance | Sink:MaD:397 |
| test.go:153:17:153:24 | definition of password | test.go:183:16:183:23 | password | provenance | Sink:MaD:398 |
| test.go:153:17:153:24 | definition of password | test.go:184:15:184:22 | password | provenance | Sink:MaD:399 |
| test.go:153:17:153:24 | definition of password | test.go:185:14:185:21 | password | provenance | Sink:MaD:400 |
| test.go:153:17:153:24 | definition of password | test.go:186:17:186:24 | password | provenance | Sink:MaD:401 |
| test.go:153:17:153:24 | definition of password | test.go:187:16:187:23 | password | provenance | |
nodes
| test.go:153:17:153:24 | definition of password | semmle.label | definition of password |
| test.go:154:14:154:21 | password | semmle.label | password |
| test.go:155:17:155:24 | password | semmle.label | password |
| test.go:156:14:156:21 | password | semmle.label | password |
@@ -36,37 +71,37 @@ nodes
| test.go:187:16:187:23 | password | semmle.label | password |
subpaths
#select
| test.go:154:14:154:21 | password | test.go:154:14:154:21 | password | test.go:154:14:154:21 | password | $@ flows to a logging call. | test.go:154:14:154:21 | password | Sensitive data returned by an access to password |
| test.go:155:17:155:24 | password | test.go:155:17:155:24 | password | test.go:155:17:155:24 | password | $@ flows to a logging call. | test.go:155:17:155:24 | password | Sensitive data returned by an access to password |
| test.go:156:14:156:21 | password | test.go:156:14:156:21 | password | test.go:156:14:156:21 | password | $@ flows to a logging call. | test.go:156:14:156:21 | password | Sensitive data returned by an access to password |
| test.go:157:18:157:25 | password | test.go:157:18:157:25 | password | test.go:157:18:157:25 | password | $@ flows to a logging call. | test.go:157:18:157:25 | password | Sensitive data returned by an access to password |
| test.go:158:14:158:21 | password | test.go:158:14:158:21 | password | test.go:158:14:158:21 | password | $@ flows to a logging call. | test.go:158:14:158:21 | password | Sensitive data returned by an access to password |
| test.go:159:13:159:20 | password | test.go:159:13:159:20 | password | test.go:159:13:159:20 | password | $@ flows to a logging call. | test.go:159:13:159:20 | password | Sensitive data returned by an access to password |
| test.go:160:22:160:29 | password | test.go:160:22:160:29 | password | test.go:160:22:160:29 | password | $@ flows to a logging call. | test.go:160:22:160:29 | password | Sensitive data returned by an access to password |
| test.go:161:15:161:22 | password | test.go:161:15:161:22 | password | test.go:161:15:161:22 | password | $@ flows to a logging call. | test.go:161:15:161:22 | password | Sensitive data returned by an access to password |
| test.go:162:14:162:21 | password | test.go:162:14:162:21 | password | test.go:162:14:162:21 | password | $@ flows to a logging call. | test.go:162:14:162:21 | password | Sensitive data returned by an access to password |
| test.go:163:13:163:20 | password | test.go:163:13:163:20 | password | test.go:163:13:163:20 | password | $@ flows to a logging call. | test.go:163:13:163:20 | password | Sensitive data returned by an access to password |
| test.go:164:16:164:23 | password | test.go:164:16:164:23 | password | test.go:164:16:164:23 | password | $@ flows to a logging call. | test.go:164:16:164:23 | password | Sensitive data returned by an access to password |
| test.go:165:13:165:20 | password | test.go:165:13:165:20 | password | test.go:165:13:165:20 | password | $@ flows to a logging call. | test.go:165:13:165:20 | password | Sensitive data returned by an access to password |
| test.go:166:16:166:23 | password | test.go:166:16:166:23 | password | test.go:166:16:166:23 | password | $@ flows to a logging call. | test.go:166:16:166:23 | password | Sensitive data returned by an access to password |
| test.go:167:13:167:20 | password | test.go:167:13:167:20 | password | test.go:167:13:167:20 | password | $@ flows to a logging call. | test.go:167:13:167:20 | password | Sensitive data returned by an access to password |
| test.go:168:17:168:24 | password | test.go:168:17:168:24 | password | test.go:168:17:168:24 | password | $@ flows to a logging call. | test.go:168:17:168:24 | password | Sensitive data returned by an access to password |
| test.go:169:13:169:20 | password | test.go:169:13:169:20 | password | test.go:169:13:169:20 | password | $@ flows to a logging call. | test.go:169:13:169:20 | password | Sensitive data returned by an access to password |
| test.go:170:12:170:19 | password | test.go:170:12:170:19 | password | test.go:170:12:170:19 | password | $@ flows to a logging call. | test.go:170:12:170:19 | password | Sensitive data returned by an access to password |
| test.go:171:21:171:28 | password | test.go:171:21:171:28 | password | test.go:171:21:171:28 | password | $@ flows to a logging call. | test.go:171:21:171:28 | password | Sensitive data returned by an access to password |
| test.go:172:14:172:21 | password | test.go:172:14:172:21 | password | test.go:172:14:172:21 | password | $@ flows to a logging call. | test.go:172:14:172:21 | password | Sensitive data returned by an access to password |
| test.go:173:13:173:20 | password | test.go:173:13:173:20 | password | test.go:173:13:173:20 | password | $@ flows to a logging call. | test.go:173:13:173:20 | password | Sensitive data returned by an access to password |
| test.go:174:12:174:19 | password | test.go:174:12:174:19 | password | test.go:174:12:174:19 | password | $@ flows to a logging call. | test.go:174:12:174:19 | password | Sensitive data returned by an access to password |
| test.go:175:15:175:22 | password | test.go:175:15:175:22 | password | test.go:175:15:175:22 | password | $@ flows to a logging call. | test.go:175:15:175:22 | password | Sensitive data returned by an access to password |
| test.go:176:15:176:22 | password | test.go:176:15:176:22 | password | test.go:176:15:176:22 | password | $@ flows to a logging call. | test.go:176:15:176:22 | password | Sensitive data returned by an access to password |
| test.go:177:18:177:25 | password | test.go:177:18:177:25 | password | test.go:177:18:177:25 | password | $@ flows to a logging call. | test.go:177:18:177:25 | password | Sensitive data returned by an access to password |
| test.go:178:15:178:22 | password | test.go:178:15:178:22 | password | test.go:178:15:178:22 | password | $@ flows to a logging call. | test.go:178:15:178:22 | password | Sensitive data returned by an access to password |
| test.go:179:19:179:26 | password | test.go:179:19:179:26 | password | test.go:179:19:179:26 | password | $@ flows to a logging call. | test.go:179:19:179:26 | password | Sensitive data returned by an access to password |
| test.go:180:15:180:22 | password | test.go:180:15:180:22 | password | test.go:180:15:180:22 | password | $@ flows to a logging call. | test.go:180:15:180:22 | password | Sensitive data returned by an access to password |
| test.go:181:14:181:21 | password | test.go:181:14:181:21 | password | test.go:181:14:181:21 | password | $@ flows to a logging call. | test.go:181:14:181:21 | password | Sensitive data returned by an access to password |
| test.go:182:23:182:30 | password | test.go:182:23:182:30 | password | test.go:182:23:182:30 | password | $@ flows to a logging call. | test.go:182:23:182:30 | password | Sensitive data returned by an access to password |
| test.go:183:16:183:23 | password | test.go:183:16:183:23 | password | test.go:183:16:183:23 | password | $@ flows to a logging call. | test.go:183:16:183:23 | password | Sensitive data returned by an access to password |
| test.go:184:15:184:22 | password | test.go:184:15:184:22 | password | test.go:184:15:184:22 | password | $@ flows to a logging call. | test.go:184:15:184:22 | password | Sensitive data returned by an access to password |
| test.go:185:14:185:21 | password | test.go:185:14:185:21 | password | test.go:185:14:185:21 | password | $@ flows to a logging call. | test.go:185:14:185:21 | password | Sensitive data returned by an access to password |
| test.go:186:17:186:24 | password | test.go:186:17:186:24 | password | test.go:186:17:186:24 | password | $@ flows to a logging call. | test.go:186:17:186:24 | password | Sensitive data returned by an access to password |
| test.go:187:16:187:23 | password | test.go:187:16:187:23 | password | test.go:187:16:187:23 | password | $@ flows to a logging call. | test.go:187:16:187:23 | password | Sensitive data returned by an access to password |
| test.go:154:14:154:21 | password | test.go:153:17:153:24 | definition of password | test.go:154:14:154:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:155:17:155:24 | password | test.go:153:17:153:24 | definition of password | test.go:155:17:155:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:156:14:156:21 | password | test.go:153:17:153:24 | definition of password | test.go:156:14:156:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:157:18:157:25 | password | test.go:153:17:153:24 | definition of password | test.go:157:18:157:25 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:158:14:158:21 | password | test.go:153:17:153:24 | definition of password | test.go:158:14:158:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:159:13:159:20 | password | test.go:153:17:153:24 | definition of password | test.go:159:13:159:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:160:22:160:29 | password | test.go:153:17:153:24 | definition of password | test.go:160:22:160:29 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:161:15:161:22 | password | test.go:153:17:153:24 | definition of password | test.go:161:15:161:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:162:14:162:21 | password | test.go:153:17:153:24 | definition of password | test.go:162:14:162:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:163:13:163:20 | password | test.go:153:17:153:24 | definition of password | test.go:163:13:163:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:164:16:164:23 | password | test.go:153:17:153:24 | definition of password | test.go:164:16:164:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:165:13:165:20 | password | test.go:153:17:153:24 | definition of password | test.go:165:13:165:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:166:16:166:23 | password | test.go:153:17:153:24 | definition of password | test.go:166:16:166:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:167:13:167:20 | password | test.go:153:17:153:24 | definition of password | test.go:167:13:167:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:168:17:168:24 | password | test.go:153:17:153:24 | definition of password | test.go:168:17:168:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:169:13:169:20 | password | test.go:153:17:153:24 | definition of password | test.go:169:13:169:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:170:12:170:19 | password | test.go:153:17:153:24 | definition of password | test.go:170:12:170:19 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:171:21:171:28 | password | test.go:153:17:153:24 | definition of password | test.go:171:21:171:28 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:172:14:172:21 | password | test.go:153:17:153:24 | definition of password | test.go:172:14:172:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:173:13:173:20 | password | test.go:153:17:153:24 | definition of password | test.go:173:13:173:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:174:12:174:19 | password | test.go:153:17:153:24 | definition of password | test.go:174:12:174:19 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:175:15:175:22 | password | test.go:153:17:153:24 | definition of password | test.go:175:15:175:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:176:15:176:22 | password | test.go:153:17:153:24 | definition of password | test.go:176:15:176:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:177:18:177:25 | password | test.go:153:17:153:24 | definition of password | test.go:177:18:177:25 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:178:15:178:22 | password | test.go:153:17:153:24 | definition of password | test.go:178:15:178:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:179:19:179:26 | password | test.go:153:17:153:24 | definition of password | test.go:179:19:179:26 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:180:15:180:22 | password | test.go:153:17:153:24 | definition of password | test.go:180:15:180:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:181:14:181:21 | password | test.go:153:17:153:24 | definition of password | test.go:181:14:181:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:182:23:182:30 | password | test.go:153:17:153:24 | definition of password | test.go:182:23:182:30 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:183:16:183:23 | password | test.go:153:17:153:24 | definition of password | test.go:183:16:183:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:184:15:184:22 | password | test.go:153:17:153:24 | definition of password | test.go:184:15:184:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:185:14:185:21 | password | test.go:153:17:153:24 | definition of password | test.go:185:14:185:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:186:17:186:24 | password | test.go:153:17:153:24 | definition of password | test.go:186:17:186:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |
| test.go:187:16:187:23 | password | test.go:153:17:153:24 | definition of password | test.go:187:16:187:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password |

40
go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected
View File

@@ -1,7 +1,7 @@
#select
| test.go:35:13:35:30 | type conversion | test.go:33:6:33:10 | definition of bound | test.go:35:13:35:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:33:6:33:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:36:13:36:27 | type conversion | test.go:33:6:33:10 | definition of bound | test.go:36:13:36:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:33:6:33:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:37:13:37:29 | type conversion | test.go:33:6:33:10 | definition of bound | test.go:37:13:37:29 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:33:6:33:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:35:13:35:30 | type conversion | test.go:34:13:34:17 | bound [postupdate] | test.go:35:13:35:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:34:13:34:17 | bound [postupdate] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:36:13:36:27 | type conversion | test.go:34:13:34:17 | bound [postupdate] | test.go:36:13:36:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:34:13:34:17 | bound [postupdate] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:37:13:37:29 | type conversion | test.go:34:13:34:17 | bound [postupdate] | test.go:37:13:37:29 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:34:13:34:17 | bound [postupdate] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:42:13:42:43 | type conversion | test.go:42:20:42:42 | call to Cookie | test.go:42:13:42:43 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:42:20:42:42 | call to Cookie | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:47:13:47:52 | type conversion | test.go:47:20:47:31 | call to Data | test.go:47:13:47:52 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:47:20:47:31 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:52:13:52:53 | type conversion | test.go:52:20:52:43 | call to GetData | test.go:52:13:52:53 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:52:20:52:43 | call to GetData | user-provided value | test.go:0:0:0:0 | test.go | |
@@ -30,7 +30,7 @@
| test.go:232:14:232:22 | type conversion | test.go:231:7:231:28 | call to GetString | test.go:232:14:232:22 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:231:7:231:28 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:235:14:235:26 | type conversion | test.go:234:8:234:35 | call to GetStrings | test.go:235:14:235:26 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:234:8:234:35 | call to GetStrings | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:238:14:238:27 | type conversion | test.go:237:9:237:17 | call to Input | test.go:238:14:238:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:237:9:237:17 | call to Input | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:242:14:242:30 | type conversion | test.go:240:6:240:8 | definition of str | test.go:242:14:242:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:240:6:240:8 | definition of str | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:242:14:242:30 | type conversion | test.go:241:14:241:16 | str [postupdate] | test.go:242:14:242:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:241:14:241:16 | str [postupdate] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:249:21:249:29 | untrusted | test.go:246:15:246:36 | call to GetString | test.go:249:21:249:29 | untrusted | Cross-site scripting vulnerability due to $@. | test.go:246:15:246:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:259:16:259:45 | type conversion | test.go:259:23:259:44 | call to GetCookie | test.go:259:16:259:45 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:259:23:259:44 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:264:16:264:37 | call to GetCookie | test.go:264:16:264:37 | call to GetCookie | test.go:264:16:264:37 | call to GetCookie | Cross-site scripting vulnerability due to $@. | test.go:264:16:264:37 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | |
@@ -53,9 +53,9 @@
| test.go:311:21:311:48 | type assertion | test.go:309:15:309:36 | call to GetString | test.go:311:21:311:48 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:309:15:309:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:312:21:312:52 | type assertion | test.go:309:15:309:36 | call to GetString | test.go:312:21:312:52 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:309:15:309:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | |
edges
| test.go:33:6:33:10 | definition of bound | test.go:35:13:35:30 | type conversion | provenance | Src:MaD:1 |
| test.go:33:6:33:10 | definition of bound | test.go:36:13:36:27 | type conversion | provenance | Src:MaD:1 |
| test.go:33:6:33:10 | definition of bound | test.go:37:13:37:29 | type conversion | provenance | Src:MaD:1 |
| test.go:34:13:34:17 | bound [postupdate] | test.go:35:13:35:30 | type conversion | provenance | Src:MaD:1 |
| test.go:34:13:34:17 | bound [postupdate] | test.go:36:13:36:27 | type conversion | provenance | Src:MaD:1 |
| test.go:34:13:34:17 | bound [postupdate] | test.go:37:13:37:29 | type conversion | provenance | Src:MaD:1 |
| test.go:42:20:42:42 | call to Cookie | test.go:42:13:42:43 | type conversion | provenance | Src:MaD:2 |
| test.go:47:20:47:31 | call to Data | test.go:47:13:47:52 | type conversion | provenance | Src:MaD:3 |
| test.go:52:20:52:43 | call to GetData | test.go:52:13:52:53 | type conversion | provenance | Src:MaD:4 |
@@ -87,8 +87,8 @@ edges
| test.go:204:36:204:53 | type assertion | test.go:204:21:204:54 | call to Str2html | provenance | MaD:39 |
| test.go:205:21:205:58 | call to Substr | test.go:205:14:205:59 | type conversion | provenance | |
| test.go:205:34:205:51 | type assertion | test.go:205:21:205:58 | call to Substr | provenance | MaD:40 |
| test.go:207:6:207:6 | definition of s | test.go:209:14:209:28 | type conversion | provenance | |
| test.go:208:18:208:33 | selection of Form | test.go:207:6:207:6 | definition of s | provenance | Src:MaD:21 MaD:38 |
| test.go:208:18:208:33 | selection of Form | test.go:208:36:208:36 | s [postupdate] | provenance | Src:MaD:21 MaD:38 |
| test.go:208:36:208:36 | s [postupdate] | test.go:209:14:209:28 | type conversion | provenance | |
| test.go:223:2:223:34 | ... := ...[0] | test.go:225:31:225:31 | f | provenance | Src:MaD:15 |
| test.go:223:2:223:34 | ... := ...[1] | test.go:224:14:224:32 | type conversion | provenance | Src:MaD:15 |
| test.go:225:2:225:32 | ... := ...[0] | test.go:226:14:226:20 | content | provenance | |
@@ -97,7 +97,7 @@ edges
| test.go:231:7:231:28 | call to GetString | test.go:232:14:232:22 | type conversion | provenance | Src:MaD:17 |
| test.go:234:8:234:35 | call to GetStrings | test.go:235:14:235:26 | type conversion | provenance | Src:MaD:18 |
| test.go:237:9:237:17 | call to Input | test.go:238:14:238:27 | type conversion | provenance | Src:MaD:19 |
| test.go:240:6:240:8 | definition of str | test.go:242:14:242:30 | type conversion | provenance | Src:MaD:20 |
| test.go:241:14:241:16 | str [postupdate] | test.go:242:14:242:30 | type conversion | provenance | Src:MaD:20 |
| test.go:246:15:246:36 | call to GetString | test.go:249:21:249:29 | untrusted | provenance | Src:MaD:17 |
| test.go:259:23:259:44 | call to GetCookie | test.go:259:16:259:45 | type conversion | provenance | Src:MaD:14 |
| test.go:270:62:270:83 | call to GetCookie | test.go:270:55:270:84 | type conversion | provenance | Src:MaD:14 |
@@ -116,8 +116,8 @@ edges
| test.go:275:2:275:40 | ... := ...[0] | test.go:301:39:301:50 | genericFiles | provenance | Src:MaD:16 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:302:40:302:51 | genericFiles | provenance | Src:MaD:16 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:303:39:303:50 | genericFiles | provenance | Src:MaD:16 |
| test.go:276:2:276:13 | definition of genericFiles [array] | test.go:297:51:297:62 | genericFiles [array] | provenance | |
| test.go:278:21:278:28 | index expression | test.go:276:2:276:13 | definition of genericFiles [array] | provenance | |
| test.go:278:3:278:14 | genericFiles [postupdate] [array] | test.go:297:51:297:62 | genericFiles [array] | provenance | |
| test.go:278:21:278:28 | index expression | test.go:278:3:278:14 | genericFiles [postupdate] [array] | provenance | |
| test.go:283:44:283:60 | selection of Filename | test.go:283:21:283:61 | call to GetDisplayString | provenance | FunctionModel |
| test.go:284:21:284:53 | call to SliceChunk | test.go:284:21:284:92 | selection of Filename | provenance | |
| test.go:284:38:284:49 | genericFiles | test.go:284:21:284:53 | call to SliceChunk | provenance | MaD:22 |
@@ -146,10 +146,10 @@ edges
| test.go:302:40:302:51 | genericFiles | test.go:302:21:302:52 | call to SliceShuffle | provenance | MaD:30 |
| test.go:303:21:303:51 | call to SliceUnique | test.go:303:21:303:87 | selection of Filename | provenance | |
| test.go:303:39:303:50 | genericFiles | test.go:303:21:303:51 | call to SliceUnique | provenance | MaD:31 |
| test.go:308:2:308:5 | definition of bMap | test.go:311:21:311:24 | bMap | provenance | |
| test.go:308:2:308:5 | definition of bMap | test.go:312:21:312:24 | bMap | provenance | |
| test.go:309:15:309:36 | call to GetString | test.go:310:22:310:30 | untrusted | provenance | Src:MaD:17 |
| test.go:310:22:310:30 | untrusted | test.go:308:2:308:5 | definition of bMap | provenance | MaD:34 |
| test.go:310:2:310:5 | bMap [postupdate] | test.go:311:21:311:24 | bMap | provenance | |
| test.go:310:2:310:5 | bMap [postupdate] | test.go:312:21:312:24 | bMap | provenance | |
| test.go:310:22:310:30 | untrusted | test.go:310:2:310:5 | bMap [postupdate] | provenance | MaD:34 |
| test.go:311:21:311:24 | bMap | test.go:311:21:311:39 | call to Get | provenance | MaD:32 |
| test.go:311:21:311:39 | call to Get | test.go:311:21:311:48 | type assertion | provenance | |
| test.go:312:21:312:24 | bMap | test.go:312:21:312:32 | call to Items | provenance | MaD:33 |
@@ -197,7 +197,7 @@ models
| 40 | Summary: group:beego; ; false; Substr; ; ; Argument[0]; ReturnValue; taint; manual |
| 41 | Summary: io/ioutil; ; false; ReadAll; ; ; Argument[0]; ReturnValue[0]; taint; manual |
nodes
| test.go:33:6:33:10 | definition of bound | semmle.label | definition of bound |
| test.go:34:13:34:17 | bound [postupdate] | semmle.label | bound [postupdate] |
| test.go:35:13:35:30 | type conversion | semmle.label | type conversion |
| test.go:36:13:36:27 | type conversion | semmle.label | type conversion |
| test.go:37:13:37:29 | type conversion | semmle.label | type conversion |
@@ -249,8 +249,8 @@ nodes
| test.go:205:14:205:59 | type conversion | semmle.label | type conversion |
| test.go:205:21:205:58 | call to Substr | semmle.label | call to Substr |
| test.go:205:34:205:51 | type assertion | semmle.label | type assertion |
| test.go:207:6:207:6 | definition of s | semmle.label | definition of s |
| test.go:208:18:208:33 | selection of Form | semmle.label | selection of Form |
| test.go:208:36:208:36 | s [postupdate] | semmle.label | s [postupdate] |
| test.go:209:14:209:28 | type conversion | semmle.label | type conversion |
| test.go:223:2:223:34 | ... := ...[0] | semmle.label | ... := ...[0] |
| test.go:223:2:223:34 | ... := ...[1] | semmle.label | ... := ...[1] |
@@ -266,7 +266,7 @@ nodes
| test.go:235:14:235:26 | type conversion | semmle.label | type conversion |
| test.go:237:9:237:17 | call to Input | semmle.label | call to Input |
| test.go:238:14:238:27 | type conversion | semmle.label | type conversion |
| test.go:240:6:240:8 | definition of str | semmle.label | definition of str |
| test.go:241:14:241:16 | str [postupdate] | semmle.label | str [postupdate] |
| test.go:242:14:242:30 | type conversion | semmle.label | type conversion |
| test.go:246:15:246:36 | call to GetString | semmle.label | call to GetString |
| test.go:249:21:249:29 | untrusted | semmle.label | untrusted |
@@ -277,7 +277,7 @@ nodes
| test.go:270:55:270:84 | type conversion | semmle.label | type conversion |
| test.go:270:62:270:83 | call to GetCookie | semmle.label | call to GetCookie |
| test.go:275:2:275:40 | ... := ...[0] | semmle.label | ... := ...[0] |
| test.go:276:2:276:13 | definition of genericFiles [array] | semmle.label | definition of genericFiles [array] |
| test.go:278:3:278:14 | genericFiles [postupdate] [array] | semmle.label | genericFiles [postupdate] [array] |
| test.go:278:21:278:28 | index expression | semmle.label | index expression |
| test.go:283:21:283:61 | call to GetDisplayString | semmle.label | call to GetDisplayString |
| test.go:283:44:283:60 | selection of Filename | semmle.label | selection of Filename |
@@ -321,8 +321,8 @@ nodes
| test.go:303:21:303:51 | call to SliceUnique | semmle.label | call to SliceUnique |
| test.go:303:21:303:87 | selection of Filename | semmle.label | selection of Filename |
| test.go:303:39:303:50 | genericFiles | semmle.label | genericFiles |
| test.go:308:2:308:5 | definition of bMap | semmle.label | definition of bMap |
| test.go:309:15:309:36 | call to GetString | semmle.label | call to GetString |
| test.go:310:2:310:5 | bMap [postupdate] | semmle.label | bMap [postupdate] |
| test.go:310:22:310:30 | untrusted | semmle.label | untrusted |
| test.go:311:21:311:24 | bMap | semmle.label | bMap |
| test.go:311:21:311:39 | call to Get | semmle.label | call to Get |

6
go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected
View File

@@ -10,8 +10,8 @@ edges
| test.go:215:15:215:26 | call to Data | test.go:216:18:216:26 | untrusted | provenance | Src:MaD:6 Sink:MaD:2 |
| test.go:215:15:215:26 | call to Data | test.go:217:10:217:18 | untrusted | provenance | Src:MaD:6 Sink:MaD:5 |
| test.go:215:15:215:26 | call to Data | test.go:218:35:218:43 | untrusted | provenance | Src:MaD:6 Sink:MaD:3 |
| test.go:324:17:324:37 | selection of RequestBody | test.go:324:40:324:43 | &... | provenance | Src:MaD:7 MaD:8 |
| test.go:324:40:324:43 | &... | test.go:326:35:326:43 | untrusted | provenance | Sink:MaD:3 |
| test.go:324:17:324:37 | selection of RequestBody | test.go:324:40:324:43 | &... [postupdate] | provenance | Src:MaD:7 MaD:8 |
| test.go:324:40:324:43 | &... [postupdate] | test.go:326:35:326:43 | untrusted | provenance | Sink:MaD:3 |
| test.go:332:15:332:26 | call to Data | test.go:334:23:334:31 | untrusted | provenance | Src:MaD:6 Sink:MaD:1 |
| test.go:340:15:340:26 | call to Data | test.go:342:53:342:61 | untrusted | provenance | Src:MaD:6 Sink:MaD:4 |
| test.go:340:15:340:26 | call to Data | test.go:344:23:344:31 | untrusted | provenance | Src:MaD:6 Sink:MaD:1 |
@@ -30,7 +30,7 @@ nodes
| test.go:217:10:217:18 | untrusted | semmle.label | untrusted |
| test.go:218:35:218:43 | untrusted | semmle.label | untrusted |
| test.go:324:17:324:37 | selection of RequestBody | semmle.label | selection of RequestBody |
| test.go:324:40:324:43 | &... | semmle.label | &... |
| test.go:324:40:324:43 | &... [postupdate] | semmle.label | &... [postupdate] |
| test.go:326:35:326:43 | untrusted | semmle.label | untrusted |
| test.go:332:15:332:26 | call to Data | semmle.label | call to Data |
| test.go:334:23:334:31 | untrusted | semmle.label | untrusted |

106
go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected
View File

@@ -1,8 +1,8 @@
#select
| test.go:81:13:81:29 | type conversion | test.go:80:13:80:16 | &... | test.go:81:13:81:29 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:80:13:80:16 | &... | stored value |
| test.go:82:13:82:43 | type conversion | test.go:80:13:80:16 | &... | test.go:82:13:82:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:80:13:80:16 | &... | stored value |
| test.go:86:13:86:30 | type conversion | test.go:85:22:85:26 | &... | test.go:86:13:86:30 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:85:22:85:26 | &... | stored value |
| test.go:90:13:90:30 | type conversion | test.go:89:21:89:25 | &... | test.go:90:13:90:30 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:89:21:89:25 | &... | stored value |
| test.go:81:13:81:29 | type conversion | test.go:80:13:80:16 | &... [postupdate] | test.go:81:13:81:29 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:80:13:80:16 | &... [postupdate] | stored value |
| test.go:82:13:82:43 | type conversion | test.go:80:13:80:16 | &... [postupdate] | test.go:82:13:82:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:80:13:80:16 | &... [postupdate] | stored value |
| test.go:86:13:86:30 | type conversion | test.go:85:22:85:26 | &... [postupdate] | test.go:86:13:86:30 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:85:22:85:26 | &... [postupdate] | stored value |
| test.go:90:13:90:30 | type conversion | test.go:89:21:89:25 | &... [postupdate] | test.go:90:13:90:30 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:89:21:89:25 | &... [postupdate] | stored value |
| test.go:95:13:95:37 | type conversion | test.go:95:20:95:36 | call to Value | test.go:95:13:95:37 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:95:20:95:36 | call to Value | stored value |
| test.go:96:13:96:49 | type conversion | test.go:96:20:96:39 | call to RawValue | test.go:96:13:96:49 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:96:20:96:39 | call to RawValue | stored value |
| test.go:97:13:97:38 | type conversion | test.go:97:20:97:37 | call to String | test.go:97:13:97:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:97:20:97:37 | call to String | stored value |
@@ -12,25 +12,25 @@
| test.go:101:13:101:38 | type conversion | test.go:101:20:101:37 | call to Value | test.go:101:13:101:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:101:20:101:37 | call to Value | stored value |
| test.go:102:13:102:50 | type conversion | test.go:102:20:102:40 | call to RawValue | test.go:102:13:102:50 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:102:20:102:40 | call to RawValue | stored value |
| test.go:103:13:103:39 | type conversion | test.go:103:20:103:38 | call to String | test.go:103:13:103:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:103:20:103:38 | call to String | stored value |
| test.go:110:13:110:33 | type conversion | test.go:109:9:109:13 | &... | test.go:110:13:110:33 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:109:9:109:13 | &... | stored value |
| test.go:114:13:114:29 | type conversion | test.go:113:9:113:12 | &... | test.go:114:13:114:29 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:113:9:113:12 | &... | stored value |
| test.go:118:13:118:48 | type conversion | test.go:117:12:117:19 | &... | test.go:118:13:118:48 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:117:12:117:19 | &... | stored value |
| test.go:122:13:122:43 | type conversion | test.go:121:16:121:24 | &... | test.go:122:13:122:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:121:16:121:24 | &... | stored value |
| test.go:126:13:126:39 | type conversion | test.go:125:16:125:23 | &... | test.go:126:13:126:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:125:16:125:23 | &... | stored value |
| test.go:130:13:130:47 | type conversion | test.go:129:15:129:24 | &... | test.go:130:13:130:47 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:129:15:129:24 | &... | stored value |
| test.go:134:13:134:38 | type conversion | test.go:133:18:133:30 | &... | test.go:134:13:134:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:133:18:133:30 | &... | stored value |
| test.go:141:13:141:48 | type conversion | test.go:140:12:140:19 | &... | test.go:141:13:141:48 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:140:12:140:19 | &... | stored value |
| test.go:145:13:145:43 | type conversion | test.go:144:16:144:24 | &... | test.go:145:13:145:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:144:16:144:24 | &... | stored value |
| test.go:149:13:149:39 | type conversion | test.go:148:16:148:23 | &... | test.go:149:13:149:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:148:16:148:23 | &... | stored value |
| test.go:153:13:153:47 | type conversion | test.go:152:15:152:24 | &... | test.go:153:13:153:47 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:152:15:152:24 | &... | stored value |
| test.go:157:13:157:38 | type conversion | test.go:156:18:156:30 | &... | test.go:157:13:157:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:156:18:156:30 | &... | stored value |
| test.go:161:13:161:28 | type conversion | test.go:160:14:160:22 | &... | test.go:161:13:161:28 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:160:14:160:22 | &... | stored value |
| test.go:165:13:165:32 | type conversion | test.go:164:15:164:24 | &... | test.go:165:13:165:32 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:164:15:164:24 | &... | stored value |
| test.go:110:13:110:33 | type conversion | test.go:109:9:109:13 | &... [postupdate] | test.go:110:13:110:33 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:109:9:109:13 | &... [postupdate] | stored value |
| test.go:114:13:114:29 | type conversion | test.go:113:9:113:12 | &... [postupdate] | test.go:114:13:114:29 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:113:9:113:12 | &... [postupdate] | stored value |
| test.go:118:13:118:48 | type conversion | test.go:117:12:117:19 | &... [postupdate] | test.go:118:13:118:48 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:117:12:117:19 | &... [postupdate] | stored value |
| test.go:122:13:122:43 | type conversion | test.go:121:16:121:24 | &... [postupdate] | test.go:122:13:122:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:121:16:121:24 | &... [postupdate] | stored value |
| test.go:126:13:126:39 | type conversion | test.go:125:16:125:23 | &... [postupdate] | test.go:126:13:126:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:125:16:125:23 | &... [postupdate] | stored value |
| test.go:130:13:130:47 | type conversion | test.go:129:15:129:24 | &... [postupdate] | test.go:130:13:130:47 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:129:15:129:24 | &... [postupdate] | stored value |
| test.go:134:13:134:38 | type conversion | test.go:133:18:133:30 | &... [postupdate] | test.go:134:13:134:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:133:18:133:30 | &... [postupdate] | stored value |
| test.go:141:13:141:48 | type conversion | test.go:140:12:140:19 | &... [postupdate] | test.go:141:13:141:48 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:140:12:140:19 | &... [postupdate] | stored value |
| test.go:145:13:145:43 | type conversion | test.go:144:16:144:24 | &... [postupdate] | test.go:145:13:145:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:144:16:144:24 | &... [postupdate] | stored value |
| test.go:149:13:149:39 | type conversion | test.go:148:16:148:23 | &... [postupdate] | test.go:149:13:149:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:148:16:148:23 | &... [postupdate] | stored value |
| test.go:153:13:153:47 | type conversion | test.go:152:15:152:24 | &... [postupdate] | test.go:153:13:153:47 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:152:15:152:24 | &... [postupdate] | stored value |
| test.go:157:13:157:38 | type conversion | test.go:156:18:156:30 | &... [postupdate] | test.go:157:13:157:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:156:18:156:30 | &... [postupdate] | stored value |
| test.go:161:13:161:28 | type conversion | test.go:160:14:160:22 | &... [postupdate] | test.go:161:13:161:28 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:160:14:160:22 | &... [postupdate] | stored value |
| test.go:165:13:165:32 | type conversion | test.go:164:15:164:24 | &... [postupdate] | test.go:165:13:165:32 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:164:15:164:24 | &... [postupdate] | stored value |
edges
| test.go:80:13:80:16 | &... | test.go:81:13:81:29 | type conversion | provenance | Src:MaD:1 |
| test.go:80:13:80:16 | &... | test.go:82:13:82:43 | type conversion | provenance | Src:MaD:1 |
| test.go:85:22:85:26 | &... | test.go:86:13:86:30 | type conversion | provenance | Src:MaD:2 |
| test.go:89:21:89:25 | &... | test.go:90:13:90:30 | type conversion | provenance | Src:MaD:3 |
| test.go:80:13:80:16 | &... [postupdate] | test.go:81:13:81:29 | type conversion | provenance | Src:MaD:1 |
| test.go:80:13:80:16 | &... [postupdate] | test.go:82:13:82:43 | type conversion | provenance | Src:MaD:1 |
| test.go:85:22:85:26 | &... [postupdate] | test.go:86:13:86:30 | type conversion | provenance | Src:MaD:2 |
| test.go:89:21:89:25 | &... [postupdate] | test.go:90:13:90:30 | type conversion | provenance | Src:MaD:3 |
| test.go:95:20:95:36 | call to Value | test.go:95:13:95:37 | type conversion | provenance | |
| test.go:96:20:96:39 | call to RawValue | test.go:96:13:96:49 | type conversion | provenance | |
| test.go:97:20:97:37 | call to String | test.go:97:13:97:38 | type conversion | provenance | |
@@ -40,31 +40,31 @@ edges
| test.go:101:20:101:37 | call to Value | test.go:101:13:101:38 | type conversion | provenance | |
| test.go:102:20:102:40 | call to RawValue | test.go:102:13:102:50 | type conversion | provenance | |
| test.go:103:20:103:38 | call to String | test.go:103:13:103:39 | type conversion | provenance | |
| test.go:109:9:109:13 | &... | test.go:110:13:110:33 | type conversion | provenance | |
| test.go:113:9:113:12 | &... | test.go:114:13:114:29 | type conversion | provenance | |
| test.go:117:12:117:19 | &... | test.go:118:13:118:48 | type conversion | provenance | |
| test.go:121:16:121:24 | &... | test.go:122:13:122:43 | type conversion | provenance | |
| test.go:125:16:125:23 | &... | test.go:126:13:126:39 | type conversion | provenance | |
| test.go:129:15:129:24 | &... | test.go:130:13:130:47 | type conversion | provenance | |
| test.go:133:18:133:30 | &... | test.go:134:13:134:38 | type conversion | provenance | |
| test.go:140:12:140:19 | &... | test.go:141:13:141:48 | type conversion | provenance | |
| test.go:144:16:144:24 | &... | test.go:145:13:145:43 | type conversion | provenance | |
| test.go:148:16:148:23 | &... | test.go:149:13:149:39 | type conversion | provenance | |
| test.go:152:15:152:24 | &... | test.go:153:13:153:47 | type conversion | provenance | |
| test.go:156:18:156:30 | &... | test.go:157:13:157:38 | type conversion | provenance | |
| test.go:160:14:160:22 | &... | test.go:161:13:161:28 | type conversion | provenance | |
| test.go:164:15:164:24 | &... | test.go:165:13:165:32 | type conversion | provenance | |
| test.go:109:9:109:13 | &... [postupdate] | test.go:110:13:110:33 | type conversion | provenance | |
| test.go:113:9:113:12 | &... [postupdate] | test.go:114:13:114:29 | type conversion | provenance | |
| test.go:117:12:117:19 | &... [postupdate] | test.go:118:13:118:48 | type conversion | provenance | |
| test.go:121:16:121:24 | &... [postupdate] | test.go:122:13:122:43 | type conversion | provenance | |
| test.go:125:16:125:23 | &... [postupdate] | test.go:126:13:126:39 | type conversion | provenance | |
| test.go:129:15:129:24 | &... [postupdate] | test.go:130:13:130:47 | type conversion | provenance | |
| test.go:133:18:133:30 | &... [postupdate] | test.go:134:13:134:38 | type conversion | provenance | |
| test.go:140:12:140:19 | &... [postupdate] | test.go:141:13:141:48 | type conversion | provenance | |
| test.go:144:16:144:24 | &... [postupdate] | test.go:145:13:145:43 | type conversion | provenance | |
| test.go:148:16:148:23 | &... [postupdate] | test.go:149:13:149:39 | type conversion | provenance | |
| test.go:152:15:152:24 | &... [postupdate] | test.go:153:13:153:47 | type conversion | provenance | |
| test.go:156:18:156:30 | &... [postupdate] | test.go:157:13:157:38 | type conversion | provenance | |
| test.go:160:14:160:22 | &... [postupdate] | test.go:161:13:161:28 | type conversion | provenance | |
| test.go:164:15:164:24 | &... [postupdate] | test.go:165:13:165:32 | type conversion | provenance | |
models
| 1 | Source: group:beego-orm; Ormer; true; Read; ; ; Argument[0]; database; manual |
| 2 | Source: group:beego-orm; Ormer; true; ReadForUpdate; ; ; Argument[0]; database; manual |
| 3 | Source: group:beego-orm; Ormer; true; ReadOrCreate; ; ; Argument[0]; database; manual |
nodes
| test.go:80:13:80:16 | &... | semmle.label | &... |
| test.go:80:13:80:16 | &... [postupdate] | semmle.label | &... [postupdate] |
| test.go:81:13:81:29 | type conversion | semmle.label | type conversion |
| test.go:82:13:82:43 | type conversion | semmle.label | type conversion |
| test.go:85:22:85:26 | &... | semmle.label | &... |
| test.go:85:22:85:26 | &... [postupdate] | semmle.label | &... [postupdate] |
| test.go:86:13:86:30 | type conversion | semmle.label | type conversion |
| test.go:89:21:89:25 | &... | semmle.label | &... |
| test.go:89:21:89:25 | &... [postupdate] | semmle.label | &... [postupdate] |
| test.go:90:13:90:30 | type conversion | semmle.label | type conversion |
| test.go:95:13:95:37 | type conversion | semmle.label | type conversion |
| test.go:95:20:95:36 | call to Value | semmle.label | call to Value |
@@ -84,32 +84,32 @@ nodes
| test.go:102:20:102:40 | call to RawValue | semmle.label | call to RawValue |
| test.go:103:13:103:39 | type conversion | semmle.label | type conversion |
| test.go:103:20:103:38 | call to String | semmle.label | call to String |
| test.go:109:9:109:13 | &... | semmle.label | &... |
| test.go:109:9:109:13 | &... [postupdate] | semmle.label | &... [postupdate] |
| test.go:110:13:110:33 | type conversion | semmle.label | type conversion |
| test.go:113:9:113:12 | &... | semmle.label | &... |
| test.go:113:9:113:12 | &... [postupdate] | semmle.label | &... [postupdate] |
| test.go:114:13:114:29 | type conversion | semmle.label | type conversion |
| test.go:117:12:117:19 | &... | semmle.label | &... |
| test.go:117:12:117:19 | &... [postupdate] | semmle.label | &... [postupdate] |
| test.go:118:13:118:48 | type conversion | semmle.label | type conversion |
| test.go:121:16:121:24 | &... | semmle.label | &... |
| test.go:121:16:121:24 | &... [postupdate] | semmle.label | &... [postupdate] |
| test.go:122:13:122:43 | type conversion | semmle.label | type conversion |
| test.go:125:16:125:23 | &... | semmle.label | &... |
| test.go:125:16:125:23 | &... [postupdate] | semmle.label | &... [postupdate] |
| test.go:126:13:126:39 | type conversion | semmle.label | type conversion |
| test.go:129:15:129:24 | &... | semmle.label | &... |
| test.go:129:15:129:24 | &... [postupdate] | semmle.label | &... [postupdate] |
| test.go:130:13:130:47 | type conversion | semmle.label | type conversion |
| test.go:133:18:133:30 | &... | semmle.label | &... |
| test.go:133:18:133:30 | &... [postupdate] | semmle.label | &... [postupdate] |
| test.go:134:13:134:38 | type conversion | semmle.label | type conversion |
| test.go:140:12:140:19 | &... | semmle.label | &... |
| test.go:140:12:140:19 | &... [postupdate] | semmle.label | &... [postupdate] |
| test.go:141:13:141:48 | type conversion | semmle.label | type conversion |
| test.go:144:16:144:24 | &... | semmle.label | &... |
| test.go:144:16:144:24 | &... [postupdate] | semmle.label | &... [postupdate] |
| test.go:145:13:145:43 | type conversion | semmle.label | type conversion |
| test.go:148:16:148:23 | &... | semmle.label | &... |
| test.go:148:16:148:23 | &... [postupdate] | semmle.label | &... [postupdate] |
| test.go:149:13:149:39 | type conversion | semmle.label | type conversion |
| test.go:152:15:152:24 | &... | semmle.label | &... |
| test.go:152:15:152:24 | &... [postupdate] | semmle.label | &... [postupdate] |
| test.go:153:13:153:47 | type conversion | semmle.label | type conversion |
| test.go:156:18:156:30 | &... | semmle.label | &... |
| test.go:156:18:156:30 | &... [postupdate] | semmle.label | &... [postupdate] |
| test.go:157:13:157:38 | type conversion | semmle.label | type conversion |
| test.go:160:14:160:22 | &... | semmle.label | &... |
| test.go:160:14:160:22 | &... [postupdate] | semmle.label | &... [postupdate] |
| test.go:161:13:161:28 | type conversion | semmle.label | type conversion |
| test.go:164:15:164:24 | &... | semmle.label | &... |
| test.go:164:15:164:24 | &... [postupdate] | semmle.label | &... [postupdate] |
| test.go:165:13:165:32 | type conversion | semmle.label | type conversion |
subpaths

28
go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected
View File

@@ -1,14 +1,15 @@
#select
| test.go:173:20:173:24 | param | test.go:172:11:172:32 | call to Param | test.go:173:20:173:24 | param | This path to an untrusted URL redirection depends on a $@. | test.go:172:11:172:32 | call to Param | user-provided value |
| test.go:182:20:182:28 | ...+... | test.go:178:11:178:32 | call to Param | test.go:182:20:182:28 | ...+... | This path to an untrusted URL redirection depends on a $@. | test.go:178:11:178:32 | call to Param | user-provided value |
| test.go:185:20:185:29 | ...+... | test.go:178:11:178:32 | call to Param | test.go:185:20:185:29 | ...+... | This path to an untrusted URL redirection depends on a $@. | test.go:178:11:178:32 | call to Param | user-provided value |
edges
| test.go:172:11:172:32 | call to Param | test.go:173:20:173:24 | param | provenance | Src:MaD:2 Sink:MaD:1 |
| test.go:178:11:178:32 | call to Param | test.go:182:24:182:28 | param | provenance | Src:MaD:2 |
| test.go:182:24:182:28 | param | test.go:182:20:182:28 | ...+... | provenance | Config Sink:MaD:1 |
| test.go:190:9:190:26 | star expression | test.go:190:10:190:26 | selection of URL | provenance | Config |
| test.go:190:9:190:26 | star expression | test.go:193:21:193:23 | url | provenance | |
| test.go:190:10:190:26 | selection of URL | test.go:190:9:190:26 | star expression | provenance | Src:MaD:3 Config |
| test.go:193:21:193:23 | url | test.go:193:21:193:32 | call to String | provenance | Config Sink:MaD:1 |
| test.go:178:11:178:32 | call to Param | test.go:185:24:185:29 | param2 | provenance | Src:MaD:2 |
| test.go:185:24:185:29 | param2 | test.go:185:20:185:29 | ...+... | provenance | Config Sink:MaD:1 |
| test.go:193:9:193:26 | star expression | test.go:193:10:193:26 | selection of URL [postupdate] | provenance | Config |
| test.go:193:9:193:26 | star expression | test.go:196:21:196:23 | url | provenance | |
| test.go:193:10:193:26 | selection of URL | test.go:193:9:193:26 | star expression | provenance | Src:MaD:3 Config |
| test.go:193:10:193:26 | selection of URL [postupdate] | test.go:193:9:193:26 | star expression | provenance | Config |
| test.go:196:21:196:23 | url | test.go:196:21:196:32 | call to String | provenance | Config Sink:MaD:1 |
models
| 1 | Sink: github.com/labstack/echo; Context; true; Redirect; ; ; Argument[1]; url-redirection; manual |
| 2 | Source: github.com/labstack/echo; Context; true; Param; ; ; ReturnValue[0]; remote; manual |
@@ -17,10 +18,11 @@ nodes
| test.go:172:11:172:32 | call to Param | semmle.label | call to Param |
| test.go:173:20:173:24 | param | semmle.label | param |
| test.go:178:11:178:32 | call to Param | semmle.label | call to Param |
| test.go:182:20:182:28 | ...+... | semmle.label | ...+... |
| test.go:182:24:182:28 | param | semmle.label | param |
| test.go:190:9:190:26 | star expression | semmle.label | star expression |
| test.go:190:10:190:26 | selection of URL | semmle.label | selection of URL |
| test.go:193:21:193:23 | url | semmle.label | url |
| test.go:193:21:193:32 | call to String | semmle.label | call to String |
| test.go:185:20:185:29 | ...+... | semmle.label | ...+... |
| test.go:185:24:185:29 | param2 | semmle.label | param2 |
| test.go:193:9:193:26 | star expression | semmle.label | star expression |
| test.go:193:10:193:26 | selection of URL | semmle.label | selection of URL |
| test.go:193:10:193:26 | selection of URL [postupdate] | semmle.label | selection of URL [postupdate] |
| test.go:196:21:196:23 | url | semmle.label | url |
| test.go:196:21:196:32 | call to String | semmle.label | call to String |
subpaths

32
go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected
View File

@@ -11,7 +11,7 @@
| test.go:77:20:77:25 | buffer | test.go:72:2:72:31 | ... := ...[0] | test.go:77:20:77:25 | buffer | Cross-site scripting vulnerability due to $@. | test.go:72:2:72:31 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:83:16:83:24 | selection of Value | test.go:82:2:82:32 | ... := ...[0] | test.go:83:16:83:24 | selection of Value | Cross-site scripting vulnerability due to $@. | test.go:82:2:82:32 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:89:16:89:31 | selection of Value | test.go:88:13:88:25 | call to Cookies | test.go:89:16:89:31 | selection of Value | Cross-site scripting vulnerability due to $@. | test.go:88:13:88:25 | call to Cookies | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:100:16:100:21 | selection of s | test.go:99:11:99:15 | &... | test.go:100:16:100:21 | selection of s | Cross-site scripting vulnerability due to $@. | test.go:99:11:99:15 | &... | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:100:16:100:21 | selection of s | test.go:99:11:99:15 | &... [postupdate] | test.go:100:16:100:21 | selection of s | Cross-site scripting vulnerability due to $@. | test.go:99:11:99:15 | &... [postupdate] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:114:16:114:42 | type assertion | test.go:113:21:113:42 | call to Param | test.go:114:16:114:42 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:113:21:113:42 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:125:16:125:20 | param | test.go:124:11:124:32 | call to Param | test.go:125:16:125:20 | param | Cross-site scripting vulnerability due to $@. | test.go:124:11:124:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:131:20:131:32 | type conversion | test.go:130:11:130:32 | call to Param | test.go:131:20:131:32 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:130:11:130:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | |
@@ -29,23 +29,23 @@ edges
| test.go:57:2:57:46 | ... := ...[0] | test.go:58:13:58:22 | fileHeader | provenance | Src:MaD:4 |
| test.go:58:2:58:29 | ... := ...[0] | test.go:60:2:60:5 | file | provenance | |
| test.go:58:13:58:22 | fileHeader | test.go:58:2:58:29 | ... := ...[0] | provenance | MaD:17 |
| test.go:59:2:59:7 | definition of buffer | test.go:61:20:61:25 | buffer | provenance | |
| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | provenance | MaD:15 |
| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | provenance | MaD:16 |
| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | provenance | MaD:18 |
| test.go:60:2:60:5 | file | test.go:60:12:60:17 | buffer [postupdate] | provenance | MaD:15 |
| test.go:60:2:60:5 | file | test.go:60:12:60:17 | buffer [postupdate] | provenance | MaD:16 |
| test.go:60:2:60:5 | file | test.go:60:12:60:17 | buffer [postupdate] | provenance | MaD:18 |
| test.go:60:12:60:17 | buffer [postupdate] | test.go:61:20:61:25 | buffer | provenance | |
| test.go:66:2:66:31 | ... := ...[0] | test.go:67:16:67:41 | index expression | provenance | Src:MaD:7 |
| test.go:72:2:72:31 | ... := ...[0] | test.go:74:13:74:22 | fileHeader | provenance | Src:MaD:7 |
| test.go:74:2:74:29 | ... := ...[0] | test.go:76:2:76:5 | file | provenance | |
| test.go:74:13:74:22 | fileHeader | test.go:74:2:74:29 | ... := ...[0] | provenance | MaD:17 |
| test.go:75:2:75:7 | definition of buffer | test.go:77:20:77:25 | buffer | provenance | |
| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | provenance | MaD:15 |
| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | provenance | MaD:16 |
| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | provenance | MaD:18 |
| test.go:76:2:76:5 | file | test.go:76:12:76:17 | buffer [postupdate] | provenance | MaD:15 |
| test.go:76:2:76:5 | file | test.go:76:12:76:17 | buffer [postupdate] | provenance | MaD:16 |
| test.go:76:2:76:5 | file | test.go:76:12:76:17 | buffer [postupdate] | provenance | MaD:18 |
| test.go:76:12:76:17 | buffer [postupdate] | test.go:77:20:77:25 | buffer | provenance | |
| test.go:82:2:82:32 | ... := ...[0] | test.go:83:16:83:24 | selection of Value | provenance | Src:MaD:2 |
| test.go:88:13:88:25 | call to Cookies | test.go:89:16:89:31 | selection of Value | provenance | Src:MaD:3 |
| test.go:99:11:99:15 | &... | test.go:100:16:100:21 | selection of s | provenance | Src:MaD:1 |
| test.go:112:17:112:19 | definition of ctx | test.go:114:16:114:18 | ctx | provenance | |
| test.go:113:21:113:42 | call to Param | test.go:112:17:112:19 | definition of ctx | provenance | Src:MaD:8 MaD:14 |
| test.go:99:11:99:15 | &... [postupdate] | test.go:100:16:100:21 | selection of s | provenance | Src:MaD:1 |
| test.go:113:2:113:4 | ctx [postupdate] | test.go:114:16:114:18 | ctx | provenance | |
| test.go:113:21:113:42 | call to Param | test.go:113:2:113:4 | ctx [postupdate] | provenance | Src:MaD:8 MaD:14 |
| test.go:114:16:114:18 | ctx | test.go:114:16:114:33 | call to Get | provenance | MaD:13 |
| test.go:114:16:114:33 | call to Get | test.go:114:16:114:42 | type assertion | provenance | |
| test.go:124:11:124:32 | call to Param | test.go:125:16:125:20 | param | provenance | Src:MaD:8 |
@@ -93,24 +93,24 @@ nodes
| test.go:57:2:57:46 | ... := ...[0] | semmle.label | ... := ...[0] |
| test.go:58:2:58:29 | ... := ...[0] | semmle.label | ... := ...[0] |
| test.go:58:13:58:22 | fileHeader | semmle.label | fileHeader |
| test.go:59:2:59:7 | definition of buffer | semmle.label | definition of buffer |
| test.go:60:2:60:5 | file | semmle.label | file |
| test.go:60:12:60:17 | buffer [postupdate] | semmle.label | buffer [postupdate] |
| test.go:61:20:61:25 | buffer | semmle.label | buffer |
| test.go:66:2:66:31 | ... := ...[0] | semmle.label | ... := ...[0] |
| test.go:67:16:67:41 | index expression | semmle.label | index expression |
| test.go:72:2:72:31 | ... := ...[0] | semmle.label | ... := ...[0] |
| test.go:74:2:74:29 | ... := ...[0] | semmle.label | ... := ...[0] |
| test.go:74:13:74:22 | fileHeader | semmle.label | fileHeader |
| test.go:75:2:75:7 | definition of buffer | semmle.label | definition of buffer |
| test.go:76:2:76:5 | file | semmle.label | file |
| test.go:76:12:76:17 | buffer [postupdate] | semmle.label | buffer [postupdate] |
| test.go:77:20:77:25 | buffer | semmle.label | buffer |
| test.go:82:2:82:32 | ... := ...[0] | semmle.label | ... := ...[0] |
| test.go:83:16:83:24 | selection of Value | semmle.label | selection of Value |
| test.go:88:13:88:25 | call to Cookies | semmle.label | call to Cookies |
| test.go:89:16:89:31 | selection of Value | semmle.label | selection of Value |
| test.go:99:11:99:15 | &... | semmle.label | &... |
| test.go:99:11:99:15 | &... [postupdate] | semmle.label | &... [postupdate] |
| test.go:100:16:100:21 | selection of s | semmle.label | selection of s |
| test.go:112:17:112:19 | definition of ctx | semmle.label | definition of ctx |
| test.go:113:2:113:4 | ctx [postupdate] | semmle.label | ctx [postupdate] |
| test.go:113:21:113:42 | call to Param | semmle.label | call to Param |
| test.go:114:16:114:18 | ctx | semmle.label | ctx |
| test.go:114:16:114:33 | call to Get | semmle.label | call to Get |

16
go/ql/test/library-tests/semmle/go/frameworks/Echo/TaintedPath.expected
View File

@@ -1,16 +1,16 @@
#select
| test.go:222:17:222:24 | filepath | test.go:221:15:221:38 | call to QueryParam | test.go:222:17:222:24 | filepath | This path depends on a $@. | test.go:221:15:221:38 | call to QueryParam | user-provided value |
| test.go:226:23:226:30 | filepath | test.go:225:15:225:38 | call to QueryParam | test.go:226:23:226:30 | filepath | This path depends on a $@. | test.go:225:15:225:38 | call to QueryParam | user-provided value |
| test.go:225:17:225:24 | filepath | test.go:224:15:224:38 | call to QueryParam | test.go:225:17:225:24 | filepath | This path depends on a $@. | test.go:224:15:224:38 | call to QueryParam | user-provided value |
| test.go:229:23:229:30 | filepath | test.go:228:15:228:38 | call to QueryParam | test.go:229:23:229:30 | filepath | This path depends on a $@. | test.go:228:15:228:38 | call to QueryParam | user-provided value |
edges
| test.go:221:15:221:38 | call to QueryParam | test.go:222:17:222:24 | filepath | provenance | Src:MaD:3 Sink:MaD:2 |
| test.go:225:15:225:38 | call to QueryParam | test.go:226:23:226:30 | filepath | provenance | Src:MaD:3 Sink:MaD:1 |
| test.go:224:15:224:38 | call to QueryParam | test.go:225:17:225:24 | filepath | provenance | Src:MaD:3 Sink:MaD:2 |
| test.go:228:15:228:38 | call to QueryParam | test.go:229:23:229:30 | filepath | provenance | Src:MaD:3 Sink:MaD:1 |
models
| 1 | Sink: github.com/labstack/echo; Context; true; Attachment; ; ; Argument[0]; path-injection; manual |
| 2 | Sink: github.com/labstack/echo; Context; true; File; ; ; Argument[0]; path-injection; manual |
| 3 | Source: github.com/labstack/echo; Context; true; QueryParam; ; ; ReturnValue[0]; remote; manual |
nodes
| test.go:221:15:221:38 | call to QueryParam | semmle.label | call to QueryParam |
| test.go:222:17:222:24 | filepath | semmle.label | filepath |
| test.go:225:15:225:38 | call to QueryParam | semmle.label | call to QueryParam |
| test.go:226:23:226:30 | filepath | semmle.label | filepath |
| test.go:224:15:224:38 | call to QueryParam | semmle.label | call to QueryParam |
| test.go:225:17:225:24 | filepath | semmle.label | filepath |
| test.go:228:15:228:38 | call to QueryParam | semmle.label | call to QueryParam |
| test.go:229:23:229:30 | filepath | semmle.label | filepath |
subpaths

7
go/ql/test/library-tests/semmle/go/frameworks/Echo/test.go
View File

@@ -176,12 +176,15 @@ func testRedirect(ctx echo.Context) error {
func testLocalRedirects(ctx echo.Context) error {
param := ctx.Param("someParam")
param2 := param
param3 := param
// Gratuitous copy because sanitization of uses propagates to subsequent uses
// GOOD: local redirects are unproblematic
ctx.Redirect(301, "/local"+param)
// BAD: this could be a non-local redirect
ctx.Redirect(301, "/"+param)
ctx.Redirect(301, "/"+param2)
// GOOD: localhost redirects are unproblematic
ctx.Redirect(301, "//localhost/"+param)
ctx.Redirect(301, "//localhost/"+param3)
return nil
}

2
go/ql/test/library-tests/semmle/go/frameworks/Email/EmailData.expected
View File

@@ -1,5 +1,5 @@
| mail.go:15:73:15:94 | type conversion |
| mail.go:18:19:18:23 | definition of write |
| mail.go:20:17:20:21 | write [postupdate] |
| mail.go:26:49:26:52 | text |
| mail.go:26:76:26:79 | text |
| mail.go:27:20:27:23 | text |

24
go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected
View File

@@ -9,28 +9,28 @@ edges
| jsoniter.go:23:20:23:38 | call to getUntrustedBytes | jsoniter.go:31:21:31:34 | untrustedInput | provenance | |
| jsoniter.go:24:21:24:40 | call to getUntrustedString | jsoniter.go:35:27:35:41 | untrustedString | provenance | |
| jsoniter.go:24:21:24:40 | call to getUntrustedString | jsoniter.go:39:31:39:45 | untrustedString | provenance | |
| jsoniter.go:27:17:27:30 | untrustedInput | jsoniter.go:27:33:27:37 | &... | provenance | MaD:4 |
| jsoniter.go:27:33:27:37 | &... | jsoniter.go:28:15:28:24 | selection of field | provenance | Sink:MaD:1 |
| jsoniter.go:31:21:31:34 | untrustedInput | jsoniter.go:31:37:31:42 | &... | provenance | MaD:2 |
| jsoniter.go:31:37:31:42 | &... | jsoniter.go:32:15:32:25 | selection of field | provenance | Sink:MaD:1 |
| jsoniter.go:35:27:35:41 | untrustedString | jsoniter.go:35:44:35:49 | &... | provenance | MaD:5 |
| jsoniter.go:35:44:35:49 | &... | jsoniter.go:36:15:36:25 | selection of field | provenance | Sink:MaD:1 |
| jsoniter.go:39:31:39:45 | untrustedString | jsoniter.go:39:48:39:53 | &... | provenance | MaD:3 |
| jsoniter.go:39:48:39:53 | &... | jsoniter.go:40:15:40:25 | selection of field | provenance | Sink:MaD:1 |
| jsoniter.go:27:17:27:30 | untrustedInput | jsoniter.go:27:33:27:37 | &... [postupdate] | provenance | MaD:4 |
| jsoniter.go:27:33:27:37 | &... [postupdate] | jsoniter.go:28:15:28:24 | selection of field | provenance | Sink:MaD:1 |
| jsoniter.go:31:21:31:34 | untrustedInput | jsoniter.go:31:37:31:42 | &... [postupdate] | provenance | MaD:2 |
| jsoniter.go:31:37:31:42 | &... [postupdate] | jsoniter.go:32:15:32:25 | selection of field | provenance | Sink:MaD:1 |
| jsoniter.go:35:27:35:41 | untrustedString | jsoniter.go:35:44:35:49 | &... [postupdate] | provenance | MaD:5 |
| jsoniter.go:35:44:35:49 | &... [postupdate] | jsoniter.go:36:15:36:25 | selection of field | provenance | Sink:MaD:1 |
| jsoniter.go:39:31:39:45 | untrustedString | jsoniter.go:39:48:39:53 | &... [postupdate] | provenance | MaD:3 |
| jsoniter.go:39:48:39:53 | &... [postupdate] | jsoniter.go:40:15:40:25 | selection of field | provenance | Sink:MaD:1 |
nodes
| jsoniter.go:23:20:23:38 | call to getUntrustedBytes | semmle.label | call to getUntrustedBytes |
| jsoniter.go:24:21:24:40 | call to getUntrustedString | semmle.label | call to getUntrustedString |
| jsoniter.go:27:17:27:30 | untrustedInput | semmle.label | untrustedInput |
| jsoniter.go:27:33:27:37 | &... | semmle.label | &... |
| jsoniter.go:27:33:27:37 | &... [postupdate] | semmle.label | &... [postupdate] |
| jsoniter.go:28:15:28:24 | selection of field | semmle.label | selection of field |
| jsoniter.go:31:21:31:34 | untrustedInput | semmle.label | untrustedInput |
| jsoniter.go:31:37:31:42 | &... | semmle.label | &... |
| jsoniter.go:31:37:31:42 | &... [postupdate] | semmle.label | &... [postupdate] |
| jsoniter.go:32:15:32:25 | selection of field | semmle.label | selection of field |
| jsoniter.go:35:27:35:41 | untrustedString | semmle.label | untrustedString |
| jsoniter.go:35:44:35:49 | &... | semmle.label | &... |
| jsoniter.go:35:44:35:49 | &... [postupdate] | semmle.label | &... [postupdate] |
| jsoniter.go:36:15:36:25 | selection of field | semmle.label | selection of field |
| jsoniter.go:39:31:39:45 | untrustedString | semmle.label | untrustedString |
| jsoniter.go:39:48:39:53 | &... | semmle.label | &... |
| jsoniter.go:39:48:39:53 | &... [postupdate] | semmle.label | &... [postupdate] |
| jsoniter.go:40:15:40:25 | selection of field | semmle.label | selection of field |
subpaths
invalidModelRow

8
go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/fasthttp.go
View File

@@ -169,10 +169,10 @@ func fasthttpServer() {
fmt.Println(body1, body2, body3, body4)
requestCtx.Request.BodyStream() // $ RemoteFlowSource="call to BodyStream"
requestCtx.Request.ReadBody(&bufio.Reader{}, 100, 1000) // $ RemoteFlowSource="&..."
requestCtx.Request.ReadLimitBody(&bufio.Reader{}, 100) // $ RemoteFlowSource="&..."
requestCtx.Request.ContinueReadBodyStream(&bufio.Reader{}, 100, true) // $ RemoteFlowSource="&..."
requestCtx.Request.ContinueReadBody(&bufio.Reader{}, 100) // $ RemoteFlowSource="&..."
requestCtx.Request.ReadBody(&bufio.Reader{}, 100, 1000) // $ RemoteFlowSource="&..." RemoteFlowSource="&... [postupdate]"
requestCtx.Request.ReadLimitBody(&bufio.Reader{}, 100) // $ RemoteFlowSource="&..." RemoteFlowSource="&... [postupdate]"
requestCtx.Request.ContinueReadBodyStream(&bufio.Reader{}, 100, true) // $ RemoteFlowSource="&..." RemoteFlowSource="&... [postupdate]"
requestCtx.Request.ContinueReadBody(&bufio.Reader{}, 100) // $ RemoteFlowSource="&..." RemoteFlowSource="&... [postupdate]"
// Response methods
// Xss Sinks Related method

72
go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.expected
View File

@@ -31,39 +31,39 @@
| Gin.go:158:10:158:19 | selection of Params |
| Gin.go:162:13:162:22 | selection of Params |
| Gin.go:168:12:168:21 | selection of Params |
| Gin.go:178:16:178:22 | &... |
| Gin.go:182:7:182:19 | definition of personPointer |
| Gin.go:188:15:188:21 | &... |
| Gin.go:192:7:192:19 | definition of personPointer |
| Gin.go:198:16:198:22 | &... |
| Gin.go:202:7:202:19 | definition of personPointer |
| Gin.go:208:15:208:21 | &... |
| Gin.go:212:7:212:19 | definition of personPointer |
| Gin.go:218:17:218:23 | &... |
| Gin.go:222:7:222:19 | definition of personPointer |
| Gin.go:228:20:228:26 | &... |
| Gin.go:232:7:232:19 | definition of personPointer |
| Gin.go:238:16:238:22 | &... |
| Gin.go:242:7:242:19 | definition of personPointer |
| Gin.go:248:12:248:18 | &... |
| Gin.go:252:7:252:19 | definition of personPointer |
| Gin.go:258:18:258:24 | &... |
| Gin.go:262:7:262:19 | definition of personPointer |
| Gin.go:268:26:268:32 | &... |
| Gin.go:272:7:272:19 | definition of personPointer |
| Gin.go:278:22:278:28 | &... |
| Gin.go:282:7:282:19 | definition of personPointer |
| Gin.go:288:23:288:29 | &... |
| Gin.go:292:7:292:19 | definition of personPointer |
| Gin.go:298:21:298:27 | &... |
| Gin.go:302:7:302:19 | definition of personPointer |
| Gin.go:308:22:308:28 | &... |
| Gin.go:312:7:312:19 | definition of personPointer |
| Gin.go:318:21:318:27 | &... |
| Gin.go:322:7:322:19 | definition of personPointer |
| Gin.go:328:22:328:28 | &... |
| Gin.go:332:7:332:19 | definition of personPointer |
| Gin.go:338:18:338:24 | &... |
| Gin.go:342:7:342:19 | definition of personPointer |
| Gin.go:348:24:348:30 | &... |
| Gin.go:352:7:352:19 | definition of personPointer |
| Gin.go:178:16:178:22 | &... [postupdate] |
| Gin.go:183:16:183:28 | personPointer [postupdate] |
| Gin.go:188:15:188:21 | &... [postupdate] |
| Gin.go:193:15:193:27 | personPointer [postupdate] |
| Gin.go:198:16:198:22 | &... [postupdate] |
| Gin.go:203:16:203:28 | personPointer [postupdate] |
| Gin.go:208:15:208:21 | &... [postupdate] |
| Gin.go:213:15:213:27 | personPointer [postupdate] |
| Gin.go:218:17:218:23 | &... [postupdate] |
| Gin.go:223:17:223:29 | personPointer [postupdate] |
| Gin.go:228:20:228:26 | &... [postupdate] |
| Gin.go:233:20:233:32 | personPointer [postupdate] |
| Gin.go:238:16:238:22 | &... [postupdate] |
| Gin.go:243:16:243:28 | personPointer [postupdate] |
| Gin.go:248:12:248:18 | &... [postupdate] |
| Gin.go:253:12:253:24 | personPointer [postupdate] |
| Gin.go:258:18:258:24 | &... [postupdate] |
| Gin.go:263:18:263:30 | personPointer [postupdate] |
| Gin.go:268:26:268:32 | &... [postupdate] |
| Gin.go:273:26:273:38 | personPointer [postupdate] |
| Gin.go:278:22:278:28 | &... [postupdate] |
| Gin.go:283:22:283:34 | personPointer [postupdate] |
| Gin.go:288:23:288:29 | &... [postupdate] |
| Gin.go:293:23:293:35 | personPointer [postupdate] |
| Gin.go:298:21:298:27 | &... [postupdate] |
| Gin.go:303:21:303:33 | personPointer [postupdate] |
| Gin.go:308:22:308:28 | &... [postupdate] |
| Gin.go:313:22:313:34 | personPointer [postupdate] |
| Gin.go:318:21:318:27 | &... [postupdate] |
| Gin.go:323:21:323:33 | personPointer [postupdate] |
| Gin.go:328:22:328:28 | &... [postupdate] |
| Gin.go:333:22:333:34 | personPointer [postupdate] |
| Gin.go:338:18:338:24 | &... [postupdate] |
| Gin.go:343:18:343:30 | personPointer [postupdate] |
| Gin.go:348:24:348:30 | &... [postupdate] |
| Gin.go:353:24:353:36 | personPointer [postupdate] |

18
go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected
View File

@@ -1,26 +1,8 @@
edges
| main.go:18:46:18:48 | definition of req | main.go:18:46:18:48 | definition of req [Return] | provenance | |
| main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | provenance | |
| main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | provenance | |
| main.go:18:46:18:48 | definition of req [Return] | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | provenance | |
| proto/Hello.pb.micro.go:85:53:85:54 | definition of in | proto/Hello.pb.micro.go:85:53:85:54 | definition of in [Return] | provenance | |
| proto/Hello.pb.micro.go:85:53:85:54 | definition of in | proto/Hello.pb.micro.go:86:37:86:38 | in | provenance | |
| proto/Hello.pb.micro.go:85:53:85:54 | definition of in | proto/Hello.pb.micro.go:86:37:86:38 | in | provenance | |
| proto/Hello.pb.micro.go:85:53:85:54 | definition of in [Return] | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | provenance | |
| proto/Hello.pb.micro.go:86:37:86:38 | in | main.go:18:46:18:48 | definition of req | provenance | |
| proto/Hello.pb.micro.go:86:37:86:38 | in | main.go:18:46:18:48 | definition of req | provenance | |
| proto/Hello.pb.micro.go:86:37:86:38 | in | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | provenance | |
| proto/Hello.pb.micro.go:86:37:86:38 | in | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | provenance | |
nodes
| main.go:18:46:18:48 | definition of req | semmle.label | definition of req |
| main.go:18:46:18:48 | definition of req | semmle.label | definition of req |
| main.go:18:46:18:48 | definition of req [Return] | semmle.label | definition of req [Return] |
| main.go:21:28:21:31 | name | semmle.label | name |
| proto/Hello.pb.micro.go:85:53:85:54 | definition of in | semmle.label | definition of in |
| proto/Hello.pb.micro.go:85:53:85:54 | definition of in | semmle.label | definition of in |
| proto/Hello.pb.micro.go:85:53:85:54 | definition of in [Return] | semmle.label | definition of in [Return] |
| proto/Hello.pb.micro.go:86:37:86:38 | in | semmle.label | in |
| proto/Hello.pb.micro.go:86:37:86:38 | in | semmle.label | in |
subpaths
#select
| main.go:21:28:21:31 | name | main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | This log entry depends on a $@. | main.go:18:46:18:48 | definition of req | user-provided value |

12
go/ql/test/library-tests/semmle/go/frameworks/Gorestful/gorestful.expected
View File

@@ -8,11 +8,11 @@ edges
| gorestful.go:15:15:15:44 | call to QueryParameters | gorestful.go:15:15:15:47 | index expression | provenance | Src:MaD:4 Sink:MaD:1 |
| gorestful.go:17:2:17:39 | ... := ...[0] | gorestful.go:18:15:18:17 | val | provenance | Src:MaD:2 Sink:MaD:1 |
| gorestful.go:21:15:21:38 | call to PathParameters | gorestful.go:21:15:21:45 | index expression | provenance | Src:MaD:3 Sink:MaD:1 |
| gorestful.go:23:21:23:24 | &... | gorestful.go:24:15:24:21 | selection of cmd | provenance | Src:MaD:5 Sink:MaD:1 |
| gorestful.go:23:21:23:24 | &... [postupdate] | gorestful.go:24:15:24:21 | selection of cmd | provenance | Src:MaD:5 Sink:MaD:1 |
| gorestful_v2.go:15:15:15:44 | call to QueryParameters | gorestful_v2.go:15:15:15:47 | index expression | provenance | Src:MaD:4 Sink:MaD:1 |
| gorestful_v2.go:17:2:17:39 | ... := ...[0] | gorestful_v2.go:18:15:18:17 | val | provenance | Src:MaD:2 Sink:MaD:1 |
| gorestful_v2.go:21:15:21:38 | call to PathParameters | gorestful_v2.go:21:15:21:45 | index expression | provenance | Src:MaD:3 Sink:MaD:1 |
| gorestful_v2.go:23:21:23:24 | &... | gorestful_v2.go:24:15:24:21 | selection of cmd | provenance | Src:MaD:5 Sink:MaD:1 |
| gorestful_v2.go:23:21:23:24 | &... [postupdate] | gorestful_v2.go:24:15:24:21 | selection of cmd | provenance | Src:MaD:5 Sink:MaD:1 |
nodes
| gorestful.go:15:15:15:44 | call to QueryParameters | semmle.label | call to QueryParameters |
| gorestful.go:15:15:15:47 | index expression | semmle.label | index expression |
@@ -23,7 +23,7 @@ nodes
| gorestful.go:20:15:20:42 | call to PathParameter | semmle.label | call to PathParameter |
| gorestful.go:21:15:21:38 | call to PathParameters | semmle.label | call to PathParameters |
| gorestful.go:21:15:21:45 | index expression | semmle.label | index expression |
| gorestful.go:23:21:23:24 | &... | semmle.label | &... |
| gorestful.go:23:21:23:24 | &... [postupdate] | semmle.label | &... [postupdate] |
| gorestful.go:24:15:24:21 | selection of cmd | semmle.label | selection of cmd |
| gorestful_v2.go:15:15:15:44 | call to QueryParameters | semmle.label | call to QueryParameters |
| gorestful_v2.go:15:15:15:47 | index expression | semmle.label | index expression |
@@ -34,7 +34,7 @@ nodes
| gorestful_v2.go:20:15:20:42 | call to PathParameter | semmle.label | call to PathParameter |
| gorestful_v2.go:21:15:21:38 | call to PathParameters | semmle.label | call to PathParameters |
| gorestful_v2.go:21:15:21:45 | index expression | semmle.label | index expression |
| gorestful_v2.go:23:21:23:24 | &... | semmle.label | &... |
| gorestful_v2.go:23:21:23:24 | &... [postupdate] | semmle.label | &... [postupdate] |
| gorestful_v2.go:24:15:24:21 | selection of cmd | semmle.label | selection of cmd |
subpaths
invalidModelRow
@@ -45,11 +45,11 @@ invalidModelRow
| gorestful.go:19:15:19:44 | call to HeaderParameter | gorestful.go:19:15:19:44 | call to HeaderParameter | gorestful.go:19:15:19:44 | call to HeaderParameter | This command depends on $@. | gorestful.go:19:15:19:44 | call to HeaderParameter | a user-provided value |
| gorestful.go:20:15:20:42 | call to PathParameter | gorestful.go:20:15:20:42 | call to PathParameter | gorestful.go:20:15:20:42 | call to PathParameter | This command depends on $@. | gorestful.go:20:15:20:42 | call to PathParameter | a user-provided value |
| gorestful.go:21:15:21:45 | index expression | gorestful.go:21:15:21:38 | call to PathParameters | gorestful.go:21:15:21:45 | index expression | This command depends on $@. | gorestful.go:21:15:21:38 | call to PathParameters | a user-provided value |
| gorestful.go:24:15:24:21 | selection of cmd | gorestful.go:23:21:23:24 | &... | gorestful.go:24:15:24:21 | selection of cmd | This command depends on $@. | gorestful.go:23:21:23:24 | &... | a user-provided value |
| gorestful.go:24:15:24:21 | selection of cmd | gorestful.go:23:21:23:24 | &... [postupdate] | gorestful.go:24:15:24:21 | selection of cmd | This command depends on $@. | gorestful.go:23:21:23:24 | &... [postupdate] | a user-provided value |
| gorestful_v2.go:15:15:15:47 | index expression | gorestful_v2.go:15:15:15:44 | call to QueryParameters | gorestful_v2.go:15:15:15:47 | index expression | This command depends on $@. | gorestful_v2.go:15:15:15:44 | call to QueryParameters | a user-provided value |
| gorestful_v2.go:16:15:16:43 | call to QueryParameter | gorestful_v2.go:16:15:16:43 | call to QueryParameter | gorestful_v2.go:16:15:16:43 | call to QueryParameter | This command depends on $@. | gorestful_v2.go:16:15:16:43 | call to QueryParameter | a user-provided value |
| gorestful_v2.go:18:15:18:17 | val | gorestful_v2.go:17:2:17:39 | ... := ...[0] | gorestful_v2.go:18:15:18:17 | val | This command depends on $@. | gorestful_v2.go:17:2:17:39 | ... := ...[0] | a user-provided value |
| gorestful_v2.go:19:15:19:44 | call to HeaderParameter | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | This command depends on $@. | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | a user-provided value |
| gorestful_v2.go:20:15:20:42 | call to PathParameter | gorestful_v2.go:20:15:20:42 | call to PathParameter | gorestful_v2.go:20:15:20:42 | call to PathParameter | This command depends on $@. | gorestful_v2.go:20:15:20:42 | call to PathParameter | a user-provided value |
| gorestful_v2.go:21:15:21:45 | index expression | gorestful_v2.go:21:15:21:38 | call to PathParameters | gorestful_v2.go:21:15:21:45 | index expression | This command depends on $@. | gorestful_v2.go:21:15:21:38 | call to PathParameters | a user-provided value |
| gorestful_v2.go:24:15:24:21 | selection of cmd | gorestful_v2.go:23:21:23:24 | &... | gorestful_v2.go:24:15:24:21 | selection of cmd | This command depends on $@. | gorestful_v2.go:23:21:23:24 | &... | a user-provided value |
| gorestful_v2.go:24:15:24:21 | selection of cmd | gorestful_v2.go:23:21:23:24 | &... [postupdate] | gorestful_v2.go:24:15:24:21 | selection of cmd | This command depends on $@. | gorestful_v2.go:23:21:23:24 | &... [postupdate] | a user-provided value |

4
go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected
View File

@@ -1,10 +1,11 @@
#select
| EndToEnd.go:94:20:94:49 | call to Get | EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:49 | call to Get | This path to an untrusted URL redirection depends on a $@. | EndToEnd.go:94:20:94:27 | selection of Params | user-provided value |
edges
| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:27 | selection of Params | provenance | Config |
| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:27 | selection of Params [postupdate] | provenance | Config |
| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Config |
| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:27 | implicit dereference | provenance | Src:MaD:2 Config |
| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Src:MaD:2 Config |
| EndToEnd.go:94:20:94:27 | selection of Params [postupdate] | EndToEnd.go:94:20:94:27 | implicit dereference | provenance | Config |
| EndToEnd.go:94:20:94:32 | selection of Form | EndToEnd.go:94:20:94:49 | call to Get | provenance | Config Sink:MaD:1 |
models
| 1 | Sink: group:revel; Controller; true; Redirect; ; ; Argument[0]; url-redirection; manual |
@@ -12,6 +13,7 @@ models
nodes
| EndToEnd.go:94:20:94:27 | implicit dereference | semmle.label | implicit dereference |
| EndToEnd.go:94:20:94:27 | selection of Params | semmle.label | selection of Params |
| EndToEnd.go:94:20:94:27 | selection of Params [postupdate] | semmle.label | selection of Params [postupdate] |
| EndToEnd.go:94:20:94:32 | selection of Form | semmle.label | selection of Form |
| EndToEnd.go:94:20:94:49 | call to Get | semmle.label | call to Get |
subpaths

6
go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected
View File

@@ -5,10 +5,10 @@
| examples/booking/app/init.go:36:44:36:53 | selection of Path | examples/booking/app/init.go:36:44:36:48 | selection of URL | examples/booking/app/init.go:36:44:36:53 | selection of Path | Cross-site scripting vulnerability due to $@. | examples/booking/app/init.go:36:44:36:48 | selection of URL | user-provided value | examples/booking/app/init.go:0:0:0:0 | examples/booking/app/init.go | |
| examples/booking/app/init.go:40:49:40:58 | selection of Path | examples/booking/app/init.go:40:49:40:53 | selection of URL | examples/booking/app/init.go:40:49:40:58 | selection of Path | Cross-site scripting vulnerability due to $@. | examples/booking/app/init.go:40:49:40:53 | selection of URL | user-provided value | examples/booking/app/init.go:0:0:0:0 | examples/booking/app/init.go | |
edges
| EndToEnd.go:35:2:35:4 | definition of buf | EndToEnd.go:37:24:37:26 | buf | provenance | |
| EndToEnd.go:36:2:36:4 | buf [postupdate] | EndToEnd.go:37:24:37:26 | buf | provenance | |
| EndToEnd.go:36:18:36:25 | selection of Params | EndToEnd.go:36:18:36:30 | selection of Form | provenance | Src:MaD:1 |
| EndToEnd.go:36:18:36:30 | selection of Form | EndToEnd.go:36:18:36:47 | call to Get | provenance | MaD:4 |
| EndToEnd.go:36:18:36:47 | call to Get | EndToEnd.go:35:2:35:4 | definition of buf | provenance | MaD:3 |
| EndToEnd.go:36:18:36:47 | call to Get | EndToEnd.go:36:2:36:4 | buf [postupdate] | provenance | MaD:3 |
| EndToEnd.go:69:22:69:29 | selection of Params | EndToEnd.go:69:22:69:34 | selection of Form | provenance | Src:MaD:1 |
| EndToEnd.go:69:22:69:34 | selection of Form | EndToEnd.go:69:22:69:51 | call to Get | provenance | MaD:4 |
| Revel.go:70:22:70:29 | selection of Params | Revel.go:70:22:70:35 | selection of Query | provenance | Src:MaD:1 |
@@ -20,7 +20,7 @@ models
| 3 | Summary: io; StringWriter; true; WriteString; ; ; Argument[0]; Argument[receiver]; taint; manual |
| 4 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
nodes
| EndToEnd.go:35:2:35:4 | definition of buf | semmle.label | definition of buf |
| EndToEnd.go:36:2:36:4 | buf [postupdate] | semmle.label | buf [postupdate] |
| EndToEnd.go:36:18:36:25 | selection of Params | semmle.label | selection of Params |
| EndToEnd.go:36:18:36:30 | selection of Form | semmle.label | selection of Form |
| EndToEnd.go:36:18:36:47 | call to Get | semmle.label | call to Get |

74
go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected
View File

@@ -8,64 +8,76 @@ invalidModelRow
| crypto.go:11:18:11:57 | call to Open | crypto.go:11:2:11:57 | ... := ...[1] |
| crypto.go:11:42:11:51 | ciphertext | crypto.go:11:2:11:57 | ... := ...[0] |
| io.go:14:31:14:43 | "some string" | io.go:14:13:14:44 | call to NewReader |
| io.go:16:3:16:3 | definition of w | io.go:16:23:16:27 | &... |
| io.go:16:3:16:3 | definition of w | io.go:16:30:16:34 | &... |
| io.go:16:23:16:27 | &... | io.go:15:7:15:10 | definition of buf1 |
| io.go:16:23:16:27 | &... | io.go:16:24:16:27 | buf1 [postupdate] |
| io.go:16:23:16:27 | &... [postupdate] | io.go:16:24:16:27 | buf1 [postupdate] |
| io.go:16:24:16:27 | buf1 | io.go:16:23:16:27 | &... |
| io.go:16:30:16:34 | &... | io.go:15:13:15:16 | definition of buf2 |
| io.go:16:24:16:27 | buf1 [postupdate] | io.go:16:23:16:27 | &... |
| io.go:16:30:16:34 | &... | io.go:16:31:16:34 | buf2 [postupdate] |
| io.go:16:30:16:34 | &... [postupdate] | io.go:16:31:16:34 | buf2 [postupdate] |
| io.go:16:31:16:34 | buf2 | io.go:16:30:16:34 | &... |
| io.go:18:14:18:19 | reader | io.go:16:3:16:3 | definition of w |
| io.go:16:31:16:34 | buf2 [postupdate] | io.go:16:30:16:34 | &... |
| io.go:18:11:18:11 | w [postupdate] | io.go:16:23:16:27 | &... [postupdate] |
| io.go:18:11:18:11 | w [postupdate] | io.go:16:30:16:34 | &... [postupdate] |
| io.go:18:14:18:19 | reader | io.go:18:11:18:11 | w [postupdate] |
| io.go:22:31:22:43 | "some string" | io.go:22:13:22:44 | call to NewReader |
| io.go:25:19:25:23 | &... | io.go:23:7:23:10 | definition of buf1 |
| io.go:25:19:25:23 | &... | io.go:25:20:25:23 | buf1 [postupdate] |
| io.go:25:19:25:23 | &... [postupdate] | io.go:25:20:25:23 | buf1 [postupdate] |
| io.go:25:20:25:23 | buf1 | io.go:25:19:25:23 | &... |
| io.go:27:21:27:26 | reader | io.go:25:3:25:4 | definition of w2 |
| io.go:25:20:25:23 | buf1 [postupdate] | io.go:25:19:25:23 | &... |
| io.go:27:21:27:26 | reader | io.go:27:17:27:18 | w2 [postupdate] |
| io.go:31:31:31:43 | "some string" | io.go:31:13:31:44 | call to NewReader |
| io.go:33:19:33:23 | &... | io.go:32:7:32:10 | definition of buf1 |
| io.go:33:19:33:23 | &... | io.go:33:20:33:23 | buf1 [postupdate] |
| io.go:33:19:33:23 | &... [postupdate] | io.go:33:20:33:23 | buf1 [postupdate] |
| io.go:33:20:33:23 | buf1 | io.go:33:19:33:23 | &... |
| io.go:35:16:35:21 | reader | io.go:33:3:33:4 | definition of w2 |
| io.go:39:6:39:6 | definition of w | io.go:39:3:39:19 | ... := ...[0] |
| io.go:33:20:33:23 | buf1 [postupdate] | io.go:33:19:33:23 | &... |
| io.go:35:16:35:21 | reader | io.go:35:12:35:13 | w2 [postupdate] |
| io.go:39:11:39:19 | call to Pipe | io.go:39:3:39:19 | ... := ...[0] |
| io.go:39:11:39:19 | call to Pipe | io.go:39:3:39:19 | ... := ...[1] |
| io.go:40:17:40:31 | "some string\\n" | io.go:39:6:39:6 | definition of w |
| io.go:43:16:43:16 | r | io.go:42:3:42:5 | definition of buf |
| io.go:40:14:40:14 | w [postupdate] | io.go:39:3:39:19 | ... := ...[0] |
| io.go:40:17:40:31 | "some string\\n" | io.go:40:14:40:14 | w [postupdate] |
| io.go:43:16:43:16 | r | io.go:43:3:43:5 | buf [postupdate] |
| io.go:44:13:44:15 | buf | io.go:44:13:44:24 | call to String |
| io.go:48:31:48:43 | "some string" | io.go:48:13:48:44 | call to NewReader |
| io.go:50:18:50:23 | reader | io.go:49:3:49:5 | definition of buf |
| io.go:50:18:50:23 | reader | io.go:50:26:50:28 | buf [postupdate] |
| io.go:54:31:54:43 | "some string" | io.go:54:13:54:44 | call to NewReader |
| io.go:56:15:56:20 | reader | io.go:55:3:55:5 | definition of buf |
| io.go:61:18:61:21 | &... | io.go:60:7:60:9 | definition of buf |
| io.go:56:15:56:20 | reader | io.go:56:23:56:25 | buf [postupdate] |
| io.go:61:18:61:21 | &... | io.go:61:19:61:21 | buf [postupdate] |
| io.go:61:18:61:21 | &... [postupdate] | io.go:61:19:61:21 | buf [postupdate] |
| io.go:61:19:61:21 | buf | io.go:61:18:61:21 | &... |
| io.go:62:21:62:26 | "test" | io.go:61:3:61:3 | definition of w |
| io.go:61:19:61:21 | buf [postupdate] | io.go:61:18:61:21 | &... |
| io.go:62:21:62:26 | "test" | io.go:62:18:62:18 | w [postupdate] |
| io.go:65:31:65:43 | "some string" | io.go:65:13:65:44 | call to NewReader |
| io.go:67:3:67:8 | reader | io.go:66:3:66:5 | definition of buf |
| io.go:67:3:67:8 | reader | io.go:67:15:67:17 | buf [postupdate] |
| io.go:70:31:70:43 | "some string" | io.go:70:13:70:44 | call to NewReader |
| io.go:72:3:72:8 | reader | io.go:71:3:71:5 | definition of buf |
| io.go:72:3:72:8 | reader | io.go:72:17:72:19 | buf [postupdate] |
| io.go:76:31:76:43 | "some string" | io.go:76:13:76:44 | call to NewReader |
| io.go:77:24:77:29 | reader | io.go:77:9:77:33 | call to LimitReader |
| io.go:78:22:78:23 | lr | io.go:78:11:78:19 | selection of Stdout |
| io.go:78:22:78:23 | lr | io.go:78:11:78:19 | selection of Stdout [postupdate] |
| io.go:82:27:82:36 | "reader1 " | io.go:82:9:82:37 | call to NewReader |
| io.go:83:27:83:36 | "reader2 " | io.go:83:9:83:37 | call to NewReader |
| io.go:84:27:84:35 | "reader3" | io.go:84:9:84:36 | call to NewReader |
| io.go:85:23:85:24 | r1 | io.go:85:8:85:33 | call to MultiReader |
| io.go:85:27:85:28 | r2 | io.go:85:8:85:33 | call to MultiReader |
| io.go:85:31:85:32 | r3 | io.go:85:8:85:33 | call to MultiReader |
| io.go:86:22:86:22 | r | io.go:86:11:86:19 | selection of Stdout |
| io.go:86:22:86:22 | r | io.go:86:11:86:19 | selection of Stdout [postupdate] |
| io.go:89:26:89:38 | "some string" | io.go:89:8:89:39 | call to NewReader |
| io.go:91:23:91:23 | r | io.go:91:10:91:30 | call to TeeReader |
| io.go:91:23:91:23 | r | io.go:91:26:91:29 | &... |
| io.go:91:26:91:29 | &... | io.go:90:7:90:9 | definition of buf |
| io.go:91:23:91:23 | r | io.go:91:26:91:29 | &... [postupdate] |
| io.go:91:26:91:29 | &... | io.go:91:27:91:29 | buf [postupdate] |
| io.go:91:26:91:29 | &... [postupdate] | io.go:91:27:91:29 | buf [postupdate] |
| io.go:91:27:91:29 | buf | io.go:91:26:91:29 | &... |
| io.go:93:22:93:24 | tee | io.go:93:11:93:19 | selection of Stdout |
| io.go:91:27:91:29 | buf [postupdate] | io.go:91:26:91:29 | &... |
| io.go:93:22:93:24 | tee | io.go:93:11:93:19 | selection of Stdout [postupdate] |
| io.go:96:26:96:38 | "some string" | io.go:96:8:96:39 | call to NewReader |
| io.go:97:28:97:28 | r | io.go:97:8:97:36 | call to NewSectionReader |
| io.go:98:22:98:22 | s | io.go:98:11:98:19 | selection of Stdout |
| io.go:98:22:98:22 | s | io.go:98:11:98:19 | selection of Stdout [postupdate] |
| io.go:101:26:101:38 | "some string" | io.go:101:8:101:39 | call to NewReader |
| io.go:102:3:102:3 | r | io.go:102:13:102:21 | selection of Stdout |
| io.go:102:3:102:3 | r | io.go:102:13:102:21 | selection of Stdout [postupdate] |
| io.go:108:30:108:42 | "some string" | io.go:108:12:108:43 | call to NewReader |
| io.go:109:12:109:33 | call to ReadAll | io.go:109:2:109:33 | ... := ...[0] |
| io.go:109:12:109:33 | call to ReadAll | io.go:109:2:109:33 | ... := ...[1] |
| io.go:109:27:109:32 | reader | io.go:109:2:109:33 | ... := ...[0] |
| io.go:110:18:110:20 | buf | io.go:110:2:110:10 | selection of Stdout |
| io.go:110:18:110:20 | buf | io.go:110:2:110:10 | selection of Stdout [postupdate] |
| main.go:11:12:11:26 | call to Marshal | main.go:11:2:11:26 | ... := ...[0] |
| main.go:11:12:11:26 | call to Marshal | main.go:11:2:11:26 | ... := ...[1] |
| main.go:11:25:11:25 | v | main.go:11:2:11:26 | ... := ...[0] |
@@ -84,11 +96,13 @@ invalidModelRow
| main.go:23:25:23:31 | decoded | main.go:23:9:23:48 | slice literal |
| main.go:23:34:23:36 | err | main.go:23:9:23:48 | slice literal |
| main.go:23:39:23:47 | reEncoded | main.go:23:9:23:48 | slice literal |
| main.go:28:2:28:4 | implicit dereference | main.go:26:15:26:17 | definition of req |
| main.go:28:2:28:4 | implicit dereference | main.go:28:2:28:4 | req [postupdate] |
| main.go:28:2:28:4 | implicit dereference | main.go:28:2:28:9 | selection of Body |
| main.go:28:2:28:4 | req | main.go:28:2:28:4 | implicit dereference |
| main.go:28:2:28:9 | selection of Body | main.go:27:2:27:2 | definition of b |
| main.go:34:2:34:4 | implicit dereference | main.go:32:16:32:18 | definition of req |
| main.go:28:2:28:4 | req [postupdate] | main.go:28:2:28:4 | implicit dereference |
| main.go:28:2:28:9 | selection of Body | main.go:28:16:28:16 | b [postupdate] |
| main.go:34:2:34:4 | implicit dereference | main.go:34:2:34:4 | req [postupdate] |
| main.go:34:2:34:4 | implicit dereference | main.go:34:2:34:9 | selection of Body |
| main.go:34:2:34:4 | req | main.go:34:2:34:4 | implicit dereference |
| main.go:34:2:34:9 | selection of Body | main.go:33:2:33:2 | definition of b |
| main.go:34:2:34:4 | req [postupdate] | main.go:34:2:34:4 | implicit dereference |
| main.go:34:2:34:9 | selection of Body | main.go:34:16:34:16 | b [postupdate] |

26
go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected
View File

@@ -3,42 +3,28 @@
| server/main.go:30:38:30:48 | selection of Text | server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | server/main.go:19:56:19:61 | definition of params | user-provided value |
edges
| client/main.go:16:35:16:78 | &... | server/main.go:19:56:19:61 | definition of params | provenance | |
| rpc/notes/service.twirp.go:473:6:473:13 | definition of typedReq | rpc/notes/service.twirp.go:477:44:477:51 | typedReq | provenance | |
| rpc/notes/service.twirp.go:477:44:477:51 | typedReq | server/main.go:19:56:19:61 | definition of params | provenance | |
| rpc/notes/service.twirp.go:493:2:496:2 | capture variable reqContent | rpc/notes/service.twirp.go:495:35:495:44 | reqContent | provenance | |
| rpc/notes/service.twirp.go:495:35:495:44 | reqContent | server/main.go:19:56:19:61 | definition of params | provenance | |
| client/main.go:16:35:16:78 | &... [postupdate] | client/main.go:16:35:16:78 | &... | provenance | |
| rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | rpc/notes/service.twirp.go:544:27:544:29 | buf | provenance | |
| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | provenance | Src:MaD:1 MaD:3 |
| rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | provenance | |
| rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | provenance | MaD:2 |
| rpc/notes/service.twirp.go:554:6:554:13 | definition of typedReq | rpc/notes/service.twirp.go:558:44:558:51 | typedReq | provenance | |
| rpc/notes/service.twirp.go:558:44:558:51 | typedReq | server/main.go:19:56:19:61 | definition of params | provenance | |
| rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | provenance | MaD:2 |
| rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | provenance | |
| rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | provenance | |
| rpc/notes/service.twirp.go:576:35:576:44 | reqContent | server/main.go:19:56:19:61 | definition of params | provenance | |
| server/main.go:19:56:19:61 | definition of params | server/main.go:19:56:19:61 | definition of params [Return] | provenance | |
| server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | provenance | |
| server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | provenance | |
| server/main.go:19:56:19:61 | definition of params [Return] | client/main.go:16:35:16:78 | &... | provenance | |
| server/main.go:19:56:19:61 | definition of params [Return] | rpc/notes/service.twirp.go:473:6:473:13 | definition of typedReq | provenance | |
| server/main.go:19:56:19:61 | definition of params [Return] | rpc/notes/service.twirp.go:493:2:496:2 | capture variable reqContent | provenance | |
| server/main.go:19:56:19:61 | definition of params [Return] | rpc/notes/service.twirp.go:554:6:554:13 | definition of typedReq | provenance | |
| server/main.go:19:56:19:61 | definition of params [Return] | rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | provenance | |
| server/main.go:19:56:19:61 | definition of params [Return] | client/main.go:16:35:16:78 | &... [postupdate] | provenance | |
models
| 1 | Source: net/http; Request; true; Body; ; ; ; remote; manual |
| 2 | Summary: google.golang.org/protobuf/proto; ; false; Unmarshal; ; ; Argument[0]; Argument[1]; taint; manual |
| 3 | Summary: io; ; false; ReadAll; ; ; Argument[0]; ReturnValue[0]; taint; manual |
nodes
| client/main.go:16:35:16:78 | &... | semmle.label | &... |
| rpc/notes/service.twirp.go:473:6:473:13 | definition of typedReq | semmle.label | definition of typedReq |
| rpc/notes/service.twirp.go:477:44:477:51 | typedReq | semmle.label | typedReq |
| rpc/notes/service.twirp.go:493:2:496:2 | capture variable reqContent | semmle.label | capture variable reqContent |
| rpc/notes/service.twirp.go:495:35:495:44 | reqContent | semmle.label | reqContent |
| client/main.go:16:35:16:78 | &... [postupdate] | semmle.label | &... [postupdate] |
| rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | semmle.label | ... := ...[0] |
| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | semmle.label | selection of Body |
| rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | semmle.label | definition of reqContent |
| rpc/notes/service.twirp.go:544:27:544:29 | buf | semmle.label | buf |
| rpc/notes/service.twirp.go:554:6:554:13 | definition of typedReq | semmle.label | definition of typedReq |
| rpc/notes/service.twirp.go:558:44:558:51 | typedReq | semmle.label | typedReq |
| rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | semmle.label | reqContent [postupdate] |
| rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | semmle.label | capture variable reqContent |
| rpc/notes/service.twirp.go:576:35:576:44 | reqContent | semmle.label | reqContent |
| server/main.go:19:56:19:61 | definition of params | semmle.label | definition of params |

8
go/ql/test/library-tests/semmle/go/frameworks/WebSocket/Read.expected
View File

@@ -1,8 +1,8 @@
| WebSocketReadWrite.go:31:7:31:10 | definition of xnet |
| WebSocketReadWrite.go:35:3:35:7 | definition of xnet2 |
| WebSocketReadWrite.go:32:11:32:14 | xnet [postupdate] |
| WebSocketReadWrite.go:36:21:36:25 | xnet2 [postupdate] |
| WebSocketReadWrite.go:41:3:41:40 | ... := ...[1] |
| WebSocketReadWrite.go:44:3:44:48 | ... := ...[1] |
| WebSocketReadWrite.go:51:7:51:16 | definition of gorillaMsg |
| WebSocketReadWrite.go:55:3:55:10 | definition of gorilla2 |
| WebSocketReadWrite.go:52:26:52:35 | gorillaMsg [postupdate] |
| WebSocketReadWrite.go:56:17:56:24 | gorilla2 [postupdate] |
| WebSocketReadWrite.go:61:3:61:38 | ... := ...[1] |
| WebSocketReadWrite.go:67:3:67:36 | ... := ...[0] |

8
go/ql/test/library-tests/semmle/go/frameworks/WebSocket/RemoteFlowSources.expected
View File

@@ -1,9 +1,9 @@
| WebSocketReadWrite.go:27:9:27:16 | selection of Header |
| WebSocketReadWrite.go:31:7:31:10 | definition of xnet |
| WebSocketReadWrite.go:35:3:35:7 | definition of xnet2 |
| WebSocketReadWrite.go:32:11:32:14 | xnet [postupdate] |
| WebSocketReadWrite.go:36:21:36:25 | xnet2 [postupdate] |
| WebSocketReadWrite.go:41:3:41:40 | ... := ...[1] |
| WebSocketReadWrite.go:44:3:44:48 | ... := ...[1] |
| WebSocketReadWrite.go:51:7:51:16 | definition of gorillaMsg |
| WebSocketReadWrite.go:55:3:55:10 | definition of gorilla2 |
| WebSocketReadWrite.go:52:26:52:35 | gorillaMsg [postupdate] |
| WebSocketReadWrite.go:56:17:56:24 | gorilla2 [postupdate] |
| WebSocketReadWrite.go:61:3:61:38 | ... := ...[1] |
| WebSocketReadWrite.go:67:3:67:36 | ... := ...[0] |

26
go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected
View File

@@ -44,28 +44,20 @@ edges
| test.go:39:23:39:77 | call to NewTokenizerFragment | test.go:40:15:40:31 | tokenizerFragment | provenance | |
| test.go:39:49:39:60 | selection of Body | test.go:39:23:39:77 | call to NewTokenizerFragment | provenance | Src:MaD:1 MaD:4 |
| test.go:40:15:40:31 | tokenizerFragment | test.go:40:15:40:42 | call to Buffered | provenance | MaD:12 |
| test.go:42:6:42:14 | definition of cleanNode | test.go:45:22:45:31 | &... | provenance | |
| test.go:42:6:42:14 | definition of cleanNode | test.go:45:22:45:31 | &... | provenance | |
| test.go:42:6:42:14 | definition of cleanNode | test.go:45:23:45:31 | cleanNode | provenance | |
| test.go:43:2:43:43 | ... := ...[0] | test.go:44:24:44:34 | taintedNode | provenance | |
| test.go:43:31:43:42 | selection of Body | test.go:43:2:43:43 | ... := ...[0] | provenance | Src:MaD:1 MaD:5 |
| test.go:44:24:44:34 | taintedNode | test.go:42:6:42:14 | definition of cleanNode | provenance | MaD:10 |
| test.go:45:22:45:31 | &... | test.go:45:23:45:31 | cleanNode | provenance | |
| test.go:44:2:44:10 | cleanNode [postupdate] | test.go:45:22:45:31 | &... | provenance | |
| test.go:44:2:44:10 | cleanNode [postupdate] | test.go:45:23:45:31 | cleanNode | provenance | |
| test.go:44:24:44:34 | taintedNode | test.go:44:2:44:10 | cleanNode [postupdate] | provenance | MaD:10 |
| test.go:45:22:45:31 | &... [pointer] | test.go:45:22:45:31 | &... | provenance | |
| test.go:45:22:45:31 | &... [pointer] | test.go:45:22:45:31 | &... | provenance | |
| test.go:45:22:45:31 | &... [pointer] | test.go:45:23:45:31 | cleanNode | provenance | |
| test.go:45:23:45:31 | cleanNode | test.go:45:22:45:31 | &... | provenance | |
| test.go:45:23:45:31 | cleanNode | test.go:45:22:45:31 | &... [pointer] | provenance | |
| test.go:47:6:47:15 | definition of cleanNode2 | test.go:50:22:50:32 | &... | provenance | |
| test.go:47:6:47:15 | definition of cleanNode2 | test.go:50:22:50:32 | &... | provenance | |
| test.go:47:6:47:15 | definition of cleanNode2 | test.go:50:23:50:32 | cleanNode2 | provenance | |
| test.go:48:2:48:44 | ... := ...[0] | test.go:49:26:49:37 | taintedNode2 | provenance | |
| test.go:48:32:48:43 | selection of Body | test.go:48:2:48:44 | ... := ...[0] | provenance | Src:MaD:1 MaD:5 |
| test.go:49:26:49:37 | taintedNode2 | test.go:47:6:47:15 | definition of cleanNode2 | provenance | MaD:11 |
| test.go:50:22:50:32 | &... | test.go:50:23:50:32 | cleanNode2 | provenance | |
| test.go:49:2:49:11 | cleanNode2 [postupdate] | test.go:50:22:50:32 | &... | provenance | |
| test.go:49:2:49:11 | cleanNode2 [postupdate] | test.go:50:23:50:32 | cleanNode2 | provenance | |
| test.go:49:26:49:37 | taintedNode2 | test.go:49:2:49:11 | cleanNode2 [postupdate] | provenance | MaD:11 |
| test.go:50:22:50:32 | &... [pointer] | test.go:50:22:50:32 | &... | provenance | |
| test.go:50:22:50:32 | &... [pointer] | test.go:50:22:50:32 | &... | provenance | |
| test.go:50:22:50:32 | &... [pointer] | test.go:50:23:50:32 | cleanNode2 | provenance | |
| test.go:50:23:50:32 | cleanNode2 | test.go:50:22:50:32 | &... | provenance | |
| test.go:50:23:50:32 | cleanNode2 | test.go:50:22:50:32 | &... [pointer] | provenance | |
models
@@ -125,20 +117,18 @@ nodes
| test.go:39:49:39:60 | selection of Body | semmle.label | selection of Body |
| test.go:40:15:40:31 | tokenizerFragment | semmle.label | tokenizerFragment |
| test.go:40:15:40:42 | call to Buffered | semmle.label | call to Buffered |
| test.go:42:6:42:14 | definition of cleanNode | semmle.label | definition of cleanNode |
| test.go:43:2:43:43 | ... := ...[0] | semmle.label | ... := ...[0] |
| test.go:43:31:43:42 | selection of Body | semmle.label | selection of Body |
| test.go:44:2:44:10 | cleanNode [postupdate] | semmle.label | cleanNode [postupdate] |
| test.go:44:24:44:34 | taintedNode | semmle.label | taintedNode |
| test.go:45:22:45:31 | &... | semmle.label | &... |
| test.go:45:22:45:31 | &... | semmle.label | &... |
| test.go:45:22:45:31 | &... [pointer] | semmle.label | &... [pointer] |
| test.go:45:23:45:31 | cleanNode | semmle.label | cleanNode |
| test.go:47:6:47:15 | definition of cleanNode2 | semmle.label | definition of cleanNode2 |
| test.go:48:2:48:44 | ... := ...[0] | semmle.label | ... := ...[0] |
| test.go:48:32:48:43 | selection of Body | semmle.label | selection of Body |
| test.go:49:2:49:11 | cleanNode2 [postupdate] | semmle.label | cleanNode2 [postupdate] |
| test.go:49:26:49:37 | taintedNode2 | semmle.label | taintedNode2 |
| test.go:50:22:50:32 | &... | semmle.label | &... |
| test.go:50:22:50:32 | &... | semmle.label | &... |
| test.go:50:22:50:32 | &... [pointer] | semmle.label | &... [pointer] |
| test.go:50:23:50:32 | cleanNode2 | semmle.label | cleanNode2 |
subpaths

24
go/ql/test/library-tests/semmle/go/frameworks/Yaml/yaml.go
View File

@@ -13,30 +13,30 @@ func main() {
var inb []byte
out, _ = yaml1.Marshal(in) // $ marshaler="yaml: in -> ... = ...[0]" ttfnmodelstep="in -> ... = ...[0]"
yaml1.Unmarshal(inb, out) // $ unmarshaler="yaml: inb -> definition of out" ttfnmodelstep="inb -> definition of out"
yaml1.Unmarshal(inb, out) // $ unmarshaler="yaml: inb -> out [postupdate]" ttfnmodelstep="inb -> out [postupdate]"
out, _ = yaml2.Marshal(in) // $ marshaler="yaml: in -> ... = ...[0]" ttfnmodelstep="in -> ... = ...[0]"
yaml2.Unmarshal(inb, out) // $ unmarshaler="yaml: inb -> definition of out" ttfnmodelstep="inb -> definition of out"
yaml2.UnmarshalStrict(inb, out) // $ unmarshaler="yaml: inb -> definition of out" ttfnmodelstep="inb -> definition of out"
yaml2.Unmarshal(inb, out) // $ unmarshaler="yaml: inb -> out [postupdate]" ttfnmodelstep="inb -> out [postupdate]"
yaml2.UnmarshalStrict(inb, out) // $ unmarshaler="yaml: inb -> out [postupdate]" ttfnmodelstep="inb -> out [postupdate]"
var r io.Reader
d := yaml2.NewDecoder(r) // $ ttfnmodelstep="r -> call to NewDecoder"
d.Decode(out) // $ ttfnmodelstep="d -> definition of out"
d.Decode(out) // $ ttfnmodelstep="d -> out [postupdate]"
var w io.Writer
e := yaml2.NewEncoder(w) // $ ttfnmodelstep="definition of e -> definition of w"
e.Encode(in) // $ ttfnmodelstep="in -> definition of e"
e := yaml2.NewEncoder(w) // $ ttfnmodelstep="definition of e -> w [postupdate]"
e.Encode(in) // $ ttfnmodelstep="in -> e [postupdate]"
out, _ = yaml3.Marshal(in) // $ marshaler="yaml: in -> ... = ...[0]" ttfnmodelstep="in -> ... = ...[0]"
yaml3.Unmarshal(inb, out) // $ unmarshaler="yaml: inb -> definition of out" ttfnmodelstep="inb -> definition of out"
yaml3.Unmarshal(inb, out) // $ unmarshaler="yaml: inb -> out [postupdate]" ttfnmodelstep="inb -> out [postupdate]"
d1 := yaml3.NewDecoder(r) // $ ttfnmodelstep="r -> call to NewDecoder"
d1.Decode(out) // $ ttfnmodelstep="d1 -> definition of out"
d1.Decode(out) // $ ttfnmodelstep="d1 -> out [postupdate]"
e1 := yaml3.NewEncoder(w) // $ ttfnmodelstep="definition of e1 -> definition of w"
e1.Encode(in) // $ ttfnmodelstep="in -> definition of e1"
e1 := yaml3.NewEncoder(w) // $ ttfnmodelstep="definition of e1 -> w [postupdate]"
e1.Encode(in) // $ ttfnmodelstep="in -> e1 [postupdate]"
var n1 yaml3.Node
n1.Decode(out) // $ ttfnmodelstep="n1 -> definition of out"
n1.Encode(in) // $ ttfnmodelstep="in -> definition of n1"
n1.Decode(out) // $ ttfnmodelstep="n1 -> out [postupdate]"
n1.Encode(in) // $ ttfnmodelstep="in -> n1 [postupdate]"
}

43
go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected
View File

@@ -17,17 +17,18 @@
| SafeUrlFlow.go:74:70:74:85 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:74:70:74:85 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here |
| SafeUrlFlow.go:78:40:78:55 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:78:40:78:55 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here |
| SafeUrlFlow.go:89:24:89:41 | call to String | SafeUrlFlow.go:84:14:84:21 | selection of Host | SafeUrlFlow.go:89:24:89:41 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:84:14:84:21 | selection of Host | here |
| SafeUrlFlow.go:109:11:109:23 | reconstructed | SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:109:11:109:23 | reconstructed | A safe URL flows here from $@. | SafeUrlFlow.go:100:13:100:19 | selection of URL | here |
| SafeUrlFlow.go:112:24:112:50 | ...+... | SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:112:24:112:50 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:100:13:100:19 | selection of URL | here |
| SafeUrlFlow.go:113:29:113:58 | ...+... | SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:113:29:113:58 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:100:13:100:19 | selection of URL | here |
| SafeUrlFlow.go:114:12:114:42 | ...+... | SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:114:12:114:42 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:100:13:100:19 | selection of URL | here |
| SafeUrlFlow.go:115:12:115:25 | safeOpaquePart | SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:115:12:115:25 | safeOpaquePart | A safe URL flows here from $@. | SafeUrlFlow.go:100:13:100:19 | selection of URL | here |
| SafeUrlFlow.go:105:11:105:23 | reconstructed | SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:105:11:105:23 | reconstructed | A safe URL flows here from $@. | SafeUrlFlow.go:96:13:96:19 | selection of URL | here |
| SafeUrlFlow.go:108:24:108:50 | ...+... | SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:108:24:108:50 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:96:13:96:19 | selection of URL | here |
| SafeUrlFlow.go:109:29:109:58 | ...+... | SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:109:29:109:58 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:96:13:96:19 | selection of URL | here |
| SafeUrlFlow.go:110:12:110:42 | ...+... | SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:110:12:110:42 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:96:13:96:19 | selection of URL | here |
| SafeUrlFlow.go:111:12:111:25 | safeOpaquePart | SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:111:12:111:25 | safeOpaquePart | A safe URL flows here from $@. | SafeUrlFlow.go:96:13:96:19 | selection of URL | here |
edges
| SafeUrlFlow.go:10:14:10:21 | selection of Host | SafeUrlFlow.go:11:24:11:50 | ...+... | provenance | Sink:MaD:1 |
| SafeUrlFlow.go:10:14:10:21 | selection of Host | SafeUrlFlow.go:17:19:17:26 | safeHost | provenance | |
| SafeUrlFlow.go:13:13:13:19 | selection of URL | SafeUrlFlow.go:14:29:14:35 | safeURL | provenance | Src:MaD:2 |
| SafeUrlFlow.go:14:29:14:35 | safeURL | SafeUrlFlow.go:14:29:14:44 | call to String | provenance | MaD:3 |
| SafeUrlFlow.go:17:19:17:26 | safeHost | SafeUrlFlow.go:18:11:18:19 | targetURL | provenance | Config |
| SafeUrlFlow.go:17:2:17:10 | targetURL [postupdate] | SafeUrlFlow.go:18:11:18:19 | targetURL | provenance | |
| SafeUrlFlow.go:17:19:17:26 | safeHost | SafeUrlFlow.go:17:2:17:10 | targetURL [postupdate] | provenance | Config |
| SafeUrlFlow.go:18:11:18:19 | targetURL | SafeUrlFlow.go:18:11:18:28 | call to String | provenance | MaD:3 |
| SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:45:24:45:61 | ...+... | provenance | Src:MaD:2 Sink:MaD:1 |
| SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:46:29:46:55 | ...+... | provenance | Src:MaD:2 |
@@ -55,13 +56,16 @@ edges
| SafeUrlFlow.go:74:70:74:76 | safeURL | SafeUrlFlow.go:74:70:74:85 | call to String | provenance | MaD:3 |
| SafeUrlFlow.go:78:40:78:46 | safeURL | SafeUrlFlow.go:78:40:78:55 | call to String | provenance | MaD:3 |
| SafeUrlFlow.go:84:14:84:21 | selection of Host | SafeUrlFlow.go:87:19:87:26 | safeHost | provenance | |
| SafeUrlFlow.go:87:19:87:26 | safeHost | SafeUrlFlow.go:89:24:89:32 | targetURL | provenance | Config |
| SafeUrlFlow.go:87:2:87:10 | implicit dereference [postupdate] | SafeUrlFlow.go:87:2:87:10 | targetURL [postupdate] | provenance | |
| SafeUrlFlow.go:87:2:87:10 | targetURL [postupdate] | SafeUrlFlow.go:89:24:89:32 | targetURL | provenance | |
| SafeUrlFlow.go:87:19:87:26 | safeHost | SafeUrlFlow.go:87:2:87:10 | implicit dereference [postupdate] | provenance | Config |
| SafeUrlFlow.go:87:19:87:26 | safeHost | SafeUrlFlow.go:87:2:87:10 | targetURL [postupdate] | provenance | Config |
| SafeUrlFlow.go:89:24:89:32 | targetURL | SafeUrlFlow.go:89:24:89:41 | call to String | provenance | MaD:3 Sink:MaD:1 |
| SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:109:11:109:23 | reconstructed | provenance | Src:MaD:2 |
| SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:112:24:112:50 | ...+... | provenance | Src:MaD:2 Sink:MaD:1 |
| SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:113:29:113:58 | ...+... | provenance | Src:MaD:2 |
| SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:114:12:114:42 | ...+... | provenance | Src:MaD:2 |
| SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:115:12:115:25 | safeOpaquePart | provenance | Src:MaD:2 |
| SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:105:11:105:23 | reconstructed | provenance | Src:MaD:2 |
| SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:108:24:108:50 | ...+... | provenance | Src:MaD:2 Sink:MaD:1 |
| SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:109:29:109:58 | ...+... | provenance | Src:MaD:2 |
| SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:110:12:110:42 | ...+... | provenance | Src:MaD:2 |
| SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:111:12:111:25 | safeOpaquePart | provenance | Src:MaD:2 |
models
| 1 | Sink: net/http; ; false; Redirect; ; ; Argument[2]; url-redirection[0]; manual |
| 2 | Source: net/http; Request; true; URL; ; ; ; remote; manual |
@@ -72,6 +76,7 @@ nodes
| SafeUrlFlow.go:13:13:13:19 | selection of URL | semmle.label | selection of URL |
| SafeUrlFlow.go:14:29:14:35 | safeURL | semmle.label | safeURL |
| SafeUrlFlow.go:14:29:14:44 | call to String | semmle.label | call to String |
| SafeUrlFlow.go:17:2:17:10 | targetURL [postupdate] | semmle.label | targetURL [postupdate] |
| SafeUrlFlow.go:17:19:17:26 | safeHost | semmle.label | safeHost |
| SafeUrlFlow.go:18:11:18:19 | targetURL | semmle.label | targetURL |
| SafeUrlFlow.go:18:11:18:28 | call to String | semmle.label | call to String |
@@ -103,13 +108,15 @@ nodes
| SafeUrlFlow.go:78:40:78:46 | safeURL | semmle.label | safeURL |
| SafeUrlFlow.go:78:40:78:55 | call to String | semmle.label | call to String |
| SafeUrlFlow.go:84:14:84:21 | selection of Host | semmle.label | selection of Host |
| SafeUrlFlow.go:87:2:87:10 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
| SafeUrlFlow.go:87:2:87:10 | targetURL [postupdate] | semmle.label | targetURL [postupdate] |
| SafeUrlFlow.go:87:19:87:26 | safeHost | semmle.label | safeHost |
| SafeUrlFlow.go:89:24:89:32 | targetURL | semmle.label | targetURL |
| SafeUrlFlow.go:89:24:89:41 | call to String | semmle.label | call to String |
| SafeUrlFlow.go:100:13:100:19 | selection of URL | semmle.label | selection of URL |
| SafeUrlFlow.go:109:11:109:23 | reconstructed | semmle.label | reconstructed |
| SafeUrlFlow.go:112:24:112:50 | ...+... | semmle.label | ...+... |
| SafeUrlFlow.go:113:29:113:58 | ...+... | semmle.label | ...+... |
| SafeUrlFlow.go:114:12:114:42 | ...+... | semmle.label | ...+... |
| SafeUrlFlow.go:115:12:115:25 | safeOpaquePart | semmle.label | safeOpaquePart |
| SafeUrlFlow.go:96:13:96:19 | selection of URL | semmle.label | selection of URL |
| SafeUrlFlow.go:105:11:105:23 | reconstructed | semmle.label | reconstructed |
| SafeUrlFlow.go:108:24:108:50 | ...+... | semmle.label | ...+... |
| SafeUrlFlow.go:109:29:109:58 | ...+... | semmle.label | ...+... |
| SafeUrlFlow.go:110:12:110:42 | ...+... | semmle.label | ...+... |
| SafeUrlFlow.go:111:12:111:25 | safeOpaquePart | semmle.label | safeOpaquePart |
subpaths

8
go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.go
View File

@@ -87,13 +87,9 @@ func testHostFieldAssignmentFlow(w http.ResponseWriter, req *http.Request) {
targetURL.Host = safeHost // URL is safe if Host is safe
http.Redirect(w, req, targetURL.String(), http.StatusFound) // $ Alert
}
func testHostFieldOverwritten(w http.ResponseWriter, req *http.Request) {
safeURL := req.URL
safeURL.Host = "something.else.com" // safeURL is not guaranteed to be safe now that Host is overwritten
http.Get(safeURL.String()) // not guaranteed to be safe
targetURL.Host = "something.else.com" // targetURL is not guaranteed to be safe now that Host is overwritten
http.Get(targetURL.String())
}
func testFieldAccess(w http.ResponseWriter, req *http.Request) {

2
go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected
View File

@@ -6,8 +6,8 @@ edges
| TaintedPath.go:15:18:15:22 | selection of URL | TaintedPath.go:15:18:15:30 | call to Query | provenance | Src:MaD:2 MaD:3 |
| TaintedPath.go:15:18:15:30 | call to Query | TaintedPath.go:18:29:18:40 | tainted_path | provenance | Sink:MaD:1 |
| TaintedPath.go:15:18:15:30 | call to Query | TaintedPath.go:22:57:22:68 | tainted_path | provenance | |
| TaintedPath.go:15:18:15:30 | call to Query | TaintedPath.go:74:39:74:56 | ...+... | provenance | |
| TaintedPath.go:22:57:22:68 | tainted_path | TaintedPath.go:22:28:22:69 | call to Join | provenance | FunctionModel Sink:MaD:1 |
| TaintedPath.go:22:57:22:68 | tainted_path | TaintedPath.go:74:39:74:56 | ...+... | provenance | |
| TaintedPath.go:74:39:74:56 | ...+... | TaintedPath.go:74:28:74:57 | call to Clean | provenance | MaD:4 Sink:MaD:1 |
models
| 1 | Sink: io/ioutil; ; false; ReadFile; ; ; Argument[0]; path-injection; manual |

16
go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
View File

@@ -48,14 +48,14 @@ edges
| GitSubcommands.go:11:13:11:27 | call to Query | GitSubcommands.go:17:36:17:42 | tainted | provenance | |
| GitSubcommands.go:33:13:33:19 | selection of URL | GitSubcommands.go:33:13:33:27 | call to Query | provenance | Src:MaD:2 MaD:7 |
| GitSubcommands.go:33:13:33:27 | call to Query | GitSubcommands.go:38:32:38:38 | tainted | provenance | |
| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:13:25:13:31 | tainted | provenance | |
| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance | |
| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:39:31:39:37 | tainted | provenance | Config |
| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:52:24:52:30 | tainted | provenance | Config |
| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:68:31:68:37 | tainted | provenance | Config |
| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:80:23:80:29 | tainted | provenance | Config |
| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:9:13:9:27 | call to Query | provenance | Src:MaD:2 MaD:7 |
| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:13:25:13:31 | tainted | provenance | |
| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance | |
| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:39:31:39:37 | tainted | provenance | |
| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:52:24:52:30 | tainted | provenance | |
| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:53:21:53:28 | arrayLit | provenance | |
| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:68:31:68:37 | tainted | provenance | |
| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:80:23:80:29 | tainted | provenance | |
| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | provenance | |
| SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | provenance | |
| SanitizingDoubleDash.go:13:25:13:31 | tainted | SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | provenance | |
| SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | SanitizingDoubleDash.go:14:23:14:33 | slice element node | provenance | |
@@ -67,6 +67,7 @@ edges
| SanitizingDoubleDash.go:39:31:39:37 | tainted | SanitizingDoubleDash.go:39:14:39:44 | []type{args} [array] | provenance | |
| SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | SanitizingDoubleDash.go:53:21:53:28 | arrayLit [array] | provenance | |
| SanitizingDoubleDash.go:52:24:52:30 | tainted | SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | provenance | |
| SanitizingDoubleDash.go:52:24:52:30 | tainted | SanitizingDoubleDash.go:53:21:53:28 | arrayLit | provenance | |
| SanitizingDoubleDash.go:53:14:53:35 | call to append | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | provenance | |
| SanitizingDoubleDash.go:53:14:53:35 | call to append [array] | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | provenance | |
| SanitizingDoubleDash.go:53:21:53:28 | arrayLit | SanitizingDoubleDash.go:53:14:53:35 | call to append | provenance | MaD:4 |
@@ -180,6 +181,7 @@ nodes
| GitSubcommands.go:33:13:33:19 | selection of URL | semmle.label | selection of URL |
| GitSubcommands.go:33:13:33:27 | call to Query | semmle.label | call to Query |
| GitSubcommands.go:38:32:38:38 | tainted | semmle.label | tainted |
| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | semmle.label | definition of tainted |
| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | semmle.label | selection of URL |
| SanitizingDoubleDash.go:9:13:9:27 | call to Query | semmle.label | call to Query |
| SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | semmle.label | array literal [array] |

22
go/ql/test/query-tests/Security/CWE-078/SanitizingDoubleDash.go
View File

@@ -93,62 +93,62 @@ func testDoubleDashIrrelevant(req *http.Request) {
{
arrayLit := [1]string{tainted}
exec.Command("sudo", arrayLit[:]...)
exec.Command("sudo", arrayLit[:]...) // BAD
}
{
arrayLit := [2]string{"--", tainted}
exec.Command("sudo", arrayLit[:]...)
exec.Command("sudo", arrayLit[:]...) // BAD
}
{
arrayLit := []string{"--", tainted}
exec.Command("sudo", arrayLit...)
exec.Command("sudo", arrayLit...) // BAD
}
{
arrayLit := []string{}
arrayLit = append(arrayLit, "--", tainted)
exec.Command("sudo", arrayLit...)
exec.Command("sudo", arrayLit...) // BAD
}
{
arrayLit := []string{}
arrayLit = append(arrayLit, tainted, "--")
exec.Command("sudo", arrayLit...)
exec.Command("sudo", arrayLit...) // BAD
}
{
arrayLit := []string{"--"}
arrayLit = append(arrayLit, tainted)
exec.Command("sudo", arrayLit...)
exec.Command("sudo", arrayLit...) // BAD
}
{
arrayLit := []string{tainted}
arrayLit = append(arrayLit, "--")
exec.Command("sudo", arrayLit...)
exec.Command("sudo", arrayLit...) // BAD
}
{
arrayLit := []string{"--"}
arrayLit = append(arrayLit, "something else")
arrayLit = append(arrayLit, tainted)
exec.Command("sudo", arrayLit...)
exec.Command("sudo", arrayLit...) // BAD
}
{
arrayLit := []string{"something else"}
arrayLit = append(arrayLit, tainted)
arrayLit = append(arrayLit, "--")
exec.Command("sudo", arrayLit...)
exec.Command("sudo", arrayLit...) // BAD
}
{
exec.Command("sudo", "--", tainted)
exec.Command("sudo", "--", tainted) // BAD
}
{
exec.Command("sudo", tainted, "--")
exec.Command("sudo", tainted, "--") // BAD
}
}

6
go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected
View File

@@ -2,14 +2,14 @@
| StoredCommand.go:14:22:14:28 | cmdName | StoredCommand.go:11:2:11:27 | ... := ...[0] | StoredCommand.go:14:22:14:28 | cmdName | This command depends on a $@. | StoredCommand.go:11:2:11:27 | ... := ...[0] | stored value |
edges
| StoredCommand.go:11:2:11:27 | ... := ...[0] | StoredCommand.go:13:2:13:5 | rows | provenance | Src:MaD:2 |
| StoredCommand.go:13:2:13:5 | rows | StoredCommand.go:13:12:13:19 | &... | provenance | FunctionModel |
| StoredCommand.go:13:12:13:19 | &... | StoredCommand.go:14:22:14:28 | cmdName | provenance | Sink:MaD:1 |
| StoredCommand.go:13:2:13:5 | rows | StoredCommand.go:13:12:13:19 | &... [postupdate] | provenance | FunctionModel |
| StoredCommand.go:13:12:13:19 | &... [postupdate] | StoredCommand.go:14:22:14:28 | cmdName | provenance | Sink:MaD:1 |
models
| 1 | Sink: os/exec; ; false; Command; ; ; Argument[0]; command-injection; manual |
| 2 | Source: database/sql; DB; true; Query; ; ; ReturnValue[0]; database; manual |
nodes
| StoredCommand.go:11:2:11:27 | ... := ...[0] | semmle.label | ... := ...[0] |
| StoredCommand.go:13:2:13:5 | rows | semmle.label | rows |
| StoredCommand.go:13:12:13:19 | &... | semmle.label | &... |
| StoredCommand.go:13:12:13:19 | &... [postupdate] | semmle.label | &... [postupdate] |
| StoredCommand.go:14:22:14:28 | cmdName | semmle.label | cmdName |
subpaths

39
go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
View File

@@ -13,11 +13,11 @@
| reflectedxsstest.go:54:11:54:21 | type conversion | reflectedxsstest.go:51:14:51:18 | selection of URL | reflectedxsstest.go:54:11:54:21 | type conversion | Cross-site scripting vulnerability due to $@. | reflectedxsstest.go:51:14:51:18 | selection of URL | user-provided value | reflectedxsstest.go:0:0:0:0 | reflectedxsstest.go | |
| tst.go:18:12:18:39 | type conversion | tst.go:14:15:14:20 | selection of Form | tst.go:18:12:18:39 | type conversion | Cross-site scripting vulnerability due to $@. | tst.go:14:15:14:20 | selection of Form | user-provided value | tst.go:0:0:0:0 | tst.go | |
| tst.go:53:12:53:26 | type conversion | tst.go:48:14:48:19 | selection of Form | tst.go:53:12:53:26 | type conversion | Cross-site scripting vulnerability due to $@. | tst.go:48:14:48:19 | selection of Form | user-provided value | tst.go:0:0:0:0 | tst.go | |
| websocketXss.go:32:24:32:27 | xnet | websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | Cross-site scripting vulnerability due to $@. | websocketXss.go:30:7:30:10 | definition of xnet | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | |
| websocketXss.go:36:24:36:28 | xnet2 | websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | Cross-site scripting vulnerability due to $@. | websocketXss.go:34:3:34:7 | definition of xnet2 | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | |
| websocketXss.go:32:24:32:27 | xnet | websocketXss.go:31:11:31:14 | xnet [postupdate] | websocketXss.go:32:24:32:27 | xnet | Cross-site scripting vulnerability due to $@. | websocketXss.go:31:11:31:14 | xnet [postupdate] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | |
| websocketXss.go:36:24:36:28 | xnet2 | websocketXss.go:35:21:35:25 | xnet2 [postupdate] | websocketXss.go:36:24:36:28 | xnet2 | Cross-site scripting vulnerability due to $@. | websocketXss.go:35:21:35:25 | xnet2 [postupdate] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | |
| websocketXss.go:41:24:41:29 | nhooyr | websocketXss.go:40:3:40:40 | ... := ...[1] | websocketXss.go:41:24:41:29 | nhooyr | Cross-site scripting vulnerability due to $@. | websocketXss.go:40:3:40:40 | ... := ...[1] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | |
| websocketXss.go:48:24:48:33 | gorillaMsg | websocketXss.go:46:7:46:16 | definition of gorillaMsg | websocketXss.go:48:24:48:33 | gorillaMsg | Cross-site scripting vulnerability due to $@. | websocketXss.go:46:7:46:16 | definition of gorillaMsg | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | |
| websocketXss.go:52:24:52:31 | gorilla2 | websocketXss.go:50:3:50:10 | definition of gorilla2 | websocketXss.go:52:24:52:31 | gorilla2 | Cross-site scripting vulnerability due to $@. | websocketXss.go:50:3:50:10 | definition of gorilla2 | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | |
| websocketXss.go:48:24:48:33 | gorillaMsg | websocketXss.go:47:26:47:35 | gorillaMsg [postupdate] | websocketXss.go:48:24:48:33 | gorillaMsg | Cross-site scripting vulnerability due to $@. | websocketXss.go:47:26:47:35 | gorillaMsg [postupdate] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | |
| websocketXss.go:52:24:52:31 | gorilla2 | websocketXss.go:51:17:51:24 | gorilla2 [postupdate] | websocketXss.go:52:24:52:31 | gorilla2 | Cross-site scripting vulnerability due to $@. | websocketXss.go:51:17:51:24 | gorilla2 [postupdate] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | |
| websocketXss.go:55:24:55:31 | gorilla3 | websocketXss.go:54:3:54:38 | ... := ...[1] | websocketXss.go:55:24:55:31 | gorilla3 | Cross-site scripting vulnerability due to $@. | websocketXss.go:54:3:54:38 | ... := ...[1] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | |
edges
| ReflectedXss.go:11:15:11:20 | selection of Form | ReflectedXss.go:11:15:11:36 | call to Get | provenance | Src:MaD:6 MaD:18 |
@@ -48,8 +48,8 @@ edges
| reflectedxsstest.go:39:16:39:21 | reader | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | provenance | MaD:16 |
| reflectedxsstest.go:40:14:40:17 | part | reflectedxsstest.go:40:14:40:28 | call to FileName | provenance | MaD:15 |
| reflectedxsstest.go:40:14:40:28 | call to FileName | reflectedxsstest.go:44:46:44:53 | partName | provenance | |
| reflectedxsstest.go:41:2:41:10 | definition of byteSlice | reflectedxsstest.go:45:10:45:18 | byteSlice | provenance | |
| reflectedxsstest.go:42:2:42:5 | part | reflectedxsstest.go:41:2:41:10 | definition of byteSlice | provenance | MaD:14 |
| reflectedxsstest.go:42:2:42:5 | part | reflectedxsstest.go:42:12:42:20 | byteSlice [postupdate] | provenance | MaD:14 |
| reflectedxsstest.go:42:12:42:20 | byteSlice [postupdate] | reflectedxsstest.go:45:10:45:18 | byteSlice | provenance | |
| reflectedxsstest.go:44:17:44:54 | []type{args} [array] | reflectedxsstest.go:44:17:44:54 | call to Sprintf | provenance | MaD:12 |
| reflectedxsstest.go:44:17:44:54 | call to Sprintf | reflectedxsstest.go:44:10:44:55 | type conversion | provenance | |
| reflectedxsstest.go:44:46:44:53 | partName | reflectedxsstest.go:44:17:44:54 | []type{args} [array] | provenance | |
@@ -62,11 +62,11 @@ edges
| tst.go:18:32:18:32 | a | tst.go:18:19:18:38 | call to Join | provenance | MaD:19 |
| tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:34 | call to Get | provenance | Src:MaD:6 MaD:18 |
| tst.go:48:14:48:34 | call to Get | tst.go:53:12:53:26 | type conversion | provenance | |
| websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | provenance | Src:MaD:5 |
| websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | provenance | Src:MaD:4 |
| websocketXss.go:31:11:31:14 | xnet [postupdate] | websocketXss.go:32:24:32:27 | xnet | provenance | Src:MaD:5 |
| websocketXss.go:35:21:35:25 | xnet2 [postupdate] | websocketXss.go:36:24:36:28 | xnet2 | provenance | Src:MaD:4 |
| websocketXss.go:40:3:40:40 | ... := ...[1] | websocketXss.go:41:24:41:29 | nhooyr | provenance | Src:MaD:11 |
| websocketXss.go:46:7:46:16 | definition of gorillaMsg | websocketXss.go:48:24:48:33 | gorillaMsg | provenance | Src:MaD:1 |
| websocketXss.go:50:3:50:10 | definition of gorilla2 | websocketXss.go:52:24:52:31 | gorilla2 | provenance | Src:MaD:2 |
| websocketXss.go:47:26:47:35 | gorillaMsg [postupdate] | websocketXss.go:48:24:48:33 | gorillaMsg | provenance | Src:MaD:1 |
| websocketXss.go:51:17:51:24 | gorilla2 [postupdate] | websocketXss.go:52:24:52:31 | gorilla2 | provenance | Src:MaD:2 |
| websocketXss.go:54:3:54:38 | ... := ...[1] | websocketXss.go:55:24:55:31 | gorilla3 | provenance | Src:MaD:3 |
models
| 1 | Source: github.com/gorilla/websocket; ; false; ReadJSON; ; ; Argument[1]; remote; manual |
@@ -123,8 +123,8 @@ nodes
| reflectedxsstest.go:39:16:39:21 | reader | semmle.label | reader |
| reflectedxsstest.go:40:14:40:17 | part | semmle.label | part |
| reflectedxsstest.go:40:14:40:28 | call to FileName | semmle.label | call to FileName |
| reflectedxsstest.go:41:2:41:10 | definition of byteSlice | semmle.label | definition of byteSlice |
| reflectedxsstest.go:42:2:42:5 | part | semmle.label | part |
| reflectedxsstest.go:42:12:42:20 | byteSlice [postupdate] | semmle.label | byteSlice [postupdate] |
| reflectedxsstest.go:44:10:44:55 | type conversion | semmle.label | type conversion |
| reflectedxsstest.go:44:17:44:54 | []type{args} [array] | semmle.label | []type{args} [array] |
| reflectedxsstest.go:44:17:44:54 | call to Sprintf | semmle.label | call to Sprintf |
@@ -141,16 +141,25 @@ nodes
| tst.go:48:14:48:19 | selection of Form | semmle.label | selection of Form |
| tst.go:48:14:48:34 | call to Get | semmle.label | call to Get |
| tst.go:53:12:53:26 | type conversion | semmle.label | type conversion |
| websocketXss.go:30:7:30:10 | definition of xnet | semmle.label | definition of xnet |
| websocketXss.go:31:11:31:14 | xnet [postupdate] | semmle.label | xnet [postupdate] |
| websocketXss.go:32:24:32:27 | xnet | semmle.label | xnet |
| websocketXss.go:34:3:34:7 | definition of xnet2 | semmle.label | definition of xnet2 |
| websocketXss.go:35:21:35:25 | xnet2 [postupdate] | semmle.label | xnet2 [postupdate] |
| websocketXss.go:36:24:36:28 | xnet2 | semmle.label | xnet2 |
| websocketXss.go:40:3:40:40 | ... := ...[1] | semmle.label | ... := ...[1] |
| websocketXss.go:41:24:41:29 | nhooyr | semmle.label | nhooyr |
| websocketXss.go:46:7:46:16 | definition of gorillaMsg | semmle.label | definition of gorillaMsg |
| websocketXss.go:47:26:47:35 | gorillaMsg [postupdate] | semmle.label | gorillaMsg [postupdate] |
| websocketXss.go:48:24:48:33 | gorillaMsg | semmle.label | gorillaMsg |
| websocketXss.go:50:3:50:10 | definition of gorilla2 | semmle.label | definition of gorilla2 |
| websocketXss.go:51:17:51:24 | gorilla2 [postupdate] | semmle.label | gorilla2 [postupdate] |
| websocketXss.go:52:24:52:31 | gorilla2 | semmle.label | gorilla2 |
| websocketXss.go:54:3:54:38 | ... := ...[1] | semmle.label | ... := ...[1] |
| websocketXss.go:55:24:55:31 | gorilla3 | semmle.label | gorilla3 |
subpaths
testFailures
| websocketXss.go:30:32:30:60 | comment | Missing result: Source[go/reflected-xss] |
| websocketXss.go:31:11:31:14 | xnet [postupdate] | Unexpected result: Source |
| websocketXss.go:34:30:34:58 | comment | Missing result: Source[go/reflected-xss] |
| websocketXss.go:35:21:35:25 | xnet2 [postupdate] | Unexpected result: Source |
| websocketXss.go:46:38:46:66 | comment | Missing result: Source[go/reflected-xss] |
| websocketXss.go:47:26:47:35 | gorillaMsg [postupdate] | Unexpected result: Source |
| websocketXss.go:50:33:50:61 | comment | Missing result: Source[go/reflected-xss] |
| websocketXss.go:51:17:51:24 | gorilla2 [postupdate] | Unexpected result: Source |

6
go/ql/test/query-tests/Security/CWE-079/StoredXss.expected
View File

@@ -3,15 +3,15 @@
| stored.go:61:22:61:25 | path | stored.go:59:30:59:33 | definition of path | stored.go:61:22:61:25 | path | Stored cross-site scripting vulnerability due to $@. | stored.go:59:30:59:33 | definition of path | stored value |
edges
| stored.go:18:3:18:28 | ... := ...[0] | stored.go:25:14:25:17 | rows | provenance | Src:MaD:1 |
| stored.go:25:14:25:17 | rows | stored.go:25:29:25:33 | &... | provenance | FunctionModel |
| stored.go:25:29:25:33 | &... | stored.go:30:22:30:25 | name | provenance | |
| stored.go:25:14:25:17 | rows | stored.go:25:29:25:33 | &... [postupdate] | provenance | FunctionModel |
| stored.go:25:29:25:33 | &... [postupdate] | stored.go:30:22:30:25 | name | provenance | |
| stored.go:59:30:59:33 | definition of path | stored.go:61:22:61:25 | path | provenance | |
models
| 1 | Source: database/sql; DB; true; Query; ; ; ReturnValue[0]; database; manual |
nodes
| stored.go:18:3:18:28 | ... := ...[0] | semmle.label | ... := ...[0] |
| stored.go:25:14:25:17 | rows | semmle.label | rows |
| stored.go:25:29:25:33 | &... | semmle.label | &... |
| stored.go:25:29:25:33 | &... [postupdate] | semmle.label | &... [postupdate] |
| stored.go:30:22:30:25 | name | semmle.label | name |
| stored.go:59:30:59:33 | definition of path | semmle.label | definition of path |
| stored.go:61:22:61:25 | path | semmle.label | path |

Some files were not shown because too many files have changed in this diff Show More