hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 21:25:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update test output

Browse Source
This commit is contained in:
Sauyon Lee
2021-09-22 11:56:26 -07:00
committed by Owen Mansel-Chan
parent 763861bef9
commit 3ac2a50497
43 changed files with 249 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

197
ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected
View File

@@ -1,110 +1,251 @@
edges
| CookieWithoutHttpOnly.go:12:10:12:18 | "session" : string | CookieWithoutHttpOnly.go:15:20:15:21 | &... |
| CookieWithoutHttpOnly.go:12:10:12:18 | "session" : string | CookieWithoutHttpOnly.go:15:20:15:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:12:10:12:18 | "session" : string | CookieWithoutHttpOnly.go:15:21:15:21 | c : Cookie |
| CookieWithoutHttpOnly.go:15:20:15:21 | &... : pointer type | CookieWithoutHttpOnly.go:15:20:15:21 | &... |
| CookieWithoutHttpOnly.go:15:20:15:21 | &... : pointer type | CookieWithoutHttpOnly.go:15:20:15:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:15:20:15:21 | &... : pointer type | CookieWithoutHttpOnly.go:15:21:15:21 | c : Cookie |
| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:15:20:15:21 | &... |
| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:15:20:15:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:15:21:15:21 | c : Cookie |
| CookieWithoutHttpOnly.go:15:21:15:21 | c : Cookie | CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:20:13:20:21 | "session" : string | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
| CookieWithoutHttpOnly.go:20:13:20:21 | "session" : string | CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:20:13:20:21 | "session" : string | CookieWithoutHttpOnly.go:24:21:24:21 | c : Cookie |
| CookieWithoutHttpOnly.go:22:13:22:17 | false : bool | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
| CookieWithoutHttpOnly.go:22:13:22:17 | false : bool | CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:22:13:22:17 | false : bool | CookieWithoutHttpOnly.go:24:21:24:21 | c : Cookie |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type | CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type | CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type | CookieWithoutHttpOnly.go:24:21:24:21 | c : Cookie |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type | CookieWithoutHttpOnly.go:24:21:24:21 | c : Cookie |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:24:20:24:21 | &... |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:24:21:24:21 | c : Cookie |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:24:21:24:21 | c : Cookie |
| CookieWithoutHttpOnly.go:24:21:24:21 | c : Cookie | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:24:21:24:21 | c : Cookie | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:29:13:29:21 | "session" : string | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
| CookieWithoutHttpOnly.go:29:13:29:21 | "session" : string | CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:29:13:29:21 | "session" : string | CookieWithoutHttpOnly.go:33:21:33:21 | c : Cookie |
| CookieWithoutHttpOnly.go:31:13:31:16 | true : bool | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
| CookieWithoutHttpOnly.go:31:13:31:16 | true : bool | CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:31:13:31:16 | true : bool | CookieWithoutHttpOnly.go:33:21:33:21 | c : Cookie |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type | CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type | CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type | CookieWithoutHttpOnly.go:33:21:33:21 | c : Cookie |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type | CookieWithoutHttpOnly.go:33:21:33:21 | c : Cookie |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:33:20:33:21 | &... |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:33:21:33:21 | c : Cookie |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:33:21:33:21 | c : Cookie |
| CookieWithoutHttpOnly.go:33:21:33:21 | c : Cookie | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:33:21:33:21 | c : Cookie | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:38:10:38:18 | "session" : string | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
| CookieWithoutHttpOnly.go:38:10:38:18 | "session" : string | CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:38:10:38:18 | "session" : string | CookieWithoutHttpOnly.go:42:21:42:21 | c : Cookie |
| CookieWithoutHttpOnly.go:41:15:41:18 | true : bool | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
| CookieWithoutHttpOnly.go:41:15:41:18 | true : bool | CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:41:15:41:18 | true : bool | CookieWithoutHttpOnly.go:42:21:42:21 | c : Cookie |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type | CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type | CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type | CookieWithoutHttpOnly.go:42:21:42:21 | c : Cookie |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type | CookieWithoutHttpOnly.go:42:21:42:21 | c : Cookie |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:42:20:42:21 | &... |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:42:21:42:21 | c : Cookie |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:42:21:42:21 | c : Cookie |
| CookieWithoutHttpOnly.go:42:21:42:21 | c : Cookie | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:42:21:42:21 | c : Cookie | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:47:10:47:18 | "session" : string | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
| CookieWithoutHttpOnly.go:47:10:47:18 | "session" : string | CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:47:10:47:18 | "session" : string | CookieWithoutHttpOnly.go:51:21:51:21 | c : Cookie |
| CookieWithoutHttpOnly.go:50:15:50:19 | false : bool | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
| CookieWithoutHttpOnly.go:50:15:50:19 | false : bool | CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:50:15:50:19 | false : bool | CookieWithoutHttpOnly.go:51:21:51:21 | c : Cookie |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type | CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type | CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type | CookieWithoutHttpOnly.go:51:21:51:21 | c : Cookie |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type | CookieWithoutHttpOnly.go:51:21:51:21 | c : Cookie |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:51:20:51:21 | &... |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:51:21:51:21 | c : Cookie |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:51:21:51:21 | c : Cookie |
| CookieWithoutHttpOnly.go:51:21:51:21 | c : Cookie | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:51:21:51:21 | c : Cookie | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:55:2:55:4 | definition of val : bool | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
| CookieWithoutHttpOnly.go:55:2:55:4 | definition of val : bool | CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:55:2:55:4 | definition of val : bool | CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie |
| CookieWithoutHttpOnly.go:55:9:55:13 | false : bool | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
| CookieWithoutHttpOnly.go:55:9:55:13 | false : bool | CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:55:9:55:13 | false : bool | CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie |
| CookieWithoutHttpOnly.go:57:13:57:21 | "session" : string | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
| CookieWithoutHttpOnly.go:57:13:57:21 | "session" : string | CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:57:13:57:21 | "session" : string | CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie |
| CookieWithoutHttpOnly.go:59:13:59:15 | val : bool | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
| CookieWithoutHttpOnly.go:59:13:59:15 | val : bool | CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:59:13:59:15 | val : bool | CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type | CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type | CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type | CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type | CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:61:20:61:21 | &... |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie |
| CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:65:2:65:4 | definition of val : bool | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
| CookieWithoutHttpOnly.go:65:2:65:4 | definition of val : bool | CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:65:2:65:4 | definition of val : bool | CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie |
| CookieWithoutHttpOnly.go:65:9:65:12 | true : bool | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
| CookieWithoutHttpOnly.go:65:9:65:12 | true : bool | CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:65:9:65:12 | true : bool | CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie |
| CookieWithoutHttpOnly.go:67:13:67:21 | "session" : string | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
| CookieWithoutHttpOnly.go:67:13:67:21 | "session" : string | CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:67:13:67:21 | "session" : string | CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie |
| CookieWithoutHttpOnly.go:69:13:69:15 | val : bool | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
| CookieWithoutHttpOnly.go:69:13:69:15 | val : bool | CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:69:13:69:15 | val : bool | CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type | CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type | CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type | CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type | CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:71:20:71:21 | &... |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie |
| CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:75:2:75:4 | definition of val : bool | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
| CookieWithoutHttpOnly.go:75:2:75:4 | definition of val : bool | CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:75:2:75:4 | definition of val : bool | CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie |
| CookieWithoutHttpOnly.go:75:9:75:12 | true : bool | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
| CookieWithoutHttpOnly.go:75:9:75:12 | true : bool | CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:75:9:75:12 | true : bool | CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie |
| CookieWithoutHttpOnly.go:77:10:77:18 | "session" : string | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
| CookieWithoutHttpOnly.go:77:10:77:18 | "session" : string | CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:77:10:77:18 | "session" : string | CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie |
| CookieWithoutHttpOnly.go:80:15:80:17 | val : bool | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
| CookieWithoutHttpOnly.go:80:15:80:17 | val : bool | CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:80:15:80:17 | val : bool | CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type | CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type | CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type | CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type | CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:81:20:81:21 | &... |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie |
| CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:85:2:85:4 | definition of val : bool | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
| CookieWithoutHttpOnly.go:85:2:85:4 | definition of val : bool | CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:85:2:85:4 | definition of val : bool | CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie |
| CookieWithoutHttpOnly.go:85:9:85:13 | false : bool | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
| CookieWithoutHttpOnly.go:85:9:85:13 | false : bool | CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:85:9:85:13 | false : bool | CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie |
| CookieWithoutHttpOnly.go:87:10:87:18 | "session" : string | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
| CookieWithoutHttpOnly.go:87:10:87:18 | "session" : string | CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:87:10:87:18 | "session" : string | CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie |
| CookieWithoutHttpOnly.go:90:15:90:17 | val : bool | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
| CookieWithoutHttpOnly.go:90:15:90:17 | val : bool | CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:90:15:90:17 | val : bool | CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type | CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type | CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type | CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type | CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:91:20:91:21 | &... |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie |
| CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:99:15:99:19 | false : bool | CookieWithoutHttpOnly.go:100:20:100:21 | &... |
| CookieWithoutHttpOnly.go:99:15:99:19 | false : bool | CookieWithoutHttpOnly.go:100:20:100:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:99:15:99:19 | false : bool | CookieWithoutHttpOnly.go:100:21:100:21 | c : Cookie |
| CookieWithoutHttpOnly.go:100:20:100:21 | &... : pointer type | CookieWithoutHttpOnly.go:100:20:100:21 | &... |
| CookieWithoutHttpOnly.go:100:20:100:21 | &... : pointer type | CookieWithoutHttpOnly.go:100:20:100:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:100:20:100:21 | &... : pointer type | CookieWithoutHttpOnly.go:100:21:100:21 | c : Cookie |
| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:100:20:100:21 | &... |
| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:100:20:100:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:100:21:100:21 | c : Cookie |
| CookieWithoutHttpOnly.go:100:21:100:21 | c : Cookie | CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:104:10:104:18 | "session" : string | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
| CookieWithoutHttpOnly.go:104:10:104:18 | "session" : string | CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:104:10:104:18 | "session" : string | CookieWithoutHttpOnly.go:110:21:110:21 | c : Cookie |
| CookieWithoutHttpOnly.go:109:15:109:19 | false : bool | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
| CookieWithoutHttpOnly.go:109:15:109:19 | false : bool | CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:109:15:109:19 | false : bool | CookieWithoutHttpOnly.go:110:21:110:21 | c : Cookie |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type | CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type | CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type | CookieWithoutHttpOnly.go:110:21:110:21 | c : Cookie |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type | CookieWithoutHttpOnly.go:110:21:110:21 | c : Cookie |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:110:20:110:21 | &... |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:110:21:110:21 | c : Cookie |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:110:21:110:21 | c : Cookie |
| CookieWithoutHttpOnly.go:110:21:110:21 | c : Cookie | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:110:21:110:21 | c : Cookie | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:114:13:114:24 | "login_name" : string | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
| CookieWithoutHttpOnly.go:114:13:114:24 | "login_name" : string | CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:114:13:114:24 | "login_name" : string | CookieWithoutHttpOnly.go:120:21:120:21 | c : Cookie |
| CookieWithoutHttpOnly.go:116:10:116:16 | session : string | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
| CookieWithoutHttpOnly.go:116:10:116:16 | session : string | CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:116:10:116:16 | session : string | CookieWithoutHttpOnly.go:120:21:120:21 | c : Cookie |
| CookieWithoutHttpOnly.go:119:15:119:19 | false : bool | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
| CookieWithoutHttpOnly.go:119:15:119:19 | false : bool | CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:119:15:119:19 | false : bool | CookieWithoutHttpOnly.go:120:21:120:21 | c : Cookie |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type | CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type | CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type | CookieWithoutHttpOnly.go:120:21:120:21 | c : Cookie |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type | CookieWithoutHttpOnly.go:120:21:120:21 | c : Cookie |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:120:20:120:21 | &... |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:120:21:120:21 | c : Cookie |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] : Cookie | CookieWithoutHttpOnly.go:120:21:120:21 | c : Cookie |
| CookieWithoutHttpOnly.go:120:21:120:21 | c : Cookie | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:120:21:120:21 | c : Cookie | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore : pointer type | CookieWithoutHttpOnly.go:126:16:126:20 | store : pointer type |
| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore : pointer type | CookieWithoutHttpOnly.go:134:16:134:20 | store : pointer type |
| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore : pointer type | CookieWithoutHttpOnly.go:146:16:146:20 | store : pointer type |
@@ -123,6 +264,8 @@ edges
| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] : Session |
| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] : Session |
| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] : Session |
| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:142:2:142:8 | session |
| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:142:2:142:8 | session |
| CookieWithoutHttpOnly.go:134:16:134:20 | store : pointer type | CookieWithoutHttpOnly.go:142:2:142:8 | session |
| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] : Session |
| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] : Session |
@@ -146,12 +289,14 @@ edges
| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session |
| CookieWithoutHttpOnly.go:137:21:140:2 | struct literal : Options | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session |
| CookieWithoutHttpOnly.go:137:21:140:2 | struct literal : Options | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session |
| CookieWithoutHttpOnly.go:137:21:140:2 | struct literal : Options | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal : Options |
| CookieWithoutHttpOnly.go:137:21:140:2 | struct literal : Options | CookieWithoutHttpOnly.go:142:2:142:8 | session |
| CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly : bool | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference : Session |
| CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly : bool | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference : Session |
| CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly : bool | CookieWithoutHttpOnly.go:142:2:142:8 | session |
| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] : Session |
| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] : Session |
| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:153:2:153:8 | session |
| CookieWithoutHttpOnly.go:146:16:146:20 | store : pointer type | CookieWithoutHttpOnly.go:153:2:153:8 | session |
| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] : Session |
| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference : Session |
@@ -165,6 +310,7 @@ edges
| CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference : Session |
| CookieWithoutHttpOnly.go:149:21:151:2 | struct literal : Options | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference : Session |
| CookieWithoutHttpOnly.go:149:21:151:2 | struct literal : Options | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference : Session |
| CookieWithoutHttpOnly.go:149:21:151:2 | struct literal : Options | CookieWithoutHttpOnly.go:149:21:151:2 | struct literal : Options |
| CookieWithoutHttpOnly.go:149:21:151:2 | struct literal : Options | CookieWithoutHttpOnly.go:153:2:153:8 | session |
| CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly : bool | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session |
| CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly : bool | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session |
@@ -176,6 +322,8 @@ edges
| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] : Session |
| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] : Session |
| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] : Session |
| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:166:2:166:8 | session |
| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:166:2:166:8 | session |
| CookieWithoutHttpOnly.go:158:16:158:20 | store : pointer type | CookieWithoutHttpOnly.go:166:2:166:8 | session |
| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] : Session |
| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] : Session |
@@ -199,6 +347,7 @@ edges
| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session |
| CookieWithoutHttpOnly.go:161:21:164:2 | struct literal : Options | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session |
| CookieWithoutHttpOnly.go:161:21:164:2 | struct literal : Options | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session |
| CookieWithoutHttpOnly.go:161:21:164:2 | struct literal : Options | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal : Options |
| CookieWithoutHttpOnly.go:161:21:164:2 | struct literal : Options | CookieWithoutHttpOnly.go:166:2:166:8 | session |
| CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly : bool | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference : Session |
| CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly : bool | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference : Session |
@@ -213,6 +362,8 @@ edges
| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] : Session |
| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] : Session |
| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] : Session |
| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:178:2:178:8 | session |
| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] : Session | CookieWithoutHttpOnly.go:178:2:178:8 | session |
| CookieWithoutHttpOnly.go:170:16:170:20 | store : pointer type | CookieWithoutHttpOnly.go:178:2:178:8 | session |
| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] : Session |
| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] : Session |
@@ -236,6 +387,7 @@ edges
| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] : Session | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session |
| CookieWithoutHttpOnly.go:173:21:176:2 | struct literal : Options | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session |
| CookieWithoutHttpOnly.go:173:21:176:2 | struct literal : Options | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session |
| CookieWithoutHttpOnly.go:173:21:176:2 | struct literal : Options | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal : Options |
| CookieWithoutHttpOnly.go:173:21:176:2 | struct literal : Options | CookieWithoutHttpOnly.go:178:2:178:8 | session |
| CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly : bool | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference : Session |
| CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly : bool | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference : Session |
@@ -246,30 +398,48 @@ nodes
| CookieWithoutHttpOnly.go:12:10:12:18 | "session" : string | semmle.label | "session" : string |
| CookieWithoutHttpOnly.go:15:20:15:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:15:20:15:21 | &... : pointer type | semmle.label | &... : pointer type |
| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:15:21:15:21 | c : Cookie | semmle.label | c : Cookie |
| CookieWithoutHttpOnly.go:20:13:20:21 | "session" : string | semmle.label | "session" : string |
| CookieWithoutHttpOnly.go:22:13:22:17 | false : bool | semmle.label | false : bool |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type | semmle.label | &... : pointer type |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... : pointer type | semmle.label | &... : pointer type |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:24:21:24:21 | c : Cookie | semmle.label | c : Cookie |
| CookieWithoutHttpOnly.go:24:21:24:21 | c : Cookie | semmle.label | c : Cookie |
| CookieWithoutHttpOnly.go:29:13:29:21 | "session" : string | semmle.label | "session" : string |
| CookieWithoutHttpOnly.go:31:13:31:16 | true : bool | semmle.label | true : bool |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type | semmle.label | &... : pointer type |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... : pointer type | semmle.label | &... : pointer type |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:33:21:33:21 | c : Cookie | semmle.label | c : Cookie |
| CookieWithoutHttpOnly.go:33:21:33:21 | c : Cookie | semmle.label | c : Cookie |
| CookieWithoutHttpOnly.go:38:10:38:18 | "session" : string | semmle.label | "session" : string |
| CookieWithoutHttpOnly.go:41:15:41:18 | true : bool | semmle.label | true : bool |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type | semmle.label | &... : pointer type |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... : pointer type | semmle.label | &... : pointer type |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:42:21:42:21 | c : Cookie | semmle.label | c : Cookie |
| CookieWithoutHttpOnly.go:42:21:42:21 | c : Cookie | semmle.label | c : Cookie |
| CookieWithoutHttpOnly.go:47:10:47:18 | "session" : string | semmle.label | "session" : string |
| CookieWithoutHttpOnly.go:50:15:50:19 | false : bool | semmle.label | false : bool |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type | semmle.label | &... : pointer type |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... : pointer type | semmle.label | &... : pointer type |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:51:21:51:21 | c : Cookie | semmle.label | c : Cookie |
| CookieWithoutHttpOnly.go:51:21:51:21 | c : Cookie | semmle.label | c : Cookie |
| CookieWithoutHttpOnly.go:55:2:55:4 | definition of val : bool | semmle.label | definition of val : bool |
| CookieWithoutHttpOnly.go:55:9:55:13 | false : bool | semmle.label | false : bool |
| CookieWithoutHttpOnly.go:57:13:57:21 | "session" : string | semmle.label | "session" : string |
@@ -278,6 +448,10 @@ nodes
| CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type | semmle.label | &... : pointer type |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... : pointer type | semmle.label | &... : pointer type |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie | semmle.label | c : Cookie |
| CookieWithoutHttpOnly.go:61:21:61:21 | c : Cookie | semmle.label | c : Cookie |
| CookieWithoutHttpOnly.go:65:2:65:4 | definition of val : bool | semmle.label | definition of val : bool |
| CookieWithoutHttpOnly.go:65:9:65:12 | true : bool | semmle.label | true : bool |
| CookieWithoutHttpOnly.go:67:13:67:21 | "session" : string | semmle.label | "session" : string |
@@ -286,6 +460,10 @@ nodes
| CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type | semmle.label | &... : pointer type |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... : pointer type | semmle.label | &... : pointer type |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie | semmle.label | c : Cookie |
| CookieWithoutHttpOnly.go:71:21:71:21 | c : Cookie | semmle.label | c : Cookie |
| CookieWithoutHttpOnly.go:75:2:75:4 | definition of val : bool | semmle.label | definition of val : bool |
| CookieWithoutHttpOnly.go:75:9:75:12 | true : bool | semmle.label | true : bool |
| CookieWithoutHttpOnly.go:77:10:77:18 | "session" : string | semmle.label | "session" : string |
@@ -294,6 +472,10 @@ nodes
| CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type | semmle.label | &... : pointer type |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... : pointer type | semmle.label | &... : pointer type |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie | semmle.label | c : Cookie |
| CookieWithoutHttpOnly.go:81:21:81:21 | c : Cookie | semmle.label | c : Cookie |
| CookieWithoutHttpOnly.go:85:2:85:4 | definition of val : bool | semmle.label | definition of val : bool |
| CookieWithoutHttpOnly.go:85:9:85:13 | false : bool | semmle.label | false : bool |
| CookieWithoutHttpOnly.go:87:10:87:18 | "session" : string | semmle.label | "session" : string |
@@ -302,15 +484,25 @@ nodes
| CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type | semmle.label | &... : pointer type |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... : pointer type | semmle.label | &... : pointer type |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie | semmle.label | c : Cookie |
| CookieWithoutHttpOnly.go:91:21:91:21 | c : Cookie | semmle.label | c : Cookie |
| CookieWithoutHttpOnly.go:99:15:99:19 | false : bool | semmle.label | false : bool |
| CookieWithoutHttpOnly.go:100:20:100:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:100:20:100:21 | &... : pointer type | semmle.label | &... : pointer type |
| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:100:21:100:21 | c : Cookie | semmle.label | c : Cookie |
| CookieWithoutHttpOnly.go:104:10:104:18 | "session" : string | semmle.label | "session" : string |
| CookieWithoutHttpOnly.go:109:15:109:19 | false : bool | semmle.label | false : bool |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type | semmle.label | &... : pointer type |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... : pointer type | semmle.label | &... : pointer type |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:110:21:110:21 | c : Cookie | semmle.label | c : Cookie |
| CookieWithoutHttpOnly.go:110:21:110:21 | c : Cookie | semmle.label | c : Cookie |
| CookieWithoutHttpOnly.go:114:13:114:24 | "login_name" : string | semmle.label | "login_name" : string |
| CookieWithoutHttpOnly.go:116:10:116:16 | session : string | semmle.label | session : string |
| CookieWithoutHttpOnly.go:119:15:119:19 | false : bool | semmle.label | false : bool |
@@ -318,6 +510,10 @@ nodes
| CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type | semmle.label | &... : pointer type |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... : pointer type | semmle.label | &... : pointer type |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] : Cookie | semmle.label | &... [pointer] : Cookie |
| CookieWithoutHttpOnly.go:120:21:120:21 | c : Cookie | semmle.label | c : Cookie |
| CookieWithoutHttpOnly.go:120:21:120:21 | c : Cookie | semmle.label | c : Cookie |
| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore : pointer type | semmle.label | call to NewCookieStore : pointer type |
| CookieWithoutHttpOnly.go:126:16:126:20 | store : pointer type | semmle.label | store : pointer type |
| CookieWithoutHttpOnly.go:129:2:129:8 | session | semmle.label | session |
@@ -389,6 +585,7 @@ nodes
| CookieWithoutHttpOnly.go:195:16:195:20 | store : pointer type | semmle.label | store : pointer type |
| CookieWithoutHttpOnly.go:202:19:202:25 | session | semmle.label | session |
| CookieWithoutHttpOnly.go:214:66:214:70 | false | semmle.label | false |
subpaths
#select
| CookieWithoutHttpOnly.go:15:20:15:21 | &... | CookieWithoutHttpOnly.go:12:10:12:18 | "session" : string | CookieWithoutHttpOnly.go:15:20:15:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |
| CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:22:13:22:17 | false : bool | CookieWithoutHttpOnly.go:24:20:24:21 | &... | Cookie attribute 'HttpOnly' is not set to true. |

1
ql/test/experimental/CWE-369/DivideByZero.expected
View File

@@ -22,6 +22,7 @@ nodes
| DivideByZero.go:54:12:54:16 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
| DivideByZero.go:55:11:55:24 | type conversion : uint8 | semmle.label | type conversion : uint8 |
| DivideByZero.go:57:17:57:21 | value | semmle.label | value |
subpaths
#select
| DivideByZero.go:12:16:12:20 | value | DivideByZero.go:10:12:10:16 | selection of URL : pointer type | DivideByZero.go:12:16:12:20 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:12:16:12:20 | value | value |
| DivideByZero.go:19:16:19:20 | value | DivideByZero.go:17:12:17:16 | selection of URL : pointer type | DivideByZero.go:19:16:19:20 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:19:16:19:20 | value | value |

1
ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.expected
View File

@@ -294,6 +294,7 @@ nodes
| HTMLTemplateEscapingPassthrough.go:91:38:91:46 | converted | semmle.label | converted |
| HTMLTemplateEscapingPassthrough.go:91:38:91:46 | converted | semmle.label | converted |
| HTMLTemplateEscapingPassthrough.go:91:38:91:46 | converted | semmle.label | converted |
subpaths
#select
| HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a | HTMLTemplateEscapingPassthrough.go:28:26:28:40 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:29:39:29:39 | a | Data from an $@ will not be auto-escaped because it was $@ to template.HTML | HTMLTemplateEscapingPassthrough.go:28:26:28:40 | call to UserAgent | untrusted source | HTMLTemplateEscapingPassthrough.go:28:12:28:41 | type conversion | converted |
| HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a | HTMLTemplateEscapingPassthrough.go:34:23:34:37 | call to UserAgent : string | HTMLTemplateEscapingPassthrough.go:35:40:35:40 | a | Data from an $@ will not be auto-escaped because it was $@ to template.HTML | HTMLTemplateEscapingPassthrough.go:34:23:34:37 | call to UserAgent | untrusted source | HTMLTemplateEscapingPassthrough.go:34:9:34:38 | type conversion | converted |

1
ql/test/experimental/CWE-918/SSRF.expected
View File

@@ -53,6 +53,7 @@ nodes
| new-tests.go:88:11:88:46 | ...+... | semmle.label | ...+... |
| new-tests.go:95:18:95:45 | call to URLParam : string | semmle.label | call to URLParam : string |
| new-tests.go:96:11:96:46 | ...+... | semmle.label | ...+... |
subpaths
#select
| builtin.go:22:12:22:63 | call to Get | builtin.go:19:12:19:34 | call to FormValue : string | builtin.go:22:21:22:62 | ...+... | The URL of this request depends on a user-provided value |
| builtin.go:88:12:88:53 | call to Dial | builtin.go:83:21:83:31 | call to Referer : string | builtin.go:88:27:88:40 | untrustedInput | The URL of this request depends on a user-provided value |

1
ql/test/experimental/Unsafe/WrongUsageOfUnsafe.expected
View File

@@ -47,6 +47,7 @@ nodes
| WrongUsageOfUnsafe.go:274:25:274:49 | type conversion : unsafe.Pointer | semmle.label | type conversion : unsafe.Pointer |
| WrongUsageOfUnsafe.go:292:16:292:48 | type conversion | semmle.label | type conversion |
| WrongUsageOfUnsafe.go:292:23:292:47 | type conversion : unsafe.Pointer | semmle.label | type conversion : unsafe.Pointer |
subpaths
#select
| WrongUsageOfUnsafe.go:77:16:77:55 | type conversion | WrongUsageOfUnsafe.go:77:27:77:54 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:77:16:77:55 | type conversion | $@. | WrongUsageOfUnsafe.go:77:27:77:54 | type conversion | Dangerous array type casting to [8]uint8 from an index expression ([8]uint8)[2] (the destination type is 2 elements longer) |
| WrongUsageOfUnsafe.go:111:16:111:59 | type conversion | WrongUsageOfUnsafe.go:111:31:111:58 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:111:16:111:59 | type conversion | $@. | WrongUsageOfUnsafe.go:111:31:111:58 | type conversion | Dangerous array type casting to [17]uint8 from an index expression ([8]uint8)[0] (the destination type is 9 elements longer) |

1
ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected
View File

@@ -34,6 +34,7 @@ nodes
| test.go:178:14:178:21 | password | semmle.label | password |
| test.go:179:17:179:24 | password | semmle.label | password |
| test.go:180:16:180:23 | password | semmle.label | password |
subpaths
#select
| test.go:147:14:147:21 | password | test.go:147:14:147:21 | password | test.go:147:14:147:21 | password | Sensitive data returned by $@ is logged here. | test.go:147:14:147:21 | password | an access to password |
| test.go:148:17:148:24 | password | test.go:148:17:148:24 | password | test.go:148:17:148:24 | password | Sensitive data returned by $@ is logged here. | test.go:148:17:148:24 | password | an access to password |

1
ql/test/library-tests/semmle/go/frameworks/Beego/OpenRedirect.expected
View File

@@ -6,6 +6,7 @@ nodes
| test.go:310:13:310:27 | call to URI | semmle.label | call to URI |
| test.go:311:20:311:34 | call to URL | semmle.label | call to URL |
| test.go:311:20:311:34 | call to URL | semmle.label | call to URL |
subpaths
#select
| test.go:246:13:246:34 | call to GetString | test.go:246:13:246:34 | call to GetString | test.go:246:13:246:34 | call to GetString | Untrusted URL redirection due to $@. | test.go:246:13:246:34 | call to GetString | user-provided value |
| test.go:247:20:247:41 | call to GetString | test.go:247:20:247:41 | call to GetString | test.go:247:20:247:41 | call to GetString | Untrusted URL redirection due to $@. | test.go:247:20:247:41 | call to GetString | user-provided value |

1
ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected
View File

@@ -189,6 +189,7 @@ nodes
| test.go:302:15:302:36 | call to GetString : string | semmle.label | call to GetString : string |
| test.go:304:21:304:48 | type assertion | semmle.label | type assertion |
| test.go:305:21:305:52 | type assertion | semmle.label | type assertion |
subpaths
#select
| test.go:28:13:28:30 | type conversion | test.go:26:6:26:10 | definition of bound : bindMe | test.go:28:13:28:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:26:6:26:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:29:13:29:27 | type conversion | test.go:26:6:26:10 | definition of bound : bindMe | test.go:29:13:29:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:26:6:26:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | |

1
ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected
View File

@@ -7,6 +7,7 @@ nodes
| test.go:209:18:209:26 | untrusted | semmle.label | untrusted |
| test.go:210:10:210:18 | untrusted | semmle.label | untrusted |
| test.go:211:35:211:43 | untrusted | semmle.label | untrusted |
subpaths
#select
| test.go:209:18:209:26 | untrusted | test.go:208:15:208:26 | call to Data : map type | test.go:209:18:209:26 | untrusted | This path depends on $@. | test.go:208:15:208:26 | call to Data | a user-provided value |
| test.go:210:10:210:18 | untrusted | test.go:208:15:208:26 | call to Data : map type | test.go:210:10:210:18 | untrusted | This path depends on $@. | test.go:208:15:208:26 | call to Data | a user-provided value |

1
ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected
View File

@@ -69,6 +69,7 @@ nodes
| test.go:56:31:56:39 | untrusted | semmle.label | untrusted |
| test.go:60:15:60:41 | call to UserAgent : string | semmle.label | call to UserAgent : string |
| test.go:62:19:62:27 | untrusted | semmle.label | untrusted |
subpaths
#select
| test.go:12:11:12:19 | untrusted | test.go:10:15:10:41 | call to UserAgent : string | test.go:12:11:12:19 | untrusted | This query depends on $@. | test.go:10:15:10:41 | call to UserAgent | a user-provided value |
| test.go:13:23:13:31 | untrusted | test.go:10:15:10:41 | call to UserAgent : string | test.go:13:23:13:31 | untrusted | This query depends on $@. | test.go:10:15:10:41 | call to UserAgent | a user-provided value |

1
ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected
View File

@@ -84,6 +84,7 @@ nodes
| test.go:158:13:158:28 | type conversion | semmle.label | type conversion |
| test.go:161:15:161:24 | &... : pointer type | semmle.label | &... : pointer type |
| test.go:162:13:162:32 | type conversion | semmle.label | type conversion |
subpaths
#select
| test.go:78:13:78:29 | type conversion | test.go:77:13:77:16 | &... : pointer type | test.go:78:13:78:29 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:77:13:77:16 | &... | stored value |
| test.go:79:13:79:43 | type conversion | test.go:77:13:77:16 | &... : pointer type | test.go:79:13:79:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:77:13:77:16 | &... | stored value |

1
ql/test/library-tests/semmle/go/frameworks/Chi/ReflectedXss.expected
View File

@@ -22,6 +22,7 @@ nodes
| test.go:23:18:23:60 | call to URLParamFromCtx : string | semmle.label | call to URLParamFromCtx : string |
| test.go:24:11:24:72 | type conversion | semmle.label | type conversion |
| test.go:24:18:24:71 | call to URLParam : string | semmle.label | call to URLParam : string |
subpaths
#select
| test.go:21:11:21:24 | type conversion | test.go:13:12:13:16 | selection of URL : pointer type | test.go:21:11:21:24 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:13:12:13:16 | selection of URL | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:22:11:22:46 | type conversion | test.go:22:18:22:45 | call to URLParam : string | test.go:22:11:22:46 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:22:18:22:45 | call to URLParam | user-provided value | test.go:0:0:0:0 | test.go | |

1
ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected
View File

@@ -14,6 +14,7 @@ nodes
| test.go:188:10:188:26 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
| test.go:191:21:191:32 | call to String | semmle.label | call to String |
| test.go:191:21:191:32 | call to String | semmle.label | call to String |
subpaths
#select
| test.go:171:20:171:24 | param | test.go:170:11:170:32 | call to Param : string | test.go:171:20:171:24 | param | Untrusted URL redirection due to $@. | test.go:170:11:170:32 | call to Param | user-provided value |
| test.go:180:20:180:28 | ...+... | test.go:176:11:176:32 | call to Param : string | test.go:180:20:180:28 | ...+... | Untrusted URL redirection due to $@. | test.go:176:11:176:32 | call to Param | user-provided value |

1
ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected
View File

@@ -73,6 +73,7 @@ nodes
| test.go:148:31:148:36 | reader | semmle.label | reader |
| test.go:162:11:162:32 | call to Param : string | semmle.label | call to Param : string |
| test.go:163:23:163:35 | type conversion | semmle.label | type conversion |
subpaths
#select
| test.go:14:16:14:20 | param | test.go:13:11:13:32 | call to Param : string | test.go:14:16:14:20 | param | Cross-site scripting vulnerability due to $@. | test.go:13:11:13:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:20:16:20:20 | param | test.go:19:11:19:27 | call to ParamValues : slice type | test.go:20:16:20:20 | param | Cross-site scripting vulnerability due to $@. | test.go:19:11:19:27 | call to ParamValues | user-provided value | test.go:0:0:0:0 | test.go | |

1
ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected
View File

@@ -9,5 +9,6 @@ nodes
| EndToEnd.go:94:20:94:27 | implicit dereference : Params | semmle.label | implicit dereference : Params |
| EndToEnd.go:94:20:94:27 | selection of Params : pointer type | semmle.label | selection of Params : pointer type |
| EndToEnd.go:94:20:94:49 | call to Get | semmle.label | call to Get |
subpaths
#select
| EndToEnd.go:94:20:94:49 | call to Get | EndToEnd.go:94:20:94:27 | selection of Params : pointer type | EndToEnd.go:94:20:94:49 | call to Get | Untrusted URL redirection due to $@. | EndToEnd.go:94:20:94:27 | selection of Params | user-provided value |

1
ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected
View File

@@ -45,6 +45,7 @@ nodes
| examples/booking/app/init.go:40:49:40:53 | implicit dereference : URL | semmle.label | implicit dereference : URL |
| examples/booking/app/init.go:40:49:40:53 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
| examples/booking/app/init.go:40:49:40:58 | selection of Path | semmle.label | selection of Path |
subpaths
#select
| EndToEnd.go:37:24:37:26 | buf | EndToEnd.go:36:18:36:25 | selection of Params : pointer type | EndToEnd.go:37:24:37:26 | buf | Cross-site scripting vulnerability due to $@. | EndToEnd.go:36:18:36:25 | selection of Params | user-provided value | EndToEnd.go:0:0:0:0 | EndToEnd.go | |
| EndToEnd.go:69:22:69:51 | call to Get | EndToEnd.go:69:22:69:29 | selection of Params : pointer type | EndToEnd.go:69:22:69:51 | call to Get | Cross-site scripting vulnerability due to $@. | EndToEnd.go:69:22:69:29 | selection of Params | user-provided value | EndToEnd.go:0:0:0:0 | EndToEnd.go | |

1
ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected
View File

@@ -18,6 +18,7 @@ nodes
| EndToEnd.go:64:26:64:33 | implicit dereference : Params | semmle.label | implicit dereference : Params |
| EndToEnd.go:64:26:64:33 | selection of Params : pointer type | semmle.label | selection of Params : pointer type |
| EndToEnd.go:64:26:64:55 | call to Get | semmle.label | call to Get |
subpaths
#select
| EndToEnd.go:58:18:58:47 | call to Get | EndToEnd.go:58:18:58:25 | selection of Params : pointer type | EndToEnd.go:58:18:58:47 | call to Get | This path depends on $@. | EndToEnd.go:58:18:58:25 | selection of Params | a user-provided value |
| EndToEnd.go:64:26:64:55 | call to Get | EndToEnd.go:64:26:64:33 | selection of Params : pointer type | EndToEnd.go:64:26:64:55 | call to Get | This path depends on $@. | EndToEnd.go:64:26:64:33 | selection of Params | a user-provided value |

1
ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected
View File

@@ -52,6 +52,7 @@ nodes
| test.go:35:15:35:30 | call to Text | semmle.label | call to Text |
| test.go:36:15:36:44 | type conversion | semmle.label | type conversion |
| test.go:36:22:36:38 | call to Token : Token | semmle.label | call to Token : Token |
subpaths
#select
| test.go:14:15:14:55 | type conversion | test.go:10:2:10:42 | ... := ...[0] : pointer type | test.go:14:15:14:55 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:10:2:10:42 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:17:15:17:31 | type conversion | test.go:16:24:16:35 | selection of Body : ReadCloser | test.go:17:15:17:31 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:16:24:16:35 | selection of Body | user-provided value | test.go:0:0:0:0 | test.go | |

1
ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/IncompleteHostnameRegexp.expected
View File

@@ -5,6 +5,7 @@ nodes
| IncompleteHostnameRegexp.go:12:38:12:39 | re | semmle.label | re |
| main.go:39:60:39:79 | "^test2.github.com$" | semmle.label | "^test2.github.com$" |
| main.go:44:15:44:39 | `https://www.example.com` | semmle.label | `https://www.example.com` |
subpaths
#select
| IncompleteHostnameRegexp.go:11:8:11:36 | "^((www\|beta).)?example.com/" : string | IncompleteHostnameRegexp.go:11:8:11:36 | "^((www\|beta).)?example.com/" : string | IncompleteHostnameRegexp.go:12:38:12:39 | re | This regular expression has an unescaped dot before ')?example.com', so it might match more hosts than expected when used $@. | IncompleteHostnameRegexp.go:12:38:12:39 | re | here |
| main.go:39:60:39:79 | "^test2.github.com$" | main.go:39:60:39:79 | "^test2.github.com$" | main.go:39:60:39:79 | "^test2.github.com$" | This regular expression has an unescaped dot before 'github.com', so it might match more hosts than expected when used $@. | main.go:39:60:39:79 | "^test2.github.com$" | here |

1
ql/test/query-tests/Security/CWE-020/SuspiciousCharacterInRegexp/SuspiciousCharacterInRegexp.expected
View File

@@ -11,6 +11,7 @@ nodes
| test.go:21:21:21:36 | "hello\\\\\\aworld" | semmle.label | "hello\\\\\\aworld" |
| test.go:22:21:22:34 | "hello\\bworld" | semmle.label | "hello\\bworld" |
| test.go:23:21:23:36 | "hello\\\\\\bworld" | semmle.label | "hello\\\\\\bworld" |
subpaths
#select
| SuspiciousCharacterInRegexp.go:6:34:6:55 | "\\bforbidden.host.org" | SuspiciousCharacterInRegexp.go:6:34:6:55 | "\\bforbidden.host.org" | SuspiciousCharacterInRegexp.go:6:34:6:55 | "\\bforbidden.host.org" | $@ used $@ contains a literal backspace \\b; did you mean \\\\b, a word boundary? | SuspiciousCharacterInRegexp.go:6:34:6:55 | "\\bforbidden.host.org" | A regular expression | SuspiciousCharacterInRegexp.go:6:34:6:55 | "\\bforbidden.host.org" | here |
| test.go:7:21:7:24 | "\\a" | test.go:7:21:7:24 | "\\a" | test.go:7:21:7:24 | "\\a" | $@ used $@ contains the bell character \\a; did you mean \\\\a, the Vim alphabetic character class (use [[:alpha:]] instead) or \\\\A, the beginning of text? | test.go:7:21:7:24 | "\\a" | A regular expression | test.go:7:21:7:24 | "\\a" | here |

1
ql/test/query-tests/Security/CWE-022/TaintedPath.expected
View File

@@ -12,6 +12,7 @@ nodes
| tst.go:14:2:14:39 | ... := ...[1] : pointer type | semmle.label | ... := ...[1] : pointer type |
| tst.go:17:41:17:47 | implicit dereference : FileHeader | semmle.label | implicit dereference : FileHeader |
| tst.go:17:41:17:56 | selection of Filename | semmle.label | selection of Filename |
subpaths
#select
| TaintedPath.go:13:29:13:32 | path | TaintedPath.go:10:10:10:14 | selection of URL : pointer type | TaintedPath.go:13:29:13:32 | path | This path depends on $@. | TaintedPath.go:10:10:10:14 | selection of URL | a user-provided value |
| TaintedPath.go:17:28:17:61 | call to Join | TaintedPath.go:10:10:10:14 | selection of URL : pointer type | TaintedPath.go:17:28:17:61 | call to Join | This path depends on $@. | TaintedPath.go:10:10:10:14 | selection of URL | a user-provided value |

1
ql/test/query-tests/Security/CWE-022/UnsafeUnzipSymlink.expected
View File

@@ -13,6 +13,7 @@ nodes
| UnsafeUnzipSymlink.go:112:23:112:30 | fileName | semmle.label | fileName |
| UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname : string | semmle.label | selection of Linkname : string |
| UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name : string | semmle.label | selection of Name : string |
subpaths
#select
| UnsafeUnzipSymlink.go:31:15:31:29 | selection of Linkname | UnsafeUnzipSymlink.go:31:15:31:29 | selection of Linkname | UnsafeUnzipSymlink.go:31:15:31:29 | selection of Linkname | Unresolved path from an archive header, which may point outside the archive root, is used in $@. | UnsafeUnzipSymlink.go:31:15:31:29 | selection of Linkname | symlink creation |
| UnsafeUnzipSymlink.go:31:32:31:42 | selection of Name | UnsafeUnzipSymlink.go:31:32:31:42 | selection of Name | UnsafeUnzipSymlink.go:31:32:31:42 | selection of Name | Unresolved path from an archive header, which may point outside the archive root, is used in $@. | UnsafeUnzipSymlink.go:31:32:31:42 | selection of Name | symlink creation |

1
ql/test/query-tests/Security/CWE-022/ZipSlip.expected
View File

@@ -51,6 +51,7 @@ nodes
| tst.go:24:11:24:11 | implicit dereference : File | semmle.label | implicit dereference : File |
| tst.go:24:11:24:11 | implicit read of field FileHeader : FileHeader | semmle.label | implicit read of field FileHeader : FileHeader |
| tst.go:29:20:29:23 | path | semmle.label | path |
subpaths
#select
| UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] : pointer type | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | Unsanitized archive entry, which may contain '..', is used in a $@. | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | file system operation |
| ZipSlip.go:11:2:15:2 | range statement[1] | ZipSlip.go:11:2:15:2 | range statement[1] : pointer type | ZipSlip.go:14:20:14:20 | p | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.go:14:20:14:20 | p | file system operation |

1
ql/test/query-tests/Security/CWE-078/CommandInjection.expected
View File

@@ -48,6 +48,7 @@ nodes
| SanitizingDoubleDash.go:144:24:144:31 | arrayLit | semmle.label | arrayLit |
| SanitizingDoubleDash.go:148:30:148:36 | tainted | semmle.label | tainted |
| SanitizingDoubleDash.go:152:24:152:30 | tainted | semmle.label | tainted |
subpaths
#select
| CommandInjection.go:10:22:10:28 | cmdName | CommandInjection.go:9:13:9:19 | selection of URL : pointer type | CommandInjection.go:10:22:10:28 | cmdName | This command depends on $@. | CommandInjection.go:9:13:9:19 | selection of URL | a user-provided value |
| GitSubcommands.go:12:31:12:37 | tainted | GitSubcommands.go:10:13:10:19 | selection of URL : pointer type | GitSubcommands.go:12:31:12:37 | tainted | This command depends on $@. | GitSubcommands.go:10:13:10:19 | selection of URL | a user-provided value |

1
ql/test/query-tests/Security/CWE-078/StoredCommand.expected
View File

@@ -3,5 +3,6 @@ edges
nodes
| StoredCommand.go:11:2:11:27 | ... := ...[0] : pointer type | semmle.label | ... := ...[0] : pointer type |
| StoredCommand.go:14:22:14:28 | cmdName | semmle.label | cmdName |
subpaths
#select
| StoredCommand.go:14:22:14:28 | cmdName | StoredCommand.go:11:2:11:27 | ... := ...[0] : pointer type | StoredCommand.go:14:22:14:28 | cmdName | This command depends on $@. | StoredCommand.go:11:2:11:27 | ... := ...[0] | a stored value |

1
ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
View File

@@ -66,6 +66,7 @@ nodes
| websocketXss.go:52:24:52:31 | gorilla2 | semmle.label | gorilla2 |
| websocketXss.go:54:3:54:38 | ... := ...[1] : slice type | semmle.label | ... := ...[1] : slice type |
| websocketXss.go:55:24:55:31 | gorilla3 | semmle.label | gorilla3 |
subpaths
#select
| ReflectedXss.go:14:44:14:51 | username | ReflectedXss.go:11:15:11:20 | selection of Form : Values | ReflectedXss.go:14:44:14:51 | username | Cross-site scripting vulnerability due to $@. | ReflectedXss.go:11:15:11:20 | selection of Form | user-provided value | ReflectedXss.go:0:0:0:0 | ReflectedXss.go | |
| contenttype.go:17:11:17:22 | type conversion | contenttype.go:11:11:11:16 | selection of Form : Values | contenttype.go:17:11:17:22 | type conversion | Cross-site scripting vulnerability due to $@. | contenttype.go:11:11:11:16 | selection of Form | user-provided value | contenttype.go:0:0:0:0 | contenttype.go | |

1
ql/test/query-tests/Security/CWE-079/StoredXss.expected
View File

@@ -9,6 +9,7 @@ nodes
| stored.go:30:22:30:25 | name | semmle.label | name |
| stored.go:59:30:59:33 | definition of path : string | semmle.label | definition of path : string |
| stored.go:61:22:61:25 | path | semmle.label | path |
subpaths
#select
| StoredXss.go:13:21:13:36 | ...+... | StoredXss.go:13:21:13:31 | call to Name : string | StoredXss.go:13:21:13:36 | ...+... | Stored cross-site scripting vulnerability due to $@. | StoredXss.go:13:21:13:31 | call to Name | stored value |
| stored.go:30:22:30:25 | name | stored.go:18:3:18:28 | ... := ...[0] : pointer type | stored.go:30:22:30:25 | name | Stored cross-site scripting vulnerability due to $@. | stored.go:18:3:18:28 | ... := ...[0] | stored value |

1
ql/test/query-tests/Security/CWE-089/SqlInjection.expected
View File

@@ -121,6 +121,7 @@ nodes
| mongoDB.go:79:23:79:28 | filter | semmle.label | filter |
| mongoDB.go:80:22:80:27 | filter | semmle.label | filter |
| mongoDB.go:81:18:81:25 | pipeline | semmle.label | pipeline |
subpaths
#select
| SqlInjection.go:12:11:12:11 | q | SqlInjection.go:11:3:11:9 | selection of URL : pointer type | SqlInjection.go:12:11:12:11 | q | This query depends on $@. | SqlInjection.go:11:3:11:9 | selection of URL | a user-provided value |
| issue48.go:22:11:22:12 | q3 | issue48.go:17:25:17:32 | selection of Body : ReadCloser | issue48.go:22:11:22:12 | q3 | This query depends on $@. | issue48.go:17:25:17:32 | selection of Body | a user-provided value |

1
ql/test/query-tests/Security/CWE-089/StringBreak.expected
View File

@@ -3,5 +3,6 @@ edges
nodes
| StringBreak.go:10:2:10:40 | ... := ...[0] : slice type | semmle.label | ... := ...[0] : slice type |
| StringBreak.go:14:47:14:57 | versionJSON | semmle.label | versionJSON |
subpaths
#select
| StringBreak.go:14:47:14:57 | versionJSON | StringBreak.go:10:2:10:40 | ... := ...[0] : slice type | StringBreak.go:14:47:14:57 | versionJSON | If this $@ contains a single quote, it could break out of the enclosing quotes. | StringBreak.go:10:2:10:40 | ... := ...[0] | JSON value |

1
ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected
View File

@@ -28,6 +28,7 @@ nodes
| tst.go:27:26:27:38 | call to len | semmle.label | call to len |
| tst.go:34:2:34:30 | ... = ...[0] : slice type | semmle.label | ... = ...[0] : slice type |
| tst.go:35:22:35:34 | call to len | semmle.label | call to len |
subpaths
#select
| AllocationSizeOverflow.go:10:10:10:22 | call to len | AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] : slice type | AllocationSizeOverflow.go:10:10:10:22 | call to len | This operation, which is used in an $@, involves a potentially large $@ and might overflow. | AllocationSizeOverflow.go:11:25:11:28 | size | allocation | AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] : slice type | value |
| tst2.go:10:22:10:30 | call to len | tst2.go:9:2:9:37 | ... := ...[0] : slice type | tst2.go:10:22:10:30 | call to len | This operation, which is used in an $@, involves a potentially large $@ and might overflow. | tst2.go:10:22:10:32 | ...+... | allocation | tst2.go:9:2:9:37 | ... := ...[0] : slice type | value |

1
ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected
View File

@@ -3,5 +3,6 @@ edges
nodes
| test.go:14:2:14:4 | definition of buf : slice type | semmle.label | definition of buf : slice type |
| test.go:17:10:17:12 | buf | semmle.label | buf |
subpaths
#select
| test.go:14:2:14:4 | definition of buf | test.go:14:2:14:4 | definition of buf : slice type | test.go:17:10:17:12 | buf | This stack trace is exposed to a remote user $@. | test.go:17:10:17:12 | buf | here |

1
ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
View File

@@ -78,6 +78,7 @@ nodes
| passwords.go:127:14:127:19 | config [y] : string | semmle.label | config [y] : string |
| passwords.go:127:14:127:21 | selection of y | semmle.label | selection of y |
| util.go:16:9:16:18 | selection of password : string | semmle.label | selection of password : string |
subpaths
#select
| klog.go:22:15:22:20 | header | klog.go:20:30:20:37 | selection of Header : Header | klog.go:22:15:22:20 | header | Sensitive data returned by $@ is logged here. | klog.go:20:30:20:37 | selection of Header | HTTP request headers |
| klog.go:28:13:28:41 | call to Get | klog.go:28:13:28:20 | selection of Header : Header | klog.go:28:13:28:41 | call to Get | Sensitive data returned by $@ is logged here. | klog.go:28:13:28:20 | selection of Header | HTTP request headers |

1
ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.expected
View File

@@ -42,6 +42,7 @@ nodes
| InsecureHostKeyCallbackExample.go:117:35:117:59 | potentiallySecureCallback : signature type | semmle.label | potentiallySecureCallback : signature type |
| InsecureHostKeyCallbackExample.go:118:35:118:61 | call to InsecureIgnoreHostKey : HostKeyCallback | semmle.label | call to InsecureIgnoreHostKey : HostKeyCallback |
| InsecureHostKeyCallbackExample.go:120:44:120:68 | potentiallySecureCallback : signature type | semmle.label | potentiallySecureCallback : signature type |
subpaths
#select
| InsecureHostKeyCallbackExample.go:15:20:18:5 | type conversion | InsecureHostKeyCallbackExample.go:16:4:18:4 | function literal : signature type | InsecureHostKeyCallbackExample.go:15:20:18:5 | type conversion | Configuring SSH ClientConfig with insecure HostKeyCallback implementation from $@. | InsecureHostKeyCallbackExample.go:16:4:18:4 | function literal | this source |
| InsecureHostKeyCallbackExample.go:26:20:26:46 | call to InsecureIgnoreHostKey | InsecureHostKeyCallbackExample.go:26:20:26:46 | call to InsecureIgnoreHostKey | InsecureHostKeyCallbackExample.go:26:20:26:46 | call to InsecureIgnoreHostKey | Configuring SSH ClientConfig with insecure HostKeyCallback implementation from $@. | InsecureHostKeyCallbackExample.go:26:20:26:46 | call to InsecureIgnoreHostKey | this source |

1
ql/test/query-tests/Security/CWE-326/InsufficientKeySize.expected
View File

@@ -18,6 +18,7 @@ nodes
| InsufficientKeySize.go:47:32:47:38 | keyBits | semmle.label | keyBits |
| InsufficientKeySize.go:61:21:61:24 | 1024 : int | semmle.label | 1024 : int |
| InsufficientKeySize.go:67:31:67:37 | keyBits | semmle.label | keyBits |
subpaths
#select
| InsufficientKeySize.go:9:31:9:34 | 1024 | InsufficientKeySize.go:9:31:9:34 | 1024 | InsufficientKeySize.go:9:31:9:34 | 1024 | The size of this RSA key should be at least 2048 bits. |
| InsufficientKeySize.go:14:31:14:34 | size | InsufficientKeySize.go:13:10:13:13 | 1024 : int | InsufficientKeySize.go:14:31:14:34 | size | The size of this RSA key should be at least 2048 bits. |

1
ql/test/query-tests/Security/CWE-327/UnsafeTLS.expected
View File

@@ -136,6 +136,7 @@ nodes
| UnsafeTLS.go:450:6:450:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 |
| UnsafeTLS.go:456:19:458:5 | slice literal | semmle.label | slice literal |
| UnsafeTLS.go:457:6:457:48 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : uint16 |
subpaths
#select
| UnsafeTLS.go:21:23:21:23 | 0 | UnsafeTLS.go:21:23:21:23 | 0 | UnsafeTLS.go:21:23:21:23 | 0 | Using lowest TLS version for MinVersion. |
| UnsafeTLS.go:30:16:30:16 | 0 | UnsafeTLS.go:30:16:30:16 | 0 | UnsafeTLS.go:30:16:30:16 | 0 | Using lowest TLS version for MinVersion. |

1
ql/test/query-tests/Security/CWE-327/WeakCryptoAlgorithm.expected
View File

@@ -9,6 +9,7 @@ nodes
| Crypto.go:22:10:22:12 | buf | semmle.label | buf |
| Crypto.go:25:16:25:18 | buf | semmle.label | buf |
| Crypto.go:28:11:28:13 | buf | semmle.label | buf |
subpaths
#select
| Crypto.go:19:25:19:27 | buf | Crypto.go:16:9:16:16 | password : slice type | Crypto.go:19:25:19:27 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:16:9:16:16 | password | Sensitive data |
| Crypto.go:22:10:22:12 | buf | Crypto.go:16:9:16:16 | password : slice type | Crypto.go:22:10:22:12 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:16:9:16:16 | password | Sensitive data |

1
ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected
View File

@@ -18,6 +18,7 @@ nodes
| sample.go:45:17:45:39 | call to Intn | semmle.label | call to Intn |
| sample.go:46:17:46:39 | call to Intn | semmle.label | call to Intn |
| sample.go:47:17:47:39 | call to Intn | semmle.label | call to Intn |
subpaths
#select
| InsecureRandomness.go:12:18:12:40 | call to Intn | InsecureRandomness.go:12:18:12:40 | call to Intn | InsecureRandomness.go:12:18:12:40 | call to Intn | $@ generated with a cryptographically weak RNG is used in $@. | InsecureRandomness.go:12:18:12:40 | call to Intn | A random number | InsecureRandomness.go:12:18:12:40 | call to Intn | a password-related function |
| sample.go:26:25:26:30 | call to Guid | sample.go:15:49:15:61 | call to Uint32 : uint32 | sample.go:26:25:26:30 | call to Guid | $@ generated with a cryptographically weak RNG is used in $@. | sample.go:15:49:15:61 | call to Uint32 | A random number | sample.go:26:25:26:30 | call to Guid | this cryptographic algorithm |

1
ql/test/query-tests/Security/CWE-352/ConstantOauth2State.expected
View File

@@ -52,6 +52,7 @@ nodes
| ConstantOauth2State.go:272:17:272:21 | "oob" : string | semmle.label | "oob" : string |
| ConstantOauth2State.go:282:9:282:12 | conf | semmle.label | conf |
| ConstantOauth2State.go:282:26:282:41 | stateStringConst | semmle.label | stateStringConst |
subpaths
#select
| ConstantOauth2State.go:35:26:35:32 | "state" | ConstantOauth2State.go:35:26:35:32 | "state" | ConstantOauth2State.go:35:26:35:32 | "state" | Using a constant $@ to create oauth2 URLs. | ConstantOauth2State.go:35:26:35:32 | "state" | state string |
| ConstantOauth2State.go:50:26:50:41 | stateStringConst | ConstantOauth2State.go:20:26:20:32 | "state" : string literal | ConstantOauth2State.go:50:26:50:41 | stateStringConst | Using a constant $@ to create oauth2 URLs. | ConstantOauth2State.go:20:26:20:32 | "state" | state string |

11
ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected
View File

@@ -1,19 +1,25 @@
edges
| BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir : string | BadRedirectCheck.go:5:10:5:14 | redir : string |
| BadRedirectCheck.go:3:18:3:22 | definition of redir : string | BadRedirectCheck.go:5:10:5:14 | redir : string |
| BadRedirectCheck.go:5:10:5:14 | redir : string | main.go:11:25:11:45 | call to sanitizeUrl |
| cves.go:14:23:14:25 | argument corresponding to url : string | cves.go:16:26:16:28 | url |
| cves.go:33:14:33:34 | call to Get : string | cves.go:37:25:37:32 | redirect |
| cves.go:41:14:41:34 | call to Get : string | cves.go:45:25:45:32 | redirect |
| main.go:10:18:10:25 | argument corresponding to redirect : string | main.go:11:37:11:44 | redirect : string |
| main.go:11:37:11:44 | redirect : string | BadRedirectCheck.go:3:18:3:22 | definition of redir : string |
| main.go:11:37:11:44 | redirect : string | main.go:11:25:11:45 | call to sanitizeUrl |
| main.go:32:24:32:26 | argument corresponding to url : string | main.go:34:26:34:28 | url |
| main.go:68:17:68:24 | argument corresponding to redirect : string | main.go:73:9:73:28 | call to Clean : string |
| main.go:68:17:68:24 | definition of redirect : string | main.go:73:9:73:28 | call to Clean : string |
| main.go:73:9:73:28 | call to Clean : string | main.go:77:25:77:39 | call to getTarget1 |
| main.go:76:19:76:21 | argument corresponding to url : string | main.go:77:36:77:38 | url : string |
| main.go:77:36:77:38 | url : string | main.go:68:17:68:24 | definition of redirect : string |
| main.go:77:36:77:38 | url : string | main.go:77:25:77:39 | call to getTarget1 |
| main.go:87:9:87:14 | selection of Path : string | main.go:91:25:91:39 | call to getTarget2 |
nodes
| BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir : string | semmle.label | argument corresponding to redir : string |
| BadRedirectCheck.go:3:18:3:22 | definition of redir : string | semmle.label | definition of redir : string |
| BadRedirectCheck.go:5:10:5:14 | redir : string | semmle.label | redir : string |
| BadRedirectCheck.go:5:10:5:14 | redir : string | semmle.label | redir : string |
| cves.go:14:23:14:25 | argument corresponding to url : string | semmle.label | argument corresponding to url : string |
| cves.go:16:26:16:28 | url | semmle.label | url |
@@ -27,12 +33,17 @@ nodes
| main.go:32:24:32:26 | argument corresponding to url : string | semmle.label | argument corresponding to url : string |
| main.go:34:26:34:28 | url | semmle.label | url |
| main.go:68:17:68:24 | argument corresponding to redirect : string | semmle.label | argument corresponding to redirect : string |
| main.go:68:17:68:24 | definition of redirect : string | semmle.label | definition of redirect : string |
| main.go:73:9:73:28 | call to Clean : string | semmle.label | call to Clean : string |
| main.go:73:9:73:28 | call to Clean : string | semmle.label | call to Clean : string |
| main.go:76:19:76:21 | argument corresponding to url : string | semmle.label | argument corresponding to url : string |
| main.go:77:25:77:39 | call to getTarget1 | semmle.label | call to getTarget1 |
| main.go:77:36:77:38 | url : string | semmle.label | url : string |
| main.go:87:9:87:14 | selection of Path : string | semmle.label | selection of Path : string |
| main.go:91:25:91:39 | call to getTarget2 | semmle.label | call to getTarget2 |
subpaths
| main.go:11:37:11:44 | redirect : string | BadRedirectCheck.go:3:18:3:22 | definition of redir : string | BadRedirectCheck.go:5:10:5:14 | redir : string | main.go:11:25:11:45 | call to sanitizeUrl : string |
| main.go:77:36:77:38 | url : string | main.go:68:17:68:24 | definition of redirect : string | main.go:73:9:73:28 | call to Clean : string | main.go:77:25:77:39 | call to getTarget1 : string |
#select
| BadRedirectCheck.go:4:23:4:37 | ...==... | BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir : string | main.go:11:25:11:45 | call to sanitizeUrl | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir | this value | main.go:11:25:11:45 | call to sanitizeUrl | redirect |
| BadRedirectCheck.go:4:23:4:37 | ...==... | main.go:10:18:10:25 | argument corresponding to redirect : string | main.go:11:25:11:45 | call to sanitizeUrl | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:10:18:10:25 | argument corresponding to redirect | this value | main.go:11:25:11:45 | call to sanitizeUrl | redirect |

1
ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected
View File

@@ -117,6 +117,7 @@ nodes
| stdlib.go:192:23:192:28 | implicit dereference : URL | semmle.label | implicit dereference : URL |
| stdlib.go:192:23:192:33 | selection of Path | semmle.label | selection of Path |
| stdlib.go:194:23:194:42 | call to EscapedPath | semmle.label | call to EscapedPath |
subpaths
#select
| OpenUrlRedirect.go:10:23:10:42 | call to Get | OpenUrlRedirect.go:10:23:10:28 | selection of Form : Values | OpenUrlRedirect.go:10:23:10:42 | call to Get | Untrusted URL redirection due to $@. | OpenUrlRedirect.go:10:23:10:28 | selection of Form | user-provided value |
| stdlib.go:15:30:15:35 | target | stdlib.go:13:13:13:18 | selection of Form : Values | stdlib.go:15:30:15:35 | target | Untrusted URL redirection due to $@. | stdlib.go:13:13:13:18 | selection of Form | user-provided value |

1
ql/test/query-tests/Security/CWE-640/EmailInjection.expected
View File

@@ -29,6 +29,7 @@ nodes
| main.go:82:21:82:31 | call to Referer : string | semmle.label | call to Referer : string |
| main.go:89:37:89:50 | untrustedInput | semmle.label | untrustedInput |
| main.go:93:16:93:23 | content2 | semmle.label | content2 |
subpaths
#select
| EmailBad.go:12:56:12:67 | type conversion | EmailBad.go:9:10:9:17 | selection of Header : Header | EmailBad.go:12:56:12:67 | type conversion | Email content may contain $@. | EmailBad.go:9:10:9:17 | selection of Header | untrusted input |
| main.go:31:57:31:78 | type conversion | main.go:29:21:29:31 | call to Referer : string | main.go:31:57:31:78 | type conversion | Email content may contain $@. | main.go:29:21:29:31 | call to Referer | untrusted input |

1
ql/test/query-tests/Security/CWE-643/XPathInjection.expected
View File

@@ -83,6 +83,7 @@ nodes
| tst.go:162:31:162:126 | ...+... | semmle.label | ...+... |
| tst.go:171:21:171:116 | ...+... | semmle.label | ...+... |
| tst.go:180:27:180:122 | ...+... | semmle.label | ...+... |
subpaths
#select
| XPathInjection.go:16:29:16:91 | ...+... | XPathInjection.go:13:14:13:19 | selection of Form : Values | XPathInjection.go:16:29:16:91 | ...+... | $@ flows here and is used in an XPath expression. | XPathInjection.go:13:14:13:19 | selection of Form | A user-provided value |
| tst.go:35:23:35:85 | ...+... | tst.go:32:14:32:19 | selection of Form : Values | tst.go:35:23:35:85 | ...+... | $@ flows here and is used in an XPath expression. | tst.go:32:14:32:19 | selection of Form | A user-provided value |

1
ql/test/query-tests/Security/CWE-918/RequestForgery.expected
View File

@@ -54,6 +54,7 @@ nodes
| websocket.go:197:18:197:31 | untrustedInput | semmle.label | untrustedInput |
| websocket.go:202:21:202:31 | call to Referer : string | semmle.label | call to Referer : string |
| websocket.go:204:11:204:24 | untrustedInput | semmle.label | untrustedInput |
subpaths
#select
| RequestForgery.go:11:15:11:66 | call to Get | RequestForgery.go:8:12:8:34 | call to FormValue : string | RequestForgery.go:11:24:11:65 | ...+... | The $@ of this request depends on $@. | RequestForgery.go:11:24:11:65 | ...+... | URL | RequestForgery.go:8:12:8:34 | call to FormValue : string | a user-provided value |
| tst.go:14:2:14:18 | call to Get | tst.go:10:13:10:35 | call to FormValue : string | tst.go:14:11:14:17 | tainted | The $@ of this request depends on $@. | tst.go:14:11:14:17 | tainted | URL | tst.go:10:13:10:35 | call to FormValue : string | a user-provided value |