diff --git a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/glog.go b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/glog.go index ab82527b5e0..25c245948f3 100644 --- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/glog.go +++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/glog.go @@ -1,54 +1,181 @@ -//go:generate depstubber -vendor github.com/golang/glog "" Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,Warning,WarningDepth,Warningf,Warningln -//go:generate depstubber -vendor k8s.io/klog "" Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,Warning,WarningDepth,Warningf,Warningln +//go:generate depstubber -vendor github.com/golang/glog Level,Verbose Error,ErrorContext,ErrorContextDepth,ErrorContextDepthf,ErrorContextf,ErrorDepth,ErrorDepthf,Errorf,Errorln,Exit,ExitContext,ExitContextDepth,ExitContextDepthf,ExitContextf,ExitDepth,ExitDepthf,Exitf,Exitln,Fatal,FatalContext,FatalContextDepth,FatalContextDepthf,FatalContextf,FatalDepth,FatalDepthf,Fatalf,Fatalln,Info,InfoContext,InfoContextDepth,InfoContextDepthf,InfoContextf,InfoDepth,InfoDepthf,Infof,Infoln,V,VDepth,Warning,WarningContext,WarningContextDepth,WarningContextDepthf,WarningContextf,WarningDepth,WarningDepthf,Warningf,Warningln +//go:generate depstubber -vendor k8s.io/klog Level,Verbose Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,V,Warning,WarningDepth,Warningf,Warningln package main import ( + "context" + "github.com/golang/glog" "k8s.io/klog" ) -func glogTest() { - glog.Error(text) // $ logger=text - glog.ErrorDepth(0, text) // $ logger=text - glog.Errorf(fmt, text) // $ logger=fmt logger=text - glog.Errorln(text) // $ logger=text - glog.Exit(text) // $ logger=text - glog.ExitDepth(0, text) // $ logger=text - glog.Exitf(fmt, text) // $ logger=fmt logger=text - glog.Exitln(text) // $ logger=text - glog.Fatal(text) // $ logger=text - glog.FatalDepth(0, text) // $ logger=text - glog.Fatalf(fmt, text) // $ logger=fmt logger=text - glog.Fatalln(text) // $ logger=text - glog.Info(text) // $ logger=text - glog.InfoDepth(0, text) // $ logger=text - glog.Infof(fmt, text) // $ logger=fmt logger=text - glog.Infoln(text) // $ logger=text - glog.Warning(text) // $ logger=text - glog.WarningDepth(0, text) // $ logger=text - glog.Warningf(fmt, text) // $ logger=fmt logger=text - glog.Warningln(text) // $ logger=text +func glogTest(selector int) { + ctx := context.Background() + + glog.Error(text) // $ logger=text + glog.ErrorContext(ctx, text) // $ logger=text + glog.ErrorContextDepth(ctx, 0, text) // $ logger=text + glog.ErrorContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text + glog.ErrorContextf(ctx, fmt, text) // $ logger=fmt logger=text + glog.ErrorDepth(0, text) // $ logger=text + glog.ErrorDepthf(0, fmt, text) // $ logger=fmt logger=text + glog.Errorf(fmt, text) // $ logger=fmt logger=text + glog.Errorln(text) // $ logger=text + if selector == 1 { + glog.Exit(text) // $ logger=text + } + if selector == 2 { + glog.ExitContext(ctx, text) // $ logger=text + } + if selector == 3 { + glog.ExitContextDepth(ctx, 0, text) // $ logger=text + } + if selector == 4 { + glog.ExitContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text + } + if selector == 5 { + glog.ExitContextf(ctx, fmt, text) // $ logger=fmt logger=text + } + if selector == 6 { + glog.ExitDepth(0, text) // $ logger=text + } + if selector == 7 { + glog.ExitDepthf(0, fmt, text) // $ logger=fmt logger=text + } + if selector == 8 { + glog.Exitf(fmt, text) // $ logger=fmt logger=text + } + if selector == 9 { + glog.Exitln(text) // $ logger=text + } + if selector == 10 { + glog.Fatal(text) // $ logger=text + } + if selector == 11 { + glog.FatalContext(ctx, text) // $ logger=text + } + if selector == 12 { + glog.FatalContextDepth(ctx, 0, text) // $ logger=text + } + if selector == 13 { + glog.FatalContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text + } + if selector == 14 { + glog.FatalContextf(ctx, fmt, text) // $ logger=fmt logger=text + } + if selector == 15 { + glog.FatalDepth(0, text) // $ logger=text + } + if selector == 16 { + glog.FatalDepthf(0, fmt, text) // $ logger=fmt logger=text + } + if selector == 17 { + glog.Fatalf(fmt, text) // $ logger=fmt logger=text + } + if selector == 18 { + glog.Fatalln(text) // $ logger=text + } + glog.Info(text) // $ logger=text + glog.InfoContext(ctx, text) // $ logger=text + glog.InfoContextDepth(ctx, 0, text) // $ logger=text + glog.InfoContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text + glog.InfoContextf(ctx, fmt, text) // $ logger=fmt logger=text + glog.InfoDepth(0, text) // $ logger=text + glog.InfoDepthf(0, fmt, text) // $ logger=fmt logger=text + glog.Infof(fmt, text) // $ logger=fmt logger=text + glog.Infoln(text) // $ logger=text + glog.Warning(text) // $ logger=text + glog.WarningContext(ctx, text) // $ logger=text + glog.WarningContextDepth(ctx, 0, text) // $ logger=text + glog.WarningContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text + glog.WarningContextf(ctx, fmt, text) // $ logger=fmt logger=text + glog.WarningDepth(0, text) // $ logger=text + glog.WarningDepthf(0, fmt, text) // $ logger=fmt logger=text + glog.Warningf(fmt, text) // $ logger=fmt logger=text + glog.Warningln(text) // $ logger=text + + glog.V(0).Info(text) // $ logger=text + glog.V(0).InfoContext(ctx, text) // $ logger=text + glog.V(0).InfoContextDepth(ctx, 0, text) // $ logger=text + glog.V(0).InfoContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text + glog.V(0).InfoContextf(ctx, fmt, text) // $ logger=fmt logger=text + glog.V(0).InfoDepth(0, text) // $ logger=text + glog.V(0).InfoDepthf(0, fmt, text) // $ logger=fmt logger=text + glog.V(0).Infof(fmt, text) // $ logger=fmt logger=text + glog.V(0).Infoln(text) // $ logger=text + glog.VDepth(0, 0).Info(text) // $ logger=text // components corresponding to the format specifier "%T" are not considered vulnerable - glog.Errorf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v - glog.Exitf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v - glog.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v - glog.Infof("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v - glog.Warningf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + glog.ErrorContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + glog.ErrorContextf(ctx, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + glog.ErrorDepthf(0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + glog.Errorf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + if selector == 19 { + glog.ExitContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + } + if selector == 20 { + glog.ExitContextf(ctx, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + } + if selector == 21 { + glog.ExitDepthf(0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + } + if selector == 22 { + glog.Exitf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + } + if selector == 23 { + glog.FatalContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + } + if selector == 24 { + glog.FatalContextf(ctx, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + } + if selector == 25 { + glog.FatalDepthf(0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + } + if selector == 26 { + glog.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + } + glog.InfoContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + glog.InfoContextf(ctx, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + glog.InfoDepthf(0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + glog.Infof("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + glog.WarningContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + glog.WarningContextf(ctx, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + glog.WarningDepthf(0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + glog.Warningf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + glog.V(0).InfoContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + glog.V(0).InfoContextf(ctx, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + glog.V(0).InfoDepthf(0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + glog.V(0).Infof("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v - klog.Error(text) // $ logger=text - klog.ErrorDepth(0, text) // $ logger=text - klog.Errorf(fmt, text) // $ logger=fmt logger=text - klog.Errorln(text) // $ logger=text - klog.Exit(text) // $ logger=text - klog.ExitDepth(0, text) // $ logger=text - klog.Exitf(fmt, text) // $ logger=fmt logger=text - klog.Exitln(text) // $ logger=text - klog.Fatal(text) // $ logger=text - klog.FatalDepth(0, text) // $ logger=text - klog.Fatalf(fmt, text) // $ logger=fmt logger=text - klog.Fatalln(text) // $ logger=text + klog.Error(text) // $ logger=text + klog.ErrorDepth(0, text) // $ logger=text + klog.Errorf(fmt, text) // $ logger=fmt logger=text + klog.Errorln(text) // $ logger=text + if selector == 27 { + klog.Exit(text) // $ logger=text + } + if selector == 28 { + klog.ExitDepth(0, text) // $ logger=text + } + if selector == 29 { + klog.Exitf(fmt, text) // $ logger=fmt logger=text + } + if selector == 30 { + klog.Exitln(text) // $ logger=text + } + if selector == 31 { + klog.Fatal(text) // $ logger=text + } + if selector == 32 { + klog.FatalDepth(0, text) // $ logger=text + } + if selector == 33 { + klog.Fatalf(fmt, text) // $ logger=fmt logger=text + } + if selector == 34 { + klog.Fatalln(text) // $ logger=text + } klog.Info(text) // $ logger=text klog.InfoDepth(0, text) // $ logger=text klog.Infof(fmt, text) // $ logger=fmt logger=text @@ -57,11 +184,19 @@ func glogTest() { klog.WarningDepth(0, text) // $ logger=text klog.Warningf(fmt, text) // $ logger=fmt logger=text klog.Warningln(text) // $ logger=text + klog.V(0).Info(text) // $ logger=text + klog.V(0).Infof(fmt, text) // $ logger=fmt logger=text + klog.V(0).Infoln(text) // $ logger=text // components corresponding to the format specifier "%T" are not considered vulnerable - klog.Errorf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v - klog.Exitf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v - klog.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v - klog.Infof("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v - klog.Warningf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + klog.Errorf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + if selector == 35 { + klog.Exitf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + } + if selector == 36 { + klog.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + } + klog.Infof("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + klog.Warningf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v + klog.V(0).Infof("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v } diff --git a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/go.mod b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/go.mod index 81d2785a409..0d3c053e7fe 100644 --- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/go.mod +++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/go.mod @@ -3,7 +3,7 @@ module codeql-go-tests/concepts/loggercall go 1.15 require ( - github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b + github.com/golang/glog v1.2.5 github.com/sirupsen/logrus v1.7.0 k8s.io/klog v1.0.0 ) diff --git a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/main.go b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/main.go index 5353d9155cc..688c59bc2ea 100644 --- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/main.go +++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/main.go @@ -6,5 +6,6 @@ const text = "test" var v []byte func main() { + glogTest(len(v)) stdlib() } diff --git a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/github.com/golang/glog/stub.go b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/github.com/golang/glog/stub.go index 49f90bc21af..64a0aef2bfc 100644 --- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/github.com/golang/glog/stub.go +++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/github.com/golang/glog/stub.go @@ -2,47 +2,125 @@ // This is a simple stub for github.com/golang/glog, strictly for use in testing. // See the LICENSE file for information about the licensing of the original library. -// Source: github.com/golang/glog (exports: ; functions: Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,Warning,WarningDepth,Warningf,Warningln) +// Source: github.com/golang/glog (exports: Level,Verbose; functions: Error,ErrorContext,ErrorContextDepth,ErrorContextDepthf,ErrorContextf,ErrorDepth,ErrorDepthf,Errorf,Errorln,Exit,ExitContext,ExitContextDepth,ExitContextDepthf,ExitContextf,ExitDepth,ExitDepthf,Exitf,Exitln,Fatal,FatalContext,FatalContextDepth,FatalContextDepthf,FatalContextf,FatalDepth,FatalDepthf,Fatalf,Fatalln,Info,InfoContext,InfoContextDepth,InfoContextDepthf,InfoContextf,InfoDepth,InfoDepthf,Infof,Infoln,V,VDepth,Warning,WarningContext,WarningContextDepth,WarningContextDepthf,WarningContextf,WarningDepth,WarningDepthf,Warningf,Warningln) // Package glog is a stub of github.com/golang/glog, generated by depstubber. package glog +import "context" + +type Level int32 + +type Verbose bool + func Error(_ ...interface{}) {} +func ErrorContext(_ context.Context, _ ...interface{}) {} + +func ErrorContextDepth(_ context.Context, _ int, _ ...interface{}) {} + +func ErrorContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {} + +func ErrorContextf(_ context.Context, _ string, _ ...interface{}) {} + func ErrorDepth(_ int, _ ...interface{}) {} +func ErrorDepthf(_ int, _ string, _ ...interface{}) {} + func Errorf(_ string, _ ...interface{}) {} func Errorln(_ ...interface{}) {} func Exit(_ ...interface{}) {} +func ExitContext(_ context.Context, _ ...interface{}) {} + +func ExitContextDepth(_ context.Context, _ int, _ ...interface{}) {} + +func ExitContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {} + +func ExitContextf(_ context.Context, _ string, _ ...interface{}) {} + func ExitDepth(_ int, _ ...interface{}) {} +func ExitDepthf(_ int, _ string, _ ...interface{}) {} + func Exitf(_ string, _ ...interface{}) {} func Exitln(_ ...interface{}) {} func Fatal(_ ...interface{}) {} +func FatalContext(_ context.Context, _ ...interface{}) {} + +func FatalContextDepth(_ context.Context, _ int, _ ...interface{}) {} + +func FatalContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {} + +func FatalContextf(_ context.Context, _ string, _ ...interface{}) {} + func FatalDepth(_ int, _ ...interface{}) {} +func FatalDepthf(_ int, _ string, _ ...interface{}) {} + func Fatalf(_ string, _ ...interface{}) {} func Fatalln(_ ...interface{}) {} func Info(_ ...interface{}) {} +func InfoContext(_ context.Context, _ ...interface{}) {} + +func InfoContextDepth(_ context.Context, _ int, _ ...interface{}) {} + +func InfoContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {} + +func InfoContextf(_ context.Context, _ string, _ ...interface{}) {} + func InfoDepth(_ int, _ ...interface{}) {} +func InfoDepthf(_ int, _ string, _ ...interface{}) {} + func Infof(_ string, _ ...interface{}) {} func Infoln(_ ...interface{}) {} +func V(_ Level) Verbose { return false } + +func VDepth(_ int, _ Level) Verbose { return false } + func Warning(_ ...interface{}) {} +func WarningContext(_ context.Context, _ ...interface{}) {} + +func WarningContextDepth(_ context.Context, _ int, _ ...interface{}) {} + +func WarningContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {} + +func WarningContextf(_ context.Context, _ string, _ ...interface{}) {} + func WarningDepth(_ int, _ ...interface{}) {} +func WarningDepthf(_ int, _ string, _ ...interface{}) {} + func Warningf(_ string, _ ...interface{}) {} func Warningln(_ ...interface{}) {} + +func (_ Verbose) Info(_ ...interface{}) {} + +func (_ Verbose) InfoContext(_ context.Context, _ ...interface{}) {} + +func (_ Verbose) InfoContextDepth(_ context.Context, _ int, _ ...interface{}) {} + +func (_ Verbose) InfoContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {} + +func (_ Verbose) InfoContextf(_ context.Context, _ string, _ ...interface{}) {} + +func (_ Verbose) InfoDepth(_ int, _ ...interface{}) {} + +func (_ Verbose) InfoDepthf(_ int, _ string, _ ...interface{}) {} + +func (_ Verbose) Infof(_ string, _ ...interface{}) {} + +func (_ Verbose) Infoln(_ ...interface{}) {} diff --git a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go index 0c29992abcf..81eb6927c5b 100644 --- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go +++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go @@ -2,11 +2,15 @@ // This is a simple stub for k8s.io/klog, strictly for use in testing. // See the LICENSE file for information about the licensing of the original library. -// Source: k8s.io/klog (exports: ; functions: Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,Warning,WarningDepth,Warningf,Warningln) +// Source: k8s.io/klog (exports: Level,Verbose; functions: Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,V,Warning,WarningDepth,Warningf,Warningln) // Package klog is a stub of k8s.io/klog, generated by depstubber. package klog +type Level int32 + +type Verbose bool + func Error(_ ...interface{}) {} func ErrorDepth(_ int, _ ...interface{}) {} @@ -39,6 +43,8 @@ func Infof(_ string, _ ...interface{}) {} func Infoln(_ ...interface{}) {} +func V(_ Level) Verbose { return false } + func Warning(_ ...interface{}) {} func WarningDepth(_ int, _ ...interface{}) {} @@ -46,3 +52,9 @@ func WarningDepth(_ int, _ ...interface{}) {} func Warningf(_ string, _ ...interface{}) {} func Warningln(_ ...interface{}) {} + +func (_ Verbose) Info(_ ...interface{}) {} + +func (_ Verbose) Infof(_ string, _ ...interface{}) {} + +func (_ Verbose) Infoln(_ ...interface{}) {} diff --git a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/modules.txt index da35ae80c08..bf162a2d5a4 100644 --- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/modules.txt @@ -1,4 +1,4 @@ -# github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b +# github.com/golang/glog v1.2.5 ## explicit github.com/golang/glog # github.com/sirupsen/logrus v1.7.0