Add (currently-failing) expectations for submessage tainting

2026-01-30 14:52:57 +01:00 · 2020-08-11 18:16:19 +01:00
parent c9296abe25
commit 596204f79d
3 changed files with 32 additions and 0 deletions
--- a/ql/test/library-tests/semmle/go/frameworks/Protobuf/FunctionModel.expected
+++ b/ql/test/library-tests/semmle/go/frameworks/Protobuf/FunctionModel.expected
@@ -10,6 +10,12 @@
 | testDeprecatedApi.go:53:13:53:17 | query | testDeprecatedApi.go:53:13:53:34 | call to GetDescription |
 | testDeprecatedApi.go:61:22:61:27 | query1 | testDeprecatedApi.go:60:2:60:7 | definition of query2 |
 | testDeprecatedApi.go:63:33:63:38 | query2 | testDeprecatedApi.go:63:2:63:39 | ... := ...[0] |
+| testDeprecatedApi.go:73:24:73:35 | selection of Alerts | testDeprecatedApi.go:73:17:73:43 | call to append |
+| testDeprecatedApi.go:73:38:73:42 | alert | testDeprecatedApi.go:73:17:73:43 | call to append |
+| testDeprecatedApi.go:75:33:75:37 | query | testDeprecatedApi.go:75:2:75:38 | ... := ...[0] |
+| testDeprecatedApi.go:84:24:84:35 | selection of Alerts | testDeprecatedApi.go:84:17:84:43 | call to append |
+| testDeprecatedApi.go:84:38:84:42 | alert | testDeprecatedApi.go:84:17:84:43 | call to append |
+| testDeprecatedApi.go:87:33:87:37 | query | testDeprecatedApi.go:87:2:87:38 | ... := ...[0] |
 | testModernApi.go:13:33:13:37 | query | testModernApi.go:13:2:13:38 | ... := ...[0] |
 | testModernApi.go:22:28:22:32 | query | testModernApi.go:22:16:22:33 | call to Clone |
 | testModernApi.go:24:33:24:42 | queryClone | testModernApi.go:24:2:24:43 | ... := ...[0] |
--- a/ql/test/library-tests/semmle/go/frameworks/Protobuf/TaintFlows.expected
+++ b/ql/test/library-tests/semmle/go/frameworks/Protobuf/TaintFlows.expected
@@ -3,6 +3,8 @@
 | testDeprecatedApi.go:41:25:41:43 | call to getUntrustedBytes : slice type | testDeprecatedApi.go:45:13:45:29 | selection of Description |
 | testDeprecatedApi.go:49:25:49:43 | call to getUntrustedBytes : slice type | testDeprecatedApi.go:53:13:53:34 | call to GetDescription |
 | testDeprecatedApi.go:58:23:58:42 | call to getUntrustedString : string | testDeprecatedApi.go:65:12:65:21 | serialized |
+| testDeprecatedApi.go:70:14:70:33 | call to getUntrustedString : string | testDeprecatedApi.go:77:12:77:21 | serialized |
+| testDeprecatedApi.go:85:24:85:43 | call to getUntrustedString : string | testDeprecatedApi.go:89:12:89:21 | serialized |
 | testModernApi.go:11:22:11:41 | call to getUntrustedString : string | testModernApi.go:15:12:15:21 | serialized |
 | testModernApi.go:20:22:20:41 | call to getUntrustedString : string | testModernApi.go:26:12:26:21 | serialized |
 | testModernApi.go:30:25:30:43 | call to getUntrustedBytes : slice type | testModernApi.go:34:13:34:29 | selection of Description |
--- a/ql/test/library-tests/semmle/go/frameworks/Protobuf/testDeprecatedApi.go
+++ b/ql/test/library-tests/semmle/go/frameworks/Protobuf/testDeprecatedApi.go
@@ -64,3 +64,27 @@ func testMergeThenMarshal() {

 	sinkBytes(serialized)
 }
+
+func testTaintedSubmessage() {
+	alert := &query.Query_Alert{}
+	alert.Msg = getUntrustedString()
+
+	query := &query.Query{}
+	query.Alerts = append(query.Alerts, alert)
+
+	serialized, _ := proto.Marshal(query)
+
+	sinkBytes(serialized)
+}
+
+func testTaintedSubmessageInPlace() {
+	alert := &query.Query_Alert{}
+
+	query := &query.Query{}
+	query.Alerts = append(query.Alerts, alert)
+	query.Alerts[0].Msg = getUntrustedString()
+
+	serialized, _ := proto.Marshal(query)
+
+	sinkBytes(serialized)
+}