Merge pull request #16617 from owen-mc/go/side-effects-on-global-variables

Go: Add tests (mostly failing) for writes to global variables
2025-12-16 16:53:25 +01:00 · 2024-05-30 08:02:45 +01:00
parent 2c4a216dd9 7ff1eabfc3
commit 61593aed7d
3 changed files with 72 additions and 0 deletions
--- a/go/ql/test/library-tests/semmle/go/dataflow/GlobalVariableSideEffects/Flows.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/GlobalVariableSideEffects/Flows.expected
--- a/go/ql/test/library-tests/semmle/go/dataflow/GlobalVariableSideEffects/Flows.ql
+++ b/go/ql/test/library-tests/semmle/go/dataflow/GlobalVariableSideEffects/Flows.ql
@@ -0,0 +1,11 @@
+import go
+import TestUtilities.InlineFlowTest
+
+string getArgString(DataFlow::Node src, DataFlow::Node sink) {
+  exists(src) and
+  result =
+    "\"" + sink.toString() + " (from source " +
+      src.(DataFlow::CallNode).getArgument(0).getExactValue() + ")\""
+}
+
+import ValueFlowTestArgString<DefaultFlowConfig, getArgString/2>
--- a/go/ql/test/library-tests/semmle/go/dataflow/GlobalVariableSideEffects/globalVariable.go
+++ b/go/ql/test/library-tests/semmle/go/dataflow/GlobalVariableSideEffects/globalVariable.go
@@ -0,0 +1,61 @@
+package main
+
+var globalScalar any
+var globalArray [1]any
+var globalSlice []any
+var globalMap1 map[any]any
+var globalMap2 map[any]any
+
+func source(n int) any { return n }
+
+func sink(x any) {}
+
+func main() {
+	test1()
+	test2()
+	sink(globalScalar)   // $ hasValueFlow="globalScalar (from source 0)" MISSING: hasValueFlow="globalScalar (from source 10)"
+	sink(globalArray[0]) // $ MISSING: hasValueFlow="index expression (from source 1)" hasValueFlow="index expression (from source 11)"
+	sink(globalSlice[0]) // $ MISSING: hasValueFlow="index expression (from source 2)" hasValueFlow="index expression (from source 12)"
+	for val := range globalMap1 {
+		sink(val) // $ MISSING: hasValueFlow="val (from source 3)" hasValueFlow="val (from source 13)"
+	}
+	for _, val := range globalMap2 {
+		sink(val) // $ MISSING: hasValueFlow="val (from source 4)" hasValueFlow="val (from source 14)"
+	}
+}
+
+func test1() {
+	globalScalar = source(0)
+	globalArray[0] = source(1)
+	globalSlice[0] = source(2)
+	globalMap1[source(3)] = nil
+	globalMap2[""] = source(4)
+}
+
+func test2() {
+	taintScalar(&globalScalar, 10)
+	taintArray(globalArray, 11)
+	taintSlice(globalSlice, 12)
+	taintMapKey(globalMap1, 13)
+	taintMapValue(globalMap2, 14)
+}
+
+func taintScalar(x *any, n int) {
+	*x = source(n)
+}
+
+func taintArray(x [1]any, n int) {
+	x[0] = source(n)
+}
+
+func taintSlice(x []any, n int) {
+	x[0] = source(n)
+}
+
+func taintMapKey(x map[any]any, n int) {
+	x[source(n)] = ""
+}
+
+func taintMapValue(x map[any]any, n int) {
+	x[""] = source(n)
+}