Go: convert UncontrolledAllocationSize test to .qlref

2026-04-19 14:04:09 +02:00 · 2025-06-19 11:28:01 +02:00
parent e37979546c
commit 76a3306c63
4 changed files with 28 additions and 10 deletions
--- a/go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSize.expected
+++ b/go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSize.expected
@@ -1,2 +1,22 @@
-invalidModelRow
-testFailures
+#select
+| UncontrolledAllocationSizeBad.go:20:27:20:30 | sink | UncontrolledAllocationSizeBad.go:11:12:11:16 | selection of URL | UncontrolledAllocationSizeBad.go:20:27:20:30 | sink | This memory allocation depends on a $@. | UncontrolledAllocationSizeBad.go:11:12:11:16 | selection of URL | user-provided value |
+edges
+| UncontrolledAllocationSizeBad.go:11:12:11:16 | selection of URL | UncontrolledAllocationSizeBad.go:11:12:11:24 | call to Query | provenance | Src:MaD:1 MaD:2 |
+| UncontrolledAllocationSizeBad.go:11:12:11:24 | call to Query | UncontrolledAllocationSizeBad.go:13:15:13:20 | source | provenance |  |
+| UncontrolledAllocationSizeBad.go:13:15:13:20 | source | UncontrolledAllocationSizeBad.go:13:15:13:29 | call to Get | provenance | MaD:3 |
+| UncontrolledAllocationSizeBad.go:13:15:13:29 | call to Get | UncontrolledAllocationSizeBad.go:14:28:14:36 | sourceStr | provenance |  |
+| UncontrolledAllocationSizeBad.go:14:2:14:37 | ... := ...[0] | UncontrolledAllocationSizeBad.go:20:27:20:30 | sink | provenance |  |
+| UncontrolledAllocationSizeBad.go:14:28:14:36 | sourceStr | UncontrolledAllocationSizeBad.go:14:2:14:37 | ... := ...[0] | provenance | Config |
+models
+| 1 | Source: net/http; Request; true; URL; ; ; ; remote; manual |
+| 2 | Summary: net/url; URL; true; Query; ; ; Argument[receiver]; ReturnValue; taint; manual |
+| 3 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
+nodes
+| UncontrolledAllocationSizeBad.go:11:12:11:16 | selection of URL | semmle.label | selection of URL |
+| UncontrolledAllocationSizeBad.go:11:12:11:24 | call to Query | semmle.label | call to Query |
+| UncontrolledAllocationSizeBad.go:13:15:13:20 | source | semmle.label | source |
+| UncontrolledAllocationSizeBad.go:13:15:13:29 | call to Get | semmle.label | call to Get |
+| UncontrolledAllocationSizeBad.go:14:2:14:37 | ... := ...[0] | semmle.label | ... := ...[0] |
+| UncontrolledAllocationSizeBad.go:14:28:14:36 | sourceStr | semmle.label | sourceStr |
+| UncontrolledAllocationSizeBad.go:20:27:20:30 | sink | semmle.label | sink |
+subpaths
--- a/go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSize.ql
+++ b/go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSize.ql
@@ -1,6 +0,0 @@
-import go
-import semmle.go.dataflow.ExternalFlow
-import ModelValidation
-import semmle.go.security.UncontrolledAllocationSize
-import utils.test.InlineFlowTest
-import FlowTest<UncontrolledAllocationSize::Config, UncontrolledAllocationSize::Config>
--- a/go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSize.qlref
+++ b/go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSize.qlref
@@ -0,0 +1,4 @@
+query: Security/CWE-770/UncontrolledAllocationSize.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql
--- a/go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSizeBad.go
+++ b/go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSizeBad.go
@@ -8,7 +8,7 @@ import (
 )

 func OutOfMemoryBad(w http.ResponseWriter, r *http.Request) {
-	source := r.URL.Query()
+	source := r.URL.Query() // $ Source

 	sourceStr := source.Get("n")
 	sink, err := strconv.Atoi(sourceStr)
@@ -17,7 +17,7 @@ func OutOfMemoryBad(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	result := make([]string, sink) // $hasTaintFlow="sink"
+	result := make([]string, sink) // $ Alert
 	for i := 0; i < sink; i++ {
 		result[i] = fmt.Sprintf("Item %d", i+1)
 	}