Try to fix test

2026-04-30 11:15:13 +02:00 · 2020-03-27 16:13:00 +01:00
parent 21feb9d996
commit 8278dd358e
8 changed files with 78 additions and 7 deletions
--- a/ql/test/query-tests/Security/CWE-643/XPathInjection.expected
+++ b/ql/test/query-tests/Security/CWE-643/XPathInjection.expected
@@ -1,10 +1,10 @@
 edges
-| XPathInjection.go:13:14:13:19 | selection of Form : Values | XPathInjection.go:17:29:17:132 | ...+... |
-| XPathInjection.go:14:14:14:19 | selection of Form : Values | XPathInjection.go:17:29:17:132 | ...+... |
+| XPathInjection.go:15:14:15:19 | selection of Form : Values | XPathInjection.go:19:29:19:132 | ...+... |
+| XPathInjection.go:16:14:16:19 | selection of Form : Values | XPathInjection.go:19:29:19:132 | ...+... |
 nodes
-| XPathInjection.go:13:14:13:19 | selection of Form : Values | semmle.label | selection of Form : Values |
-| XPathInjection.go:14:14:14:19 | selection of Form : Values | semmle.label | selection of Form : Values |
-| XPathInjection.go:17:29:17:132 | ...+... | semmle.label | ...+... |
+| XPathInjection.go:15:14:15:19 | selection of Form : Values | semmle.label | selection of Form : Values |
+| XPathInjection.go:16:14:16:19 | selection of Form : Values | semmle.label | selection of Form : Values |
+| XPathInjection.go:19:29:19:132 | ...+... | semmle.label | ...+... |
 #select
-| XPathInjection.go:17:29:17:132 | ...+... | XPathInjection.go:13:14:13:19 | selection of Form : Values | XPathInjection.go:17:29:17:132 | ...+... | $@ flows here and is used in an XPath expression. | XPathInjection.go:13:14:13:19 | selection of Form | A user-provided value |
-| XPathInjection.go:17:29:17:132 | ...+... | XPathInjection.go:14:14:14:19 | selection of Form : Values | XPathInjection.go:17:29:17:132 | ...+... | $@ flows here and is used in an XPath expression. | XPathInjection.go:14:14:14:19 | selection of Form | A user-provided value |
+| XPathInjection.go:19:29:19:132 | ...+... | XPathInjection.go:15:14:15:19 | selection of Form : Values | XPathInjection.go:19:29:19:132 | ...+... | $@ flows here and is used in an XPath expression. | XPathInjection.go:15:14:15:19 | selection of Form | A user-provided value |
+| XPathInjection.go:19:29:19:132 | ...+... | XPathInjection.go:16:14:16:19 | selection of Form : Values | XPathInjection.go:19:29:19:132 | ...+... | $@ flows here and is used in an XPath expression. | XPathInjection.go:16:14:16:19 | selection of Form | A user-provided value |
--- a/ql/test/query-tests/Security/CWE-643/XPathInjection.go
+++ b/ql/test/query-tests/Security/CWE-643/XPathInjection.go
@@ -8,6 +8,8 @@ import (
 	"github.com/ChrisTrenkamp/goxpath/tree"
 )

+func main() {}
+
 func processRequest(r *http.Request, doc tree.Node) {
 	r.ParseForm()
 	username := r.Form.Get("username")
--- a/ql/test/query-tests/Security/CWE-643/go.mod
+++ b/ql/test/query-tests/Security/CWE-643/go.mod
@@ -0,0 +1,3 @@
+module main
+
+go 1.14
--- a/ql/test/query-tests/Security/CWE-643/vendor/github.com/ChrisTrenkamp/goxpath/LICENSE
+++ b/ql/test/query-tests/Security/CWE-643/vendor/github.com/ChrisTrenkamp/goxpath/LICENSE
@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 ChrisTrenkamp
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
--- a/ql/test/query-tests/Security/CWE-643/vendor/github.com/ChrisTrenkamp/goxpath/README.md
+++ b/ql/test/query-tests/Security/CWE-643/vendor/github.com/ChrisTrenkamp/goxpath/README.md
@@ -0,0 +1,3 @@
+This is a simple stub for https://github.com/ChrisTrenkamp/goxpath, strictly for use in query testing.
+
+See the LICENSE file in this folder for information about the licensing of the original library.
--- a/ql/test/query-tests/Security/CWE-643/vendor/github.com/ChrisTrenkamp/goxpath/goxpath.go
+++ b/ql/test/query-tests/Security/CWE-643/vendor/github.com/ChrisTrenkamp/goxpath/goxpath.go
@@ -0,0 +1,22 @@
+package goxpath
+
+import (
+	"github.com/ChrisTrenkamp/goxpath/tree"
+)
+
+type Opts struct {
+	Vars map[string]tree.Result
+}
+
+type XPathExec struct {
+}
+
+type FuncOpts func(*Opts)
+
+func MustParse(xp string) XPathExec {
+	return XPathExec{}
+}
+
+func (xp XPathExec) ExecBool(t tree.Node, opts ...FuncOpts) (bool, error) {
+	return false, nil
+}
--- a/ql/test/query-tests/Security/CWE-643/vendor/github.com/ChrisTrenkamp/goxpath/tree/tree.go
+++ b/ql/test/query-tests/Security/CWE-643/vendor/github.com/ChrisTrenkamp/goxpath/tree/tree.go
@@ -0,0 +1,16 @@
+package tree
+
+import "fmt"
+
+type Node interface {
+}
+
+type Result interface {
+	fmt.Stringer
+}
+
+type String string
+
+func (s String) String() string {
+	return ""
+}
--- a/ql/test/query-tests/Security/CWE-643/vendor/modules.txt
+++ b/ql/test/query-tests/Security/CWE-643/vendor/modules.txt
@@ -0,0 +1,3 @@
+# github.com/ChrisTrenkamp/goxpath v0.0.0-20190607011252-c5096ec8773d
+github.com/ChrisTrenkamp/goxpath
+github.com/ChrisTrenkamp/goxpath/tree