Add tests for copy (taint passes, value fails)

2026-04-22 23:35:14 +02:00 · 2024-05-04 22:01:54 +01:00
parent eab1569342
commit 86e2b845f3
6 changed files with 56 additions and 42 deletions
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/sinks.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/sinks.expected
@@ -21,15 +21,16 @@ invalidModelRow
 | test.go:113:10:113:20 | index expression | qltest |
 | test.go:117:10:117:16 | taint15 | qltest |
 | test.go:121:10:121:17 | index expression | qltest |
-| test.go:126:10:126:16 | taint16 | qltest |
-| test.go:130:10:130:13 | selection of F | qltest |
-| test.go:133:10:133:17 | call to Get | qltest |
-| test.go:137:10:137:17 | call to Get | qltest |
-| test.go:142:10:142:17 | call to Get | qltest |
-| test.go:146:10:146:14 | selection of F | qltest |
-| test.go:149:10:149:32 | call to GetThroughPointer | qltest |
-| test.go:153:10:153:32 | call to GetThroughPointer | qltest |
-| test.go:158:10:158:32 | call to GetThroughPointer | qltest |
-| test.go:164:17:164:20 | arg1 | qltest |
-| test.go:164:23:164:26 | arg2 | qltest |
-| test.go:164:29:164:32 | arg3 | qltest |
+| test.go:127:10:127:18 | index expression | qltest |
+| test.go:132:10:132:16 | taint16 | qltest |
+| test.go:136:10:136:13 | selection of F | qltest |
+| test.go:139:10:139:17 | call to Get | qltest |
+| test.go:143:10:143:17 | call to Get | qltest |
+| test.go:148:10:148:17 | call to Get | qltest |
+| test.go:152:10:152:14 | selection of F | qltest |
+| test.go:155:10:155:32 | call to GetThroughPointer | qltest |
+| test.go:159:10:159:32 | call to GetThroughPointer | qltest |
+| test.go:164:10:164:32 | call to GetThroughPointer | qltest |
+| test.go:170:17:170:20 | arg1 | qltest |
+| test.go:170:23:170:26 | arg2 | qltest |
+| test.go:170:29:170:32 | arg3 | qltest |
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected
@@ -12,12 +12,12 @@ invalidModelRow
 | test.go:91:46:91:53 | call to Src1 | qltest |
 | test.go:95:35:95:42 | call to Src1 | qltest |
 | test.go:99:42:99:49 | call to Src1 | qltest |
-| test.go:124:8:124:15 | call to Src1 | qltest |
-| test.go:129:9:129:16 | call to Src1 | qltest |
-| test.go:132:15:132:22 | call to Src1 | qltest |
-| test.go:136:9:136:16 | call to Src1 | qltest |
-| test.go:140:9:140:16 | call to Src1 | qltest |
-| test.go:145:24:145:31 | call to Src1 | qltest |
-| test.go:148:17:148:24 | call to Src1 | qltest |
-| test.go:152:24:152:31 | call to Src1 | qltest |
-| test.go:156:24:156:31 | call to Src1 | qltest |
+| test.go:130:8:130:15 | call to Src1 | qltest |
+| test.go:135:9:135:16 | call to Src1 | qltest |
+| test.go:138:15:138:22 | call to Src1 | qltest |
+| test.go:142:9:142:16 | call to Src1 | qltest |
+| test.go:146:9:146:16 | call to Src1 | qltest |
+| test.go:151:24:151:31 | call to Src1 | qltest |
+| test.go:154:17:154:24 | call to Src1 | qltest |
+| test.go:158:24:158:31 | call to Src1 | qltest |
+| test.go:162:24:162:31 | call to Src1 | qltest |
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go
@@ -120,6 +120,12 @@ func simpleflow() {
 	slice = append(slice, src)
 	b.Sink1(slice[0]) // $ hasTaintFlow="index expression"

+	slice1 := make([]string, 2)
+	slice1[0] = src.(string)
+	slice2 := make([]string, 2)
+	copy(slice2, slice1)
+	b.Sink1(slice2[0]) // $ hasTaintFlow="index expression"
+
 	ch := make(chan string)
 	ch <- a.Src1().(string)
 	taint16 := test.StepArgCollectionContentRes(ch)
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.expected
@@ -21,15 +21,16 @@ invalidModelRow
 | test.go:113:10:113:20 | index expression | qltest |
 | test.go:117:10:117:16 | taint15 | qltest |
 | test.go:121:10:121:17 | index expression | qltest |
-| test.go:126:10:126:16 | taint16 | qltest |
-| test.go:130:10:130:13 | selection of F | qltest |
-| test.go:133:10:133:17 | call to Get | qltest |
-| test.go:137:10:137:17 | call to Get | qltest |
-| test.go:142:10:142:17 | call to Get | qltest |
-| test.go:146:10:146:14 | selection of F | qltest |
-| test.go:149:10:149:32 | call to GetThroughPointer | qltest |
-| test.go:153:10:153:32 | call to GetThroughPointer | qltest |
-| test.go:158:10:158:32 | call to GetThroughPointer | qltest |
-| test.go:164:17:164:20 | arg1 | qltest |
-| test.go:164:23:164:26 | arg2 | qltest |
-| test.go:164:29:164:32 | arg3 | qltest |
+| test.go:127:10:127:18 | index expression | qltest |
+| test.go:132:10:132:16 | taint16 | qltest |
+| test.go:136:10:136:13 | selection of F | qltest |
+| test.go:139:10:139:17 | call to Get | qltest |
+| test.go:143:10:143:17 | call to Get | qltest |
+| test.go:148:10:148:17 | call to Get | qltest |
+| test.go:152:10:152:14 | selection of F | qltest |
+| test.go:155:10:155:32 | call to GetThroughPointer | qltest |
+| test.go:159:10:159:32 | call to GetThroughPointer | qltest |
+| test.go:164:10:164:32 | call to GetThroughPointer | qltest |
+| test.go:170:17:170:20 | arg1 | qltest |
+| test.go:170:23:170:26 | arg2 | qltest |
+| test.go:170:29:170:32 | arg3 | qltest |
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected
@@ -12,12 +12,12 @@ invalidModelRow
 | test.go:91:46:91:53 | call to Src1 | qltest |
 | test.go:95:35:95:42 | call to Src1 | qltest |
 | test.go:99:42:99:49 | call to Src1 | qltest |
-| test.go:124:8:124:15 | call to Src1 | qltest |
-| test.go:129:9:129:16 | call to Src1 | qltest |
-| test.go:132:15:132:22 | call to Src1 | qltest |
-| test.go:136:9:136:16 | call to Src1 | qltest |
-| test.go:140:9:140:16 | call to Src1 | qltest |
-| test.go:145:24:145:31 | call to Src1 | qltest |
-| test.go:148:17:148:24 | call to Src1 | qltest |
-| test.go:152:24:152:31 | call to Src1 | qltest |
-| test.go:156:24:156:31 | call to Src1 | qltest |
+| test.go:130:8:130:15 | call to Src1 | qltest |
+| test.go:135:9:135:16 | call to Src1 | qltest |
+| test.go:138:15:138:22 | call to Src1 | qltest |
+| test.go:142:9:142:16 | call to Src1 | qltest |
+| test.go:146:9:146:16 | call to Src1 | qltest |
+| test.go:151:24:151:31 | call to Src1 | qltest |
+| test.go:154:17:154:24 | call to Src1 | qltest |
+| test.go:158:24:158:31 | call to Src1 | qltest |
+| test.go:162:24:162:31 | call to Src1 | qltest |
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go
@@ -120,6 +120,12 @@ func simpleflow() {
 	slice = append(slice, src)
 	b.Sink1(slice[0]) // $ hasValueFlow="index expression"

+	slice1 := make([]string, 2)
+	slice1[0] = src.(string)
+	slice2 := make([]string, 2)
+	copy(slice2, slice1)
+	b.Sink1(slice2[0]) // $ MISSING: hasValueFlow="index expression" // this is a bug, but it is normally covered because it works with taint tracking
+
 	ch := make(chan string)
 	ch <- a.Src1().(string)
 	taint16 := test.StepArgCollectionContentRes(ch)