hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-23 15:55:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add extra variable for tracking flow

Browse Source
This commit is contained in:
Ed Minnix
2025-01-07 21:00:04 -05:00
parent e7f99cdfb7
commit a4afff2c3c
1 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_jmoiron_sqlx.go
View File

@@ -6,7 +6,7 @@ import (
"github.com/jmoiron/sqlx"
)
func test_sqlx(q sqlx.Queryer) {
func test_sqlx(q sqlx.Ext) {
var user User
err := sqlx.Get(q, &user, "SELECT * FROM users WHERE id = 1") // $ source
@@ -18,9 +18,11 @@ func test_sqlx(q sqlx.Queryer) {
rows, err := sqlx.NamedQuery(q, "SELECT * FROM users WHERE id = :id", map[string]any{"id": 1}) // $ source
ignore(err)
rows.StructScan(&user)
var user2 User
sink(user) // $ hasTaintFlow="user"
rows.StructScan(&user2)
sink(user2) // $ hasTaintFlow="user2"
}
func test_sqlx_ctx(ctx context.Context, q sqlx.ExtContext) {
@@ -35,9 +37,11 @@ func test_sqlx_ctx(ctx context.Context, q sqlx.ExtContext) {
rows, err := sqlx.NamedQueryContext(ctx, q, "SELECT * FROM users WHERE id = :id", map[string]any{"id": 1}) // $ source
ignore(err)
rows.StructScan(&user)
var user2 User
sink(user) // $ hasTaintFlow="user"
rows.StructScan(&user2)
sink(user2) // $ hasTaintFlow="user2"
}
func test_sqlx_DB(db *sqlx.DB) {