hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Convert test to inline expectations

Browse Source
This commit is contained in:
Owen Mansel-Chan
2025-07-18 22:28:40 +01:00
committed by Owen Mansel-Chan
parent 2c20d3ffeb
commit a71bb4ba9a
3 changed files with 27 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
go/ql/test/query-tests/Security/CWE-327/Crypto.go
View File

@@ -13,19 +13,21 @@ func crypto() {
public := []byte("hello")
password := []byte("123456")
buf := password // testing dataflow by passing into different variable
// testing dataflow by passing into different variable
buf := password // $ Source
// BAD, des is a weak crypto algorithm and password is sensitive data
des.NewTripleDESCipher(buf)
des.NewTripleDESCipher(buf) // $ Alert
// BAD, md5 is a weak crypto algorithm and password is sensitive data
md5.Sum(buf)
md5.Sum(buf) // $ Alert
// BAD, rc4 is a weak crypto algorithm and password is sensitive data
rc4.NewCipher(buf)
rc4.NewCipher(buf) // $ Alert
// BAD, sha1 is a weak crypto algorithm and password is sensitive data
sha1.Sum(buf)
sha1.Sum(buf) // $ Alert
// GOOD, password is sensitive data but aes is a strong crypto algorithm
aes.NewCipher(buf)

32
go/ql/test/query-tests/Security/CWE-327/WeakCryptoAlgorithm.expected
View File

@@ -1,17 +1,17 @@
edges
| Crypto.go:16:9:16:16 | password | Crypto.go:19:25:19:27 | buf | provenance | |
| Crypto.go:16:9:16:16 | password | Crypto.go:22:10:22:12 | buf | provenance | |
| Crypto.go:16:9:16:16 | password | Crypto.go:25:16:25:18 | buf | provenance | |
| Crypto.go:16:9:16:16 | password | Crypto.go:28:11:28:13 | buf | provenance | |
nodes
| Crypto.go:16:9:16:16 | password | semmle.label | password |
| Crypto.go:19:25:19:27 | buf | semmle.label | buf |
| Crypto.go:22:10:22:12 | buf | semmle.label | buf |
| Crypto.go:25:16:25:18 | buf | semmle.label | buf |
| Crypto.go:28:11:28:13 | buf | semmle.label | buf |
subpaths
#select
| Crypto.go:19:25:19:27 | buf | Crypto.go:16:9:16:16 | password | Crypto.go:19:25:19:27 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:16:9:16:16 | password | Sensitive data |
| Crypto.go:22:10:22:12 | buf | Crypto.go:16:9:16:16 | password | Crypto.go:22:10:22:12 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:16:9:16:16 | password | Sensitive data |
| Crypto.go:25:16:25:18 | buf | Crypto.go:16:9:16:16 | password | Crypto.go:25:16:25:18 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:16:9:16:16 | password | Sensitive data |
| Crypto.go:28:11:28:13 | buf | Crypto.go:16:9:16:16 | password | Crypto.go:28:11:28:13 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:16:9:16:16 | password | Sensitive data |
| Crypto.go:21:25:21:27 | buf | Crypto.go:18:9:18:16 | password | Crypto.go:21:25:21:27 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:18:9:18:16 | password | Sensitive data |
| Crypto.go:24:10:24:12 | buf | Crypto.go:18:9:18:16 | password | Crypto.go:24:10:24:12 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:18:9:18:16 | password | Sensitive data |
| Crypto.go:27:16:27:18 | buf | Crypto.go:18:9:18:16 | password | Crypto.go:27:16:27:18 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:18:9:18:16 | password | Sensitive data |
| Crypto.go:30:11:30:13 | buf | Crypto.go:18:9:18:16 | password | Crypto.go:30:11:30:13 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:18:9:18:16 | password | Sensitive data |
edges
| Crypto.go:18:9:18:16 | password | Crypto.go:21:25:21:27 | buf | provenance | |
| Crypto.go:18:9:18:16 | password | Crypto.go:24:10:24:12 | buf | provenance | |
| Crypto.go:18:9:18:16 | password | Crypto.go:27:16:27:18 | buf | provenance | |
| Crypto.go:18:9:18:16 | password | Crypto.go:30:11:30:13 | buf | provenance | |
nodes
| Crypto.go:18:9:18:16 | password | semmle.label | password |
| Crypto.go:21:25:21:27 | buf | semmle.label | buf |
| Crypto.go:24:10:24:12 | buf | semmle.label | buf |
| Crypto.go:27:16:27:18 | buf | semmle.label | buf |
| Crypto.go:30:11:30:13 | buf | semmle.label | buf |
subpaths

5
go/ql/test/query-tests/Security/CWE-327/WeakCryptoAlgorithm.qlref
View File

@@ -1 +1,4 @@
experimental/CWE-327/WeakCryptoAlgorithm.ql
query: Security/CWE-327/WeakCryptoAlgorithm.ql
postprocess:
- utils/test/PrettyPrintModels.ql
- utils/test/InlineExpectationsTestQuery.ql