From a71bb4ba9a77ef0336bc18b6aeed7521ff9a0b8b Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 18 Jul 2025 22:28:40 +0100 Subject: [PATCH] Convert test to inline expectations --- .../query-tests/Security/CWE-327/Crypto.go | 12 ++++--- .../CWE-327/WeakCryptoAlgorithm.expected | 32 +++++++++---------- .../CWE-327/WeakCryptoAlgorithm.qlref | 5 ++- 3 files changed, 27 insertions(+), 22 deletions(-) diff --git a/go/ql/test/query-tests/Security/CWE-327/Crypto.go b/go/ql/test/query-tests/Security/CWE-327/Crypto.go index 75229b020a8..a58052df38d 100644 --- a/go/ql/test/query-tests/Security/CWE-327/Crypto.go +++ b/go/ql/test/query-tests/Security/CWE-327/Crypto.go @@ -13,19 +13,21 @@ func crypto() { public := []byte("hello") password := []byte("123456") - buf := password // testing dataflow by passing into different variable + + // testing dataflow by passing into different variable + buf := password // $ Source // BAD, des is a weak crypto algorithm and password is sensitive data - des.NewTripleDESCipher(buf) + des.NewTripleDESCipher(buf) // $ Alert // BAD, md5 is a weak crypto algorithm and password is sensitive data - md5.Sum(buf) + md5.Sum(buf) // $ Alert // BAD, rc4 is a weak crypto algorithm and password is sensitive data - rc4.NewCipher(buf) + rc4.NewCipher(buf) // $ Alert // BAD, sha1 is a weak crypto algorithm and password is sensitive data - sha1.Sum(buf) + sha1.Sum(buf) // $ Alert // GOOD, password is sensitive data but aes is a strong crypto algorithm aes.NewCipher(buf) diff --git a/go/ql/test/query-tests/Security/CWE-327/WeakCryptoAlgorithm.expected b/go/ql/test/query-tests/Security/CWE-327/WeakCryptoAlgorithm.expected index 53cfd40145d..6f40dfcc7ad 100644 --- a/go/ql/test/query-tests/Security/CWE-327/WeakCryptoAlgorithm.expected +++ b/go/ql/test/query-tests/Security/CWE-327/WeakCryptoAlgorithm.expected @@ -1,17 +1,17 @@ -edges -| Crypto.go:16:9:16:16 | password | Crypto.go:19:25:19:27 | buf | provenance | | -| Crypto.go:16:9:16:16 | password | Crypto.go:22:10:22:12 | buf | provenance | | -| Crypto.go:16:9:16:16 | password | Crypto.go:25:16:25:18 | buf | provenance | | -| Crypto.go:16:9:16:16 | password | Crypto.go:28:11:28:13 | buf | provenance | | -nodes -| Crypto.go:16:9:16:16 | password | semmle.label | password | -| Crypto.go:19:25:19:27 | buf | semmle.label | buf | -| Crypto.go:22:10:22:12 | buf | semmle.label | buf | -| Crypto.go:25:16:25:18 | buf | semmle.label | buf | -| Crypto.go:28:11:28:13 | buf | semmle.label | buf | -subpaths #select -| Crypto.go:19:25:19:27 | buf | Crypto.go:16:9:16:16 | password | Crypto.go:19:25:19:27 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:16:9:16:16 | password | Sensitive data | -| Crypto.go:22:10:22:12 | buf | Crypto.go:16:9:16:16 | password | Crypto.go:22:10:22:12 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:16:9:16:16 | password | Sensitive data | -| Crypto.go:25:16:25:18 | buf | Crypto.go:16:9:16:16 | password | Crypto.go:25:16:25:18 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:16:9:16:16 | password | Sensitive data | -| Crypto.go:28:11:28:13 | buf | Crypto.go:16:9:16:16 | password | Crypto.go:28:11:28:13 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:16:9:16:16 | password | Sensitive data | +| Crypto.go:21:25:21:27 | buf | Crypto.go:18:9:18:16 | password | Crypto.go:21:25:21:27 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:18:9:18:16 | password | Sensitive data | +| Crypto.go:24:10:24:12 | buf | Crypto.go:18:9:18:16 | password | Crypto.go:24:10:24:12 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:18:9:18:16 | password | Sensitive data | +| Crypto.go:27:16:27:18 | buf | Crypto.go:18:9:18:16 | password | Crypto.go:27:16:27:18 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:18:9:18:16 | password | Sensitive data | +| Crypto.go:30:11:30:13 | buf | Crypto.go:18:9:18:16 | password | Crypto.go:30:11:30:13 | buf | $@ is used in a weak cryptographic algorithm. | Crypto.go:18:9:18:16 | password | Sensitive data | +edges +| Crypto.go:18:9:18:16 | password | Crypto.go:21:25:21:27 | buf | provenance | | +| Crypto.go:18:9:18:16 | password | Crypto.go:24:10:24:12 | buf | provenance | | +| Crypto.go:18:9:18:16 | password | Crypto.go:27:16:27:18 | buf | provenance | | +| Crypto.go:18:9:18:16 | password | Crypto.go:30:11:30:13 | buf | provenance | | +nodes +| Crypto.go:18:9:18:16 | password | semmle.label | password | +| Crypto.go:21:25:21:27 | buf | semmle.label | buf | +| Crypto.go:24:10:24:12 | buf | semmle.label | buf | +| Crypto.go:27:16:27:18 | buf | semmle.label | buf | +| Crypto.go:30:11:30:13 | buf | semmle.label | buf | +subpaths diff --git a/go/ql/test/query-tests/Security/CWE-327/WeakCryptoAlgorithm.qlref b/go/ql/test/query-tests/Security/CWE-327/WeakCryptoAlgorithm.qlref index 00d68df5a7c..cdc89fa3080 100644 --- a/go/ql/test/query-tests/Security/CWE-327/WeakCryptoAlgorithm.qlref +++ b/go/ql/test/query-tests/Security/CWE-327/WeakCryptoAlgorithm.qlref @@ -1 +1,4 @@ -experimental/CWE-327/WeakCryptoAlgorithm.ql +query: Security/CWE-327/WeakCryptoAlgorithm.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql