hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-21 15:05:56 +02:00
Code Issues Packages Projects Releases Wiki Activity

Accept paths-only test changes

Browse Source
This commit is contained in:
Chris Smowton
2023-03-23 14:52:52 +00:00
parent 77b8103cc1
commit a796ddb95b
12 changed files with 862 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

258
go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected
View File

@@ -1,4 +1,28 @@
edges
| file://:0:0:0:0 | parameter 0 of GetDisplayString | file://:0:0:0:0 | [summary] to write: return (return[0]) in GetDisplayString |
| file://:0:0:0:0 | parameter 0 of HTML2str | file://:0:0:0:0 | [summary] to write: return (return[0]) in HTML2str |
| file://:0:0:0:0 | parameter 0 of Htmlunquote | file://:0:0:0:0 | [summary] to write: return (return[0]) in Htmlunquote |
| file://:0:0:0:0 | parameter 0 of MapGet | file://:0:0:0:0 | [summary] to write: return (return[0]) in MapGet |
| file://:0:0:0:0 | parameter 0 of ParseForm | file://:0:0:0:0 | [summary] to write: argument 1 in ParseForm |
| file://:0:0:0:0 | parameter 0 of ReadAll | file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll |
| file://:0:0:0:0 | parameter 0 of SliceChunk | file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceChunk |
| file://:0:0:0:0 | parameter 0 of SliceDiff | file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceDiff |
| file://:0:0:0:0 | parameter 0 of SliceFilter | file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceFilter |
| file://:0:0:0:0 | parameter 0 of SliceIntersect | file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceIntersect |
| file://:0:0:0:0 | parameter 0 of SliceMerge | file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceMerge |
| file://:0:0:0:0 | parameter 0 of SlicePad | file://:0:0:0:0 | [summary] to write: return (return[0]) in SlicePad |
| file://:0:0:0:0 | parameter 0 of SliceRand | file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceRand |
| file://:0:0:0:0 | parameter 0 of SliceReduce | file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceReduce |
| file://:0:0:0:0 | parameter 0 of SliceShuffle | file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceShuffle |
| file://:0:0:0:0 | parameter 0 of SliceUnique | file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceUnique |
| file://:0:0:0:0 | parameter 0 of Str2html | file://:0:0:0:0 | [summary] to write: return (return[0]) in Str2html |
| file://:0:0:0:0 | parameter 0 of Substr | file://:0:0:0:0 | [summary] to write: return (return[0]) in Substr |
| file://:0:0:0:0 | parameter 1 of Set | file://:0:0:0:0 | [summary] to write: argument -1 in Set |
| file://:0:0:0:0 | parameter 1 of SliceIntersect | file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceIntersect |
| file://:0:0:0:0 | parameter 1 of SliceMerge | file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceMerge |
| file://:0:0:0:0 | parameter 2 of SlicePad | file://:0:0:0:0 | [summary] to write: return (return[0]) in SlicePad |
| file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get |
| file://:0:0:0:0 | parameter -1 of Items | file://:0:0:0:0 | [summary] to write: return (return[0]) in Items |
| test.go:27:6:27:10 | definition of bound | test.go:29:13:29:30 | type conversion |
| test.go:27:6:27:10 | definition of bound | test.go:30:13:30:27 | type conversion |
| test.go:27:6:27:10 | definition of bound | test.go:31:13:31:29 | type conversion |
@@ -18,14 +42,34 @@ edges
| test.go:108:14:108:25 | call to Data | test.go:108:14:108:45 | type assertion |
| test.go:120:14:120:25 | call to Data | test.go:120:14:120:45 | type assertion |
| test.go:137:23:137:42 | call to Data | test.go:137:23:137:62 | type assertion |
| test.go:193:15:193:26 | call to Data | test.go:194:14:194:55 | type conversion |
| test.go:193:15:193:26 | call to Data | test.go:195:14:195:58 | type conversion |
| test.go:193:15:193:26 | call to Data | test.go:197:14:197:28 | type assertion |
| test.go:193:15:193:26 | call to Data | test.go:198:14:198:55 | type conversion |
| test.go:193:15:193:26 | call to Data | test.go:199:14:199:59 | type conversion |
| test.go:202:18:202:33 | selection of Form | test.go:203:14:203:28 | type conversion |
| test.go:217:2:217:34 | ... := ...[0] | test.go:220:14:220:20 | content |
| test.go:193:15:193:26 | call to Data | test.go:194:36:194:53 | type assertion |
| test.go:193:15:193:26 | call to Data | test.go:195:39:195:56 | type assertion |
| test.go:193:15:193:26 | call to Data | test.go:196:28:196:56 | type assertion |
| test.go:193:15:193:26 | call to Data | test.go:198:36:198:53 | type assertion |
| test.go:193:15:193:26 | call to Data | test.go:199:34:199:51 | type assertion |
| test.go:194:21:194:54 | call to HTML2str | test.go:194:14:194:55 | type conversion |
| test.go:194:36:194:53 | type assertion | file://:0:0:0:0 | parameter 0 of HTML2str |
| test.go:194:36:194:53 | type assertion | test.go:194:21:194:54 | call to HTML2str |
| test.go:195:21:195:57 | call to Htmlunquote | test.go:195:14:195:58 | type conversion |
| test.go:195:39:195:56 | type assertion | file://:0:0:0:0 | parameter 0 of Htmlunquote |
| test.go:195:39:195:56 | type assertion | test.go:195:21:195:57 | call to Htmlunquote |
| test.go:196:2:196:68 | ... := ...[0] | test.go:197:14:197:28 | type assertion |
| test.go:196:28:196:56 | type assertion | file://:0:0:0:0 | parameter 0 of MapGet |
| test.go:196:28:196:56 | type assertion | test.go:196:2:196:68 | ... := ...[0] |
| test.go:198:21:198:54 | call to Str2html | test.go:198:14:198:55 | type conversion |
| test.go:198:36:198:53 | type assertion | file://:0:0:0:0 | parameter 0 of Str2html |
| test.go:198:36:198:53 | type assertion | test.go:198:21:198:54 | call to Str2html |
| test.go:199:21:199:58 | call to Substr | test.go:199:14:199:59 | type conversion |
| test.go:199:34:199:51 | type assertion | file://:0:0:0:0 | parameter 0 of Substr |
| test.go:199:34:199:51 | type assertion | test.go:199:21:199:58 | call to Substr |
| test.go:201:6:201:6 | definition of s | test.go:203:14:203:28 | type conversion |
| test.go:202:18:202:33 | selection of Form | file://:0:0:0:0 | parameter 0 of ParseForm |
| test.go:202:18:202:33 | selection of Form | test.go:201:6:201:6 | definition of s |
| test.go:217:2:217:34 | ... := ...[0] | test.go:219:31:219:31 | f |
| test.go:217:2:217:34 | ... := ...[1] | test.go:218:14:218:32 | type conversion |
| test.go:219:2:219:32 | ... := ...[0] | test.go:220:14:220:20 | content |
| test.go:219:31:219:31 | f | file://:0:0:0:0 | parameter 0 of ReadAll |
| test.go:219:31:219:31 | f | test.go:219:2:219:32 | ... := ...[0] |
| test.go:222:2:222:40 | ... := ...[0] | test.go:223:14:223:38 | type conversion |
| test.go:225:7:225:28 | call to GetString | test.go:226:14:226:22 | type conversion |
| test.go:228:8:228:35 | call to GetStrings | test.go:229:14:229:26 | type conversion |
@@ -34,23 +78,121 @@ edges
| test.go:240:15:240:36 | call to GetString | test.go:243:21:243:29 | untrusted |
| test.go:253:23:253:44 | call to GetCookie | test.go:253:16:253:45 | type conversion |
| test.go:264:62:264:83 | call to GetCookie | test.go:264:55:264:84 | type conversion |
| test.go:269:2:269:40 | ... := ...[0] | test.go:277:21:277:61 | call to GetDisplayString |
| test.go:269:2:269:40 | ... := ...[0] | test.go:278:21:278:92 | selection of Filename |
| test.go:269:2:269:40 | ... := ...[0] | test.go:279:21:279:96 | selection of Filename |
| test.go:269:2:269:40 | ... := ...[0] | test.go:284:3:286:80 | selection of Filename |
| test.go:269:2:269:40 | ... := ...[0] | test.go:287:21:287:101 | selection of Filename |
| test.go:269:2:269:40 | ... := ...[0] | test.go:288:21:288:101 | selection of Filename |
| test.go:269:2:269:40 | ... := ...[0] | test.go:289:21:289:97 | selection of Filename |
| test.go:269:2:269:40 | ... := ...[0] | test.go:290:21:290:97 | selection of Filename |
| test.go:269:2:269:40 | ... := ...[0] | test.go:291:21:291:102 | selection of Filename |
| test.go:269:2:269:40 | ... := ...[0] | test.go:292:21:292:102 | selection of Filename |
| test.go:269:2:269:40 | ... := ...[0] | test.go:293:21:293:82 | selection of Filename |
| test.go:269:2:269:40 | ... := ...[0] | test.go:295:21:295:133 | selection of Filename |
| test.go:269:2:269:40 | ... := ...[0] | test.go:296:21:296:88 | selection of Filename |
| test.go:269:2:269:40 | ... := ...[0] | test.go:297:21:297:87 | selection of Filename |
| test.go:303:15:303:36 | call to GetString | test.go:305:21:305:48 | type assertion |
| test.go:303:15:303:36 | call to GetString | test.go:306:21:306:52 | type assertion |
| test.go:269:2:269:40 | ... := ...[0] | test.go:277:44:277:60 | selection of Filename |
| test.go:269:2:269:40 | ... := ...[0] | test.go:278:38:278:49 | genericFiles |
| test.go:269:2:269:40 | ... := ...[0] | test.go:279:37:279:48 | genericFiles |
| test.go:269:2:269:40 | ... := ...[0] | test.go:285:4:285:15 | genericFiles |
| test.go:269:2:269:40 | ... := ...[0] | test.go:287:42:287:53 | genericFiles |
| test.go:269:2:269:40 | ... := ...[0] | test.go:288:53:288:64 | genericFiles |
| test.go:269:2:269:40 | ... := ...[0] | test.go:289:38:289:49 | genericFiles |
| test.go:269:2:269:40 | ... := ...[0] | test.go:290:49:290:60 | genericFiles |
| test.go:269:2:269:40 | ... := ...[0] | test.go:291:51:291:65 | index expression |
| test.go:269:2:269:40 | ... := ...[0] | test.go:292:36:292:47 | genericFiles |
| test.go:269:2:269:40 | ... := ...[0] | test.go:293:37:293:48 | genericFiles |
| test.go:269:2:269:40 | ... := ...[0] | test.go:295:39:295:50 | genericFiles |
| test.go:269:2:269:40 | ... := ...[0] | test.go:296:40:296:51 | genericFiles |
| test.go:269:2:269:40 | ... := ...[0] | test.go:297:39:297:50 | genericFiles |
| test.go:277:44:277:60 | selection of Filename | file://:0:0:0:0 | parameter 0 of GetDisplayString |
| test.go:277:44:277:60 | selection of Filename | test.go:277:21:277:61 | call to GetDisplayString |
| test.go:278:21:278:53 | call to SliceChunk | test.go:278:21:278:92 | selection of Filename |
| test.go:278:38:278:49 | genericFiles | file://:0:0:0:0 | parameter 0 of SliceChunk |
| test.go:278:38:278:49 | genericFiles | test.go:278:21:278:53 | call to SliceChunk |
| test.go:279:21:279:60 | call to SliceDiff | test.go:279:21:279:96 | selection of Filename |
| test.go:279:37:279:48 | genericFiles | file://:0:0:0:0 | parameter 0 of SliceDiff |
| test.go:279:37:279:48 | genericFiles | test.go:279:21:279:60 | call to SliceDiff |
| test.go:284:3:286:44 | call to SliceFilter | test.go:284:3:286:80 | selection of Filename |
| test.go:285:4:285:15 | genericFiles | file://:0:0:0:0 | parameter 0 of SliceFilter |
| test.go:285:4:285:15 | genericFiles | test.go:284:3:286:44 | call to SliceFilter |
| test.go:287:21:287:65 | call to SliceIntersect | test.go:287:21:287:101 | selection of Filename |
| test.go:287:42:287:53 | genericFiles | file://:0:0:0:0 | parameter 0 of SliceIntersect |
| test.go:287:42:287:53 | genericFiles | test.go:287:21:287:65 | call to SliceIntersect |
| test.go:288:21:288:65 | call to SliceIntersect | test.go:288:21:288:101 | selection of Filename |
| test.go:288:53:288:64 | genericFiles | file://:0:0:0:0 | parameter 1 of SliceIntersect |
| test.go:288:53:288:64 | genericFiles | test.go:288:21:288:65 | call to SliceIntersect |
| test.go:289:21:289:61 | call to SliceMerge | test.go:289:21:289:97 | selection of Filename |
| test.go:289:38:289:49 | genericFiles | file://:0:0:0:0 | parameter 0 of SliceMerge |
| test.go:289:38:289:49 | genericFiles | test.go:289:21:289:61 | call to SliceMerge |
| test.go:290:21:290:61 | call to SliceMerge | test.go:290:21:290:97 | selection of Filename |
| test.go:290:49:290:60 | genericFiles | file://:0:0:0:0 | parameter 1 of SliceMerge |
| test.go:290:49:290:60 | genericFiles | test.go:290:21:290:61 | call to SliceMerge |
| test.go:291:21:291:66 | call to SlicePad | test.go:291:21:291:102 | selection of Filename |
| test.go:291:51:291:65 | index expression | file://:0:0:0:0 | parameter 2 of SlicePad |
| test.go:291:51:291:65 | index expression | test.go:291:21:291:66 | call to SlicePad |
| test.go:292:21:292:66 | call to SlicePad | test.go:292:21:292:102 | selection of Filename |
| test.go:292:36:292:47 | genericFiles | file://:0:0:0:0 | parameter 0 of SlicePad |
| test.go:292:36:292:47 | genericFiles | test.go:292:21:292:66 | call to SlicePad |
| test.go:293:21:293:49 | call to SliceRand | test.go:293:21:293:82 | selection of Filename |
| test.go:293:37:293:48 | genericFiles | file://:0:0:0:0 | parameter 0 of SliceRand |
| test.go:293:37:293:48 | genericFiles | test.go:293:21:293:49 | call to SliceRand |
| test.go:295:21:295:97 | call to SliceReduce | test.go:295:21:295:133 | selection of Filename |
| test.go:295:39:295:50 | genericFiles | file://:0:0:0:0 | parameter 0 of SliceReduce |
| test.go:295:39:295:50 | genericFiles | test.go:295:21:295:97 | call to SliceReduce |
| test.go:296:21:296:52 | call to SliceShuffle | test.go:296:21:296:88 | selection of Filename |
| test.go:296:40:296:51 | genericFiles | file://:0:0:0:0 | parameter 0 of SliceShuffle |
| test.go:296:40:296:51 | genericFiles | test.go:296:21:296:52 | call to SliceShuffle |
| test.go:297:21:297:51 | call to SliceUnique | test.go:297:21:297:87 | selection of Filename |
| test.go:297:39:297:50 | genericFiles | file://:0:0:0:0 | parameter 0 of SliceUnique |
| test.go:297:39:297:50 | genericFiles | test.go:297:21:297:51 | call to SliceUnique |
| test.go:302:2:302:5 | definition of bMap | test.go:305:21:305:24 | bMap |
| test.go:302:2:302:5 | definition of bMap | test.go:306:21:306:24 | bMap |
| test.go:303:15:303:36 | call to GetString | test.go:304:22:304:30 | untrusted |
| test.go:304:22:304:30 | untrusted | file://:0:0:0:0 | parameter 1 of Set |
| test.go:304:22:304:30 | untrusted | test.go:302:2:302:5 | definition of bMap |
| test.go:305:21:305:24 | bMap | file://:0:0:0:0 | parameter -1 of Get |
| test.go:305:21:305:24 | bMap | test.go:305:21:305:39 | call to Get |
| test.go:305:21:305:39 | call to Get | test.go:305:21:305:48 | type assertion |
| test.go:306:21:306:24 | bMap | file://:0:0:0:0 | parameter -1 of Items |
| test.go:306:21:306:24 | bMap | test.go:306:21:306:32 | call to Items |
| test.go:306:21:306:32 | call to Items | test.go:306:21:306:52 | type assertion |
nodes
| file://:0:0:0:0 | [summary] to write: argument 1 in ParseForm | semmle.label | [summary] to write: argument 1 in ParseForm |
| file://:0:0:0:0 | [summary] to write: argument -1 in Set | semmle.label | [summary] to write: argument -1 in Set |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | semmle.label | [summary] to write: return (return[0]) in Get |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in GetDisplayString | semmle.label | [summary] to write: return (return[0]) in GetDisplayString |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in HTML2str | semmle.label | [summary] to write: return (return[0]) in HTML2str |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Htmlunquote | semmle.label | [summary] to write: return (return[0]) in Htmlunquote |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Items | semmle.label | [summary] to write: return (return[0]) in Items |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in MapGet | semmle.label | [summary] to write: return (return[0]) in MapGet |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll | semmle.label | [summary] to write: return (return[0]) in ReadAll |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceChunk | semmle.label | [summary] to write: return (return[0]) in SliceChunk |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceDiff | semmle.label | [summary] to write: return (return[0]) in SliceDiff |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceFilter | semmle.label | [summary] to write: return (return[0]) in SliceFilter |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceIntersect | semmle.label | [summary] to write: return (return[0]) in SliceIntersect |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceIntersect | semmle.label | [summary] to write: return (return[0]) in SliceIntersect |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceMerge | semmle.label | [summary] to write: return (return[0]) in SliceMerge |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceMerge | semmle.label | [summary] to write: return (return[0]) in SliceMerge |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in SlicePad | semmle.label | [summary] to write: return (return[0]) in SlicePad |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in SlicePad | semmle.label | [summary] to write: return (return[0]) in SlicePad |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceRand | semmle.label | [summary] to write: return (return[0]) in SliceRand |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceReduce | semmle.label | [summary] to write: return (return[0]) in SliceReduce |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceShuffle | semmle.label | [summary] to write: return (return[0]) in SliceShuffle |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceUnique | semmle.label | [summary] to write: return (return[0]) in SliceUnique |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Str2html | semmle.label | [summary] to write: return (return[0]) in Str2html |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Substr | semmle.label | [summary] to write: return (return[0]) in Substr |
| file://:0:0:0:0 | parameter 0 of GetDisplayString | semmle.label | parameter 0 of GetDisplayString |
| file://:0:0:0:0 | parameter 0 of HTML2str | semmle.label | parameter 0 of HTML2str |
| file://:0:0:0:0 | parameter 0 of Htmlunquote | semmle.label | parameter 0 of Htmlunquote |
| file://:0:0:0:0 | parameter 0 of MapGet | semmle.label | parameter 0 of MapGet |
| file://:0:0:0:0 | parameter 0 of ParseForm | semmle.label | parameter 0 of ParseForm |
| file://:0:0:0:0 | parameter 0 of ReadAll | semmle.label | parameter 0 of ReadAll |
| file://:0:0:0:0 | parameter 0 of SliceChunk | semmle.label | parameter 0 of SliceChunk |
| file://:0:0:0:0 | parameter 0 of SliceDiff | semmle.label | parameter 0 of SliceDiff |
| file://:0:0:0:0 | parameter 0 of SliceFilter | semmle.label | parameter 0 of SliceFilter |
| file://:0:0:0:0 | parameter 0 of SliceIntersect | semmle.label | parameter 0 of SliceIntersect |
| file://:0:0:0:0 | parameter 0 of SliceMerge | semmle.label | parameter 0 of SliceMerge |
| file://:0:0:0:0 | parameter 0 of SlicePad | semmle.label | parameter 0 of SlicePad |
| file://:0:0:0:0 | parameter 0 of SliceRand | semmle.label | parameter 0 of SliceRand |
| file://:0:0:0:0 | parameter 0 of SliceReduce | semmle.label | parameter 0 of SliceReduce |
| file://:0:0:0:0 | parameter 0 of SliceShuffle | semmle.label | parameter 0 of SliceShuffle |
| file://:0:0:0:0 | parameter 0 of SliceUnique | semmle.label | parameter 0 of SliceUnique |
| file://:0:0:0:0 | parameter 0 of Str2html | semmle.label | parameter 0 of Str2html |
| file://:0:0:0:0 | parameter 0 of Substr | semmle.label | parameter 0 of Substr |
| file://:0:0:0:0 | parameter 1 of Set | semmle.label | parameter 1 of Set |
| file://:0:0:0:0 | parameter 1 of SliceIntersect | semmle.label | parameter 1 of SliceIntersect |
| file://:0:0:0:0 | parameter 1 of SliceMerge | semmle.label | parameter 1 of SliceMerge |
| file://:0:0:0:0 | parameter 2 of SlicePad | semmle.label | parameter 2 of SlicePad |
| file://:0:0:0:0 | parameter -1 of Get | semmle.label | parameter -1 of Get |
| file://:0:0:0:0 | parameter -1 of Items | semmle.label | parameter -1 of Items |
| test.go:27:6:27:10 | definition of bound | semmle.label | definition of bound |
| test.go:29:13:29:30 | type conversion | semmle.label | type conversion |
| test.go:30:13:30:27 | type conversion | semmle.label | type conversion |
@@ -89,15 +231,28 @@ nodes
| test.go:137:23:137:62 | type assertion | semmle.label | type assertion |
| test.go:193:15:193:26 | call to Data | semmle.label | call to Data |
| test.go:194:14:194:55 | type conversion | semmle.label | type conversion |
| test.go:194:21:194:54 | call to HTML2str | semmle.label | call to HTML2str |
| test.go:194:36:194:53 | type assertion | semmle.label | type assertion |
| test.go:195:14:195:58 | type conversion | semmle.label | type conversion |
| test.go:195:21:195:57 | call to Htmlunquote | semmle.label | call to Htmlunquote |
| test.go:195:39:195:56 | type assertion | semmle.label | type assertion |
| test.go:196:2:196:68 | ... := ...[0] | semmle.label | ... := ...[0] |
| test.go:196:28:196:56 | type assertion | semmle.label | type assertion |
| test.go:197:14:197:28 | type assertion | semmle.label | type assertion |
| test.go:198:14:198:55 | type conversion | semmle.label | type conversion |
| test.go:198:21:198:54 | call to Str2html | semmle.label | call to Str2html |
| test.go:198:36:198:53 | type assertion | semmle.label | type assertion |
| test.go:199:14:199:59 | type conversion | semmle.label | type conversion |
| test.go:199:21:199:58 | call to Substr | semmle.label | call to Substr |
| test.go:199:34:199:51 | type assertion | semmle.label | type assertion |
| test.go:201:6:201:6 | definition of s | semmle.label | definition of s |
| test.go:202:18:202:33 | selection of Form | semmle.label | selection of Form |
| test.go:203:14:203:28 | type conversion | semmle.label | type conversion |
| test.go:217:2:217:34 | ... := ...[0] | semmle.label | ... := ...[0] |
| test.go:217:2:217:34 | ... := ...[1] | semmle.label | ... := ...[1] |
| test.go:218:14:218:32 | type conversion | semmle.label | type conversion |
| test.go:219:2:219:32 | ... := ...[0] | semmle.label | ... := ...[0] |
| test.go:219:31:219:31 | f | semmle.label | f |
| test.go:220:14:220:20 | content | semmle.label | content |
| test.go:222:2:222:40 | ... := ...[0] | semmle.label | ... := ...[0] |
| test.go:223:14:223:38 | type conversion | semmle.label | type conversion |
@@ -119,23 +274,80 @@ nodes
| test.go:264:62:264:83 | call to GetCookie | semmle.label | call to GetCookie |
| test.go:269:2:269:40 | ... := ...[0] | semmle.label | ... := ...[0] |
| test.go:277:21:277:61 | call to GetDisplayString | semmle.label | call to GetDisplayString |
| test.go:277:44:277:60 | selection of Filename | semmle.label | selection of Filename |
| test.go:278:21:278:53 | call to SliceChunk | semmle.label | call to SliceChunk |
| test.go:278:21:278:92 | selection of Filename | semmle.label | selection of Filename |
| test.go:278:38:278:49 | genericFiles | semmle.label | genericFiles |
| test.go:279:21:279:60 | call to SliceDiff | semmle.label | call to SliceDiff |
| test.go:279:21:279:96 | selection of Filename | semmle.label | selection of Filename |
| test.go:279:37:279:48 | genericFiles | semmle.label | genericFiles |
| test.go:284:3:286:44 | call to SliceFilter | semmle.label | call to SliceFilter |
| test.go:284:3:286:80 | selection of Filename | semmle.label | selection of Filename |
| test.go:285:4:285:15 | genericFiles | semmle.label | genericFiles |
| test.go:287:21:287:65 | call to SliceIntersect | semmle.label | call to SliceIntersect |
| test.go:287:21:287:101 | selection of Filename | semmle.label | selection of Filename |
| test.go:287:42:287:53 | genericFiles | semmle.label | genericFiles |
| test.go:288:21:288:65 | call to SliceIntersect | semmle.label | call to SliceIntersect |
| test.go:288:21:288:101 | selection of Filename | semmle.label | selection of Filename |
| test.go:288:53:288:64 | genericFiles | semmle.label | genericFiles |
| test.go:289:21:289:61 | call to SliceMerge | semmle.label | call to SliceMerge |
| test.go:289:21:289:97 | selection of Filename | semmle.label | selection of Filename |
| test.go:289:38:289:49 | genericFiles | semmle.label | genericFiles |
| test.go:290:21:290:61 | call to SliceMerge | semmle.label | call to SliceMerge |
| test.go:290:21:290:97 | selection of Filename | semmle.label | selection of Filename |
| test.go:290:49:290:60 | genericFiles | semmle.label | genericFiles |
| test.go:291:21:291:66 | call to SlicePad | semmle.label | call to SlicePad |
| test.go:291:21:291:102 | selection of Filename | semmle.label | selection of Filename |
| test.go:291:51:291:65 | index expression | semmle.label | index expression |
| test.go:292:21:292:66 | call to SlicePad | semmle.label | call to SlicePad |
| test.go:292:21:292:102 | selection of Filename | semmle.label | selection of Filename |
| test.go:292:36:292:47 | genericFiles | semmle.label | genericFiles |
| test.go:293:21:293:49 | call to SliceRand | semmle.label | call to SliceRand |
| test.go:293:21:293:82 | selection of Filename | semmle.label | selection of Filename |
| test.go:293:37:293:48 | genericFiles | semmle.label | genericFiles |
| test.go:295:21:295:97 | call to SliceReduce | semmle.label | call to SliceReduce |
| test.go:295:21:295:133 | selection of Filename | semmle.label | selection of Filename |
| test.go:295:39:295:50 | genericFiles | semmle.label | genericFiles |
| test.go:296:21:296:52 | call to SliceShuffle | semmle.label | call to SliceShuffle |
| test.go:296:21:296:88 | selection of Filename | semmle.label | selection of Filename |
| test.go:296:40:296:51 | genericFiles | semmle.label | genericFiles |
| test.go:297:21:297:51 | call to SliceUnique | semmle.label | call to SliceUnique |
| test.go:297:21:297:87 | selection of Filename | semmle.label | selection of Filename |
| test.go:297:39:297:50 | genericFiles | semmle.label | genericFiles |
| test.go:302:2:302:5 | definition of bMap | semmle.label | definition of bMap |
| test.go:303:15:303:36 | call to GetString | semmle.label | call to GetString |
| test.go:304:22:304:30 | untrusted | semmle.label | untrusted |
| test.go:305:21:305:24 | bMap | semmle.label | bMap |
| test.go:305:21:305:39 | call to Get | semmle.label | call to Get |
| test.go:305:21:305:48 | type assertion | semmle.label | type assertion |
| test.go:306:21:306:24 | bMap | semmle.label | bMap |
| test.go:306:21:306:32 | call to Items | semmle.label | call to Items |
| test.go:306:21:306:52 | type assertion | semmle.label | type assertion |
subpaths
| test.go:194:36:194:53 | type assertion | file://:0:0:0:0 | parameter 0 of HTML2str | file://:0:0:0:0 | [summary] to write: return (return[0]) in HTML2str | test.go:194:21:194:54 | call to HTML2str |
| test.go:195:39:195:56 | type assertion | file://:0:0:0:0 | parameter 0 of Htmlunquote | file://:0:0:0:0 | [summary] to write: return (return[0]) in Htmlunquote | test.go:195:21:195:57 | call to Htmlunquote |
| test.go:196:28:196:56 | type assertion | file://:0:0:0:0 | parameter 0 of MapGet | file://:0:0:0:0 | [summary] to write: return (return[0]) in MapGet | test.go:196:2:196:68 | ... := ...[0] |
| test.go:198:36:198:53 | type assertion | file://:0:0:0:0 | parameter 0 of Str2html | file://:0:0:0:0 | [summary] to write: return (return[0]) in Str2html | test.go:198:21:198:54 | call to Str2html |
| test.go:199:34:199:51 | type assertion | file://:0:0:0:0 | parameter 0 of Substr | file://:0:0:0:0 | [summary] to write: return (return[0]) in Substr | test.go:199:21:199:58 | call to Substr |
| test.go:202:18:202:33 | selection of Form | file://:0:0:0:0 | parameter 0 of ParseForm | file://:0:0:0:0 | [summary] to write: argument 1 in ParseForm | test.go:201:6:201:6 | definition of s |
| test.go:219:31:219:31 | f | file://:0:0:0:0 | parameter 0 of ReadAll | file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll | test.go:219:2:219:32 | ... := ...[0] |
| test.go:277:44:277:60 | selection of Filename | file://:0:0:0:0 | parameter 0 of GetDisplayString | file://:0:0:0:0 | [summary] to write: return (return[0]) in GetDisplayString | test.go:277:21:277:61 | call to GetDisplayString |
| test.go:278:38:278:49 | genericFiles | file://:0:0:0:0 | parameter 0 of SliceChunk | file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceChunk | test.go:278:21:278:53 | call to SliceChunk |
| test.go:279:37:279:48 | genericFiles | file://:0:0:0:0 | parameter 0 of SliceDiff | file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceDiff | test.go:279:21:279:60 | call to SliceDiff |
| test.go:285:4:285:15 | genericFiles | file://:0:0:0:0 | parameter 0 of SliceFilter | file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceFilter | test.go:284:3:286:44 | call to SliceFilter |
| test.go:287:42:287:53 | genericFiles | file://:0:0:0:0 | parameter 0 of SliceIntersect | file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceIntersect | test.go:287:21:287:65 | call to SliceIntersect |
| test.go:288:53:288:64 | genericFiles | file://:0:0:0:0 | parameter 1 of SliceIntersect | file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceIntersect | test.go:288:21:288:65 | call to SliceIntersect |
| test.go:289:38:289:49 | genericFiles | file://:0:0:0:0 | parameter 0 of SliceMerge | file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceMerge | test.go:289:21:289:61 | call to SliceMerge |
| test.go:290:49:290:60 | genericFiles | file://:0:0:0:0 | parameter 1 of SliceMerge | file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceMerge | test.go:290:21:290:61 | call to SliceMerge |
| test.go:291:51:291:65 | index expression | file://:0:0:0:0 | parameter 2 of SlicePad | file://:0:0:0:0 | [summary] to write: return (return[0]) in SlicePad | test.go:291:21:291:66 | call to SlicePad |
| test.go:292:36:292:47 | genericFiles | file://:0:0:0:0 | parameter 0 of SlicePad | file://:0:0:0:0 | [summary] to write: return (return[0]) in SlicePad | test.go:292:21:292:66 | call to SlicePad |
| test.go:293:37:293:48 | genericFiles | file://:0:0:0:0 | parameter 0 of SliceRand | file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceRand | test.go:293:21:293:49 | call to SliceRand |
| test.go:295:39:295:50 | genericFiles | file://:0:0:0:0 | parameter 0 of SliceReduce | file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceReduce | test.go:295:21:295:97 | call to SliceReduce |
| test.go:296:40:296:51 | genericFiles | file://:0:0:0:0 | parameter 0 of SliceShuffle | file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceShuffle | test.go:296:21:296:52 | call to SliceShuffle |
| test.go:297:39:297:50 | genericFiles | file://:0:0:0:0 | parameter 0 of SliceUnique | file://:0:0:0:0 | [summary] to write: return (return[0]) in SliceUnique | test.go:297:21:297:51 | call to SliceUnique |
| test.go:304:22:304:30 | untrusted | file://:0:0:0:0 | parameter 1 of Set | file://:0:0:0:0 | [summary] to write: argument -1 in Set | test.go:302:2:302:5 | definition of bMap |
| test.go:305:21:305:24 | bMap | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | test.go:305:21:305:39 | call to Get |
| test.go:306:21:306:24 | bMap | file://:0:0:0:0 | parameter -1 of Items | file://:0:0:0:0 | [summary] to write: return (return[0]) in Items | test.go:306:21:306:32 | call to Items |
#select
| test.go:29:13:29:30 | type conversion | test.go:27:6:27:10 | definition of bound | test.go:29:13:29:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:27:6:27:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:30:13:30:27 | type conversion | test.go:27:6:27:10 | definition of bound | test.go:30:13:30:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:27:6:27:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | |

105
go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected
View File

@@ -1,34 +1,117 @@
edges
| test.go:10:2:10:42 | ... := ...[0] | test.go:14:15:14:55 | type conversion |
| test.go:16:24:16:35 | selection of Body | test.go:17:15:17:31 | type conversion |
| test.go:16:24:16:35 | selection of Body | test.go:28:22:28:25 | node |
| test.go:19:36:19:47 | selection of Body | test.go:20:15:20:32 | type conversion |
| test.go:22:33:22:44 | selection of Body | test.go:23:15:23:35 | type conversion |
| test.go:25:45:25:56 | selection of Body | test.go:26:15:26:36 | type conversion |
| test.go:30:33:30:44 | selection of Body | test.go:31:15:31:34 | call to Buffered |
| test.go:30:33:30:44 | selection of Body | test.go:32:15:32:29 | call to Raw |
| test.go:30:33:30:44 | selection of Body | test.go:34:15:34:19 | value |
| test.go:30:33:30:44 | selection of Body | test.go:35:15:35:30 | call to Text |
| test.go:30:33:30:44 | selection of Body | test.go:36:15:36:44 | type conversion |
| file://:0:0:0:0 | parameter 0 of NewTokenizer | file://:0:0:0:0 | [summary] to write: return (return[0]) in NewTokenizer |
| file://:0:0:0:0 | parameter 0 of Parse | file://:0:0:0:0 | [summary] to write: return (return[0]) in Parse |
| file://:0:0:0:0 | parameter 0 of ParseFragment | file://:0:0:0:0 | [summary] to write: return (return[0]) in ParseFragment |
| file://:0:0:0:0 | parameter 0 of ParseFragmentWithOptions | file://:0:0:0:0 | [summary] to write: return (return[0]) in ParseFragmentWithOptions |
| file://:0:0:0:0 | parameter 0 of ParseWithOptions | file://:0:0:0:0 | [summary] to write: return (return[0]) in ParseWithOptions |
| file://:0:0:0:0 | parameter 0 of UnescapeString | file://:0:0:0:0 | [summary] to write: return (return[0]) in UnescapeString |
| file://:0:0:0:0 | parameter -1 of Buffered | file://:0:0:0:0 | [summary] to write: return (return[0]) in Buffered |
| file://:0:0:0:0 | parameter -1 of Raw | file://:0:0:0:0 | [summary] to write: return (return[0]) in Raw |
| file://:0:0:0:0 | parameter -1 of TagAttr | file://:0:0:0:0 | [summary] to write: return (return[1]) in TagAttr |
| file://:0:0:0:0 | parameter -1 of Text | file://:0:0:0:0 | [summary] to write: return (return[0]) in Text |
| file://:0:0:0:0 | parameter -1 of Token | file://:0:0:0:0 | [summary] to write: return (return[0]) in Token |
| test.go:10:2:10:42 | ... := ...[0] | test.go:14:42:14:53 | selection of Value |
| test.go:14:22:14:54 | call to UnescapeString | test.go:14:15:14:55 | type conversion |
| test.go:14:42:14:53 | selection of Value | file://:0:0:0:0 | parameter 0 of UnescapeString |
| test.go:14:42:14:53 | selection of Value | test.go:14:22:14:54 | call to UnescapeString |
| test.go:16:2:16:36 | ... := ...[0] | test.go:17:15:17:31 | type conversion |
| test.go:16:2:16:36 | ... := ...[0] | test.go:28:22:28:25 | node |
| test.go:16:24:16:35 | selection of Body | file://:0:0:0:0 | parameter 0 of Parse |
| test.go:16:24:16:35 | selection of Body | test.go:16:2:16:36 | ... := ...[0] |
| test.go:19:2:19:48 | ... := ...[0] | test.go:20:15:20:32 | type conversion |
| test.go:19:36:19:47 | selection of Body | file://:0:0:0:0 | parameter 0 of ParseWithOptions |
| test.go:19:36:19:47 | selection of Body | test.go:19:2:19:48 | ... := ...[0] |
| test.go:22:2:22:50 | ... := ...[0] | test.go:23:15:23:35 | type conversion |
| test.go:22:33:22:44 | selection of Body | file://:0:0:0:0 | parameter 0 of ParseFragment |
| test.go:22:33:22:44 | selection of Body | test.go:22:2:22:50 | ... := ...[0] |
| test.go:25:2:25:62 | ... := ...[0] | test.go:26:15:26:36 | type conversion |
| test.go:25:45:25:56 | selection of Body | file://:0:0:0:0 | parameter 0 of ParseFragmentWithOptions |
| test.go:25:45:25:56 | selection of Body | test.go:25:2:25:62 | ... := ...[0] |
| test.go:30:15:30:45 | call to NewTokenizer | test.go:31:15:31:23 | tokenizer |
| test.go:30:15:30:45 | call to NewTokenizer | test.go:32:15:32:23 | tokenizer |
| test.go:30:15:30:45 | call to NewTokenizer | test.go:33:17:33:25 | tokenizer |
| test.go:30:15:30:45 | call to NewTokenizer | test.go:35:15:35:23 | tokenizer |
| test.go:30:15:30:45 | call to NewTokenizer | test.go:36:22:36:30 | tokenizer |
| test.go:30:33:30:44 | selection of Body | file://:0:0:0:0 | parameter 0 of NewTokenizer |
| test.go:30:33:30:44 | selection of Body | test.go:30:15:30:45 | call to NewTokenizer |
| test.go:31:15:31:23 | tokenizer | file://:0:0:0:0 | parameter -1 of Buffered |
| test.go:31:15:31:23 | tokenizer | test.go:31:15:31:34 | call to Buffered |
| test.go:32:15:32:23 | tokenizer | file://:0:0:0:0 | parameter -1 of Raw |
| test.go:32:15:32:23 | tokenizer | test.go:32:15:32:29 | call to Raw |
| test.go:33:2:33:35 | ... := ...[1] | test.go:34:15:34:19 | value |
| test.go:33:17:33:25 | tokenizer | file://:0:0:0:0 | parameter -1 of TagAttr |
| test.go:33:17:33:25 | tokenizer | test.go:33:2:33:35 | ... := ...[1] |
| test.go:35:15:35:23 | tokenizer | file://:0:0:0:0 | parameter -1 of Text |
| test.go:35:15:35:23 | tokenizer | test.go:35:15:35:30 | call to Text |
| test.go:36:22:36:30 | tokenizer | file://:0:0:0:0 | parameter -1 of Token |
| test.go:36:22:36:30 | tokenizer | test.go:36:22:36:38 | call to Token |
| test.go:36:22:36:38 | call to Token | test.go:36:15:36:44 | type conversion |
nodes
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Buffered | semmle.label | [summary] to write: return (return[0]) in Buffered |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in NewTokenizer | semmle.label | [summary] to write: return (return[0]) in NewTokenizer |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Parse | semmle.label | [summary] to write: return (return[0]) in Parse |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in ParseFragment | semmle.label | [summary] to write: return (return[0]) in ParseFragment |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in ParseFragmentWithOptions | semmle.label | [summary] to write: return (return[0]) in ParseFragmentWithOptions |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in ParseWithOptions | semmle.label | [summary] to write: return (return[0]) in ParseWithOptions |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Raw | semmle.label | [summary] to write: return (return[0]) in Raw |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Text | semmle.label | [summary] to write: return (return[0]) in Text |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Token | semmle.label | [summary] to write: return (return[0]) in Token |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in UnescapeString | semmle.label | [summary] to write: return (return[0]) in UnescapeString |
| file://:0:0:0:0 | [summary] to write: return (return[1]) in TagAttr | semmle.label | [summary] to write: return (return[1]) in TagAttr |
| file://:0:0:0:0 | parameter 0 of NewTokenizer | semmle.label | parameter 0 of NewTokenizer |
| file://:0:0:0:0 | parameter 0 of Parse | semmle.label | parameter 0 of Parse |
| file://:0:0:0:0 | parameter 0 of ParseFragment | semmle.label | parameter 0 of ParseFragment |
| file://:0:0:0:0 | parameter 0 of ParseFragmentWithOptions | semmle.label | parameter 0 of ParseFragmentWithOptions |
| file://:0:0:0:0 | parameter 0 of ParseWithOptions | semmle.label | parameter 0 of ParseWithOptions |
| file://:0:0:0:0 | parameter 0 of UnescapeString | semmle.label | parameter 0 of UnescapeString |
| file://:0:0:0:0 | parameter -1 of Buffered | semmle.label | parameter -1 of Buffered |
| file://:0:0:0:0 | parameter -1 of Raw | semmle.label | parameter -1 of Raw |
| file://:0:0:0:0 | parameter -1 of TagAttr | semmle.label | parameter -1 of TagAttr |
| file://:0:0:0:0 | parameter -1 of Text | semmle.label | parameter -1 of Text |
| file://:0:0:0:0 | parameter -1 of Token | semmle.label | parameter -1 of Token |
| test.go:10:2:10:42 | ... := ...[0] | semmle.label | ... := ...[0] |
| test.go:14:15:14:55 | type conversion | semmle.label | type conversion |
| test.go:14:22:14:54 | call to UnescapeString | semmle.label | call to UnescapeString |
| test.go:14:42:14:53 | selection of Value | semmle.label | selection of Value |
| test.go:16:2:16:36 | ... := ...[0] | semmle.label | ... := ...[0] |
| test.go:16:24:16:35 | selection of Body | semmle.label | selection of Body |
| test.go:17:15:17:31 | type conversion | semmle.label | type conversion |
| test.go:19:2:19:48 | ... := ...[0] | semmle.label | ... := ...[0] |
| test.go:19:36:19:47 | selection of Body | semmle.label | selection of Body |
| test.go:20:15:20:32 | type conversion | semmle.label | type conversion |
| test.go:22:2:22:50 | ... := ...[0] | semmle.label | ... := ...[0] |
| test.go:22:33:22:44 | selection of Body | semmle.label | selection of Body |
| test.go:23:15:23:35 | type conversion | semmle.label | type conversion |
| test.go:25:2:25:62 | ... := ...[0] | semmle.label | ... := ...[0] |
| test.go:25:45:25:56 | selection of Body | semmle.label | selection of Body |
| test.go:26:15:26:36 | type conversion | semmle.label | type conversion |
| test.go:28:22:28:25 | node | semmle.label | node |
| test.go:30:15:30:45 | call to NewTokenizer | semmle.label | call to NewTokenizer |
| test.go:30:33:30:44 | selection of Body | semmle.label | selection of Body |
| test.go:31:15:31:23 | tokenizer | semmle.label | tokenizer |
| test.go:31:15:31:34 | call to Buffered | semmle.label | call to Buffered |
| test.go:32:15:32:23 | tokenizer | semmle.label | tokenizer |
| test.go:32:15:32:29 | call to Raw | semmle.label | call to Raw |
| test.go:33:2:33:35 | ... := ...[1] | semmle.label | ... := ...[1] |
| test.go:33:17:33:25 | tokenizer | semmle.label | tokenizer |
| test.go:34:15:34:19 | value | semmle.label | value |
| test.go:35:15:35:23 | tokenizer | semmle.label | tokenizer |
| test.go:35:15:35:30 | call to Text | semmle.label | call to Text |
| test.go:36:15:36:44 | type conversion | semmle.label | type conversion |
| test.go:36:22:36:30 | tokenizer | semmle.label | tokenizer |
| test.go:36:22:36:38 | call to Token | semmle.label | call to Token |
subpaths
| test.go:14:42:14:53 | selection of Value | file://:0:0:0:0 | parameter 0 of UnescapeString | file://:0:0:0:0 | [summary] to write: return (return[0]) in UnescapeString | test.go:14:22:14:54 | call to UnescapeString |
| test.go:16:24:16:35 | selection of Body | file://:0:0:0:0 | parameter 0 of Parse | file://:0:0:0:0 | [summary] to write: return (return[0]) in Parse | test.go:16:2:16:36 | ... := ...[0] |
| test.go:19:36:19:47 | selection of Body | file://:0:0:0:0 | parameter 0 of ParseWithOptions | file://:0:0:0:0 | [summary] to write: return (return[0]) in ParseWithOptions | test.go:19:2:19:48 | ... := ...[0] |
| test.go:22:33:22:44 | selection of Body | file://:0:0:0:0 | parameter 0 of ParseFragment | file://:0:0:0:0 | [summary] to write: return (return[0]) in ParseFragment | test.go:22:2:22:50 | ... := ...[0] |
| test.go:25:45:25:56 | selection of Body | file://:0:0:0:0 | parameter 0 of ParseFragmentWithOptions | file://:0:0:0:0 | [summary] to write: return (return[0]) in ParseFragmentWithOptions | test.go:25:2:25:62 | ... := ...[0] |
| test.go:30:33:30:44 | selection of Body | file://:0:0:0:0 | parameter 0 of NewTokenizer | file://:0:0:0:0 | [summary] to write: return (return[0]) in NewTokenizer | test.go:30:15:30:45 | call to NewTokenizer |
| test.go:31:15:31:23 | tokenizer | file://:0:0:0:0 | parameter -1 of Buffered | file://:0:0:0:0 | [summary] to write: return (return[0]) in Buffered | test.go:31:15:31:34 | call to Buffered |
| test.go:32:15:32:23 | tokenizer | file://:0:0:0:0 | parameter -1 of Raw | file://:0:0:0:0 | [summary] to write: return (return[0]) in Raw | test.go:32:15:32:29 | call to Raw |
| test.go:33:17:33:25 | tokenizer | file://:0:0:0:0 | parameter -1 of TagAttr | file://:0:0:0:0 | [summary] to write: return (return[1]) in TagAttr | test.go:33:2:33:35 | ... := ...[1] |
| test.go:35:15:35:23 | tokenizer | file://:0:0:0:0 | parameter -1 of Text | file://:0:0:0:0 | [summary] to write: return (return[0]) in Text | test.go:35:15:35:30 | call to Text |
| test.go:36:22:36:30 | tokenizer | file://:0:0:0:0 | parameter -1 of Token | file://:0:0:0:0 | [summary] to write: return (return[0]) in Token | test.go:36:22:36:38 | call to Token |
#select
| test.go:14:15:14:55 | type conversion | test.go:10:2:10:42 | ... := ...[0] | test.go:14:15:14:55 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:10:2:10:42 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:17:15:17:31 | type conversion | test.go:16:24:16:35 | selection of Body | test.go:17:15:17:31 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:16:24:16:35 | selection of Body | user-provided value | test.go:0:0:0:0 | test.go | |

11
go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected
View File

@@ -1,8 +1,17 @@
edges
| StoredCommand.go:11:2:11:27 | ... := ...[0] | StoredCommand.go:14:22:14:28 | cmdName |
| StoredCommand.go:11:2:11:27 | ... := ...[0] | StoredCommand.go:13:2:13:5 | rows |
| StoredCommand.go:13:2:13:5 | rows | StoredCommand.go:13:12:13:19 | &... |
| StoredCommand.go:13:2:13:5 | rows | file://:0:0:0:0 | parameter -1 of Scan |
| StoredCommand.go:13:12:13:19 | &... | StoredCommand.go:14:22:14:28 | cmdName |
| file://:0:0:0:0 | parameter -1 of Scan | file://:0:0:0:0 | [summary] to write: argument 0 in Scan |
nodes
| StoredCommand.go:11:2:11:27 | ... := ...[0] | semmle.label | ... := ...[0] |
| StoredCommand.go:13:2:13:5 | rows | semmle.label | rows |
| StoredCommand.go:13:12:13:19 | &... | semmle.label | &... |
| StoredCommand.go:14:22:14:28 | cmdName | semmle.label | cmdName |
| file://:0:0:0:0 | [summary] to write: argument 0 in Scan | semmle.label | [summary] to write: argument 0 in Scan |
| file://:0:0:0:0 | parameter -1 of Scan | semmle.label | parameter -1 of Scan |
subpaths
| StoredCommand.go:13:2:13:5 | rows | file://:0:0:0:0 | parameter -1 of Scan | file://:0:0:0:0 | [summary] to write: argument 0 in Scan | StoredCommand.go:13:12:13:19 | &... |
#select
| StoredCommand.go:14:22:14:28 | cmdName | StoredCommand.go:11:2:11:27 | ... := ...[0] | StoredCommand.go:14:22:14:28 | cmdName | This command depends on a $@. | StoredCommand.go:11:2:11:27 | ... := ...[0] | stored value |

124
go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
View File

@@ -1,19 +1,66 @@
edges
| ReflectedXss.go:11:15:11:20 | selection of Form | ReflectedXss.go:14:44:14:51 | username |
| contenttype.go:11:11:11:16 | selection of Form | contenttype.go:17:11:17:22 | type conversion |
| contenttype.go:49:11:49:16 | selection of Form | contenttype.go:53:34:53:37 | data |
| ReflectedXss.go:11:15:11:20 | selection of Form | ReflectedXss.go:11:15:11:36 | call to Get |
| ReflectedXss.go:11:15:11:20 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| ReflectedXss.go:11:15:11:36 | call to Get | ReflectedXss.go:14:44:14:51 | username |
| contenttype.go:11:11:11:16 | selection of Form | contenttype.go:11:11:11:28 | call to Get |
| contenttype.go:11:11:11:16 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| contenttype.go:11:11:11:28 | call to Get | contenttype.go:17:11:17:22 | type conversion |
| contenttype.go:49:11:49:16 | selection of Form | contenttype.go:49:11:49:28 | call to Get |
| contenttype.go:49:11:49:16 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| contenttype.go:49:11:49:28 | call to Get | contenttype.go:53:34:53:37 | data |
| contenttype.go:63:10:63:28 | call to FormValue | contenttype.go:64:52:64:55 | data |
| contenttype.go:73:10:73:28 | call to FormValue | contenttype.go:79:11:79:14 | data |
| contenttype.go:88:10:88:28 | call to FormValue | contenttype.go:91:4:91:7 | data |
| contenttype.go:113:10:113:28 | call to FormValue | contenttype.go:114:50:114:53 | data |
| reflectedxsstest.go:27:2:27:38 | ... := ...[0] | reflectedxsstest.go:28:10:28:57 | type conversion |
| reflectedxsstest.go:31:2:31:44 | ... := ...[0] | reflectedxsstest.go:33:10:33:57 | type conversion |
| reflectedxsstest.go:31:2:31:44 | ... := ...[1] | reflectedxsstest.go:34:10:34:62 | type conversion |
| reflectedxsstest.go:38:2:38:35 | ... := ...[0] | reflectedxsstest.go:44:10:44:55 | type conversion |
| reflectedxsstest.go:38:2:38:35 | ... := ...[0] | reflectedxsstest.go:45:10:45:18 | byteSlice |
| reflectedxsstest.go:51:14:51:18 | selection of URL | reflectedxsstest.go:54:11:54:21 | type conversion |
| tst.go:14:15:14:20 | selection of Form | tst.go:18:12:18:39 | type conversion |
| tst.go:48:14:48:19 | selection of Form | tst.go:53:12:53:26 | type conversion |
| file://:0:0:0:0 | parameter 0 of Join | file://:0:0:0:0 | [summary] to write: return (return[0]) in Join |
| file://:0:0:0:0 | parameter 0 of ReadAll | file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll |
| file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf |
| file://:0:0:0:0 | parameter -1 of FileName | file://:0:0:0:0 | [summary] to write: return (return[0]) in FileName |
| file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get |
| file://:0:0:0:0 | parameter -1 of NextPart | file://:0:0:0:0 | [summary] to write: return (return[0]) in NextPart |
| file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query |
| file://:0:0:0:0 | parameter -1 of Read | file://:0:0:0:0 | [summary] to write: argument 0 in Read |
| reflectedxsstest.go:27:2:27:38 | ... := ...[0] | reflectedxsstest.go:28:50:28:55 | cookie |
| reflectedxsstest.go:28:17:28:56 | call to Sprintf | reflectedxsstest.go:28:10:28:57 | type conversion |
| reflectedxsstest.go:28:50:28:55 | cookie | file://:0:0:0:0 | parameter 1 of Sprintf |
| reflectedxsstest.go:28:50:28:55 | cookie | reflectedxsstest.go:28:17:28:56 | call to Sprintf |
| reflectedxsstest.go:31:2:31:44 | ... := ...[0] | reflectedxsstest.go:32:34:32:37 | file |
| reflectedxsstest.go:31:2:31:44 | ... := ...[1] | reflectedxsstest.go:34:46:34:60 | selection of Filename |
| reflectedxsstest.go:32:2:32:38 | ... := ...[0] | reflectedxsstest.go:33:49:33:55 | content |
| reflectedxsstest.go:32:34:32:37 | file | file://:0:0:0:0 | parameter 0 of ReadAll |
| reflectedxsstest.go:32:34:32:37 | file | reflectedxsstest.go:32:2:32:38 | ... := ...[0] |
| reflectedxsstest.go:33:17:33:56 | call to Sprintf | reflectedxsstest.go:33:10:33:57 | type conversion |
| reflectedxsstest.go:33:49:33:55 | content | file://:0:0:0:0 | parameter 1 of Sprintf |
| reflectedxsstest.go:33:49:33:55 | content | reflectedxsstest.go:33:17:33:56 | call to Sprintf |
| reflectedxsstest.go:34:17:34:61 | call to Sprintf | reflectedxsstest.go:34:10:34:62 | type conversion |
| reflectedxsstest.go:34:46:34:60 | selection of Filename | file://:0:0:0:0 | parameter 1 of Sprintf |
| reflectedxsstest.go:34:46:34:60 | selection of Filename | reflectedxsstest.go:34:17:34:61 | call to Sprintf |
| reflectedxsstest.go:38:2:38:35 | ... := ...[0] | reflectedxsstest.go:39:16:39:21 | reader |
| reflectedxsstest.go:39:2:39:32 | ... := ...[0] | reflectedxsstest.go:40:14:40:17 | part |
| reflectedxsstest.go:39:2:39:32 | ... := ...[0] | reflectedxsstest.go:42:2:42:5 | part |
| reflectedxsstest.go:39:16:39:21 | reader | file://:0:0:0:0 | parameter -1 of NextPart |
| reflectedxsstest.go:39:16:39:21 | reader | reflectedxsstest.go:39:2:39:32 | ... := ...[0] |
| reflectedxsstest.go:40:14:40:17 | part | file://:0:0:0:0 | parameter -1 of FileName |
| reflectedxsstest.go:40:14:40:17 | part | reflectedxsstest.go:40:14:40:28 | call to FileName |
| reflectedxsstest.go:40:14:40:28 | call to FileName | reflectedxsstest.go:44:46:44:53 | partName |
| reflectedxsstest.go:41:2:41:10 | definition of byteSlice | reflectedxsstest.go:45:10:45:18 | byteSlice |
| reflectedxsstest.go:42:2:42:5 | part | file://:0:0:0:0 | parameter -1 of Read |
| reflectedxsstest.go:42:2:42:5 | part | reflectedxsstest.go:41:2:41:10 | definition of byteSlice |
| reflectedxsstest.go:44:17:44:54 | call to Sprintf | reflectedxsstest.go:44:10:44:55 | type conversion |
| reflectedxsstest.go:44:46:44:53 | partName | file://:0:0:0:0 | parameter 1 of Sprintf |
| reflectedxsstest.go:44:46:44:53 | partName | reflectedxsstest.go:44:17:44:54 | call to Sprintf |
| reflectedxsstest.go:51:14:51:18 | selection of URL | file://:0:0:0:0 | parameter -1 of Query |
| reflectedxsstest.go:51:14:51:18 | selection of URL | reflectedxsstest.go:51:14:51:26 | call to Query |
| reflectedxsstest.go:51:14:51:26 | call to Query | reflectedxsstest.go:54:11:54:21 | type conversion |
| tst.go:14:15:14:20 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| tst.go:14:15:14:20 | selection of Form | tst.go:14:15:14:36 | call to Get |
| tst.go:14:15:14:36 | call to Get | tst.go:18:32:18:32 | a |
| tst.go:18:19:18:38 | call to Join | tst.go:18:12:18:39 | type conversion |
| tst.go:18:32:18:32 | a | file://:0:0:0:0 | parameter 0 of Join |
| tst.go:18:32:18:32 | a | tst.go:18:19:18:38 | call to Join |
| tst.go:48:14:48:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:34 | call to Get |
| tst.go:48:14:48:34 | call to Get | tst.go:53:12:53:26 | type conversion |
| websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet |
| websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 |
| websocketXss.go:40:3:40:40 | ... := ...[1] | websocketXss.go:41:24:41:29 | nhooyr |
@@ -22,10 +69,13 @@ edges
| websocketXss.go:54:3:54:38 | ... := ...[1] | websocketXss.go:55:24:55:31 | gorilla3 |
nodes
| ReflectedXss.go:11:15:11:20 | selection of Form | semmle.label | selection of Form |
| ReflectedXss.go:11:15:11:36 | call to Get | semmle.label | call to Get |
| ReflectedXss.go:14:44:14:51 | username | semmle.label | username |
| contenttype.go:11:11:11:16 | selection of Form | semmle.label | selection of Form |
| contenttype.go:11:11:11:28 | call to Get | semmle.label | call to Get |
| contenttype.go:17:11:17:22 | type conversion | semmle.label | type conversion |
| contenttype.go:49:11:49:16 | selection of Form | semmle.label | selection of Form |
| contenttype.go:49:11:49:28 | call to Get | semmle.label | call to Get |
| contenttype.go:53:34:53:37 | data | semmle.label | data |
| contenttype.go:63:10:63:28 | call to FormValue | semmle.label | call to FormValue |
| contenttype.go:64:52:64:55 | data | semmle.label | data |
@@ -35,20 +85,57 @@ nodes
| contenttype.go:91:4:91:7 | data | semmle.label | data |
| contenttype.go:113:10:113:28 | call to FormValue | semmle.label | call to FormValue |
| contenttype.go:114:50:114:53 | data | semmle.label | data |
| file://:0:0:0:0 | [summary] to write: argument 0 in Read | semmle.label | [summary] to write: argument 0 in Read |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in FileName | semmle.label | [summary] to write: return (return[0]) in FileName |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | semmle.label | [summary] to write: return (return[0]) in Get |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Join | semmle.label | [summary] to write: return (return[0]) in Join |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in NextPart | semmle.label | [summary] to write: return (return[0]) in NextPart |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | semmle.label | [summary] to write: return (return[0]) in Query |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll | semmle.label | [summary] to write: return (return[0]) in ReadAll |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | semmle.label | [summary] to write: return (return[0]) in Sprintf |
| file://:0:0:0:0 | parameter 0 of Join | semmle.label | parameter 0 of Join |
| file://:0:0:0:0 | parameter 0 of ReadAll | semmle.label | parameter 0 of ReadAll |
| file://:0:0:0:0 | parameter 1 of Sprintf | semmle.label | parameter 1 of Sprintf |
| file://:0:0:0:0 | parameter -1 of FileName | semmle.label | parameter -1 of FileName |
| file://:0:0:0:0 | parameter -1 of Get | semmle.label | parameter -1 of Get |
| file://:0:0:0:0 | parameter -1 of NextPart | semmle.label | parameter -1 of NextPart |
| file://:0:0:0:0 | parameter -1 of Query | semmle.label | parameter -1 of Query |
| file://:0:0:0:0 | parameter -1 of Read | semmle.label | parameter -1 of Read |
| reflectedxsstest.go:27:2:27:38 | ... := ...[0] | semmle.label | ... := ...[0] |
| reflectedxsstest.go:28:10:28:57 | type conversion | semmle.label | type conversion |
| reflectedxsstest.go:28:17:28:56 | call to Sprintf | semmle.label | call to Sprintf |
| reflectedxsstest.go:28:50:28:55 | cookie | semmle.label | cookie |
| reflectedxsstest.go:31:2:31:44 | ... := ...[0] | semmle.label | ... := ...[0] |
| reflectedxsstest.go:31:2:31:44 | ... := ...[1] | semmle.label | ... := ...[1] |
| reflectedxsstest.go:32:2:32:38 | ... := ...[0] | semmle.label | ... := ...[0] |
| reflectedxsstest.go:32:34:32:37 | file | semmle.label | file |
| reflectedxsstest.go:33:10:33:57 | type conversion | semmle.label | type conversion |
| reflectedxsstest.go:33:17:33:56 | call to Sprintf | semmle.label | call to Sprintf |
| reflectedxsstest.go:33:49:33:55 | content | semmle.label | content |
| reflectedxsstest.go:34:10:34:62 | type conversion | semmle.label | type conversion |
| reflectedxsstest.go:34:17:34:61 | call to Sprintf | semmle.label | call to Sprintf |
| reflectedxsstest.go:34:46:34:60 | selection of Filename | semmle.label | selection of Filename |
| reflectedxsstest.go:38:2:38:35 | ... := ...[0] | semmle.label | ... := ...[0] |
| reflectedxsstest.go:39:2:39:32 | ... := ...[0] | semmle.label | ... := ...[0] |
| reflectedxsstest.go:39:16:39:21 | reader | semmle.label | reader |
| reflectedxsstest.go:40:14:40:17 | part | semmle.label | part |
| reflectedxsstest.go:40:14:40:28 | call to FileName | semmle.label | call to FileName |
| reflectedxsstest.go:41:2:41:10 | definition of byteSlice | semmle.label | definition of byteSlice |
| reflectedxsstest.go:42:2:42:5 | part | semmle.label | part |
| reflectedxsstest.go:44:10:44:55 | type conversion | semmle.label | type conversion |
| reflectedxsstest.go:44:17:44:54 | call to Sprintf | semmle.label | call to Sprintf |
| reflectedxsstest.go:44:46:44:53 | partName | semmle.label | partName |
| reflectedxsstest.go:45:10:45:18 | byteSlice | semmle.label | byteSlice |
| reflectedxsstest.go:51:14:51:18 | selection of URL | semmle.label | selection of URL |
| reflectedxsstest.go:51:14:51:26 | call to Query | semmle.label | call to Query |
| reflectedxsstest.go:54:11:54:21 | type conversion | semmle.label | type conversion |
| tst.go:14:15:14:20 | selection of Form | semmle.label | selection of Form |
| tst.go:14:15:14:36 | call to Get | semmle.label | call to Get |
| tst.go:18:12:18:39 | type conversion | semmle.label | type conversion |
| tst.go:18:19:18:38 | call to Join | semmle.label | call to Join |
| tst.go:18:32:18:32 | a | semmle.label | a |
| tst.go:48:14:48:19 | selection of Form | semmle.label | selection of Form |
| tst.go:48:14:48:34 | call to Get | semmle.label | call to Get |
| tst.go:53:12:53:26 | type conversion | semmle.label | type conversion |
| websocketXss.go:30:7:30:10 | definition of xnet | semmle.label | definition of xnet |
| websocketXss.go:32:24:32:27 | xnet | semmle.label | xnet |
@@ -63,6 +150,21 @@ nodes
| websocketXss.go:54:3:54:38 | ... := ...[1] | semmle.label | ... := ...[1] |
| websocketXss.go:55:24:55:31 | gorilla3 | semmle.label | gorilla3 |
subpaths
| ReflectedXss.go:11:15:11:20 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | ReflectedXss.go:11:15:11:36 | call to Get |
| contenttype.go:11:11:11:16 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | contenttype.go:11:11:11:28 | call to Get |
| contenttype.go:49:11:49:16 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | contenttype.go:49:11:49:28 | call to Get |
| reflectedxsstest.go:28:50:28:55 | cookie | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | reflectedxsstest.go:28:17:28:56 | call to Sprintf |
| reflectedxsstest.go:32:34:32:37 | file | file://:0:0:0:0 | parameter 0 of ReadAll | file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll | reflectedxsstest.go:32:2:32:38 | ... := ...[0] |
| reflectedxsstest.go:33:49:33:55 | content | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | reflectedxsstest.go:33:17:33:56 | call to Sprintf |
| reflectedxsstest.go:34:46:34:60 | selection of Filename | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | reflectedxsstest.go:34:17:34:61 | call to Sprintf |
| reflectedxsstest.go:39:16:39:21 | reader | file://:0:0:0:0 | parameter -1 of NextPart | file://:0:0:0:0 | [summary] to write: return (return[0]) in NextPart | reflectedxsstest.go:39:2:39:32 | ... := ...[0] |
| reflectedxsstest.go:40:14:40:17 | part | file://:0:0:0:0 | parameter -1 of FileName | file://:0:0:0:0 | [summary] to write: return (return[0]) in FileName | reflectedxsstest.go:40:14:40:28 | call to FileName |
| reflectedxsstest.go:42:2:42:5 | part | file://:0:0:0:0 | parameter -1 of Read | file://:0:0:0:0 | [summary] to write: argument 0 in Read | reflectedxsstest.go:41:2:41:10 | definition of byteSlice |
| reflectedxsstest.go:44:46:44:53 | partName | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | reflectedxsstest.go:44:17:44:54 | call to Sprintf |
| reflectedxsstest.go:51:14:51:18 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | reflectedxsstest.go:51:14:51:26 | call to Query |
| tst.go:14:15:14:20 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | tst.go:14:15:14:36 | call to Get |
| tst.go:18:32:18:32 | a | file://:0:0:0:0 | parameter 0 of Join | file://:0:0:0:0 | [summary] to write: return (return[0]) in Join | tst.go:18:19:18:38 | call to Join |
| tst.go:48:14:48:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | tst.go:48:14:48:34 | call to Get |
#select
| ReflectedXss.go:14:44:14:51 | username | ReflectedXss.go:11:15:11:20 | selection of Form | ReflectedXss.go:14:44:14:51 | username | Cross-site scripting vulnerability due to $@. | ReflectedXss.go:11:15:11:20 | selection of Form | user-provided value | ReflectedXss.go:0:0:0:0 | ReflectedXss.go | |
| contenttype.go:17:11:17:22 | type conversion | contenttype.go:11:11:11:16 | selection of Form | contenttype.go:17:11:17:22 | type conversion | Cross-site scripting vulnerability due to $@. | contenttype.go:11:11:11:16 | selection of Form | user-provided value | contenttype.go:0:0:0:0 | contenttype.go | |

147
go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
View File

@@ -1,44 +1,100 @@
edges
| SqlInjection.go:11:3:11:9 | selection of URL | SqlInjection.go:12:11:12:11 | q |
| issue48.go:17:25:17:32 | selection of Body | issue48.go:22:11:22:12 | q3 |
| issue48.go:27:26:27:33 | selection of Body | issue48.go:32:11:32:12 | q4 |
| issue48.go:37:17:37:50 | type conversion | issue48.go:41:11:41:12 | q5 |
| issue48.go:37:24:37:30 | selection of URL | issue48.go:37:17:37:50 | type conversion |
| SqlInjection.go:10:7:11:30 | call to Sprintf | SqlInjection.go:12:11:12:11 | q |
| SqlInjection.go:11:3:11:9 | selection of URL | SqlInjection.go:11:3:11:17 | call to Query |
| SqlInjection.go:11:3:11:9 | selection of URL | file://:0:0:0:0 | parameter -1 of Query |
| SqlInjection.go:11:3:11:17 | call to Query | SqlInjection.go:11:3:11:29 | index expression |
| SqlInjection.go:11:3:11:29 | index expression | SqlInjection.go:10:7:11:30 | call to Sprintf |
| SqlInjection.go:11:3:11:29 | index expression | file://:0:0:0:0 | parameter 1 of Sprintf |
| file://:0:0:0:0 | parameter 0 of ReadAll | file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll |
| file://:0:0:0:0 | parameter 0 of Unmarshal | file://:0:0:0:0 | [summary] to write: argument 1 in Unmarshal |
| file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf |
| file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get |
| file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query |
| issue48.go:17:2:17:33 | ... := ...[0] | issue48.go:18:17:18:17 | b |
| issue48.go:17:25:17:32 | selection of Body | file://:0:0:0:0 | parameter 0 of ReadAll |
| issue48.go:17:25:17:32 | selection of Body | issue48.go:17:2:17:33 | ... := ...[0] |
| issue48.go:18:17:18:17 | b | file://:0:0:0:0 | parameter 0 of Unmarshal |
| issue48.go:18:17:18:17 | b | issue48.go:18:20:18:39 | &... |
| issue48.go:18:20:18:39 | &... | issue48.go:21:3:21:33 | index expression |
| issue48.go:20:8:21:34 | call to Sprintf | issue48.go:22:11:22:12 | q3 |
| issue48.go:21:3:21:33 | index expression | file://:0:0:0:0 | parameter 1 of Sprintf |
| issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | call to Sprintf |
| issue48.go:27:2:27:34 | ... := ...[0] | issue48.go:28:17:28:18 | b2 |
| issue48.go:27:26:27:33 | selection of Body | file://:0:0:0:0 | parameter 0 of ReadAll |
| issue48.go:27:26:27:33 | selection of Body | issue48.go:27:2:27:34 | ... := ...[0] |
| issue48.go:28:17:28:18 | b2 | file://:0:0:0:0 | parameter 0 of Unmarshal |
| issue48.go:28:17:28:18 | b2 | issue48.go:28:21:28:41 | &... |
| issue48.go:28:21:28:41 | &... | issue48.go:31:3:31:31 | selection of Category |
| issue48.go:30:8:31:32 | call to Sprintf | issue48.go:32:11:32:12 | q4 |
| issue48.go:31:3:31:31 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf |
| issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | call to Sprintf |
| issue48.go:37:17:37:50 | type conversion | file://:0:0:0:0 | parameter 0 of Unmarshal |
| issue48.go:37:17:37:50 | type conversion | issue48.go:37:53:37:73 | &... |
| issue48.go:37:24:37:30 | selection of URL | file://:0:0:0:0 | parameter -1 of Query |
| issue48.go:37:24:37:30 | selection of URL | issue48.go:37:24:37:38 | call to Query |
| issue48.go:37:24:37:38 | call to Query | issue48.go:37:17:37:50 | type conversion |
| issue48.go:37:53:37:73 | &... | issue48.go:40:3:40:31 | selection of Category |
| issue48.go:39:8:40:32 | call to Sprintf | issue48.go:41:11:41:12 | q5 |
| issue48.go:40:3:40:31 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf |
| issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | call to Sprintf |
| main.go:10:11:10:16 | selection of Form | main.go:10:11:10:28 | index expression |
| main.go:14:63:14:67 | selection of URL | main.go:14:11:14:84 | call to Sprintf |
| main.go:15:63:15:70 | selection of Header | main.go:15:11:15:85 | call to Sprintf |
| main.go:14:63:14:67 | selection of URL | file://:0:0:0:0 | parameter -1 of Query |
| main.go:14:63:14:67 | selection of URL | main.go:14:63:14:75 | call to Query |
| main.go:14:63:14:75 | call to Query | main.go:14:63:14:83 | index expression |
| main.go:14:63:14:83 | index expression | file://:0:0:0:0 | parameter 1 of Sprintf |
| main.go:14:63:14:83 | index expression | main.go:14:11:14:84 | call to Sprintf |
| main.go:15:63:15:70 | selection of Header | file://:0:0:0:0 | parameter -1 of Get |
| main.go:15:63:15:70 | selection of Header | main.go:15:63:15:84 | call to Get |
| main.go:15:63:15:84 | call to Get | file://:0:0:0:0 | parameter 1 of Sprintf |
| main.go:15:63:15:84 | call to Get | main.go:15:11:15:85 | call to Sprintf |
| main.go:27:17:30:2 | &... [pointer, Category] | main.go:33:3:33:13 | RequestData [pointer, Category] |
| main.go:27:18:30:2 | struct literal [Category] | main.go:27:17:30:2 | &... [pointer, Category] |
| main.go:29:13:29:19 | selection of URL | main.go:29:13:29:39 | index expression |
| main.go:29:13:29:19 | selection of URL | file://:0:0:0:0 | parameter -1 of Query |
| main.go:29:13:29:19 | selection of URL | main.go:29:13:29:27 | call to Query |
| main.go:29:13:29:27 | call to Query | main.go:29:13:29:39 | index expression |
| main.go:29:13:29:39 | index expression | main.go:27:18:30:2 | struct literal [Category] |
| main.go:32:7:33:23 | call to Sprintf | main.go:34:11:34:11 | q |
| main.go:33:3:33:13 | RequestData [pointer, Category] | main.go:33:3:33:13 | implicit dereference [Category] |
| main.go:33:3:33:13 | implicit dereference [Category] | main.go:33:3:33:22 | selection of Category |
| main.go:33:3:33:22 | selection of Category | main.go:34:11:34:11 | q |
| main.go:33:3:33:22 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf |
| main.go:33:3:33:22 | selection of Category | main.go:32:7:33:23 | call to Sprintf |
| main.go:38:2:38:12 | definition of RequestData [pointer, Category] | main.go:39:2:39:12 | RequestData [pointer, Category] |
| main.go:38:2:38:12 | definition of RequestData [pointer, Category] | main.go:42:3:42:13 | RequestData [pointer, Category] |
| main.go:39:2:39:12 | RequestData [pointer, Category] | main.go:39:2:39:12 | implicit dereference [Category] |
| main.go:39:2:39:12 | implicit dereference [Category] | main.go:38:2:38:12 | definition of RequestData [pointer, Category] |
| main.go:39:25:39:31 | selection of URL | main.go:39:25:39:51 | index expression |
| main.go:39:25:39:31 | selection of URL | file://:0:0:0:0 | parameter -1 of Query |
| main.go:39:25:39:31 | selection of URL | main.go:39:25:39:39 | call to Query |
| main.go:39:25:39:39 | call to Query | main.go:39:25:39:51 | index expression |
| main.go:39:25:39:51 | index expression | main.go:39:2:39:12 | implicit dereference [Category] |
| main.go:41:7:42:23 | call to Sprintf | main.go:43:11:43:11 | q |
| main.go:42:3:42:13 | RequestData [pointer, Category] | main.go:42:3:42:13 | implicit dereference [Category] |
| main.go:42:3:42:13 | implicit dereference [Category] | main.go:42:3:42:22 | selection of Category |
| main.go:42:3:42:22 | selection of Category | main.go:43:11:43:11 | q |
| main.go:42:3:42:22 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf |
| main.go:42:3:42:22 | selection of Category | main.go:41:7:42:23 | call to Sprintf |
| main.go:47:2:47:12 | definition of RequestData [pointer, Category] | main.go:48:4:48:14 | RequestData [pointer, Category] |
| main.go:47:2:47:12 | definition of RequestData [pointer, Category] | main.go:51:3:51:13 | RequestData [pointer, Category] |
| main.go:48:3:48:14 | star expression [Category] | main.go:47:2:47:12 | definition of RequestData [pointer, Category] |
| main.go:48:4:48:14 | RequestData [pointer, Category] | main.go:48:3:48:14 | star expression [Category] |
| main.go:48:28:48:34 | selection of URL | main.go:48:28:48:54 | index expression |
| main.go:48:28:48:34 | selection of URL | file://:0:0:0:0 | parameter -1 of Query |
| main.go:48:28:48:34 | selection of URL | main.go:48:28:48:42 | call to Query |
| main.go:48:28:48:42 | call to Query | main.go:48:28:48:54 | index expression |
| main.go:48:28:48:54 | index expression | main.go:48:3:48:14 | star expression [Category] |
| main.go:50:7:51:23 | call to Sprintf | main.go:52:11:52:11 | q |
| main.go:51:3:51:13 | RequestData [pointer, Category] | main.go:51:3:51:13 | implicit dereference [Category] |
| main.go:51:3:51:13 | implicit dereference [Category] | main.go:51:3:51:22 | selection of Category |
| main.go:51:3:51:22 | selection of Category | main.go:52:11:52:11 | q |
| main.go:51:3:51:22 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf |
| main.go:51:3:51:22 | selection of Category | main.go:50:7:51:23 | call to Sprintf |
| main.go:56:2:56:12 | definition of RequestData [pointer, Category] | main.go:57:4:57:14 | RequestData [pointer, Category] |
| main.go:56:2:56:12 | definition of RequestData [pointer, Category] | main.go:60:5:60:15 | RequestData [pointer, Category] |
| main.go:57:3:57:14 | star expression [Category] | main.go:56:2:56:12 | definition of RequestData [pointer, Category] |
| main.go:57:4:57:14 | RequestData [pointer, Category] | main.go:57:3:57:14 | star expression [Category] |
| main.go:57:28:57:34 | selection of URL | main.go:57:28:57:54 | index expression |
| main.go:57:28:57:34 | selection of URL | file://:0:0:0:0 | parameter -1 of Query |
| main.go:57:28:57:34 | selection of URL | main.go:57:28:57:42 | call to Query |
| main.go:57:28:57:42 | call to Query | main.go:57:28:57:54 | index expression |
| main.go:57:28:57:54 | index expression | main.go:57:3:57:14 | star expression [Category] |
| main.go:60:3:60:25 | selection of Category | main.go:61:11:61:11 | q |
| main.go:59:7:60:26 | call to Sprintf | main.go:61:11:61:11 | q |
| main.go:60:3:60:25 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf |
| main.go:60:3:60:25 | selection of Category | main.go:59:7:60:26 | call to Sprintf |
| main.go:60:4:60:15 | star expression [Category] | main.go:60:3:60:25 | selection of Category |
| main.go:60:5:60:15 | RequestData [pointer, Category] | main.go:60:4:60:15 | star expression [Category] |
| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:57:22:57:29 | pipeline |
@@ -56,25 +112,57 @@ edges
| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:80:22:80:27 | filter |
| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:81:18:81:25 | pipeline |
nodes
| SqlInjection.go:10:7:11:30 | call to Sprintf | semmle.label | call to Sprintf |
| SqlInjection.go:11:3:11:9 | selection of URL | semmle.label | selection of URL |
| SqlInjection.go:11:3:11:17 | call to Query | semmle.label | call to Query |
| SqlInjection.go:11:3:11:29 | index expression | semmle.label | index expression |
| SqlInjection.go:12:11:12:11 | q | semmle.label | q |
| file://:0:0:0:0 | [summary] to write: argument 1 in Unmarshal | semmle.label | [summary] to write: argument 1 in Unmarshal |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | semmle.label | [summary] to write: return (return[0]) in Get |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | semmle.label | [summary] to write: return (return[0]) in Query |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll | semmle.label | [summary] to write: return (return[0]) in ReadAll |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | semmle.label | [summary] to write: return (return[0]) in Sprintf |
| file://:0:0:0:0 | parameter 0 of ReadAll | semmle.label | parameter 0 of ReadAll |
| file://:0:0:0:0 | parameter 0 of Unmarshal | semmle.label | parameter 0 of Unmarshal |
| file://:0:0:0:0 | parameter 1 of Sprintf | semmle.label | parameter 1 of Sprintf |
| file://:0:0:0:0 | parameter -1 of Get | semmle.label | parameter -1 of Get |
| file://:0:0:0:0 | parameter -1 of Query | semmle.label | parameter -1 of Query |
| issue48.go:17:2:17:33 | ... := ...[0] | semmle.label | ... := ...[0] |
| issue48.go:17:25:17:32 | selection of Body | semmle.label | selection of Body |
| issue48.go:18:17:18:17 | b | semmle.label | b |
| issue48.go:18:20:18:39 | &... | semmle.label | &... |
| issue48.go:20:8:21:34 | call to Sprintf | semmle.label | call to Sprintf |
| issue48.go:21:3:21:33 | index expression | semmle.label | index expression |
| issue48.go:22:11:22:12 | q3 | semmle.label | q3 |
| issue48.go:27:2:27:34 | ... := ...[0] | semmle.label | ... := ...[0] |
| issue48.go:27:26:27:33 | selection of Body | semmle.label | selection of Body |
| issue48.go:28:17:28:18 | b2 | semmle.label | b2 |
| issue48.go:28:21:28:41 | &... | semmle.label | &... |
| issue48.go:30:8:31:32 | call to Sprintf | semmle.label | call to Sprintf |
| issue48.go:31:3:31:31 | selection of Category | semmle.label | selection of Category |
| issue48.go:32:11:32:12 | q4 | semmle.label | q4 |
| issue48.go:37:17:37:50 | type conversion | semmle.label | type conversion |
| issue48.go:37:24:37:30 | selection of URL | semmle.label | selection of URL |
| issue48.go:37:24:37:38 | call to Query | semmle.label | call to Query |
| issue48.go:37:53:37:73 | &... | semmle.label | &... |
| issue48.go:39:8:40:32 | call to Sprintf | semmle.label | call to Sprintf |
| issue48.go:40:3:40:31 | selection of Category | semmle.label | selection of Category |
| issue48.go:41:11:41:12 | q5 | semmle.label | q5 |
| main.go:10:11:10:16 | selection of Form | semmle.label | selection of Form |
| main.go:10:11:10:28 | index expression | semmle.label | index expression |
| main.go:14:11:14:84 | call to Sprintf | semmle.label | call to Sprintf |
| main.go:14:63:14:67 | selection of URL | semmle.label | selection of URL |
| main.go:14:63:14:75 | call to Query | semmle.label | call to Query |
| main.go:14:63:14:83 | index expression | semmle.label | index expression |
| main.go:15:11:15:85 | call to Sprintf | semmle.label | call to Sprintf |
| main.go:15:63:15:70 | selection of Header | semmle.label | selection of Header |
| main.go:15:63:15:84 | call to Get | semmle.label | call to Get |
| main.go:27:17:30:2 | &... [pointer, Category] | semmle.label | &... [pointer, Category] |
| main.go:27:18:30:2 | struct literal [Category] | semmle.label | struct literal [Category] |
| main.go:29:13:29:19 | selection of URL | semmle.label | selection of URL |
| main.go:29:13:29:27 | call to Query | semmle.label | call to Query |
| main.go:29:13:29:39 | index expression | semmle.label | index expression |
| main.go:32:7:33:23 | call to Sprintf | semmle.label | call to Sprintf |
| main.go:33:3:33:13 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
| main.go:33:3:33:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] |
| main.go:33:3:33:22 | selection of Category | semmle.label | selection of Category |
@@ -83,7 +171,9 @@ nodes
| main.go:39:2:39:12 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
| main.go:39:2:39:12 | implicit dereference [Category] | semmle.label | implicit dereference [Category] |
| main.go:39:25:39:31 | selection of URL | semmle.label | selection of URL |
| main.go:39:25:39:39 | call to Query | semmle.label | call to Query |
| main.go:39:25:39:51 | index expression | semmle.label | index expression |
| main.go:41:7:42:23 | call to Sprintf | semmle.label | call to Sprintf |
| main.go:42:3:42:13 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
| main.go:42:3:42:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] |
| main.go:42:3:42:22 | selection of Category | semmle.label | selection of Category |
@@ -92,7 +182,9 @@ nodes
| main.go:48:3:48:14 | star expression [Category] | semmle.label | star expression [Category] |
| main.go:48:4:48:14 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
| main.go:48:28:48:34 | selection of URL | semmle.label | selection of URL |
| main.go:48:28:48:42 | call to Query | semmle.label | call to Query |
| main.go:48:28:48:54 | index expression | semmle.label | index expression |
| main.go:50:7:51:23 | call to Sprintf | semmle.label | call to Sprintf |
| main.go:51:3:51:13 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
| main.go:51:3:51:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] |
| main.go:51:3:51:22 | selection of Category | semmle.label | selection of Category |
@@ -101,7 +193,9 @@ nodes
| main.go:57:3:57:14 | star expression [Category] | semmle.label | star expression [Category] |
| main.go:57:4:57:14 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
| main.go:57:28:57:34 | selection of URL | semmle.label | selection of URL |
| main.go:57:28:57:42 | call to Query | semmle.label | call to Query |
| main.go:57:28:57:54 | index expression | semmle.label | index expression |
| main.go:59:7:60:26 | call to Sprintf | semmle.label | call to Sprintf |
| main.go:60:3:60:25 | selection of Category | semmle.label | selection of Category |
| main.go:60:4:60:15 | star expression [Category] | semmle.label | star expression [Category] |
| main.go:60:5:60:15 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
@@ -122,6 +216,29 @@ nodes
| mongoDB.go:80:22:80:27 | filter | semmle.label | filter |
| mongoDB.go:81:18:81:25 | pipeline | semmle.label | pipeline |
subpaths
| SqlInjection.go:11:3:11:9 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | SqlInjection.go:11:3:11:17 | call to Query |
| SqlInjection.go:11:3:11:29 | index expression | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | SqlInjection.go:10:7:11:30 | call to Sprintf |
| issue48.go:17:25:17:32 | selection of Body | file://:0:0:0:0 | parameter 0 of ReadAll | file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll | issue48.go:17:2:17:33 | ... := ...[0] |
| issue48.go:18:17:18:17 | b | file://:0:0:0:0 | parameter 0 of Unmarshal | file://:0:0:0:0 | [summary] to write: argument 1 in Unmarshal | issue48.go:18:20:18:39 | &... |
| issue48.go:21:3:21:33 | index expression | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | issue48.go:20:8:21:34 | call to Sprintf |
| issue48.go:27:26:27:33 | selection of Body | file://:0:0:0:0 | parameter 0 of ReadAll | file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll | issue48.go:27:2:27:34 | ... := ...[0] |
| issue48.go:28:17:28:18 | b2 | file://:0:0:0:0 | parameter 0 of Unmarshal | file://:0:0:0:0 | [summary] to write: argument 1 in Unmarshal | issue48.go:28:21:28:41 | &... |
| issue48.go:31:3:31:31 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | issue48.go:30:8:31:32 | call to Sprintf |
| issue48.go:37:17:37:50 | type conversion | file://:0:0:0:0 | parameter 0 of Unmarshal | file://:0:0:0:0 | [summary] to write: argument 1 in Unmarshal | issue48.go:37:53:37:73 | &... |
| issue48.go:37:24:37:30 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | issue48.go:37:24:37:38 | call to Query |
| issue48.go:40:3:40:31 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | issue48.go:39:8:40:32 | call to Sprintf |
| main.go:14:63:14:67 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | main.go:14:63:14:75 | call to Query |
| main.go:14:63:14:83 | index expression | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | main.go:14:11:14:84 | call to Sprintf |
| main.go:15:63:15:70 | selection of Header | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | main.go:15:63:15:84 | call to Get |
| main.go:15:63:15:84 | call to Get | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | main.go:15:11:15:85 | call to Sprintf |
| main.go:29:13:29:19 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | main.go:29:13:29:27 | call to Query |
| main.go:33:3:33:22 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | main.go:32:7:33:23 | call to Sprintf |
| main.go:39:25:39:31 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | main.go:39:25:39:39 | call to Query |
| main.go:42:3:42:22 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | main.go:41:7:42:23 | call to Sprintf |
| main.go:48:28:48:34 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | main.go:48:28:48:42 | call to Query |
| main.go:51:3:51:22 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | main.go:50:7:51:23 | call to Sprintf |
| main.go:57:28:57:34 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | main.go:57:28:57:42 | call to Query |
| main.go:60:3:60:25 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | main.go:59:7:60:26 | call to Sprintf |
#select
| SqlInjection.go:12:11:12:11 | q | SqlInjection.go:11:3:11:9 | selection of URL | SqlInjection.go:12:11:12:11 | q | This query depends on a $@. | SqlInjection.go:11:3:11:9 | selection of URL | user-provided value |
| issue48.go:22:11:22:12 | q3 | issue48.go:17:25:17:32 | selection of Body | issue48.go:22:11:22:12 | q3 | This query depends on a $@. | issue48.go:17:25:17:32 | selection of Body | user-provided value |

18
go/ql/test/query-tests/Security/CWE-089/StringBreak.expected
View File

@@ -1,19 +1,33 @@
edges
| StringBreak.go:10:2:10:40 | ... := ...[0] | StringBreak.go:14:47:14:57 | versionJSON |
| StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | StringBreakMismatched.go:13:29:13:47 | type conversion |
| StringBreakMismatched.go:13:29:13:47 | type conversion | StringBreakMismatched.go:17:26:17:32 | escaped |
| StringBreakMismatched.go:13:13:13:62 | call to Replace | StringBreakMismatched.go:17:26:17:32 | escaped |
| StringBreakMismatched.go:13:29:13:47 | type conversion | StringBreakMismatched.go:13:13:13:62 | call to Replace |
| StringBreakMismatched.go:13:29:13:47 | type conversion | file://:0:0:0:0 | parameter 0 of Replace |
| StringBreakMismatched.go:24:2:24:40 | ... := ...[0] | StringBreakMismatched.go:25:29:25:47 | type conversion |
| StringBreakMismatched.go:25:29:25:47 | type conversion | StringBreakMismatched.go:29:27:29:33 | escaped |
| StringBreakMismatched.go:25:13:25:61 | call to Replace | StringBreakMismatched.go:29:27:29:33 | escaped |
| StringBreakMismatched.go:25:29:25:47 | type conversion | StringBreakMismatched.go:25:13:25:61 | call to Replace |
| StringBreakMismatched.go:25:29:25:47 | type conversion | file://:0:0:0:0 | parameter 0 of Replace |
| file://:0:0:0:0 | parameter 0 of Replace | file://:0:0:0:0 | [summary] to write: return (return[0]) in Replace |
| file://:0:0:0:0 | parameter 0 of Replace | file://:0:0:0:0 | [summary] to write: return (return[0]) in Replace |
nodes
| StringBreak.go:10:2:10:40 | ... := ...[0] | semmle.label | ... := ...[0] |
| StringBreak.go:14:47:14:57 | versionJSON | semmle.label | versionJSON |
| StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | semmle.label | ... := ...[0] |
| StringBreakMismatched.go:13:13:13:62 | call to Replace | semmle.label | call to Replace |
| StringBreakMismatched.go:13:29:13:47 | type conversion | semmle.label | type conversion |
| StringBreakMismatched.go:17:26:17:32 | escaped | semmle.label | escaped |
| StringBreakMismatched.go:24:2:24:40 | ... := ...[0] | semmle.label | ... := ...[0] |
| StringBreakMismatched.go:25:13:25:61 | call to Replace | semmle.label | call to Replace |
| StringBreakMismatched.go:25:29:25:47 | type conversion | semmle.label | type conversion |
| StringBreakMismatched.go:29:27:29:33 | escaped | semmle.label | escaped |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Replace | semmle.label | [summary] to write: return (return[0]) in Replace |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Replace | semmle.label | [summary] to write: return (return[0]) in Replace |
| file://:0:0:0:0 | parameter 0 of Replace | semmle.label | parameter 0 of Replace |
| file://:0:0:0:0 | parameter 0 of Replace | semmle.label | parameter 0 of Replace |
subpaths
| StringBreakMismatched.go:13:29:13:47 | type conversion | file://:0:0:0:0 | parameter 0 of Replace | file://:0:0:0:0 | [summary] to write: return (return[0]) in Replace | StringBreakMismatched.go:13:13:13:62 | call to Replace |
| StringBreakMismatched.go:25:29:25:47 | type conversion | file://:0:0:0:0 | parameter 0 of Replace | file://:0:0:0:0 | [summary] to write: return (return[0]) in Replace | StringBreakMismatched.go:25:13:25:61 | call to Replace |
#select
| StringBreak.go:14:47:14:57 | versionJSON | StringBreak.go:10:2:10:40 | ... := ...[0] | StringBreak.go:14:47:14:57 | versionJSON | If this $@ contains a single quote, it could break out of the enclosing quotes. | StringBreak.go:10:2:10:40 | ... := ...[0] | JSON value |
| StringBreakMismatched.go:17:26:17:32 | escaped | StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | StringBreakMismatched.go:17:26:17:32 | escaped | If this $@ contains a single quote, it could break out of the enclosing quotes. | StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | JSON value |

18
go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
View File

@@ -1,5 +1,7 @@
edges
| file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get |
| klog.go:20:30:20:37 | selection of Header | klog.go:22:15:22:20 | header |
| klog.go:28:13:28:20 | selection of Header | file://:0:0:0:0 | parameter -1 of Get |
| klog.go:28:13:28:20 | selection of Header | klog.go:28:13:28:41 | call to Get |
| main.go:21:19:21:26 | password | main.go:22:29:22:34 | fields |
| overrides.go:9:9:9:16 | password | overrides.go:13:14:13:23 | call to String |
@@ -15,6 +17,10 @@ edges
| passwords.go:107:34:107:41 | password | passwords.go:107:16:107:41 | ...+... |
| passwords.go:112:33:112:40 | password | passwords.go:112:15:112:40 | ...+... |
| passwords.go:116:28:116:36 | password1 | passwords.go:116:14:116:45 | ...+... |
| passwords.go:116:28:116:36 | password1 | passwords.go:116:28:116:45 | call to String |
| passwords.go:116:28:116:36 | password1 | util.go:71:7:71:7 | definition of s |
| passwords.go:116:28:116:36 | password1 | util.go:71:21:71:26 | parameter -1 of String |
| passwords.go:116:28:116:45 | call to String | passwords.go:116:14:116:45 | ...+... |
| passwords.go:118:12:123:2 | struct literal [x] | passwords.go:126:14:126:19 | config [x] |
| passwords.go:118:12:123:2 | struct literal [y] | passwords.go:127:14:127:19 | config [y] |
| passwords.go:119:13:119:13 | x | passwords.go:125:14:125:19 | config |
@@ -35,7 +41,11 @@ edges
| protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] | protos/query/query.pb.go:119:10:119:22 | selection of Description |
| protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] | protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] |
| util.go:16:9:16:18 | selection of password | passwords.go:28:14:28:28 | call to getPassword |
| util.go:71:7:71:7 | definition of s | util.go:71:21:71:26 | [summary] to write: return (return[0]) in String |
| util.go:71:21:71:26 | parameter -1 of String | util.go:71:21:71:26 | [summary] to write: return (return[0]) in String |
nodes
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | semmle.label | [summary] to write: return (return[0]) in Get |
| file://:0:0:0:0 | parameter -1 of Get | semmle.label | parameter -1 of Get |
| klog.go:20:30:20:37 | selection of Header | semmle.label | selection of Header |
| klog.go:22:15:22:20 | header | semmle.label | header |
| klog.go:28:13:28:20 | selection of Header | semmle.label | selection of Header |
@@ -77,6 +87,7 @@ nodes
| passwords.go:112:33:112:40 | password | semmle.label | password |
| passwords.go:116:14:116:45 | ...+... | semmle.label | ...+... |
| passwords.go:116:28:116:36 | password1 | semmle.label | password1 |
| passwords.go:116:28:116:45 | call to String | semmle.label | call to String |
| passwords.go:118:12:123:2 | struct literal [x] | semmle.label | struct literal [x] |
| passwords.go:118:12:123:2 | struct literal [y] | semmle.label | struct literal [y] |
| passwords.go:119:13:119:13 | x | semmle.label | x |
@@ -98,7 +109,14 @@ nodes
| protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] | semmle.label | x [pointer, Description] |
| protos/query/query.pb.go:119:10:119:22 | selection of Description | semmle.label | selection of Description |
| util.go:16:9:16:18 | selection of password | semmle.label | selection of password |
| util.go:71:7:71:7 | definition of s | semmle.label | definition of s |
| util.go:71:21:71:26 | [summary] to write: return (return[0]) in String | semmle.label | [summary] to write: return (return[0]) in String |
| util.go:71:21:71:26 | [summary] to write: return (return[0]) in String | semmle.label | [summary] to write: return (return[0]) in String |
| util.go:71:21:71:26 | parameter -1 of String | semmle.label | parameter -1 of String |
subpaths
| klog.go:28:13:28:20 | selection of Header | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | klog.go:28:13:28:41 | call to Get |
| passwords.go:116:28:116:36 | password1 | util.go:71:7:71:7 | definition of s | util.go:71:21:71:26 | [summary] to write: return (return[0]) in String | passwords.go:116:28:116:45 | call to String |
| passwords.go:116:28:116:36 | password1 | util.go:71:21:71:26 | parameter -1 of String | util.go:71:21:71:26 | [summary] to write: return (return[0]) in String | passwords.go:116:28:116:45 | call to String |
| protobuf.go:14:14:14:18 | query [pointer, Description] | protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] | protos/query/query.pb.go:119:10:119:22 | selection of Description | protobuf.go:14:14:14:35 | call to GetDescription |
#select
| klog.go:22:15:22:20 | header | klog.go:20:30:20:37 | selection of Header | klog.go:22:15:22:20 | header | $@ flows to a logging call. | klog.go:20:30:20:37 | selection of Header | Sensitive data returned by HTTP request headers |

15
go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected
View File

@@ -5,13 +5,18 @@ edges
| cves.go:14:23:14:25 | argument corresponding to url | cves.go:16:26:16:28 | url |
| cves.go:33:14:33:34 | call to Get | cves.go:37:25:37:32 | redirect |
| cves.go:41:14:41:34 | call to Get | cves.go:45:25:45:32 | redirect |
| file://:0:0:0:0 | parameter 0 of Clean | file://:0:0:0:0 | [summary] to write: return (return[0]) in Clean |
| main.go:10:18:10:25 | argument corresponding to redirect | main.go:11:37:11:44 | redirect |
| main.go:11:37:11:44 | redirect | BadRedirectCheck.go:3:18:3:22 | definition of redir |
| main.go:11:37:11:44 | redirect | main.go:11:25:11:45 | call to sanitizeUrl |
| main.go:32:24:32:26 | argument corresponding to url | main.go:34:26:34:28 | url |
| main.go:68:17:68:24 | argument corresponding to redirect | main.go:73:9:73:28 | call to Clean |
| main.go:68:17:68:24 | definition of redirect | main.go:73:9:73:28 | call to Clean |
| main.go:68:17:68:24 | argument corresponding to redirect | main.go:73:20:73:27 | redirect |
| main.go:68:17:68:24 | definition of redirect | main.go:73:20:73:27 | redirect |
| main.go:73:9:73:28 | call to Clean | main.go:77:25:77:39 | call to getTarget1 |
| main.go:73:20:73:27 | redirect | file://:0:0:0:0 | parameter 0 of Clean |
| main.go:73:20:73:27 | redirect | file://:0:0:0:0 | parameter 0 of Clean |
| main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean |
| main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean |
| main.go:76:19:76:21 | argument corresponding to url | main.go:77:36:77:38 | url |
| main.go:77:36:77:38 | url | main.go:68:17:68:24 | definition of redirect |
| main.go:77:36:77:38 | url | main.go:77:25:77:39 | call to getTarget1 |
@@ -27,6 +32,8 @@ nodes
| cves.go:37:25:37:32 | redirect | semmle.label | redirect |
| cves.go:41:14:41:34 | call to Get | semmle.label | call to Get |
| cves.go:45:25:45:32 | redirect | semmle.label | redirect |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Clean | semmle.label | [summary] to write: return (return[0]) in Clean |
| file://:0:0:0:0 | parameter 0 of Clean | semmle.label | parameter 0 of Clean |
| main.go:10:18:10:25 | argument corresponding to redirect | semmle.label | argument corresponding to redirect |
| main.go:11:25:11:45 | call to sanitizeUrl | semmle.label | call to sanitizeUrl |
| main.go:11:37:11:44 | redirect | semmle.label | redirect |
@@ -36,6 +43,8 @@ nodes
| main.go:68:17:68:24 | definition of redirect | semmle.label | definition of redirect |
| main.go:73:9:73:28 | call to Clean | semmle.label | call to Clean |
| main.go:73:9:73:28 | call to Clean | semmle.label | call to Clean |
| main.go:73:20:73:27 | redirect | semmle.label | redirect |
| main.go:73:20:73:27 | redirect | semmle.label | redirect |
| main.go:76:19:76:21 | argument corresponding to url | semmle.label | argument corresponding to url |
| main.go:77:25:77:39 | call to getTarget1 | semmle.label | call to getTarget1 |
| main.go:77:36:77:38 | url | semmle.label | url |
@@ -43,6 +52,8 @@ nodes
| main.go:91:25:91:39 | call to getTarget2 | semmle.label | call to getTarget2 |
subpaths
| main.go:11:37:11:44 | redirect | BadRedirectCheck.go:3:18:3:22 | definition of redir | BadRedirectCheck.go:5:10:5:14 | redir | main.go:11:25:11:45 | call to sanitizeUrl |
| main.go:73:20:73:27 | redirect | file://:0:0:0:0 | parameter 0 of Clean | file://:0:0:0:0 | [summary] to write: return (return[0]) in Clean | main.go:73:9:73:28 | call to Clean |
| main.go:73:20:73:27 | redirect | file://:0:0:0:0 | parameter 0 of Clean | file://:0:0:0:0 | [summary] to write: return (return[0]) in Clean | main.go:73:9:73:28 | call to Clean |
| main.go:77:36:77:38 | url | main.go:68:17:68:24 | definition of redirect | main.go:73:9:73:28 | call to Clean | main.go:77:25:77:39 | call to getTarget1 |
#select
| BadRedirectCheck.go:4:23:4:37 | ...==... | BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir | main.go:11:25:11:45 | call to sanitizeUrl | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir | this value | main.go:11:25:11:45 | call to sanitizeUrl | redirect |

96
go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected
View File

@@ -1,11 +1,37 @@
edges
| OpenUrlRedirect.go:10:23:10:28 | selection of Form | OpenUrlRedirect.go:10:23:10:42 | call to Get |
| OpenUrlRedirect.go:10:23:10:28 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| file://:0:0:0:0 | parameter 0 of ParseRequestURI | file://:0:0:0:0 | [summary] to write: return (return[0]) in ParseRequestURI |
| file://:0:0:0:0 | parameter -1 of EscapedPath | file://:0:0:0:0 | [summary] to write: return (return[0]) in EscapedPath |
| file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get |
| file://:0:0:0:0 | parameter -1 of RequestURI | file://:0:0:0:0 | [summary] to write: return (return[0]) in RequestURI |
| file://:0:0:0:0 | parameter -1 of RequestURI | file://:0:0:0:0 | [summary] to write: return (return[0]) in RequestURI |
| file://:0:0:0:0 | parameter -1 of String | file://:0:0:0:0 | [summary] to write: return (return[0]) in String |
| file://:0:0:0:0 | parameter -1 of String | file://:0:0:0:0 | [summary] to write: return (return[0]) in String |
| stdlib.go:13:13:13:18 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| stdlib.go:13:13:13:18 | selection of Form | stdlib.go:13:13:13:32 | call to Get |
| stdlib.go:13:13:13:18 | selection of Form | stdlib.go:15:30:15:35 | target |
| stdlib.go:13:13:13:32 | call to Get | stdlib.go:15:30:15:35 | target |
| stdlib.go:22:13:22:18 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| stdlib.go:22:13:22:18 | selection of Form | stdlib.go:22:13:22:32 | call to Get |
| stdlib.go:22:13:22:18 | selection of Form | stdlib.go:24:30:24:35 | target |
| stdlib.go:22:13:22:32 | call to Get | stdlib.go:24:30:24:35 | target |
| stdlib.go:31:13:31:18 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| stdlib.go:31:13:31:18 | selection of Form | stdlib.go:31:13:31:32 | call to Get |
| stdlib.go:31:13:31:18 | selection of Form | stdlib.go:35:30:35:39 | ...+... |
| stdlib.go:31:13:31:32 | call to Get | stdlib.go:35:30:35:39 | ...+... |
| stdlib.go:44:13:44:18 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| stdlib.go:44:13:44:18 | selection of Form | stdlib.go:44:13:44:32 | call to Get |
| stdlib.go:44:13:44:18 | selection of Form | stdlib.go:46:23:46:28 | target |
| stdlib.go:44:13:44:32 | call to Get | stdlib.go:46:23:46:28 | target |
| stdlib.go:64:13:64:18 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| stdlib.go:64:13:64:18 | selection of Form | stdlib.go:64:13:64:32 | call to Get |
| stdlib.go:64:13:64:18 | selection of Form | stdlib.go:67:23:67:40 | ...+... |
| stdlib.go:64:13:64:32 | call to Get | stdlib.go:67:23:67:40 | ...+... |
| stdlib.go:89:13:89:18 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| stdlib.go:89:13:89:18 | selection of Form | stdlib.go:89:13:89:32 | call to Get |
| stdlib.go:89:13:89:18 | selection of Form | stdlib.go:92:23:92:28 | target |
| stdlib.go:89:13:89:32 | call to Get | stdlib.go:92:23:92:28 | target |
| stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] | stdlib.go:112:4:112:4 | r [pointer, URL, pointer] |
| stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] | stdlib.go:112:4:112:4 | r [pointer, URL, pointer] |
| stdlib.go:107:54:107:54 | definition of r [pointer, URL] | stdlib.go:112:4:112:4 | r [pointer, URL] |
@@ -44,30 +70,73 @@ edges
| stdlib.go:113:24:113:24 | implicit dereference [URL] | stdlib.go:113:24:113:28 | selection of URL |
| stdlib.go:113:24:113:24 | r [pointer, URL] | stdlib.go:113:24:113:24 | implicit dereference [URL] |
| stdlib.go:113:24:113:24 | r [pointer, URL] | stdlib.go:113:24:113:24 | implicit dereference [URL] |
| stdlib.go:113:24:113:28 | selection of URL | file://:0:0:0:0 | parameter -1 of String |
| stdlib.go:113:24:113:28 | selection of URL | file://:0:0:0:0 | parameter -1 of String |
| stdlib.go:113:24:113:28 | selection of URL | stdlib.go:113:24:113:37 | call to String |
| stdlib.go:113:24:113:28 | selection of URL | stdlib.go:113:24:113:37 | call to String |
| stdlib.go:146:13:146:18 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| stdlib.go:146:13:146:18 | selection of Form | stdlib.go:146:13:146:32 | call to Get |
| stdlib.go:146:13:146:18 | selection of Form | stdlib.go:152:23:152:28 | target |
| stdlib.go:146:13:146:32 | call to Get | stdlib.go:152:23:152:28 | target |
| stdlib.go:159:11:159:15 | selection of URL | stdlib.go:162:24:162:26 | url |
| stdlib.go:159:11:159:15 | selection of URL | stdlib.go:162:24:162:26 | url |
| stdlib.go:159:11:159:15 | selection of URL | stdlib.go:162:24:162:35 | call to String |
| stdlib.go:159:11:159:15 | selection of URL | stdlib.go:162:24:162:35 | call to String |
| stdlib.go:173:35:173:39 | selection of URL | stdlib.go:173:24:173:52 | ...+... |
| stdlib.go:162:24:162:26 | url | file://:0:0:0:0 | parameter -1 of String |
| stdlib.go:162:24:162:26 | url | file://:0:0:0:0 | parameter -1 of String |
| stdlib.go:162:24:162:26 | url | stdlib.go:162:24:162:35 | call to String |
| stdlib.go:162:24:162:26 | url | stdlib.go:162:24:162:35 | call to String |
| stdlib.go:173:35:173:39 | selection of URL | file://:0:0:0:0 | parameter -1 of RequestURI |
| stdlib.go:173:35:173:39 | selection of URL | file://:0:0:0:0 | parameter -1 of RequestURI |
| stdlib.go:173:35:173:39 | selection of URL | stdlib.go:173:24:173:52 | ...+... |
| stdlib.go:173:35:173:39 | selection of URL | stdlib.go:173:35:173:52 | call to RequestURI |
| stdlib.go:173:35:173:39 | selection of URL | stdlib.go:173:35:173:52 | call to RequestURI |
| stdlib.go:173:35:173:52 | call to RequestURI | stdlib.go:173:24:173:52 | ...+... |
| stdlib.go:173:35:173:52 | call to RequestURI | stdlib.go:173:24:173:52 | ...+... |
| stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:184:23:184:28 | target |
| stdlib.go:190:3:190:57 | ... := ...[0] | stdlib.go:192:23:192:33 | selection of Path |
| stdlib.go:190:3:190:57 | ... := ...[0] | stdlib.go:194:23:194:28 | target |
| stdlib.go:190:3:190:57 | ... := ...[0] | stdlib.go:194:23:194:42 | call to EscapedPath |
| stdlib.go:190:36:190:56 | call to FormValue | file://:0:0:0:0 | parameter 0 of ParseRequestURI |
| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:190:3:190:57 | ... := ...[0] |
| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:192:23:192:33 | selection of Path |
| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:194:23:194:28 | target |
| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:194:23:194:42 | call to EscapedPath |
| stdlib.go:194:23:194:28 | target | file://:0:0:0:0 | parameter -1 of EscapedPath |
| stdlib.go:194:23:194:28 | target | stdlib.go:194:23:194:42 | call to EscapedPath |
nodes
| OpenUrlRedirect.go:10:23:10:28 | selection of Form | semmle.label | selection of Form |
| OpenUrlRedirect.go:10:23:10:42 | call to Get | semmle.label | call to Get |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in EscapedPath | semmle.label | [summary] to write: return (return[0]) in EscapedPath |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | semmle.label | [summary] to write: return (return[0]) in Get |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in ParseRequestURI | semmle.label | [summary] to write: return (return[0]) in ParseRequestURI |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in RequestURI | semmle.label | [summary] to write: return (return[0]) in RequestURI |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in RequestURI | semmle.label | [summary] to write: return (return[0]) in RequestURI |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in String | semmle.label | [summary] to write: return (return[0]) in String |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in String | semmle.label | [summary] to write: return (return[0]) in String |
| file://:0:0:0:0 | parameter 0 of ParseRequestURI | semmle.label | parameter 0 of ParseRequestURI |
| file://:0:0:0:0 | parameter -1 of EscapedPath | semmle.label | parameter -1 of EscapedPath |
| file://:0:0:0:0 | parameter -1 of Get | semmle.label | parameter -1 of Get |
| file://:0:0:0:0 | parameter -1 of RequestURI | semmle.label | parameter -1 of RequestURI |
| file://:0:0:0:0 | parameter -1 of RequestURI | semmle.label | parameter -1 of RequestURI |
| file://:0:0:0:0 | parameter -1 of String | semmle.label | parameter -1 of String |
| file://:0:0:0:0 | parameter -1 of String | semmle.label | parameter -1 of String |
| stdlib.go:13:13:13:18 | selection of Form | semmle.label | selection of Form |
| stdlib.go:13:13:13:32 | call to Get | semmle.label | call to Get |
| stdlib.go:15:30:15:35 | target | semmle.label | target |
| stdlib.go:22:13:22:18 | selection of Form | semmle.label | selection of Form |
| stdlib.go:22:13:22:32 | call to Get | semmle.label | call to Get |
| stdlib.go:24:30:24:35 | target | semmle.label | target |
| stdlib.go:31:13:31:18 | selection of Form | semmle.label | selection of Form |
| stdlib.go:31:13:31:32 | call to Get | semmle.label | call to Get |
| stdlib.go:35:30:35:39 | ...+... | semmle.label | ...+... |
| stdlib.go:44:13:44:18 | selection of Form | semmle.label | selection of Form |
| stdlib.go:44:13:44:32 | call to Get | semmle.label | call to Get |
| stdlib.go:46:23:46:28 | target | semmle.label | target |
| stdlib.go:64:13:64:18 | selection of Form | semmle.label | selection of Form |
| stdlib.go:64:13:64:32 | call to Get | semmle.label | call to Get |
| stdlib.go:67:23:67:40 | ...+... | semmle.label | ...+... |
| stdlib.go:89:13:89:18 | selection of Form | semmle.label | selection of Form |
| stdlib.go:89:13:89:32 | call to Get | semmle.label | call to Get |
| stdlib.go:92:23:92:28 | target | semmle.label | target |
| stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] | semmle.label | definition of r [pointer, URL, pointer] |
| stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] | semmle.label | definition of r [pointer, URL, pointer] |
@@ -96,21 +165,44 @@ nodes
| stdlib.go:113:24:113:37 | call to String | semmle.label | call to String |
| stdlib.go:113:24:113:37 | call to String | semmle.label | call to String |
| stdlib.go:146:13:146:18 | selection of Form | semmle.label | selection of Form |
| stdlib.go:146:13:146:32 | call to Get | semmle.label | call to Get |
| stdlib.go:152:23:152:28 | target | semmle.label | target |
| stdlib.go:159:11:159:15 | selection of URL | semmle.label | selection of URL |
| stdlib.go:159:11:159:15 | selection of URL | semmle.label | selection of URL |
| stdlib.go:162:24:162:26 | url | semmle.label | url |
| stdlib.go:162:24:162:26 | url | semmle.label | url |
| stdlib.go:162:24:162:35 | call to String | semmle.label | call to String |
| stdlib.go:162:24:162:35 | call to String | semmle.label | call to String |
| stdlib.go:173:24:173:52 | ...+... | semmle.label | ...+... |
| stdlib.go:173:24:173:52 | ...+... | semmle.label | ...+... |
| stdlib.go:173:35:173:39 | selection of URL | semmle.label | selection of URL |
| stdlib.go:173:35:173:39 | selection of URL | semmle.label | selection of URL |
| stdlib.go:173:35:173:52 | call to RequestURI | semmle.label | call to RequestURI |
| stdlib.go:173:35:173:52 | call to RequestURI | semmle.label | call to RequestURI |
| stdlib.go:182:13:182:33 | call to FormValue | semmle.label | call to FormValue |
| stdlib.go:184:23:184:28 | target | semmle.label | target |
| stdlib.go:190:3:190:57 | ... := ...[0] | semmle.label | ... := ...[0] |
| stdlib.go:190:36:190:56 | call to FormValue | semmle.label | call to FormValue |
| stdlib.go:192:23:192:33 | selection of Path | semmle.label | selection of Path |
| stdlib.go:194:23:194:28 | target | semmle.label | target |
| stdlib.go:194:23:194:42 | call to EscapedPath | semmle.label | call to EscapedPath |
subpaths
| OpenUrlRedirect.go:10:23:10:28 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | OpenUrlRedirect.go:10:23:10:42 | call to Get |
| stdlib.go:13:13:13:18 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | stdlib.go:13:13:13:32 | call to Get |
| stdlib.go:22:13:22:18 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | stdlib.go:22:13:22:32 | call to Get |
| stdlib.go:31:13:31:18 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | stdlib.go:31:13:31:32 | call to Get |
| stdlib.go:44:13:44:18 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | stdlib.go:44:13:44:32 | call to Get |
| stdlib.go:64:13:64:18 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | stdlib.go:64:13:64:32 | call to Get |
| stdlib.go:89:13:89:18 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | stdlib.go:89:13:89:32 | call to Get |
| stdlib.go:113:24:113:28 | selection of URL | file://:0:0:0:0 | parameter -1 of String | file://:0:0:0:0 | [summary] to write: return (return[0]) in String | stdlib.go:113:24:113:37 | call to String |
| stdlib.go:113:24:113:28 | selection of URL | file://:0:0:0:0 | parameter -1 of String | file://:0:0:0:0 | [summary] to write: return (return[0]) in String | stdlib.go:113:24:113:37 | call to String |
| stdlib.go:146:13:146:18 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | stdlib.go:146:13:146:32 | call to Get |
| stdlib.go:162:24:162:26 | url | file://:0:0:0:0 | parameter -1 of String | file://:0:0:0:0 | [summary] to write: return (return[0]) in String | stdlib.go:162:24:162:35 | call to String |
| stdlib.go:162:24:162:26 | url | file://:0:0:0:0 | parameter -1 of String | file://:0:0:0:0 | [summary] to write: return (return[0]) in String | stdlib.go:162:24:162:35 | call to String |
| stdlib.go:173:35:173:39 | selection of URL | file://:0:0:0:0 | parameter -1 of RequestURI | file://:0:0:0:0 | [summary] to write: return (return[0]) in RequestURI | stdlib.go:173:35:173:52 | call to RequestURI |
| stdlib.go:173:35:173:39 | selection of URL | file://:0:0:0:0 | parameter -1 of RequestURI | file://:0:0:0:0 | [summary] to write: return (return[0]) in RequestURI | stdlib.go:173:35:173:52 | call to RequestURI |
| stdlib.go:190:36:190:56 | call to FormValue | file://:0:0:0:0 | parameter 0 of ParseRequestURI | file://:0:0:0:0 | [summary] to write: return (return[0]) in ParseRequestURI | stdlib.go:190:3:190:57 | ... := ...[0] |
| stdlib.go:194:23:194:28 | target | file://:0:0:0:0 | parameter -1 of EscapedPath | file://:0:0:0:0 | [summary] to write: return (return[0]) in EscapedPath | stdlib.go:194:23:194:42 | call to EscapedPath |
#select
| OpenUrlRedirect.go:10:23:10:42 | call to Get | OpenUrlRedirect.go:10:23:10:28 | selection of Form | OpenUrlRedirect.go:10:23:10:42 | call to Get | This path to an untrusted URL redirection depends on a $@. | OpenUrlRedirect.go:10:23:10:28 | selection of Form | user-provided value |
| stdlib.go:15:30:15:35 | target | stdlib.go:13:13:13:18 | selection of Form | stdlib.go:15:30:15:35 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:13:13:13:18 | selection of Form | user-provided value |

49
go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected
View File

@@ -1,35 +1,70 @@
edges
| EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:12:56:12:67 | type conversion |
| EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:9:10:9:29 | call to Get |
| EmailBad.go:9:10:9:17 | selection of Header | file://:0:0:0:0 | parameter -1 of Get |
| EmailBad.go:9:10:9:29 | call to Get | EmailBad.go:12:56:12:67 | type conversion |
| file://:0:0:0:0 | parameter 1 of NewContent | file://:0:0:0:0 | [summary] to write: return (return[0]) in NewContent |
| file://:0:0:0:0 | parameter 1 of WriteString | file://:0:0:0:0 | [summary] to write: argument 0 in WriteString |
| file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get |
| main.go:29:21:29:31 | call to Referer | main.go:31:57:31:78 | type conversion |
| main.go:37:21:37:31 | call to Referer | main.go:40:3:40:7 | definition of write |
| main.go:37:21:37:31 | call to Referer | main.go:41:25:41:38 | untrustedInput |
| main.go:41:25:41:38 | untrustedInput | file://:0:0:0:0 | parameter 1 of WriteString |
| main.go:41:25:41:38 | untrustedInput | main.go:40:3:40:7 | definition of write |
| main.go:46:21:46:31 | call to Referer | main.go:52:46:52:59 | untrustedInput |
| main.go:46:21:46:31 | call to Referer | main.go:53:52:53:65 | untrustedInput |
| main.go:58:21:58:31 | call to Referer | main.go:63:16:63:22 | content |
| main.go:68:21:68:31 | call to Referer | main.go:76:50:76:56 | content |
| main.go:68:21:68:31 | call to Referer | main.go:76:59:76:65 | content |
| main.go:68:21:68:31 | call to Referer | main.go:77:16:77:22 | content |
| main.go:58:21:58:31 | call to Referer | main.go:60:47:60:60 | untrustedInput |
| main.go:60:14:60:61 | call to NewContent | main.go:63:16:63:22 | content |
| main.go:60:47:60:60 | untrustedInput | file://:0:0:0:0 | parameter 1 of NewContent |
| main.go:60:47:60:60 | untrustedInput | main.go:60:14:60:61 | call to NewContent |
| main.go:68:21:68:31 | call to Referer | main.go:74:47:74:60 | untrustedInput |
| main.go:74:14:74:61 | call to NewContent | main.go:76:50:76:56 | content |
| main.go:74:14:74:61 | call to NewContent | main.go:76:59:76:65 | content |
| main.go:74:14:74:61 | call to NewContent | main.go:77:16:77:22 | content |
| main.go:74:47:74:60 | untrustedInput | file://:0:0:0:0 | parameter 1 of NewContent |
| main.go:74:47:74:60 | untrustedInput | main.go:74:14:74:61 | call to NewContent |
| main.go:82:21:82:31 | call to Referer | main.go:89:37:89:50 | untrustedInput |
| main.go:82:21:82:31 | call to Referer | main.go:93:16:93:23 | content2 |
| main.go:82:21:82:31 | call to Referer | main.go:91:48:91:61 | untrustedInput |
| main.go:91:15:91:62 | call to NewContent | main.go:93:16:93:23 | content2 |
| main.go:91:48:91:61 | untrustedInput | file://:0:0:0:0 | parameter 1 of NewContent |
| main.go:91:48:91:61 | untrustedInput | main.go:91:15:91:62 | call to NewContent |
nodes
| EmailBad.go:9:10:9:17 | selection of Header | semmle.label | selection of Header |
| EmailBad.go:9:10:9:29 | call to Get | semmle.label | call to Get |
| EmailBad.go:12:56:12:67 | type conversion | semmle.label | type conversion |
| file://:0:0:0:0 | [summary] to write: argument 0 in WriteString | semmle.label | [summary] to write: argument 0 in WriteString |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | semmle.label | [summary] to write: return (return[0]) in Get |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in NewContent | semmle.label | [summary] to write: return (return[0]) in NewContent |
| file://:0:0:0:0 | parameter 1 of NewContent | semmle.label | parameter 1 of NewContent |
| file://:0:0:0:0 | parameter 1 of WriteString | semmle.label | parameter 1 of WriteString |
| file://:0:0:0:0 | parameter -1 of Get | semmle.label | parameter -1 of Get |
| main.go:29:21:29:31 | call to Referer | semmle.label | call to Referer |
| main.go:31:57:31:78 | type conversion | semmle.label | type conversion |
| main.go:37:21:37:31 | call to Referer | semmle.label | call to Referer |
| main.go:40:3:40:7 | definition of write | semmle.label | definition of write |
| main.go:41:25:41:38 | untrustedInput | semmle.label | untrustedInput |
| main.go:46:21:46:31 | call to Referer | semmle.label | call to Referer |
| main.go:52:46:52:59 | untrustedInput | semmle.label | untrustedInput |
| main.go:53:52:53:65 | untrustedInput | semmle.label | untrustedInput |
| main.go:58:21:58:31 | call to Referer | semmle.label | call to Referer |
| main.go:60:14:60:61 | call to NewContent | semmle.label | call to NewContent |
| main.go:60:47:60:60 | untrustedInput | semmle.label | untrustedInput |
| main.go:63:16:63:22 | content | semmle.label | content |
| main.go:68:21:68:31 | call to Referer | semmle.label | call to Referer |
| main.go:74:14:74:61 | call to NewContent | semmle.label | call to NewContent |
| main.go:74:47:74:60 | untrustedInput | semmle.label | untrustedInput |
| main.go:76:50:76:56 | content | semmle.label | content |
| main.go:76:59:76:65 | content | semmle.label | content |
| main.go:77:16:77:22 | content | semmle.label | content |
| main.go:82:21:82:31 | call to Referer | semmle.label | call to Referer |
| main.go:89:37:89:50 | untrustedInput | semmle.label | untrustedInput |
| main.go:91:15:91:62 | call to NewContent | semmle.label | call to NewContent |
| main.go:91:48:91:61 | untrustedInput | semmle.label | untrustedInput |
| main.go:93:16:93:23 | content2 | semmle.label | content2 |
subpaths
| EmailBad.go:9:10:9:17 | selection of Header | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | EmailBad.go:9:10:9:29 | call to Get |
| main.go:41:25:41:38 | untrustedInput | file://:0:0:0:0 | parameter 1 of WriteString | file://:0:0:0:0 | [summary] to write: argument 0 in WriteString | main.go:40:3:40:7 | definition of write |
| main.go:60:47:60:60 | untrustedInput | file://:0:0:0:0 | parameter 1 of NewContent | file://:0:0:0:0 | [summary] to write: return (return[0]) in NewContent | main.go:60:14:60:61 | call to NewContent |
| main.go:74:47:74:60 | untrustedInput | file://:0:0:0:0 | parameter 1 of NewContent | file://:0:0:0:0 | [summary] to write: return (return[0]) in NewContent | main.go:74:14:74:61 | call to NewContent |
| main.go:91:48:91:61 | untrustedInput | file://:0:0:0:0 | parameter 1 of NewContent | file://:0:0:0:0 | [summary] to write: return (return[0]) in NewContent | main.go:91:15:91:62 | call to NewContent |
#select
| EmailBad.go:12:56:12:67 | type conversion | EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:12:56:12:67 | type conversion | Email content may contain $@. | EmailBad.go:9:10:9:17 | selection of Header | untrusted input |
| main.go:31:57:31:78 | type conversion | main.go:29:21:29:31 | call to Referer | main.go:31:57:31:78 | type conversion | Email content may contain $@. | main.go:29:21:29:31 | call to Referer | untrusted input |

127
go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected
View File

@@ -1,57 +1,86 @@
edges
| XPathInjection.go:13:14:13:19 | selection of Form | XPathInjection.go:16:29:16:91 | ...+... |
| tst.go:32:14:32:19 | selection of Form | tst.go:35:23:35:85 | ...+... |
| tst.go:32:14:32:19 | selection of Form | tst.go:38:24:38:86 | ...+... |
| tst.go:32:14:32:19 | selection of Form | tst.go:41:24:41:82 | ...+... |
| tst.go:46:14:46:19 | selection of Form | tst.go:49:26:49:84 | ...+... |
| tst.go:46:14:46:19 | selection of Form | tst.go:52:29:52:87 | ...+... |
| tst.go:46:14:46:19 | selection of Form | tst.go:55:33:55:91 | ...+... |
| tst.go:46:14:46:19 | selection of Form | tst.go:58:30:58:88 | ...+... |
| tst.go:63:14:63:19 | selection of Form | tst.go:66:25:66:83 | ...+... |
| tst.go:63:14:63:19 | selection of Form | tst.go:69:28:69:86 | ...+... |
| tst.go:63:14:63:19 | selection of Form | tst.go:72:25:72:83 | ...+... |
| tst.go:63:14:63:19 | selection of Form | tst.go:75:34:75:92 | ...+... |
| tst.go:63:14:63:19 | selection of Form | tst.go:78:32:78:90 | ...+... |
| tst.go:63:14:63:19 | selection of Form | tst.go:81:29:81:87 | ...+... |
| tst.go:63:14:63:19 | selection of Form | tst.go:84:23:84:85 | ...+... |
| tst.go:63:14:63:19 | selection of Form | tst.go:87:22:87:84 | ...+... |
| tst.go:92:14:92:19 | selection of Form | tst.go:95:26:95:84 | ...+... |
| tst.go:92:14:92:19 | selection of Form | tst.go:98:29:98:87 | ...+... |
| tst.go:92:14:92:19 | selection of Form | tst.go:101:33:101:91 | ...+... |
| tst.go:92:14:92:19 | selection of Form | tst.go:104:30:104:88 | ...+... |
| tst.go:109:14:109:19 | selection of Form | tst.go:112:25:112:87 | ...+... |
| tst.go:109:14:109:19 | selection of Form | tst.go:115:26:115:88 | ...+... |
| tst.go:120:14:120:19 | selection of Form | tst.go:124:23:124:126 | ...+... |
| tst.go:120:14:120:19 | selection of Form | tst.go:127:24:127:127 | ...+... |
| tst.go:120:14:120:19 | selection of Form | tst.go:130:27:130:122 | ...+... |
| tst.go:121:14:121:19 | selection of Form | tst.go:124:23:124:126 | ...+... |
| tst.go:121:14:121:19 | selection of Form | tst.go:127:24:127:127 | ...+... |
| tst.go:121:14:121:19 | selection of Form | tst.go:130:27:130:122 | ...+... |
| tst.go:138:14:138:19 | selection of Form | tst.go:141:27:141:89 | ...+... |
| tst.go:138:14:138:19 | selection of Form | tst.go:144:28:144:90 | ...+... |
| tst.go:149:14:149:19 | selection of Form | tst.go:153:33:153:136 | ...+... |
| tst.go:149:14:149:19 | selection of Form | tst.go:156:18:156:121 | ...+... |
| tst.go:149:14:149:19 | selection of Form | tst.go:162:31:162:126 | ...+... |
| tst.go:149:14:149:19 | selection of Form | tst.go:171:21:171:116 | ...+... |
| tst.go:149:14:149:19 | selection of Form | tst.go:180:27:180:122 | ...+... |
| tst.go:150:14:150:19 | selection of Form | tst.go:153:33:153:136 | ...+... |
| tst.go:150:14:150:19 | selection of Form | tst.go:156:18:156:121 | ...+... |
| tst.go:150:14:150:19 | selection of Form | tst.go:162:31:162:126 | ...+... |
| tst.go:150:14:150:19 | selection of Form | tst.go:171:21:171:116 | ...+... |
| tst.go:150:14:150:19 | selection of Form | tst.go:180:27:180:122 | ...+... |
| XPathInjection.go:13:14:13:19 | selection of Form | XPathInjection.go:13:14:13:35 | call to Get |
| XPathInjection.go:13:14:13:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| XPathInjection.go:13:14:13:35 | call to Get | XPathInjection.go:16:29:16:91 | ...+... |
| file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get |
| tst.go:32:14:32:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| tst.go:32:14:32:19 | selection of Form | tst.go:32:14:32:35 | call to Get |
| tst.go:32:14:32:35 | call to Get | tst.go:35:23:35:85 | ...+... |
| tst.go:32:14:32:35 | call to Get | tst.go:38:24:38:86 | ...+... |
| tst.go:32:14:32:35 | call to Get | tst.go:41:24:41:82 | ...+... |
| tst.go:46:14:46:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| tst.go:46:14:46:19 | selection of Form | tst.go:46:14:46:35 | call to Get |
| tst.go:46:14:46:35 | call to Get | tst.go:49:26:49:84 | ...+... |
| tst.go:46:14:46:35 | call to Get | tst.go:52:29:52:87 | ...+... |
| tst.go:46:14:46:35 | call to Get | tst.go:55:33:55:91 | ...+... |
| tst.go:46:14:46:35 | call to Get | tst.go:58:30:58:88 | ...+... |
| tst.go:63:14:63:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| tst.go:63:14:63:19 | selection of Form | tst.go:63:14:63:35 | call to Get |
| tst.go:63:14:63:35 | call to Get | tst.go:66:25:66:83 | ...+... |
| tst.go:63:14:63:35 | call to Get | tst.go:69:28:69:86 | ...+... |
| tst.go:63:14:63:35 | call to Get | tst.go:72:25:72:83 | ...+... |
| tst.go:63:14:63:35 | call to Get | tst.go:75:34:75:92 | ...+... |
| tst.go:63:14:63:35 | call to Get | tst.go:78:32:78:90 | ...+... |
| tst.go:63:14:63:35 | call to Get | tst.go:81:29:81:87 | ...+... |
| tst.go:63:14:63:35 | call to Get | tst.go:84:23:84:85 | ...+... |
| tst.go:63:14:63:35 | call to Get | tst.go:87:22:87:84 | ...+... |
| tst.go:92:14:92:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| tst.go:92:14:92:19 | selection of Form | tst.go:92:14:92:35 | call to Get |
| tst.go:92:14:92:35 | call to Get | tst.go:95:26:95:84 | ...+... |
| tst.go:92:14:92:35 | call to Get | tst.go:98:29:98:87 | ...+... |
| tst.go:92:14:92:35 | call to Get | tst.go:101:33:101:91 | ...+... |
| tst.go:92:14:92:35 | call to Get | tst.go:104:30:104:88 | ...+... |
| tst.go:109:14:109:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| tst.go:109:14:109:19 | selection of Form | tst.go:109:14:109:35 | call to Get |
| tst.go:109:14:109:35 | call to Get | tst.go:112:25:112:87 | ...+... |
| tst.go:109:14:109:35 | call to Get | tst.go:115:26:115:88 | ...+... |
| tst.go:120:14:120:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| tst.go:120:14:120:19 | selection of Form | tst.go:120:14:120:35 | call to Get |
| tst.go:120:14:120:35 | call to Get | tst.go:124:23:124:126 | ...+... |
| tst.go:120:14:120:35 | call to Get | tst.go:127:24:127:127 | ...+... |
| tst.go:120:14:120:35 | call to Get | tst.go:130:27:130:122 | ...+... |
| tst.go:121:14:121:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| tst.go:121:14:121:19 | selection of Form | tst.go:121:14:121:35 | call to Get |
| tst.go:121:14:121:35 | call to Get | tst.go:124:23:124:126 | ...+... |
| tst.go:121:14:121:35 | call to Get | tst.go:127:24:127:127 | ...+... |
| tst.go:121:14:121:35 | call to Get | tst.go:130:27:130:122 | ...+... |
| tst.go:138:14:138:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| tst.go:138:14:138:19 | selection of Form | tst.go:138:14:138:35 | call to Get |
| tst.go:138:14:138:35 | call to Get | tst.go:141:27:141:89 | ...+... |
| tst.go:138:14:138:35 | call to Get | tst.go:144:28:144:90 | ...+... |
| tst.go:149:14:149:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| tst.go:149:14:149:19 | selection of Form | tst.go:149:14:149:35 | call to Get |
| tst.go:149:14:149:35 | call to Get | tst.go:153:33:153:136 | ...+... |
| tst.go:149:14:149:35 | call to Get | tst.go:156:18:156:121 | ...+... |
| tst.go:149:14:149:35 | call to Get | tst.go:162:31:162:126 | ...+... |
| tst.go:149:14:149:35 | call to Get | tst.go:171:21:171:116 | ...+... |
| tst.go:149:14:149:35 | call to Get | tst.go:180:27:180:122 | ...+... |
| tst.go:150:14:150:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get |
| tst.go:150:14:150:19 | selection of Form | tst.go:150:14:150:35 | call to Get |
| tst.go:150:14:150:35 | call to Get | tst.go:153:33:153:136 | ...+... |
| tst.go:150:14:150:35 | call to Get | tst.go:156:18:156:121 | ...+... |
| tst.go:150:14:150:35 | call to Get | tst.go:162:31:162:126 | ...+... |
| tst.go:150:14:150:35 | call to Get | tst.go:171:21:171:116 | ...+... |
| tst.go:150:14:150:35 | call to Get | tst.go:180:27:180:122 | ...+... |
nodes
| XPathInjection.go:13:14:13:19 | selection of Form | semmle.label | selection of Form |
| XPathInjection.go:13:14:13:35 | call to Get | semmle.label | call to Get |
| XPathInjection.go:16:29:16:91 | ...+... | semmle.label | ...+... |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | semmle.label | [summary] to write: return (return[0]) in Get |
| file://:0:0:0:0 | parameter -1 of Get | semmle.label | parameter -1 of Get |
| tst.go:32:14:32:19 | selection of Form | semmle.label | selection of Form |
| tst.go:32:14:32:35 | call to Get | semmle.label | call to Get |
| tst.go:35:23:35:85 | ...+... | semmle.label | ...+... |
| tst.go:38:24:38:86 | ...+... | semmle.label | ...+... |
| tst.go:41:24:41:82 | ...+... | semmle.label | ...+... |
| tst.go:46:14:46:19 | selection of Form | semmle.label | selection of Form |
| tst.go:46:14:46:35 | call to Get | semmle.label | call to Get |
| tst.go:49:26:49:84 | ...+... | semmle.label | ...+... |
| tst.go:52:29:52:87 | ...+... | semmle.label | ...+... |
| tst.go:55:33:55:91 | ...+... | semmle.label | ...+... |
| tst.go:58:30:58:88 | ...+... | semmle.label | ...+... |
| tst.go:63:14:63:19 | selection of Form | semmle.label | selection of Form |
| tst.go:63:14:63:35 | call to Get | semmle.label | call to Get |
| tst.go:66:25:66:83 | ...+... | semmle.label | ...+... |
| tst.go:69:28:69:86 | ...+... | semmle.label | ...+... |
| tst.go:72:25:72:83 | ...+... | semmle.label | ...+... |
@@ -61,29 +90,47 @@ nodes
| tst.go:84:23:84:85 | ...+... | semmle.label | ...+... |
| tst.go:87:22:87:84 | ...+... | semmle.label | ...+... |
| tst.go:92:14:92:19 | selection of Form | semmle.label | selection of Form |
| tst.go:92:14:92:35 | call to Get | semmle.label | call to Get |
| tst.go:95:26:95:84 | ...+... | semmle.label | ...+... |
| tst.go:98:29:98:87 | ...+... | semmle.label | ...+... |
| tst.go:101:33:101:91 | ...+... | semmle.label | ...+... |
| tst.go:104:30:104:88 | ...+... | semmle.label | ...+... |
| tst.go:109:14:109:19 | selection of Form | semmle.label | selection of Form |
| tst.go:109:14:109:35 | call to Get | semmle.label | call to Get |
| tst.go:112:25:112:87 | ...+... | semmle.label | ...+... |
| tst.go:115:26:115:88 | ...+... | semmle.label | ...+... |
| tst.go:120:14:120:19 | selection of Form | semmle.label | selection of Form |
| tst.go:120:14:120:35 | call to Get | semmle.label | call to Get |
| tst.go:121:14:121:19 | selection of Form | semmle.label | selection of Form |
| tst.go:121:14:121:35 | call to Get | semmle.label | call to Get |
| tst.go:124:23:124:126 | ...+... | semmle.label | ...+... |
| tst.go:127:24:127:127 | ...+... | semmle.label | ...+... |
| tst.go:130:27:130:122 | ...+... | semmle.label | ...+... |
| tst.go:138:14:138:19 | selection of Form | semmle.label | selection of Form |
| tst.go:138:14:138:35 | call to Get | semmle.label | call to Get |
| tst.go:141:27:141:89 | ...+... | semmle.label | ...+... |
| tst.go:144:28:144:90 | ...+... | semmle.label | ...+... |
| tst.go:149:14:149:19 | selection of Form | semmle.label | selection of Form |
| tst.go:149:14:149:35 | call to Get | semmle.label | call to Get |
| tst.go:150:14:150:19 | selection of Form | semmle.label | selection of Form |
| tst.go:150:14:150:35 | call to Get | semmle.label | call to Get |
| tst.go:153:33:153:136 | ...+... | semmle.label | ...+... |
| tst.go:156:18:156:121 | ...+... | semmle.label | ...+... |
| tst.go:162:31:162:126 | ...+... | semmle.label | ...+... |
| tst.go:171:21:171:116 | ...+... | semmle.label | ...+... |
| tst.go:180:27:180:122 | ...+... | semmle.label | ...+... |
subpaths
| XPathInjection.go:13:14:13:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | XPathInjection.go:13:14:13:35 | call to Get |
| tst.go:32:14:32:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | tst.go:32:14:32:35 | call to Get |
| tst.go:46:14:46:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | tst.go:46:14:46:35 | call to Get |
| tst.go:63:14:63:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | tst.go:63:14:63:35 | call to Get |
| tst.go:92:14:92:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | tst.go:92:14:92:35 | call to Get |
| tst.go:109:14:109:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | tst.go:109:14:109:35 | call to Get |
| tst.go:120:14:120:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | tst.go:120:14:120:35 | call to Get |
| tst.go:121:14:121:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | tst.go:121:14:121:35 | call to Get |
| tst.go:138:14:138:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | tst.go:138:14:138:35 | call to Get |
| tst.go:149:14:149:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | tst.go:149:14:149:35 | call to Get |
| tst.go:150:14:150:19 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | tst.go:150:14:150:35 | call to Get |
#select
| XPathInjection.go:16:29:16:91 | ...+... | XPathInjection.go:13:14:13:19 | selection of Form | XPathInjection.go:16:29:16:91 | ...+... | XPath expression depends on a $@. | XPathInjection.go:13:14:13:19 | selection of Form | user-provided value |
| tst.go:35:23:35:85 | ...+... | tst.go:32:14:32:19 | selection of Form | tst.go:35:23:35:85 | ...+... | XPath expression depends on a $@. | tst.go:32:14:32:19 | selection of Form | user-provided value |

9
go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected
View File

@@ -1,12 +1,15 @@
edges
| RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... |
| file://:0:0:0:0 | parameter -1 of String | file://:0:0:0:0 | [summary] to write: return (return[0]) in String |
| tst.go:10:13:10:35 | call to FormValue | tst.go:14:11:14:17 | tainted |
| tst.go:10:13:10:35 | call to FormValue | tst.go:18:12:18:18 | tainted |
| tst.go:10:13:10:35 | call to FormValue | tst.go:21:34:21:40 | tainted |
| tst.go:10:13:10:35 | call to FormValue | tst.go:24:66:24:72 | tainted |
| tst.go:10:13:10:35 | call to FormValue | tst.go:27:11:27:29 | ...+... |
| tst.go:10:13:10:35 | call to FormValue | tst.go:29:11:29:40 | ...+... |
| tst.go:10:13:10:35 | call to FormValue | tst.go:37:11:37:20 | call to String |
| tst.go:10:13:10:35 | call to FormValue | tst.go:37:11:37:11 | u |
| tst.go:37:11:37:11 | u | file://:0:0:0:0 | parameter -1 of String |
| tst.go:37:11:37:11 | u | tst.go:37:11:37:20 | call to String |
| websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput |
| websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput |
| websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput |
@@ -19,6 +22,8 @@ edges
nodes
| RequestForgery.go:8:12:8:34 | call to FormValue | semmle.label | call to FormValue |
| RequestForgery.go:11:24:11:65 | ...+... | semmle.label | ...+... |
| file://:0:0:0:0 | [summary] to write: return (return[0]) in String | semmle.label | [summary] to write: return (return[0]) in String |
| file://:0:0:0:0 | parameter -1 of String | semmle.label | parameter -1 of String |
| tst.go:10:13:10:35 | call to FormValue | semmle.label | call to FormValue |
| tst.go:14:11:14:17 | tainted | semmle.label | tainted |
| tst.go:18:12:18:18 | tainted | semmle.label | tainted |
@@ -26,6 +31,7 @@ nodes
| tst.go:24:66:24:72 | tainted | semmle.label | tainted |
| tst.go:27:11:27:29 | ...+... | semmle.label | ...+... |
| tst.go:29:11:29:40 | ...+... | semmle.label | ...+... |
| tst.go:37:11:37:11 | u | semmle.label | u |
| tst.go:37:11:37:20 | call to String | semmle.label | call to String |
| websocket.go:60:21:60:31 | call to Referer | semmle.label | call to Referer |
| websocket.go:65:27:65:40 | untrustedInput | semmle.label | untrustedInput |
@@ -46,6 +52,7 @@ nodes
| websocket.go:202:21:202:31 | call to Referer | semmle.label | call to Referer |
| websocket.go:204:11:204:24 | untrustedInput | semmle.label | untrustedInput |
subpaths
| tst.go:37:11:37:11 | u | file://:0:0:0:0 | parameter -1 of String | file://:0:0:0:0 | [summary] to write: return (return[0]) in String | tst.go:37:11:37:20 | call to String |
#select
| RequestForgery.go:11:15:11:66 | call to Get | RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | The $@ of this request depends on a $@. | RequestForgery.go:11:24:11:65 | ...+... | URL | RequestForgery.go:8:12:8:34 | call to FormValue | user-provided value |
| tst.go:14:2:14:18 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:14:11:14:17 | tainted | The $@ of this request depends on a $@. | tst.go:14:11:14:17 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |