Merge pull request #138 from max-schaefer/fix-tests

Fix frontend errors in two tests and a code example

ql/src/experimental/CWE-807/SensitiveConditionBypassBad.go

@@ -1,4 +1,8 @@
-func ex3(w http.ResponseWriter, r *http.Request) {
+package main
+
+import "net/http"
+
+func example(w http.ResponseWriter, r *http.Request) {
 	test2 := "test"
 	if r.Header.Get("X-Password") != test2 {
 		login()

ql/src/semmle/go/frameworks/NoSQL.qll

@@ -9,7 +9,7 @@ module NoSQL {
   /**
    * A data-flow node whose string value is interpreted as (part of) a NoSQL query.
    *
-   * Extends this class to refine existing API models. If you want to model new APIs,
+   * Extend this class to refine existing API models. If you want to model new APIs,
    * extend `NoSQL::QueryString::Range` instead.
    */
   class NoSQLQueryString extends DataFlow::Node {
@@ -18,11 +18,6 @@ module NoSQL {
     NoSQLQueryString() { this = self }
   }
 
-  //TODO : Replace the following two predicate definitions with a simple call to package()
-  private string mongoDb() { result = "go.mongodb.org/mongo-driver/mongo" }
-
-  private string mongoBsonPrimitive() { result = "go.mongodb.org/mongo-driver/bson/primitive" }
-
   /** Provides classes for working with SQL query strings. */
   module NoSQLQueryString {
     /**
@@ -89,18 +84,21 @@ module NoSQL {
       MongoDbCollectionQueryString() {
         exists(Method meth, string methodName, int n |
           collectionMethods(methodName, n) and
-          meth.hasQualifiedName(mongoDb(), "Collection", methodName) and
+          meth.hasQualifiedName("go.mongodb.org/mongo-driver/mongo", "Collection", methodName) and
           this = meth.getACall().getArgument(n)
         )
       }
     }
   }
 
-  predicate isAdditionalMongoTaintStep(DataFlow::Node prev, DataFlow::Node succ) {
-    // Taint bson.E if input is tainted
-    exists(Write w, DataFlow::Node base, Field f | w.writesField(base, f, prev) |
+  /**
+   * Holds if taint flows from `pred` to `succ` through a MongoDB-specific API.
+   */
+  predicate isAdditionalMongoTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
+    // Taint an entry if the `Value` is tainted
+    exists(Write w, DataFlow::Node base, Field f | w.writesField(base, f, pred) |
       base = succ.getASuccessor*() and
-      base.getType().hasQualifiedName(mongoBsonPrimitive(), "E") and
+      base.getType().hasQualifiedName("go.mongodb.org/mongo-driver/bson/primitive", "E") and
       f.getName() = "Value"
     )
   }

ql/test/library-tests/semmle/go/frameworks/NoSQL/main.go

@@ -10,7 +10,7 @@ import (
 	"go.mongodb.org/mongo-driver/mongo"
 )
 
-func test(coll *mongo.Collection, filter interface{}, models []WriteModel, ctx context.Context) {
+func test(coll *mongo.Collection, filter interface{}, models []mongo.WriteModel, ctx context.Context) {
 
 	fieldName := "test"
 	document := filter

ql/test/query-tests/Security/CWE-022/tst.go

@@ -15,7 +15,7 @@ func uploadFile(w http.ResponseWriter, r *http.Request) {
 	// err handling
 	defer file.Close()
 	tempFile, _ := ioutil.TempFile("/tmp", handler.Filename) // NOT OK
-	// do stuff with tempFile
+	use(tempFile)
 }
 
 func unzip2(f string, root string) {
@@ -50,3 +50,5 @@ func containedIn(f string, root string) bool {
 	}
 	return false
 }
+
+func use(v interface{}) {}

ql/test/query-tests/Security/CWE-089/vendor/go.mongodb.org/mongo-driver/mongo/stub.go

@@ -193,7 +193,7 @@ func (_ *Collection) Watch(_ context.Context, _ interface{}, _ ...*interface{})
 	return nil, nil
 }
 
-func Connect(_ context.Context, _ ...*interface{}) (*Client, error) {
+func Connect(_ context.Context, _ ...interface{}) (*Client, error) {
 	return nil, nil
 }