From adc2f08b76087c7a19c4ecad909537a884ea33ef Mon Sep 17 00:00:00 2001 From: Sauyon Lee Date: Thu, 18 Feb 2021 11:50:11 -0800 Subject: [PATCH] Add tests for go 1.16 libraries --- .../go/frameworks/StdlibTaintFlow/IoFs.go | 97 +++++++++++++++++++ .../go/frameworks/StdlibTaintFlow/Os.go | 29 +++++- .../frameworks/StdlibTaintFlow/test.expected | 0 .../go/frameworks/StdlibTaintFlow/test.ql | 17 ++++ 4 files changed, 142 insertions(+), 1 deletion(-) create mode 100644 ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/IoFs.go create mode 100644 ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/test.expected create mode 100644 ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/test.ql diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/IoFs.go b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/IoFs.go new file mode 100644 index 00000000000..9eea2dc516f --- /dev/null +++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/IoFs.go @@ -0,0 +1,97 @@ +package main + +import ( + "io/fs" +) + +func walkDirCallback(path string, d fs.DirEntry, _ error) error { + sink(14, path) + sink(15, d) + return nil +} + +func steps() { + { + source := newSource(0).(fs.FS) + out, _ := fs.Glob(source, "*") + sink(0, out) + } + { + source := newSource(1).(fs.FS) + out, _ := fs.ReadFile(source, "filename") + sink(1, out) + } + { + source := newSource(2).(fs.FS) + out, _ := fs.ReadDir(source, "dirname") + sink(2, out) + } + { + source := newSource(3).(fs.FS) + out, _ := fs.Sub(source, "dirname") + sink(3, out) + } + { + source := newSource(4).(fs.FS) + fs.WalkDir(source, ".", func(_ string, d fs.DirEntry, _ error) error { + sink(4, d) + return nil + }) + } + { + source := newSource(5).(fs.FS) + fs.WalkDir(source, ".", func(path string, _ fs.DirEntry, _ error) error { + sink(5, path) + return nil + }) + } + { + source := newSource(6).(fs.DirEntry) + out := source.Name() + sink(6, out) + } + { + source := newSource(7).(fs.DirEntry) + out, _ := source.Info() + sink(7, out) + } + { + source := newSource(8).(fs.FS) + out, _ := source.Open("filename") + sink(8, out) + } + { + source := newSource(9).(fs.GlobFS) + out, _ := source.Glob("*") + sink(9, out) + } + { + source := newSource(10).(fs.ReadDirFS) + out, _ := source.ReadDir("dirname") + sink(10, out) + } + { + source := newSource(11).(fs.ReadFileFS) + out, _ := source.ReadFile("filename") + sink(11, out) + } + { + source := newSource(12).(fs.SubFS) + out, _ := source.Sub("dirname") + sink(12, out) + } + { + source := newSource(13).(fs.File) + var out []byte + source.Read(out) + sink(13, out) + } + { + source := newSource(14).(fs.FS) + fs.WalkDir(source, ".", walkDirCallback) + } + { + source := newSource(15).(fs.FS) + fs.WalkDir(source, ".", walkDirCallback) + } +} diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Os.go b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Os.go index 221d6868cd5..9736cddfdc8 100644 --- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Os.go +++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Os.go @@ -5,6 +5,7 @@ package main import ( "os" "syscall" + "time" ) func TaintStepTest_OsExpand_B0I0O0(sourceCQL interface{}) interface{} { @@ -21,7 +22,7 @@ func TaintStepTest_OsExpandEnv_B0I0O0(sourceCQL interface{}) interface{} { func TaintStepTest_OsNewFile_B0I0O0(sourceCQL interface{}) interface{} { fromUintptr784 := sourceCQL.(uintptr) - intoFile957 := os.NewFile(fromUintptr784, "") + intoFile957 := os.NewFile(fromUintptr784, "") // $fsaccess="" return intoFile957 } @@ -149,3 +150,29 @@ func RunAllTaints_Os() { sink(11, out) } } + +func fsAccesses() { + var path, path1 string + var time time.Time + os.Chdir(path) // $fsaccess=path + os.Chmod(path, 0600) // $fsaccess=path + os.Chown(path, 1000, 1000) // $fsaccess=path + os.Chtimes(path, time, time) // $fsaccess=path + os.Create(path) // $fsaccess=path + os.Lchown(path, 1000, 1000) // $fsaccess=path + os.Link(path, path1) // $fsaccess=path $fsaccess=path1 + os.Lstat(path) // $fsaccess=path + os.Mkdir(path, 0600) // $fsaccess=path + os.MkdirAll(path, 0600) // $fsaccess=path + os.NewFile(124, path) // $fsaccess=path + os.Open(path) // $fsaccess=path + os.OpenFile(path, os.O_RDONLY, 0600) // $fsaccess=path + os.Readlink(path) // $fsaccess=path + os.Remove(path) // $fsaccess=path + os.RemoveAll(path) // $fsaccess=path + os.Rename(path, path1) // $fsaccess=path $fsaccess=path1 + os.Stat(path) // $fsaccess=path + os.Symlink(path, path1) // $fsaccess=path $fsaccess=path1 + os.Truncate(path, 1000) // $fsaccess=path + os.DirFS(path) // $fsaccess=path +} diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/test.expected b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/test.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/test.ql b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/test.ql new file mode 100644 index 00000000000..30b7a2b4797 --- /dev/null +++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/test.ql @@ -0,0 +1,17 @@ +import go +import TestUtilities.InlineExpectationsTest + +class FileSystemAccessTest extends InlineExpectationsTest { + FileSystemAccessTest() { this = "FileSystemAccess" } + + override string getARelevantTag() { result = "fsaccess" } + + override predicate hasActualResult(string file, int line, string element, string tag, string value) { + exists(FileSystemAccess f | + f.hasLocationInfo(file, line, _, _, _) and + element = f.toString() and + value = f.getAPathArgument().toString() and + tag = "fsaccess" + ) + } +}