hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Tweak test.

Browse Source 
The query under test isn't a `@problem` query, so we should refer to "alerts".
This commit is contained in:
Max Schaefer
2020-05-04 17:07:15 +01:00
parent 60a6c96863
commit b177d58c88
4 changed files with 20 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ql/test/library-tests/semmle/go/frameworks/Email/EmailData.expected Normal file
View File

@@ -0,0 +1,9 @@
| mail.go:15:73:15:94 | type conversion |
| mail.go:18:19:18:23 | definition of write |
| mail.go:26:49:26:52 | text |
| mail.go:26:76:26:79 | text |
| mail.go:27:20:27:23 | text |
| mail.go:31:33:31:39 | content |
| mail.go:36:52:36:55 | text |
| mail.go:36:79:36:86 | content2 |
| mail.go:37:20:37:27 | content3 |

0
ql/test/library-tests/semmle/go/frameworks/Email/MailData.ql → ql/test/library-tests/semmle/go/frameworks/Email/EmailData.ql
View File

9
ql/test/library-tests/semmle/go/frameworks/Email/MailData.expected
View File

@@ -1,9 +0,0 @@
| mail.go:16:56:16:77 | type conversion |
| mail.go:19:2:19:6 | definition of write |
| mail.go:29:32:29:36 | alert |
| mail.go:29:43:29:47 | alert |
| mail.go:29:50:29:54 | alert |
| mail.go:34:15:34:21 | content |
| mail.go:40:35:40:39 | alert |
| mail.go:40:46:40:53 | content2 |
| mail.go:40:56:40:63 | content3 |

26
ql/test/library-tests/semmle/go/frameworks/Email/mail.go
View File

@@ -12,31 +12,27 @@ import (
func main() {
untrustedInput := "test"
// Not OK - 1 alert
smtp.SendMail("test.test", nil, "from@from.com", nil, []byte(untrustedInput))
smtp.SendMail("test.test", nil, "from@from.com", nil /* email data */, []byte(untrustedInput))
s, _ := smtp.Dial("test.test")
write, _ := s.Data()
/* email data */ write, _ := s.Data()
// Not OK - 1 alert
io.WriteString(write, untrustedInput)
from := sendgrid.NewEmail("from", "from@from.com")
to := sendgrid.NewEmail("to", "to@to.com")
alert := "sub"
text := "sub"
// Not OK - 3 alerts
sendgrid.NewSingleEmail(from, alert, to, alert, alert)
sendgrid.NewSingleEmail(from /* email data */, text, to /* email data */, text,
/* email data */ text)
// Not OK - 1 alert
content := sendgrid.NewContent("text/html", alert)
content := sendgrid.NewContent("text/html", text)
v := sendgrid.NewV3Mail()
v.AddContent(content)
v.AddContent( /* email data */ content)
content2 := sendgrid.NewContent("text/html", alert)
content3 := sendgrid.NewContent("text/html", alert)
// Not OK - 3 alerts
v = sendgrid.NewV3MailInit(from, alert, to, content2, content3)
content2 := sendgrid.NewContent("text/html", text)
content3 := sendgrid.NewContent("text/html", text)
v = sendgrid.NewV3MailInit(from /* email data */, text, to /* email data */, content2,
/* email data */ content3)
}