hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into docsforautofix

Browse Source
This commit is contained in:
Geoffrey White
2024-07-11 16:42:27 +01:00
parent 0344381120 9794269550
commit bf47574796
131 changed files with 14719 additions and 3565 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/compile-queries.yml vendored
View File

@@ -29,8 +29,6 @@ jobs:
key: all-queries
- name: check formatting
run: find shared */ql -type f \( -name "*.qll" -o -name "*.ql" \) -print0 | xargs -0 -n 3000 -P 10 codeql query format -q --check-only
- name: Omit DatabaseQualityDiagnostics.ql from compile checking # Remove me once CodeQL 2.18.0 is released!
run: mv java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql{,.hidden}
- name: compile queries - check-only
# run with --check-only if running in a PR (github.sha != main)
if : ${{ github.event_name == 'pull_request' }}
@@ -41,6 +39,3 @@ jobs:
if : ${{ github.event_name != 'pull_request' }}
shell: bash
run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" --compilation-cache-size=500
- name: Restore DatabaseQualityDiagnostics.ql after compile checking # Remove me once CodeQL 2.18.0 is released
run: mv java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql{.hidden,}

17
cpp/downgrades/3d35dd6b50edfc540c14c6757e0c7b3c5b7b04dd/exprs.ql Normal file
View File

@@ -0,0 +1,17 @@
class Expr extends @expr {
string toString() { none() }
}
class Location extends @location_expr {
string toString() { none() }
}
predicate isExprWithNewBuiltin(Expr expr) {
exists(int kind | exprs(expr, kind, _) | 364 <= kind and kind <= 384)
}
from Expr expr, int kind, int kind_new, Location location
where
exprs(expr, kind, location) and
if isExprWithNewBuiltin(expr) then kind_new = 1 else kind_new = kind
select expr, kind_new, location

2289
cpp/downgrades/3d35dd6b50edfc540c14c6757e0c7b3c5b7b04dd/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2251
cpp/downgrades/3d35dd6b50edfc540c14c6757e0c7b3c5b7b04dd/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

3
cpp/downgrades/3d35dd6b50edfc540c14c6757e0c7b3c5b7b04dd/upgrade.properties Normal file
View File

@@ -0,0 +1,3 @@
description: Add new builtin operations
compatibility: partial
exprs.rel: run exprs.qlo

4
cpp/ql/lib/change-notes/2024-07-11-additional-builtin-support.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: feature
---
* Added subclasses of `BuiltInOperations` for `__builtin_has_attribute`, `__builtin_is_corresponding_member`, `__builtin_is_pointer_interconvertible_with_class`, `__is_assignable_no_precondition_check`, `__is_bounded_array`, `__is_convertible`, `__is_corresponding_member`, `__is_nothrow_convertible`, `__is_pointer_interconvertible_with_class`, `__is_referenceable`, `__is_same_as`, `__is_trivially_copy_assignable`, `__is_unbounded_array`, `__is_valid_winrt_type`, `_is_win_class`, `__is_win_interface`, `__reference_binds_to_temporary`, `__reference_constructs_from_temporary`, and `__reference_converts_from_temporary`.

336
cpp/ql/lib/semmle/code/cpp/exprs/BuiltInOperations.qll
View File

@@ -383,6 +383,37 @@ class BuiltInOperationIsConvertibleTo extends BuiltInOperation, @isconvtoexpr {
override string getAPrimaryQlClass() { result = "BuiltInOperationIsConvertibleTo" }
}
/**
* A C++ `__is_convertible` built-in operation (used by some implementations
* of the `<type_traits>` header).
*
* Returns `true` if the first type can be converted to the second type.
* ```
* bool v = __is_convertible(MyType, OtherType);
* ```
*/
class BuiltInOperationIsConvertible extends BuiltInOperation, @isconvertible {
override string toString() { result = "__is_convertible" }
override string getAPrimaryQlClass() { result = "BuiltInOperationIsConvertible" }
}
/**
* A C++ `__is_nothrow_convertible` built-in operation (used by some implementations
* of the `<type_traits>` header).
*
* Returns `true` if the first type can be converted to the second type and the
* conversion operator has an empty exception specification.
* ```
* bool v = __is_nothrow_convertible(MyType, OtherType);
* ```
*/
class BuiltInOperationIsNothrowConvertible extends BuiltInOperation, @isnothrowconvertible {
override string toString() { result = "__is_nothrow_convertible" }
override string getAPrimaryQlClass() { result = "BuiltInOperationIsNothrowConvertible" }
}
/**
* A C++ `__is_empty` built-in operation (used by some implementations of the
* `<type_traits>` header).
@@ -647,8 +678,7 @@ class BuiltInOperationIsTriviallyAssignable extends BuiltInOperation, @istrivial
* The `__is_nothrow_assignable` built-in operation (used by some
* implementations of the `<type_traits>` header).
*
* Returns true if there exists a `C::operator =(const D& d) nothrow`
* assignment operator (i.e, with an empty exception specification).
* Returns true if there exists an assignment operator with an empty exception specification.
* ```
* bool v = __is_nothrow_assignable(MyType1, MyType2);
* ```
@@ -663,8 +693,7 @@ class BuiltInOperationIsNothrowAssignable extends BuiltInOperation, @isnothrowas
* The `__is_assignable` built-in operation (used by some implementations
* of the `<type_traits>` header).
*
* Returns true if there exists a `C::operator =(const D& d)` assignment
* operator.
* Returns true if there exists an assignment operator.
* ```
* bool v = __is_assignable(MyType1, MyType2);
* ```
@@ -675,6 +704,25 @@ class BuiltInOperationIsAssignable extends BuiltInOperation, @isassignable {
override string getAPrimaryQlClass() { result = "BuiltInOperationIsAssignable" }
}
/**
* The `__is_assignable_no_precondition_check` built-in operation (used by some
* implementations of the `<type_traits>` header).
*
* Returns true if there exists an assignment operator.
* ```
* bool v = __is_assignable_no_precondition_check(MyType1, MyType2);
* ```
*/
class BuiltInOperationIsAssignableNoPreconditionCheck extends BuiltInOperation,
@isassignablenopreconditioncheck
{
override string toString() { result = "__is_assignable_no_precondition_check" }
override string getAPrimaryQlClass() {
result = "BuiltInOperationIsAssignableNoPreconditionCheck"
}
}
/**
* The `__is_standard_layout` built-in operation (used by some implementations
* of the `<type_traits>` header).
@@ -708,6 +756,20 @@ class BuiltInOperationIsTriviallyCopyable extends BuiltInOperation, @istrivially
override string getAPrimaryQlClass() { result = "BuiltInOperationIsTriviallyCopyable" }
}
/**
* The `__is_trivially_copy_assignable` built-in operation (used by some
* implementations of the `<type_traits>` header).
*
* Returns `true` if instances of this type can be copied using a trivial
* copy operator.
*/
class BuiltInOperationIsTriviallyCopyAssignable extends BuiltInOperation, @istriviallycopyassignable
{
override string toString() { result = "__is_trivially_copy_assignable" }
override string getAPrimaryQlClass() { result = "BuiltInOperationIsTriviallyCopyAssignable" }
}
/**
* The `__is_literal_type` built-in operation (used by some implementations of
* the `<type_traits>` header).
@@ -1062,6 +1124,24 @@ class BuiltInOperationIsSame extends BuiltInOperation, @issame {
override string getAPrimaryQlClass() { result = "BuiltInOperationIsSame" }
}
/**
* A C++ `__is_same_as` built-in operation (used by some implementations of the
* `<type_traits>` header).
*
* Returns `true` if two types are the same.
* ```
* template<typename _Tp, typename _Up>
* struct is_same
* : public integral_constant<bool, __is_same_as(_Tp, _Up)>
* { };
* ```
*/
class BuiltInOperationIsSameAs extends BuiltInOperation, @issameas {
override string toString() { result = "__is_same_as" }
override string getAPrimaryQlClass() { result = "BuiltInOperationIsSameAs" }
}
/**
* A C++ `__is_function` built-in operation (used by some implementations of the
* `<type_traits>` header).
@@ -1120,6 +1200,87 @@ class BuiltInOperationIsPointerInterconvertibleBaseOf extends BuiltInOperation,
}
}
/**
* A C++ `__is_pointer_interconvertible_with_class` built-in operation (used
* by some implementations of the `<type_traits>` header).
*
* Returns `true` if a member pointer is pointer-interconvertible with a
* class type.
* ```
* template<typename _Tp, typename _Up>
* constexpr bool is_pointer_interconvertible_with_class(_Up _Tp::*mp) noexcept
* = __is_pointer_interconvertible_with_class(_Tp, mp);
* ```
*/
class BuiltInOperationIsPointerInterconvertibleWithClass extends BuiltInOperation,
@ispointerinterconvertiblewithclass
{
override string toString() { result = "__is_pointer_interconvertible_with_class" }
override string getAPrimaryQlClass() {
result = "BuiltInOperationIsPointerInterconvertibleWithClass"
}
}
/**
* A C++ `__builtin_is_pointer_interconvertible_with_class` built-in operation (used
* by some implementations of the `<type_traits>` header).
*
* Returns `true` if a member pointer is pointer-interconvertible with a class type.
* ```
* template<typename _Tp, typename _Up>
* constexpr bool is_pointer_interconvertible_with_class(_Up _Tp::*mp) noexcept
* = __builtin_is_pointer_interconvertible_with_class(mp);
* ```
*/
class BuiltInOperationBuiltInIsPointerInterconvertible extends BuiltInOperation,
@builtinispointerinterconvertiblewithclass
{
override string toString() { result = "__builtin_is_pointer_interconvertible_with_class" }
override string getAPrimaryQlClass() {
result = "BuiltInOperationBuiltInIsPointerInterconvertible"
}
}
/**
* A C++ `__is_corresponding_member` built-in operation (used
* by some implementations of the `<type_traits>` header).
*
* Returns `true` if two member pointers refer to corresponding
* members in the initial sequences of two class types.
* ```
* template<typename _Tp1, typename _Tp2, typename _Up1, typename _Up2>
* constexpr bool is_corresponding_member(_Up1 _Tp1::*mp1, _Up2 _Tp2::*mp2 ) noexcept
* = __is_corresponding_member(_Tp1, _Tp2, mp1, mp2);
* ```
*/
class BuiltInOperationIsCorrespondingMember extends BuiltInOperation, @iscorrespondingmember {
override string toString() { result = "__is_corresponding_member" }
override string getAPrimaryQlClass() { result = "BuiltInOperationIsCorrespondingMember" }
}
/**
* A C++ `__builtin_is_corresponding_member` built-in operation (used
* by some implementations of the `<type_traits>` header).
*
* Returns `true` if two member pointers refer to corresponding
* members in the initial sequences of two class types.
* ```
* template<typename _Tp1, typename _Tp2, typename _Up1, typename _Up2>
* constexpr bool is_corresponding_member(_Up1 _Tp1::*mp1, _Up2 _Tp2::*mp2 ) noexcept
* = __builtin_is_corresponding_member(mp1, mp2);
* ```
*/
class BuiltInOperationBuiltInIsCorrespondingMember extends BuiltInOperation,
@builtiniscorrespondingmember
{
override string toString() { result = "__builtin_is_corresponding_member" }
override string getAPrimaryQlClass() { result = "BuiltInOperationBuiltInIsCorrespondingMember" }
}
/**
* A C++ `__is_array` built-in operation (used by some implementations of the
* `<type_traits>` header).
@@ -1138,6 +1299,42 @@ class BuiltInOperationIsArray extends BuiltInOperation, @isarray {
override string getAPrimaryQlClass() { result = "BuiltInOperationIsArray" }
}
/**
* A C++ `__is_bounded_array` built-in operation (used by some implementations
* of the `<type_traits>` header).
*
* Returns `true` if a type is a bounded array type.
* ```
* template<typename _Tp>
* struct is_bounded_array
* : public integral_constant<bool, __is_bounded_array(_Tp)>
* { };
* ```
*/
class BuiltInOperationIsBoundedArray extends BuiltInOperation, @isboundedarray {
override string toString() { result = "__is_bounded_array" }
override string getAPrimaryQlClass() { result = "BuiltInOperationIsBoundedArray" }
}
/**
* A C++ `__is_unbounded_array` built-in operation (used by some implementations
* of the `<type_traits>` header).
*
* Returns `true` if a type is an unbounded array type.
* ```
* template<typename _Tp>
* struct is_bounded_array
* : public integral_constant<bool, __is_unbounded_array(_Tp)>
* { };
* ```
*/
class BuiltInOperationIsUnboundedArray extends BuiltInOperation, @isunboundedarray {
override string toString() { result = "__is_unbounded_array" }
override string getAPrimaryQlClass() { result = "BuiltInOperationIsUnboundedArray" }
}
/**
* A C++ `__array_rank` built-in operation (used by some implementations of the
* `<type_traits>` header).
@@ -1554,10 +1751,10 @@ class BuiltInBitCast extends BuiltInOperation, @builtinbitcast {
*
* Returns `true` if a type is a trivial type.
* ```
* template<typename _Tp>
* struct is_trivial
* : public integral_constant<bool, __is_trivial(_Tp)>
* {};
* template<typename _Tp>
* struct is_trivial
* : public integral_constant<bool, __is_trivial(_Tp)>
* {};
* ```
*/
class BuiltInIsTrivial extends BuiltInOperation, @istrivialexpr {
@@ -1565,3 +1762,126 @@ class BuiltInIsTrivial extends BuiltInOperation, @istrivialexpr {
override string getAPrimaryQlClass() { result = "BuiltInIsTrivial" }
}
/**
* A C++ `__reference_constructs_from_temporary` built-in operation
* (used by some implementations of the `<type_traits>` header).
*
* Returns `true` if a reference type `_Tp` is bound to an expression of
* type `_Up` in direct-initialization, and a temporary object is bound.
* ```
* template<typename _Tp, typename _Up>
* struct reference_constructs_from_temporary
* : public integral_constant<bool, __reference_constructs_from_temporary(_Tp, _Up)>
* {};
* ```
*/
class BuiltInOperationReferenceConstructsFromTemporary extends BuiltInOperation,
@referenceconstructsfromtemporary
{
override string toString() { result = "__reference_constructs_from_temporary" }
override string getAPrimaryQlClass() {
result = "BuiltInOperationReferenceConstructsFromTemporary"
}
}
/**
* A C++ `__reference_converts_from_temporary` built-in operation
* (used by some implementations of the `<type_traits>` header).
*
* Returns `true` if a reference type `_Tp` is bound to an expression of
* type `_Up` in copy-initialization, and a temporary object is bound.
* ```
* template<typename _Tp, typename _Up>
* struct reference_converts_from_temporary
* : public integral_constant<bool, __reference_converts_from_temporary(_Tp, _Up)>
* {};
* ```
*/
class BuiltInOperationReferenceCovertsFromTemporary extends BuiltInOperation,
@referenceconvertsfromtemporary
{
override string toString() { result = "__reference_converts_from_temporary" }
override string getAPrimaryQlClass() { result = "BuiltInOperationReferenceCovertsFromTemporary" }
}
/**
* A C++ `__reference_binds_to_temporary` built-in operation (used by some
* implementations of the `<tuple>` header).
*
* Returns `true` if a reference of type `Type1` is bound to an expression of
* type `Type1`, and a temporary object is bound.
* ```
* __reference_binds_to_temporary(Type1, Type2)
*/
class BuiltInOperationReferenceBindsToTemporary extends BuiltInOperation, @referencebindstotemporary
{
override string toString() { result = "__reference_binds_to_temporary" }
override string getAPrimaryQlClass() { result = "BuiltInOperationReferenceBindsToTemporary" }
}
/**
* A C++ `__builtin_has_attribute` built-in operation.
*
* Returns `true` if a type or expression has been declared with the
* specified attribute.
* ```
* __attribute__ ((aligned(8))) int v;
* bool has_attribute = __builtin_has_attribute(v, aligned);
* ```
*/
class BuiltInOperationHasAttribute extends BuiltInOperation, @builtinhasattribute {
override string toString() { result = "__builtin_has_attribute" }
override string getAPrimaryQlClass() { result = "BuiltInOperationHasAttribute" }
}
/**
* A C++ `__is_referenceable` built-in operation.
*
* Returns `true` if a type can be referenced.
* ```
* bool is_referenceable = __is_referenceable(int);
* ```
*/
class BuiltInOperationIsReferenceable extends BuiltInOperation, @isreferenceable {
override string toString() { result = "__is_referenceable" }
override string getAPrimaryQlClass() { result = "BuiltInOperationIsReferenceable" }
}
/**
* The `__is_valid_winrt_type` built-in operation. This is a Microsoft extension.
*
* Returns `true` if the type is a valid WinRT type.
*/
class BuiltInOperationIsValidWinRtType extends BuiltInOperation, @isvalidwinrttype {
override string toString() { result = "__is_valid_winrt_type" }
override string getAPrimaryQlClass() { result = "BuiltInOperationIsValidWinRtType" }
}
/**
* The `__is_win_class` built-in operation. This is a Microsoft extension.
*
* Returns `true` if the class is a ref class.
*/
class BuiltInOperationIsWinClass extends BuiltInOperation, @iswinclass {
override string toString() { result = "__is_win_class" }
override string getAPrimaryQlClass() { result = "BuiltInOperationIsWinClass" }
}
/**
* The `__is_win_class` built-in operation. This is a Microsoft extension.
*
* Returns `true` if the class is an interface class.
*/
class BuiltInOperationIsWinInterface extends BuiltInOperation, @iswininterface {
override string toString() { result = "__is_win_interface" }
override string getAPrimaryQlClass() { result = "BuiltInOperationIsWinInterface" }
}

38
cpp/ql/lib/semmlecode.cpp.dbscheme
View File

@@ -1748,6 +1748,25 @@ case @expr.kind of
| 361 = @isvoid
| 362 = @isvolatile
| 363 = @reuseexpr
| 364 = @istriviallycopyassignable
| 365 = @isassignablenopreconditioncheck
| 366 = @referencebindstotemporary
| 367 = @issameas
| 368 = @builtinhasattribute
| 369 = @ispointerinterconvertiblewithclass
| 370 = @builtinispointerinterconvertiblewithclass
| 371 = @iscorrespondingmember
| 372 = @builtiniscorrespondingmember
| 373 = @isboundedarray
| 374 = @isunboundedarray
| 375 = @isreferenceable
| 378 = @isnothrowconvertible
| 379 = @referenceconstructsfromtemporary
| 380 = @referenceconvertsfromtemporary
| 381 = @isconvertible
| 382 = @isvalidwinrttype
| 383 = @iswinclass
| 384 = @iswininterface
;
@var_args_expr = @vastartexpr
@@ -1842,6 +1861,25 @@ case @expr.kind of
| @isunsigned
| @isvoid
| @isvolatile
| @istriviallycopyassignable
| @isassignablenopreconditioncheck
| @referencebindstotemporary
| @issameas
| @builtinhasattribute
| @ispointerinterconvertiblewithclass
| @builtinispointerinterconvertiblewithclass
| @iscorrespondingmember
| @builtiniscorrespondingmember
| @isboundedarray
| @isunboundedarray
| @isreferenceable
| @isnothrowconvertible
| @referenceconstructsfromtemporary
| @referenceconvertsfromtemporary
| @isconvertible
| @isvalidwinrttype
| @iswinclass
| @iswininterface
;
new_allocated_type(

5995
cpp/ql/lib/semmlecode.cpp.dbscheme.stats
View File

File diff suppressed because it is too large Load Diff

2251
cpp/ql/lib/upgrades/abfce5c170f93e281948f7689ece373464fdaf87/old.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2289
cpp/ql/lib/upgrades/abfce5c170f93e281948f7689ece373464fdaf87/semmlecode.cpp.dbscheme Normal file
View File

File diff suppressed because it is too large Load Diff

2
cpp/ql/lib/upgrades/abfce5c170f93e281948f7689ece373464fdaf87/upgrade.properties Normal file
View File

@@ -0,0 +1,2 @@
description: Add new builtin operations
compatibility: backwards

17
cpp/ql/test/library-tests/builtins/type_traits/clang.cpp
View File

@@ -1,4 +1,4 @@
// semmle-extractor-options: --clang --clang_version 100000
// semmle-extractor-options: --clang --clang_version 180000
struct S {
void f() {}
@@ -93,3 +93,18 @@ struct S2 {
bool bok_is_trivial1 = __is_trivial(int);
bool bok_is_trivial2 = __is_trivial(S2);
bool bok_reference_binds_to_temporary1 = __reference_binds_to_temporary(int&, long&);
bool bok_reference_binds_to_temporary2 = __reference_binds_to_temporary(int const &, long&);
bool b_is_same_as1 = __is_same_as(int, int);
bool b_is_same_as2 = __is_same_as(int, float);
bool b_is_bounded_array1 = __is_bounded_array(int[]);
bool b_is_bounded_array2 = __is_bounded_array(int[42]);
bool b_is_unbounded_array1 = __is_unbounded_array(int[]);
bool b_is_unbounded_array2 = __is_unbounded_array(int[42]);
bool b_is_referenceable1 = __is_referenceable(int);
bool b_is_referenceable2 = __is_referenceable(void);

104
cpp/ql/test/library-tests/builtins/type_traits/expr.expected
View File

@@ -125,9 +125,78 @@
| clang.cpp:94:24:94:40 | int | | <none> |
| clang.cpp:95:24:95:39 | S2 | | <none> |
| clang.cpp:95:24:95:39 | __is_trivial | S2 | 0 |
| clang.cpp:97:42:97:84 | __reference_binds_to_temporary | int &,long & | 0 |
| clang.cpp:97:42:97:84 | int & | | <none> |
| clang.cpp:97:42:97:84 | long & | | <none> |
| clang.cpp:98:42:98:91 | __reference_binds_to_temporary | const int &,long & | 1 |
| clang.cpp:98:42:98:91 | const int & | | <none> |
| clang.cpp:98:42:98:91 | long & | | <none> |
| clang.cpp:100:22:100:43 | __is_same_as | int,int | 1 |
| clang.cpp:100:22:100:43 | int | | <none> |
| clang.cpp:100:22:100:43 | int | | <none> |
| clang.cpp:101:22:101:45 | __is_same_as | int,float | 0 |
| clang.cpp:101:22:101:45 | float | | <none> |
| clang.cpp:101:22:101:45 | int | | <none> |
| clang.cpp:103:28:103:52 | __is_bounded_array | int[] | 0 |
| clang.cpp:103:28:103:52 | int[] | | <none> |
| clang.cpp:104:28:104:54 | __is_bounded_array | int[42] | 1 |
| clang.cpp:104:28:104:54 | int[42] | | <none> |
| clang.cpp:104:51:104:52 | 42 | | 42 |
| clang.cpp:104:51:104:52 | (unsigned long)... | | 42 |
| clang.cpp:106:30:106:56 | __is_unbounded_array | int[] | 1 |
| clang.cpp:106:30:106:56 | int[] | | <none> |
| clang.cpp:107:30:107:58 | __is_unbounded_array | int[42] | 0 |
| clang.cpp:107:30:107:58 | int[42] | | <none> |
| clang.cpp:107:55:107:56 | 42 | | 42 |
| clang.cpp:107:55:107:56 | (unsigned long)... | | 42 |
| clang.cpp:109:28:109:50 | __is_referenceable | int | 1 |
| clang.cpp:109:28:109:50 | int | | <none> |
| clang.cpp:110:28:110:51 | __is_referenceable | void | 0 |
| clang.cpp:110:28:110:51 | void | | <none> |
| file://:0:0:0:0 | 0 | | 0 |
| file://:0:0:0:0 | 1 | | 1 |
| file://:0:0:0:0 | 2 | | 2 |
| gcc.cpp:3:25:3:25 | 8 | | 8 |
| gcc.cpp:4:25:4:59 | 0 | | 0 |
| gcc.cpp:4:25:4:59 | __builtin_has_attribute | v,0 | 1 |
| gcc.cpp:4:49:4:49 | v | | <none> |
| gcc.cpp:5:25:5:62 | 0 | | 0 |
| gcc.cpp:5:25:5:62 | __builtin_has_attribute | v,0 | 0 |
| gcc.cpp:5:49:5:49 | v | | <none> |
| gcc.cpp:13:50:13:111 | __builtin_is_pointer_interconvertible_with_class | i | 1 |
| gcc.cpp:13:99:13:110 | i | | <none> |
| gcc.cpp:14:50:14:111 | __builtin_is_pointer_interconvertible_with_class | d | 0 |
| gcc.cpp:14:99:14:110 | d | | <none> |
| gcc.cpp:16:35:16:95 | __builtin_is_corresponding_member | i,i | 1 |
| gcc.cpp:16:69:16:80 | i | | <none> |
| gcc.cpp:16:83:16:94 | i | | <none> |
| gcc.cpp:17:35:17:95 | __builtin_is_corresponding_member | i,d | 0 |
| gcc.cpp:17:69:17:80 | i | | <none> |
| gcc.cpp:17:83:17:94 | d | | <none> |
| gcc.cpp:19:34:19:67 | __is_nothrow_convertible | int,int | 1 |
| gcc.cpp:19:34:19:67 | int | | <none> |
| gcc.cpp:19:34:19:67 | int | | <none> |
| gcc.cpp:20:34:20:72 | __is_nothrow_convertible | a_struct,int | 0 |
| gcc.cpp:20:34:20:72 | a_struct | | <none> |
| gcc.cpp:20:34:20:72 | int | | <none> |
| gcc.cpp:22:26:22:51 | __is_convertible | int,int | 1 |
| gcc.cpp:22:26:22:51 | int | | <none> |
| gcc.cpp:22:26:22:51 | int | | <none> |
| gcc.cpp:23:26:23:56 | __is_convertible | a_struct,int | 0 |
| gcc.cpp:23:26:23:56 | a_struct | | <none> |
| gcc.cpp:23:26:23:56 | int | | <none> |
| gcc.cpp:25:47:25:95 | __reference_constructs_from_temporary | int &&,int | 1 |
| gcc.cpp:25:47:25:95 | int | | <none> |
| gcc.cpp:25:47:25:95 | int && | | <none> |
| gcc.cpp:26:47:26:97 | __reference_constructs_from_temporary | int &&,int && | 0 |
| gcc.cpp:26:47:26:97 | int && | | <none> |
| gcc.cpp:26:47:26:97 | int && | | <none> |
| gcc.cpp:28:45:28:91 | __reference_converts_from_temporary | int &&,int | 1 |
| gcc.cpp:28:45:28:91 | int | | <none> |
| gcc.cpp:28:45:28:91 | int && | | <none> |
| gcc.cpp:29:45:29:93 | __reference_converts_from_temporary | int &&,int && | 0 |
| gcc.cpp:29:45:29:93 | int && | | <none> |
| gcc.cpp:29:45:29:93 | int && | | <none> |
| ms.cpp:38:41:38:45 | 0 | | 0 |
| ms.cpp:88:27:88:45 | __has_assign | empty | 0 |
| ms.cpp:88:27:88:45 | empty | | <none> |
@@ -452,3 +521,38 @@
| ms.cpp:272:51:272:104 | __is_pointer_interconvertible_base_of | empty,abstract | 0 |
| ms.cpp:272:51:272:104 | abstract | | <none> |
| ms.cpp:272:51:272:104 | empty | | <none> |
| ms.cpp:274:44:274:85 | __is_trivially_copy_assignable | has_assign | 0 |
| ms.cpp:274:44:274:85 | has_assign | | <none> |
| ms.cpp:275:44:275:78 | __is_trivially_copy_assignable | int | 1 |
| ms.cpp:275:44:275:78 | int | | <none> |
| ms.cpp:277:51:277:107 | __is_assignable_no_precondition_check | a_struct,a_struct | 1 |
| ms.cpp:277:51:277:107 | a_struct | | <none> |
| ms.cpp:277:51:277:107 | a_struct | | <none> |
| ms.cpp:278:51:278:104 | __is_assignable_no_precondition_check | a_struct,empty | 0 |
| ms.cpp:278:51:278:104 | a_struct | | <none> |
| ms.cpp:278:51:278:104 | empty | | <none> |
| ms.cpp:279:51:279:102 | __is_assignable_no_precondition_check | a_struct,int | 0 |
| ms.cpp:279:51:279:102 | a_struct | | <none> |
| ms.cpp:279:51:279:102 | int | | <none> |
| ms.cpp:281:54:281:117 | __is_pointer_interconvertible_with_class | a_struct,i | 1 |
| ms.cpp:281:54:281:117 | a_struct | | <none> |
| ms.cpp:281:105:281:116 | i | | <none> |
| ms.cpp:282:54:282:117 | __is_pointer_interconvertible_with_class | a_struct,d | 0 |
| ms.cpp:282:54:282:117 | a_struct | | <none> |
| ms.cpp:282:105:282:116 | d | | <none> |
| ms.cpp:284:39:284:111 | __is_corresponding_member | a_struct,a_struct,i,i | 1 |
| ms.cpp:284:39:284:111 | a_struct | | <none> |
| ms.cpp:284:39:284:111 | a_struct | | <none> |
| ms.cpp:284:85:284:96 | i | | <none> |
| ms.cpp:284:99:284:110 | i | | <none> |
| ms.cpp:285:39:285:111 | __is_corresponding_member | a_struct,a_struct,i,d | 0 |
| ms.cpp:285:39:285:111 | a_struct | | <none> |
| ms.cpp:285:39:285:111 | a_struct | | <none> |
| ms.cpp:285:85:285:96 | i | | <none> |
| ms.cpp:285:99:285:110 | d | | <none> |
| ms.cpp:287:34:287:59 | __is_valid_winrt_type | int | 1 |
| ms.cpp:287:34:287:59 | int | | <none> |
| ms.cpp:288:27:288:45 | __is_win_class | int | 0 |
| ms.cpp:288:27:288:45 | int | | <none> |
| ms.cpp:289:31:289:53 | __is_win_interface | int | 0 |
| ms.cpp:289:31:289:53 | int | | <none> |

29
cpp/ql/test/library-tests/builtins/type_traits/gcc.cpp Normal file
View File

@@ -0,0 +1,29 @@
// semmle-extractor-options: --gnu_version 130000
__attribute__ ((aligned(8))) int v;
bool b_has_attribute1 = __builtin_has_attribute(v, aligned);
bool b_has_attribute2 = __builtin_has_attribute(v, aligned(4));
struct a_struct {
int i;
double d;
};
bool b_is_pointer_interconvertible_with_class1 = __builtin_is_pointer_interconvertible_with_class(&a_struct::i);
bool b_is_pointer_interconvertible_with_class2 = __builtin_is_pointer_interconvertible_with_class(&a_struct::d);
bool b_is_corresponding_member1 = __builtin_is_corresponding_member(&a_struct::i, &a_struct::i);
bool b_is_corresponding_member2 = __builtin_is_corresponding_member(&a_struct::i, &a_struct::d);
bool b_is_nothrow_convertible1 = __is_nothrow_convertible(int, int);
bool b_is_nothrow_convertible2 = __is_nothrow_convertible(a_struct, int);
bool b_is_convertible1 = __is_convertible(int, int);
bool b_is_convertible2 = __is_convertible(a_struct, int);
bool b_reference_constructs_from_temporary1 = __reference_constructs_from_temporary(int&&, int);
bool b_reference_constructs_from_temporary2 = __reference_constructs_from_temporary(int&&, int&&);
bool b_reference_converts_from_temporary1 = __reference_converts_from_temporary(int&&, int);
bool b_reference_converts_from_temporary2 = __reference_converts_from_temporary(int&&, int&&);

17
cpp/ql/test/library-tests/builtins/type_traits/ms.cpp
View File

@@ -270,4 +270,21 @@ void f(void) {
bool b_is_pointer_interconvertible_base_of1 = __is_pointer_interconvertible_base_of(empty, empty);
bool b_is_pointer_interconvertible_base_of2 = __is_pointer_interconvertible_base_of(empty, abstract);
bool b_is_trivially_copy_assignable1 = __is_trivially_copy_assignable(has_assign);
bool b_is_trivially_copy_assignable2 = __is_trivially_copy_assignable(int);
bool b_is_assignable_no_precondition_check1 = __is_assignable_no_precondition_check(a_struct, a_struct);
bool b_is_assignable_no_precondition_check2 = __is_assignable_no_precondition_check(a_struct, empty);
bool b_is_assignable_no_precondition_check3 = __is_assignable_no_precondition_check(a_struct, int);
bool b_is_pointer_interconvertible_with_class1 = __is_pointer_interconvertible_with_class(a_struct, &a_struct::i);
bool b_is_pointer_interconvertible_with_class2 = __is_pointer_interconvertible_with_class(a_struct, &a_struct::d);
bool b_is_corresponding_member1 = __is_corresponding_member(a_struct, a_struct, &a_struct::i, &a_struct::i);
bool b_is_corresponding_member2 = __is_corresponding_member(a_struct, a_struct, &a_struct::i, &a_struct::d);
bool b_is_valid_winrt_type = __is_valid_winrt_type(int);
bool b_is_win_class = __is_win_class(int);
bool b_is_win_interface = __is_win_interface(int);
}

5
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs
View File

@@ -69,6 +69,11 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
args += " --force";
}
if (restoreSettings.TargetWindows)
{
args += " /p:EnableWindowsTargeting=true";
}
return args;
}

6
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/FileProvider.cs
View File

@@ -62,7 +62,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
private string[] SelectTextFileNamesByName(string name)
{
var ret = allNonBinary.Value.SelectFileNamesByName(name).ToArray();
var ending = ret.Length == 0 ? "." : $": {string.Join(", ", ret.OrderBy(s => s))}.";
var ending = ret.Length == 0 ? "." : $": {string.Join(", ", ret)}.";
logger.LogInfo($"Found {ret.Length} {name} files in {SourceDir}{ending}");
return ret;
}
@@ -91,7 +91,9 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
private FileInfo[] GetAllFiles()
{
logger.LogInfo($"Finding files in {SourceDir}...");
var files = SourceDir.GetFiles("*.*", new EnumerationOptions { RecurseSubdirectories = true });
var files = SourceDir
.GetFiles("*.*", new EnumerationOptions { RecurseSubdirectories = true })
.OrderBy(f => f.FullName);
var filteredFiles = files.Where(f =>
{

2
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/IDotNet.cs
View File

@@ -17,7 +17,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
IList<string> GetNugetFeedsFromFolder(string folderPath);
}
public record class RestoreSettings(string File, string PackageDirectory, bool ForceDotnetRefAssemblyFetching, string? PathToNugetConfig = null, bool ForceReevaluation = false);
public record class RestoreSettings(string File, string PackageDirectory, bool ForceDotnetRefAssemblyFetching, string? PathToNugetConfig = null, bool ForceReevaluation = false, bool TargetWindows = false);
public partial record class RestoreResult(bool Success, IList<string> Output)
{

10
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs
View File

@@ -225,10 +225,13 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
var successCount = 0;
var nugetSourceFailures = 0;
var assets = new Assets(logger);
var isWindows = fileContent.UseWindowsForms || fileContent.UseWpf;
var projects = fileProvider.Solutions.SelectMany(solution =>
{
logger.LogInfo($"Restoring solution {solution}...");
var res = dotnet.Restore(new(solution, PackageDirectory.DirInfo.FullName, ForceDotnetRefAssemblyFetching: true));
var res = dotnet.Restore(new(solution, PackageDirectory.DirInfo.FullName, ForceDotnetRefAssemblyFetching: true, TargetWindows: isWindows));
if (res.Success)
{
successCount++;
@@ -258,6 +261,9 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
var successCount = 0;
var nugetSourceFailures = 0;
ConcurrentBag<DependencyContainer> collectedDependencies = [];
var isWindows = fileContent.UseWindowsForms || fileContent.UseWpf;
var sync = new object();
var projectGroups = projects.GroupBy(Path.GetDirectoryName);
Parallel.ForEach(projectGroups, new ParallelOptions { MaxDegreeOfParallelism = DependencyManager.Threads }, projectGroup =>
@@ -266,7 +272,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
foreach (var project in projectGroup)
{
logger.LogInfo($"Restoring project {project}...");
var res = dotnet.Restore(new(project, PackageDirectory.DirInfo.FullName, ForceDotnetRefAssemblyFetching: true));
var res = dotnet.Restore(new(project, PackageDirectory.DirInfo.FullName, ForceDotnetRefAssemblyFetching: true, TargetWindows: isWindows));
assets.AddDependenciesRange(res.AssetsFilePaths);
lock (sync)
{

47
csharp/ql/integration-tests/all-platforms/standalone_winforms/Assemblies.expected Normal file
View File

@@ -0,0 +1,47 @@
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/Accessibility.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/Microsoft.VisualBasic.Forms.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/Microsoft.VisualBasic.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/Microsoft.Win32.Registry.AccessControl.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/Microsoft.Win32.SystemEvents.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/PresentationCore.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/PresentationFramework.Aero2.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/PresentationFramework.Aero.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/PresentationFramework.AeroLite.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/PresentationFramework.Classic.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/PresentationFramework.Luna.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/PresentationFramework.Royale.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/PresentationFramework.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/PresentationUI.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/ReachFramework.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.CodeDom.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Configuration.ConfigurationManager.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Design.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Diagnostics.EventLog.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Diagnostics.PerformanceCounter.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.DirectoryServices.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Drawing.Common.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Drawing.Design.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Drawing.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.IO.Packaging.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Printing.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Resources.Extensions.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Security.Cryptography.Pkcs.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Security.Cryptography.ProtectedData.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Security.Cryptography.Xml.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Security.Permissions.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Threading.AccessControl.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Windows.Controls.Ribbon.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Windows.Extensions.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Windows.Forms.Design.Editors.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Windows.Forms.Design.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Windows.Forms.Primitives.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Windows.Forms.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Windows.Input.Manipulations.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Windows.Presentation.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/System.Xaml.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/UIAutomationClient.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/UIAutomationClientSideProviders.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/UIAutomationProvider.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/UIAutomationTypes.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/WindowsBase.dll |
| [...]/microsoft.windowsdesktop.app.ref/8.0.1/ref/net8.0/WindowsFormsIntegration.dll |

11
csharp/ql/integration-tests/all-platforms/standalone_winforms/Assemblies.ql Normal file
View File

@@ -0,0 +1,11 @@
import csharp
private string getPath(Assembly a) {
not a.getCompilation().getOutputAssembly() = a and
exists(string s | s = a.getFile().getAbsolutePath() |
result = "[...]" + s.substring(s.indexOf("microsoft.windowsdesktop.app.ref") - 1, s.length())
)
}
from Assembly a
select getPath(a)

18
csharp/ql/integration-tests/all-platforms/standalone_winforms/CompilationInfo.expected Normal file
View File

@@ -0,0 +1,18 @@
| All Nuget feeds reachable | 1.0 |
| Failed project restore with package source error | 0.0 |
| Failed solution restore with package source error | 0.0 |
| NuGet feed responsiveness checked | 1.0 |
| Project files on filesystem | 1.0 |
| Reachable fallback Nuget feed count | 1.0 |
| Resource extraction enabled | 0.0 |
| Restored .NET framework variants | 1.0 |
| Restored projects through solution files | 0.0 |
| Solution files on filesystem | 0.0 |
| Source files generated | 1.0 |
| Source files on filesystem | 3.0 |
| Successfully restored project files | 1.0 |
| Successfully restored solution files | 0.0 |
| Unresolved references | 0.0 |
| UseWPF set | 0.0 |
| UseWindowsForms set | 1.0 |
| WebView extraction enabled | 1.0 |

16
csharp/ql/integration-tests/all-platforms/standalone_winforms/CompilationInfo.ql Normal file
View File

@@ -0,0 +1,16 @@
import csharp
import semmle.code.csharp.commons.Diagnostics
query predicate compilationInfo(string key, float value) {
key != "Resolved references" and
key != "Resolved assembly conflicts" and
not key.matches("Compiler diagnostic count for%") and
exists(Compilation c, string infoKey, string infoValue | infoValue = c.getInfo(infoKey) |
key = infoKey and
value = infoValue.toFloat()
or
not exists(infoValue.toFloat()) and
key = infoKey + ": " + infoValue and
value = 1
)
}

38
csharp/ql/integration-tests/all-platforms/standalone_winforms/Form1.Designer.cs generated Normal file
View File

@@ -0,0 +1,38 @@
namespace winforms;
partial class Form1
{
/// <summary>
/// Required designer variable.
/// </summary>
private System.ComponentModel.IContainer components = null;
/// <summary>
/// Clean up any resources being used.
/// </summary>
/// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
protected override void Dispose(bool disposing)
{
if (disposing && (components != null))
{
components.Dispose();
}
base.Dispose(disposing);
}
#region Windows Form Designer generated code
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.components = new System.ComponentModel.Container();
this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
this.ClientSize = new System.Drawing.Size(800, 450);
this.Text = "Form1";
}
#endregion
}

9
csharp/ql/integration-tests/all-platforms/standalone_winforms/Form1.cs Normal file
View File

@@ -0,0 +1,9 @@
namespace winforms;
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
}

16
csharp/ql/integration-tests/all-platforms/standalone_winforms/Program.cs Normal file
View File

@@ -0,0 +1,16 @@
namespace winforms;
static class Program
{
/// <summary>
/// The main entry point for the application.
/// </summary>
[STAThread]
static void Main()
{
// To customize application configuration such as set high DPI settings or default font,
// see https://aka.ms/applicationconfiguration.
ApplicationConfiguration.Initialize();
Application.Run(new Form1());
}
}

5
csharp/ql/integration-tests/all-platforms/standalone_winforms/global.json Normal file
View File

@@ -0,0 +1,5 @@
{
"sdk": {
"version": "8.0.101"
}
}

3
csharp/ql/integration-tests/all-platforms/standalone_winforms/test.py Normal file
View File

@@ -0,0 +1,3 @@
from create_database_utils import *
run_codeql_database_create(lang="csharp", extra_args=["--build-mode=none"])

11
csharp/ql/integration-tests/all-platforms/standalone_winforms/winforms.csproj Normal file
View File

@@ -0,0 +1,11 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>WinExe</OutputType>
<TargetFramework>net8.0-windows</TargetFramework>
<Nullable>enable</Nullable>
<UseWindowsForms>true</UseWindowsForms>
<ImplicitUsings>enable</ImplicitUsings>
</PropertyGroup>
</Project>

76
csharp/ql/lib/semmle/code/csharp/Location.qll
View File

@@ -110,12 +110,21 @@ class SourceLocation extends Location, @location_default {
bindingset[version]
private int versionField(string version, int field) {
exists(string format |
format = "(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)" or
format = "(\\d+)\\.(\\d+)\\.(\\d+)" or
format = "(\\d+)\\.(\\d+)"
exists(string format, int i |
format = "(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)|" + "(\\d+)\\.(\\d+)\\.(\\d+)|" + "(\\d+)\\.(\\d+)" and
result = version.regexpCapture(format, i).toInt()
|
result = version.regexpCapture(format, field).toInt()
i = [1, 5, 8] and
field = 1
or
i = [2, 6, 9] and
field = 2
or
i = [3, 7] and
field = 3
or
i = 4 and
field = 4
) and
result >= 0 and
result <= 255
@@ -123,8 +132,19 @@ private int versionField(string version, int field) {
/** An assembly version, for example `4.0.0.0` or `4.5`. */
class Version extends string {
private int major;
bindingset[this]
Version() { exists(versionField(this, 1)) }
Version() { major = versionField(this, 1) }
bindingset[this]
private int getVersionField(int field) {
field = 1 and
result = major
or
field in [2 .. 4] and
result = versionField(this, field)
}
/**
* Gets field `field` of this version.
@@ -132,13 +152,47 @@ class Version extends string {
*/
bindingset[this]
int getField(int field) {
field in [1 .. 4] and
if exists(versionField(this, field)) then result = versionField(this, field) else result = 0
result = this.getVersionField(field)
or
field in [2 .. 4] and
not exists(this.getVersionField(field)) and
result = 0
}
bindingset[this]
private string getCanonicalizedField(int field) {
exists(string s, int length |
s = this.getVersionField(field).toString() and
length = s.length()
|
// make each field consist of 3 digits
result = concat(int i | i in [1 .. 3 - length] | "0") + s
)
}
/**
* Gets a canonicalized version of this string, where lexicographical ordering
* corresponds to version ordering.
*/
bindingset[this]
string getCanonicalizedVersion() {
exists(string res, int length |
res =
strictconcat(int field, string s |
s = this.getCanonicalizedField(field)
|
s, "." order by field
) and
length = res.length()
|
// make each canonicalized version consist of 4 chunks of 3 digits separated by a dot
result = res + concat(int i | i = [1 .. 15 - length] / 4 and i > 0 | ".000")
)
}
/** Gets the major version, for example `1` in `1.2.3.4`. */
bindingset[this]
int getMajor() { result = this.getField(1) }
int getMajor() { result = major }
/** Gets the major revision, for example `2` in `1.2.3.4`. */
bindingset[this]
@@ -164,9 +218,7 @@ class Version extends string {
*/
bindingset[this, other]
predicate isEarlierThan(Version other) {
exists(int i | this.getField(i) < other.getField(i) |
forall(int j | j in [1 .. i - 1] | this.getField(j) = other.getField(j))
)
this.getCanonicalizedVersion() < other.getCanonicalizedVersion()
}
/**

28
csharp/ql/lib/semmle/code/csharp/security/xml/InsecureXMLQuery.qll
View File

@@ -5,6 +5,19 @@
import csharp
private import semmle.code.csharp.commons.TargetFramework
pragma[nomagic]
private float getAssemblyVersion(Assembly a) {
result = a.getVersion().regexpCapture("([0-9]+\\.[0-9]+).*", 1).toFloat() and
// This method is only accurate when we're looking at versions before 4.0.
result < 4.0
}
pragma[nomagic]
private Version getTargetFrameworkVersion(TargetFrameworkAttribute tfa) {
tfa.isNetFramework() and
result = tfa.getFrameworkVersion()
}
/**
* Holds if the type `t` is in an assembly that has been compiled against a .NET framework version
* before the given version.
@@ -14,21 +27,16 @@ private predicate isNetFrameworkBefore(Type t, string version) {
// For assemblies compiled against framework versions before 4 the TargetFrameworkAttribute
// will not be present. In this case, we can revert back to the assembly version, which may not
// contain full minor version information.
exists(string assemblyVersion |
assemblyVersion =
t.getALocation().(Assembly).getVersion().regexpCapture("([0-9]+\\.[0-9]+).*", 1)
|
assemblyVersion.toFloat() < version.toFloat() and
// This method is only accurate when we're looking at versions before 4.0.
assemblyVersion.toFloat() < 4.0
exists(float assemblyVersion |
assemblyVersion = getAssemblyVersion(t.getALocation()) and
assemblyVersion < version.toFloat()
)
or
// For 4.0 and above the TargetFrameworkAttribute should be present to provide detailed version
// information.
exists(TargetFrameworkAttribute tfa |
tfa.hasElement(t) and
tfa.isNetFramework() and
tfa.getFrameworkVersion().isEarlierThan(version)
getTargetFrameworkVersion(tfa).isEarlierThan(version)
)
}
@@ -173,7 +181,7 @@ module XmlReader {
reason = "DTD processing is enabled by default in versions < 4.0" and
evidence = this and
not exists(this.getSettings()) and
isNetFrameworkBefore(this.(MethodCall).getTarget().getDeclaringType(), "4.0")
isNetFrameworkBefore(this.getTarget().getDeclaringType(), "4.0")
or
// bad settings flow here
exists(ObjectCreation settings |

18
go/extractor/extractor.go
View File

@@ -193,10 +193,20 @@ func ExtractWithFlags(buildFlags []string, patterns []string) error {
log.Println("Starting to extract packages.")
sep := regexp.QuoteMeta(string(filepath.Separator))
// if a path matches this regexp, we don't want to extract this package. Currently, it checks
// - that the path does not contain a `..` segment, and
// - the path does not contain a `vendor` directory.
noExtractRe := regexp.MustCompile(`.*(^|` + sep + `)(\.\.|vendor)($|` + sep + `).*`)
// Construct a list of directory segments to exclude from extraction, starting with ".."
excludedDirs := []string{`\.\.`}
// If CODEQL_EXTRACTOR_GO_EXTRACT_VENDOR_DIRS is "true", we extract `vendor` directories;
// otherwise (the default) is to exclude them from extraction
includeVendor := os.Getenv("CODEQL_EXTRACTOR_GO_EXTRACT_VENDOR_DIRS") == "true"
if !includeVendor {
excludedDirs = append(excludedDirs, "vendor")
}
// If a path matches this regexp, we don't extract this package. It checks whether the path
// contains one of the `excludedDirs`.
noExtractRe := regexp.MustCompile(`.*(^|` + sep + `)(` + strings.Join(excludedDirs, "|") + `)($|` + sep + `).*`)
// extract AST information for all packages
packages.Visit(pkgs, nil, func(pkg *packages.Package) {

5
go/ql/integration-tests/all-platforms/go/extract-vendor/build-environment.expected Normal file
View File

@@ -0,0 +1,5 @@
{
"configuration" : {
"go" : { }
}
}

14
go/ql/integration-tests/all-platforms/go/extract-vendor/diagnostics.expected Normal file
View File

@@ -0,0 +1,14 @@
{
"markdownMessage": "A single `go.mod` file was found.\n\n`go.mod`",
"severity": "note",
"source": {
"extractorName": "go",
"id": "go/autobuilder/single-root-go-mod-found",
"name": "A single `go.mod` file was found in the root"
},
"visibility": {
"cliSummaryTable": false,
"statusPage": false,
"telemetry": true
}
}

2
go/ql/integration-tests/all-platforms/go/extract-vendor/force_sequential_test_execution Normal file
View File

@@ -0,0 +1,2 @@
# go get has been observed to sometimes fail when multiple tests try to simultaneously fetch the same package.
goget

5
go/ql/integration-tests/all-platforms/go/extract-vendor/src/go.mod Normal file
View File

@@ -0,0 +1,5 @@
go 1.14
require example.com/test v0.1.0
module test

1
go/ql/integration-tests/all-platforms/go/extract-vendor/src/go.sum Normal file
View File

@@ -0,0 +1 @@
example.com/test v0.1.0/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=

11
go/ql/integration-tests/all-platforms/go/extract-vendor/src/test.go Normal file
View File

@@ -0,0 +1,11 @@
package test
import (
subdir "example.com/test"
)
func Test() {
foo := subdir.Add(2, 2)
println(foo)
}

5
go/ql/integration-tests/all-platforms/go/extract-vendor/src/vendor/example.com/test/add.go generated vendored Normal file
View File

@@ -0,0 +1,5 @@
package test
func Add(a, b int) int {
return a + b
}

3
go/ql/integration-tests/all-platforms/go/extract-vendor/src/vendor/modules.txt vendored Normal file
View File

@@ -0,0 +1,3 @@
# example.com/test v0.1.0
## explicit; go 1.14
example.com/test

5
go/ql/integration-tests/all-platforms/go/extract-vendor/test.expected Normal file
View File

@@ -0,0 +1,5 @@
extractedFiles
| src/go.mod:0:0:0:0 | src/go.mod |
| src/test.go:0:0:0:0 | src/test.go |
| src/vendor/example.com/test/add.go:0:0:0:0 | src/vendor/example.com/test/add.go |
#select

4
go/ql/integration-tests/all-platforms/go/extract-vendor/test.py Normal file
View File

@@ -0,0 +1,4 @@
from go_integration_test import *
os.environ['CODEQL_EXTRACTOR_GO_EXTRACT_VENDOR_DIRS'] = "true"
go_integration_test()

8
go/ql/integration-tests/all-platforms/go/extract-vendor/test.ql Normal file
View File

@@ -0,0 +1,8 @@
import go
import semmle.go.DiagnosticsReporting
query predicate extractedFiles(File f) { any() }
from string msg, int sev
where reportableDiagnostics(_, msg, sev)
select msg, sev

4
go/ql/lib/ext/empty.model.yml
View File

@@ -17,3 +17,7 @@ extensions:
pack: codeql/go-all
extensible: neutralModel
data: []
- addsTo:
pack: codeql/go-all
extensible: packageGrouping
data: []

58
go/ql/lib/ext/github.com.astaxie.beego.context.model.yml
View File

@@ -1,58 +0,0 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["github.com/astaxie/beego/context", "", False, "WriteBody", "", "", "Argument[2]", "Argument[1]", "taint", "manual"]
- ["github.com/beego/beego/server/web/context", "", False, "WriteBody", "", "", "Argument[2]", "Argument[1]", "taint", "manual"]
- addsTo:
pack: codeql/go-all
extensible: sourceModel
data:
- ["github.com/astaxie/beego/context", "BeegoInput", True, "Bind", "", "", "Argument[0]", "remote", "manual"]
- ["github.com/astaxie/beego/context", "BeegoInput", True, "Cookie", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/astaxie/beego/context", "BeegoInput", True, "Data", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/astaxie/beego/context", "BeegoInput", True, "GetData", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/astaxie/beego/context", "BeegoInput", True, "Header", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/astaxie/beego/context", "BeegoInput", True, "Param", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/astaxie/beego/context", "BeegoInput", True, "Params", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/astaxie/beego/context", "BeegoInput", True, "Query", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/astaxie/beego/context", "BeegoInput", True, "Refer", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/astaxie/beego/context", "BeegoInput", True, "Referer", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/astaxie/beego/context", "BeegoInput", True, "RequestBody", "", "", "", "remote", "manual"]
- ["github.com/astaxie/beego/context", "BeegoInput", True, "URI", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/astaxie/beego/context", "BeegoInput", True, "URL", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/astaxie/beego/context", "BeegoInput", True, "UserAgent", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/astaxie/beego/context", "Context", True, "GetCookie", "", "", "ReturnValue", "remote", "manual"]
- ["github.com/beego/beego/context", "BeegoInput", True, "Bind", "", "", "Argument[0]", "remote", "manual"]
- ["github.com/beego/beego/context", "BeegoInput", True, "Cookie", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/context", "BeegoInput", True, "Data", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/context", "BeegoInput", True, "GetData", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/context", "BeegoInput", True, "Header", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/context", "BeegoInput", True, "Param", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/context", "BeegoInput", True, "Params", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/context", "BeegoInput", True, "Query", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/context", "BeegoInput", True, "Refer", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/context", "BeegoInput", True, "Referer", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/context", "BeegoInput", True, "RequestBody", "", "", "", "remote", "manual"]
- ["github.com/beego/beego/context", "BeegoInput", True, "URI", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/context", "BeegoInput", True, "URL", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/context", "BeegoInput", True, "UserAgent", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/context", "Context", True, "GetCookie", "", "", "ReturnValue", "remote", "manual"]
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "Bind", "", "", "Argument[0]", "remote", "manual"]
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "Cookie", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "Data", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "GetData", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "Header", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "Param", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "Params", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "Query", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "Refer", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "Referer", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "RequestBody", "", "", "", "remote", "manual"]
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "URI", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "URL", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "UserAgent", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/server/web/context", "Context", True, "GetCookie", "", "", "ReturnValue", "remote", "manual"]

48
go/ql/lib/ext/github.com.astaxie.beego.model.yml
View File

@@ -1,48 +0,0 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["github.com/astaxie/beego", "", False, "HTML2str", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/astaxie/beego", "", False, "Htmlquote", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/astaxie/beego", "", False, "Htmlunquote", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/astaxie/beego", "", False, "MapGet", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/astaxie/beego", "", False, "ParseForm", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["github.com/astaxie/beego", "", False, "Str2html", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/astaxie/beego", "", False, "Substr", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/beego/beego", "", False, "HTML2str", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/beego/beego", "", False, "Htmlquote", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/beego/beego", "", False, "Htmlunquote", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/beego/beego", "", False, "MapGet", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/beego/beego", "", False, "ParseForm", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["github.com/beego/beego", "", False, "Str2html", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/beego/beego", "", False, "Substr", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/beego/beego/server/web", "", False, "HTML2str", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/beego/beego/server/web", "", False, "Htmlquote", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/beego/beego/server/web", "", False, "Htmlunquote", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/beego/beego/server/web", "", False, "MapGet", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/beego/beego/server/web", "", False, "ParseForm", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["github.com/beego/beego/server/web", "", False, "Str2html", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/beego/beego/server/web", "", False, "Substr", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- addsTo:
pack: codeql/go-all
extensible: sourceModel
data:
- ["github.com/astaxie/beego", "Controller", True, "ParseForm", "", "", "Argument[0]", "remote", "manual"]
- ["github.com/astaxie/beego", "Controller", True, "GetFile", "", "", "ReturnValue[0..1]", "remote", "manual"]
- ["github.com/astaxie/beego", "Controller", True, "GetFiles", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/astaxie/beego", "Controller", True, "GetString", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/astaxie/beego", "Controller", True, "GetStrings", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/astaxie/beego", "Controller", True, "Input", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego", "Controller", True, "ParseForm", "", "", "Argument[0]", "remote", "manual"]
- ["github.com/beego/beego", "Controller", True, "GetFile", "", "", "ReturnValue[0..1]", "remote", "manual"]
- ["github.com/beego/beego", "Controller", True, "GetFiles", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego", "Controller", True, "GetString", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego", "Controller", True, "GetStrings", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego", "Controller", True, "Input", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/server/web", "Controller", True, "ParseForm", "", "", "Argument[0]", "remote", "manual"]
- ["github.com/beego/beego/server/web", "Controller", True, "GetFile", "", "", "ReturnValue[0..1]", "remote", "manual"]
- ["github.com/beego/beego/server/web", "Controller", True, "GetFiles", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/server/web", "Controller", True, "GetString", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/server/web", "Controller", True, "GetStrings", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/beego/beego/server/web", "Controller", True, "Input", "", "", "ReturnValue[0]", "remote", "manual"]

31
go/ql/lib/ext/github.com.astaxie.beego.utils.model.yml
View File

@@ -1,31 +0,0 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["github.com/astaxie/beego/utils", "", False, "SliceChunk", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/astaxie/beego/utils", "", False, "SliceDiff", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/astaxie/beego/utils", "", False, "SliceFilter", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/astaxie/beego/utils", "", False, "SliceIntersect", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
- ["github.com/astaxie/beego/utils", "", False, "SliceMerge", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
- ["github.com/astaxie/beego/utils", "", False, "SlicePad", "", "", "Argument[0..2]", "ReturnValue", "taint", "manual"]
- ["github.com/astaxie/beego/utils", "", False, "SliceRand", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/astaxie/beego/utils", "", False, "SliceReduce", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/astaxie/beego/utils", "", False, "SliceShuffle", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/astaxie/beego/utils", "", False, "SliceUnique", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/astaxie/beego/utils", "BeeMap", True, "Get", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["github.com/astaxie/beego/utils", "BeeMap", True, "Items", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["github.com/astaxie/beego/utils", "BeeMap", True, "Set", "", "", "Argument[1]", "Argument[receiver]", "taint", "manual"]
- ["github.com/beego/beego/core/utils", "", False, "SliceChunk", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/beego/beego/core/utils", "", False, "SliceDiff", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/beego/beego/core/utils", "", False, "SliceFilter", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/beego/beego/core/utils", "", False, "SliceIntersect", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
- ["github.com/beego/beego/core/utils", "", False, "SliceMerge", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
- ["github.com/beego/beego/core/utils", "", False, "SlicePad", "", "", "Argument[0..2]", "ReturnValue", "taint", "manual"]
- ["github.com/beego/beego/core/utils", "", False, "SliceRand", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/beego/beego/core/utils", "", False, "SliceReduce", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/beego/beego/core/utils", "", False, "SliceShuffle", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/beego/beego/core/utils", "", False, "SliceUnique", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["github.com/beego/beego/core/utils", "BeeMap", True, "Get", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["github.com/beego/beego/core/utils", "BeeMap", True, "Items", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["github.com/beego/beego/core/utils", "BeeMap", True, "Set", "", "", "Argument[1]", "Argument[receiver]", "taint", "manual"]

25
go/ql/lib/ext/github.com.beego.beego.core.utils.model.yml Normal file
View File

@@ -0,0 +1,25 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: packageGrouping
data:
- ["beego-utils", "github.com/astaxie/beego/utils"]
- ["beego-utils", "github.com/beego/beego/utils"]
- ["beego-utils", "github.com/beego/beego/core/utils"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["group:beego-utils", "", False, "SliceChunk", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", False, "SliceDiff", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", False, "SliceFilter", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", False, "SliceIntersect", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", False, "SliceMerge", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", False, "SlicePad", "", "", "Argument[0..2]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", False, "SliceRand", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", False, "SliceReduce", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", False, "SliceShuffle", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", False, "SliceUnique", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "BeeMap", True, "Get", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "BeeMap", True, "Items", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "BeeMap", True, "Set", "", "", "Argument[1]", "Argument[receiver]", "taint", "manual"]

32
go/ql/lib/ext/github.com.beego.beego.server.web.context.model.yml Normal file
View File

@@ -0,0 +1,32 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: packageGrouping
data:
- ["beego-context", "github.com/astaxie/beego/context"]
- ["beego-context", "github.com/beego/beego/context"]
- ["beego-context", "github.com/beego/beego/server/web/context"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["group:beego-context", "", False, "WriteBody", "", "", "Argument[2]", "Argument[1]", "taint", "manual"]
- addsTo:
pack: codeql/go-all
extensible: sourceModel
data:
- ["group:beego-context", "BeegoInput", True, "Bind", "", "", "Argument[0]", "remote", "manual"]
- ["group:beego-context", "BeegoInput", True, "Cookie", "", "", "ReturnValue[0]", "remote", "manual"]
- ["group:beego-context", "BeegoInput", True, "Data", "", "", "ReturnValue[0]", "remote", "manual"]
- ["group:beego-context", "BeegoInput", True, "GetData", "", "", "ReturnValue[0]", "remote", "manual"]
- ["group:beego-context", "BeegoInput", True, "Header", "", "", "ReturnValue[0]", "remote", "manual"]
- ["group:beego-context", "BeegoInput", True, "Param", "", "", "ReturnValue[0]", "remote", "manual"]
- ["group:beego-context", "BeegoInput", True, "Params", "", "", "ReturnValue[0]", "remote", "manual"]
- ["group:beego-context", "BeegoInput", True, "Query", "", "", "ReturnValue[0]", "remote", "manual"]
- ["group:beego-context", "BeegoInput", True, "Refer", "", "", "ReturnValue[0]", "remote", "manual"]
- ["group:beego-context", "BeegoInput", True, "Referer", "", "", "ReturnValue[0]", "remote", "manual"]
- ["group:beego-context", "BeegoInput", True, "RequestBody", "", "", "", "remote", "manual"]
- ["group:beego-context", "BeegoInput", True, "URI", "", "", "ReturnValue[0]", "remote", "manual"]
- ["group:beego-context", "BeegoInput", True, "URL", "", "", "ReturnValue[0]", "remote", "manual"]
- ["group:beego-context", "BeegoInput", True, "UserAgent", "", "", "ReturnValue[0]", "remote", "manual"]
- ["group:beego-context", "Context", True, "GetCookie", "", "", "ReturnValue", "remote", "manual"]

29
go/ql/lib/ext/github.com.beego.beego.server.web.model.yml Normal file
View File

@@ -0,0 +1,29 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: packageGrouping
data:
- ["beego", "github.com/astaxie/beego"]
- ["beego", "github.com/beego/beego"]
- ["beego", "github.com/beego/beego/server/web"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["group:beego", "", False, "HTML2str", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego", "", False, "Htmlquote", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego", "", False, "Htmlunquote", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego", "", False, "MapGet", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["group:beego", "", False, "ParseForm", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["group:beego", "", False, "Str2html", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego", "", False, "Substr", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- addsTo:
pack: codeql/go-all
extensible: sourceModel
data:
- ["group:beego", "Controller", True, "ParseForm", "", "", "Argument[0]", "remote", "manual"]
- ["group:beego", "Controller", True, "GetFile", "", "", "ReturnValue[0..1]", "remote", "manual"]
- ["group:beego", "Controller", True, "GetFiles", "", "", "ReturnValue[0]", "remote", "manual"]
- ["group:beego", "Controller", True, "GetString", "", "", "ReturnValue[0]", "remote", "manual"]
- ["group:beego", "Controller", True, "GetStrings", "", "", "ReturnValue[0]", "remote", "manual"]
- ["group:beego", "Controller", True, "Input", "", "", "ReturnValue[0]", "remote", "manual"]

110
go/ql/lib/semmle/go/dataflow/ExternalFlow.qll
View File

@@ -20,7 +20,10 @@
* 1. The `package` column selects a package. Note that if the package does not
* contain a major version suffix (like "/v2") then we will match all major
* versions. This can be disabled by putting `fixed-version:` at the start
* of the package path.
* of the package path. Also, instead of a package path, if this column is
* "group:<groupname>" then it indicates that the row applies to all
* packages in the group `<groupname>` according to the `packageGrouping`
* predicate.
* 2. The `type` column selects a type within that package.
* 3. The `subtypes` is a boolean that indicates whether to jump to an
* arbitrary subtype of that type.
@@ -78,7 +81,7 @@
*/
private import go
import internal.ExternalFlowExtensions
import internal.ExternalFlowExtensions as FlowExtensions
private import FlowSummary as FlowSummary
private import internal.DataFlowPrivate
private import internal.FlowSummaryImpl
@@ -87,6 +90,89 @@ private import internal.FlowSummaryImpl::Private
private import internal.FlowSummaryImpl::Private::External
private import codeql.mad.ModelValidation as SharedModelVal
/** Gets the prefix for a group of packages. */
private string groupPrefix() { result = "group:" }
/**
* Gets a package represented by `packageOrGroup`.
*
* If `packageOrGroup` is of the form `group:<groupname>` then `result` is a
* package in the group `<groupname>`, as determined by `packageGrouping`.
* Otherwise, `result` is `packageOrGroup`.
*/
bindingset[packageOrGroup]
private string getPackage(string packageOrGroup) {
not packageOrGroup.prefix(groupPrefix().length()) = groupPrefix() and result = packageOrGroup
or
exists(string group |
FlowExtensions::packageGrouping(group, result) and
packageOrGroup = groupPrefix() + group
)
}
/**
* Holds if a source model exists for the given parameters.
*
* Note that `group:` references are expanded into one or more actual packages
* by this predicate.
*/
predicate sourceModel(
string package, string type, boolean subtypes, string name, string signature, string ext,
string output, string kind, string provenance, QlBuiltins::ExtensionId madId
) {
exists(string packageOrGroup |
package = getPackage(packageOrGroup) and
FlowExtensions::sourceModel(packageOrGroup, type, subtypes, name, signature, ext, output, kind,
provenance, madId)
)
}
/**
* Holds if a sink model exists for the given parameters.
*
* Note that `group:` references are expanded into one or more actual packages
* by this predicate.
*/
predicate sinkModel(
string package, string type, boolean subtypes, string name, string signature, string ext,
string input, string kind, string provenance, QlBuiltins::ExtensionId madId
) {
exists(string packageOrGroup | package = getPackage(packageOrGroup) |
FlowExtensions::sinkModel(packageOrGroup, type, subtypes, name, signature, ext, input, kind,
provenance, madId)
)
}
/**
* Holds if a summary model exists for the given parameters.
*
* Note that `group:` references are expanded into one or more actual packages
* by this predicate.
*/
predicate summaryModel(
string package, string type, boolean subtypes, string name, string signature, string ext,
string input, string output, string kind, string provenance, QlBuiltins::ExtensionId madId
) {
exists(string packageOrGroup | package = getPackage(packageOrGroup) |
FlowExtensions::summaryModel(packageOrGroup, type, subtypes, name, signature, ext, input,
output, kind, provenance, madId)
)
}
/**
* Holds if a neutral model exists for the given parameters.
*
* Note that `group:` references are expanded into one or more actual packages
* by this predicate.
*/
predicate neutralModel(
string package, string type, string name, string signature, string kind, string provenance
) {
exists(string packageOrGroup | package = getPackage(packageOrGroup) |
FlowExtensions::neutralModel(packageOrGroup, type, name, signature, kind, provenance)
)
}
/**
* Holds if the given extension tuple `madId` should pretty-print as `model`.
*
@@ -286,12 +372,30 @@ module ModelValidation {
)
}
private string getInvalidPackageGroup() {
exists(string pred, string group, string package |
FlowExtensions::sourceModel(package, _, _, _, _, _, _, _, _, _) and pred = "source"
or
FlowExtensions::sinkModel(package, _, _, _, _, _, _, _, _, _) and pred = "sink"
or
FlowExtensions::summaryModel(package, _, _, _, _, _, _, _, _, _, _) and
pred = "summary"
or
FlowExtensions::neutralModel(package, _, _, _, _, _) and
pred = "neutral"
|
package = groupPrefix() + group and
not FlowExtensions::packageGrouping(group, _) and
result = "Dubious package group \"" + package + "\" in " + pred + " model."
)
}
/** Holds if some row in a MaD flow model appears to contain typos. */
query predicate invalidModelRow(string msg) {
msg =
[
getInvalidModelSignature(), getInvalidModelInput(), getInvalidModelOutput(),
KindVal::getInvalidModelKind()
KindVal::getInvalidModelKind(), getInvalidPackageGroup()
]
}
}

5
go/ql/lib/semmle/go/dataflow/internal/ExternalFlowExtensions.qll
View File

@@ -32,3 +32,8 @@ extensible predicate summaryModel(
extensible predicate neutralModel(
string package, string type, string name, string signature, string kind, string provenance
);
/**
* Holds if the package `package` is part of the group `group`.
*/
extensible predicate packageGrouping(string group, string package);

28
go/ql/test/experimental/CWE-090/LDAPInjection.expected
View File

@@ -1,18 +1,18 @@
edges
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:59:3:59:11 | untrusted | provenance | Src:MaD:747 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:61:3:61:51 | ...+... | provenance | Src:MaD:747 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:3:62:33 | slice literal | provenance | Src:MaD:747 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:24:62:32 | untrusted | provenance | Src:MaD:747 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:66:3:66:11 | untrusted | provenance | Src:MaD:747 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:68:3:68:51 | ...+... | provenance | Src:MaD:747 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:3:69:33 | slice literal | provenance | Src:MaD:747 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:24:69:32 | untrusted | provenance | Src:MaD:747 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:73:3:73:11 | untrusted | provenance | Src:MaD:747 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:75:3:75:51 | ...+... | provenance | Src:MaD:747 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:3:76:33 | slice literal | provenance | Src:MaD:747 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:24:76:32 | untrusted | provenance | Src:MaD:747 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:80:22:80:30 | untrusted | provenance | Src:MaD:747 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:81:25:81:33 | untrusted | provenance | Src:MaD:747 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:59:3:59:11 | untrusted | provenance | Src:MaD:686 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:61:3:61:51 | ...+... | provenance | Src:MaD:686 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:3:62:33 | slice literal | provenance | Src:MaD:686 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:24:62:32 | untrusted | provenance | Src:MaD:686 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:66:3:66:11 | untrusted | provenance | Src:MaD:686 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:68:3:68:51 | ...+... | provenance | Src:MaD:686 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:3:69:33 | slice literal | provenance | Src:MaD:686 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:24:69:32 | untrusted | provenance | Src:MaD:686 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:73:3:73:11 | untrusted | provenance | Src:MaD:686 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:75:3:75:51 | ...+... | provenance | Src:MaD:686 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:3:76:33 | slice literal | provenance | Src:MaD:686 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:24:76:32 | untrusted | provenance | Src:MaD:686 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:80:22:80:30 | untrusted | provenance | Src:MaD:686 |
| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:81:25:81:33 | untrusted | provenance | Src:MaD:686 |
| LDAPInjection.go:62:3:62:33 | slice literal [array] | LDAPInjection.go:62:3:62:33 | slice literal | provenance | |
| LDAPInjection.go:62:24:62:32 | untrusted | LDAPInjection.go:62:3:62:33 | slice literal [array] | provenance | |
| LDAPInjection.go:69:3:69:33 | slice literal [array] | LDAPInjection.go:69:3:69:33 | slice literal | provenance | |

6
go/ql/test/experimental/CWE-203/Timing.expected
View File

@@ -1,9 +1,9 @@
edges
| timing.go:15:18:15:27 | selection of Header | timing.go:15:18:15:45 | call to Get | provenance | MaD:728 |
| timing.go:15:18:15:27 | selection of Header | timing.go:15:18:15:45 | call to Get | provenance | MaD:667 |
| timing.go:15:18:15:45 | call to Get | timing.go:17:31:17:42 | headerSecret | provenance | |
| timing.go:28:18:28:27 | selection of Header | timing.go:28:18:28:45 | call to Get | provenance | MaD:728 |
| timing.go:28:18:28:27 | selection of Header | timing.go:28:18:28:45 | call to Get | provenance | MaD:667 |
| timing.go:28:18:28:45 | call to Get | timing.go:30:47:30:58 | headerSecret | provenance | |
| timing.go:41:18:41:27 | selection of Header | timing.go:41:18:41:45 | call to Get | provenance | MaD:728 |
| timing.go:41:18:41:27 | selection of Header | timing.go:41:18:41:45 | call to Get | provenance | MaD:667 |
| timing.go:41:18:41:45 | call to Get | timing.go:42:25:42:36 | headerSecret | provenance | |
nodes
| timing.go:15:18:15:27 | selection of Header | semmle.label | selection of Header |

2
go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected
View File

@@ -1,5 +1,5 @@
edges
| ImproperLdapAuth.go:18:18:18:24 | selection of URL | ImproperLdapAuth.go:18:18:18:32 | call to Query | provenance | MaD:808 |
| ImproperLdapAuth.go:18:18:18:24 | selection of URL | ImproperLdapAuth.go:18:18:18:32 | call to Query | provenance | MaD:747 |
| ImproperLdapAuth.go:18:18:18:32 | call to Query | ImproperLdapAuth.go:28:23:28:34 | bindPassword | provenance | |
| ImproperLdapAuth.go:87:18:87:19 | "" | ImproperLdapAuth.go:97:23:97:34 | bindPassword | provenance | |
nodes

12
go/ql/test/experimental/CWE-369/DivideByZero.expected
View File

@@ -1,24 +1,24 @@
edges
| DivideByZero.go:10:12:10:16 | selection of URL | DivideByZero.go:10:12:10:24 | call to Query | provenance | MaD:808 |
| DivideByZero.go:10:12:10:16 | selection of URL | DivideByZero.go:10:12:10:24 | call to Query | provenance | MaD:747 |
| DivideByZero.go:10:12:10:24 | call to Query | DivideByZero.go:11:27:11:32 | param1 | provenance | |
| DivideByZero.go:11:2:11:33 | ... := ...[0] | DivideByZero.go:12:16:12:20 | value | provenance | |
| DivideByZero.go:11:27:11:32 | param1 | DivideByZero.go:11:2:11:33 | ... := ...[0] | provenance | Config |
| DivideByZero.go:17:12:17:16 | selection of URL | DivideByZero.go:17:12:17:24 | call to Query | provenance | MaD:808 |
| DivideByZero.go:17:12:17:16 | selection of URL | DivideByZero.go:17:12:17:24 | call to Query | provenance | MaD:747 |
| DivideByZero.go:17:12:17:24 | call to Query | DivideByZero.go:18:11:18:24 | type conversion | provenance | |
| DivideByZero.go:18:11:18:24 | type conversion | DivideByZero.go:19:16:19:20 | value | provenance | |
| DivideByZero.go:24:12:24:16 | selection of URL | DivideByZero.go:24:12:24:24 | call to Query | provenance | MaD:808 |
| DivideByZero.go:24:12:24:16 | selection of URL | DivideByZero.go:24:12:24:24 | call to Query | provenance | MaD:747 |
| DivideByZero.go:24:12:24:24 | call to Query | DivideByZero.go:25:31:25:36 | param1 | provenance | |
| DivideByZero.go:25:2:25:45 | ... := ...[0] | DivideByZero.go:26:16:26:20 | value | provenance | |
| DivideByZero.go:25:31:25:36 | param1 | DivideByZero.go:25:2:25:45 | ... := ...[0] | provenance | Config |
| DivideByZero.go:31:12:31:16 | selection of URL | DivideByZero.go:31:12:31:24 | call to Query | provenance | MaD:808 |
| DivideByZero.go:31:12:31:16 | selection of URL | DivideByZero.go:31:12:31:24 | call to Query | provenance | MaD:747 |
| DivideByZero.go:31:12:31:24 | call to Query | DivideByZero.go:32:33:32:38 | param1 | provenance | |
| DivideByZero.go:32:2:32:43 | ... := ...[0] | DivideByZero.go:33:16:33:20 | value | provenance | |
| DivideByZero.go:32:33:32:38 | param1 | DivideByZero.go:32:2:32:43 | ... := ...[0] | provenance | Config |
| DivideByZero.go:38:12:38:16 | selection of URL | DivideByZero.go:38:12:38:24 | call to Query | provenance | MaD:808 |
| DivideByZero.go:38:12:38:16 | selection of URL | DivideByZero.go:38:12:38:24 | call to Query | provenance | MaD:747 |
| DivideByZero.go:38:12:38:24 | call to Query | DivideByZero.go:39:32:39:37 | param1 | provenance | |
| DivideByZero.go:39:2:39:46 | ... := ...[0] | DivideByZero.go:40:16:40:20 | value | provenance | |
| DivideByZero.go:39:32:39:37 | param1 | DivideByZero.go:39:2:39:46 | ... := ...[0] | provenance | Config |
| DivideByZero.go:54:12:54:16 | selection of URL | DivideByZero.go:54:12:54:24 | call to Query | provenance | MaD:808 |
| DivideByZero.go:54:12:54:16 | selection of URL | DivideByZero.go:54:12:54:24 | call to Query | provenance | MaD:747 |
| DivideByZero.go:54:12:54:24 | call to Query | DivideByZero.go:55:11:55:24 | type conversion | provenance | |
| DivideByZero.go:55:11:55:24 | type conversion | DivideByZero.go:57:17:57:21 | value | provenance | |
nodes

6
go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected
View File

@@ -1,5 +1,5 @@
edges
| test.go:59:16:59:44 | call to FormValue | test.go:128:20:128:27 | definition of filename | provenance | Src:MaD:743 |
| test.go:59:16:59:44 | call to FormValue | test.go:128:20:128:27 | definition of filename | provenance | Src:MaD:682 |
| test.go:60:15:60:26 | selection of Body | test.go:158:19:158:22 | definition of file | provenance | |
| test.go:61:24:61:35 | selection of Body | test.go:169:28:169:31 | definition of file | provenance | |
| test.go:62:13:62:24 | selection of Body | test.go:181:17:181:20 | definition of file | provenance | |
@@ -31,7 +31,7 @@ edges
| test.go:145:12:145:19 | call to Open | test.go:147:37:147:38 | rc | provenance | |
| test.go:158:19:158:22 | definition of file | test.go:159:25:159:28 | file | provenance | |
| test.go:159:2:159:29 | ... := ...[0] | test.go:160:48:160:52 | file1 | provenance | |
| test.go:159:25:159:28 | file | test.go:159:2:159:29 | ... := ...[0] | provenance | MaD:620 |
| test.go:159:25:159:28 | file | test.go:159:2:159:29 | ... := ...[0] | provenance | MaD:559 |
| test.go:160:2:160:69 | ... := ...[0] | test.go:163:26:163:29 | file | provenance | |
| test.go:160:32:160:53 | call to NewReader | test.go:160:2:160:69 | ... := ...[0] | provenance | Config |
| test.go:160:48:160:52 | file1 | test.go:160:32:160:53 | call to NewReader | provenance | MaD:46 |
@@ -39,7 +39,7 @@ edges
| test.go:163:26:163:29 | file | test.go:163:3:163:36 | ... := ...[0] | provenance | MaD:8 |
| test.go:169:28:169:31 | definition of file | test.go:170:25:170:28 | file | provenance | |
| test.go:170:2:170:29 | ... := ...[0] | test.go:171:57:171:61 | file2 | provenance | |
| test.go:170:25:170:28 | file | test.go:170:2:170:29 | ... := ...[0] | provenance | MaD:620 |
| test.go:170:25:170:28 | file | test.go:170:2:170:29 | ... := ...[0] | provenance | MaD:559 |
| test.go:171:2:171:78 | ... := ...[0] | test.go:175:26:175:29 | file | provenance | |
| test.go:171:41:171:62 | call to NewReader | test.go:171:2:171:78 | ... := ...[0] | provenance | Config |
| test.go:171:57:171:61 | file2 | test.go:171:41:171:62 | call to NewReader | provenance | MaD:46 |

2
go/ql/test/experimental/CWE-74/DsnInjection.expected
View File

@@ -1,5 +1,5 @@
edges
| Dsn.go:47:10:47:30 | call to FormValue | Dsn.go:49:102:49:105 | name | provenance | Src:MaD:743 |
| Dsn.go:47:10:47:30 | call to FormValue | Dsn.go:49:102:49:105 | name | provenance | Src:MaD:682 |
| Dsn.go:49:11:49:106 | []type{args} [array] | Dsn.go:49:11:49:106 | call to Sprintf | provenance | MaD:248 |
| Dsn.go:49:11:49:106 | call to Sprintf | Dsn.go:50:29:50:33 | dbDSN | provenance | |
| Dsn.go:49:102:49:105 | name | Dsn.go:49:11:49:106 | []type{args} [array] | provenance | |

26
go/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.expected
View File

@@ -1,28 +1,28 @@
edges
| HTMLTemplateEscapingPassthrough.go:29:12:29:41 | type conversion | HTMLTemplateEscapingPassthrough.go:30:39:30:39 | a | provenance | |
| HTMLTemplateEscapingPassthrough.go:29:26:29:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:29:12:29:41 | type conversion | provenance | Src:MaD:747 |
| HTMLTemplateEscapingPassthrough.go:29:26:29:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:29:12:29:41 | type conversion | provenance | Src:MaD:686 |
| HTMLTemplateEscapingPassthrough.go:35:9:35:38 | type conversion | HTMLTemplateEscapingPassthrough.go:36:40:36:40 | a | provenance | |
| HTMLTemplateEscapingPassthrough.go:35:23:35:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:35:9:35:38 | type conversion | provenance | Src:MaD:747 |
| HTMLTemplateEscapingPassthrough.go:35:23:35:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:35:9:35:38 | type conversion | provenance | Src:MaD:686 |
| HTMLTemplateEscapingPassthrough.go:40:9:40:34 | type conversion | HTMLTemplateEscapingPassthrough.go:41:40:41:40 | a | provenance | |
| HTMLTemplateEscapingPassthrough.go:40:19:40:33 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:40:9:40:34 | type conversion | provenance | Src:MaD:747 |
| HTMLTemplateEscapingPassthrough.go:40:19:40:33 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:40:9:40:34 | type conversion | provenance | Src:MaD:686 |
| HTMLTemplateEscapingPassthrough.go:46:11:46:44 | type conversion | HTMLTemplateEscapingPassthrough.go:47:41:47:41 | c | provenance | |
| HTMLTemplateEscapingPassthrough.go:46:29:46:43 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:46:11:46:44 | type conversion | provenance | Src:MaD:747 |
| HTMLTemplateEscapingPassthrough.go:46:29:46:43 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:46:11:46:44 | type conversion | provenance | Src:MaD:686 |
| HTMLTemplateEscapingPassthrough.go:50:11:50:38 | type conversion | HTMLTemplateEscapingPassthrough.go:51:44:51:44 | d | provenance | |
| HTMLTemplateEscapingPassthrough.go:50:23:50:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:50:11:50:38 | type conversion | provenance | Src:MaD:747 |
| HTMLTemplateEscapingPassthrough.go:50:23:50:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:50:11:50:38 | type conversion | provenance | Src:MaD:686 |
| HTMLTemplateEscapingPassthrough.go:54:11:54:41 | type conversion | HTMLTemplateEscapingPassthrough.go:55:44:55:44 | e | provenance | |
| HTMLTemplateEscapingPassthrough.go:54:26:54:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:54:11:54:41 | type conversion | provenance | Src:MaD:747 |
| HTMLTemplateEscapingPassthrough.go:54:26:54:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:54:11:54:41 | type conversion | provenance | Src:MaD:686 |
| HTMLTemplateEscapingPassthrough.go:58:11:58:39 | type conversion | HTMLTemplateEscapingPassthrough.go:59:38:59:38 | b | provenance | |
| HTMLTemplateEscapingPassthrough.go:58:24:58:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:58:11:58:39 | type conversion | provenance | Src:MaD:747 |
| HTMLTemplateEscapingPassthrough.go:58:24:58:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:58:11:58:39 | type conversion | provenance | Src:MaD:686 |
| HTMLTemplateEscapingPassthrough.go:62:11:62:42 | type conversion | HTMLTemplateEscapingPassthrough.go:63:44:63:44 | f | provenance | |
| HTMLTemplateEscapingPassthrough.go:62:27:62:41 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:62:11:62:42 | type conversion | provenance | Src:MaD:747 |
| HTMLTemplateEscapingPassthrough.go:62:27:62:41 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:62:11:62:42 | type conversion | provenance | Src:MaD:686 |
| HTMLTemplateEscapingPassthrough.go:66:11:66:39 | type conversion | HTMLTemplateEscapingPassthrough.go:67:38:67:38 | g | provenance | |
| HTMLTemplateEscapingPassthrough.go:66:24:66:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:66:11:66:39 | type conversion | provenance | Src:MaD:747 |
| HTMLTemplateEscapingPassthrough.go:75:17:75:31 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:76:38:76:44 | escaped | provenance | Src:MaD:747 |
| HTMLTemplateEscapingPassthrough.go:81:10:81:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:84:38:84:40 | src | provenance | Src:MaD:747 |
| HTMLTemplateEscapingPassthrough.go:89:10:89:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:91:64:91:66 | src | provenance | Src:MaD:747 |
| HTMLTemplateEscapingPassthrough.go:66:24:66:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:66:11:66:39 | type conversion | provenance | Src:MaD:686 |
| HTMLTemplateEscapingPassthrough.go:75:17:75:31 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:76:38:76:44 | escaped | provenance | Src:MaD:686 |
| HTMLTemplateEscapingPassthrough.go:81:10:81:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:84:38:84:40 | src | provenance | Src:MaD:686 |
| HTMLTemplateEscapingPassthrough.go:89:10:89:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:91:64:91:66 | src | provenance | Src:MaD:686 |
| HTMLTemplateEscapingPassthrough.go:91:16:91:77 | type conversion | HTMLTemplateEscapingPassthrough.go:92:38:92:46 | converted | provenance | |
| HTMLTemplateEscapingPassthrough.go:91:38:91:67 | call to HTMLEscapeString | HTMLTemplateEscapingPassthrough.go:91:16:91:77 | type conversion | provenance | |
| HTMLTemplateEscapingPassthrough.go:91:64:91:66 | src | HTMLTemplateEscapingPassthrough.go:91:38:91:67 | call to HTMLEscapeString | provenance | MaD:595 |
| HTMLTemplateEscapingPassthrough.go:91:64:91:66 | src | HTMLTemplateEscapingPassthrough.go:91:38:91:67 | call to HTMLEscapeString | provenance | MaD:534 |
nodes
| HTMLTemplateEscapingPassthrough.go:29:12:29:41 | type conversion | semmle.label | type conversion |
| HTMLTemplateEscapingPassthrough.go:29:26:29:40 | call to UserAgent | semmle.label | call to UserAgent |

18
go/ql/test/experimental/CWE-918/SSRF.expected
View File

@@ -1,9 +1,9 @@
edges
| builtin.go:19:12:19:34 | call to FormValue | builtin.go:22:21:22:62 | ...+... | provenance | Src:MaD:743 |
| builtin.go:83:21:83:31 | call to Referer | builtin.go:88:27:88:40 | untrustedInput | provenance | Src:MaD:746 |
| builtin.go:97:21:97:31 | call to Referer | builtin.go:101:36:101:49 | untrustedInput | provenance | Src:MaD:746 |
| builtin.go:111:21:111:31 | call to Referer | builtin.go:114:15:114:28 | untrustedInput | provenance | Src:MaD:746 |
| builtin.go:129:21:129:31 | call to Referer | builtin.go:132:38:132:51 | untrustedInput | provenance | Src:MaD:746 |
| builtin.go:19:12:19:34 | call to FormValue | builtin.go:22:21:22:62 | ...+... | provenance | Src:MaD:682 |
| builtin.go:83:21:83:31 | call to Referer | builtin.go:88:27:88:40 | untrustedInput | provenance | Src:MaD:685 |
| builtin.go:97:21:97:31 | call to Referer | builtin.go:101:36:101:49 | untrustedInput | provenance | Src:MaD:685 |
| builtin.go:111:21:111:31 | call to Referer | builtin.go:114:15:114:28 | untrustedInput | provenance | Src:MaD:685 |
| builtin.go:129:21:129:31 | call to Referer | builtin.go:132:38:132:51 | untrustedInput | provenance | Src:MaD:685 |
| new-tests.go:26:26:26:30 | &... | new-tests.go:31:48:31:56 | selection of word | provenance | |
| new-tests.go:26:26:26:30 | &... | new-tests.go:32:48:32:56 | selection of safe | provenance | |
| new-tests.go:26:26:26:30 | &... | new-tests.go:35:49:35:57 | selection of word | provenance | |
@@ -19,7 +19,7 @@ edges
| new-tests.go:39:18:39:30 | call to Param | new-tests.go:47:11:47:46 | ...+... | provenance | |
| new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... | provenance | |
| new-tests.go:62:2:62:39 | ... := ...[0] | new-tests.go:63:17:63:23 | reqBody | provenance | |
| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] | provenance | MaD:613 |
| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] | provenance | MaD:552 |
| new-tests.go:63:17:63:23 | reqBody | new-tests.go:63:26:63:30 | &... | provenance | MaD:187 |
| new-tests.go:63:26:63:30 | &... | new-tests.go:68:48:68:56 | selection of word | provenance | |
| new-tests.go:63:26:63:30 | &... | new-tests.go:69:48:69:56 | selection of safe | provenance | |
@@ -33,12 +33,12 @@ edges
| new-tests.go:74:12:74:58 | []type{args} [array] | new-tests.go:74:12:74:58 | call to Sprintf | provenance | MaD:248 |
| new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | []type{args} [array] | provenance | |
| new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | call to Sprintf | provenance | FunctionModel |
| new-tests.go:78:18:78:24 | selection of URL | new-tests.go:78:18:78:32 | call to Query | provenance | MaD:808 |
| new-tests.go:78:18:78:32 | call to Query | new-tests.go:78:18:78:46 | call to Get | provenance | MaD:815 |
| new-tests.go:78:18:78:24 | selection of URL | new-tests.go:78:18:78:32 | call to Query | provenance | MaD:747 |
| new-tests.go:78:18:78:32 | call to Query | new-tests.go:78:18:78:46 | call to Get | provenance | MaD:754 |
| new-tests.go:78:18:78:46 | call to Get | new-tests.go:79:11:79:46 | ...+... | provenance | |
| new-tests.go:81:18:81:67 | call to TrimPrefix | new-tests.go:82:11:82:46 | ...+... | provenance | |
| new-tests.go:81:37:81:43 | selection of URL | new-tests.go:81:37:81:48 | selection of Path | provenance | |
| new-tests.go:81:37:81:48 | selection of Path | new-tests.go:81:18:81:67 | call to TrimPrefix | provenance | MaD:931 |
| new-tests.go:81:37:81:48 | selection of Path | new-tests.go:81:18:81:67 | call to TrimPrefix | provenance | MaD:870 |
| new-tests.go:86:10:86:20 | call to Vars | new-tests.go:88:11:88:46 | ...+... | provenance | |
| new-tests.go:95:18:95:45 | call to URLParam | new-tests.go:96:11:96:46 | ...+... | provenance | |
nodes

6
go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected
View File

@@ -1,10 +1,10 @@
edges
| Builtin.go:6:2:6:2 | definition of b | Builtin.go:8:9:8:17 | type conversion | provenance | |
| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | MaD:626 |
| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | MaD:565 |
| Builtin.go:12:2:12:2 | definition of b | Builtin.go:17:9:17:17 | type conversion | provenance | |
| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:12:2:12:2 | definition of b | provenance | MaD:626 |
| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:12:2:12:2 | definition of b | provenance | MaD:565 |
| Builtin.go:21:2:21:2 | definition of b | Builtin.go:24:10:24:18 | type conversion | provenance | |
| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:21:2:21:2 | definition of b | provenance | MaD:626 |
| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:21:2:21:2 | definition of b | provenance | MaD:565 |
nodes
| Builtin.go:6:2:6:2 | definition of b | semmle.label | definition of b |
| Builtin.go:7:2:7:15 | selection of Body | semmle.label | selection of Body |

4
go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest1.expected
View File

@@ -1,6 +1,6 @@
edges
| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | MaD:808 |
| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:815 |
| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | MaD:747 |
| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:754 |
| test.go:32:11:32:36 | call to Get | test.go:34:7:34:30 | ...+... | provenance | |
nodes
| test.go:32:11:32:15 | selection of URL | semmle.label | selection of URL |

4
go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest2.expected
View File

@@ -1,7 +1,7 @@
edges
| test.go:27:11:27:63 | call to ExecuteQuery | test.go:28:7:28:11 | query | provenance | Src:MaD:1 |
| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | MaD:808 |
| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:815 |
| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | MaD:747 |
| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:754 |
| test.go:32:11:32:36 | call to Get | test.go:34:7:34:30 | ...+... | provenance | |
nodes
| test.go:27:11:27:63 | call to ExecuteQuery | semmle.label | call to ExecuteQuery |

4
go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest3.expected
View File

@@ -2,8 +2,8 @@ edges
| test.go:9:10:9:40 | call to ReadEnvironment | test.go:11:7:11:29 | ...+... | provenance | Src:MaD:2 |
| test.go:15:9:15:32 | call to GetCliArg | test.go:17:7:17:28 | ...+... | provenance | Src:MaD:4 |
| test.go:27:11:27:63 | call to ExecuteQuery | test.go:28:7:28:11 | query | provenance | Src:MaD:1 |
| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | MaD:808 |
| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:815 |
| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | MaD:747 |
| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:754 |
| test.go:32:11:32:36 | call to Get | test.go:34:7:34:30 | ...+... | provenance | |
nodes
| test.go:9:10:9:40 | call to ReadEnvironment | semmle.label | call to ReadEnvironment |

4
go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest4.expected
View File

@@ -3,8 +3,8 @@ edges
| test.go:15:9:15:32 | call to GetCliArg | test.go:17:7:17:28 | ...+... | provenance | Src:MaD:4 |
| test.go:21:11:21:36 | call to GetCustom | test.go:23:7:23:30 | ...+... | provenance | Src:MaD:3 |
| test.go:27:11:27:63 | call to ExecuteQuery | test.go:28:7:28:11 | query | provenance | Src:MaD:1 |
| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | MaD:808 |
| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:815 |
| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | MaD:747 |
| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:754 |
| test.go:32:11:32:36 | call to Get | test.go:34:7:34:30 | ...+... | provenance | |
nodes
| test.go:9:10:9:40 | call to ReadEnvironment | semmle.label | call to ReadEnvironment |

4
go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest5.expected
View File

@@ -1,8 +1,8 @@
edges
| test.go:9:10:9:40 | call to ReadEnvironment | test.go:11:7:11:29 | ...+... | provenance | Src:MaD:3 |
| test.go:15:9:15:32 | call to GetCliArg | test.go:17:7:17:28 | ...+... | provenance | Src:MaD:5 |
| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | MaD:808 |
| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:815 |
| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | MaD:747 |
| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:754 |
| test.go:32:11:32:36 | call to Get | test.go:34:7:34:30 | ...+... | provenance | |
nodes
| test.go:9:10:9:40 | call to ReadEnvironment | semmle.label | call to ReadEnvironment |

4
go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/threat-models-flowtest6.expected
View File

@@ -1,8 +1,8 @@
edges
| test.go:15:9:15:32 | call to GetCliArg | test.go:17:7:17:28 | ...+... | provenance | Src:MaD:5 |
| test.go:27:11:27:63 | call to ExecuteQuery | test.go:28:7:28:11 | query | provenance | Src:MaD:2 |
| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | MaD:808 |
| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:815 |
| test.go:32:11:32:15 | selection of URL | test.go:32:11:32:23 | call to Query | provenance | MaD:747 |
| test.go:32:11:32:23 | call to Query | test.go:32:11:32:36 | call to Get | provenance | MaD:754 |
| test.go:32:11:32:36 | call to Get | test.go:34:7:34:30 | ...+... | provenance | |
nodes
| test.go:15:9:15:32 | call to GetCliArg | semmle.label | call to GetCliArg |

146
go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected
View File

@@ -1,104 +1,104 @@
edges
| test.go:33:6:33:10 | definition of bound | test.go:35:13:35:30 | type conversion | provenance | Src:MaD:252 |
| test.go:33:6:33:10 | definition of bound | test.go:36:13:36:27 | type conversion | provenance | Src:MaD:252 |
| test.go:33:6:33:10 | definition of bound | test.go:37:13:37:29 | type conversion | provenance | Src:MaD:252 |
| test.go:42:20:42:42 | call to Cookie | test.go:42:13:42:43 | type conversion | provenance | Src:MaD:253 |
| test.go:47:20:47:31 | call to Data | test.go:47:13:47:52 | type conversion | provenance | Src:MaD:254 |
| test.go:52:20:52:43 | call to GetData | test.go:52:13:52:53 | type conversion | provenance | Src:MaD:255 |
| test.go:57:20:57:42 | call to Header | test.go:57:13:57:43 | type conversion | provenance | Src:MaD:256 |
| test.go:62:20:62:41 | call to Param | test.go:62:13:62:42 | type conversion | provenance | Src:MaD:257 |
| test.go:67:20:67:33 | call to Params | test.go:67:13:67:45 | type conversion | provenance | Src:MaD:258 |
| test.go:72:20:72:41 | call to Query | test.go:72:13:72:42 | type conversion | provenance | Src:MaD:259 |
| test.go:77:20:77:32 | call to Refer | test.go:77:13:77:33 | type conversion | provenance | Src:MaD:260 |
| test.go:82:20:82:34 | call to Referer | test.go:82:13:82:35 | type conversion | provenance | Src:MaD:261 |
| test.go:87:20:87:30 | call to URI | test.go:87:13:87:31 | type conversion | provenance | Src:MaD:263 |
| test.go:92:20:92:30 | call to URL | test.go:92:13:92:31 | type conversion | provenance | Src:MaD:264 |
| test.go:97:20:97:36 | call to UserAgent | test.go:97:13:97:37 | type conversion | provenance | Src:MaD:265 |
| test.go:102:14:102:25 | call to Data | test.go:102:14:102:45 | type assertion | provenance | Src:MaD:254 |
| test.go:114:14:114:25 | call to Data | test.go:114:14:114:45 | type assertion | provenance | Src:MaD:254 |
| test.go:126:14:126:25 | call to Data | test.go:126:14:126:45 | type assertion | provenance | Src:MaD:254 |
| test.go:143:23:143:42 | call to Data | test.go:143:23:143:62 | type assertion | provenance | Src:MaD:254 |
| test.go:199:15:199:26 | call to Data | test.go:200:36:200:53 | type assertion | provenance | Src:MaD:254 |
| test.go:199:15:199:26 | call to Data | test.go:201:39:201:56 | type assertion | provenance | Src:MaD:254 |
| test.go:199:15:199:26 | call to Data | test.go:202:28:202:56 | type assertion | provenance | Src:MaD:254 |
| test.go:199:15:199:26 | call to Data | test.go:204:36:204:53 | type assertion | provenance | Src:MaD:254 |
| test.go:199:15:199:26 | call to Data | test.go:205:34:205:51 | type assertion | provenance | Src:MaD:254 |
| test.go:33:6:33:10 | definition of bound | test.go:35:13:35:30 | type conversion | provenance | Src:MaD:270 |
| test.go:33:6:33:10 | definition of bound | test.go:36:13:36:27 | type conversion | provenance | Src:MaD:270 |
| test.go:33:6:33:10 | definition of bound | test.go:37:13:37:29 | type conversion | provenance | Src:MaD:270 |
| test.go:42:20:42:42 | call to Cookie | test.go:42:13:42:43 | type conversion | provenance | Src:MaD:271 |
| test.go:47:20:47:31 | call to Data | test.go:47:13:47:52 | type conversion | provenance | Src:MaD:272 |
| test.go:52:20:52:43 | call to GetData | test.go:52:13:52:53 | type conversion | provenance | Src:MaD:273 |
| test.go:57:20:57:42 | call to Header | test.go:57:13:57:43 | type conversion | provenance | Src:MaD:274 |
| test.go:62:20:62:41 | call to Param | test.go:62:13:62:42 | type conversion | provenance | Src:MaD:275 |
| test.go:67:20:67:33 | call to Params | test.go:67:13:67:45 | type conversion | provenance | Src:MaD:276 |
| test.go:72:20:72:41 | call to Query | test.go:72:13:72:42 | type conversion | provenance | Src:MaD:277 |
| test.go:77:20:77:32 | call to Refer | test.go:77:13:77:33 | type conversion | provenance | Src:MaD:278 |
| test.go:82:20:82:34 | call to Referer | test.go:82:13:82:35 | type conversion | provenance | Src:MaD:279 |
| test.go:87:20:87:30 | call to URI | test.go:87:13:87:31 | type conversion | provenance | Src:MaD:281 |
| test.go:92:20:92:30 | call to URL | test.go:92:13:92:31 | type conversion | provenance | Src:MaD:282 |
| test.go:97:20:97:36 | call to UserAgent | test.go:97:13:97:37 | type conversion | provenance | Src:MaD:283 |
| test.go:102:14:102:25 | call to Data | test.go:102:14:102:45 | type assertion | provenance | Src:MaD:272 |
| test.go:114:14:114:25 | call to Data | test.go:114:14:114:45 | type assertion | provenance | Src:MaD:272 |
| test.go:126:14:126:25 | call to Data | test.go:126:14:126:45 | type assertion | provenance | Src:MaD:272 |
| test.go:143:23:143:42 | call to Data | test.go:143:23:143:62 | type assertion | provenance | Src:MaD:272 |
| test.go:199:15:199:26 | call to Data | test.go:200:36:200:53 | type assertion | provenance | Src:MaD:272 |
| test.go:199:15:199:26 | call to Data | test.go:201:39:201:56 | type assertion | provenance | Src:MaD:272 |
| test.go:199:15:199:26 | call to Data | test.go:202:28:202:56 | type assertion | provenance | Src:MaD:272 |
| test.go:199:15:199:26 | call to Data | test.go:204:36:204:53 | type assertion | provenance | Src:MaD:272 |
| test.go:199:15:199:26 | call to Data | test.go:205:34:205:51 | type assertion | provenance | Src:MaD:272 |
| test.go:200:21:200:54 | call to HTML2str | test.go:200:14:200:55 | type conversion | provenance | |
| test.go:200:36:200:53 | type assertion | test.go:200:21:200:54 | call to HTML2str | provenance | MaD:297 |
| test.go:200:36:200:53 | type assertion | test.go:200:21:200:54 | call to HTML2str | provenance | MaD:288 |
| test.go:201:21:201:57 | call to Htmlunquote | test.go:201:14:201:58 | type conversion | provenance | |
| test.go:201:39:201:56 | type assertion | test.go:201:21:201:57 | call to Htmlunquote | provenance | MaD:299 |
| test.go:201:39:201:56 | type assertion | test.go:201:21:201:57 | call to Htmlunquote | provenance | MaD:290 |
| test.go:202:2:202:68 | ... := ...[0] | test.go:203:14:203:28 | type assertion | provenance | |
| test.go:202:28:202:56 | type assertion | test.go:202:2:202:68 | ... := ...[0] | provenance | MaD:300 |
| test.go:202:28:202:56 | type assertion | test.go:202:2:202:68 | ... := ...[0] | provenance | MaD:291 |
| test.go:204:21:204:54 | call to Str2html | test.go:204:14:204:55 | type conversion | provenance | |
| test.go:204:36:204:53 | type assertion | test.go:204:21:204:54 | call to Str2html | provenance | MaD:302 |
| test.go:204:36:204:53 | type assertion | test.go:204:21:204:54 | call to Str2html | provenance | MaD:293 |
| test.go:205:21:205:58 | call to Substr | test.go:205:14:205:59 | type conversion | provenance | |
| test.go:205:34:205:51 | type assertion | test.go:205:21:205:58 | call to Substr | provenance | MaD:303 |
| test.go:205:34:205:51 | type assertion | test.go:205:21:205:58 | call to Substr | provenance | MaD:294 |
| test.go:207:6:207:6 | definition of s | test.go:209:14:209:28 | type conversion | provenance | |
| test.go:208:18:208:33 | selection of Form | test.go:207:6:207:6 | definition of s | provenance | MaD:301 |
| test.go:223:2:223:34 | ... := ...[0] | test.go:225:31:225:31 | f | provenance | Src:MaD:319 |
| test.go:223:2:223:34 | ... := ...[1] | test.go:224:14:224:32 | type conversion | provenance | Src:MaD:319 |
| test.go:208:18:208:33 | selection of Form | test.go:207:6:207:6 | definition of s | provenance | MaD:292 |
| test.go:223:2:223:34 | ... := ...[0] | test.go:225:31:225:31 | f | provenance | Src:MaD:296 |
| test.go:223:2:223:34 | ... := ...[1] | test.go:224:14:224:32 | type conversion | provenance | Src:MaD:296 |
| test.go:225:2:225:32 | ... := ...[0] | test.go:226:14:226:20 | content | provenance | |
| test.go:225:31:225:31 | f | test.go:225:2:225:32 | ... := ...[0] | provenance | MaD:613 |
| test.go:228:2:228:40 | ... := ...[0] | test.go:229:14:229:38 | type conversion | provenance | Src:MaD:320 |
| test.go:231:7:231:28 | call to GetString | test.go:232:14:232:22 | type conversion | provenance | Src:MaD:321 |
| test.go:234:8:234:35 | call to GetStrings | test.go:235:14:235:26 | type conversion | provenance | Src:MaD:322 |
| test.go:237:9:237:17 | call to Input | test.go:238:14:238:27 | type conversion | provenance | Src:MaD:323 |
| test.go:240:6:240:8 | definition of str | test.go:242:14:242:30 | type conversion | provenance | Src:MaD:318 |
| test.go:246:15:246:36 | call to GetString | test.go:249:21:249:29 | untrusted | provenance | Src:MaD:321 |
| test.go:259:23:259:44 | call to GetCookie | test.go:259:16:259:45 | type conversion | provenance | Src:MaD:266 |
| test.go:270:62:270:83 | call to GetCookie | test.go:270:55:270:84 | type conversion | provenance | Src:MaD:266 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:278:21:278:28 | index expression | provenance | Src:MaD:320 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:283:44:283:60 | selection of Filename | provenance | Src:MaD:320 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:284:38:284:49 | genericFiles | provenance | Src:MaD:320 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:285:37:285:48 | genericFiles | provenance | Src:MaD:320 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:291:4:291:15 | genericFiles | provenance | Src:MaD:320 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:293:42:293:53 | genericFiles | provenance | Src:MaD:320 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:294:53:294:64 | genericFiles | provenance | Src:MaD:320 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:295:38:295:49 | genericFiles | provenance | Src:MaD:320 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:296:49:296:60 | genericFiles | provenance | Src:MaD:320 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:297:51:297:65 | index expression | provenance | Src:MaD:320 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:298:36:298:47 | genericFiles | provenance | Src:MaD:320 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:299:37:299:48 | genericFiles | provenance | Src:MaD:320 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:301:39:301:50 | genericFiles | provenance | Src:MaD:320 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:302:40:302:51 | genericFiles | provenance | Src:MaD:320 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:303:39:303:50 | genericFiles | provenance | Src:MaD:320 |
| test.go:225:31:225:31 | f | test.go:225:2:225:32 | ... := ...[0] | provenance | MaD:552 |
| test.go:228:2:228:40 | ... := ...[0] | test.go:229:14:229:38 | type conversion | provenance | Src:MaD:297 |
| test.go:231:7:231:28 | call to GetString | test.go:232:14:232:22 | type conversion | provenance | Src:MaD:298 |
| test.go:234:8:234:35 | call to GetStrings | test.go:235:14:235:26 | type conversion | provenance | Src:MaD:299 |
| test.go:237:9:237:17 | call to Input | test.go:238:14:238:27 | type conversion | provenance | Src:MaD:300 |
| test.go:240:6:240:8 | definition of str | test.go:242:14:242:30 | type conversion | provenance | Src:MaD:295 |
| test.go:246:15:246:36 | call to GetString | test.go:249:21:249:29 | untrusted | provenance | Src:MaD:298 |
| test.go:259:23:259:44 | call to GetCookie | test.go:259:16:259:45 | type conversion | provenance | Src:MaD:284 |
| test.go:270:62:270:83 | call to GetCookie | test.go:270:55:270:84 | type conversion | provenance | Src:MaD:284 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:278:21:278:28 | index expression | provenance | Src:MaD:297 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:283:44:283:60 | selection of Filename | provenance | Src:MaD:297 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:284:38:284:49 | genericFiles | provenance | Src:MaD:297 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:285:37:285:48 | genericFiles | provenance | Src:MaD:297 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:291:4:291:15 | genericFiles | provenance | Src:MaD:297 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:293:42:293:53 | genericFiles | provenance | Src:MaD:297 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:294:53:294:64 | genericFiles | provenance | Src:MaD:297 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:295:38:295:49 | genericFiles | provenance | Src:MaD:297 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:296:49:296:60 | genericFiles | provenance | Src:MaD:297 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:297:51:297:65 | index expression | provenance | Src:MaD:297 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:298:36:298:47 | genericFiles | provenance | Src:MaD:297 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:299:37:299:48 | genericFiles | provenance | Src:MaD:297 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:301:39:301:50 | genericFiles | provenance | Src:MaD:297 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:302:40:302:51 | genericFiles | provenance | Src:MaD:297 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:303:39:303:50 | genericFiles | provenance | Src:MaD:297 |
| test.go:276:2:276:13 | definition of genericFiles [array] | test.go:297:51:297:62 | genericFiles [array] | provenance | |
| test.go:278:21:278:28 | index expression | test.go:276:2:276:13 | definition of genericFiles [array] | provenance | |
| test.go:283:44:283:60 | selection of Filename | test.go:283:21:283:61 | call to GetDisplayString | provenance | FunctionModel |
| test.go:284:21:284:53 | call to SliceChunk | test.go:284:21:284:92 | selection of Filename | provenance | |
| test.go:284:38:284:49 | genericFiles | test.go:284:21:284:53 | call to SliceChunk | provenance | MaD:336 |
| test.go:284:38:284:49 | genericFiles | test.go:284:21:284:53 | call to SliceChunk | provenance | MaD:253 |
| test.go:285:21:285:60 | call to SliceDiff | test.go:285:21:285:96 | selection of Filename | provenance | |
| test.go:285:37:285:48 | genericFiles | test.go:285:21:285:60 | call to SliceDiff | provenance | MaD:337 |
| test.go:285:37:285:48 | genericFiles | test.go:285:21:285:60 | call to SliceDiff | provenance | MaD:254 |
| test.go:290:3:292:44 | call to SliceFilter | test.go:290:3:292:80 | selection of Filename | provenance | |
| test.go:291:4:291:15 | genericFiles | test.go:290:3:292:44 | call to SliceFilter | provenance | MaD:338 |
| test.go:291:4:291:15 | genericFiles | test.go:290:3:292:44 | call to SliceFilter | provenance | MaD:255 |
| test.go:293:21:293:65 | call to SliceIntersect | test.go:293:21:293:101 | selection of Filename | provenance | |
| test.go:293:42:293:53 | genericFiles | test.go:293:21:293:65 | call to SliceIntersect | provenance | MaD:339 |
| test.go:293:42:293:53 | genericFiles | test.go:293:21:293:65 | call to SliceIntersect | provenance | MaD:256 |
| test.go:294:21:294:65 | call to SliceIntersect | test.go:294:21:294:101 | selection of Filename | provenance | |
| test.go:294:53:294:64 | genericFiles | test.go:294:21:294:65 | call to SliceIntersect | provenance | MaD:339 |
| test.go:294:53:294:64 | genericFiles | test.go:294:21:294:65 | call to SliceIntersect | provenance | MaD:256 |
| test.go:295:21:295:61 | call to SliceMerge | test.go:295:21:295:97 | selection of Filename | provenance | |
| test.go:295:38:295:49 | genericFiles | test.go:295:21:295:61 | call to SliceMerge | provenance | MaD:340 |
| test.go:295:38:295:49 | genericFiles | test.go:295:21:295:61 | call to SliceMerge | provenance | MaD:257 |
| test.go:296:21:296:61 | call to SliceMerge | test.go:296:21:296:97 | selection of Filename | provenance | |
| test.go:296:49:296:60 | genericFiles | test.go:296:21:296:61 | call to SliceMerge | provenance | MaD:340 |
| test.go:296:49:296:60 | genericFiles | test.go:296:21:296:61 | call to SliceMerge | provenance | MaD:257 |
| test.go:297:21:297:66 | call to SlicePad | test.go:297:21:297:102 | selection of Filename | provenance | |
| test.go:297:51:297:62 | genericFiles [array] | test.go:297:51:297:65 | index expression | provenance | |
| test.go:297:51:297:65 | index expression | test.go:297:21:297:66 | call to SlicePad | provenance | MaD:341 |
| test.go:297:51:297:65 | index expression | test.go:297:21:297:66 | call to SlicePad | provenance | MaD:258 |
| test.go:298:21:298:66 | call to SlicePad | test.go:298:21:298:102 | selection of Filename | provenance | |
| test.go:298:36:298:47 | genericFiles | test.go:298:21:298:66 | call to SlicePad | provenance | MaD:341 |
| test.go:298:36:298:47 | genericFiles | test.go:298:21:298:66 | call to SlicePad | provenance | MaD:258 |
| test.go:299:21:299:49 | call to SliceRand | test.go:299:21:299:82 | selection of Filename | provenance | |
| test.go:299:37:299:48 | genericFiles | test.go:299:21:299:49 | call to SliceRand | provenance | MaD:342 |
| test.go:299:37:299:48 | genericFiles | test.go:299:21:299:49 | call to SliceRand | provenance | MaD:259 |
| test.go:301:21:301:97 | call to SliceReduce | test.go:301:21:301:133 | selection of Filename | provenance | |
| test.go:301:39:301:50 | genericFiles | test.go:301:21:301:97 | call to SliceReduce | provenance | MaD:343 |
| test.go:301:39:301:50 | genericFiles | test.go:301:21:301:97 | call to SliceReduce | provenance | MaD:260 |
| test.go:302:21:302:52 | call to SliceShuffle | test.go:302:21:302:88 | selection of Filename | provenance | |
| test.go:302:40:302:51 | genericFiles | test.go:302:21:302:52 | call to SliceShuffle | provenance | MaD:344 |
| test.go:302:40:302:51 | genericFiles | test.go:302:21:302:52 | call to SliceShuffle | provenance | MaD:261 |
| test.go:303:21:303:51 | call to SliceUnique | test.go:303:21:303:87 | selection of Filename | provenance | |
| test.go:303:39:303:50 | genericFiles | test.go:303:21:303:51 | call to SliceUnique | provenance | MaD:345 |
| test.go:303:39:303:50 | genericFiles | test.go:303:21:303:51 | call to SliceUnique | provenance | MaD:262 |
| test.go:308:2:308:5 | definition of bMap | test.go:311:21:311:24 | bMap | provenance | |
| test.go:308:2:308:5 | definition of bMap | test.go:312:21:312:24 | bMap | provenance | |
| test.go:309:15:309:36 | call to GetString | test.go:310:22:310:30 | untrusted | provenance | Src:MaD:321 |
| test.go:310:22:310:30 | untrusted | test.go:308:2:308:5 | definition of bMap | provenance | MaD:348 |
| test.go:311:21:311:24 | bMap | test.go:311:21:311:39 | call to Get | provenance | MaD:346 |
| test.go:309:15:309:36 | call to GetString | test.go:310:22:310:30 | untrusted | provenance | Src:MaD:298 |
| test.go:310:22:310:30 | untrusted | test.go:308:2:308:5 | definition of bMap | provenance | MaD:265 |
| test.go:311:21:311:24 | bMap | test.go:311:21:311:39 | call to Get | provenance | MaD:263 |
| test.go:311:21:311:39 | call to Get | test.go:311:21:311:48 | type assertion | provenance | |
| test.go:312:21:312:24 | bMap | test.go:312:21:312:32 | call to Items | provenance | MaD:347 |
| test.go:312:21:312:24 | bMap | test.go:312:21:312:32 | call to Items | provenance | MaD:264 |
| test.go:312:21:312:32 | call to Items | test.go:312:21:312:52 | type assertion | provenance | |
nodes
| test.go:33:6:33:10 | definition of bound | semmle.label | definition of bound |

14
go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected
View File

@@ -1,12 +1,12 @@
edges
| test.go:215:15:215:26 | call to Data | test.go:216:18:216:26 | untrusted | provenance | Src:MaD:254 |
| test.go:215:15:215:26 | call to Data | test.go:217:10:217:18 | untrusted | provenance | Src:MaD:254 |
| test.go:215:15:215:26 | call to Data | test.go:218:35:218:43 | untrusted | provenance | Src:MaD:254 |
| test.go:324:17:324:37 | selection of RequestBody | test.go:324:40:324:43 | &... | provenance | Src:MaD:262 MaD:187 |
| test.go:215:15:215:26 | call to Data | test.go:216:18:216:26 | untrusted | provenance | Src:MaD:272 |
| test.go:215:15:215:26 | call to Data | test.go:217:10:217:18 | untrusted | provenance | Src:MaD:272 |
| test.go:215:15:215:26 | call to Data | test.go:218:35:218:43 | untrusted | provenance | Src:MaD:272 |
| test.go:324:17:324:37 | selection of RequestBody | test.go:324:40:324:43 | &... | provenance | Src:MaD:280 MaD:187 |
| test.go:324:40:324:43 | &... | test.go:326:35:326:43 | untrusted | provenance | |
| test.go:332:15:332:26 | call to Data | test.go:334:23:334:31 | untrusted | provenance | Src:MaD:254 |
| test.go:340:15:340:26 | call to Data | test.go:342:53:342:61 | untrusted | provenance | Src:MaD:284 |
| test.go:340:15:340:26 | call to Data | test.go:344:23:344:31 | untrusted | provenance | Src:MaD:284 |
| test.go:332:15:332:26 | call to Data | test.go:334:23:334:31 | untrusted | provenance | Src:MaD:272 |
| test.go:340:15:340:26 | call to Data | test.go:342:53:342:61 | untrusted | provenance | Src:MaD:272 |
| test.go:340:15:340:26 | call to Data | test.go:344:23:344:31 | untrusted | provenance | Src:MaD:272 |
nodes
| test.go:215:15:215:26 | call to Data | semmle.label | call to Data |
| test.go:216:18:216:26 | untrusted | semmle.label | untrusted |

64
go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected
View File

@@ -1,36 +1,36 @@
edges
| test.go:10:15:10:41 | call to UserAgent | test.go:12:11:12:19 | untrusted | provenance | Src:MaD:747 |
| test.go:10:15:10:41 | call to UserAgent | test.go:13:23:13:31 | untrusted | provenance | Src:MaD:747 |
| test.go:10:15:10:41 | call to UserAgent | test.go:14:14:14:22 | untrusted | provenance | Src:MaD:747 |
| test.go:10:15:10:41 | call to UserAgent | test.go:15:26:15:34 | untrusted | provenance | Src:MaD:747 |
| test.go:10:15:10:41 | call to UserAgent | test.go:16:12:16:20 | untrusted | provenance | Src:MaD:747 |
| test.go:10:15:10:41 | call to UserAgent | test.go:17:24:17:32 | untrusted | provenance | Src:MaD:747 |
| test.go:10:15:10:41 | call to UserAgent | test.go:18:15:18:23 | untrusted | provenance | Src:MaD:747 |
| test.go:10:15:10:41 | call to UserAgent | test.go:19:27:19:35 | untrusted | provenance | Src:MaD:747 |
| test.go:24:15:24:41 | call to UserAgent | test.go:26:12:26:20 | untrusted | provenance | Src:MaD:747 |
| test.go:24:15:24:41 | call to UserAgent | test.go:27:10:27:18 | untrusted | provenance | Src:MaD:747 |
| test.go:24:15:24:41 | call to UserAgent | test.go:28:15:28:23 | untrusted | provenance | Src:MaD:747 |
| test.go:24:15:24:41 | call to UserAgent | test.go:29:14:29:22 | untrusted | provenance | Src:MaD:747 |
| test.go:24:15:24:41 | call to UserAgent | test.go:30:15:30:23 | untrusted | provenance | Src:MaD:747 |
| test.go:24:15:24:41 | call to UserAgent | test.go:31:8:31:16 | untrusted | provenance | Src:MaD:747 |
| test.go:24:15:24:41 | call to UserAgent | test.go:32:11:32:19 | untrusted | provenance | Src:MaD:747 |
| test.go:24:15:24:41 | call to UserAgent | test.go:33:9:33:17 | untrusted | provenance | Src:MaD:747 |
| test.go:24:15:24:41 | call to UserAgent | test.go:34:8:34:16 | untrusted | provenance | Src:MaD:747 |
| test.go:24:15:24:41 | call to UserAgent | test.go:35:8:35:16 | untrusted | provenance | Src:MaD:747 |
| test.go:24:15:24:41 | call to UserAgent | test.go:36:13:36:21 | untrusted | provenance | Src:MaD:747 |
| test.go:24:15:24:41 | call to UserAgent | test.go:37:13:37:21 | untrusted | provenance | Src:MaD:747 |
| test.go:24:15:24:41 | call to UserAgent | test.go:38:12:38:20 | untrusted | provenance | Src:MaD:747 |
| test.go:24:15:24:41 | call to UserAgent | test.go:39:12:39:20 | untrusted | provenance | Src:MaD:747 |
| test.go:24:15:24:41 | call to UserAgent | test.go:40:9:40:17 | untrusted | provenance | Src:MaD:747 |
| test.go:24:15:24:41 | call to UserAgent | test.go:41:12:41:20 | untrusted | provenance | Src:MaD:747 |
| test.go:24:15:24:41 | call to UserAgent | test.go:42:16:42:24 | untrusted | provenance | Src:MaD:747 |
| test.go:24:15:24:41 | call to UserAgent | test.go:42:27:42:35 | untrusted | provenance | Src:MaD:747 |
| test.go:24:15:24:41 | call to UserAgent | test.go:43:12:43:20 | untrusted | provenance | Src:MaD:747 |
| test.go:24:15:24:41 | call to UserAgent | test.go:44:14:44:22 | untrusted | provenance | Src:MaD:747 |
| test.go:24:15:24:41 | call to UserAgent | test.go:44:25:44:33 | untrusted | provenance | Src:MaD:747 |
| test.go:48:15:48:41 | call to UserAgent | test.go:49:12:49:20 | untrusted | provenance | Src:MaD:747 |
| test.go:54:15:54:41 | call to UserAgent | test.go:56:31:56:39 | untrusted | provenance | Src:MaD:747 |
| test.go:60:15:60:41 | call to UserAgent | test.go:62:19:62:27 | untrusted | provenance | Src:MaD:747 |
| test.go:10:15:10:41 | call to UserAgent | test.go:12:11:12:19 | untrusted | provenance | Src:MaD:686 |
| test.go:10:15:10:41 | call to UserAgent | test.go:13:23:13:31 | untrusted | provenance | Src:MaD:686 |
| test.go:10:15:10:41 | call to UserAgent | test.go:14:14:14:22 | untrusted | provenance | Src:MaD:686 |
| test.go:10:15:10:41 | call to UserAgent | test.go:15:26:15:34 | untrusted | provenance | Src:MaD:686 |
| test.go:10:15:10:41 | call to UserAgent | test.go:16:12:16:20 | untrusted | provenance | Src:MaD:686 |
| test.go:10:15:10:41 | call to UserAgent | test.go:17:24:17:32 | untrusted | provenance | Src:MaD:686 |
| test.go:10:15:10:41 | call to UserAgent | test.go:18:15:18:23 | untrusted | provenance | Src:MaD:686 |
| test.go:10:15:10:41 | call to UserAgent | test.go:19:27:19:35 | untrusted | provenance | Src:MaD:686 |
| test.go:24:15:24:41 | call to UserAgent | test.go:26:12:26:20 | untrusted | provenance | Src:MaD:686 |
| test.go:24:15:24:41 | call to UserAgent | test.go:27:10:27:18 | untrusted | provenance | Src:MaD:686 |
| test.go:24:15:24:41 | call to UserAgent | test.go:28:15:28:23 | untrusted | provenance | Src:MaD:686 |
| test.go:24:15:24:41 | call to UserAgent | test.go:29:14:29:22 | untrusted | provenance | Src:MaD:686 |
| test.go:24:15:24:41 | call to UserAgent | test.go:30:15:30:23 | untrusted | provenance | Src:MaD:686 |
| test.go:24:15:24:41 | call to UserAgent | test.go:31:8:31:16 | untrusted | provenance | Src:MaD:686 |
| test.go:24:15:24:41 | call to UserAgent | test.go:32:11:32:19 | untrusted | provenance | Src:MaD:686 |
| test.go:24:15:24:41 | call to UserAgent | test.go:33:9:33:17 | untrusted | provenance | Src:MaD:686 |
| test.go:24:15:24:41 | call to UserAgent | test.go:34:8:34:16 | untrusted | provenance | Src:MaD:686 |
| test.go:24:15:24:41 | call to UserAgent | test.go:35:8:35:16 | untrusted | provenance | Src:MaD:686 |
| test.go:24:15:24:41 | call to UserAgent | test.go:36:13:36:21 | untrusted | provenance | Src:MaD:686 |
| test.go:24:15:24:41 | call to UserAgent | test.go:37:13:37:21 | untrusted | provenance | Src:MaD:686 |
| test.go:24:15:24:41 | call to UserAgent | test.go:38:12:38:20 | untrusted | provenance | Src:MaD:686 |
| test.go:24:15:24:41 | call to UserAgent | test.go:39:12:39:20 | untrusted | provenance | Src:MaD:686 |
| test.go:24:15:24:41 | call to UserAgent | test.go:40:9:40:17 | untrusted | provenance | Src:MaD:686 |
| test.go:24:15:24:41 | call to UserAgent | test.go:41:12:41:20 | untrusted | provenance | Src:MaD:686 |
| test.go:24:15:24:41 | call to UserAgent | test.go:42:16:42:24 | untrusted | provenance | Src:MaD:686 |
| test.go:24:15:24:41 | call to UserAgent | test.go:42:27:42:35 | untrusted | provenance | Src:MaD:686 |
| test.go:24:15:24:41 | call to UserAgent | test.go:43:12:43:20 | untrusted | provenance | Src:MaD:686 |
| test.go:24:15:24:41 | call to UserAgent | test.go:44:14:44:22 | untrusted | provenance | Src:MaD:686 |
| test.go:24:15:24:41 | call to UserAgent | test.go:44:25:44:33 | untrusted | provenance | Src:MaD:686 |
| test.go:48:15:48:41 | call to UserAgent | test.go:49:12:49:20 | untrusted | provenance | Src:MaD:686 |
| test.go:54:15:54:41 | call to UserAgent | test.go:56:31:56:39 | untrusted | provenance | Src:MaD:686 |
| test.go:60:15:60:41 | call to UserAgent | test.go:62:19:62:27 | untrusted | provenance | Src:MaD:686 |
nodes
| test.go:10:15:10:41 | call to UserAgent | semmle.label | call to UserAgent |
| test.go:12:11:12:19 | untrusted | semmle.label | untrusted |

14
go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected
View File

@@ -8,28 +8,28 @@ edges
| test.go:51:2:51:30 | ... := ...[0] | test.go:52:16:52:37 | index expression | provenance | |
| test.go:57:2:57:46 | ... := ...[0] | test.go:58:13:58:22 | fileHeader | provenance | |
| test.go:58:2:58:29 | ... := ...[0] | test.go:60:2:60:5 | file | provenance | |
| test.go:58:13:58:22 | fileHeader | test.go:58:2:58:29 | ... := ...[0] | provenance | MaD:700 |
| test.go:58:13:58:22 | fileHeader | test.go:58:2:58:29 | ... := ...[0] | provenance | MaD:639 |
| test.go:59:2:59:7 | definition of buffer | test.go:61:20:61:25 | buffer | provenance | |
| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | provenance | MaD:626 |
| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | provenance | MaD:565 |
| test.go:66:2:66:31 | ... := ...[0] | test.go:67:16:67:41 | index expression | provenance | |
| test.go:72:2:72:31 | ... := ...[0] | test.go:74:13:74:22 | fileHeader | provenance | |
| test.go:74:2:74:29 | ... := ...[0] | test.go:76:2:76:5 | file | provenance | |
| test.go:74:13:74:22 | fileHeader | test.go:74:2:74:29 | ... := ...[0] | provenance | MaD:700 |
| test.go:74:13:74:22 | fileHeader | test.go:74:2:74:29 | ... := ...[0] | provenance | MaD:639 |
| test.go:75:2:75:7 | definition of buffer | test.go:77:20:77:25 | buffer | provenance | |
| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | provenance | MaD:626 |
| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | provenance | MaD:565 |
| test.go:82:2:82:32 | ... := ...[0] | test.go:83:16:83:24 | selection of Value | provenance | |
| test.go:88:13:88:25 | call to Cookies | test.go:89:16:89:31 | selection of Value | provenance | |
| test.go:99:11:99:15 | &... | test.go:100:16:100:21 | selection of s | provenance | |
| test.go:112:17:112:19 | definition of ctx | test.go:114:16:114:18 | ctx | provenance | |
| test.go:113:21:113:42 | call to Param | test.go:112:17:112:19 | definition of ctx | provenance | MaD:431 |
| test.go:114:16:114:18 | ctx | test.go:114:16:114:33 | call to Get | provenance | MaD:430 |
| test.go:113:21:113:42 | call to Param | test.go:112:17:112:19 | definition of ctx | provenance | MaD:370 |
| test.go:114:16:114:18 | ctx | test.go:114:16:114:33 | call to Get | provenance | MaD:369 |
| test.go:114:16:114:33 | call to Get | test.go:114:16:114:42 | type assertion | provenance | |
| test.go:124:11:124:32 | call to Param | test.go:125:16:125:20 | param | provenance | |
| test.go:130:11:130:32 | call to Param | test.go:131:20:131:32 | type conversion | provenance | |
| test.go:136:11:136:32 | call to Param | test.go:137:29:137:41 | type conversion | provenance | |
| test.go:148:11:148:32 | call to Param | test.go:149:30:149:34 | param | provenance | |
| test.go:149:12:149:35 | call to NewReader | test.go:150:31:150:36 | reader | provenance | |
| test.go:149:30:149:34 | param | test.go:149:12:149:35 | call to NewReader | provenance | MaD:909 |
| test.go:149:30:149:34 | param | test.go:149:12:149:35 | call to NewReader | provenance | MaD:848 |
| test.go:164:11:164:32 | call to Param | test.go:165:23:165:35 | type conversion | provenance | |
nodes
| test.go:15:11:15:32 | call to Param | semmle.label | call to Param |

8
go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected
View File

@@ -4,13 +4,13 @@ edges
| jsoniter.go:23:20:23:38 | call to getUntrustedBytes | jsoniter.go:31:21:31:34 | untrustedInput | provenance | |
| jsoniter.go:24:21:24:40 | call to getUntrustedString | jsoniter.go:35:27:35:41 | untrustedString | provenance | |
| jsoniter.go:24:21:24:40 | call to getUntrustedString | jsoniter.go:39:31:39:45 | untrustedString | provenance | |
| jsoniter.go:27:17:27:30 | untrustedInput | jsoniter.go:27:33:27:37 | &... | provenance | MaD:422 |
| jsoniter.go:27:17:27:30 | untrustedInput | jsoniter.go:27:33:27:37 | &... | provenance | MaD:361 |
| jsoniter.go:27:33:27:37 | &... | jsoniter.go:28:15:28:24 | selection of field | provenance | |
| jsoniter.go:31:21:31:34 | untrustedInput | jsoniter.go:31:37:31:42 | &... | provenance | MaD:420 |
| jsoniter.go:31:21:31:34 | untrustedInput | jsoniter.go:31:37:31:42 | &... | provenance | MaD:359 |
| jsoniter.go:31:37:31:42 | &... | jsoniter.go:32:15:32:25 | selection of field | provenance | |
| jsoniter.go:35:27:35:41 | untrustedString | jsoniter.go:35:44:35:49 | &... | provenance | MaD:423 |
| jsoniter.go:35:27:35:41 | untrustedString | jsoniter.go:35:44:35:49 | &... | provenance | MaD:362 |
| jsoniter.go:35:44:35:49 | &... | jsoniter.go:36:15:36:25 | selection of field | provenance | |
| jsoniter.go:39:31:39:45 | untrustedString | jsoniter.go:39:48:39:53 | &... | provenance | MaD:421 |
| jsoniter.go:39:31:39:45 | untrustedString | jsoniter.go:39:48:39:53 | &... | provenance | MaD:360 |
| jsoniter.go:39:48:39:53 | &... | jsoniter.go:40:15:40:25 | selection of field | provenance | |
nodes
| jsoniter.go:23:20:23:38 | call to getUntrustedBytes | semmle.label | call to getUntrustedBytes |

6
go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected
View File

@@ -1,10 +1,10 @@
edges
| EndToEnd.go:35:2:35:4 | definition of buf | EndToEnd.go:37:24:37:26 | buf | provenance | |
| EndToEnd.go:36:18:36:25 | selection of Params | EndToEnd.go:36:18:36:30 | selection of Form | provenance | |
| EndToEnd.go:36:18:36:30 | selection of Form | EndToEnd.go:36:18:36:47 | call to Get | provenance | MaD:815 |
| EndToEnd.go:36:18:36:47 | call to Get | EndToEnd.go:35:2:35:4 | definition of buf | provenance | MaD:629 |
| EndToEnd.go:36:18:36:30 | selection of Form | EndToEnd.go:36:18:36:47 | call to Get | provenance | MaD:754 |
| EndToEnd.go:36:18:36:47 | call to Get | EndToEnd.go:35:2:35:4 | definition of buf | provenance | MaD:568 |
| EndToEnd.go:69:22:69:29 | selection of Params | EndToEnd.go:69:22:69:34 | selection of Form | provenance | |
| EndToEnd.go:69:22:69:34 | selection of Form | EndToEnd.go:69:22:69:51 | call to Get | provenance | MaD:815 |
| EndToEnd.go:69:22:69:34 | selection of Form | EndToEnd.go:69:22:69:51 | call to Get | provenance | MaD:754 |
| Revel.go:70:22:70:29 | selection of Params | Revel.go:70:22:70:35 | selection of Query | provenance | |
| examples/booking/app/init.go:36:44:36:48 | selection of URL | examples/booking/app/init.go:36:44:36:53 | selection of Path | provenance | |
| examples/booking/app/init.go:40:49:40:53 | selection of URL | examples/booking/app/init.go:40:49:40:58 | selection of Path | provenance | |

4
go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected
View File

@@ -1,8 +1,8 @@
edges
| EndToEnd.go:58:18:58:25 | selection of Params | EndToEnd.go:58:18:58:30 | selection of Form | provenance | |
| EndToEnd.go:58:18:58:30 | selection of Form | EndToEnd.go:58:18:58:47 | call to Get | provenance | MaD:815 |
| EndToEnd.go:58:18:58:30 | selection of Form | EndToEnd.go:58:18:58:47 | call to Get | provenance | MaD:754 |
| EndToEnd.go:64:26:64:33 | selection of Params | EndToEnd.go:64:26:64:38 | selection of Form | provenance | |
| EndToEnd.go:64:26:64:38 | selection of Form | EndToEnd.go:64:26:64:55 | call to Get | provenance | MaD:815 |
| EndToEnd.go:64:26:64:38 | selection of Form | EndToEnd.go:64:26:64:55 | call to Get | provenance | MaD:754 |
nodes
| EndToEnd.go:58:18:58:25 | selection of Params | semmle.label | selection of Params |
| EndToEnd.go:58:18:58:30 | selection of Form | semmle.label | selection of Form |

4
go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected
View File

@@ -6,9 +6,9 @@ edges
| rpc/notes/service.twirp.go:493:2:493:2 | capture variable reqContent | rpc/notes/service.twirp.go:495:35:495:44 | reqContent | provenance | |
| rpc/notes/service.twirp.go:495:35:495:44 | reqContent | server/main.go:19:56:19:61 | definition of params | provenance | |
| rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | rpc/notes/service.twirp.go:544:27:544:29 | buf | provenance | |
| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | provenance | MaD:620 |
| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | provenance | MaD:559 |
| rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | rpc/notes/service.twirp.go:574:2:574:2 | capture variable reqContent | provenance | |
| rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | provenance | MaD:505 |
| rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | provenance | MaD:444 |
| rpc/notes/service.twirp.go:554:6:554:13 | definition of typedReq | rpc/notes/service.twirp.go:558:44:558:51 | typedReq | provenance | |
| rpc/notes/service.twirp.go:558:44:558:51 | typedReq | server/main.go:19:56:19:61 | definition of params | provenance | |
| rpc/notes/service.twirp.go:574:2:574:2 | capture variable reqContent | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | provenance | |

38
go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected
View File

@@ -1,40 +1,40 @@
edges
| test.go:12:12:12:22 | selection of URL | test.go:12:12:12:30 | call to Query | provenance | MaD:808 |
| test.go:12:12:12:30 | call to Query | test.go:12:12:12:44 | call to Get | provenance | MaD:815 |
| test.go:12:12:12:22 | selection of URL | test.go:12:12:12:30 | call to Query | provenance | MaD:747 |
| test.go:12:12:12:30 | call to Query | test.go:12:12:12:44 | call to Get | provenance | MaD:754 |
| test.go:12:12:12:44 | call to Get | test.go:15:42:15:47 | param1 | provenance | |
| test.go:15:22:15:48 | call to UnescapeString | test.go:15:15:15:49 | type conversion | provenance | |
| test.go:15:42:15:47 | param1 | test.go:15:22:15:48 | call to UnescapeString | provenance | MaD:487 |
| test.go:15:42:15:47 | param1 | test.go:15:22:15:48 | call to UnescapeString | provenance | MaD:426 |
| test.go:17:2:17:36 | ... := ...[0] | test.go:18:15:18:31 | type conversion | provenance | |
| test.go:17:2:17:36 | ... := ...[0] | test.go:29:22:29:25 | node | provenance | |
| test.go:17:24:17:35 | selection of Body | test.go:17:2:17:36 | ... := ...[0] | provenance | MaD:482 |
| test.go:17:24:17:35 | selection of Body | test.go:17:2:17:36 | ... := ...[0] | provenance | MaD:421 |
| test.go:20:2:20:48 | ... := ...[0] | test.go:21:15:21:32 | type conversion | provenance | |
| test.go:20:36:20:47 | selection of Body | test.go:20:2:20:48 | ... := ...[0] | provenance | MaD:485 |
| test.go:20:36:20:47 | selection of Body | test.go:20:2:20:48 | ... := ...[0] | provenance | MaD:424 |
| test.go:23:2:23:50 | ... := ...[0] | test.go:24:15:24:35 | type conversion | provenance | |
| test.go:23:33:23:44 | selection of Body | test.go:23:2:23:50 | ... := ...[0] | provenance | MaD:483 |
| test.go:23:33:23:44 | selection of Body | test.go:23:2:23:50 | ... := ...[0] | provenance | MaD:422 |
| test.go:26:2:26:62 | ... := ...[0] | test.go:27:15:27:36 | type conversion | provenance | |
| test.go:26:45:26:56 | selection of Body | test.go:26:2:26:62 | ... := ...[0] | provenance | MaD:484 |
| test.go:26:45:26:56 | selection of Body | test.go:26:2:26:62 | ... := ...[0] | provenance | MaD:423 |
| test.go:31:15:31:45 | call to NewTokenizer | test.go:32:15:32:23 | tokenizer | provenance | |
| test.go:31:15:31:45 | call to NewTokenizer | test.go:33:15:33:23 | tokenizer | provenance | |
| test.go:31:15:31:45 | call to NewTokenizer | test.go:34:17:34:25 | tokenizer | provenance | |
| test.go:31:15:31:45 | call to NewTokenizer | test.go:36:15:36:23 | tokenizer | provenance | |
| test.go:31:15:31:45 | call to NewTokenizer | test.go:37:22:37:30 | tokenizer | provenance | |
| test.go:31:33:31:44 | selection of Body | test.go:31:15:31:45 | call to NewTokenizer | provenance | MaD:480 |
| test.go:32:15:32:23 | tokenizer | test.go:32:15:32:34 | call to Buffered | provenance | MaD:490 |
| test.go:33:15:33:23 | tokenizer | test.go:33:15:33:29 | call to Raw | provenance | MaD:491 |
| test.go:31:33:31:44 | selection of Body | test.go:31:15:31:45 | call to NewTokenizer | provenance | MaD:419 |
| test.go:32:15:32:23 | tokenizer | test.go:32:15:32:34 | call to Buffered | provenance | MaD:429 |
| test.go:33:15:33:23 | tokenizer | test.go:33:15:33:29 | call to Raw | provenance | MaD:430 |
| test.go:34:2:34:35 | ... := ...[1] | test.go:35:15:35:19 | value | provenance | |
| test.go:34:17:34:25 | tokenizer | test.go:34:2:34:35 | ... := ...[1] | provenance | MaD:492 |
| test.go:36:15:36:23 | tokenizer | test.go:36:15:36:30 | call to Text | provenance | MaD:493 |
| test.go:37:22:37:30 | tokenizer | test.go:37:22:37:38 | call to Token | provenance | MaD:494 |
| test.go:34:17:34:25 | tokenizer | test.go:34:2:34:35 | ... := ...[1] | provenance | MaD:431 |
| test.go:36:15:36:23 | tokenizer | test.go:36:15:36:30 | call to Text | provenance | MaD:432 |
| test.go:37:22:37:30 | tokenizer | test.go:37:22:37:38 | call to Token | provenance | MaD:433 |
| test.go:37:22:37:38 | call to Token | test.go:37:15:37:44 | type conversion | provenance | |
| test.go:39:23:39:77 | call to NewTokenizerFragment | test.go:40:15:40:31 | tokenizerFragment | provenance | |
| test.go:39:49:39:60 | selection of Body | test.go:39:23:39:77 | call to NewTokenizerFragment | provenance | MaD:481 |
| test.go:40:15:40:31 | tokenizerFragment | test.go:40:15:40:42 | call to Buffered | provenance | MaD:490 |
| test.go:39:49:39:60 | selection of Body | test.go:39:23:39:77 | call to NewTokenizerFragment | provenance | MaD:420 |
| test.go:40:15:40:31 | tokenizerFragment | test.go:40:15:40:42 | call to Buffered | provenance | MaD:429 |
| test.go:42:6:42:14 | definition of cleanNode | test.go:45:22:45:31 | &... | provenance | |
| test.go:42:6:42:14 | definition of cleanNode | test.go:45:22:45:31 | &... | provenance | |
| test.go:42:6:42:14 | definition of cleanNode | test.go:45:23:45:31 | cleanNode | provenance | |
| test.go:43:2:43:43 | ... := ...[0] | test.go:44:24:44:34 | taintedNode | provenance | |
| test.go:43:31:43:42 | selection of Body | test.go:43:2:43:43 | ... := ...[0] | provenance | MaD:482 |
| test.go:44:24:44:34 | taintedNode | test.go:42:6:42:14 | definition of cleanNode | provenance | MaD:488 |
| test.go:43:31:43:42 | selection of Body | test.go:43:2:43:43 | ... := ...[0] | provenance | MaD:421 |
| test.go:44:24:44:34 | taintedNode | test.go:42:6:42:14 | definition of cleanNode | provenance | MaD:427 |
| test.go:45:22:45:31 | &... | test.go:45:22:45:31 | &... | provenance | |
| test.go:45:22:45:31 | &... | test.go:45:22:45:31 | &... | provenance | |
| test.go:45:22:45:31 | &... | test.go:45:23:45:31 | cleanNode | provenance | |
@@ -46,8 +46,8 @@ edges
| test.go:47:6:47:15 | definition of cleanNode2 | test.go:50:22:50:32 | &... | provenance | |
| test.go:47:6:47:15 | definition of cleanNode2 | test.go:50:23:50:32 | cleanNode2 | provenance | |
| test.go:48:2:48:44 | ... := ...[0] | test.go:49:26:49:37 | taintedNode2 | provenance | |
| test.go:48:32:48:43 | selection of Body | test.go:48:2:48:44 | ... := ...[0] | provenance | MaD:482 |
| test.go:49:26:49:37 | taintedNode2 | test.go:47:6:47:15 | definition of cleanNode2 | provenance | MaD:489 |
| test.go:48:32:48:43 | selection of Body | test.go:48:2:48:44 | ... := ...[0] | provenance | MaD:421 |
| test.go:49:26:49:37 | taintedNode2 | test.go:47:6:47:15 | definition of cleanNode2 | provenance | MaD:428 |
| test.go:50:22:50:32 | &... | test.go:50:22:50:32 | &... | provenance | |
| test.go:50:22:50:32 | &... | test.go:50:22:50:32 | &... | provenance | |
| test.go:50:22:50:32 | &... | test.go:50:23:50:32 | cleanNode2 | provenance | |

4
go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/SqlInjection.expected
View File

@@ -1,6 +1,6 @@
edges
| test.go:56:2:56:42 | ... := ...[0] | test.go:57:29:57:40 | selection of Value | provenance | Src:MaD:740 |
| test.go:57:29:57:40 | selection of Value | test.go:57:11:57:41 | call to EscapeString | provenance | MaD:479 |
| test.go:56:2:56:42 | ... := ...[0] | test.go:57:29:57:40 | selection of Value | provenance | Src:MaD:679 |
| test.go:57:29:57:40 | selection of Value | test.go:57:11:57:41 | call to EscapeString | provenance | MaD:418 |
nodes
| test.go:56:2:56:42 | ... := ...[0] | semmle.label | ... := ...[0] |
| test.go:57:11:57:41 | call to EscapeString | semmle.label | call to EscapeString |

4
go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected
View File

@@ -7,9 +7,9 @@ edges
| UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate | provenance | |
| ZipSlip.go:11:2:15:2 | range statement[1] | ZipSlip.go:12:24:12:29 | selection of Name | provenance | |
| ZipSlip.go:12:3:12:30 | ... := ...[0] | ZipSlip.go:14:20:14:20 | p | provenance | |
| ZipSlip.go:12:24:12:29 | selection of Name | ZipSlip.go:12:3:12:30 | ... := ...[0] | provenance | MaD:820 |
| ZipSlip.go:12:24:12:29 | selection of Name | ZipSlip.go:12:3:12:30 | ... := ...[0] | provenance | MaD:759 |
| tarslip.go:15:2:15:30 | ... := ...[0] | tarslip.go:16:23:16:33 | selection of Name | provenance | |
| tarslip.go:16:23:16:33 | selection of Name | tarslip.go:16:14:16:34 | call to Dir | provenance | MaD:835 |
| tarslip.go:16:23:16:33 | selection of Name | tarslip.go:16:14:16:34 | call to Dir | provenance | MaD:774 |
| tst.go:23:2:43:2 | range statement[1] | tst.go:29:20:29:23 | path | provenance | |
nodes
| UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate | semmle.label | definition of candidate |

16
go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
View File

@@ -1,27 +1,27 @@
edges
| ArgumentInjection.go:9:10:9:16 | selection of URL | ArgumentInjection.go:9:10:9:24 | call to Query | provenance | MaD:808 |
| ArgumentInjection.go:9:10:9:16 | selection of URL | ArgumentInjection.go:9:10:9:24 | call to Query | provenance | MaD:747 |
| ArgumentInjection.go:9:10:9:24 | call to Query | ArgumentInjection.go:10:31:10:34 | path | provenance | |
| CommandInjection2.go:13:15:13:21 | selection of URL | CommandInjection2.go:13:15:13:29 | call to Query | provenance | MaD:808 |
| CommandInjection2.go:13:15:13:21 | selection of URL | CommandInjection2.go:13:15:13:29 | call to Query | provenance | MaD:747 |
| CommandInjection2.go:13:15:13:29 | call to Query | CommandInjection2.go:15:67:15:75 | imageName | provenance | |
| CommandInjection2.go:15:34:15:88 | []type{args} [array] | CommandInjection2.go:15:34:15:88 | call to Sprintf | provenance | MaD:248 |
| CommandInjection2.go:15:67:15:75 | imageName | CommandInjection2.go:15:34:15:88 | []type{args} [array] | provenance | |
| CommandInjection2.go:15:67:15:75 | imageName | CommandInjection2.go:15:34:15:88 | call to Sprintf | provenance | FunctionModel |
| CommandInjection2.go:41:15:41:21 | selection of URL | CommandInjection2.go:41:15:41:29 | call to Query | provenance | MaD:808 |
| CommandInjection2.go:41:15:41:21 | selection of URL | CommandInjection2.go:41:15:41:29 | call to Query | provenance | MaD:747 |
| CommandInjection2.go:41:15:41:29 | call to Query | CommandInjection2.go:44:67:44:75 | imageName | provenance | |
| CommandInjection2.go:44:34:44:88 | []type{args} [array] | CommandInjection2.go:44:34:44:88 | call to Sprintf | provenance | MaD:248 |
| CommandInjection2.go:44:67:44:75 | imageName | CommandInjection2.go:44:34:44:88 | []type{args} [array] | provenance | |
| CommandInjection2.go:44:67:44:75 | imageName | CommandInjection2.go:44:34:44:88 | call to Sprintf | provenance | FunctionModel |
| CommandInjection.go:9:13:9:19 | selection of URL | CommandInjection.go:9:13:9:27 | call to Query | provenance | MaD:808 |
| CommandInjection.go:9:13:9:19 | selection of URL | CommandInjection.go:9:13:9:27 | call to Query | provenance | MaD:747 |
| CommandInjection.go:9:13:9:27 | call to Query | CommandInjection.go:10:22:10:28 | cmdName | provenance | |
| GitSubcommands.go:11:13:11:19 | selection of URL | GitSubcommands.go:11:13:11:27 | call to Query | provenance | MaD:808 |
| GitSubcommands.go:11:13:11:19 | selection of URL | GitSubcommands.go:11:13:11:27 | call to Query | provenance | MaD:747 |
| GitSubcommands.go:11:13:11:27 | call to Query | GitSubcommands.go:13:31:13:37 | tainted | provenance | |
| GitSubcommands.go:11:13:11:27 | call to Query | GitSubcommands.go:14:31:14:37 | tainted | provenance | |
| GitSubcommands.go:11:13:11:27 | call to Query | GitSubcommands.go:15:30:15:36 | tainted | provenance | |
| GitSubcommands.go:11:13:11:27 | call to Query | GitSubcommands.go:16:35:16:41 | tainted | provenance | |
| GitSubcommands.go:11:13:11:27 | call to Query | GitSubcommands.go:17:36:17:42 | tainted | provenance | |
| GitSubcommands.go:33:13:33:19 | selection of URL | GitSubcommands.go:33:13:33:27 | call to Query | provenance | MaD:808 |
| GitSubcommands.go:33:13:33:19 | selection of URL | GitSubcommands.go:33:13:33:27 | call to Query | provenance | MaD:747 |
| GitSubcommands.go:33:13:33:27 | call to Query | GitSubcommands.go:38:32:38:38 | tainted | provenance | |
| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:9:13:9:27 | call to Query | provenance | MaD:808 |
| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:9:13:9:27 | call to Query | provenance | MaD:747 |
| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:13:25:13:31 | tainted | provenance | |
| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance | |
| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:39:31:39:37 | tainted | provenance | |
@@ -56,7 +56,7 @@ edges
| SanitizingDoubleDash.go:69:21:69:28 | arrayLit | SanitizingDoubleDash.go:69:14:69:35 | call to append | provenance | MaD:28 |
| SanitizingDoubleDash.go:69:21:69:28 | arrayLit [array] | SanitizingDoubleDash.go:69:14:69:35 | call to append | provenance | MaD:29 |
| SanitizingDoubleDash.go:69:21:69:28 | arrayLit [array] | SanitizingDoubleDash.go:69:14:69:35 | call to append [array] | provenance | MaD:29 |
| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:92:13:92:27 | call to Query | provenance | MaD:808 |
| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:92:13:92:27 | call to Query | provenance | MaD:747 |
| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:95:25:95:31 | tainted | provenance | |
| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:96:24:96:34 | slice expression | provenance | |
| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:100:31:100:37 | tainted | provenance | |

36
go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
View File

@@ -1,18 +1,18 @@
edges
| ReflectedXss.go:11:15:11:20 | selection of Form | ReflectedXss.go:11:15:11:36 | call to Get | provenance | MaD:815 |
| ReflectedXss.go:11:15:11:20 | selection of Form | ReflectedXss.go:11:15:11:36 | call to Get | provenance | MaD:754 |
| ReflectedXss.go:11:15:11:36 | call to Get | ReflectedXss.go:14:44:14:51 | username | provenance | |
| contenttype.go:11:11:11:16 | selection of Form | contenttype.go:11:11:11:28 | call to Get | provenance | MaD:815 |
| contenttype.go:11:11:11:16 | selection of Form | contenttype.go:11:11:11:28 | call to Get | provenance | MaD:754 |
| contenttype.go:11:11:11:28 | call to Get | contenttype.go:17:11:17:22 | type conversion | provenance | |
| contenttype.go:49:11:49:16 | selection of Form | contenttype.go:49:11:49:28 | call to Get | provenance | MaD:815 |
| contenttype.go:49:11:49:16 | selection of Form | contenttype.go:49:11:49:28 | call to Get | provenance | MaD:754 |
| contenttype.go:49:11:49:28 | call to Get | contenttype.go:53:34:53:37 | data | provenance | |
| contenttype.go:63:10:63:28 | call to FormValue | contenttype.go:64:52:64:55 | data | provenance | Src:MaD:743 |
| contenttype.go:73:10:73:28 | call to FormValue | contenttype.go:79:11:79:14 | data | provenance | Src:MaD:743 |
| contenttype.go:88:10:88:28 | call to FormValue | contenttype.go:91:4:91:7 | data | provenance | Src:MaD:743 |
| contenttype.go:113:10:113:28 | call to FormValue | contenttype.go:114:50:114:53 | data | provenance | Src:MaD:743 |
| reflectedxsstest.go:31:2:31:44 | ... := ...[0] | reflectedxsstest.go:32:34:32:37 | file | provenance | Src:MaD:742 |
| reflectedxsstest.go:31:2:31:44 | ... := ...[1] | reflectedxsstest.go:34:46:34:60 | selection of Filename | provenance | Src:MaD:742 |
| contenttype.go:63:10:63:28 | call to FormValue | contenttype.go:64:52:64:55 | data | provenance | Src:MaD:682 |
| contenttype.go:73:10:73:28 | call to FormValue | contenttype.go:79:11:79:14 | data | provenance | Src:MaD:682 |
| contenttype.go:88:10:88:28 | call to FormValue | contenttype.go:91:4:91:7 | data | provenance | Src:MaD:682 |
| contenttype.go:113:10:113:28 | call to FormValue | contenttype.go:114:50:114:53 | data | provenance | Src:MaD:682 |
| reflectedxsstest.go:31:2:31:44 | ... := ...[0] | reflectedxsstest.go:32:34:32:37 | file | provenance | Src:MaD:681 |
| reflectedxsstest.go:31:2:31:44 | ... := ...[1] | reflectedxsstest.go:34:46:34:60 | selection of Filename | provenance | Src:MaD:681 |
| reflectedxsstest.go:32:2:32:38 | ... := ...[0] | reflectedxsstest.go:33:49:33:55 | content | provenance | |
| reflectedxsstest.go:32:34:32:37 | file | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | provenance | MaD:613 |
| reflectedxsstest.go:32:34:32:37 | file | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | provenance | MaD:552 |
| reflectedxsstest.go:33:17:33:56 | []type{args} [array] | reflectedxsstest.go:33:17:33:56 | call to Sprintf | provenance | MaD:248 |
| reflectedxsstest.go:33:17:33:56 | call to Sprintf | reflectedxsstest.go:33:10:33:57 | type conversion | provenance | |
| reflectedxsstest.go:33:49:33:55 | content | reflectedxsstest.go:33:17:33:56 | []type{args} [array] | provenance | |
@@ -21,25 +21,25 @@ edges
| reflectedxsstest.go:34:17:34:61 | call to Sprintf | reflectedxsstest.go:34:10:34:62 | type conversion | provenance | |
| reflectedxsstest.go:34:46:34:60 | selection of Filename | reflectedxsstest.go:34:17:34:61 | []type{args} [array] | provenance | |
| reflectedxsstest.go:34:46:34:60 | selection of Filename | reflectedxsstest.go:34:17:34:61 | call to Sprintf | provenance | FunctionModel |
| reflectedxsstest.go:38:2:38:35 | ... := ...[0] | reflectedxsstest.go:39:16:39:21 | reader | provenance | Src:MaD:744 |
| reflectedxsstest.go:38:2:38:35 | ... := ...[0] | reflectedxsstest.go:39:16:39:21 | reader | provenance | Src:MaD:683 |
| reflectedxsstest.go:39:2:39:32 | ... := ...[0] | reflectedxsstest.go:40:14:40:17 | part | provenance | |
| reflectedxsstest.go:39:2:39:32 | ... := ...[0] | reflectedxsstest.go:42:2:42:5 | part | provenance | |
| reflectedxsstest.go:39:16:39:21 | reader | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | provenance | MaD:703 |
| reflectedxsstest.go:40:14:40:17 | part | reflectedxsstest.go:40:14:40:28 | call to FileName | provenance | MaD:701 |
| reflectedxsstest.go:39:16:39:21 | reader | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | provenance | MaD:642 |
| reflectedxsstest.go:40:14:40:17 | part | reflectedxsstest.go:40:14:40:28 | call to FileName | provenance | MaD:640 |
| reflectedxsstest.go:40:14:40:28 | call to FileName | reflectedxsstest.go:44:46:44:53 | partName | provenance | |
| reflectedxsstest.go:41:2:41:10 | definition of byteSlice | reflectedxsstest.go:45:10:45:18 | byteSlice | provenance | |
| reflectedxsstest.go:42:2:42:5 | part | reflectedxsstest.go:41:2:41:10 | definition of byteSlice | provenance | MaD:626 |
| reflectedxsstest.go:42:2:42:5 | part | reflectedxsstest.go:41:2:41:10 | definition of byteSlice | provenance | MaD:565 |
| reflectedxsstest.go:44:17:44:54 | []type{args} [array] | reflectedxsstest.go:44:17:44:54 | call to Sprintf | provenance | MaD:248 |
| reflectedxsstest.go:44:17:44:54 | call to Sprintf | reflectedxsstest.go:44:10:44:55 | type conversion | provenance | |
| reflectedxsstest.go:44:46:44:53 | partName | reflectedxsstest.go:44:17:44:54 | []type{args} [array] | provenance | |
| reflectedxsstest.go:44:46:44:53 | partName | reflectedxsstest.go:44:17:44:54 | call to Sprintf | provenance | FunctionModel |
| reflectedxsstest.go:51:14:51:18 | selection of URL | reflectedxsstest.go:51:14:51:26 | call to Query | provenance | MaD:808 |
| reflectedxsstest.go:51:14:51:18 | selection of URL | reflectedxsstest.go:51:14:51:26 | call to Query | provenance | MaD:747 |
| reflectedxsstest.go:51:14:51:26 | call to Query | reflectedxsstest.go:54:11:54:21 | type conversion | provenance | |
| tst.go:14:15:14:20 | selection of Form | tst.go:14:15:14:36 | call to Get | provenance | MaD:815 |
| tst.go:14:15:14:20 | selection of Form | tst.go:14:15:14:36 | call to Get | provenance | MaD:754 |
| tst.go:14:15:14:36 | call to Get | tst.go:18:32:18:32 | a | provenance | |
| tst.go:18:19:18:38 | call to Join | tst.go:18:12:18:39 | type conversion | provenance | |
| tst.go:18:32:18:32 | a | tst.go:18:19:18:38 | call to Join | provenance | MaD:907 |
| tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:34 | call to Get | provenance | MaD:815 |
| tst.go:18:32:18:32 | a | tst.go:18:19:18:38 | call to Join | provenance | MaD:846 |
| tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:34 | call to Get | provenance | MaD:754 |
| tst.go:48:14:48:34 | call to Get | tst.go:53:12:53:26 | type conversion | provenance | |
| websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | provenance | |
| websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | provenance | |

22
go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
View File

@@ -1,12 +1,12 @@
edges
| SqlInjection.go:10:7:11:30 | []type{args} [array] | SqlInjection.go:10:7:11:30 | call to Sprintf | provenance | MaD:248 |
| SqlInjection.go:10:7:11:30 | call to Sprintf | SqlInjection.go:12:11:12:11 | q | provenance | |
| SqlInjection.go:11:3:11:9 | selection of URL | SqlInjection.go:11:3:11:17 | call to Query | provenance | MaD:808 |
| SqlInjection.go:11:3:11:9 | selection of URL | SqlInjection.go:11:3:11:17 | call to Query | provenance | MaD:747 |
| SqlInjection.go:11:3:11:17 | call to Query | SqlInjection.go:11:3:11:29 | index expression | provenance | |
| SqlInjection.go:11:3:11:29 | index expression | SqlInjection.go:10:7:11:30 | []type{args} [array] | provenance | |
| SqlInjection.go:11:3:11:29 | index expression | SqlInjection.go:10:7:11:30 | call to Sprintf | provenance | FunctionModel |
| issue48.go:17:2:17:33 | ... := ...[0] | issue48.go:18:17:18:17 | b | provenance | |
| issue48.go:17:25:17:32 | selection of Body | issue48.go:17:2:17:33 | ... := ...[0] | provenance | MaD:613 |
| issue48.go:17:25:17:32 | selection of Body | issue48.go:17:2:17:33 | ... := ...[0] | provenance | MaD:552 |
| issue48.go:18:17:18:17 | b | issue48.go:18:20:18:39 | &... | provenance | MaD:187 |
| issue48.go:18:20:18:39 | &... | issue48.go:21:3:21:33 | index expression | provenance | |
| issue48.go:20:8:21:34 | []type{args} [array] | issue48.go:20:8:21:34 | call to Sprintf | provenance | MaD:248 |
@@ -14,7 +14,7 @@ edges
| issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | []type{args} [array] | provenance | |
| issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | call to Sprintf | provenance | FunctionModel |
| issue48.go:27:2:27:34 | ... := ...[0] | issue48.go:28:17:28:18 | b2 | provenance | |
| issue48.go:27:26:27:33 | selection of Body | issue48.go:27:2:27:34 | ... := ...[0] | provenance | MaD:613 |
| issue48.go:27:26:27:33 | selection of Body | issue48.go:27:2:27:34 | ... := ...[0] | provenance | MaD:552 |
| issue48.go:28:17:28:18 | b2 | issue48.go:28:21:28:41 | &... | provenance | MaD:187 |
| issue48.go:28:21:28:41 | &... | issue48.go:31:3:31:31 | selection of Category | provenance | |
| issue48.go:30:8:31:32 | []type{args} [array] | issue48.go:30:8:31:32 | call to Sprintf | provenance | MaD:248 |
@@ -22,7 +22,7 @@ edges
| issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | []type{args} [array] | provenance | |
| issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | call to Sprintf | provenance | FunctionModel |
| issue48.go:37:17:37:50 | type conversion | issue48.go:37:53:37:73 | &... | provenance | MaD:187 |
| issue48.go:37:24:37:30 | selection of URL | issue48.go:37:24:37:38 | call to Query | provenance | MaD:808 |
| issue48.go:37:24:37:30 | selection of URL | issue48.go:37:24:37:38 | call to Query | provenance | MaD:747 |
| issue48.go:37:24:37:38 | call to Query | issue48.go:37:17:37:50 | type conversion | provenance | |
| issue48.go:37:53:37:73 | &... | issue48.go:40:3:40:31 | selection of Category | provenance | |
| issue48.go:39:8:40:32 | []type{args} [array] | issue48.go:39:8:40:32 | call to Sprintf | provenance | MaD:248 |
@@ -31,17 +31,17 @@ edges
| issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | call to Sprintf | provenance | FunctionModel |
| main.go:11:11:11:16 | selection of Form | main.go:11:11:11:28 | index expression | provenance | |
| main.go:15:11:15:84 | []type{args} [array] | main.go:15:11:15:84 | call to Sprintf | provenance | MaD:248 |
| main.go:15:63:15:67 | selection of URL | main.go:15:63:15:75 | call to Query | provenance | MaD:808 |
| main.go:15:63:15:67 | selection of URL | main.go:15:63:15:75 | call to Query | provenance | MaD:747 |
| main.go:15:63:15:75 | call to Query | main.go:15:63:15:83 | index expression | provenance | |
| main.go:15:63:15:83 | index expression | main.go:15:11:15:84 | []type{args} [array] | provenance | |
| main.go:15:63:15:83 | index expression | main.go:15:11:15:84 | call to Sprintf | provenance | FunctionModel |
| main.go:16:11:16:85 | []type{args} [array] | main.go:16:11:16:85 | call to Sprintf | provenance | MaD:248 |
| main.go:16:63:16:70 | selection of Header | main.go:16:63:16:84 | call to Get | provenance | MaD:728 |
| main.go:16:63:16:70 | selection of Header | main.go:16:63:16:84 | call to Get | provenance | MaD:667 |
| main.go:16:63:16:84 | call to Get | main.go:16:11:16:85 | []type{args} [array] | provenance | |
| main.go:16:63:16:84 | call to Get | main.go:16:11:16:85 | call to Sprintf | provenance | FunctionModel |
| main.go:28:17:31:2 | &... [pointer, Category] | main.go:34:3:34:13 | RequestData [pointer, Category] | provenance | |
| main.go:28:18:31:2 | struct literal [Category] | main.go:28:17:31:2 | &... [pointer, Category] | provenance | |
| main.go:30:13:30:19 | selection of URL | main.go:30:13:30:27 | call to Query | provenance | MaD:808 |
| main.go:30:13:30:19 | selection of URL | main.go:30:13:30:27 | call to Query | provenance | MaD:747 |
| main.go:30:13:30:27 | call to Query | main.go:30:13:30:39 | index expression | provenance | |
| main.go:30:13:30:39 | index expression | main.go:28:18:31:2 | struct literal [Category] | provenance | |
| main.go:33:7:34:23 | []type{args} [array] | main.go:33:7:34:23 | call to Sprintf | provenance | MaD:248 |
@@ -54,7 +54,7 @@ edges
| main.go:39:2:39:12 | definition of RequestData [pointer, Category] | main.go:43:3:43:13 | RequestData [pointer, Category] | provenance | |
| main.go:40:2:40:12 | RequestData [pointer, Category] | main.go:40:2:40:12 | implicit dereference [Category] | provenance | |
| main.go:40:2:40:12 | implicit dereference [Category] | main.go:39:2:39:12 | definition of RequestData [pointer, Category] | provenance | |
| main.go:40:25:40:31 | selection of URL | main.go:40:25:40:39 | call to Query | provenance | MaD:808 |
| main.go:40:25:40:31 | selection of URL | main.go:40:25:40:39 | call to Query | provenance | MaD:747 |
| main.go:40:25:40:39 | call to Query | main.go:40:25:40:51 | index expression | provenance | |
| main.go:40:25:40:51 | index expression | main.go:40:2:40:12 | implicit dereference [Category] | provenance | |
| main.go:42:7:43:23 | []type{args} [array] | main.go:42:7:43:23 | call to Sprintf | provenance | MaD:248 |
@@ -67,7 +67,7 @@ edges
| main.go:48:2:48:12 | definition of RequestData [pointer, Category] | main.go:52:3:52:13 | RequestData [pointer, Category] | provenance | |
| main.go:49:3:49:14 | star expression [Category] | main.go:48:2:48:12 | definition of RequestData [pointer, Category] | provenance | |
| main.go:49:4:49:14 | RequestData [pointer, Category] | main.go:49:3:49:14 | star expression [Category] | provenance | |
| main.go:49:28:49:34 | selection of URL | main.go:49:28:49:42 | call to Query | provenance | MaD:808 |
| main.go:49:28:49:34 | selection of URL | main.go:49:28:49:42 | call to Query | provenance | MaD:747 |
| main.go:49:28:49:42 | call to Query | main.go:49:28:49:54 | index expression | provenance | |
| main.go:49:28:49:54 | index expression | main.go:49:3:49:14 | star expression [Category] | provenance | |
| main.go:51:7:52:23 | []type{args} [array] | main.go:51:7:52:23 | call to Sprintf | provenance | MaD:248 |
@@ -80,7 +80,7 @@ edges
| main.go:57:2:57:12 | definition of RequestData [pointer, Category] | main.go:61:5:61:15 | RequestData [pointer, Category] | provenance | |
| main.go:58:3:58:14 | star expression [Category] | main.go:57:2:57:12 | definition of RequestData [pointer, Category] | provenance | |
| main.go:58:4:58:14 | RequestData [pointer, Category] | main.go:58:3:58:14 | star expression [Category] | provenance | |
| main.go:58:28:58:34 | selection of URL | main.go:58:28:58:42 | call to Query | provenance | MaD:808 |
| main.go:58:28:58:34 | selection of URL | main.go:58:28:58:42 | call to Query | provenance | MaD:747 |
| main.go:58:28:58:42 | call to Query | main.go:58:28:58:54 | index expression | provenance | |
| main.go:58:28:58:54 | index expression | main.go:58:3:58:14 | star expression [Category] | provenance | |
| main.go:60:7:61:26 | []type{args} [array] | main.go:60:7:61:26 | call to Sprintf | provenance | MaD:248 |
@@ -89,7 +89,7 @@ edges
| main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | call to Sprintf | provenance | FunctionModel |
| main.go:61:4:61:15 | star expression [Category] | main.go:61:3:61:25 | selection of Category | provenance | |
| main.go:61:5:61:15 | RequestData [pointer, Category] | main.go:61:4:61:15 | star expression [Category] | provenance | |
| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:42:28:42:41 | untrustedInput | provenance | Src:MaD:746 |
| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:42:28:42:41 | untrustedInput | provenance | Src:MaD:685 |
| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:50:34:50:39 | filter | provenance | |
| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:61:27:61:32 | filter | provenance | |
| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:63:23:63:28 | filter | provenance | |

4
go/ql/test/query-tests/Security/CWE-089/StringBreak.expected
View File

@@ -2,10 +2,10 @@ edges
| StringBreak.go:10:2:10:40 | ... := ...[0] | StringBreak.go:14:47:14:57 | versionJSON | provenance | |
| StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | StringBreakMismatched.go:13:29:13:47 | type conversion | provenance | |
| StringBreakMismatched.go:13:13:13:62 | call to Replace | StringBreakMismatched.go:17:26:17:32 | escaped | provenance | |
| StringBreakMismatched.go:13:29:13:47 | type conversion | StringBreakMismatched.go:13:13:13:62 | call to Replace | provenance | MaD:911 |
| StringBreakMismatched.go:13:29:13:47 | type conversion | StringBreakMismatched.go:13:13:13:62 | call to Replace | provenance | MaD:850 |
| StringBreakMismatched.go:24:2:24:40 | ... := ...[0] | StringBreakMismatched.go:25:29:25:47 | type conversion | provenance | |
| StringBreakMismatched.go:25:13:25:61 | call to Replace | StringBreakMismatched.go:29:27:29:33 | escaped | provenance | |
| StringBreakMismatched.go:25:29:25:47 | type conversion | StringBreakMismatched.go:25:13:25:61 | call to Replace | provenance | MaD:911 |
| StringBreakMismatched.go:25:29:25:47 | type conversion | StringBreakMismatched.go:25:13:25:61 | call to Replace | provenance | MaD:850 |
nodes
| StringBreak.go:10:2:10:40 | ... := ...[0] | semmle.label | ... := ...[0] |
| StringBreak.go:14:47:14:57 | versionJSON | semmle.label | versionJSON |

2
go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected
View File

@@ -9,7 +9,7 @@ edges
| sample.go:33:2:33:6 | definition of nonce | sample.go:37:25:37:29 | nonce | provenance | |
| sample.go:33:2:33:6 | definition of nonce | sample.go:37:32:37:36 | nonce | provenance | |
| sample.go:34:12:34:40 | call to New | sample.go:35:14:35:19 | random | provenance | |
| sample.go:35:14:35:19 | random | sample.go:33:2:33:6 | definition of nonce | provenance | MaD:622 |
| sample.go:35:14:35:19 | random | sample.go:33:2:33:6 | definition of nonce | provenance | MaD:561 |
| sample.go:55:17:55:42 | call to Intn | sample.go:56:29:56:38 | randNumber | provenance | |
| sample.go:56:11:56:40 | type conversion | sample.go:58:32:58:43 | type conversion | provenance | |
| sample.go:56:18:56:39 | index expression | sample.go:56:11:56:40 | type conversion | provenance | |

14
go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected
View File

@@ -1,16 +1,16 @@
edges
| go-jose.v3.go:25:16:25:20 | selection of URL | go-jose.v3.go:25:16:25:28 | call to Query | provenance | MaD:808 |
| go-jose.v3.go:25:16:25:28 | call to Query | go-jose.v3.go:25:16:25:47 | call to Get | provenance | MaD:815 |
| go-jose.v3.go:25:16:25:20 | selection of URL | go-jose.v3.go:25:16:25:28 | call to Query | provenance | MaD:747 |
| go-jose.v3.go:25:16:25:28 | call to Query | go-jose.v3.go:25:16:25:47 | call to Get | provenance | MaD:754 |
| go-jose.v3.go:25:16:25:47 | call to Get | go-jose.v3.go:26:15:26:25 | signedToken | provenance | |
| go-jose.v3.go:26:15:26:25 | signedToken | go-jose.v3.go:29:19:29:29 | definition of signedToken | provenance | |
| go-jose.v3.go:29:19:29:29 | definition of signedToken | go-jose.v3.go:31:37:31:47 | signedToken | provenance | |
| go-jose.v3.go:31:2:31:48 | ... := ...[0] | go-jose.v3.go:33:12:33:23 | DecodedToken | provenance | Sink:MaD:394 |
| go-jose.v3.go:31:37:31:47 | signedToken | go-jose.v3.go:31:2:31:48 | ... := ...[0] | provenance | MaD:396 |
| golang-jwt-v5.go:28:16:28:20 | selection of URL | golang-jwt-v5.go:28:16:28:28 | call to Query | provenance | MaD:808 |
| golang-jwt-v5.go:28:16:28:28 | call to Query | golang-jwt-v5.go:28:16:28:47 | call to Get | provenance | MaD:815 |
| go-jose.v3.go:31:2:31:48 | ... := ...[0] | go-jose.v3.go:33:12:33:23 | DecodedToken | provenance | Sink:MaD:333 |
| go-jose.v3.go:31:37:31:47 | signedToken | go-jose.v3.go:31:2:31:48 | ... := ...[0] | provenance | MaD:335 |
| golang-jwt-v5.go:28:16:28:20 | selection of URL | golang-jwt-v5.go:28:16:28:28 | call to Query | provenance | MaD:747 |
| golang-jwt-v5.go:28:16:28:28 | call to Query | golang-jwt-v5.go:28:16:28:47 | call to Get | provenance | MaD:754 |
| golang-jwt-v5.go:28:16:28:47 | call to Get | golang-jwt-v5.go:29:25:29:35 | signedToken | provenance | |
| golang-jwt-v5.go:29:25:29:35 | signedToken | golang-jwt-v5.go:32:29:32:39 | definition of signedToken | provenance | |
| golang-jwt-v5.go:32:29:32:39 | definition of signedToken | golang-jwt-v5.go:34:58:34:68 | signedToken | provenance | Sink:MaD:408 |
| golang-jwt-v5.go:32:29:32:39 | definition of signedToken | golang-jwt-v5.go:34:58:34:68 | signedToken | provenance | Sink:MaD:347 |
nodes
| go-jose.v3.go:25:16:25:20 | selection of URL | semmle.label | selection of URL |
| go-jose.v3.go:25:16:25:28 | call to Query | semmle.label | call to Query |

4
go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected
View File

@@ -12,8 +12,8 @@ edges
| main.go:68:17:68:24 | argument corresponding to redirect | main.go:73:20:73:27 | redirect | provenance | |
| main.go:68:17:68:24 | definition of redirect | main.go:73:20:73:27 | redirect | provenance | |
| main.go:73:9:73:28 | call to Clean | main.go:77:25:77:39 | call to getTarget1 | provenance | |
| main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:834 |
| main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:834 |
| main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:773 |
| main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:773 |
| main.go:76:19:76:21 | argument corresponding to url | main.go:77:36:77:38 | url | provenance | |
| main.go:77:36:77:38 | url | main.go:68:17:68:24 | definition of redirect | provenance | |
| main.go:77:36:77:38 | url | main.go:77:25:77:39 | call to getTarget1 | provenance | |

4
go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected
View File

@@ -43,11 +43,11 @@ edges
| stdlib.go:162:24:162:26 | url | stdlib.go:162:24:162:35 | call to String | provenance | Config |
| stdlib.go:173:35:173:39 | selection of URL | stdlib.go:173:35:173:52 | call to RequestURI | provenance | Config |
| stdlib.go:173:35:173:52 | call to RequestURI | stdlib.go:173:24:173:52 | ...+... | provenance | Config |
| stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:184:23:184:28 | target | provenance | Src:MaD:743 |
| stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:184:23:184:28 | target | provenance | Src:MaD:682 |
| stdlib.go:190:3:190:8 | definition of target | stdlib.go:192:23:192:28 | target | provenance | |
| stdlib.go:190:3:190:8 | definition of target | stdlib.go:194:23:194:28 | target | provenance | |
| stdlib.go:190:3:190:57 | ... := ...[0] | stdlib.go:190:3:190:8 | definition of target | provenance | |
| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:190:3:190:57 | ... := ...[0] | provenance | Src:MaD:743 Config |
| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:190:3:190:57 | ... := ...[0] | provenance | Src:MaD:682 Config |
| stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:190:3:190:8 | definition of target | provenance | Config |
| stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:192:23:192:33 | selection of Path | provenance | Config |
| stdlib.go:192:23:192:28 | target | stdlib.go:192:23:192:28 | implicit dereference | provenance | Config |

26
go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected
View File

@@ -1,23 +1,23 @@
edges
| EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:9:10:9:29 | call to Get | provenance | MaD:728 |
| EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:9:10:9:29 | call to Get | provenance | MaD:667 |
| EmailBad.go:9:10:9:29 | call to Get | EmailBad.go:12:56:12:67 | type conversion | provenance | |
| main.go:29:21:29:31 | call to Referer | main.go:31:57:31:78 | type conversion | provenance | Src:MaD:746 |
| main.go:37:21:37:31 | call to Referer | main.go:41:25:41:38 | untrustedInput | provenance | Src:MaD:746 |
| main.go:41:25:41:38 | untrustedInput | main.go:40:3:40:7 | definition of write | provenance | MaD:625 |
| main.go:46:21:46:31 | call to Referer | main.go:52:46:52:59 | untrustedInput | provenance | Src:MaD:746 |
| main.go:46:21:46:31 | call to Referer | main.go:53:52:53:65 | untrustedInput | provenance | Src:MaD:746 |
| main.go:58:21:58:31 | call to Referer | main.go:60:47:60:60 | untrustedInput | provenance | Src:MaD:746 |
| main.go:29:21:29:31 | call to Referer | main.go:31:57:31:78 | type conversion | provenance | Src:MaD:685 |
| main.go:37:21:37:31 | call to Referer | main.go:41:25:41:38 | untrustedInput | provenance | Src:MaD:685 |
| main.go:41:25:41:38 | untrustedInput | main.go:40:3:40:7 | definition of write | provenance | MaD:564 |
| main.go:46:21:46:31 | call to Referer | main.go:52:46:52:59 | untrustedInput | provenance | Src:MaD:685 |
| main.go:46:21:46:31 | call to Referer | main.go:53:52:53:65 | untrustedInput | provenance | Src:MaD:685 |
| main.go:58:21:58:31 | call to Referer | main.go:60:47:60:60 | untrustedInput | provenance | Src:MaD:685 |
| main.go:60:14:60:61 | call to NewContent | main.go:63:16:63:22 | content | provenance | |
| main.go:60:47:60:60 | untrustedInput | main.go:60:14:60:61 | call to NewContent | provenance | MaD:457 |
| main.go:68:21:68:31 | call to Referer | main.go:74:47:74:60 | untrustedInput | provenance | Src:MaD:746 |
| main.go:60:47:60:60 | untrustedInput | main.go:60:14:60:61 | call to NewContent | provenance | MaD:396 |
| main.go:68:21:68:31 | call to Referer | main.go:74:47:74:60 | untrustedInput | provenance | Src:MaD:685 |
| main.go:74:14:74:61 | call to NewContent | main.go:76:50:76:56 | content | provenance | |
| main.go:74:14:74:61 | call to NewContent | main.go:76:59:76:65 | content | provenance | |
| main.go:74:14:74:61 | call to NewContent | main.go:77:16:77:22 | content | provenance | |
| main.go:74:47:74:60 | untrustedInput | main.go:74:14:74:61 | call to NewContent | provenance | MaD:457 |
| main.go:82:21:82:31 | call to Referer | main.go:89:37:89:50 | untrustedInput | provenance | Src:MaD:746 |
| main.go:82:21:82:31 | call to Referer | main.go:91:48:91:61 | untrustedInput | provenance | Src:MaD:746 |
| main.go:74:47:74:60 | untrustedInput | main.go:74:14:74:61 | call to NewContent | provenance | MaD:396 |
| main.go:82:21:82:31 | call to Referer | main.go:89:37:89:50 | untrustedInput | provenance | Src:MaD:685 |
| main.go:82:21:82:31 | call to Referer | main.go:91:48:91:61 | untrustedInput | provenance | Src:MaD:685 |
| main.go:91:15:91:62 | call to NewContent | main.go:93:16:93:23 | content2 | provenance | |
| main.go:91:48:91:61 | untrustedInput | main.go:91:15:91:62 | call to NewContent | provenance | MaD:457 |
| main.go:91:48:91:61 | untrustedInput | main.go:91:15:91:62 | call to NewContent | provenance | MaD:396 |
nodes
| EmailBad.go:9:10:9:17 | selection of Header | semmle.label | selection of Header |
| EmailBad.go:9:10:9:29 | call to Get | semmle.label | call to Get |

24
go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected
View File

@@ -1,16 +1,16 @@
edges
| XPathInjection.go:13:14:13:19 | selection of Form | XPathInjection.go:13:14:13:35 | call to Get | provenance | MaD:815 |
| XPathInjection.go:13:14:13:19 | selection of Form | XPathInjection.go:13:14:13:35 | call to Get | provenance | MaD:754 |
| XPathInjection.go:13:14:13:35 | call to Get | XPathInjection.go:16:29:16:91 | ...+... | provenance | |
| tst.go:34:14:34:19 | selection of Form | tst.go:34:14:34:35 | call to Get | provenance | MaD:815 |
| tst.go:34:14:34:19 | selection of Form | tst.go:34:14:34:35 | call to Get | provenance | MaD:754 |
| tst.go:34:14:34:35 | call to Get | tst.go:37:23:37:85 | ...+... | provenance | |
| tst.go:34:14:34:35 | call to Get | tst.go:40:24:40:86 | ...+... | provenance | |
| tst.go:34:14:34:35 | call to Get | tst.go:43:24:43:82 | ...+... | provenance | |
| tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:35 | call to Get | provenance | MaD:815 |
| tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:35 | call to Get | provenance | MaD:754 |
| tst.go:48:14:48:35 | call to Get | tst.go:51:26:51:84 | ...+... | provenance | |
| tst.go:48:14:48:35 | call to Get | tst.go:54:29:54:87 | ...+... | provenance | |
| tst.go:48:14:48:35 | call to Get | tst.go:57:33:57:91 | ...+... | provenance | |
| tst.go:48:14:48:35 | call to Get | tst.go:60:30:60:88 | ...+... | provenance | |
| tst.go:65:14:65:19 | selection of Form | tst.go:65:14:65:35 | call to Get | provenance | MaD:815 |
| tst.go:65:14:65:19 | selection of Form | tst.go:65:14:65:35 | call to Get | provenance | MaD:754 |
| tst.go:65:14:65:35 | call to Get | tst.go:68:25:68:83 | ...+... | provenance | |
| tst.go:65:14:65:35 | call to Get | tst.go:71:28:71:86 | ...+... | provenance | |
| tst.go:65:14:65:35 | call to Get | tst.go:74:25:74:83 | ...+... | provenance | |
@@ -19,38 +19,38 @@ edges
| tst.go:65:14:65:35 | call to Get | tst.go:83:29:83:87 | ...+... | provenance | |
| tst.go:65:14:65:35 | call to Get | tst.go:86:23:86:85 | ...+... | provenance | |
| tst.go:65:14:65:35 | call to Get | tst.go:89:22:89:84 | ...+... | provenance | |
| tst.go:94:14:94:19 | selection of Form | tst.go:94:14:94:35 | call to Get | provenance | MaD:815 |
| tst.go:94:14:94:19 | selection of Form | tst.go:94:14:94:35 | call to Get | provenance | MaD:754 |
| tst.go:94:14:94:35 | call to Get | tst.go:97:26:97:84 | ...+... | provenance | |
| tst.go:94:14:94:35 | call to Get | tst.go:100:29:100:87 | ...+... | provenance | |
| tst.go:94:14:94:35 | call to Get | tst.go:103:33:103:91 | ...+... | provenance | |
| tst.go:94:14:94:35 | call to Get | tst.go:106:30:106:88 | ...+... | provenance | |
| tst.go:111:14:111:19 | selection of Form | tst.go:111:14:111:35 | call to Get | provenance | MaD:815 |
| tst.go:111:14:111:19 | selection of Form | tst.go:111:14:111:35 | call to Get | provenance | MaD:754 |
| tst.go:111:14:111:35 | call to Get | tst.go:114:25:114:87 | ...+... | provenance | |
| tst.go:111:14:111:35 | call to Get | tst.go:117:26:117:88 | ...+... | provenance | |
| tst.go:122:14:122:19 | selection of Form | tst.go:122:14:122:35 | call to Get | provenance | MaD:815 |
| tst.go:122:14:122:19 | selection of Form | tst.go:122:14:122:35 | call to Get | provenance | MaD:754 |
| tst.go:122:14:122:35 | call to Get | tst.go:126:23:126:126 | ...+... | provenance | |
| tst.go:122:14:122:35 | call to Get | tst.go:129:24:129:127 | ...+... | provenance | |
| tst.go:122:14:122:35 | call to Get | tst.go:132:27:132:122 | ...+... | provenance | |
| tst.go:123:14:123:19 | selection of Form | tst.go:123:14:123:35 | call to Get | provenance | MaD:815 |
| tst.go:123:14:123:19 | selection of Form | tst.go:123:14:123:35 | call to Get | provenance | MaD:754 |
| tst.go:123:14:123:35 | call to Get | tst.go:126:23:126:126 | ...+... | provenance | |
| tst.go:123:14:123:35 | call to Get | tst.go:129:24:129:127 | ...+... | provenance | |
| tst.go:123:14:123:35 | call to Get | tst.go:132:27:132:122 | ...+... | provenance | |
| tst.go:140:14:140:19 | selection of Form | tst.go:140:14:140:35 | call to Get | provenance | MaD:815 |
| tst.go:140:14:140:19 | selection of Form | tst.go:140:14:140:35 | call to Get | provenance | MaD:754 |
| tst.go:140:14:140:35 | call to Get | tst.go:143:27:143:89 | ...+... | provenance | |
| tst.go:140:14:140:35 | call to Get | tst.go:146:28:146:90 | ...+... | provenance | |
| tst.go:151:14:151:19 | selection of Form | tst.go:151:14:151:35 | call to Get | provenance | MaD:815 |
| tst.go:151:14:151:19 | selection of Form | tst.go:151:14:151:35 | call to Get | provenance | MaD:754 |
| tst.go:151:14:151:35 | call to Get | tst.go:155:33:155:136 | ...+... | provenance | |
| tst.go:151:14:151:35 | call to Get | tst.go:158:18:158:121 | ...+... | provenance | |
| tst.go:151:14:151:35 | call to Get | tst.go:164:31:164:126 | ...+... | provenance | |
| tst.go:151:14:151:35 | call to Get | tst.go:173:21:173:116 | ...+... | provenance | |
| tst.go:151:14:151:35 | call to Get | tst.go:182:27:182:122 | ...+... | provenance | |
| tst.go:152:14:152:19 | selection of Form | tst.go:152:14:152:35 | call to Get | provenance | MaD:815 |
| tst.go:152:14:152:19 | selection of Form | tst.go:152:14:152:35 | call to Get | provenance | MaD:754 |
| tst.go:152:14:152:35 | call to Get | tst.go:155:33:155:136 | ...+... | provenance | |
| tst.go:152:14:152:35 | call to Get | tst.go:158:18:158:121 | ...+... | provenance | |
| tst.go:152:14:152:35 | call to Get | tst.go:164:31:164:126 | ...+... | provenance | |
| tst.go:152:14:152:35 | call to Get | tst.go:173:21:173:116 | ...+... | provenance | |
| tst.go:152:14:152:35 | call to Get | tst.go:182:27:182:122 | ...+... | provenance | |
| tst.go:193:14:193:19 | selection of Form | tst.go:193:14:193:35 | call to Get | provenance | MaD:815 |
| tst.go:193:14:193:19 | selection of Form | tst.go:193:14:193:35 | call to Get | provenance | MaD:754 |
| tst.go:193:14:193:35 | call to Get | tst.go:198:23:198:85 | ...+... | provenance | |
nodes
| XPathInjection.go:13:14:13:19 | selection of Form | semmle.label | selection of Form |

34
go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected
View File

@@ -1,12 +1,12 @@
edges
| RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | provenance | Src:MaD:743 |
| tst.go:10:13:10:35 | call to FormValue | tst.go:14:11:14:17 | tainted | provenance | Src:MaD:743 |
| tst.go:10:13:10:35 | call to FormValue | tst.go:18:12:18:18 | tainted | provenance | Src:MaD:743 |
| tst.go:10:13:10:35 | call to FormValue | tst.go:21:34:21:40 | tainted | provenance | Src:MaD:743 |
| tst.go:10:13:10:35 | call to FormValue | tst.go:24:66:24:72 | tainted | provenance | Src:MaD:743 |
| tst.go:10:13:10:35 | call to FormValue | tst.go:27:11:27:29 | ...+... | provenance | Src:MaD:743 |
| tst.go:10:13:10:35 | call to FormValue | tst.go:29:11:29:40 | ...+... | provenance | Src:MaD:743 |
| tst.go:10:13:10:35 | call to FormValue | tst.go:36:11:36:17 | tainted | provenance | Src:MaD:743 |
| RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | provenance | Src:MaD:682 |
| tst.go:10:13:10:35 | call to FormValue | tst.go:14:11:14:17 | tainted | provenance | Src:MaD:682 |
| tst.go:10:13:10:35 | call to FormValue | tst.go:18:12:18:18 | tainted | provenance | Src:MaD:682 |
| tst.go:10:13:10:35 | call to FormValue | tst.go:21:34:21:40 | tainted | provenance | Src:MaD:682 |
| tst.go:10:13:10:35 | call to FormValue | tst.go:24:66:24:72 | tainted | provenance | Src:MaD:682 |
| tst.go:10:13:10:35 | call to FormValue | tst.go:27:11:27:29 | ...+... | provenance | Src:MaD:682 |
| tst.go:10:13:10:35 | call to FormValue | tst.go:29:11:29:40 | ...+... | provenance | Src:MaD:682 |
| tst.go:10:13:10:35 | call to FormValue | tst.go:36:11:36:17 | tainted | provenance | Src:MaD:682 |
| tst.go:35:2:35:2 | definition of u [pointer] | tst.go:36:2:36:2 | u [pointer] | provenance | |
| tst.go:36:2:36:2 | implicit dereference | tst.go:35:2:35:2 | definition of u [pointer] | provenance | |
| tst.go:36:2:36:2 | implicit dereference | tst.go:36:2:36:2 | u | provenance | |
@@ -18,15 +18,15 @@ edges
| tst.go:36:11:36:17 | tainted | tst.go:36:2:36:2 | u | provenance | Config |
| tst.go:36:11:36:17 | tainted | tst.go:37:11:37:11 | u | provenance | Config |
| tst.go:37:11:37:11 | u | tst.go:37:11:37:20 | call to String | provenance | MaD:238 |
| websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | provenance | Src:MaD:746 |
| websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | provenance | Src:MaD:746 |
| websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | provenance | Src:MaD:746 |
| websocket.go:107:21:107:31 | call to Referer | websocket.go:110:15:110:28 | untrustedInput | provenance | Src:MaD:746 |
| websocket.go:126:21:126:31 | call to Referer | websocket.go:129:38:129:51 | untrustedInput | provenance | Src:MaD:746 |
| websocket.go:154:21:154:31 | call to Referer | websocket.go:155:31:155:44 | untrustedInput | provenance | Src:MaD:746 |
| websocket.go:160:21:160:31 | call to Referer | websocket.go:162:31:162:44 | untrustedInput | provenance | Src:MaD:746 |
| websocket.go:195:21:195:31 | call to Referer | websocket.go:197:18:197:31 | untrustedInput | provenance | Src:MaD:746 |
| websocket.go:202:21:202:31 | call to Referer | websocket.go:204:11:204:24 | untrustedInput | provenance | Src:MaD:746 |
| websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | provenance | Src:MaD:685 |
| websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | provenance | Src:MaD:685 |
| websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | provenance | Src:MaD:685 |
| websocket.go:107:21:107:31 | call to Referer | websocket.go:110:15:110:28 | untrustedInput | provenance | Src:MaD:685 |
| websocket.go:126:21:126:31 | call to Referer | websocket.go:129:38:129:51 | untrustedInput | provenance | Src:MaD:685 |
| websocket.go:154:21:154:31 | call to Referer | websocket.go:155:31:155:44 | untrustedInput | provenance | Src:MaD:685 |
| websocket.go:160:21:160:31 | call to Referer | websocket.go:162:31:162:44 | untrustedInput | provenance | Src:MaD:685 |
| websocket.go:195:21:195:31 | call to Referer | websocket.go:197:18:197:31 | untrustedInput | provenance | Src:MaD:685 |
| websocket.go:202:21:202:31 | call to Referer | websocket.go:204:11:204:24 | untrustedInput | provenance | Src:MaD:685 |
nodes
| RequestForgery.go:8:12:8:34 | call to FormValue | semmle.label | call to FormValue |
| RequestForgery.go:11:24:11:65 | ...+... | semmle.label | ...+... |

4
java/kotlin-extractor/src/main/java/com/semmle/util/process/Env.java
View File

@@ -50,10 +50,6 @@ public class Env {
* The location of any caches used by the toolchain, including compilation caches, trap caches, etc.
*/
SEMMLE_CACHE,
/**
* The location of the toolchain files, including the odasa jar, our queries etc.
*/
SEMMLE_DIST,
/**
* If running from a git tree, the root of the tree.
*/

4
java/ql/lib/change-notes/2024-07-03-env-var-semmle-dist.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: breaking
---
* The Java extractor no longer supports the `SEMMLE_DIST` legacy environment variable.

7
javascript/ql/lib/semmle/javascript/frameworks/helmet/Helmet.Required.Setting.model.yml Normal file
View File

@@ -0,0 +1,7 @@
extensions:
- addsTo:
pack: codeql/javascript-queries
extensible: requiredHelmetSecuritySetting
data:
- ["frameguard"]
- ["contentSecurityPolicy"]

36
javascript/ql/src/Security/CWE-693/CUSTOMIZING.md Normal file
View File

@@ -0,0 +1,36 @@
# Insecure Helmet Configuration - customizations
You can extend the required [Helmet security settings](https://helmetjs.github.io/) using [data extensions](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-javascript/) in a [CodeQL model pack](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack).
They are defaulted to just `frameguard` and `contentSecurityPolicy`, but you can add more using this method, to require them not to be set to `false` (which explicitly disables them) in the Helmet configuration.
For example, this YAML model can be used inside a CodeQL model pack to require `frameguard` and `contentSecurityPolicy`:
```yaml
extensions:
- addsTo:
pack: codeql/javascript-all
extensible: requiredHelmetSecuritySetting
data:
- ["frameguard"]
- ["contentSecurityPolicy"]
```
Note: Using `frameguard` and `contentSecurityPolicy` is an example: the query already enforces these, so it is not necessary to add it with your own data extension.
A suitable [model pack](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack) might be:
```yaml
name: my-org/javascript-helmet-insecure-config-model-pack
version: 1.0.0
extensionTargets:
codeql/java-all: '*'
dataExtensions:
- models/**/*.yml
```
## References
- [Helmet security settings](https://helmetjs.github.io/)
- [Customizing library models for javascript](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-javascript/)
- [Creating and working with CodeQL packs](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack)

71
javascript/ql/src/Security/CWE-693/InsecureHelmet.qhelp Normal file
View File

@@ -0,0 +1,71 @@
<!DOCTYPE qhelp SYSTEM "qhelp.dtd">
<qhelp>
<overview>
<p>
<a href="https://helmetjs.github.io/">Helmet</a> is a collection of middleware functions for securing Express apps. It sets various HTTP headers to guard against common web vulnerabilities.
This query detects Helmet misconfigurations that can lead to security vulnerabilities, specifically:
</p>
<ul>
<li>Disabling frame protection</li>
<li>Disabling Content Security Policy</li>
</ul>
<p>
Content Security Policy (CSP) helps spot and prevent injection attacks such as Cross-Site Scripting (XSS).
Removing frame protections exposes an application to attacks such as clickjacking, where an attacker can trick a user into clicking on a button or link on a targeted page when they intended to click on the page carrying out the attack.
</p>
<p>
Users of the query can extend the set of required Helmet features by adding additional checks for them, using CodeQL <a href="https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-javascript/">data extensions</a> in a <a href="https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack">CodeQL model pack</a>. See <code>CUSTOMIZING.md</code> in the query source for more information.
</p>
</overview>
<recommendation>
<p>
To help mitigate these vulnerabilities, ensure that the following Helmet functions are not disabled, and are configured appropriately to your application:
</p>
<ul>
<li><code>frameguard</code></li>
<li><code>contentSecurityPolicy</code></li>
</ul>
</recommendation>
<example>
<p>
The following code snippet demonstrates Helmet configured in an insecure manner:
</p>
<sample src="examples/helmet_insecure.js" />
<p>
In this example, the defaults are used, which enables frame protection and a default Content Security Policy.
</p>
<sample src="examples/helmet_default.js" />
<p>
You can also enable a custom Content Security Policy by passing an object to the <code>contentSecurityPolicy</code> key. For example, taken from the <a href="https://helmetjs.github.io/#content-security-policy">Helmet docs</a>:
</p>
<sample src="examples/helmet_custom.js" />
</example>
<references>
<li>
<a href="https://helmetjs.github.io/">helmet.js website</a>
</li>
<li>
<a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy">Content Security Policy (CSP) | MDN</a>
</li>
<li>
<a href="https://infosec.mozilla.org/guidelines/web_security">Mozilla Web Security Guidelines</a>
</li>
<li>
<a href="https://developer.mozilla.org/en-US/docs/Web/Security#protect_against_clickjacking">Protect against clickjacking | MDN</a>
</li>
</references>
</qhelp>

47
javascript/ql/src/Security/CWE-693/InsecureHelmet.ql Normal file
View File

@@ -0,0 +1,47 @@
/**
* @name Insecure configuration of Helmet security middleware
* @description The Helmet middleware is used to set security-related HTTP headers in Express applications. This query finds instances where the middleware is configured with important security features disabled.
* @kind problem
* @problem.severity error
* @security-severity 7.0
* @precision high
* @id js/insecure-helmet-configuration
* @tags security
* external/cwe/cwe-693
* external/cwe/cwe-1021
*/
import javascript
import DataFlow
import semmle.javascript.frameworks.ExpressModules
class HelmetProperty extends DataFlow::Node instanceof DataFlow::PropWrite {
ExpressLibraries::HelmetRouteHandler helmet;
HelmetProperty() {
this = helmet.(DataFlow::CallNode).getAnArgument().getALocalSource().getAPropertyWrite()
}
ExpressLibraries::HelmetRouteHandler getHelmet() { result = helmet }
predicate isFalse() { DataFlow::PropWrite.super.getRhs().mayHaveBooleanValue(false) }
string getName() { result = DataFlow::PropWrite.super.getPropertyName() }
predicate isImportantSecuritySetting() {
// read from data extensions to allow enforcing custom settings
// defaults are located in javascript/ql/lib/semmle/frameworks/helmet/Helmet.Required.Setting.model.yml
requiredHelmetSecuritySetting(this.getName())
}
}
extensible predicate requiredHelmetSecuritySetting(string name);
from HelmetProperty helmetProperty, ExpressLibraries::HelmetRouteHandler helmet
where
helmetProperty.isFalse() and
helmetProperty.isImportantSecuritySetting() and
helmetProperty.getHelmet() = helmet
select helmet,
"Helmet security middleware, configured with security setting $@ set to 'false', which disables enforcing that feature.",
helmetProperty, helmetProperty.getName()

10
javascript/ql/src/Security/CWE-693/examples/helmet_custom.js Normal file
View File

@@ -0,0 +1,10 @@
app.use(
helmet({
contentSecurityPolicy: {
directives: {
"script-src": ["'self'", "example.com"],
"style-src": null,
},
},
})
);

1
javascript/ql/src/Security/CWE-693/examples/helmet_default.js Normal file
View File

@@ -0,0 +1 @@
app.use(helmet());

6
javascript/ql/src/Security/CWE-693/examples/helmet_insecure.js Normal file
View File

@@ -0,0 +1,6 @@
const helmet = require('helmet');
app.use(helmet({
frameguard: false,
contentSecurityPolicy: false
}));

4
javascript/ql/src/change-notes/2024-06-19-insecure-helmet-config.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: newQuery
---
* Added a new query, `js/insecure-helmet-configuration`, to detect instances where Helmet middleware is configured with important security features disabled.

Some files were not shown because too many files have changed in this diff Show More