hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #19817 from d10c/d10c/convert-tests-to-qlref

Browse Source 
Convert remaining `{go,swift,ruby}-code-scanning.qls` query tests to `.qlref`
This commit is contained in:
Nora Dimitrijević
2025-06-24 16:31:13 +02:00
committed by GitHub
parent afcd8c3047 35a48e7f41
commit c4a385fa6a
42 changed files with 1373 additions and 643 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
go/ql/test/query-tests/Security/CWE-681/FilterTestResults.ql Normal file
View File

@@ -0,0 +1,15 @@
/**
* @kind test-postprocess
* @description Remove the query predicates that differ based on 32/64-bit architecture. This should leave behind `invalidModelRowAdd` and `testFailures` in case of test failures.
*/
/**
* The input test results: query predicate `relation` contains `data` at (`row`, `column`).
*/
external private predicate queryResults(string relation, int row, int column, string data);
/** Holds if the test output's query predicate `relation` contains `data` at (`row`, `column`). */
query predicate results(string relation, int row, int column, string data) {
queryResults(relation, row, column, data) and
not relation in ["#select", "nodes", "edges"]
}

2
go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.expected
View File

@@ -1,2 +0,0 @@
invalidModelRow
testFailures

262
go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.go
View File

@@ -24,7 +24,7 @@ func lookupNumberByName(reg *registry, name string) (int32, error) {
return 567, nil
}
func lab(s string) (*something, error) {
num, err := strconv.Atoi(s)
num, err := strconv.Atoi(s) // $ Source
if err != nil {
number, err := lookupNumberByName(&registry{}, s)
@@ -33,7 +33,7 @@ func lab(s string) (*something, error) {
}
num = int(number)
}
target, err := lookupTarget(&config{}, int32(num)) // $ hasValueFlow="num"
target, err := lookupTarget(&config{}, int32(num)) // $ Alert
if err != nil {
return nil, err
}
@@ -63,12 +63,12 @@ func testParseInt() {
_ = uint(parsed)
}
{
parsed, err := strconv.ParseInt("3456", 10, 16)
parsed, err := strconv.ParseInt("3456", 10, 16) // $ Source
if err != nil {
panic(err)
}
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed)
_ = uint16(parsed)
_ = int32(parsed)
@@ -79,14 +79,14 @@ func testParseInt() {
_ = uint(parsed)
}
{
parsed, err := strconv.ParseInt("3456", 10, 32)
parsed, err := strconv.ParseInt("3456", 10, 32) // $ Source
if err != nil {
panic(err)
}
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed)
_ = uint32(parsed)
_ = int64(parsed)
@@ -95,32 +95,32 @@ func testParseInt() {
_ = uint(parsed)
}
{
parsed, err := strconv.ParseInt("3456", 10, 64)
parsed, err := strconv.ParseInt("3456", 10, 64) // $ Source
if err != nil {
panic(err)
}
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = uint32(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed) // $ Alert
_ = uint32(parsed) // $ Alert
_ = int64(parsed)
_ = uint64(parsed)
_ = int(parsed) // $ hasValueFlow="parsed"
_ = uint(parsed) // $ hasValueFlow="parsed"
_ = int(parsed) // $ Alert
_ = uint(parsed) // $ Alert
}
{
parsed, err := strconv.ParseInt("3456", 10, 0)
parsed, err := strconv.ParseInt("3456", 10, 0) // $ Source
if err != nil {
panic(err)
}
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = uint32(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed) // $ Alert
_ = uint32(parsed) // $ Alert
_ = int64(parsed)
_ = uint64(parsed)
_ = int(parsed)
@@ -130,11 +130,11 @@ func testParseInt() {
func testParseUint() {
{
parsed, err := strconv.ParseUint("3456", 10, 8)
parsed, err := strconv.ParseUint("3456", 10, 8) // $ Source
if err != nil {
panic(err)
}
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed)
_ = int16(parsed)
_ = uint16(parsed)
@@ -146,13 +146,13 @@ func testParseUint() {
_ = uint(parsed)
}
{
parsed, err := strconv.ParseUint("3456", 10, 16)
parsed, err := strconv.ParseUint("3456", 10, 16) // $ Source
if err != nil {
panic(err)
}
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed)
_ = int32(parsed)
_ = uint32(parsed)
@@ -162,66 +162,66 @@ func testParseUint() {
_ = uint(parsed)
}
{
parsed, err := strconv.ParseUint("3456", 10, 32)
parsed, err := strconv.ParseUint("3456", 10, 32) // $ Source
if err != nil {
panic(err)
}
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed) // $ Alert
_ = uint32(parsed)
_ = int64(parsed)
_ = uint64(parsed)
_ = int(parsed) // $ hasValueFlow="parsed"
_ = int(parsed) // $ Alert
_ = uint(parsed)
}
{
parsed, err := strconv.ParseUint("3456", 10, 64)
parsed, err := strconv.ParseUint("3456", 10, 64) // $ Source
if err != nil {
panic(err)
}
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = uint32(parsed) // $ hasValueFlow="parsed"
_ = int64(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed) // $ Alert
_ = uint32(parsed) // $ Alert
_ = int64(parsed) // $ Alert
_ = uint64(parsed)
_ = int(parsed) // $ hasValueFlow="parsed"
_ = uint(parsed) // $ hasValueFlow="parsed"
_ = int(parsed) // $ Alert
_ = uint(parsed) // $ Alert
}
{
parsed, err := strconv.ParseUint("3456", 10, 0)
parsed, err := strconv.ParseUint("3456", 10, 0) // $ Source
if err != nil {
panic(err)
}
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = uint32(parsed) // $ hasValueFlow="parsed"
_ = int64(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed) // $ Alert
_ = uint32(parsed) // $ Alert
_ = int64(parsed) // $ Alert
_ = uint64(parsed)
_ = int(parsed) // $ hasValueFlow="parsed"
_ = int(parsed) // $ Alert
_ = uint(parsed)
}
}
func testAtoi() {
parsed, err := strconv.Atoi("3456")
parsed, err := strconv.Atoi("3456") // $ Source
if err != nil {
panic(err)
}
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = uint32(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed) // $ Alert
_ = uint32(parsed) // $ Alert
_ = int64(parsed)
_ = uint64(parsed)
_ = int(parsed)
@@ -233,19 +233,19 @@ type customInt int16
// these should be caught:
func typeAliases(input string) {
{
parsed, err := strconv.ParseInt(input, 10, 32)
parsed, err := strconv.ParseInt(input, 10, 32) // $ Source
if err != nil {
panic(err)
}
// NOTE: byte is uint8
_ = byte(parsed) // $ hasValueFlow="parsed"
_ = customInt(parsed) // $ hasValueFlow="parsed"
_ = byte(parsed) // $ Alert
_ = customInt(parsed) // $ Alert
}
}
func testBoundsChecking(input string) {
{
parsed, err := strconv.Atoi(input)
parsed, err := strconv.Atoi(input) // $ Source
if err != nil {
panic(err)
}
@@ -253,13 +253,13 @@ func testBoundsChecking(input string) {
_ = int8(parsed)
}
if parsed < math.MaxInt8 {
_ = int8(parsed) // $ MISSING: hasValueFlow="parsed" // Not found because we only check for upper bounds
_ = int8(parsed) // $ MISSING: Alert // Not found because we only check for upper bounds
if parsed >= 0 {
_ = int16(parsed)
}
}
if parsed >= math.MinInt8 {
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
if parsed <= 0 {
_ = int16(parsed)
}
@@ -271,51 +271,51 @@ func testBoundsChecking(input string) {
}
}
{
parsed, err := strconv.ParseUint(input, 10, 0)
parsed, err := strconv.ParseUint(input, 10, 0) // $ Source
if err != nil {
panic(err)
}
if parsed <= math.MaxUint64 {
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = uint32(parsed) // $ hasValueFlow="parsed"
_ = int64(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed) // $ Alert
_ = uint32(parsed) // $ Alert
_ = int64(parsed) // $ Alert
_ = uint64(parsed)
_ = int(parsed) // $ hasValueFlow="parsed"
_ = int(parsed) // $ Alert
_ = uint(parsed)
}
if parsed <= math.MaxInt64 {
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = uint32(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed) // $ Alert
_ = uint32(parsed) // $ Alert
_ = int64(parsed)
_ = uint64(parsed)
_ = int(parsed) // $ hasValueFlow="parsed"
_ = int(parsed) // $ Alert
_ = uint(parsed)
}
if parsed <= math.MaxUint32 {
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed) // $ Alert
_ = uint32(parsed)
_ = int64(parsed)
_ = uint64(parsed)
_ = int(parsed) // $ hasValueFlow="parsed"
_ = int(parsed) // $ Alert
_ = uint(parsed)
}
if parsed <= math.MaxInt32 {
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed)
_ = uint32(parsed)
_ = int64(parsed)
@@ -325,25 +325,25 @@ func testBoundsChecking(input string) {
}
}
{
parsed, err := strconv.ParseUint(input, 10, 32)
parsed, err := strconv.ParseUint(input, 10, 32) // $ Source
if err != nil {
panic(err)
}
if parsed <= math.MaxUint16 {
_ = uint16(parsed)
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ Alert
}
if parsed <= 255 {
_ = uint8(parsed)
}
if parsed <= 256 {
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ Alert
}
if err == nil && 1 == 1 && parsed < math.MaxInt8 {
_ = int8(parsed)
}
if parsed > 42 {
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ Alert
}
if parsed >= math.MaxUint8+1 {
return
@@ -389,64 +389,64 @@ func testRightShifted(input string) {
_ = byte(parsed >> 8 & 0xff)
}
{
parsed, err := strconv.ParseInt(input, 10, 16)
parsed, err := strconv.ParseInt(input, 10, 16) // $ Source
if err != nil {
panic(err)
}
_ = byte(parsed) // $ hasValueFlow="parsed"
_ = byte(parsed) // $ Alert
_ = byte(parsed << 8)
}
}
func testPathWithMoreThanOneSink(input string) {
{
parsed, err := strconv.ParseInt(input, 10, 32)
parsed, err := strconv.ParseInt(input, 10, 32) // $ Source
if err != nil {
panic(err)
}
v1 := int16(parsed) // $ hasValueFlow="parsed"
v1 := int16(parsed) // $ Alert
_ = int16(v1)
}
{
parsed, err := strconv.ParseInt(input, 10, 32)
parsed, err := strconv.ParseInt(input, 10, 32) // $ Source
if err != nil {
panic(err)
}
v := int16(parsed) // $ hasValueFlow="parsed"
v := int16(parsed) // $ Alert
_ = int8(v)
}
{
parsed, err := strconv.ParseInt(input, 10, 32)
parsed, err := strconv.ParseInt(input, 10, 32) // $ Source
if err != nil {
panic(err)
}
v1 := int32(parsed)
v2 := int16(v1) // $ hasValueFlow="v1"
v2 := int16(v1) // $ Alert
_ = int8(v2)
}
{
parsed, err := strconv.ParseInt(input, 10, 16)
parsed, err := strconv.ParseInt(input, 10, 16) // $ Source
if err != nil {
panic(err)
}
v1 := int64(parsed)
v2 := int32(v1)
v3 := int16(v2)
_ = int8(v3) // $ hasValueFlow="v3"
_ = int8(v3) // $ Alert
}
}
func testUsingStrConvIntSize(input string) {
parsed, err := strconv.ParseInt(input, 10, strconv.IntSize)
parsed, err := strconv.ParseInt(input, 10, strconv.IntSize) // $ Source
if err != nil {
panic(err)
}
_ = int8(parsed) // $ hasValueFlow="parsed"
_ = uint8(parsed) // $ hasValueFlow="parsed"
_ = int16(parsed) // $ hasValueFlow="parsed"
_ = uint16(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = uint32(parsed) // $ hasValueFlow="parsed"
_ = int8(parsed) // $ Alert
_ = uint8(parsed) // $ Alert
_ = int16(parsed) // $ Alert
_ = uint16(parsed) // $ Alert
_ = int32(parsed) // $ Alert
_ = uint32(parsed) // $ Alert
_ = int64(parsed)
_ = uint64(parsed)
_ = int(parsed)
@@ -490,7 +490,7 @@ func dealWithArchSizeCorrectly(s string) uint {
}
func typeSwitch1(s string) {
i64, _ := strconv.ParseInt(s, 10, 64)
i64, _ := strconv.ParseInt(s, 10, 64) // $ Source
var input any = i64
switch v := input.(type) {
case int16, string:
@@ -498,19 +498,19 @@ func typeSwitch1(s string) {
return
}
_ = int16(v.(int16))
_ = int8(v.(int16)) // $ hasValueFlow="type assertion"
_ = int8(v.(int16)) // $ Alert
case int32:
_ = int32(v)
_ = int8(v) // $ hasValueFlow="v"
_ = int8(v) // $ Alert
case int64:
_ = int8(v) // $ hasValueFlow="v"
_ = int8(v) // $ Alert
default:
_ = int8(v.(int64)) // $ hasValueFlow="type assertion"
_ = int8(v.(int64)) // $ Alert
}
}
func typeSwitch2(s string) {
i64, _ := strconv.ParseInt(s, 10, 64)
i64, _ := strconv.ParseInt(s, 10, 64) // $ Source
var input any = i64
switch input.(type) {
case int16, string:
@@ -518,25 +518,25 @@ func typeSwitch2(s string) {
return
}
_ = int16(input.(int16))
_ = int8(input.(int16)) // $ hasValueFlow="type assertion"
_ = int8(input.(int16)) // $ Alert
case int32:
_ = int32(input.(int32))
_ = int8(input.(int32)) // $ hasValueFlow="type assertion"
_ = int8(input.(int32)) // $ Alert
case int64:
_ = int8(input.(int64)) // $ hasValueFlow="type assertion"
_ = int8(input.(int64)) // $ Alert
default:
_ = int8(input.(int64)) // $ hasValueFlow="type assertion"
_ = int8(input.(int64)) // $ Alert
}
}
func checkedTypeAssertion(s string) {
i64, _ := strconv.ParseInt(s, 10, 64)
i64, _ := strconv.ParseInt(s, 10, 64) // $ Source
var input any = i64
if v, ok := input.(int16); ok {
// Need to account for the fact that within this case clause, v is an int16
_ = int16(v)
_ = int8(v) // $ hasValueFlow="v"
_ = int8(v) // $ Alert
} else if v, ok := input.(int32); ok {
_ = int16(v) // $ hasValueFlow="v"
_ = int16(v) // $ Alert
}
}

20
go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.ql
View File

@@ -1,20 +0,0 @@
import go
import semmle.go.dataflow.ExternalFlow
import ModelValidation
import utils.test.InlineExpectationsTest
import semmle.go.security.IncorrectIntegerConversionLib
module TestIncorrectIntegerConversion implements TestSig {
string getARelevantTag() { result = "hasValueFlow" }
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "hasValueFlow" and
exists(DataFlow::Node sink | Flow::flowTo(sink) |
sink.getLocation() = location and
element = sink.toString() and
value = "\"" + sink.toString() + "\""
)
}
}
import MakeTest<TestIncorrectIntegerConversion>

5
go/ql/test/query-tests/Security/CWE-681/IncorrectIntegerConversion.qlref Normal file
View File

@@ -0,0 +1,5 @@
query: Security/CWE-681/IncorrectIntegerConversionQuery.ql
postprocess:
- utils/test/PrettyPrintModels.ql
- utils/test/InlineExpectationsTestQuery.ql
- ./FilterTestResults.ql

4
go/ql/test/query-tests/Security/CWE-681/Test32BitArchitectureBuildConstraintInFileName_386.go
View File

@@ -16,11 +16,11 @@ func testIntSource386() {
_ = uint32(parsed)
}
{
parsed, err := strconv.ParseUint("3456", 10, 0)
parsed, err := strconv.ParseUint("3456", 10, 0) // $ Source
if err != nil {
panic(err)
}
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ Alert
_ = uint32(parsed)
}
{

4
go/ql/test/query-tests/Security/CWE-681/Test32BitArchitectureBuildConstraints.go
View File

@@ -19,11 +19,11 @@ func testIntSource32() {
_ = uint32(parsed)
}
{
parsed, err := strconv.ParseUint("3456", 10, 0)
parsed, err := strconv.ParseUint("3456", 10, 0) // $ Source
if err != nil {
panic(err)
}
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ Alert
_ = uint32(parsed)
}
{

4
go/ql/test/query-tests/Security/CWE-681/Test64BitArchitectureBuildConstraintInFileName_amd64.go
View File

@@ -16,11 +16,11 @@ func testIntSinkAmd64() {
_ = uint(parsed)
}
{
parsed, err := strconv.ParseUint("3456", 10, 64)
parsed, err := strconv.ParseUint("3456", 10, 64) // $ Source
if err != nil {
panic(err)
}
_ = int(parsed) // $ hasValueFlow="parsed"
_ = int(parsed) // $ Alert
_ = uint(parsed)
}
}

4
go/ql/test/query-tests/Security/CWE-681/Test64BitArchitectureBuildConstraints.go
View File

@@ -19,11 +19,11 @@ func testIntSink64() {
_ = uint(parsed)
}
{
parsed, err := strconv.ParseUint("3456", 10, 64)
parsed, err := strconv.ParseUint("3456", 10, 64) // $ Source
if err != nil {
panic(err)
}
_ = int(parsed) // $ hasValueFlow="parsed"
_ = int(parsed) // $ Alert
_ = uint(parsed)
}
}

12
go/ql/test/query-tests/Security/CWE-681/TestNoArchitectureBuildConstraints.go
View File

@@ -9,19 +9,19 @@ import (
func testIntSizeIsArchicturallyDependent1() {
{
parsed, err := strconv.ParseInt("3456", 10, 0)
parsed, err := strconv.ParseInt("3456", 10, 0) // $ Source
if err != nil {
panic(err)
}
_ = int32(parsed) // $ hasValueFlow="parsed"
_ = uint32(parsed) // $ hasValueFlow="parsed"
_ = int32(parsed) // $ Alert
_ = uint32(parsed) // $ Alert
}
{
parsed, err := strconv.ParseInt("3456", 10, 64)
parsed, err := strconv.ParseInt("3456", 10, 64) // $ Source
if err != nil {
panic(err)
}
_ = int(parsed) // $ hasValueFlow="parsed"
_ = uint(parsed) // $ hasValueFlow="parsed"
_ = int(parsed) // $ Alert
_ = uint(parsed) // $ Alert
}
}

4
go/ql/test/query-tests/Security/CWE-681/TestOldBuildConstraints.go
View File

@@ -20,11 +20,11 @@ func oldTestIntSink64() {
_ = uint(parsed)
}
{
parsed, err := strconv.ParseUint("3456", 10, 64)
parsed, err := strconv.ParseUint("3456", 10, 64) // $ Source
if err != nil {
panic(err)
}
_ = int(parsed) // $ hasValueFlow="parsed"
_ = int(parsed) // $ Alert
_ = uint(parsed)
}
}

24
go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSize.expected
View File

@@ -1,2 +1,22 @@
invalidModelRow
testFailures
#select
| UncontrolledAllocationSizeBad.go:20:27:20:30 | sink | UncontrolledAllocationSizeBad.go:11:12:11:16 | selection of URL | UncontrolledAllocationSizeBad.go:20:27:20:30 | sink | This memory allocation depends on a $@. | UncontrolledAllocationSizeBad.go:11:12:11:16 | selection of URL | user-provided value |
edges
| UncontrolledAllocationSizeBad.go:11:12:11:16 | selection of URL | UncontrolledAllocationSizeBad.go:11:12:11:24 | call to Query | provenance | Src:MaD:1 MaD:2 |
| UncontrolledAllocationSizeBad.go:11:12:11:24 | call to Query | UncontrolledAllocationSizeBad.go:13:15:13:20 | source | provenance | |
| UncontrolledAllocationSizeBad.go:13:15:13:20 | source | UncontrolledAllocationSizeBad.go:13:15:13:29 | call to Get | provenance | MaD:3 |
| UncontrolledAllocationSizeBad.go:13:15:13:29 | call to Get | UncontrolledAllocationSizeBad.go:14:28:14:36 | sourceStr | provenance | |
| UncontrolledAllocationSizeBad.go:14:2:14:37 | ... := ...[0] | UncontrolledAllocationSizeBad.go:20:27:20:30 | sink | provenance | |
| UncontrolledAllocationSizeBad.go:14:28:14:36 | sourceStr | UncontrolledAllocationSizeBad.go:14:2:14:37 | ... := ...[0] | provenance | Config |
models
| 1 | Source: net/http; Request; true; URL; ; ; ; remote; manual |
| 2 | Summary: net/url; URL; true; Query; ; ; Argument[receiver]; ReturnValue; taint; manual |
| 3 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
nodes
| UncontrolledAllocationSizeBad.go:11:12:11:16 | selection of URL | semmle.label | selection of URL |
| UncontrolledAllocationSizeBad.go:11:12:11:24 | call to Query | semmle.label | call to Query |
| UncontrolledAllocationSizeBad.go:13:15:13:20 | source | semmle.label | source |
| UncontrolledAllocationSizeBad.go:13:15:13:29 | call to Get | semmle.label | call to Get |
| UncontrolledAllocationSizeBad.go:14:2:14:37 | ... := ...[0] | semmle.label | ... := ...[0] |
| UncontrolledAllocationSizeBad.go:14:28:14:36 | sourceStr | semmle.label | sourceStr |
| UncontrolledAllocationSizeBad.go:20:27:20:30 | sink | semmle.label | sink |
subpaths

6
go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSize.ql
View File

@@ -1,6 +0,0 @@
import go
import semmle.go.dataflow.ExternalFlow
import ModelValidation
import semmle.go.security.UncontrolledAllocationSize
import utils.test.InlineFlowTest
import FlowTest<UncontrolledAllocationSize::Config, UncontrolledAllocationSize::Config>

4
go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSize.qlref Normal file
View File

@@ -0,0 +1,4 @@
query: Security/CWE-770/UncontrolledAllocationSize.ql
postprocess:
- utils/test/PrettyPrintModels.ql
- utils/test/InlineExpectationsTestQuery.ql

4
go/ql/test/query-tests/Security/CWE-770/UncontrolledAllocationSizeBad.go
View File

@@ -8,7 +8,7 @@ import (
)
func OutOfMemoryBad(w http.ResponseWriter, r *http.Request) {
source := r.URL.Query()
source := r.URL.Query() // $ Source
sourceStr := source.Get("n")
sink, err := strconv.Atoi(sourceStr)
@@ -17,7 +17,7 @@ func OutOfMemoryBad(w http.ResponseWriter, r *http.Request) {
return
}
result := make([]string, sink) // $hasTaintFlow="sink"
result := make([]string, sink) // $ Alert
for i := 0; i < sink; i++ {
result[i] = fmt.Sprintf("Item %d", i+1)
}