hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add failing tests for MaD with pointer content

Browse Source
This commit is contained in:
Owen Mansel-Chan
2023-06-14 14:14:37 +01:00
parent f737054216
commit d071b463a3
3 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/completetest.ext.yml
View File

@@ -22,7 +22,9 @@ extensions:
- ["github.com/nonexistent/test", "", False, "GetMapKey", "", "", "Argument[0].MapKey", "ReturnValue", "value", "manual"]
- ["github.com/nonexistent/test", "", False, "SetElement", "", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
- ["github.com/nonexistent/test", "C", False, "Get", "", "", "Argument[-1].Field[github.com/nonexistent/test.C.F]", "ReturnValue", "value", "manual"]
- ["github.com/nonexistent/test", "C", False, "GetThroughPointer", "", "", "Argument[-1].Field[github.com/nonexistent/test.C.F]", "ReturnValue", "value", "manual"]
- ["github.com/nonexistent/test", "C", False, "Set", "", "", "Argument[0]", "Argument[-1].Field[github.com/nonexistent/test.C.F]", "value", "manual"]
- ["github.com/nonexistent/test", "C", False, "SetThroughPointer", "", "", "Argument[0]", "Argument[-1].Field[github.com/nonexistent/test.C.F]", "value", "manual"]
- addsTo:
pack: codeql/go-all

16
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/test.go
View File

@@ -141,6 +141,22 @@ func simpleflow() {
c4.Set("")
b.Sink1(c4.Get()) // $ SPURIOUS: hasTaintFlow="call to Get" // because we currently don't clear content
cp1 := &test.C{""}
cp1.SetThroughPointer(a.Src1().(string))
b.Sink1(cp1.F) // $ MISSING: hasTaintFlow="selection of F"
cp2 := &test.C{a.Src1().(string)}
b.Sink1(cp2.GetThroughPointer()) // $ MISSING: hasTaintFlow="call to GetThroughPointer"
cp3 := &test.C{""}
cp3.SetThroughPointer(a.Src1().(string))
b.Sink1(cp3.GetThroughPointer()) // $ hasTaintFlow="call to GetThroughPointer"
cp4 := &test.C{""}
cp4.SetThroughPointer(a.Src1().(string))
cp4.SetThroughPointer("")
b.Sink1(cp4.GetThroughPointer()) // $ SPURIOUS: hasTaintFlow="call to GetThroughPointer" // because we currently don't clear content
arg1 := src
arg2 := src
arg3 := src

3
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/vendor/github.com/nonexistent/test/stub.go generated vendored
View File

@@ -67,3 +67,6 @@ type C struct {
func (c C) Set(f string) {}
func (c C) Get() string { return "" }
func (c *C) SetThroughPointer(f string) {}
func (c *C) GetThroughPointer() string { return "" }