hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix linter warnings in Request Forgery tests

Browse Source
This commit is contained in:
Owen Mansel-Chan
2025-07-04 16:55:09 +01:00
parent afc78ced50
commit d10b9e665c
2 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected
View File

@@ -14,8 +14,8 @@
| websocket.go:129:3:129:62 | call to DialContext | websocket.go:126:21:126:31 | call to Referer | websocket.go:129:38:129:51 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:129:38:129:51 | untrustedInput | WebSocket URL | websocket.go:126:21:126:31 | call to Referer | user-provided value |
| websocket.go:155:3:155:45 | call to Dial | websocket.go:154:21:154:31 | call to Referer | websocket.go:155:31:155:44 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:155:31:155:44 | untrustedInput | WebSocket URL | websocket.go:154:21:154:31 | call to Referer | user-provided value |
| websocket.go:162:3:162:45 | call to Dial | websocket.go:160:21:160:31 | call to Referer | websocket.go:162:31:162:44 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:162:31:162:44 | untrustedInput | WebSocket URL | websocket.go:160:21:160:31 | call to Referer | user-provided value |
| websocket.go:197:3:197:32 | call to BuildProxy | websocket.go:195:21:195:31 | call to Referer | websocket.go:197:18:197:31 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:197:18:197:31 | untrustedInput | WebSocket URL | websocket.go:195:21:195:31 | call to Referer | user-provided value |
| websocket.go:204:3:204:25 | call to New | websocket.go:202:21:202:31 | call to Referer | websocket.go:204:11:204:24 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:204:11:204:24 | untrustedInput | WebSocket URL | websocket.go:202:21:202:31 | call to Referer | user-provided value |
| websocket.go:197:7:197:36 | call to BuildProxy | websocket.go:195:21:195:31 | call to Referer | websocket.go:197:22:197:35 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:197:22:197:35 | untrustedInput | WebSocket URL | websocket.go:195:21:195:31 | call to Referer | user-provided value |
| websocket.go:204:7:204:29 | call to New | websocket.go:202:21:202:31 | call to Referer | websocket.go:204:15:204:28 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:204:15:204:28 | untrustedInput | WebSocket URL | websocket.go:202:21:202:31 | call to Referer | user-provided value |
edges
| RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | provenance | Src:MaD:1 |
| tst.go:10:13:10:35 | call to FormValue | tst.go:14:11:14:17 | tainted | provenance | Src:MaD:1 |
@@ -42,8 +42,8 @@ edges
| websocket.go:126:21:126:31 | call to Referer | websocket.go:129:38:129:51 | untrustedInput | provenance | Src:MaD:2 |
| websocket.go:154:21:154:31 | call to Referer | websocket.go:155:31:155:44 | untrustedInput | provenance | Src:MaD:2 |
| websocket.go:160:21:160:31 | call to Referer | websocket.go:162:31:162:44 | untrustedInput | provenance | Src:MaD:2 |
| websocket.go:195:21:195:31 | call to Referer | websocket.go:197:18:197:31 | untrustedInput | provenance | Src:MaD:2 |
| websocket.go:202:21:202:31 | call to Referer | websocket.go:204:11:204:24 | untrustedInput | provenance | Src:MaD:2 |
| websocket.go:195:21:195:31 | call to Referer | websocket.go:197:22:197:35 | untrustedInput | provenance | Src:MaD:2 |
| websocket.go:202:21:202:31 | call to Referer | websocket.go:204:15:204:28 | untrustedInput | provenance | Src:MaD:2 |
models
| 1 | Source: net/http; Request; true; FormValue; ; ; ReturnValue; remote; manual |
| 2 | Source: net/http; Request; true; Referer; ; ; ReturnValue; remote; manual |
@@ -80,7 +80,7 @@ nodes
| websocket.go:160:21:160:31 | call to Referer | semmle.label | call to Referer |
| websocket.go:162:31:162:44 | untrustedInput | semmle.label | untrustedInput |
| websocket.go:195:21:195:31 | call to Referer | semmle.label | call to Referer |
| websocket.go:197:18:197:31 | untrustedInput | semmle.label | untrustedInput |
| websocket.go:197:22:197:35 | untrustedInput | semmle.label | untrustedInput |
| websocket.go:202:21:202:31 | call to Referer | semmle.label | call to Referer |
| websocket.go:204:11:204:24 | untrustedInput | semmle.label | untrustedInput |
| websocket.go:204:15:204:28 | untrustedInput | semmle.label | untrustedInput |
subpaths

14
go/ql/test/query-tests/Security/CWE-918/websocket.go
View File

@@ -166,7 +166,7 @@ func test() {
http.HandleFunc("/ex12", func(w http.ResponseWriter, r *http.Request) {
untrustedInput := r.Referer()
if "localhost" == untrustedInput {
if untrustedInput == "localhost" {
dialer := gobwas.Dialer{}
dialer.Dial(context.TODO(), untrustedInput)
}
@@ -176,8 +176,8 @@ func test() {
http.HandleFunc("/ex13", func(w http.ResponseWriter, r *http.Request) {
untrustedInput := r.Referer()
if "localhost" == untrustedInput {
sac.New(untrustedInput)
if untrustedInput == "localhost" {
_ = sac.New(untrustedInput)
}
})
@@ -185,8 +185,8 @@ func test() {
http.HandleFunc("/ex14", func(w http.ResponseWriter, r *http.Request) {
untrustedInput := r.Referer()
if "localhost" == untrustedInput {
sac.BuildProxy(untrustedInput)
if untrustedInput == "localhost" {
_ = sac.BuildProxy(untrustedInput)
}
})
@@ -194,14 +194,14 @@ func test() {
http.HandleFunc("/ex15", func(w http.ResponseWriter, r *http.Request) {
untrustedInput := r.Referer()
sac.BuildProxy(untrustedInput)
_ = sac.BuildProxy(untrustedInput)
})
// sac007 websocket New bad
http.HandleFunc("/ex16", func(w http.ResponseWriter, r *http.Request) {
untrustedInput := r.Referer()
sac.New(untrustedInput)
_ = sac.New(untrustedInput)
})
log.Println(http.ListenAndServe(":80", nil))