Order DB, NamedStmt, Stmt, Tx in tests

2026-04-25 16:55:19 +02:00 · 2025-01-07 20:59:17 -05:00
parent 4ed0f7fc40
commit e7f99cdfb7
1 changed files with 112 additions and 112 deletions
--- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_jmoiron_sqlx.go
+++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_jmoiron_sqlx.go
@@ -102,6 +102,118 @@ func test_sqlx_DB(db *sqlx.DB) {
 	db.Select(&user5, "SELECT * FROM users WHERE id = 1") // $ source
 }

+func test_sqlx_NamedStmt(stmt *sqlx.NamedStmt) {
+	example, err := stmt.Query("SELECT * FROM users") // $ source
+	ignore(example, err)
+
+	rows, err := stmt.Queryx("SELECT * FROM users") // $ source
+
+	if err != nil {
+		return
+	}
+
+	defer rows.Close()
+
+	for rows.Next() {
+		var id int
+		var name string
+		err = rows.Scan(&id, &name)
+
+		if err != nil {
+			return
+		}
+
+		sink(id, name) // $ hasTaintFlow="id" hasTaintFlow="name"
+
+		valmap := make(map[string]interface{})
+		rows.MapScan(valmap)
+
+		id = valmap["id"].(int)
+		sink(id) // $ hasTaintFlow="id"
+
+		var user User
+		rows.StructScan(&user)
+		sink(user) // $ hasTaintFlow="user"
+	}
+
+	row := stmt.QueryRowx("SELECT * FROM users WHERE id = 1") // $ source
+
+	userMap := make(map[string]interface{})
+	row.MapScan(userMap)
+
+	id := userMap["id"].(int)
+	sink(id) // $ hasTaintFlow="id"
+
+	var user User
+	row.StructScan(&user)
+	sink(user) // $ hasTaintFlow="user"
+
+	var user2 User
+	stmt.Get(&user2, "SELECT * FROM users WHERE id = 1") // $ source
+
+	var user3 User
+	stmt.GetContext(nil, &user3, "SELECT * FROM users WHERE id = 1") // $ source
+
+	var user4 User
+	stmt.Select(&user4, "SELECT * FROM users WHERE id = 1") // $ source
+}
+
+func test_sqlx_Stmt(stmt *sqlx.Stmt) {
+	example, err := stmt.Query("SELECT * FROM users") // $ source
+	ignore(example, err)
+
+	rows, err := stmt.Queryx("SELECT * FROM users") // $ source
+
+	if err != nil {
+		return
+	}
+
+	defer rows.Close()
+
+	for rows.Next() {
+		var id int
+		var name string
+		err = rows.Scan(&id, &name)
+
+		if err != nil {
+			return
+		}
+
+		sink(id, name) // $ hasTaintFlow="id" hasTaintFlow="name"
+
+		valmap := make(map[string]interface{})
+		rows.MapScan(valmap)
+
+		id = valmap["id"].(int)
+		sink(id) // $ hasTaintFlow="id"
+
+		var user User
+		rows.StructScan(&user)
+		sink(user) // $ hasTaintFlow="user"
+	}
+
+	row := stmt.QueryRowx("SELECT * FROM users WHERE id = 1") // $ source
+
+	userMap := make(map[string]interface{})
+	row.MapScan(userMap)
+
+	id := userMap["id"].(int)
+	sink(id) // $ hasTaintFlow="id"
+
+	var user User
+	row.StructScan(&user)
+	sink(user) // $ hasTaintFlow="user"
+
+	var user2 User
+	stmt.Get(&user2, "SELECT * FROM users WHERE id = 1") // $ source
+
+	var user3 User
+	stmt.GetContext(nil, &user3, "SELECT * FROM users WHERE id = 1") // $ source
+
+	var user4 User
+	stmt.Select(&user4, "SELECT * FROM users WHERE id = 1") // $ source
+}
+
 func test_sqlx_Tx(tx *sqlx.Tx) {
 	example, err := tx.Query("SELECT * FROM users") // $ source
 	ignore(example, err)
@@ -163,115 +275,3 @@ func test_sqlx_Tx(tx *sqlx.Tx) {
 	var user5 User
 	tx.Select(&user5, "SELECT * FROM users WHERE id = 1") // $ source
 }
-
-func test_sqlx_Stmt(stmt *sqlx.Stmt) {
-	example, err := stmt.Query("SELECT * FROM users") // $ source
-	ignore(example, err)
-
-	rows, err := stmt.Queryx("SELECT * FROM users") // $ source
-
-	if err != nil {
-		return
-	}
-
-	defer rows.Close()
-
-	for rows.Next() {
-		var id int
-		var name string
-		err = rows.Scan(&id, &name)
-
-		if err != nil {
-			return
-		}
-
-		sink(id, name) // $ hasTaintFlow="id" hasTaintFlow="name"
-
-		valmap := make(map[string]interface{})
-		rows.MapScan(valmap)
-
-		id = valmap["id"].(int)
-		sink(id) // $ hasTaintFlow="id"
-
-		var user User
-		rows.StructScan(&user)
-		sink(user) // $ hasTaintFlow="user"
-	}
-
-	row := stmt.QueryRowx("SELECT * FROM users WHERE id = 1") // $ source
-
-	userMap := make(map[string]interface{})
-	row.MapScan(userMap)
-
-	id := userMap["id"].(int)
-	sink(id) // $ hasTaintFlow="id"
-
-	var user User
-	row.StructScan(&user)
-	sink(user) // $ hasTaintFlow="user"
-
-	var user2 User
-	stmt.Get(&user2, "SELECT * FROM users WHERE id = 1") // $ source
-
-	var user3 User
-	stmt.GetContext(nil, &user3, "SELECT * FROM users WHERE id = 1") // $ source
-
-	var user4 User
-	stmt.Select(&user4, "SELECT * FROM users WHERE id = 1") // $ source
-}
-
-func test_sqlx_NamedStmt(stmt *sqlx.NamedStmt) {
-	example, err := stmt.Query("SELECT * FROM users") // $ source
-	ignore(example, err)
-
-	rows, err := stmt.Queryx("SELECT * FROM users") // $ source
-
-	if err != nil {
-		return
-	}
-
-	defer rows.Close()
-
-	for rows.Next() {
-		var id int
-		var name string
-		err = rows.Scan(&id, &name)
-
-		if err != nil {
-			return
-		}
-
-		sink(id, name) // $ hasTaintFlow="id" hasTaintFlow="name"
-
-		valmap := make(map[string]interface{})
-		rows.MapScan(valmap)
-
-		id = valmap["id"].(int)
-		sink(id) // $ hasTaintFlow="id"
-
-		var user User
-		rows.StructScan(&user)
-		sink(user) // $ hasTaintFlow="user"
-	}
-
-	row := stmt.QueryRowx("SELECT * FROM users WHERE id = 1") // $ source
-
-	userMap := make(map[string]interface{})
-	row.MapScan(userMap)
-
-	id := userMap["id"].(int)
-	sink(id) // $ hasTaintFlow="id"
-
-	var user User
-	row.StructScan(&user)
-	sink(user) // $ hasTaintFlow="user"
-
-	var user2 User
-	stmt.Get(&user2, "SELECT * FROM users WHERE id = 1") // $ source
-
-	var user3 User
-	stmt.GetContext(nil, &user3, "SELECT * FROM users WHERE id = 1") // $ source
-
-	var user4 User
-	stmt.Select(&user4, "SELECT * FROM users WHERE id = 1") // $ source
-}