From e940a53cc67502a3b90fc4e0941126bd2e6b3a4b Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Fri, 3 Dec 2021 06:55:10 -0500
Subject: [PATCH] Test models of flow through fields

---
 .../go/dataflow/ExternalFlow/completetest.ql      |  2 ++
 .../semmle/go/dataflow/ExternalFlow/test.go       | 15 ++++++++++++++-
 .../vendor/github.com/nonexistent/test/stub.go    |  7 +++++++
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/completetest.ql b/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/completetest.ql
index 289c43f78a3..3f38555c23d 100644
--- a/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/completetest.ql
+++ b/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/completetest.ql
@@ -32,6 +32,8 @@ class SummaryModelTest extends SummaryModelCsv {
         "github.com/nonexistent/test;;false;GetElement;;;Element of Argument[0];ReturnValue;value",
         "github.com/nonexistent/test;;false;GetMapKey;;;MapKey of Argument[0];ReturnValue;value",
         "github.com/nonexistent/test;;false;SetElement;;;Argument[0];Element of ReturnValue;value",
+        "github.com/nonexistent/test;C;false;Get;;;Field[github.com/nonexistent/test.C.F] of Argument[-1];ReturnValue;value",
+        "github.com/nonexistent/test;C;false;Set;;;Argument[0];Field[github.com/nonexistent/test.C.F] of Argument[-1];value",
       ]
   }
 }
diff --git a/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/test.go b/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/test.go
index 16833538175..5465efc9911 100644
--- a/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/test.go
+++ b/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/test.go
@@ -123,7 +123,20 @@ func simpleflow() {
 	b.Sink1(slice[0]) // $ hasTaintFlow="index expression"
 
 	ch := make(chan string)
-	ch <- a.Src1()
+	ch <- a.Src1().(string)
 	taint16 := test.StepArgCollectionContentRes(ch)
 	b.Sink1(taint16) // $ MISSING: hasTaintFlow="taint16" // currently fails due to lack of post-update nodes after send statements
+
+	c1 := test.C{""}
+	c1.Set(a.Src1().(string))
+	b.Sink1(c1.F) // $ hasTaintFlow="selection of F"
+
+	c2 := test.C{a.Src1().(string)}
+	b.Sink1(c2.Get()) // $ hasTaintFlow="call to Get"
+
+	c3 := test.C{""}
+	c3.Set(a.Src1().(string))
+	b.Sink1(c3.Get()) // $ MISSING: hasTaintFlow="call to Get"
+	c4 := c3
+	b.Sink1(c4.Get()) // $ hasTaintFlow="call to Get"
 }
diff --git a/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/vendor/github.com/nonexistent/test/stub.go b/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/vendor/github.com/nonexistent/test/stub.go
index d2fab77c265..185dd206371 100644
--- a/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/vendor/github.com/nonexistent/test/stub.go
+++ b/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/vendor/github.com/nonexistent/test/stub.go
@@ -59,3 +59,10 @@ type B interface {
 	Sink1(arg interface{})
 	SinkMethod() interface{}
 }
+
+type C struct {
+	F string
+}
+
+func (c C) Set(f string) {}
+func (c C) Get() string  { return "" }