hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-22 23:35:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add failing tests for ClearSanitizer

Browse Source
This commit is contained in:
Owen Mansel-Chan
2024-07-08 16:05:04 +01:00
parent 0421ceff93
commit eec2aa82a6
2 changed files with 41 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/Builtin.go
View File

@@ -8,9 +8,38 @@ func clearTestBad(sourceReq *http.Request) string {
return string(b)
}
func clearTestBad2(sourceReq *http.Request, x bool) string {
b := make([]byte, 8)
sourceReq.Body.Read(b)
if x {
clear(b)
}
return string(b)
}
func clearTestBad3(sourceReq *http.Request, x bool) string {
b := make([]byte, 8)
sourceReq.Body.Read(b)
if x {
return string(b)
}
clear(b)
return string(b)
}
func clearTestGood(sourceReq *http.Request) string {
b := make([]byte, 8)
sourceReq.Body.Read(b)
clear(b) // should prevent taint flow
return string(b)
}
func clearTestGood2(sourceReq *http.Request, x bool) string {
b := make([]byte, 8)
sourceReq.Body.Read(b)
clear(b) // should prevent taint flow
if x {
return string(b)
}
return ""
}

12
go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected
View File

@@ -1,10 +1,22 @@
edges
| Builtin.go:6:2:6:2 | definition of b | Builtin.go:8:9:8:17 | type conversion | provenance | |
| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | MaD:626 |
| Builtin.go:12:2:12:2 | definition of b | Builtin.go:17:9:17:17 | type conversion | provenance | |
| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:12:2:12:2 | definition of b | provenance | MaD:626 |
| Builtin.go:21:2:21:2 | definition of b | Builtin.go:24:10:24:18 | type conversion | provenance | |
| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:21:2:21:2 | definition of b | provenance | MaD:626 |
nodes
| Builtin.go:6:2:6:2 | definition of b | semmle.label | definition of b |
| Builtin.go:7:2:7:15 | selection of Body | semmle.label | selection of Body |
| Builtin.go:8:9:8:17 | type conversion | semmle.label | type conversion |
| Builtin.go:12:2:12:2 | definition of b | semmle.label | definition of b |
| Builtin.go:13:2:13:15 | selection of Body | semmle.label | selection of Body |
| Builtin.go:17:9:17:17 | type conversion | semmle.label | type conversion |
| Builtin.go:21:2:21:2 | definition of b | semmle.label | definition of b |
| Builtin.go:22:2:22:15 | selection of Body | semmle.label | selection of Body |
| Builtin.go:24:10:24:18 | type conversion | semmle.label | type conversion |
subpaths
#select
| Builtin.go:8:9:8:17 | type conversion | Builtin.go:7:2:7:15 | selection of Body | Builtin.go:8:9:8:17 | type conversion | Found taint flow |
| Builtin.go:17:9:17:17 | type conversion | Builtin.go:13:2:13:15 | selection of Body | Builtin.go:17:9:17:17 | type conversion | Found taint flow |
| Builtin.go:24:10:24:18 | type conversion | Builtin.go:22:2:22:15 | selection of Body | Builtin.go:24:10:24:18 | type conversion | Found taint flow |