Make all lines in logging tests reachable

2026-06-06 05:57:07 +02:00 · 2026-06-03 14:29:10 +01:00
parent d7ff3ff472
commit f84e8b0fbc
3 changed files with 68 additions and 32 deletions
--- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/logrus.go
+++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/logrus.go
@@ -13,7 +13,7 @@ func logSomething(entry *logrus.Entry) {
 	entry.Traceln(text) // $ logger=text
 }

-func logrusCalls() {
+func logrusCalls(selector int) {
 	err := errors.New("Error")
 	var fields logrus.Fields = nil
 	var fn logrus.LogFunction = nil
@@ -27,11 +27,15 @@ func logrusCalls() {
 	tmp = logrus.WithFields(fields) // $ logger=fields
 	logSomething(tmp)

-	logrus.Error(text)       // $ logger=text
-	logrus.Fatalf(fmt, text) // $ logger=fmt logger=text
-	logrus.Panicln(text)     // $ logger=text
-	logrus.Infof(fmt, text)  // $ logger=fmt logger=text
-	logrus.FatalFn(fn)       // $ logger=fn
+	logrus.Error(text)      // $ logger=text
+	logrus.Infof(fmt, text) // $ logger=fmt logger=text
+	if selector == 0 {
+		logrus.Fatalf(fmt, text) // $ logger=fmt logger=text
+	} else if selector == 1 {
+		logrus.Panicln(text) // $ logger=text
+	} else if selector == 2 {
+		logrus.FatalFn(fn) // $ logger=fn
+	}

 	// components corresponding to the format specifier "%T" are not considered vulnerable
 	logrus.Infof("%s: found type %T", text, v)  // $ logger="%s: found type %T" logger=text type-logger=v
--- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/main.go
+++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/main.go
@@ -7,5 +7,5 @@ var v []byte

 func main() {
 	glogTest(len(v))
-	stdlib()
+	stdlib(len(v))
 }
--- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/stdlib.go
+++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/stdlib.go
@@ -4,37 +4,69 @@ import (
 	"log"
 )

-func stdlib() {
+func stdlib(selector int) {
 	var logger log.Logger
 	logger.SetPrefix("prefix: ")
-	logger.Fatal(text)       // $ logger=text
-	logger.Fatalf(fmt, text) // $ logger=fmt logger=text
-	logger.Fatalln(text)     // $ logger=text
-	logger.Panic(text)       // $ logger=text
-	logger.Panicf(fmt, text) // $ logger=fmt logger=text
-	logger.Panicln(text)     // $ logger=text
-	logger.Print(text)       // $ logger=text
-	logger.Printf(fmt, text) // $ logger=fmt logger=text
-	logger.Println(text)     // $ logger=text
+	switch selector {
+	case 0:
+		logger.Fatal(text) // $ logger=text
+	case 1:
+		logger.Fatalf(fmt, text) // $ logger=fmt logger=text
+	case 2:
+		logger.Fatalln(text) // $ logger=text
+	case 3:
+		logger.Panic(text) // $ logger=text
+	case 4:
+		logger.Panicf(fmt, text) // $ logger=fmt logger=text
+	case 5:
+		logger.Panicln(text) // $ logger=text
+	case 6:
+		logger.Print(text) // $ logger=text
+	case 7:
+		logger.Printf(fmt, text) // $ logger=fmt logger=text
+	case 8:
+		logger.Println(text) // $ logger=text
+	}

 	// components corresponding to the format specifier "%T" are not considered vulnerable
-	logger.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	logger.Panicf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	logger.Printf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
+	switch selector {
+	case 9:
+		logger.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
+	case 10:
+		logger.Panicf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
+	case 11:
+		logger.Printf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
+	}

 	log.SetPrefix("prefix: ")
-	log.Fatal(text)       // $ logger=text
-	log.Fatalf(fmt, text) // $ logger=fmt logger=text
-	log.Fatalln(text)     // $ logger=text
-	log.Panic(text)       // $ logger=text
-	log.Panicf(fmt, text) // $ logger=fmt logger=text
-	log.Panicln(text)     // $ logger=text
-	log.Print(text)       // $ logger=text
-	log.Printf(fmt, text) // $ logger=fmt logger=text
-	log.Println(text)     // $ logger=text
+	switch selector {
+	case 12:
+		log.Fatal(text) // $ logger=text
+	case 13:
+		log.Fatalf(fmt, text) // $ logger=fmt logger=text
+	case 14:
+		log.Fatalln(text) // $ logger=text
+	case 15:
+		log.Panic(text) // $ logger=text
+	case 16:
+		log.Panicf(fmt, text) // $ logger=fmt logger=text
+	case 17:
+		log.Panicln(text) // $ logger=text
+	case 18:
+		log.Print(text) // $ logger=text
+	case 19:
+		log.Printf(fmt, text) // $ logger=fmt logger=text
+	case 20:
+		log.Println(text) // $ logger=text
+	}

 	// components corresponding to the format specifier "%T" are not considered vulnerable
-	log.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	log.Panicf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
-	log.Printf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
+	switch selector {
+	case 21:
+		log.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
+	case 22:
+		log.Panicf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
+	case 23:
+		log.Printf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
+	}
 }