Make line differences in test comments relative

Author: owen-mc

go/ql/test/query-tests/Security/CWE-327/CryptoAlgorithm.ql

@@ -19,23 +19,15 @@ module Test implements TestSig {
       exists(int c | c = count(ho.getInitialization()) |
         c = 0 and initialization = ""
         or
-        c = 1 and
+        c > 0 and
         initialization =
-          " init from line " +
-            strictconcat(DataFlow::Node init |
-              init = ho.getInitialization()
+          " init from " +
+            strictconcat(DataFlow::Node init, int n |
+              init = ho.getInitialization() and
+              n = ho.getStartLine() - init.getStartLine()
             |
-              init.getStartLine().toString(), ","
-            ) + "."
-        or
-        c > 1 and
-        initialization =
-          " init from lines " +
-            strictconcat(DataFlow::Node init |
-              init = ho.getInitialization()
-            |
-              init.getStartLine().toString(), ","
-            ) + "."
+              n.toString(), ","
+            ) + " lines above."
       ) and
       ho.getLocation() = location and
       element = ho.toString() and

go/ql/test/query-tests/Security/CWE-327/encryption.go

@@ -27,141 +27,141 @@ func BlockCipherDes() {
 	// BAD, des is a weak crypto algorithm
 	block, _ := des.NewCipher(nil)
 
-	block.Encrypt(dst, secretByteSlice) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. init from line 28."
+	block.Encrypt(dst, secretByteSlice) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. init from 2 lines above."
 	block.Decrypt(dst, secretByteSlice)
 
 	gcm1, _ := cipher.NewGCM(block)
-	gcm1.Seal(nil, nil, secretByteSlice, nil) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. init from line 28."
+	gcm1.Seal(nil, nil, secretByteSlice, nil) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. init from 6 lines above."
 	gcm1.Open(nil, nil, secretByteSlice, nil)
 
 	gcm2, _ := cipher.NewGCMWithNonceSize(block, 12)
-	gcm2.Seal(nil, nil, secretByteSlice, nil) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. init from line 28."
+	gcm2.Seal(nil, nil, secretByteSlice, nil) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. init from 10 lines above."
 	gcm2.Open(nil, nil, secretByteSlice, nil)
 
 	gcm3, _ := cipher.NewGCMWithRandomNonce(block)
-	gcm3.Seal(nil, nil, secretByteSlice, nil) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. init from line 28."
+	gcm3.Seal(nil, nil, secretByteSlice, nil) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. init from 14 lines above."
 	gcm3.Open(nil, nil, secretByteSlice, nil)
 
 	gcm4, _ := cipher.NewGCMWithTagSize(block, 12)
-	gcm4.Seal(nil, nil, secretByteSlice, nil) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. init from line 28."
+	gcm4.Seal(nil, nil, secretByteSlice, nil) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. init from 18 lines above."
 	gcm4.Open(nil, nil, secretByteSlice, nil)
 
 	cbcEncrypter := cipher.NewCBCEncrypter(block, nil)
-	cbcEncrypter.CryptBlocks(dst, secretByteSlice) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. blockMode: CBC. init from lines 28,49."
+	cbcEncrypter.CryptBlocks(dst, secretByteSlice) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. blockMode: CBC. init from 1,22 lines above."
 	cipher.NewCBCDecrypter(block, nil).CryptBlocks(dst, secretByteSlice)
 
 	ctrStream := cipher.NewCTR(block, nil)
-	ctrStream.XORKeyStream(dst, secretByteSlice) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. blockMode: CTR. init from lines 28,53."
+	ctrStream.XORKeyStream(dst, secretByteSlice) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. blockMode: CTR. init from 1,26 lines above."
 
-	ctrStreamReader := &cipher.StreamReader{S: ctrStream, R: bytes.NewReader(secretByteSlice)} // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. blockMode: CTR. init from lines 28,53."
+	ctrStreamReader := &cipher.StreamReader{S: ctrStream, R: bytes.NewReader(secretByteSlice)} // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. blockMode: CTR. init from 28,3 lines above."
 	io.Copy(os.Stdout, ctrStreamReader)
 
-	ctrStreamWriter := &cipher.StreamWriter{S: ctrStream, W: os.Stdout} // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. blockMode: CTR. init from lines 28,53."
-	io.Copy(ctrStreamWriter, bytes.NewReader(secretByteSlice))          // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. blockMode: CTR. init from lines 28,53."
+	ctrStreamWriter := &cipher.StreamWriter{S: ctrStream, W: os.Stdout} // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. blockMode: CTR. init from 31,6 lines above."
+	io.Copy(ctrStreamWriter, bytes.NewReader(secretByteSlice))          // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. blockMode: CTR. init from 32,7 lines above."
 
 	// deprecated
 
 	cfbStream := cipher.NewCFBEncrypter(block, nil)
-	cfbStream.XORKeyStream(dst, secretByteSlice) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. blockMode: CFB. init from lines 28,64."
+	cfbStream.XORKeyStream(dst, secretByteSlice) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. blockMode: CFB. init from 1,37 lines above."
 	cipher.NewCFBDecrypter(block, nil).XORKeyStream(dst, secretByteSlice)
 
 	ofbStream := cipher.NewOFB(block, nil)
-	ofbStream.XORKeyStream(dst, secretByteSlice) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. blockMode: OFB. init from lines 28,68."
+	ofbStream.XORKeyStream(dst, secretByteSlice) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="DES. blockMode: OFB. init from 1,41 lines above."
 }
 
 func BlockCipherTripleDes() {
 	// BAD, triple des is a weak crypto algorithm and secretByteSlice is sensitive data
 	block, _ := des.NewTripleDESCipher(nil)
 
-	block.Encrypt(dst, getUserID()) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. init from line 74."
+	block.Encrypt(dst, getUserID()) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. init from 2 lines above."
 	block.Decrypt(dst, getUserID())
 
 	gcm1, _ := cipher.NewGCM(block)
-	gcm1.Seal(nil, nil, getUserID(), nil) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. init from line 74."
+	gcm1.Seal(nil, nil, getUserID(), nil) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. init from 6 lines above."
 	gcm1.Open(nil, nil, getUserID(), nil)
 
 	gcm2, _ := cipher.NewGCMWithNonceSize(block, 12)
-	gcm2.Seal(nil, nil, getUserID(), nil) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. init from line 74."
+	gcm2.Seal(nil, nil, getUserID(), nil) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. init from 10 lines above."
 	gcm2.Open(nil, nil, getUserID(), nil)
 
 	gcm3, _ := cipher.NewGCMWithRandomNonce(block)
-	gcm3.Seal(nil, nil, secretByteSlice, nil) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. init from line 74."
+	gcm3.Seal(nil, nil, secretByteSlice, nil) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. init from 14 lines above."
 	gcm3.Open(nil, nil, secretByteSlice, nil)
 
 	gcm4, _ := cipher.NewGCMWithTagSize(block, 12)
-	gcm4.Seal(nil, nil, secretByteSlice, nil) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. init from line 74."
+	gcm4.Seal(nil, nil, secretByteSlice, nil) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. init from 18 lines above."
 	gcm4.Open(nil, nil, secretByteSlice, nil)
 
 	cbcEncrypter := cipher.NewCBCEncrypter(block, nil)
-	cbcEncrypter.CryptBlocks(dst, getUserID()) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. blockMode: CBC. init from lines 74,95."
+	cbcEncrypter.CryptBlocks(dst, getUserID()) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. blockMode: CBC. init from 1,22 lines above."
 	cipher.NewCBCDecrypter(block, nil).CryptBlocks(dst, getUserID())
 
 	ctrStream := cipher.NewCTR(block, nil)
-	ctrStream.XORKeyStream(dst, getUserID()) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. blockMode: CTR. init from lines 74,99."
+	ctrStream.XORKeyStream(dst, getUserID()) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. blockMode: CTR. init from 1,26 lines above."
 
-	ctrStreamReader := &cipher.StreamReader{S: ctrStream, R: bytes.NewReader(getUserID())} // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. blockMode: CTR. init from lines 74,99."
+	ctrStreamReader := &cipher.StreamReader{S: ctrStream, R: bytes.NewReader(getUserID())} // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. blockMode: CTR. init from 28,3 lines above."
 	io.Copy(os.Stdout, ctrStreamReader)
 
-	ctrStreamWriter := &cipher.StreamWriter{S: ctrStream, W: os.Stdout} // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. blockMode: CTR. init from lines 74,99."
-	io.Copy(ctrStreamWriter, bytes.NewReader(getUserID()))              // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. blockMode: CTR. init from lines 74,99."
+	ctrStreamWriter := &cipher.StreamWriter{S: ctrStream, W: os.Stdout} // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. blockMode: CTR. init from 31,6 lines above."
+	io.Copy(ctrStreamWriter, bytes.NewReader(getUserID()))              // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. blockMode: CTR. init from 32,7 lines above."
 
 	// deprecated
 
 	cfbStream := cipher.NewCFBEncrypter(block, nil)
-	cfbStream.XORKeyStream(dst, secretByteSlice) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. blockMode: CFB. init from lines 110,74."
+	cfbStream.XORKeyStream(dst, secretByteSlice) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. blockMode: CFB. init from 1,37 lines above."
 	cipher.NewCFBDecrypter(block, nil).XORKeyStream(dst, secretByteSlice)
 
 	ofbStream := cipher.NewOFB(block, nil)
-	ofbStream.XORKeyStream(dst, secretByteSlice) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. blockMode: OFB. init from lines 114,74."
+	ofbStream.XORKeyStream(dst, secretByteSlice) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="TRIPLEDES. blockMode: OFB. init from 1,41 lines above."
 }
 
 func BlockCipherAes() {
 	// GOOD, aes is a strong crypto algorithm
 	block, _ := aes.NewCipher(nil)
 
-	block.Encrypt(dst, secretByteSlice) // $ CryptographicOperation="AES. init from line 120."
+	block.Encrypt(dst, secretByteSlice) // $ CryptographicOperation="AES. init from 2 lines above."
 	block.Decrypt(dst, secretByteSlice)
 
 	gcm1, _ := cipher.NewGCM(block)
-	gcm1.Seal(nil, nil, secretByteSlice, nil) // $ CryptographicOperation="AES. init from line 120."
+	gcm1.Seal(nil, nil, secretByteSlice, nil) // $ CryptographicOperation="AES. init from 6 lines above."
 	gcm1.Open(nil, nil, secretByteSlice, nil)
 
 	gcm2, _ := cipher.NewGCMWithNonceSize(block, 12)
-	gcm2.Seal(nil, nil, secretByteSlice, nil) // $ CryptographicOperation="AES. init from line 120."
+	gcm2.Seal(nil, nil, secretByteSlice, nil) // $ CryptographicOperation="AES. init from 10 lines above."
 	gcm2.Open(nil, nil, secretByteSlice, nil)
 
 	gcm3, _ := cipher.NewGCMWithRandomNonce(block)
-	gcm3.Seal(nil, nil, secretByteSlice, nil) // $ CryptographicOperation="AES. init from line 120."
+	gcm3.Seal(nil, nil, secretByteSlice, nil) // $ CryptographicOperation="AES. init from 14 lines above."
 	gcm3.Open(nil, nil, secretByteSlice, nil)
 
 	gcm4, _ := cipher.NewGCMWithTagSize(block, 12)
-	gcm4.Seal(nil, nil, secretByteSlice, nil) // $ CryptographicOperation="AES. init from line 120."
+	gcm4.Seal(nil, nil, secretByteSlice, nil) // $ CryptographicOperation="AES. init from 18 lines above."
 	gcm4.Open(nil, nil, secretByteSlice, nil)
 
 	cbcEncrypter := cipher.NewCBCEncrypter(block, nil)
-	cbcEncrypter.CryptBlocks(dst, secretByteSlice) // $ CryptographicOperation="AES. blockMode: CBC. init from lines 120,141."
+	cbcEncrypter.CryptBlocks(dst, secretByteSlice) // $ CryptographicOperation="AES. blockMode: CBC. init from 1,22 lines above."
 	cipher.NewCBCDecrypter(block, nil).CryptBlocks(dst, secretByteSlice)
 
 	ctrStream := cipher.NewCTR(block, nil)
-	ctrStream.XORKeyStream(dst, secretByteSlice) // $ CryptographicOperation="AES. blockMode: CTR. init from lines 120,145."
+	ctrStream.XORKeyStream(dst, secretByteSlice) // $ CryptographicOperation="AES. blockMode: CTR. init from 1,26 lines above."
 
-	ctrStreamReader := &cipher.StreamReader{S: ctrStream, R: bytes.NewReader(secretByteSlice)} // $ CryptographicOperation="AES. blockMode: CTR. init from lines 120,145."
+	ctrStreamReader := &cipher.StreamReader{S: ctrStream, R: bytes.NewReader(secretByteSlice)} // $ CryptographicOperation="AES. blockMode: CTR. init from 28,3 lines above."
 	io.Copy(os.Stdout, ctrStreamReader)
 
-	ctrStreamWriter := &cipher.StreamWriter{S: ctrStream, W: os.Stdout} // $ CryptographicOperation="AES. blockMode: CTR. init from lines 120,145."
-	io.Copy(ctrStreamWriter, bytes.NewReader(secretByteSlice))          // $ CryptographicOperation="AES. blockMode: CTR. init from lines 120,145."
+	ctrStreamWriter := &cipher.StreamWriter{S: ctrStream, W: os.Stdout} // $ CryptographicOperation="AES. blockMode: CTR. init from 31,6 lines above."
+	io.Copy(ctrStreamWriter, bytes.NewReader(secretByteSlice))          // $ CryptographicOperation="AES. blockMode: CTR. init from 32,7 lines above."
 
 	// deprecated
 
 	cfbStream := cipher.NewCFBEncrypter(block, nil)
-	cfbStream.XORKeyStream(dst, secretByteSlice) // $ CryptographicOperation="AES. blockMode: CFB. init from lines 120,156."
+	cfbStream.XORKeyStream(dst, secretByteSlice) // $ CryptographicOperation="AES. blockMode: CFB. init from 1,37 lines above."
 	cipher.NewCFBDecrypter(block, nil).XORKeyStream(dst, secretByteSlice)
 
 	ofbStream := cipher.NewOFB(block, nil)
-	ofbStream.XORKeyStream(dst, secretByteSlice) // $ CryptographicOperation="AES. blockMode: OFB. init from lines 120,160."
+	ofbStream.XORKeyStream(dst, secretByteSlice) // $ CryptographicOperation="AES. blockMode: OFB. init from 1,41 lines above."
 }
 
 func CipherRc4() {
 	c, _ := rc4.NewCipher(nil)
-	c.XORKeyStream(dst, getUserID()) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="RC4. init from line 166."
+	c.XORKeyStream(dst, getUserID()) // $ Alert[go/weak-cryptographic-algorithm] CryptographicOperation="RC4. init from 0 lines above."
 }