From e857eedd4a5c8b0105729e653ec94f862e57e4b7 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 3 May 2024 11:50:06 +0100 Subject: [PATCH 01/16] Fix model for `append` - it is variadic --- go/ql/lib/ext/builtin.model.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go/ql/lib/ext/builtin.model.yml b/go/ql/lib/ext/builtin.model.yml index f4e7a4e53488..705b7f724c37 100644 --- a/go/ql/lib/ext/builtin.model.yml +++ b/go/ql/lib/ext/builtin.model.yml @@ -4,4 +4,4 @@ extensions: extensible: summaryModel data: - ["", "", False, "append", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"] - - ["", "", False, "append", "", "", "Argument[1]", "ReturnValue.ArrayElement", "value", "manual"] \ No newline at end of file + - ["", "", False, "append", "", "", "Argument[1].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"] From 1322ce35d6285ee392ea887b0f25a68eb565b416 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 3 May 2024 11:50:51 +0100 Subject: [PATCH 02/16] Add model for built-in function `copy` --- go/ql/lib/ext/builtin.model.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/go/ql/lib/ext/builtin.model.yml b/go/ql/lib/ext/builtin.model.yml index 705b7f724c37..fbe1f6c236d6 100644 --- a/go/ql/lib/ext/builtin.model.yml +++ b/go/ql/lib/ext/builtin.model.yml @@ -5,3 +5,4 @@ extensions: data: - ["", "", False, "append", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"] - ["", "", False, "append", "", "", "Argument[1].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"] + - ["", "", False, "copy", "", "", "Argument[1].ArrayElement", "Argument[0].ArrayElement", "value", "manual"] From fcdac0aeb0a7eae4993cec9bbcae19f59a331bd5 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 7 May 2024 21:11:28 +0100 Subject: [PATCH 03/16] Add models for `min` and `max` built-in functions --- go/ql/lib/ext/builtin.model.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/go/ql/lib/ext/builtin.model.yml b/go/ql/lib/ext/builtin.model.yml index fbe1f6c236d6..d8fe093ecf10 100644 --- a/go/ql/lib/ext/builtin.model.yml +++ b/go/ql/lib/ext/builtin.model.yml @@ -6,3 +6,7 @@ extensions: - ["", "", False, "append", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"] - ["", "", False, "append", "", "", "Argument[1].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"] - ["", "", False, "copy", "", "", "Argument[1].ArrayElement", "Argument[0].ArrayElement", "value", "manual"] + - ["", "", False, "max", "", "", "Argument[0]", "ReturnValue", "value", "manual"] + - ["", "", False, "max", "", "", "Argument[1]", "ReturnValue", "value", "manual"] + - ["", "", False, "min", "", "", "Argument[0]", "ReturnValue", "value", "manual"] + - ["", "", False, "min", "", "", "Argument[1]", "ReturnValue", "value", "manual"] From f95ccd242f2867cf13773dadab516784962b42b1 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 7 May 2024 21:18:54 +0100 Subject: [PATCH 04/16] Remove old-style models of built-in functions --- go/ql/lib/semmle/go/frameworks/Stdlib.qll | 52 ----------------------- 1 file changed, 52 deletions(-) diff --git a/go/ql/lib/semmle/go/frameworks/Stdlib.qll b/go/ql/lib/semmle/go/frameworks/Stdlib.qll index 19938ce73c2a..44f3d16c11ce 100644 --- a/go/ql/lib/semmle/go/frameworks/Stdlib.qll +++ b/go/ql/lib/semmle/go/frameworks/Stdlib.qll @@ -44,58 +44,6 @@ import semmle.go.frameworks.stdlib.TextTabwriter import semmle.go.frameworks.stdlib.TextTemplate import semmle.go.frameworks.stdlib.Unsafe -// These are modeled using TaintTracking::FunctionModel because they doesn't have real type signatures, -// and therefore currently have an InvalidType, not a SignatureType, which breaks Models as Data. -/** - * A model of the built-in `append` function, which propagates taint from its arguments to its - * result. - */ -private class AppendFunction extends TaintTracking::FunctionModel { - AppendFunction() { this = Builtin::append() } - - override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) { - inp.isParameter(_) and outp.isResult() - } -} - -/** - * A model of the built-in `copy` function, which propagates taint from its second argument - * to its first. - */ -private class CopyFunction extends TaintTracking::FunctionModel { - CopyFunction() { this = Builtin::copy() } - - override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) { - inp.isParameter(1) and outp.isParameter(0) - } -} - -/** - * A model of the built-in `min` function, which computes the smallest value of a fixed number of - * arguments of ordered types. There is at least one argument and "ordered types" includes e.g. - * strings, so we care about data flow through `min`. - */ -private class MinFunction extends DataFlow::FunctionModel { - MinFunction() { this = Builtin::min_() } - - override predicate hasDataFlow(FunctionInput inp, FunctionOutput outp) { - inp.isParameter(_) and outp.isResult() - } -} - -/** - * A model of the built-in `max` function, which computes the largest value of a fixed number of - * arguments of ordered types. There is at least one argument and "ordered types" includes e.g. - * strings, so we care about data flow through `max`. - */ -private class MaxFunction extends DataFlow::FunctionModel { - MaxFunction() { this = Builtin::max_() } - - override predicate hasDataFlow(FunctionInput inp, FunctionOutput outp) { - inp.isParameter(_) and outp.isResult() - } -} - /** Provides a class for modeling functions which convert strings into integers. */ module IntegerParser { /** From 84b7319688c9ea7b4c3d921b4db6e6948ae0dbd5 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 30 Apr 2024 10:31:25 +0100 Subject: [PATCH 05/16] Rename test folder `ExternalFlow` to `ExternalTaintFlow` --- .../{ExternalFlow => ExternalTaintFlow}/completetest.expected | 0 .../{ExternalFlow => ExternalTaintFlow}/completetest.ext.yml | 0 .../dataflow/{ExternalFlow => ExternalTaintFlow}/completetest.ql | 0 .../semmle/go/dataflow/{ExternalFlow => ExternalTaintFlow}/go.mod | 0 .../dataflow/{ExternalFlow => ExternalTaintFlow}/sinks.expected | 0 .../go/dataflow/{ExternalFlow => ExternalTaintFlow}/sinks.ext.yml | 0 .../go/dataflow/{ExternalFlow => ExternalTaintFlow}/sinks.ql | 0 .../go/dataflow/{ExternalFlow => ExternalTaintFlow}/srcs.expected | 0 .../go/dataflow/{ExternalFlow => ExternalTaintFlow}/srcs.ext.yml | 0 .../go/dataflow/{ExternalFlow => ExternalTaintFlow}/srcs.ql | 0 .../dataflow/{ExternalFlow => ExternalTaintFlow}/steps.expected | 0 .../go/dataflow/{ExternalFlow => ExternalTaintFlow}/steps.ext.yml | 0 .../go/dataflow/{ExternalFlow => ExternalTaintFlow}/steps.ql | 0 .../go/dataflow/{ExternalFlow => ExternalTaintFlow}/test.go | 0 .../vendor/github.com/nonexistent/test/stub.go | 0 .../{ExternalFlow => ExternalTaintFlow}/vendor/modules.txt | 0 16 files changed, 0 insertions(+), 0 deletions(-) rename go/ql/test/library-tests/semmle/go/dataflow/{ExternalFlow => ExternalTaintFlow}/completetest.expected (100%) rename go/ql/test/library-tests/semmle/go/dataflow/{ExternalFlow => ExternalTaintFlow}/completetest.ext.yml (100%) rename go/ql/test/library-tests/semmle/go/dataflow/{ExternalFlow => ExternalTaintFlow}/completetest.ql (100%) rename go/ql/test/library-tests/semmle/go/dataflow/{ExternalFlow => ExternalTaintFlow}/go.mod (100%) rename go/ql/test/library-tests/semmle/go/dataflow/{ExternalFlow => ExternalTaintFlow}/sinks.expected (100%) rename go/ql/test/library-tests/semmle/go/dataflow/{ExternalFlow => ExternalTaintFlow}/sinks.ext.yml (100%) rename go/ql/test/library-tests/semmle/go/dataflow/{ExternalFlow => ExternalTaintFlow}/sinks.ql (100%) rename go/ql/test/library-tests/semmle/go/dataflow/{ExternalFlow => ExternalTaintFlow}/srcs.expected (100%) rename go/ql/test/library-tests/semmle/go/dataflow/{ExternalFlow => ExternalTaintFlow}/srcs.ext.yml (100%) rename go/ql/test/library-tests/semmle/go/dataflow/{ExternalFlow => ExternalTaintFlow}/srcs.ql (100%) rename go/ql/test/library-tests/semmle/go/dataflow/{ExternalFlow => ExternalTaintFlow}/steps.expected (100%) rename go/ql/test/library-tests/semmle/go/dataflow/{ExternalFlow => ExternalTaintFlow}/steps.ext.yml (100%) rename go/ql/test/library-tests/semmle/go/dataflow/{ExternalFlow => ExternalTaintFlow}/steps.ql (100%) rename go/ql/test/library-tests/semmle/go/dataflow/{ExternalFlow => ExternalTaintFlow}/test.go (100%) rename go/ql/test/library-tests/semmle/go/dataflow/{ExternalFlow => ExternalTaintFlow}/vendor/github.com/nonexistent/test/stub.go (100%) rename go/ql/test/library-tests/semmle/go/dataflow/{ExternalFlow => ExternalTaintFlow}/vendor/modules.txt (100%) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/completetest.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/completetest.expected similarity index 100% rename from go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/completetest.expected rename to go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/completetest.expected diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/completetest.ext.yml b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/completetest.ext.yml similarity index 100% rename from go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/completetest.ext.yml rename to go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/completetest.ext.yml diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/completetest.ql b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/completetest.ql similarity index 100% rename from go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/completetest.ql rename to go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/completetest.ql diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/go.mod b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/go.mod similarity index 100% rename from go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/go.mod rename to go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/go.mod diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/sinks.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/sinks.expected similarity index 100% rename from go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/sinks.expected rename to go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/sinks.expected diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/sinks.ext.yml b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/sinks.ext.yml similarity index 100% rename from go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/sinks.ext.yml rename to go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/sinks.ext.yml diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/sinks.ql b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/sinks.ql similarity index 100% rename from go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/sinks.ql rename to go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/sinks.ql diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/srcs.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected similarity index 100% rename from go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/srcs.expected rename to go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/srcs.ext.yml b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.ext.yml similarity index 100% rename from go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/srcs.ext.yml rename to go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.ext.yml diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/srcs.ql b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.ql similarity index 100% rename from go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/srcs.ql rename to go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.ql diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/steps.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/steps.expected similarity index 100% rename from go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/steps.expected rename to go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/steps.expected diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/steps.ext.yml b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/steps.ext.yml similarity index 100% rename from go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/steps.ext.yml rename to go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/steps.ext.yml diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/steps.ql b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/steps.ql similarity index 100% rename from go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/steps.ql rename to go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/steps.ql diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/test.go b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go similarity index 100% rename from go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/test.go rename to go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/vendor/github.com/nonexistent/test/stub.go b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/vendor/github.com/nonexistent/test/stub.go similarity index 100% rename from go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/vendor/github.com/nonexistent/test/stub.go rename to go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/vendor/github.com/nonexistent/test/stub.go diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/vendor/modules.txt similarity index 100% rename from go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/vendor/modules.txt rename to go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/vendor/modules.txt From c81641279558295baa8c05fb45f9e1eec370ffc7 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Sat, 4 May 2024 21:44:21 +0100 Subject: [PATCH 06/16] Create copy of `ExternalTaintFlow` called `ExternalValueFlow` --- .../ExternalValueFlow/completetest.expected | 2 + .../ExternalValueFlow/completetest.ext.yml | 40 +++++ .../ExternalValueFlow/completetest.ql | 17 ++ .../go/dataflow/ExternalValueFlow/go.mod | 5 + .../dataflow/ExternalValueFlow/sinks.expected | 35 ++++ .../dataflow/ExternalValueFlow/sinks.ext.yml | 8 + .../go/dataflow/ExternalValueFlow/sinks.ql | 7 + .../dataflow/ExternalValueFlow/srcs.expected | 23 +++ .../dataflow/ExternalValueFlow/srcs.ext.yml | 11 ++ .../go/dataflow/ExternalValueFlow/srcs.ql | 7 + .../dataflow/ExternalValueFlow/steps.expected | 16 ++ .../dataflow/ExternalValueFlow/steps.ext.yml | 14 ++ .../go/dataflow/ExternalValueFlow/steps.ql | 8 + .../go/dataflow/ExternalValueFlow/test.go | 165 ++++++++++++++++++ .../github.com/nonexistent/test/stub.go | 72 ++++++++ .../ExternalValueFlow/vendor/modules.txt | 3 + 16 files changed, 433 insertions(+) create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.expected create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ext.yml create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ql create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/go.mod create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.expected create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.ext.yml create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.ql create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.ext.yml create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.ql create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.expected create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.ext.yml create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.ql create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/vendor/github.com/nonexistent/test/stub.go create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/vendor/modules.txt diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.expected new file mode 100644 index 000000000000..42831abaf155 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.expected @@ -0,0 +1,2 @@ +invalidModelRow +testFailures diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ext.yml b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ext.yml new file mode 100644 index 000000000000..47e51e573f01 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ext.yml @@ -0,0 +1,40 @@ +extensions: + - addsTo: + pack: codeql/go-all + extensible: summaryModel + data: + - ["github.com/nonexistent/test", "T", False, "StepArgRes", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["github.com/nonexistent/test", "T", False, "StepArgRes1", "", "", "Argument[0]", "ReturnValue[1]", "taint", "manual"] + - ["github.com/nonexistent/test", "T", False, "StepArgArg", "", "", "Argument[0]", "Argument[1]", "taint", "manual"] + - ["github.com/nonexistent/test", "T", False, "StepArgQual", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["github.com/nonexistent/test", "T", False, "StepQualRes", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["github.com/nonexistent/test", "T", False, "StepQualArg", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgResNoQual", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgResArrayContent", "", "", "Argument[0]", "ReturnValue.ArrayElement", "taint", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgArrayContentRes", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgResCollectionContent", "", "", "Argument[0]", "ReturnValue.Element", "taint", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgCollectionContentRes", "", "", "Argument[0].Element", "ReturnValue", "taint", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgResMapKeyContent", "", "", "Argument[0]", "ReturnValue.MapKey", "taint", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgMapKeyContentRes", "", "", "Argument[0].MapKey", "ReturnValue", "taint", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgResMapValueContent", "", "", "Argument[0]", "ReturnValue.MapValue", "taint", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgMapValueContentRes", "", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"] + - ["github.com/nonexistent/test", "", False, "GetElement", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"] + - ["github.com/nonexistent/test", "", False, "GetMapKey", "", "", "Argument[0].MapKey", "ReturnValue", "value", "manual"] + - ["github.com/nonexistent/test", "", False, "SetElement", "", "", "Argument[0]", "ReturnValue.Element", "value", "manual"] + - ["github.com/nonexistent/test", "C", False, "Get", "", "", "Argument[-1].Field[github.com/nonexistent/test.C.F]", "ReturnValue", "value", "manual"] + - ["github.com/nonexistent/test", "C", False, "GetThroughPointer", "", "", "Argument[-1].Dereference.Field[github.com/nonexistent/test.C.F]", "ReturnValue", "value", "manual"] + - ["github.com/nonexistent/test", "C", False, "Set", "", "", "Argument[0]", "Argument[-1].Field[github.com/nonexistent/test.C.F]", "value", "manual"] + - ["github.com/nonexistent/test", "C", False, "SetThroughPointer", "", "", "Argument[0]", "Argument[-1].Dereference.Field[github.com/nonexistent/test.C.F]", "value", "manual"] + + - addsTo: + pack: codeql/go-all + extensible: sourceModel + data: + - ["github.com/nonexistent/test", "A", False, "Src1", "", "", "ReturnValue", "qltest", "manual"] + + - addsTo: + pack: codeql/go-all + extensible: sinkModel + data: + - ["github.com/nonexistent/test", "B", False, "Sink1", "", "", "Argument[0]", "qltest", "manual"] + - ["github.com/nonexistent/test", "B", False, "SinkManyArgs", "", "", "Argument[0..2]", "qltest", "manual"] diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ql b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ql new file mode 100644 index 000000000000..2b719551ae0c --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ql @@ -0,0 +1,17 @@ +/** + * @kind path-problem + */ + +import go +import semmle.go.dataflow.ExternalFlow +import ModelValidation +import semmle.go.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl +import TestUtilities.InlineFlowTest + +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { sourceNode(src, "qltest") } + + predicate isSink(DataFlow::Node src) { sinkNode(src, "qltest") } +} + +import TaintFlowTest diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/go.mod b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/go.mod new file mode 100644 index 000000000000..f5b1162fa7a7 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/go.mod @@ -0,0 +1,5 @@ +module semmle.go.Packages + +go 1.13 + +require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000 diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.expected new file mode 100644 index 000000000000..38dc380b55b1 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.expected @@ -0,0 +1,35 @@ +invalidModelRow +#select +| test.go:47:10:47:12 | arg | qltest | +| test.go:48:2:48:13 | type assertion | qltest | +| test.go:61:10:61:15 | taint1 | qltest | +| test.go:64:10:64:15 | taint2 | qltest | +| test.go:68:10:68:15 | taint3 | qltest | +| test.go:72:10:72:15 | taint4 | qltest | +| test.go:75:10:75:15 | taint5 | qltest | +| test.go:79:10:79:15 | taint6 | qltest | +| test.go:82:10:82:15 | taint7 | qltest | +| test.go:85:10:85:18 | index expression | qltest | +| test.go:89:10:89:15 | taint9 | qltest | +| test.go:92:10:92:33 | call to GetElement | qltest | +| test.go:93:10:93:18 | <-... | qltest | +| test.go:97:10:97:16 | taint11 | qltest | +| test.go:100:10:100:32 | call to GetMapKey | qltest | +| test.go:102:11:102:11 | k | qltest | +| test.go:105:11:105:11 | k | qltest | +| test.go:110:10:110:16 | taint13 | qltest | +| test.go:113:10:113:20 | index expression | qltest | +| test.go:117:10:117:16 | taint15 | qltest | +| test.go:121:10:121:17 | index expression | qltest | +| test.go:126:10:126:16 | taint16 | qltest | +| test.go:130:10:130:13 | selection of F | qltest | +| test.go:133:10:133:17 | call to Get | qltest | +| test.go:137:10:137:17 | call to Get | qltest | +| test.go:142:10:142:17 | call to Get | qltest | +| test.go:146:10:146:14 | selection of F | qltest | +| test.go:149:10:149:32 | call to GetThroughPointer | qltest | +| test.go:153:10:153:32 | call to GetThroughPointer | qltest | +| test.go:158:10:158:32 | call to GetThroughPointer | qltest | +| test.go:164:17:164:20 | arg1 | qltest | +| test.go:164:23:164:26 | arg2 | qltest | +| test.go:164:29:164:32 | arg3 | qltest | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.ext.yml b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.ext.yml new file mode 100644 index 000000000000..653f82bae612 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.ext.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: codeql/go-all + extensible: sinkModel + data: + - ["github.com/nonexistent/test", "B", False, "Sink1", "", "", "Argument[0]", "qltest", "manual"] + - ["github.com/nonexistent/test", "B", False, "SinkMethod", "", "", "Argument[-1]", "qltest", "manual"] + - ["github.com/nonexistent/test", "B", False, "SinkManyArgs", "", "", "Argument[0..2]", "qltest", "manual"] \ No newline at end of file diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.ql b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.ql new file mode 100644 index 000000000000..de84cf24e4d4 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.ql @@ -0,0 +1,7 @@ +import go +import semmle.go.dataflow.ExternalFlow +import ModelValidation + +from DataFlow::Node node, string kind +where sinkNode(node, kind) +select node, kind diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected new file mode 100644 index 000000000000..2f1e32567781 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected @@ -0,0 +1,23 @@ +invalidModelRow +#select +| test.go:10:6:10:8 | definition of arg | qltest-arg | +| test.go:38:8:38:15 | call to Src1 | qltest | +| test.go:39:8:39:15 | call to Src2 | qltest | +| test.go:39:8:39:15 | call to Src2 | qltest-w-subtypes | +| test.go:40:8:40:16 | call to Src2 | qltest-w-subtypes | +| test.go:41:2:41:21 | ... = ...[0] | qltest | +| test.go:41:2:41:21 | ... = ...[1] | qltest-w-subtypes | +| test.go:42:2:42:22 | ... = ...[1] | qltest-w-subtypes | +| test.go:58:9:58:16 | call to Src1 | qltest | +| test.go:91:46:91:53 | call to Src1 | qltest | +| test.go:95:35:95:42 | call to Src1 | qltest | +| test.go:99:42:99:49 | call to Src1 | qltest | +| test.go:124:8:124:15 | call to Src1 | qltest | +| test.go:129:9:129:16 | call to Src1 | qltest | +| test.go:132:15:132:22 | call to Src1 | qltest | +| test.go:136:9:136:16 | call to Src1 | qltest | +| test.go:140:9:140:16 | call to Src1 | qltest | +| test.go:145:24:145:31 | call to Src1 | qltest | +| test.go:148:17:148:24 | call to Src1 | qltest | +| test.go:152:24:152:31 | call to Src1 | qltest | +| test.go:156:24:156:31 | call to Src1 | qltest | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.ext.yml b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.ext.yml new file mode 100644 index 000000000000..5493650132c1 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.ext.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: codeql/go-all + extensible: sourceModel + data: + - ["github.com/nonexistent/test", "A", False, "Src1", "", "", "ReturnValue", "qltest", "manual"] + - ["github.com/nonexistent/test", "A", False, "Src2", "", "", "ReturnValue", "qltest", "manual"] + - ["github.com/nonexistent/test", "A", True, "Src2", "", "", "ReturnValue", "qltest-w-subtypes", "manual"] + - ["github.com/nonexistent/test", "A", False, "SrcArg", "", "", "Argument[0]", "qltest-arg", "manual"] + - ["github.com/nonexistent/test", "A", False, "Src3", "", "", "ReturnValue[0]", "qltest", "manual"] + - ["github.com/nonexistent/test", "A", True, "Src3", "", "", "ReturnValue[1]", "qltest-w-subtypes", "manual"] \ No newline at end of file diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.ql b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.ql new file mode 100644 index 000000000000..d1cd0fee89d8 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.ql @@ -0,0 +1,7 @@ +import go +import semmle.go.dataflow.ExternalFlow +import ModelValidation + +from DataFlow::Node node, string kind +where sourceNode(node, kind) +select node, kind diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.expected new file mode 100644 index 000000000000..9173869eac95 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.expected @@ -0,0 +1,16 @@ +invalidModelRow +#select +| test.go:17:23:17:25 | arg | test.go:17:10:17:26 | call to StepArgRes | +| test.go:18:27:18:29 | arg | test.go:18:2:18:30 | ... = ...[1] | +| test.go:19:15:19:17 | arg | test.go:11:6:11:9 | definition of arg1 | +| test.go:20:16:20:18 | arg | test.go:13:6:13:6 | definition of t | +| test.go:21:10:21:10 | t | test.go:21:10:21:24 | call to StepQualRes | +| test.go:22:2:22:2 | t | test.go:10:6:10:8 | definition of arg | +| test.go:23:32:23:34 | arg | test.go:23:10:23:35 | call to StepArgResNoQual | +| test.go:60:25:60:27 | src | test.go:60:12:60:28 | call to StepArgRes | +| test.go:63:29:63:31 | src | test.go:63:2:63:32 | ... := ...[1] | +| test.go:67:15:67:17 | src | test.go:66:6:66:11 | definition of taint3 | +| test.go:71:21:71:23 | src | test.go:70:6:70:11 | definition of taint4 | +| test.go:74:13:74:25 | type assertion | test.go:74:12:74:40 | call to StepQualRes | +| test.go:78:3:78:15 | type assertion | test.go:77:6:77:11 | definition of taint6 | +| test.go:81:34:81:36 | src | test.go:81:12:81:37 | call to StepArgResNoQual | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.ext.yml b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.ext.yml new file mode 100644 index 000000000000..f1c5a78ecbf8 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.ext.yml @@ -0,0 +1,14 @@ +extensions: + - addsTo: + pack: codeql/go-all + extensible: summaryModel + data: + - ["github.com/nonexistent/test", "T", False, "StepArgRes", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["github.com/nonexistent/test", "T", False, "StepArgRes1", "", "", "Argument[0]", "ReturnValue[1]", "taint", "manual"] + - ["github.com/nonexistent/test", "T", False, "StepArgArg", "", "", "Argument[0]", "Argument[1]", "taint", "manual"] + - ["github.com/nonexistent/test", "T", False, "StepArgQual", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["github.com/nonexistent/test", "T", False, "StepQualRes", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["github.com/nonexistent/test", "T", False, "StepQualArg", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgResNoQual", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgResContent", "", "", "Argument[0]", "ReturnValue.ArrayElement", "taint", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgContentRes", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"] diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.ql b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.ql new file mode 100644 index 000000000000..00067971b768 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.ql @@ -0,0 +1,8 @@ +import go +import semmle.go.dataflow.ExternalFlow +import ModelValidation +import semmle.go.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl + +from DataFlow::Node node1, DataFlow::Node node2 +where FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(node1, node2, _) +select node1, node2 diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go new file mode 100644 index 000000000000..35da086a8886 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go @@ -0,0 +1,165 @@ +package main + +import ( + "github.com/nonexistent/test" +) + +func use(args ...interface{}) {} + +func main() { + var arg interface{} + var arg1 interface{} + var array []interface{} + var t *test.T + var taint interface{} + var taintSlice []interface{} + + taint = t.StepArgRes(arg) + _, taint = t.StepArgRes1(arg) + t.StepArgArg(arg, arg1) + t.StepArgQual(arg) + taint = t.StepQualRes() + t.StepQualArg(arg) + taint = test.StepArgResNoQual(arg) + taintSlice = test.StepArgResArrayContent(arg) + taint = test.StepArgArrayContentRes(array) + taint = test.StepArgResCollectionContent(arg) + taint = test.StepArgCollectionContentRes(array) + taint = test.StepArgResMapKeyContent(arg) + taint = test.StepArgMapKeyContentRes(array) + taint = test.StepArgResMapValueContent(arg) + taint = test.StepArgMapValueContentRes(array) + + var src interface{} + var src1 interface{} + var a test.A + var a1 test.A1 + + src = a.Src1() + src = a.Src2() + src = a1.Src2() + src, src1 = a.Src3() + src, src1 = a1.Src3() + a.SrcArg(arg) + + var b test.B + + b.Sink1(arg) + arg.(test.B).SinkMethod() + + use(arg, arg1, t, taint, taintSlice, src, src1) +} + +func simpleflow() { + var a test.A + var b test.B + var t *test.T + + src := a.Src1() + + taint1 := t.StepArgRes(src) + b.Sink1(taint1) // $ hasTaintFlow="taint1" + + _, taint2 := t.StepArgRes1(src) + b.Sink1(taint2) // $ hasTaintFlow="taint2" + + var taint3 interface{} + t.StepArgArg(src, taint3) + b.Sink1(taint3) // $ hasTaintFlow="taint3" + + var taint4 test.T + taint4.StepArgQual(src) + b.Sink1(taint4) // $ hasTaintFlow="taint4" + + taint5 := (src.(*test.T)).StepQualRes() + b.Sink1(taint5) // $ hasTaintFlow="taint5" + + var taint6 interface{} + (src.(*test.T)).StepQualArg(taint6) + b.Sink1(taint6) // $ hasTaintFlow="taint6" + + taint7 := test.StepArgResNoQual(src) + b.Sink1(taint7) // $ hasTaintFlow="taint7" + + taint8 := test.StepArgResArrayContent(src) + b.Sink1(taint8[0]) // $ hasTaintFlow="index expression" + + srcArray := []interface{}{nil, src} + taint9 := test.StepArgArrayContentRes(srcArray) + b.Sink1(taint9) // $ hasTaintFlow="taint9" + + taint10 := test.StepArgResCollectionContent(a.Src1()).(chan interface{}) + b.Sink1(test.GetElement(taint10)) // $ hasTaintFlow="call to GetElement" + b.Sink1(<-taint10) // $ hasTaintFlow="<-..." + + srcCollection := test.SetElement(a.Src1()) + taint11 := test.StepArgCollectionContentRes(srcCollection) + b.Sink1(taint11) // $ hasTaintFlow="taint11" + + taint12 := test.StepArgResMapKeyContent(a.Src1()).(map[string]string) + b.Sink1(test.GetMapKey(taint12)) // $ hasTaintFlow="call to GetMapKey" + for k, _ := range taint12 { + b.Sink1(k) // $ hasTaintFlow="k" + } + for k := range taint12 { + b.Sink1(k) // $ hasTaintFlow="k" + } + + srcMap13 := map[string]string{src.(string): ""} + taint13 := test.StepArgMapKeyContentRes(srcMap13) + b.Sink1(taint13) // $ hasTaintFlow="taint13" + + taint14 := test.StepArgResMapValueContent(src).(map[string]string) + b.Sink1(taint14[""]) // $ hasTaintFlow="index expression" + + srcMap15 := map[string]string{"": src.(string)} + taint15 := test.StepArgMapValueContentRes(srcMap15) + b.Sink1(taint15) // $ hasTaintFlow="taint15" + + slice := make([]interface{}, 0) + slice = append(slice, src) + b.Sink1(slice[0]) // $ hasTaintFlow="index expression" + + ch := make(chan string) + ch <- a.Src1().(string) + taint16 := test.StepArgCollectionContentRes(ch) + b.Sink1(taint16) // $ MISSING: hasTaintFlow="taint16" // currently fails due to lack of post-update nodes after send statements + + c1 := test.C{""} + c1.Set(a.Src1().(string)) + b.Sink1(c1.F) // $ hasTaintFlow="selection of F" + + c2 := test.C{a.Src1().(string)} + b.Sink1(c2.Get()) // $ hasTaintFlow="call to Get" + + c3 := test.C{""} + c3.Set(a.Src1().(string)) + b.Sink1(c3.Get()) // $ hasTaintFlow="call to Get" + + c4 := test.C{""} + c4.Set(a.Src1().(string)) + c4.Set("") + b.Sink1(c4.Get()) // $ SPURIOUS: hasTaintFlow="call to Get" // because we currently don't clear content + + cp1 := &test.C{""} + cp1.SetThroughPointer(a.Src1().(string)) + b.Sink1(cp1.F) // $ hasTaintFlow="selection of F" + + cp2 := &test.C{a.Src1().(string)} + b.Sink1(cp2.GetThroughPointer()) // $ hasTaintFlow="call to GetThroughPointer" + + cp3 := &test.C{""} + cp3.SetThroughPointer(a.Src1().(string)) + b.Sink1(cp3.GetThroughPointer()) // $ hasTaintFlow="call to GetThroughPointer" + + cp4 := &test.C{""} + cp4.SetThroughPointer(a.Src1().(string)) + cp4.SetThroughPointer("") + b.Sink1(cp4.GetThroughPointer()) // $ SPURIOUS: hasTaintFlow="call to GetThroughPointer" // because we currently don't clear content + + arg1 := src + arg2 := src + arg3 := src + arg4 := src + b.SinkManyArgs(arg1, arg2, arg3, arg4) // $ hasTaintFlow="arg1" hasTaintFlow="arg2" hasTaintFlow="arg3" +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/vendor/github.com/nonexistent/test/stub.go b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/vendor/github.com/nonexistent/test/stub.go new file mode 100644 index 000000000000..746f6ac9a6a3 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/vendor/github.com/nonexistent/test/stub.go @@ -0,0 +1,72 @@ +package test + +type T struct{} + +func (t *T) StepArgRes(arg interface{}) interface{} { return nil } + +func (t *T) StepArgRes1(arg interface{}) (interface{}, interface{}) { return nil, nil } + +func (t *T) StepArgArg(a1 interface{}, a2 interface{}) {} + +func (t *T) StepArgQual(arg interface{}) {} + +func (t *T) StepQualRes() interface{} { return nil } + +func (t *T) StepQualArg(arg interface{}) {} + +func StepArgResNoQual(arg interface{}) interface{} { return nil } + +func StepArgResArrayContent(arg interface{}) []interface{} { return nil } + +func StepArgArrayContentRes(arg []interface{}) interface{} { return nil } + +func StepArgResCollectionContent(arg interface{}) interface{} { return nil } + +func StepArgCollectionContentRes(arg interface{}) interface{} { return nil } + +func StepArgResMapKeyContent(arg interface{}) interface{} { return nil } + +func StepArgMapKeyContentRes(arg interface{}) interface{} { return nil } + +func StepArgResMapValueContent(arg interface{}) interface{} { return nil } + +func StepArgMapValueContentRes(arg interface{}) interface{} { return nil } + +func GetElement(x interface{}) interface{} { return nil } + +func SetElement(x interface{}) interface{} { return nil } + +func GetMapKey(x interface{}) interface{} { return nil } + +type A interface { + Src1() interface{} + Src2() interface{} + Src3() (interface{}, interface{}) + SrcArg(arg interface{}) +} + +type A1 struct{} + +func (a *A1) Src1() interface{} { return nil } + +func (a *A1) Src2() interface{} { return nil } + +func (a *A1) Src3() (interface{}, interface{}) { return nil, nil } + +func (a *A1) SrcArg(arg interface{}) {} + +type B interface { + Sink1(arg interface{}) + SinkMethod() interface{} + SinkManyArgs(arg1 interface{}, arg2 interface{}, arg3 interface{}, arg4 interface{}) +} + +type C struct { + F string +} + +func (c C) Set(f string) {} +func (c C) Get() string { return "" } + +func (c *C) SetThroughPointer(f string) {} +func (c *C) GetThroughPointer() string { return "" } diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/vendor/modules.txt new file mode 100644 index 000000000000..b62dbf8819b5 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/vendor/modules.txt @@ -0,0 +1,3 @@ +# github.com/nonexistent/test v0.0.0-20200203000000-0000000000000 +## explicit +github.com/nonexistent/test From eab156934241d402b9baabab7aaa75528920d2ae Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 30 Apr 2024 15:02:27 +0100 Subject: [PATCH 07/16] Update `ExternalValueFlow` to use value flow --- .../ExternalValueFlow/completetest.ext.yml | 30 +++++----- .../ExternalValueFlow/completetest.ql | 2 +- .../dataflow/ExternalValueFlow/steps.ext.yml | 18 +++--- .../go/dataflow/ExternalValueFlow/steps.ql | 2 +- .../go/dataflow/ExternalValueFlow/test.go | 58 +++++++++---------- 5 files changed, 55 insertions(+), 55 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ext.yml b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ext.yml index 47e51e573f01..0ef664d51823 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ext.yml +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ext.yml @@ -3,21 +3,21 @@ extensions: pack: codeql/go-all extensible: summaryModel data: - - ["github.com/nonexistent/test", "T", False, "StepArgRes", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["github.com/nonexistent/test", "T", False, "StepArgRes1", "", "", "Argument[0]", "ReturnValue[1]", "taint", "manual"] - - ["github.com/nonexistent/test", "T", False, "StepArgArg", "", "", "Argument[0]", "Argument[1]", "taint", "manual"] - - ["github.com/nonexistent/test", "T", False, "StepArgQual", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["github.com/nonexistent/test", "T", False, "StepQualRes", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["github.com/nonexistent/test", "T", False, "StepQualArg", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"] - - ["github.com/nonexistent/test", "", False, "StepArgResNoQual", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["github.com/nonexistent/test", "", False, "StepArgResArrayContent", "", "", "Argument[0]", "ReturnValue.ArrayElement", "taint", "manual"] - - ["github.com/nonexistent/test", "", False, "StepArgArrayContentRes", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"] - - ["github.com/nonexistent/test", "", False, "StepArgResCollectionContent", "", "", "Argument[0]", "ReturnValue.Element", "taint", "manual"] - - ["github.com/nonexistent/test", "", False, "StepArgCollectionContentRes", "", "", "Argument[0].Element", "ReturnValue", "taint", "manual"] - - ["github.com/nonexistent/test", "", False, "StepArgResMapKeyContent", "", "", "Argument[0]", "ReturnValue.MapKey", "taint", "manual"] - - ["github.com/nonexistent/test", "", False, "StepArgMapKeyContentRes", "", "", "Argument[0].MapKey", "ReturnValue", "taint", "manual"] - - ["github.com/nonexistent/test", "", False, "StepArgResMapValueContent", "", "", "Argument[0]", "ReturnValue.MapValue", "taint", "manual"] - - ["github.com/nonexistent/test", "", False, "StepArgMapValueContentRes", "", "", "Argument[0].MapValue", "ReturnValue", "taint", "manual"] + - ["github.com/nonexistent/test", "T", False, "StepArgRes", "", "", "Argument[0]", "ReturnValue", "value", "manual"] + - ["github.com/nonexistent/test", "T", False, "StepArgRes1", "", "", "Argument[0]", "ReturnValue[1]", "value", "manual"] + - ["github.com/nonexistent/test", "T", False, "StepArgArg", "", "", "Argument[0]", "Argument[1]", "value", "manual"] + - ["github.com/nonexistent/test", "T", False, "StepArgQual", "", "", "Argument[0]", "Argument[-1]", "value", "manual"] + - ["github.com/nonexistent/test", "T", False, "StepQualRes", "", "", "Argument[-1]", "ReturnValue", "value", "manual"] + - ["github.com/nonexistent/test", "T", False, "StepQualArg", "", "", "Argument[-1]", "Argument[0]", "value", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgResNoQual", "", "", "Argument[0]", "ReturnValue", "value", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgResArrayContent", "", "", "Argument[0]", "ReturnValue.ArrayElement", "value", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgArrayContentRes", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgResCollectionContent", "", "", "Argument[0]", "ReturnValue.Element", "value", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgCollectionContentRes", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgResMapKeyContent", "", "", "Argument[0]", "ReturnValue.MapKey", "value", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgMapKeyContentRes", "", "", "Argument[0].MapKey", "ReturnValue", "value", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgResMapValueContent", "", "", "Argument[0]", "ReturnValue.MapValue", "value", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgMapValueContentRes", "", "", "Argument[0].MapValue", "ReturnValue", "value", "manual"] - ["github.com/nonexistent/test", "", False, "GetElement", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"] - ["github.com/nonexistent/test", "", False, "GetMapKey", "", "", "Argument[0].MapKey", "ReturnValue", "value", "manual"] - ["github.com/nonexistent/test", "", False, "SetElement", "", "", "Argument[0]", "ReturnValue.Element", "value", "manual"] diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ql b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ql index 2b719551ae0c..372283d0a6cc 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ql +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ql @@ -14,4 +14,4 @@ module Config implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node src) { sinkNode(src, "qltest") } } -import TaintFlowTest +import ValueFlowTest diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.ext.yml b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.ext.yml index f1c5a78ecbf8..12acdaba5314 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.ext.yml +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.ext.yml @@ -3,12 +3,12 @@ extensions: pack: codeql/go-all extensible: summaryModel data: - - ["github.com/nonexistent/test", "T", False, "StepArgRes", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["github.com/nonexistent/test", "T", False, "StepArgRes1", "", "", "Argument[0]", "ReturnValue[1]", "taint", "manual"] - - ["github.com/nonexistent/test", "T", False, "StepArgArg", "", "", "Argument[0]", "Argument[1]", "taint", "manual"] - - ["github.com/nonexistent/test", "T", False, "StepArgQual", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["github.com/nonexistent/test", "T", False, "StepQualRes", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["github.com/nonexistent/test", "T", False, "StepQualArg", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"] - - ["github.com/nonexistent/test", "", False, "StepArgResNoQual", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["github.com/nonexistent/test", "", False, "StepArgResContent", "", "", "Argument[0]", "ReturnValue.ArrayElement", "taint", "manual"] - - ["github.com/nonexistent/test", "", False, "StepArgContentRes", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"] + - ["github.com/nonexistent/test", "T", False, "StepArgRes", "", "", "Argument[0]", "ReturnValue", "value", "manual"] + - ["github.com/nonexistent/test", "T", False, "StepArgRes1", "", "", "Argument[0]", "ReturnValue[1]", "value", "manual"] + - ["github.com/nonexistent/test", "T", False, "StepArgArg", "", "", "Argument[0]", "Argument[1]", "value", "manual"] + - ["github.com/nonexistent/test", "T", False, "StepArgQual", "", "", "Argument[0]", "Argument[-1]", "value", "manual"] + - ["github.com/nonexistent/test", "T", False, "StepQualRes", "", "", "Argument[-1]", "ReturnValue", "value", "manual"] + - ["github.com/nonexistent/test", "T", False, "StepQualArg", "", "", "Argument[-1]", "Argument[0]", "value", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgResNoQual", "", "", "Argument[0]", "ReturnValue", "value", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgResContent", "", "", "Argument[0]", "ReturnValue.ArrayElement", "value", "manual"] + - ["github.com/nonexistent/test", "", False, "StepArgContentRes", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"] diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.ql b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.ql index 00067971b768..5b32c96c628d 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.ql +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.ql @@ -4,5 +4,5 @@ import ModelValidation import semmle.go.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl from DataFlow::Node node1, DataFlow::Node node2 -where FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(node1, node2, _) +where FlowSummaryImpl::Private::Steps::summaryThroughStepValue(node1, node2, _) select node1, node2 diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go index 35da086a8886..f59b642a5b25 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go @@ -58,108 +58,108 @@ func simpleflow() { src := a.Src1() taint1 := t.StepArgRes(src) - b.Sink1(taint1) // $ hasTaintFlow="taint1" + b.Sink1(taint1) // $ hasValueFlow="taint1" _, taint2 := t.StepArgRes1(src) - b.Sink1(taint2) // $ hasTaintFlow="taint2" + b.Sink1(taint2) // $ hasValueFlow="taint2" var taint3 interface{} t.StepArgArg(src, taint3) - b.Sink1(taint3) // $ hasTaintFlow="taint3" + b.Sink1(taint3) // $ hasValueFlow="taint3" var taint4 test.T taint4.StepArgQual(src) - b.Sink1(taint4) // $ hasTaintFlow="taint4" + b.Sink1(taint4) // $ hasValueFlow="taint4" taint5 := (src.(*test.T)).StepQualRes() - b.Sink1(taint5) // $ hasTaintFlow="taint5" + b.Sink1(taint5) // $ hasValueFlow="taint5" var taint6 interface{} (src.(*test.T)).StepQualArg(taint6) - b.Sink1(taint6) // $ hasTaintFlow="taint6" + b.Sink1(taint6) // $ hasValueFlow="taint6" taint7 := test.StepArgResNoQual(src) - b.Sink1(taint7) // $ hasTaintFlow="taint7" + b.Sink1(taint7) // $ hasValueFlow="taint7" taint8 := test.StepArgResArrayContent(src) - b.Sink1(taint8[0]) // $ hasTaintFlow="index expression" + b.Sink1(taint8[0]) // $ hasValueFlow="index expression" srcArray := []interface{}{nil, src} taint9 := test.StepArgArrayContentRes(srcArray) - b.Sink1(taint9) // $ hasTaintFlow="taint9" + b.Sink1(taint9) // $ hasValueFlow="taint9" taint10 := test.StepArgResCollectionContent(a.Src1()).(chan interface{}) - b.Sink1(test.GetElement(taint10)) // $ hasTaintFlow="call to GetElement" - b.Sink1(<-taint10) // $ hasTaintFlow="<-..." + b.Sink1(test.GetElement(taint10)) // $ hasValueFlow="call to GetElement" + b.Sink1(<-taint10) // $ hasValueFlow="<-..." srcCollection := test.SetElement(a.Src1()) taint11 := test.StepArgCollectionContentRes(srcCollection) - b.Sink1(taint11) // $ hasTaintFlow="taint11" + b.Sink1(taint11) // $ hasValueFlow="taint11" taint12 := test.StepArgResMapKeyContent(a.Src1()).(map[string]string) - b.Sink1(test.GetMapKey(taint12)) // $ hasTaintFlow="call to GetMapKey" + b.Sink1(test.GetMapKey(taint12)) // $ hasValueFlow="call to GetMapKey" for k, _ := range taint12 { - b.Sink1(k) // $ hasTaintFlow="k" + b.Sink1(k) // $ hasValueFlow="k" } for k := range taint12 { - b.Sink1(k) // $ hasTaintFlow="k" + b.Sink1(k) // $ hasValueFlow="k" } srcMap13 := map[string]string{src.(string): ""} taint13 := test.StepArgMapKeyContentRes(srcMap13) - b.Sink1(taint13) // $ hasTaintFlow="taint13" + b.Sink1(taint13) // $ hasValueFlow="taint13" taint14 := test.StepArgResMapValueContent(src).(map[string]string) - b.Sink1(taint14[""]) // $ hasTaintFlow="index expression" + b.Sink1(taint14[""]) // $ hasValueFlow="index expression" srcMap15 := map[string]string{"": src.(string)} taint15 := test.StepArgMapValueContentRes(srcMap15) - b.Sink1(taint15) // $ hasTaintFlow="taint15" + b.Sink1(taint15) // $ hasValueFlow="taint15" slice := make([]interface{}, 0) slice = append(slice, src) - b.Sink1(slice[0]) // $ hasTaintFlow="index expression" + b.Sink1(slice[0]) // $ hasValueFlow="index expression" ch := make(chan string) ch <- a.Src1().(string) taint16 := test.StepArgCollectionContentRes(ch) - b.Sink1(taint16) // $ MISSING: hasTaintFlow="taint16" // currently fails due to lack of post-update nodes after send statements + b.Sink1(taint16) // $ MISSING: hasValueFlow="taint16" // currently fails due to lack of post-update nodes after send statements c1 := test.C{""} c1.Set(a.Src1().(string)) - b.Sink1(c1.F) // $ hasTaintFlow="selection of F" + b.Sink1(c1.F) // $ hasValueFlow="selection of F" c2 := test.C{a.Src1().(string)} - b.Sink1(c2.Get()) // $ hasTaintFlow="call to Get" + b.Sink1(c2.Get()) // $ hasValueFlow="call to Get" c3 := test.C{""} c3.Set(a.Src1().(string)) - b.Sink1(c3.Get()) // $ hasTaintFlow="call to Get" + b.Sink1(c3.Get()) // $ hasValueFlow="call to Get" c4 := test.C{""} c4.Set(a.Src1().(string)) c4.Set("") - b.Sink1(c4.Get()) // $ SPURIOUS: hasTaintFlow="call to Get" // because we currently don't clear content + b.Sink1(c4.Get()) // $ SPURIOUS: hasValueFlow="call to Get" // because we currently don't clear content cp1 := &test.C{""} cp1.SetThroughPointer(a.Src1().(string)) - b.Sink1(cp1.F) // $ hasTaintFlow="selection of F" + b.Sink1(cp1.F) // $ hasValueFlow="selection of F" cp2 := &test.C{a.Src1().(string)} - b.Sink1(cp2.GetThroughPointer()) // $ hasTaintFlow="call to GetThroughPointer" + b.Sink1(cp2.GetThroughPointer()) // $ hasValueFlow="call to GetThroughPointer" cp3 := &test.C{""} cp3.SetThroughPointer(a.Src1().(string)) - b.Sink1(cp3.GetThroughPointer()) // $ hasTaintFlow="call to GetThroughPointer" + b.Sink1(cp3.GetThroughPointer()) // $ hasValueFlow="call to GetThroughPointer" cp4 := &test.C{""} cp4.SetThroughPointer(a.Src1().(string)) cp4.SetThroughPointer("") - b.Sink1(cp4.GetThroughPointer()) // $ SPURIOUS: hasTaintFlow="call to GetThroughPointer" // because we currently don't clear content + b.Sink1(cp4.GetThroughPointer()) // $ SPURIOUS: hasValueFlow="call to GetThroughPointer" // because we currently don't clear content arg1 := src arg2 := src arg3 := src arg4 := src - b.SinkManyArgs(arg1, arg2, arg3, arg4) // $ hasTaintFlow="arg1" hasTaintFlow="arg2" hasTaintFlow="arg3" + b.SinkManyArgs(arg1, arg2, arg3, arg4) // $ hasValueFlow="arg1" hasValueFlow="arg2" hasValueFlow="arg3" } From 86e2b845f32a97a82717cdb5f9e8c636f15a00ce Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Sat, 4 May 2024 22:01:54 +0100 Subject: [PATCH 08/16] Add tests for `copy` (taint passes, value fails) --- .../dataflow/ExternalTaintFlow/sinks.expected | 25 ++++++++++--------- .../dataflow/ExternalTaintFlow/srcs.expected | 18 ++++++------- .../go/dataflow/ExternalTaintFlow/test.go | 6 +++++ .../dataflow/ExternalValueFlow/sinks.expected | 25 ++++++++++--------- .../dataflow/ExternalValueFlow/srcs.expected | 18 ++++++------- .../go/dataflow/ExternalValueFlow/test.go | 6 +++++ 6 files changed, 56 insertions(+), 42 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/sinks.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/sinks.expected index 38dc380b55b1..fd67fbe1c0de 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/sinks.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/sinks.expected @@ -21,15 +21,16 @@ invalidModelRow | test.go:113:10:113:20 | index expression | qltest | | test.go:117:10:117:16 | taint15 | qltest | | test.go:121:10:121:17 | index expression | qltest | -| test.go:126:10:126:16 | taint16 | qltest | -| test.go:130:10:130:13 | selection of F | qltest | -| test.go:133:10:133:17 | call to Get | qltest | -| test.go:137:10:137:17 | call to Get | qltest | -| test.go:142:10:142:17 | call to Get | qltest | -| test.go:146:10:146:14 | selection of F | qltest | -| test.go:149:10:149:32 | call to GetThroughPointer | qltest | -| test.go:153:10:153:32 | call to GetThroughPointer | qltest | -| test.go:158:10:158:32 | call to GetThroughPointer | qltest | -| test.go:164:17:164:20 | arg1 | qltest | -| test.go:164:23:164:26 | arg2 | qltest | -| test.go:164:29:164:32 | arg3 | qltest | +| test.go:127:10:127:18 | index expression | qltest | +| test.go:132:10:132:16 | taint16 | qltest | +| test.go:136:10:136:13 | selection of F | qltest | +| test.go:139:10:139:17 | call to Get | qltest | +| test.go:143:10:143:17 | call to Get | qltest | +| test.go:148:10:148:17 | call to Get | qltest | +| test.go:152:10:152:14 | selection of F | qltest | +| test.go:155:10:155:32 | call to GetThroughPointer | qltest | +| test.go:159:10:159:32 | call to GetThroughPointer | qltest | +| test.go:164:10:164:32 | call to GetThroughPointer | qltest | +| test.go:170:17:170:20 | arg1 | qltest | +| test.go:170:23:170:26 | arg2 | qltest | +| test.go:170:29:170:32 | arg3 | qltest | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected index 2f1e32567781..14576f932008 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected @@ -12,12 +12,12 @@ invalidModelRow | test.go:91:46:91:53 | call to Src1 | qltest | | test.go:95:35:95:42 | call to Src1 | qltest | | test.go:99:42:99:49 | call to Src1 | qltest | -| test.go:124:8:124:15 | call to Src1 | qltest | -| test.go:129:9:129:16 | call to Src1 | qltest | -| test.go:132:15:132:22 | call to Src1 | qltest | -| test.go:136:9:136:16 | call to Src1 | qltest | -| test.go:140:9:140:16 | call to Src1 | qltest | -| test.go:145:24:145:31 | call to Src1 | qltest | -| test.go:148:17:148:24 | call to Src1 | qltest | -| test.go:152:24:152:31 | call to Src1 | qltest | -| test.go:156:24:156:31 | call to Src1 | qltest | +| test.go:130:8:130:15 | call to Src1 | qltest | +| test.go:135:9:135:16 | call to Src1 | qltest | +| test.go:138:15:138:22 | call to Src1 | qltest | +| test.go:142:9:142:16 | call to Src1 | qltest | +| test.go:146:9:146:16 | call to Src1 | qltest | +| test.go:151:24:151:31 | call to Src1 | qltest | +| test.go:154:17:154:24 | call to Src1 | qltest | +| test.go:158:24:158:31 | call to Src1 | qltest | +| test.go:162:24:162:31 | call to Src1 | qltest | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go index 35da086a8886..61a05e28de78 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go @@ -120,6 +120,12 @@ func simpleflow() { slice = append(slice, src) b.Sink1(slice[0]) // $ hasTaintFlow="index expression" + slice1 := make([]string, 2) + slice1[0] = src.(string) + slice2 := make([]string, 2) + copy(slice2, slice1) + b.Sink1(slice2[0]) // $ hasTaintFlow="index expression" + ch := make(chan string) ch <- a.Src1().(string) taint16 := test.StepArgCollectionContentRes(ch) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.expected index 38dc380b55b1..fd67fbe1c0de 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.expected @@ -21,15 +21,16 @@ invalidModelRow | test.go:113:10:113:20 | index expression | qltest | | test.go:117:10:117:16 | taint15 | qltest | | test.go:121:10:121:17 | index expression | qltest | -| test.go:126:10:126:16 | taint16 | qltest | -| test.go:130:10:130:13 | selection of F | qltest | -| test.go:133:10:133:17 | call to Get | qltest | -| test.go:137:10:137:17 | call to Get | qltest | -| test.go:142:10:142:17 | call to Get | qltest | -| test.go:146:10:146:14 | selection of F | qltest | -| test.go:149:10:149:32 | call to GetThroughPointer | qltest | -| test.go:153:10:153:32 | call to GetThroughPointer | qltest | -| test.go:158:10:158:32 | call to GetThroughPointer | qltest | -| test.go:164:17:164:20 | arg1 | qltest | -| test.go:164:23:164:26 | arg2 | qltest | -| test.go:164:29:164:32 | arg3 | qltest | +| test.go:127:10:127:18 | index expression | qltest | +| test.go:132:10:132:16 | taint16 | qltest | +| test.go:136:10:136:13 | selection of F | qltest | +| test.go:139:10:139:17 | call to Get | qltest | +| test.go:143:10:143:17 | call to Get | qltest | +| test.go:148:10:148:17 | call to Get | qltest | +| test.go:152:10:152:14 | selection of F | qltest | +| test.go:155:10:155:32 | call to GetThroughPointer | qltest | +| test.go:159:10:159:32 | call to GetThroughPointer | qltest | +| test.go:164:10:164:32 | call to GetThroughPointer | qltest | +| test.go:170:17:170:20 | arg1 | qltest | +| test.go:170:23:170:26 | arg2 | qltest | +| test.go:170:29:170:32 | arg3 | qltest | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected index 2f1e32567781..14576f932008 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected @@ -12,12 +12,12 @@ invalidModelRow | test.go:91:46:91:53 | call to Src1 | qltest | | test.go:95:35:95:42 | call to Src1 | qltest | | test.go:99:42:99:49 | call to Src1 | qltest | -| test.go:124:8:124:15 | call to Src1 | qltest | -| test.go:129:9:129:16 | call to Src1 | qltest | -| test.go:132:15:132:22 | call to Src1 | qltest | -| test.go:136:9:136:16 | call to Src1 | qltest | -| test.go:140:9:140:16 | call to Src1 | qltest | -| test.go:145:24:145:31 | call to Src1 | qltest | -| test.go:148:17:148:24 | call to Src1 | qltest | -| test.go:152:24:152:31 | call to Src1 | qltest | -| test.go:156:24:156:31 | call to Src1 | qltest | +| test.go:130:8:130:15 | call to Src1 | qltest | +| test.go:135:9:135:16 | call to Src1 | qltest | +| test.go:138:15:138:22 | call to Src1 | qltest | +| test.go:142:9:142:16 | call to Src1 | qltest | +| test.go:146:9:146:16 | call to Src1 | qltest | +| test.go:151:24:151:31 | call to Src1 | qltest | +| test.go:154:17:154:24 | call to Src1 | qltest | +| test.go:158:24:158:31 | call to Src1 | qltest | +| test.go:162:24:162:31 | call to Src1 | qltest | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go index f59b642a5b25..19c82d112e51 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go @@ -120,6 +120,12 @@ func simpleflow() { slice = append(slice, src) b.Sink1(slice[0]) // $ hasValueFlow="index expression" + slice1 := make([]string, 2) + slice1[0] = src.(string) + slice2 := make([]string, 2) + copy(slice2, slice1) + b.Sink1(slice2[0]) // $ MISSING: hasValueFlow="index expression" // this is a bug, but it is normally covered because it works with taint tracking + ch := make(chan string) ch <- a.Src1().(string) taint16 := test.StepArgCollectionContentRes(ch) From d5aa08dbf35e0a30cff658a279ccc60a98b83ed1 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 8 May 2024 16:57:46 +0100 Subject: [PATCH 09/16] Local flow steps for flow summaries for built-in functions --- .../semmle/go/dataflow/FlowSteps/LocalFlowStep.expected | 2 -- 1 file changed, 2 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected index 928d7a9f3949..8f1e7ef04368 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected @@ -127,12 +127,10 @@ | main.go:64:7:64:18 | call to min | main.go:64:2:64:2 | definition of a | | main.go:64:11:64:11 | x | main.go:64:7:64:18 | call to min | | main.go:64:14:64:14 | y | main.go:64:7:64:18 | call to min | -| main.go:64:17:64:17 | z | main.go:64:7:64:18 | call to min | | main.go:65:2:65:2 | definition of b | main.go:66:12:66:12 | b | | main.go:65:7:65:18 | call to max | main.go:65:2:65:2 | definition of b | | main.go:65:11:65:11 | x | main.go:65:7:65:18 | call to max | | main.go:65:14:65:14 | y | main.go:65:7:65:18 | call to max | -| main.go:65:17:65:17 | z | main.go:65:7:65:18 | call to max | | strings.go:8:12:8:12 | argument corresponding to s | strings.go:8:12:8:12 | definition of s | | strings.go:8:12:8:12 | definition of s | strings.go:9:24:9:24 | s | | strings.go:8:12:8:12 | definition of s | strings.go:10:27:10:27 | s | From 8cc9838628ab337794130a569dd46fc936137194 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 8 May 2024 21:12:53 +0100 Subject: [PATCH 10/16] Add change note --- .../lib/change-notes/2024-05-09-model-append-copy-max-min.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 go/ql/lib/change-notes/2024-05-09-model-append-copy-max-min.md diff --git a/go/ql/lib/change-notes/2024-05-09-model-append-copy-max-min.md b/go/ql/lib/change-notes/2024-05-09-model-append-copy-max-min.md new file mode 100644 index 000000000000..3d7e2e9e1a66 --- /dev/null +++ b/go/ql/lib/change-notes/2024-05-09-model-append-copy-max-min.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Converted the models for the built-in functions `append`, `copy`, `max` and `min` to value flow and Models-as-Data. From e1c85e3581d590470dcd9959f9eac0320a623860 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 8 May 2024 21:14:14 +0100 Subject: [PATCH 11/16] Fix `elementWrite` to include flow summaries --- go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll index 9c645bac1da6..77457886e7e7 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll @@ -140,6 +140,10 @@ predicate referenceStep(DataFlow::Node pred, DataFlow::Node succ) { */ predicate elementWriteStep(DataFlow::Node pred, DataFlow::Node succ) { any(DataFlow::Write w).writesElement(succ.(DataFlow::PostUpdateNode).getPreUpdateNode(), _, pred) + or + FlowSummaryImpl::Private::Steps::summaryStoreStep(pred.(DataFlowPrivate::FlowSummaryNode) + .getSummaryNode(), any(DataFlow::Content c | c instanceof DataFlow::ArrayContent), + succ.(DataFlowPrivate::FlowSummaryNode).getSummaryNode()) } /** Holds if taint flows from `pred` to `succ` via a field read. */ From 76946184de6b3e611d8b4e35d45fc347594911a5 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 10 May 2024 23:26:51 +0100 Subject: [PATCH 12/16] Accept MaD renumbering for edge provenance --- .../CWE-090/LDAPInjection.expected | 28 ++++---- .../test/experimental/CWE-203/Timing.expected | 6 +- .../CWE-287/ImproperLdapAuth.expected | 2 +- .../CWE-369/DivideByZero.expected | 12 ++-- .../DecompressionBombs.expected | 10 +-- .../experimental/CWE-74/DsnInjection.expected | 4 +- .../CWE-74/DsnInjectionLocal.expected | 4 +- .../HTMLTemplateEscapingPassthrough.expected | 26 ++++---- go/ql/test/experimental/CWE-918/SSRF.expected | 32 +++++----- .../DefaultSanitizer.expected | 2 +- .../go/frameworks/Beego/ReflectedXss.expected | 46 ++++++------- .../go/frameworks/Beego/TaintedPath.expected | 2 +- .../frameworks/BeegoOrm/SqlInjection.expected | 64 +++++++++---------- .../go/frameworks/Echo/ReflectedXss.expected | 14 ++-- .../go/frameworks/Encoding/jsoniter.expected | 8 +-- .../go/frameworks/Revel/ReflectedXss.expected | 6 +- .../go/frameworks/Revel/TaintedPath.expected | 4 +- .../frameworks/Twirp/RequestForgery.expected | 4 +- .../frameworks/XNetHtml/ReflectedXss.expected | 38 +++++------ .../frameworks/XNetHtml/SqlInjection.expected | 4 +- .../Security/CWE-022/TaintedPath.expected | 4 +- .../Security/CWE-022/ZipSlip.expected | 4 +- .../CWE-078/CommandInjection.expected | 10 +-- .../Security/CWE-079/ReflectedXss.expected | 42 ++++++------ .../Security/CWE-089/SqlInjection.expected | 48 +++++++------- .../Security/CWE-089/StringBreak.expected | 4 +- .../InsecureRandomness.expected | 4 +- .../CWE-347/MissingJwtSignatureCheck.expected | 14 ++-- .../BadRedirectCheck.expected | 4 +- .../OpenUrlRedirect/OpenUrlRedirect.expected | 4 +- .../Security/CWE-640/EmailInjection.expected | 26 ++++---- .../Security/CWE-643/XPathInjection.expected | 24 +++---- .../Security/CWE-918/RequestForgery.expected | 36 +++++------ 33 files changed, 270 insertions(+), 270 deletions(-) diff --git a/go/ql/test/experimental/CWE-090/LDAPInjection.expected b/go/ql/test/experimental/CWE-090/LDAPInjection.expected index 740121e56318..c657d190f5bf 100644 --- a/go/ql/test/experimental/CWE-090/LDAPInjection.expected +++ b/go/ql/test/experimental/CWE-090/LDAPInjection.expected @@ -1,18 +1,18 @@ edges -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:59:3:59:11 | untrusted | provenance | Src:MaD:671 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:61:3:61:51 | ...+... | provenance | Src:MaD:671 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:3:62:33 | slice literal | provenance | Src:MaD:671 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:24:62:32 | untrusted | provenance | Src:MaD:671 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:66:3:66:11 | untrusted | provenance | Src:MaD:671 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:68:3:68:51 | ...+... | provenance | Src:MaD:671 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:3:69:33 | slice literal | provenance | Src:MaD:671 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:24:69:32 | untrusted | provenance | Src:MaD:671 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:73:3:73:11 | untrusted | provenance | Src:MaD:671 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:75:3:75:51 | ...+... | provenance | Src:MaD:671 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:3:76:33 | slice literal | provenance | Src:MaD:671 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:24:76:32 | untrusted | provenance | Src:MaD:671 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:80:22:80:30 | untrusted | provenance | Src:MaD:671 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:81:25:81:33 | untrusted | provenance | Src:MaD:671 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:59:3:59:11 | untrusted | provenance | Src:MaD:676 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:61:3:61:51 | ...+... | provenance | Src:MaD:676 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:3:62:33 | slice literal | provenance | Src:MaD:676 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:24:62:32 | untrusted | provenance | Src:MaD:676 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:66:3:66:11 | untrusted | provenance | Src:MaD:676 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:68:3:68:51 | ...+... | provenance | Src:MaD:676 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:3:69:33 | slice literal | provenance | Src:MaD:676 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:24:69:32 | untrusted | provenance | Src:MaD:676 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:73:3:73:11 | untrusted | provenance | Src:MaD:676 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:75:3:75:51 | ...+... | provenance | Src:MaD:676 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:3:76:33 | slice literal | provenance | Src:MaD:676 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:24:76:32 | untrusted | provenance | Src:MaD:676 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:80:22:80:30 | untrusted | provenance | Src:MaD:676 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:81:25:81:33 | untrusted | provenance | Src:MaD:676 | | LDAPInjection.go:62:3:62:33 | slice literal [array] | LDAPInjection.go:62:3:62:33 | slice literal | provenance | | | LDAPInjection.go:62:24:62:32 | untrusted | LDAPInjection.go:62:3:62:33 | slice literal [array] | provenance | | | LDAPInjection.go:69:3:69:33 | slice literal [array] | LDAPInjection.go:69:3:69:33 | slice literal | provenance | | diff --git a/go/ql/test/experimental/CWE-203/Timing.expected b/go/ql/test/experimental/CWE-203/Timing.expected index 714a8475ddab..654620bd3db2 100644 --- a/go/ql/test/experimental/CWE-203/Timing.expected +++ b/go/ql/test/experimental/CWE-203/Timing.expected @@ -1,9 +1,9 @@ edges -| timing.go:15:18:15:27 | selection of Header | timing.go:15:18:15:45 | call to Get | provenance | MaD:652 | +| timing.go:15:18:15:27 | selection of Header | timing.go:15:18:15:45 | call to Get | provenance | MaD:657 | | timing.go:15:18:15:45 | call to Get | timing.go:17:31:17:42 | headerSecret | provenance | | -| timing.go:28:18:28:27 | selection of Header | timing.go:28:18:28:45 | call to Get | provenance | MaD:652 | +| timing.go:28:18:28:27 | selection of Header | timing.go:28:18:28:45 | call to Get | provenance | MaD:657 | | timing.go:28:18:28:45 | call to Get | timing.go:30:47:30:58 | headerSecret | provenance | | -| timing.go:41:18:41:27 | selection of Header | timing.go:41:18:41:45 | call to Get | provenance | MaD:652 | +| timing.go:41:18:41:27 | selection of Header | timing.go:41:18:41:45 | call to Get | provenance | MaD:657 | | timing.go:41:18:41:45 | call to Get | timing.go:42:25:42:36 | headerSecret | provenance | | nodes | timing.go:15:18:15:27 | selection of Header | semmle.label | selection of Header | diff --git a/go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected b/go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected index 0cc7cab4cfa8..71d6b12625e6 100644 --- a/go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected +++ b/go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected @@ -1,5 +1,5 @@ edges -| ImproperLdapAuth.go:18:18:18:24 | selection of URL | ImproperLdapAuth.go:18:18:18:32 | call to Query | provenance | MaD:732 | +| ImproperLdapAuth.go:18:18:18:24 | selection of URL | ImproperLdapAuth.go:18:18:18:32 | call to Query | provenance | MaD:737 | | ImproperLdapAuth.go:18:18:18:32 | call to Query | ImproperLdapAuth.go:28:23:28:34 | bindPassword | provenance | | | ImproperLdapAuth.go:87:18:87:19 | "" | ImproperLdapAuth.go:97:23:97:34 | bindPassword | provenance | | nodes diff --git a/go/ql/test/experimental/CWE-369/DivideByZero.expected b/go/ql/test/experimental/CWE-369/DivideByZero.expected index 871b794cb308..2d3226636c08 100644 --- a/go/ql/test/experimental/CWE-369/DivideByZero.expected +++ b/go/ql/test/experimental/CWE-369/DivideByZero.expected @@ -1,24 +1,24 @@ edges -| DivideByZero.go:10:12:10:16 | selection of URL | DivideByZero.go:10:12:10:24 | call to Query | provenance | MaD:732 | +| DivideByZero.go:10:12:10:16 | selection of URL | DivideByZero.go:10:12:10:24 | call to Query | provenance | MaD:737 | | DivideByZero.go:10:12:10:24 | call to Query | DivideByZero.go:11:27:11:32 | param1 | provenance | | | DivideByZero.go:11:2:11:33 | ... := ...[0] | DivideByZero.go:12:16:12:20 | value | provenance | | | DivideByZero.go:11:27:11:32 | param1 | DivideByZero.go:11:2:11:33 | ... := ...[0] | provenance | | -| DivideByZero.go:17:12:17:16 | selection of URL | DivideByZero.go:17:12:17:24 | call to Query | provenance | MaD:732 | +| DivideByZero.go:17:12:17:16 | selection of URL | DivideByZero.go:17:12:17:24 | call to Query | provenance | MaD:737 | | DivideByZero.go:17:12:17:24 | call to Query | DivideByZero.go:18:11:18:24 | type conversion | provenance | | | DivideByZero.go:18:11:18:24 | type conversion | DivideByZero.go:19:16:19:20 | value | provenance | | -| DivideByZero.go:24:12:24:16 | selection of URL | DivideByZero.go:24:12:24:24 | call to Query | provenance | MaD:732 | +| DivideByZero.go:24:12:24:16 | selection of URL | DivideByZero.go:24:12:24:24 | call to Query | provenance | MaD:737 | | DivideByZero.go:24:12:24:24 | call to Query | DivideByZero.go:25:31:25:36 | param1 | provenance | | | DivideByZero.go:25:2:25:45 | ... := ...[0] | DivideByZero.go:26:16:26:20 | value | provenance | | | DivideByZero.go:25:31:25:36 | param1 | DivideByZero.go:25:2:25:45 | ... := ...[0] | provenance | | -| DivideByZero.go:31:12:31:16 | selection of URL | DivideByZero.go:31:12:31:24 | call to Query | provenance | MaD:732 | +| DivideByZero.go:31:12:31:16 | selection of URL | DivideByZero.go:31:12:31:24 | call to Query | provenance | MaD:737 | | DivideByZero.go:31:12:31:24 | call to Query | DivideByZero.go:32:33:32:38 | param1 | provenance | | | DivideByZero.go:32:2:32:43 | ... := ...[0] | DivideByZero.go:33:16:33:20 | value | provenance | | | DivideByZero.go:32:33:32:38 | param1 | DivideByZero.go:32:2:32:43 | ... := ...[0] | provenance | | -| DivideByZero.go:38:12:38:16 | selection of URL | DivideByZero.go:38:12:38:24 | call to Query | provenance | MaD:732 | +| DivideByZero.go:38:12:38:16 | selection of URL | DivideByZero.go:38:12:38:24 | call to Query | provenance | MaD:737 | | DivideByZero.go:38:12:38:24 | call to Query | DivideByZero.go:39:32:39:37 | param1 | provenance | | | DivideByZero.go:39:2:39:46 | ... := ...[0] | DivideByZero.go:40:16:40:20 | value | provenance | | | DivideByZero.go:39:32:39:37 | param1 | DivideByZero.go:39:2:39:46 | ... := ...[0] | provenance | | -| DivideByZero.go:54:12:54:16 | selection of URL | DivideByZero.go:54:12:54:24 | call to Query | provenance | MaD:732 | +| DivideByZero.go:54:12:54:16 | selection of URL | DivideByZero.go:54:12:54:24 | call to Query | provenance | MaD:737 | | DivideByZero.go:54:12:54:24 | call to Query | DivideByZero.go:55:11:55:24 | type conversion | provenance | | | DivideByZero.go:55:11:55:24 | type conversion | DivideByZero.go:57:17:57:21 | value | provenance | | nodes diff --git a/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected b/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected index ebdb7e467cf6..d721e3f12deb 100644 --- a/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected +++ b/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected @@ -1,5 +1,5 @@ edges -| test.go:59:16:59:44 | call to FormValue | test.go:128:20:128:27 | definition of filename | provenance | Src:MaD:667 | +| test.go:59:16:59:44 | call to FormValue | test.go:128:20:128:27 | definition of filename | provenance | Src:MaD:672 | | test.go:60:15:60:26 | selection of Body | test.go:158:19:158:22 | definition of file | provenance | | | test.go:61:24:61:35 | selection of Body | test.go:169:28:169:31 | definition of file | provenance | | | test.go:62:13:62:24 | selection of Body | test.go:181:17:181:20 | definition of file | provenance | | @@ -34,18 +34,18 @@ edges | test.go:145:12:145:19 | call to Open | test.go:147:37:147:38 | rc | provenance | | | test.go:158:19:158:22 | definition of file | test.go:159:25:159:28 | file | provenance | | | test.go:159:2:159:29 | ... := ...[0] | test.go:160:48:160:52 | file1 | provenance | | -| test.go:159:25:159:28 | file | test.go:159:2:159:29 | ... := ...[0] | provenance | MaD:544 | +| test.go:159:25:159:28 | file | test.go:159:2:159:29 | ... := ...[0] | provenance | MaD:549 | | test.go:160:2:160:69 | ... := ...[0] | test.go:163:26:163:29 | file | provenance | | | test.go:160:32:160:53 | call to NewReader | test.go:160:2:160:69 | ... := ...[0] | provenance | | -| test.go:160:48:160:52 | file1 | test.go:160:32:160:53 | call to NewReader | provenance | MaD:40 | +| test.go:160:48:160:52 | file1 | test.go:160:32:160:53 | call to NewReader | provenance | MaD:45 | | test.go:163:3:163:36 | ... := ...[0] | test.go:164:36:164:51 | fileReaderCloser | provenance | | | test.go:163:26:163:29 | file | test.go:163:3:163:36 | ... := ...[0] | provenance | MaD:8 | | test.go:169:28:169:31 | definition of file | test.go:170:25:170:28 | file | provenance | | | test.go:170:2:170:29 | ... := ...[0] | test.go:171:57:171:61 | file2 | provenance | | -| test.go:170:25:170:28 | file | test.go:170:2:170:29 | ... := ...[0] | provenance | MaD:544 | +| test.go:170:25:170:28 | file | test.go:170:2:170:29 | ... := ...[0] | provenance | MaD:549 | | test.go:171:2:171:78 | ... := ...[0] | test.go:175:26:175:29 | file | provenance | | | test.go:171:41:171:62 | call to NewReader | test.go:171:2:171:78 | ... := ...[0] | provenance | | -| test.go:171:57:171:61 | file2 | test.go:171:41:171:62 | call to NewReader | provenance | MaD:40 | +| test.go:171:57:171:61 | file2 | test.go:171:41:171:62 | call to NewReader | provenance | MaD:45 | | test.go:175:26:175:29 | file | test.go:175:26:175:36 | call to Open | provenance | | | test.go:175:26:175:36 | call to Open | test.go:176:36:176:51 | fileReaderCloser | provenance | | | test.go:181:17:181:20 | definition of file | test.go:184:41:184:44 | file | provenance | | diff --git a/go/ql/test/experimental/CWE-74/DsnInjection.expected b/go/ql/test/experimental/CWE-74/DsnInjection.expected index fe3300c6dd45..c3777f22fda0 100644 --- a/go/ql/test/experimental/CWE-74/DsnInjection.expected +++ b/go/ql/test/experimental/CWE-74/DsnInjection.expected @@ -1,6 +1,6 @@ edges -| Dsn.go:47:10:47:30 | call to FormValue | Dsn.go:49:102:49:105 | name | provenance | Src:MaD:667 | -| Dsn.go:49:11:49:106 | []type{args} [array] | Dsn.go:49:11:49:106 | call to Sprintf | provenance | MaD:242 | +| Dsn.go:47:10:47:30 | call to FormValue | Dsn.go:49:102:49:105 | name | provenance | Src:MaD:672 | +| Dsn.go:49:11:49:106 | []type{args} [array] | Dsn.go:49:11:49:106 | call to Sprintf | provenance | MaD:247 | | Dsn.go:49:11:49:106 | call to Sprintf | Dsn.go:50:29:50:33 | dbDSN | provenance | | | Dsn.go:49:102:49:105 | name | Dsn.go:49:11:49:106 | []type{args} [array] | provenance | | | Dsn.go:49:102:49:105 | name | Dsn.go:49:11:49:106 | call to Sprintf | provenance | FunctionModel | diff --git a/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected b/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected index 45fe5766a705..b9c6fa34b736 100644 --- a/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected +++ b/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected @@ -1,6 +1,6 @@ edges | Dsn.go:26:11:26:17 | selection of Args | Dsn.go:28:102:28:109 | index expression | provenance | | -| Dsn.go:28:11:28:110 | []type{args} [array] | Dsn.go:28:11:28:110 | call to Sprintf | provenance | MaD:242 | +| Dsn.go:28:11:28:110 | []type{args} [array] | Dsn.go:28:11:28:110 | call to Sprintf | provenance | MaD:247 | | Dsn.go:28:11:28:110 | call to Sprintf | Dsn.go:29:29:29:33 | dbDSN | provenance | | | Dsn.go:28:102:28:109 | index expression | Dsn.go:28:11:28:110 | []type{args} [array] | provenance | | | Dsn.go:28:102:28:109 | index expression | Dsn.go:28:11:28:110 | call to Sprintf | provenance | FunctionModel | @@ -12,7 +12,7 @@ edges | Dsn.go:63:9:63:11 | implicit dereference | Dsn.go:67:102:67:108 | selection of dsn | provenance | | | Dsn.go:63:19:63:25 | selection of Args | Dsn.go:63:19:63:29 | slice expression | provenance | | | Dsn.go:63:19:63:29 | slice expression | Dsn.go:63:9:63:11 | implicit dereference | provenance | FunctionModel | -| Dsn.go:67:11:67:109 | []type{args} [array] | Dsn.go:67:11:67:109 | call to Sprintf | provenance | MaD:242 | +| Dsn.go:67:11:67:109 | []type{args} [array] | Dsn.go:67:11:67:109 | call to Sprintf | provenance | MaD:247 | | Dsn.go:67:11:67:109 | call to Sprintf | Dsn.go:68:29:68:33 | dbDSN | provenance | | | Dsn.go:67:102:67:104 | cfg [pointer] | Dsn.go:67:102:67:104 | implicit dereference | provenance | | | Dsn.go:67:102:67:104 | implicit dereference | Dsn.go:63:9:63:11 | implicit dereference | provenance | | diff --git a/go/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.expected b/go/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.expected index b99e5cd58751..9488e442b584 100644 --- a/go/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.expected +++ b/go/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.expected @@ -1,28 +1,28 @@ edges | HTMLTemplateEscapingPassthrough.go:29:12:29:41 | type conversion | HTMLTemplateEscapingPassthrough.go:30:39:30:39 | a | provenance | | -| HTMLTemplateEscapingPassthrough.go:29:26:29:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:29:12:29:41 | type conversion | provenance | Src:MaD:671 | +| HTMLTemplateEscapingPassthrough.go:29:26:29:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:29:12:29:41 | type conversion | provenance | Src:MaD:676 | | HTMLTemplateEscapingPassthrough.go:35:9:35:38 | type conversion | HTMLTemplateEscapingPassthrough.go:36:40:36:40 | a | provenance | | -| HTMLTemplateEscapingPassthrough.go:35:23:35:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:35:9:35:38 | type conversion | provenance | Src:MaD:671 | +| HTMLTemplateEscapingPassthrough.go:35:23:35:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:35:9:35:38 | type conversion | provenance | Src:MaD:676 | | HTMLTemplateEscapingPassthrough.go:40:9:40:34 | type conversion | HTMLTemplateEscapingPassthrough.go:41:40:41:40 | a | provenance | | -| HTMLTemplateEscapingPassthrough.go:40:19:40:33 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:40:9:40:34 | type conversion | provenance | Src:MaD:671 | +| HTMLTemplateEscapingPassthrough.go:40:19:40:33 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:40:9:40:34 | type conversion | provenance | Src:MaD:676 | | HTMLTemplateEscapingPassthrough.go:46:11:46:44 | type conversion | HTMLTemplateEscapingPassthrough.go:47:41:47:41 | c | provenance | | -| HTMLTemplateEscapingPassthrough.go:46:29:46:43 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:46:11:46:44 | type conversion | provenance | Src:MaD:671 | +| HTMLTemplateEscapingPassthrough.go:46:29:46:43 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:46:11:46:44 | type conversion | provenance | Src:MaD:676 | | HTMLTemplateEscapingPassthrough.go:50:11:50:38 | type conversion | HTMLTemplateEscapingPassthrough.go:51:44:51:44 | d | provenance | | -| HTMLTemplateEscapingPassthrough.go:50:23:50:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:50:11:50:38 | type conversion | provenance | Src:MaD:671 | +| HTMLTemplateEscapingPassthrough.go:50:23:50:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:50:11:50:38 | type conversion | provenance | Src:MaD:676 | | HTMLTemplateEscapingPassthrough.go:54:11:54:41 | type conversion | HTMLTemplateEscapingPassthrough.go:55:44:55:44 | e | provenance | | -| HTMLTemplateEscapingPassthrough.go:54:26:54:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:54:11:54:41 | type conversion | provenance | Src:MaD:671 | +| HTMLTemplateEscapingPassthrough.go:54:26:54:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:54:11:54:41 | type conversion | provenance | Src:MaD:676 | | HTMLTemplateEscapingPassthrough.go:58:11:58:39 | type conversion | HTMLTemplateEscapingPassthrough.go:59:38:59:38 | b | provenance | | -| HTMLTemplateEscapingPassthrough.go:58:24:58:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:58:11:58:39 | type conversion | provenance | Src:MaD:671 | +| HTMLTemplateEscapingPassthrough.go:58:24:58:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:58:11:58:39 | type conversion | provenance | Src:MaD:676 | | HTMLTemplateEscapingPassthrough.go:62:11:62:42 | type conversion | HTMLTemplateEscapingPassthrough.go:63:44:63:44 | f | provenance | | -| HTMLTemplateEscapingPassthrough.go:62:27:62:41 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:62:11:62:42 | type conversion | provenance | Src:MaD:671 | +| HTMLTemplateEscapingPassthrough.go:62:27:62:41 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:62:11:62:42 | type conversion | provenance | Src:MaD:676 | | HTMLTemplateEscapingPassthrough.go:66:11:66:39 | type conversion | HTMLTemplateEscapingPassthrough.go:67:38:67:38 | g | provenance | | -| HTMLTemplateEscapingPassthrough.go:66:24:66:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:66:11:66:39 | type conversion | provenance | Src:MaD:671 | -| HTMLTemplateEscapingPassthrough.go:75:17:75:31 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:76:38:76:44 | escaped | provenance | Src:MaD:671 | -| HTMLTemplateEscapingPassthrough.go:81:10:81:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:84:38:84:40 | src | provenance | Src:MaD:671 | -| HTMLTemplateEscapingPassthrough.go:89:10:89:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:91:64:91:66 | src | provenance | Src:MaD:671 | +| HTMLTemplateEscapingPassthrough.go:66:24:66:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:66:11:66:39 | type conversion | provenance | Src:MaD:676 | +| HTMLTemplateEscapingPassthrough.go:75:17:75:31 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:76:38:76:44 | escaped | provenance | Src:MaD:676 | +| HTMLTemplateEscapingPassthrough.go:81:10:81:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:84:38:84:40 | src | provenance | Src:MaD:676 | +| HTMLTemplateEscapingPassthrough.go:89:10:89:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:91:64:91:66 | src | provenance | Src:MaD:676 | | HTMLTemplateEscapingPassthrough.go:91:16:91:77 | type conversion | HTMLTemplateEscapingPassthrough.go:92:38:92:46 | converted | provenance | | | HTMLTemplateEscapingPassthrough.go:91:38:91:67 | call to HTMLEscapeString | HTMLTemplateEscapingPassthrough.go:91:16:91:77 | type conversion | provenance | | -| HTMLTemplateEscapingPassthrough.go:91:64:91:66 | src | HTMLTemplateEscapingPassthrough.go:91:38:91:67 | call to HTMLEscapeString | provenance | MaD:519 | +| HTMLTemplateEscapingPassthrough.go:91:64:91:66 | src | HTMLTemplateEscapingPassthrough.go:91:38:91:67 | call to HTMLEscapeString | provenance | MaD:524 | nodes | HTMLTemplateEscapingPassthrough.go:29:12:29:41 | type conversion | semmle.label | type conversion | | HTMLTemplateEscapingPassthrough.go:29:26:29:40 | call to UserAgent | semmle.label | call to UserAgent | diff --git a/go/ql/test/experimental/CWE-918/SSRF.expected b/go/ql/test/experimental/CWE-918/SSRF.expected index 3eff488162ec..0f87bc3bb617 100644 --- a/go/ql/test/experimental/CWE-918/SSRF.expected +++ b/go/ql/test/experimental/CWE-918/SSRF.expected @@ -1,44 +1,44 @@ edges -| builtin.go:19:12:19:34 | call to FormValue | builtin.go:22:21:22:62 | ...+... | provenance | Src:MaD:667 | -| builtin.go:83:21:83:31 | call to Referer | builtin.go:88:27:88:40 | untrustedInput | provenance | Src:MaD:670 | -| builtin.go:97:21:97:31 | call to Referer | builtin.go:101:36:101:49 | untrustedInput | provenance | Src:MaD:670 | -| builtin.go:111:21:111:31 | call to Referer | builtin.go:114:15:114:28 | untrustedInput | provenance | Src:MaD:670 | -| builtin.go:129:21:129:31 | call to Referer | builtin.go:132:38:132:51 | untrustedInput | provenance | Src:MaD:670 | +| builtin.go:19:12:19:34 | call to FormValue | builtin.go:22:21:22:62 | ...+... | provenance | Src:MaD:672 | +| builtin.go:83:21:83:31 | call to Referer | builtin.go:88:27:88:40 | untrustedInput | provenance | Src:MaD:675 | +| builtin.go:97:21:97:31 | call to Referer | builtin.go:101:36:101:49 | untrustedInput | provenance | Src:MaD:675 | +| builtin.go:111:21:111:31 | call to Referer | builtin.go:114:15:114:28 | untrustedInput | provenance | Src:MaD:675 | +| builtin.go:129:21:129:31 | call to Referer | builtin.go:132:38:132:51 | untrustedInput | provenance | Src:MaD:675 | | new-tests.go:26:26:26:30 | &... | new-tests.go:31:48:31:56 | selection of word | provenance | | | new-tests.go:26:26:26:30 | &... | new-tests.go:32:48:32:56 | selection of safe | provenance | | | new-tests.go:26:26:26:30 | &... | new-tests.go:35:49:35:57 | selection of word | provenance | | -| new-tests.go:31:11:31:57 | []type{args} [array] | new-tests.go:31:11:31:57 | call to Sprintf | provenance | MaD:242 | +| new-tests.go:31:11:31:57 | []type{args} [array] | new-tests.go:31:11:31:57 | call to Sprintf | provenance | MaD:247 | | new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | []type{args} [array] | provenance | | | new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | call to Sprintf | provenance | FunctionModel | -| new-tests.go:32:11:32:57 | []type{args} [array] | new-tests.go:32:11:32:57 | call to Sprintf | provenance | MaD:242 | +| new-tests.go:32:11:32:57 | []type{args} [array] | new-tests.go:32:11:32:57 | call to Sprintf | provenance | MaD:247 | | new-tests.go:32:48:32:56 | selection of safe | new-tests.go:32:11:32:57 | []type{args} [array] | provenance | | | new-tests.go:32:48:32:56 | selection of safe | new-tests.go:32:11:32:57 | call to Sprintf | provenance | FunctionModel | -| new-tests.go:35:12:35:58 | []type{args} [array] | new-tests.go:35:12:35:58 | call to Sprintf | provenance | MaD:242 | +| new-tests.go:35:12:35:58 | []type{args} [array] | new-tests.go:35:12:35:58 | call to Sprintf | provenance | MaD:247 | | new-tests.go:35:49:35:57 | selection of word | new-tests.go:35:12:35:58 | []type{args} [array] | provenance | | | new-tests.go:35:49:35:57 | selection of word | new-tests.go:35:12:35:58 | call to Sprintf | provenance | FunctionModel | | new-tests.go:39:18:39:30 | call to Param | new-tests.go:47:11:47:46 | ...+... | provenance | | | new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... | provenance | | | new-tests.go:62:2:62:39 | ... := ...[0] | new-tests.go:63:17:63:23 | reqBody | provenance | | -| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] | provenance | MaD:537 | -| new-tests.go:63:17:63:23 | reqBody | new-tests.go:63:26:63:30 | &... | provenance | MaD:181 | +| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] | provenance | MaD:542 | +| new-tests.go:63:17:63:23 | reqBody | new-tests.go:63:26:63:30 | &... | provenance | MaD:186 | | new-tests.go:63:26:63:30 | &... | new-tests.go:68:48:68:56 | selection of word | provenance | | | new-tests.go:63:26:63:30 | &... | new-tests.go:69:48:69:56 | selection of safe | provenance | | | new-tests.go:63:26:63:30 | &... | new-tests.go:74:49:74:57 | selection of word | provenance | | -| new-tests.go:68:11:68:57 | []type{args} [array] | new-tests.go:68:11:68:57 | call to Sprintf | provenance | MaD:242 | +| new-tests.go:68:11:68:57 | []type{args} [array] | new-tests.go:68:11:68:57 | call to Sprintf | provenance | MaD:247 | | new-tests.go:68:48:68:56 | selection of word | new-tests.go:68:11:68:57 | []type{args} [array] | provenance | | | new-tests.go:68:48:68:56 | selection of word | new-tests.go:68:11:68:57 | call to Sprintf | provenance | FunctionModel | -| new-tests.go:69:11:69:57 | []type{args} [array] | new-tests.go:69:11:69:57 | call to Sprintf | provenance | MaD:242 | +| new-tests.go:69:11:69:57 | []type{args} [array] | new-tests.go:69:11:69:57 | call to Sprintf | provenance | MaD:247 | | new-tests.go:69:48:69:56 | selection of safe | new-tests.go:69:11:69:57 | []type{args} [array] | provenance | | | new-tests.go:69:48:69:56 | selection of safe | new-tests.go:69:11:69:57 | call to Sprintf | provenance | FunctionModel | -| new-tests.go:74:12:74:58 | []type{args} [array] | new-tests.go:74:12:74:58 | call to Sprintf | provenance | MaD:242 | +| new-tests.go:74:12:74:58 | []type{args} [array] | new-tests.go:74:12:74:58 | call to Sprintf | provenance | MaD:247 | | new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | []type{args} [array] | provenance | | | new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | call to Sprintf | provenance | FunctionModel | -| new-tests.go:78:18:78:24 | selection of URL | new-tests.go:78:18:78:32 | call to Query | provenance | MaD:732 | -| new-tests.go:78:18:78:32 | call to Query | new-tests.go:78:18:78:46 | call to Get | provenance | MaD:739 | +| new-tests.go:78:18:78:24 | selection of URL | new-tests.go:78:18:78:32 | call to Query | provenance | MaD:737 | +| new-tests.go:78:18:78:32 | call to Query | new-tests.go:78:18:78:46 | call to Get | provenance | MaD:744 | | new-tests.go:78:18:78:46 | call to Get | new-tests.go:79:11:79:46 | ...+... | provenance | | | new-tests.go:81:18:81:67 | call to TrimPrefix | new-tests.go:82:11:82:46 | ...+... | provenance | | | new-tests.go:81:37:81:43 | selection of URL | new-tests.go:81:37:81:48 | selection of Path | provenance | | -| new-tests.go:81:37:81:48 | selection of Path | new-tests.go:81:18:81:67 | call to TrimPrefix | provenance | MaD:855 | +| new-tests.go:81:37:81:48 | selection of Path | new-tests.go:81:18:81:67 | call to TrimPrefix | provenance | MaD:860 | | new-tests.go:86:10:86:20 | call to Vars | new-tests.go:88:11:88:46 | ...+... | provenance | | | new-tests.go:95:18:95:45 | call to URLParam | new-tests.go:96:11:96:46 | ...+... | provenance | | nodes diff --git a/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected b/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected index e33725ab78ab..d5afe1570380 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected @@ -1,6 +1,6 @@ edges | Builtin.go:6:2:6:2 | definition of b | Builtin.go:8:9:8:17 | type conversion | provenance | | -| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | MaD:550 | +| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | MaD:555 | nodes | Builtin.go:6:2:6:2 | definition of b | semmle.label | definition of b | | Builtin.go:7:2:7:15 | selection of Body | semmle.label | selection of Body | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected index 575045cc46ed..9be81aec8d3d 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected @@ -24,21 +24,21 @@ edges | test.go:199:15:199:26 | call to Data | test.go:204:36:204:53 | type assertion | provenance | | | test.go:199:15:199:26 | call to Data | test.go:205:34:205:51 | type assertion | provenance | | | test.go:200:21:200:54 | call to HTML2str | test.go:200:14:200:55 | type conversion | provenance | | -| test.go:200:36:200:53 | type assertion | test.go:200:21:200:54 | call to HTML2str | provenance | MaD:246 | +| test.go:200:36:200:53 | type assertion | test.go:200:21:200:54 | call to HTML2str | provenance | MaD:251 | | test.go:201:21:201:57 | call to Htmlunquote | test.go:201:14:201:58 | type conversion | provenance | | -| test.go:201:39:201:56 | type assertion | test.go:201:21:201:57 | call to Htmlunquote | provenance | MaD:248 | +| test.go:201:39:201:56 | type assertion | test.go:201:21:201:57 | call to Htmlunquote | provenance | MaD:253 | | test.go:202:2:202:68 | ... := ...[0] | test.go:203:14:203:28 | type assertion | provenance | | -| test.go:202:28:202:56 | type assertion | test.go:202:2:202:68 | ... := ...[0] | provenance | MaD:249 | +| test.go:202:28:202:56 | type assertion | test.go:202:2:202:68 | ... := ...[0] | provenance | MaD:254 | | test.go:204:21:204:54 | call to Str2html | test.go:204:14:204:55 | type conversion | provenance | | -| test.go:204:36:204:53 | type assertion | test.go:204:21:204:54 | call to Str2html | provenance | MaD:251 | +| test.go:204:36:204:53 | type assertion | test.go:204:21:204:54 | call to Str2html | provenance | MaD:256 | | test.go:205:21:205:58 | call to Substr | test.go:205:14:205:59 | type conversion | provenance | | -| test.go:205:34:205:51 | type assertion | test.go:205:21:205:58 | call to Substr | provenance | MaD:252 | +| test.go:205:34:205:51 | type assertion | test.go:205:21:205:58 | call to Substr | provenance | MaD:257 | | test.go:207:6:207:6 | definition of s | test.go:209:14:209:28 | type conversion | provenance | | -| test.go:208:18:208:33 | selection of Form | test.go:207:6:207:6 | definition of s | provenance | MaD:250 | +| test.go:208:18:208:33 | selection of Form | test.go:207:6:207:6 | definition of s | provenance | MaD:255 | | test.go:223:2:223:34 | ... := ...[0] | test.go:225:31:225:31 | f | provenance | | | test.go:223:2:223:34 | ... := ...[1] | test.go:224:14:224:32 | type conversion | provenance | | | test.go:225:2:225:32 | ... := ...[0] | test.go:226:14:226:20 | content | provenance | | -| test.go:225:31:225:31 | f | test.go:225:2:225:32 | ... := ...[0] | provenance | MaD:537 | +| test.go:225:31:225:31 | f | test.go:225:2:225:32 | ... := ...[0] | provenance | MaD:542 | | test.go:228:2:228:40 | ... := ...[0] | test.go:229:14:229:38 | type conversion | provenance | | | test.go:231:7:231:28 | call to GetString | test.go:232:14:232:22 | type conversion | provenance | | | test.go:234:8:234:35 | call to GetStrings | test.go:235:14:235:26 | type conversion | provenance | | @@ -66,39 +66,39 @@ edges | test.go:278:21:278:28 | index expression | test.go:276:2:276:13 | definition of genericFiles [array] | provenance | | | test.go:283:44:283:60 | selection of Filename | test.go:283:21:283:61 | call to GetDisplayString | provenance | FunctionModel | | test.go:284:21:284:53 | call to SliceChunk | test.go:284:21:284:92 | selection of Filename | provenance | | -| test.go:284:38:284:49 | genericFiles | test.go:284:21:284:53 | call to SliceChunk | provenance | MaD:260 | +| test.go:284:38:284:49 | genericFiles | test.go:284:21:284:53 | call to SliceChunk | provenance | MaD:265 | | test.go:285:21:285:60 | call to SliceDiff | test.go:285:21:285:96 | selection of Filename | provenance | | -| test.go:285:37:285:48 | genericFiles | test.go:285:21:285:60 | call to SliceDiff | provenance | MaD:261 | +| test.go:285:37:285:48 | genericFiles | test.go:285:21:285:60 | call to SliceDiff | provenance | MaD:266 | | test.go:290:3:292:44 | call to SliceFilter | test.go:290:3:292:80 | selection of Filename | provenance | | -| test.go:291:4:291:15 | genericFiles | test.go:290:3:292:44 | call to SliceFilter | provenance | MaD:262 | +| test.go:291:4:291:15 | genericFiles | test.go:290:3:292:44 | call to SliceFilter | provenance | MaD:267 | | test.go:293:21:293:65 | call to SliceIntersect | test.go:293:21:293:101 | selection of Filename | provenance | | -| test.go:293:42:293:53 | genericFiles | test.go:293:21:293:65 | call to SliceIntersect | provenance | MaD:263 | +| test.go:293:42:293:53 | genericFiles | test.go:293:21:293:65 | call to SliceIntersect | provenance | MaD:268 | | test.go:294:21:294:65 | call to SliceIntersect | test.go:294:21:294:101 | selection of Filename | provenance | | -| test.go:294:53:294:64 | genericFiles | test.go:294:21:294:65 | call to SliceIntersect | provenance | MaD:263 | +| test.go:294:53:294:64 | genericFiles | test.go:294:21:294:65 | call to SliceIntersect | provenance | MaD:268 | | test.go:295:21:295:61 | call to SliceMerge | test.go:295:21:295:97 | selection of Filename | provenance | | -| test.go:295:38:295:49 | genericFiles | test.go:295:21:295:61 | call to SliceMerge | provenance | MaD:264 | +| test.go:295:38:295:49 | genericFiles | test.go:295:21:295:61 | call to SliceMerge | provenance | MaD:269 | | test.go:296:21:296:61 | call to SliceMerge | test.go:296:21:296:97 | selection of Filename | provenance | | -| test.go:296:49:296:60 | genericFiles | test.go:296:21:296:61 | call to SliceMerge | provenance | MaD:264 | +| test.go:296:49:296:60 | genericFiles | test.go:296:21:296:61 | call to SliceMerge | provenance | MaD:269 | | test.go:297:21:297:66 | call to SlicePad | test.go:297:21:297:102 | selection of Filename | provenance | | | test.go:297:51:297:62 | genericFiles [array] | test.go:297:51:297:65 | index expression | provenance | | -| test.go:297:51:297:65 | index expression | test.go:297:21:297:66 | call to SlicePad | provenance | MaD:265 | +| test.go:297:51:297:65 | index expression | test.go:297:21:297:66 | call to SlicePad | provenance | MaD:270 | | test.go:298:21:298:66 | call to SlicePad | test.go:298:21:298:102 | selection of Filename | provenance | | -| test.go:298:36:298:47 | genericFiles | test.go:298:21:298:66 | call to SlicePad | provenance | MaD:265 | +| test.go:298:36:298:47 | genericFiles | test.go:298:21:298:66 | call to SlicePad | provenance | MaD:270 | | test.go:299:21:299:49 | call to SliceRand | test.go:299:21:299:82 | selection of Filename | provenance | | -| test.go:299:37:299:48 | genericFiles | test.go:299:21:299:49 | call to SliceRand | provenance | MaD:266 | +| test.go:299:37:299:48 | genericFiles | test.go:299:21:299:49 | call to SliceRand | provenance | MaD:271 | | test.go:301:21:301:97 | call to SliceReduce | test.go:301:21:301:133 | selection of Filename | provenance | | -| test.go:301:39:301:50 | genericFiles | test.go:301:21:301:97 | call to SliceReduce | provenance | MaD:267 | +| test.go:301:39:301:50 | genericFiles | test.go:301:21:301:97 | call to SliceReduce | provenance | MaD:272 | | test.go:302:21:302:52 | call to SliceShuffle | test.go:302:21:302:88 | selection of Filename | provenance | | -| test.go:302:40:302:51 | genericFiles | test.go:302:21:302:52 | call to SliceShuffle | provenance | MaD:268 | +| test.go:302:40:302:51 | genericFiles | test.go:302:21:302:52 | call to SliceShuffle | provenance | MaD:273 | | test.go:303:21:303:51 | call to SliceUnique | test.go:303:21:303:87 | selection of Filename | provenance | | -| test.go:303:39:303:50 | genericFiles | test.go:303:21:303:51 | call to SliceUnique | provenance | MaD:269 | +| test.go:303:39:303:50 | genericFiles | test.go:303:21:303:51 | call to SliceUnique | provenance | MaD:274 | | test.go:308:2:308:5 | definition of bMap | test.go:311:21:311:24 | bMap | provenance | | | test.go:308:2:308:5 | definition of bMap | test.go:312:21:312:24 | bMap | provenance | | | test.go:309:15:309:36 | call to GetString | test.go:310:22:310:30 | untrusted | provenance | | -| test.go:310:22:310:30 | untrusted | test.go:308:2:308:5 | definition of bMap | provenance | MaD:272 | -| test.go:311:21:311:24 | bMap | test.go:311:21:311:39 | call to Get | provenance | MaD:270 | +| test.go:310:22:310:30 | untrusted | test.go:308:2:308:5 | definition of bMap | provenance | MaD:277 | +| test.go:311:21:311:24 | bMap | test.go:311:21:311:39 | call to Get | provenance | MaD:275 | | test.go:311:21:311:39 | call to Get | test.go:311:21:311:48 | type assertion | provenance | | -| test.go:312:21:312:24 | bMap | test.go:312:21:312:32 | call to Items | provenance | MaD:271 | +| test.go:312:21:312:24 | bMap | test.go:312:21:312:32 | call to Items | provenance | MaD:276 | | test.go:312:21:312:32 | call to Items | test.go:312:21:312:52 | type assertion | provenance | | nodes | test.go:33:6:33:10 | definition of bound | semmle.label | definition of bound | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected index 94a3262d41eb..1af201139353 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected @@ -2,7 +2,7 @@ edges | test.go:215:15:215:26 | call to Data | test.go:216:18:216:26 | untrusted | provenance | | | test.go:215:15:215:26 | call to Data | test.go:217:10:217:18 | untrusted | provenance | | | test.go:215:15:215:26 | call to Data | test.go:218:35:218:43 | untrusted | provenance | | -| test.go:324:17:324:37 | selection of RequestBody | test.go:324:40:324:43 | &... | provenance | MaD:181 | +| test.go:324:17:324:37 | selection of RequestBody | test.go:324:40:324:43 | &... | provenance | MaD:186 | | test.go:324:40:324:43 | &... | test.go:326:35:326:43 | untrusted | provenance | | | test.go:332:15:332:26 | call to Data | test.go:334:23:334:31 | untrusted | provenance | | | test.go:340:15:340:26 | call to Data | test.go:342:53:342:61 | untrusted | provenance | | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected index 88df7efaf181..c9ab87236c84 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected @@ -1,36 +1,36 @@ edges -| test.go:10:15:10:41 | call to UserAgent | test.go:12:11:12:19 | untrusted | provenance | Src:MaD:671 | -| test.go:10:15:10:41 | call to UserAgent | test.go:13:23:13:31 | untrusted | provenance | Src:MaD:671 | -| test.go:10:15:10:41 | call to UserAgent | test.go:14:14:14:22 | untrusted | provenance | Src:MaD:671 | -| test.go:10:15:10:41 | call to UserAgent | test.go:15:26:15:34 | untrusted | provenance | Src:MaD:671 | -| test.go:10:15:10:41 | call to UserAgent | test.go:16:12:16:20 | untrusted | provenance | Src:MaD:671 | -| test.go:10:15:10:41 | call to UserAgent | test.go:17:24:17:32 | untrusted | provenance | Src:MaD:671 | -| test.go:10:15:10:41 | call to UserAgent | test.go:18:15:18:23 | untrusted | provenance | Src:MaD:671 | -| test.go:10:15:10:41 | call to UserAgent | test.go:19:27:19:35 | untrusted | provenance | Src:MaD:671 | -| test.go:24:15:24:41 | call to UserAgent | test.go:26:12:26:20 | untrusted | provenance | Src:MaD:671 | -| test.go:24:15:24:41 | call to UserAgent | test.go:27:10:27:18 | untrusted | provenance | Src:MaD:671 | -| test.go:24:15:24:41 | call to UserAgent | test.go:28:15:28:23 | untrusted | provenance | Src:MaD:671 | -| test.go:24:15:24:41 | call to UserAgent | test.go:29:14:29:22 | untrusted | provenance | Src:MaD:671 | -| test.go:24:15:24:41 | call to UserAgent | test.go:30:15:30:23 | untrusted | provenance | Src:MaD:671 | -| test.go:24:15:24:41 | call to UserAgent | test.go:31:8:31:16 | untrusted | provenance | Src:MaD:671 | -| test.go:24:15:24:41 | call to UserAgent | test.go:32:11:32:19 | untrusted | provenance | Src:MaD:671 | -| test.go:24:15:24:41 | call to UserAgent | test.go:33:9:33:17 | untrusted | provenance | Src:MaD:671 | -| test.go:24:15:24:41 | call to UserAgent | test.go:34:8:34:16 | untrusted | provenance | Src:MaD:671 | -| test.go:24:15:24:41 | call to UserAgent | test.go:35:8:35:16 | untrusted | provenance | Src:MaD:671 | -| test.go:24:15:24:41 | call to UserAgent | test.go:36:13:36:21 | untrusted | provenance | Src:MaD:671 | -| test.go:24:15:24:41 | call to UserAgent | test.go:37:13:37:21 | untrusted | provenance | Src:MaD:671 | -| test.go:24:15:24:41 | call to UserAgent | test.go:38:12:38:20 | untrusted | provenance | Src:MaD:671 | -| test.go:24:15:24:41 | call to UserAgent | test.go:39:12:39:20 | untrusted | provenance | Src:MaD:671 | -| test.go:24:15:24:41 | call to UserAgent | test.go:40:9:40:17 | untrusted | provenance | Src:MaD:671 | -| test.go:24:15:24:41 | call to UserAgent | test.go:41:12:41:20 | untrusted | provenance | Src:MaD:671 | -| test.go:24:15:24:41 | call to UserAgent | test.go:42:16:42:24 | untrusted | provenance | Src:MaD:671 | -| test.go:24:15:24:41 | call to UserAgent | test.go:42:27:42:35 | untrusted | provenance | Src:MaD:671 | -| test.go:24:15:24:41 | call to UserAgent | test.go:43:12:43:20 | untrusted | provenance | Src:MaD:671 | -| test.go:24:15:24:41 | call to UserAgent | test.go:44:14:44:22 | untrusted | provenance | Src:MaD:671 | -| test.go:24:15:24:41 | call to UserAgent | test.go:44:25:44:33 | untrusted | provenance | Src:MaD:671 | -| test.go:48:15:48:41 | call to UserAgent | test.go:49:12:49:20 | untrusted | provenance | Src:MaD:671 | -| test.go:54:15:54:41 | call to UserAgent | test.go:56:31:56:39 | untrusted | provenance | Src:MaD:671 | -| test.go:60:15:60:41 | call to UserAgent | test.go:62:19:62:27 | untrusted | provenance | Src:MaD:671 | +| test.go:10:15:10:41 | call to UserAgent | test.go:12:11:12:19 | untrusted | provenance | Src:MaD:676 | +| test.go:10:15:10:41 | call to UserAgent | test.go:13:23:13:31 | untrusted | provenance | Src:MaD:676 | +| test.go:10:15:10:41 | call to UserAgent | test.go:14:14:14:22 | untrusted | provenance | Src:MaD:676 | +| test.go:10:15:10:41 | call to UserAgent | test.go:15:26:15:34 | untrusted | provenance | Src:MaD:676 | +| test.go:10:15:10:41 | call to UserAgent | test.go:16:12:16:20 | untrusted | provenance | Src:MaD:676 | +| test.go:10:15:10:41 | call to UserAgent | test.go:17:24:17:32 | untrusted | provenance | Src:MaD:676 | +| test.go:10:15:10:41 | call to UserAgent | test.go:18:15:18:23 | untrusted | provenance | Src:MaD:676 | +| test.go:10:15:10:41 | call to UserAgent | test.go:19:27:19:35 | untrusted | provenance | Src:MaD:676 | +| test.go:24:15:24:41 | call to UserAgent | test.go:26:12:26:20 | untrusted | provenance | Src:MaD:676 | +| test.go:24:15:24:41 | call to UserAgent | test.go:27:10:27:18 | untrusted | provenance | Src:MaD:676 | +| test.go:24:15:24:41 | call to UserAgent | test.go:28:15:28:23 | untrusted | provenance | Src:MaD:676 | +| test.go:24:15:24:41 | call to UserAgent | test.go:29:14:29:22 | untrusted | provenance | Src:MaD:676 | +| test.go:24:15:24:41 | call to UserAgent | test.go:30:15:30:23 | untrusted | provenance | Src:MaD:676 | +| test.go:24:15:24:41 | call to UserAgent | test.go:31:8:31:16 | untrusted | provenance | Src:MaD:676 | +| test.go:24:15:24:41 | call to UserAgent | test.go:32:11:32:19 | untrusted | provenance | Src:MaD:676 | +| test.go:24:15:24:41 | call to UserAgent | test.go:33:9:33:17 | untrusted | provenance | Src:MaD:676 | +| test.go:24:15:24:41 | call to UserAgent | test.go:34:8:34:16 | untrusted | provenance | Src:MaD:676 | +| test.go:24:15:24:41 | call to UserAgent | test.go:35:8:35:16 | untrusted | provenance | Src:MaD:676 | +| test.go:24:15:24:41 | call to UserAgent | test.go:36:13:36:21 | untrusted | provenance | Src:MaD:676 | +| test.go:24:15:24:41 | call to UserAgent | test.go:37:13:37:21 | untrusted | provenance | Src:MaD:676 | +| test.go:24:15:24:41 | call to UserAgent | test.go:38:12:38:20 | untrusted | provenance | Src:MaD:676 | +| test.go:24:15:24:41 | call to UserAgent | test.go:39:12:39:20 | untrusted | provenance | Src:MaD:676 | +| test.go:24:15:24:41 | call to UserAgent | test.go:40:9:40:17 | untrusted | provenance | Src:MaD:676 | +| test.go:24:15:24:41 | call to UserAgent | test.go:41:12:41:20 | untrusted | provenance | Src:MaD:676 | +| test.go:24:15:24:41 | call to UserAgent | test.go:42:16:42:24 | untrusted | provenance | Src:MaD:676 | +| test.go:24:15:24:41 | call to UserAgent | test.go:42:27:42:35 | untrusted | provenance | Src:MaD:676 | +| test.go:24:15:24:41 | call to UserAgent | test.go:43:12:43:20 | untrusted | provenance | Src:MaD:676 | +| test.go:24:15:24:41 | call to UserAgent | test.go:44:14:44:22 | untrusted | provenance | Src:MaD:676 | +| test.go:24:15:24:41 | call to UserAgent | test.go:44:25:44:33 | untrusted | provenance | Src:MaD:676 | +| test.go:48:15:48:41 | call to UserAgent | test.go:49:12:49:20 | untrusted | provenance | Src:MaD:676 | +| test.go:54:15:54:41 | call to UserAgent | test.go:56:31:56:39 | untrusted | provenance | Src:MaD:676 | +| test.go:60:15:60:41 | call to UserAgent | test.go:62:19:62:27 | untrusted | provenance | Src:MaD:676 | nodes | test.go:10:15:10:41 | call to UserAgent | semmle.label | call to UserAgent | | test.go:12:11:12:19 | untrusted | semmle.label | untrusted | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected index c29c8d4d888b..1349a437811f 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected @@ -8,28 +8,28 @@ edges | test.go:51:2:51:30 | ... := ...[0] | test.go:52:16:52:37 | index expression | provenance | | | test.go:57:2:57:46 | ... := ...[0] | test.go:58:13:58:22 | fileHeader | provenance | | | test.go:58:2:58:29 | ... := ...[0] | test.go:60:2:60:5 | file | provenance | | -| test.go:58:13:58:22 | fileHeader | test.go:58:2:58:29 | ... := ...[0] | provenance | MaD:624 | +| test.go:58:13:58:22 | fileHeader | test.go:58:2:58:29 | ... := ...[0] | provenance | MaD:629 | | test.go:59:2:59:7 | definition of buffer | test.go:61:20:61:25 | buffer | provenance | | -| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | provenance | MaD:550 | +| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | provenance | MaD:555 | | test.go:66:2:66:31 | ... := ...[0] | test.go:67:16:67:41 | index expression | provenance | | | test.go:72:2:72:31 | ... := ...[0] | test.go:74:13:74:22 | fileHeader | provenance | | | test.go:74:2:74:29 | ... := ...[0] | test.go:76:2:76:5 | file | provenance | | -| test.go:74:13:74:22 | fileHeader | test.go:74:2:74:29 | ... := ...[0] | provenance | MaD:624 | +| test.go:74:13:74:22 | fileHeader | test.go:74:2:74:29 | ... := ...[0] | provenance | MaD:629 | | test.go:75:2:75:7 | definition of buffer | test.go:77:20:77:25 | buffer | provenance | | -| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | provenance | MaD:550 | +| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | provenance | MaD:555 | | test.go:82:2:82:32 | ... := ...[0] | test.go:83:16:83:24 | selection of Value | provenance | | | test.go:88:13:88:25 | call to Cookies | test.go:89:16:89:31 | selection of Value | provenance | | | test.go:99:11:99:15 | &... | test.go:100:16:100:21 | selection of s | provenance | | | test.go:112:17:112:19 | definition of ctx | test.go:114:16:114:18 | ctx | provenance | | -| test.go:113:21:113:42 | call to Param | test.go:112:17:112:19 | definition of ctx | provenance | MaD:355 | -| test.go:114:16:114:18 | ctx | test.go:114:16:114:33 | call to Get | provenance | MaD:354 | +| test.go:113:21:113:42 | call to Param | test.go:112:17:112:19 | definition of ctx | provenance | MaD:360 | +| test.go:114:16:114:18 | ctx | test.go:114:16:114:33 | call to Get | provenance | MaD:359 | | test.go:114:16:114:33 | call to Get | test.go:114:16:114:42 | type assertion | provenance | | | test.go:124:11:124:32 | call to Param | test.go:125:16:125:20 | param | provenance | | | test.go:130:11:130:32 | call to Param | test.go:131:20:131:32 | type conversion | provenance | | | test.go:136:11:136:32 | call to Param | test.go:137:29:137:41 | type conversion | provenance | | | test.go:148:11:148:32 | call to Param | test.go:149:30:149:34 | param | provenance | | | test.go:149:12:149:35 | call to NewReader | test.go:150:31:150:36 | reader | provenance | | -| test.go:149:30:149:34 | param | test.go:149:12:149:35 | call to NewReader | provenance | MaD:833 | +| test.go:149:30:149:34 | param | test.go:149:12:149:35 | call to NewReader | provenance | MaD:838 | | test.go:164:11:164:32 | call to Param | test.go:165:23:165:35 | type conversion | provenance | | nodes | test.go:15:11:15:32 | call to Param | semmle.label | call to Param | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected b/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected index fc1b0f4ec46b..7cecb3afae45 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected @@ -3,13 +3,13 @@ edges | jsoniter.go:23:20:23:38 | call to getUntrustedBytes | jsoniter.go:31:21:31:34 | untrustedInput | provenance | | | jsoniter.go:24:21:24:40 | call to getUntrustedString | jsoniter.go:35:27:35:41 | untrustedString | provenance | | | jsoniter.go:24:21:24:40 | call to getUntrustedString | jsoniter.go:39:31:39:45 | untrustedString | provenance | | -| jsoniter.go:27:17:27:30 | untrustedInput | jsoniter.go:27:33:27:37 | &... | provenance | MaD:346 | +| jsoniter.go:27:17:27:30 | untrustedInput | jsoniter.go:27:33:27:37 | &... | provenance | MaD:351 | | jsoniter.go:27:33:27:37 | &... | jsoniter.go:28:15:28:24 | selection of field | provenance | | -| jsoniter.go:31:21:31:34 | untrustedInput | jsoniter.go:31:37:31:42 | &... | provenance | MaD:344 | +| jsoniter.go:31:21:31:34 | untrustedInput | jsoniter.go:31:37:31:42 | &... | provenance | MaD:349 | | jsoniter.go:31:37:31:42 | &... | jsoniter.go:32:15:32:25 | selection of field | provenance | | -| jsoniter.go:35:27:35:41 | untrustedString | jsoniter.go:35:44:35:49 | &... | provenance | MaD:347 | +| jsoniter.go:35:27:35:41 | untrustedString | jsoniter.go:35:44:35:49 | &... | provenance | MaD:352 | | jsoniter.go:35:44:35:49 | &... | jsoniter.go:36:15:36:25 | selection of field | provenance | | -| jsoniter.go:39:31:39:45 | untrustedString | jsoniter.go:39:48:39:53 | &... | provenance | MaD:345 | +| jsoniter.go:39:31:39:45 | untrustedString | jsoniter.go:39:48:39:53 | &... | provenance | MaD:350 | | jsoniter.go:39:48:39:53 | &... | jsoniter.go:40:15:40:25 | selection of field | provenance | | nodes | jsoniter.go:23:20:23:38 | call to getUntrustedBytes | semmle.label | call to getUntrustedBytes | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected index 23abbdd54b20..1ade29520c0f 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected @@ -1,10 +1,10 @@ edges | EndToEnd.go:35:2:35:4 | definition of buf | EndToEnd.go:37:24:37:26 | buf | provenance | | | EndToEnd.go:36:18:36:25 | selection of Params | EndToEnd.go:36:18:36:30 | selection of Form | provenance | | -| EndToEnd.go:36:18:36:30 | selection of Form | EndToEnd.go:36:18:36:47 | call to Get | provenance | MaD:739 | -| EndToEnd.go:36:18:36:47 | call to Get | EndToEnd.go:35:2:35:4 | definition of buf | provenance | MaD:553 | +| EndToEnd.go:36:18:36:30 | selection of Form | EndToEnd.go:36:18:36:47 | call to Get | provenance | MaD:744 | +| EndToEnd.go:36:18:36:47 | call to Get | EndToEnd.go:35:2:35:4 | definition of buf | provenance | MaD:558 | | EndToEnd.go:69:22:69:29 | selection of Params | EndToEnd.go:69:22:69:34 | selection of Form | provenance | | -| EndToEnd.go:69:22:69:34 | selection of Form | EndToEnd.go:69:22:69:51 | call to Get | provenance | MaD:739 | +| EndToEnd.go:69:22:69:34 | selection of Form | EndToEnd.go:69:22:69:51 | call to Get | provenance | MaD:744 | | Revel.go:70:22:70:29 | selection of Params | Revel.go:70:22:70:35 | selection of Query | provenance | | | examples/booking/app/init.go:36:44:36:48 | selection of URL | examples/booking/app/init.go:36:44:36:53 | selection of Path | provenance | | | examples/booking/app/init.go:40:49:40:53 | selection of URL | examples/booking/app/init.go:40:49:40:58 | selection of Path | provenance | | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected index dc85069dcba6..61c37af821c8 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected @@ -1,8 +1,8 @@ edges | EndToEnd.go:58:18:58:25 | selection of Params | EndToEnd.go:58:18:58:30 | selection of Form | provenance | | -| EndToEnd.go:58:18:58:30 | selection of Form | EndToEnd.go:58:18:58:47 | call to Get | provenance | MaD:739 | +| EndToEnd.go:58:18:58:30 | selection of Form | EndToEnd.go:58:18:58:47 | call to Get | provenance | MaD:744 | | EndToEnd.go:64:26:64:33 | selection of Params | EndToEnd.go:64:26:64:38 | selection of Form | provenance | | -| EndToEnd.go:64:26:64:38 | selection of Form | EndToEnd.go:64:26:64:55 | call to Get | provenance | MaD:739 | +| EndToEnd.go:64:26:64:38 | selection of Form | EndToEnd.go:64:26:64:55 | call to Get | provenance | MaD:744 | nodes | EndToEnd.go:58:18:58:25 | selection of Params | semmle.label | selection of Params | | EndToEnd.go:58:18:58:30 | selection of Form | semmle.label | selection of Form | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected b/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected index 2290d6d6c408..5e01fbbbc1a4 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected @@ -6,9 +6,9 @@ edges | rpc/notes/service.twirp.go:493:2:493:2 | capture variable reqContent | rpc/notes/service.twirp.go:495:35:495:44 | reqContent | provenance | | | rpc/notes/service.twirp.go:495:35:495:44 | reqContent | server/main.go:19:56:19:61 | definition of params | provenance | | | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | rpc/notes/service.twirp.go:544:27:544:29 | buf | provenance | | -| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | provenance | MaD:544 | +| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | provenance | MaD:549 | | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | rpc/notes/service.twirp.go:574:2:574:2 | capture variable reqContent | provenance | | -| rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | provenance | MaD:429 | +| rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | provenance | MaD:434 | | rpc/notes/service.twirp.go:554:6:554:13 | definition of typedReq | rpc/notes/service.twirp.go:558:44:558:51 | typedReq | provenance | | | rpc/notes/service.twirp.go:558:44:558:51 | typedReq | server/main.go:19:56:19:61 | definition of params | provenance | | | rpc/notes/service.twirp.go:574:2:574:2 | capture variable reqContent | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | provenance | | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected index 7e9932e143dc..5198d2c30437 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected @@ -1,40 +1,40 @@ edges -| test.go:12:12:12:22 | selection of URL | test.go:12:12:12:30 | call to Query | provenance | MaD:732 | -| test.go:12:12:12:30 | call to Query | test.go:12:12:12:44 | call to Get | provenance | MaD:739 | +| test.go:12:12:12:22 | selection of URL | test.go:12:12:12:30 | call to Query | provenance | MaD:737 | +| test.go:12:12:12:30 | call to Query | test.go:12:12:12:44 | call to Get | provenance | MaD:744 | | test.go:12:12:12:44 | call to Get | test.go:15:42:15:47 | param1 | provenance | | | test.go:15:22:15:48 | call to UnescapeString | test.go:15:15:15:49 | type conversion | provenance | | -| test.go:15:42:15:47 | param1 | test.go:15:22:15:48 | call to UnescapeString | provenance | MaD:411 | +| test.go:15:42:15:47 | param1 | test.go:15:22:15:48 | call to UnescapeString | provenance | MaD:416 | | test.go:17:2:17:36 | ... := ...[0] | test.go:18:15:18:31 | type conversion | provenance | | | test.go:17:2:17:36 | ... := ...[0] | test.go:29:22:29:25 | node | provenance | | -| test.go:17:24:17:35 | selection of Body | test.go:17:2:17:36 | ... := ...[0] | provenance | MaD:406 | +| test.go:17:24:17:35 | selection of Body | test.go:17:2:17:36 | ... := ...[0] | provenance | MaD:411 | | test.go:20:2:20:48 | ... := ...[0] | test.go:21:15:21:32 | type conversion | provenance | | -| test.go:20:36:20:47 | selection of Body | test.go:20:2:20:48 | ... := ...[0] | provenance | MaD:409 | +| test.go:20:36:20:47 | selection of Body | test.go:20:2:20:48 | ... := ...[0] | provenance | MaD:414 | | test.go:23:2:23:50 | ... := ...[0] | test.go:24:15:24:35 | type conversion | provenance | | -| test.go:23:33:23:44 | selection of Body | test.go:23:2:23:50 | ... := ...[0] | provenance | MaD:407 | +| test.go:23:33:23:44 | selection of Body | test.go:23:2:23:50 | ... := ...[0] | provenance | MaD:412 | | test.go:26:2:26:62 | ... := ...[0] | test.go:27:15:27:36 | type conversion | provenance | | -| test.go:26:45:26:56 | selection of Body | test.go:26:2:26:62 | ... := ...[0] | provenance | MaD:408 | +| test.go:26:45:26:56 | selection of Body | test.go:26:2:26:62 | ... := ...[0] | provenance | MaD:413 | | test.go:31:15:31:45 | call to NewTokenizer | test.go:32:15:32:23 | tokenizer | provenance | | | test.go:31:15:31:45 | call to NewTokenizer | test.go:33:15:33:23 | tokenizer | provenance | | | test.go:31:15:31:45 | call to NewTokenizer | test.go:34:17:34:25 | tokenizer | provenance | | | test.go:31:15:31:45 | call to NewTokenizer | test.go:36:15:36:23 | tokenizer | provenance | | | test.go:31:15:31:45 | call to NewTokenizer | test.go:37:22:37:30 | tokenizer | provenance | | -| test.go:31:33:31:44 | selection of Body | test.go:31:15:31:45 | call to NewTokenizer | provenance | MaD:404 | -| test.go:32:15:32:23 | tokenizer | test.go:32:15:32:34 | call to Buffered | provenance | MaD:414 | -| test.go:33:15:33:23 | tokenizer | test.go:33:15:33:29 | call to Raw | provenance | MaD:415 | +| test.go:31:33:31:44 | selection of Body | test.go:31:15:31:45 | call to NewTokenizer | provenance | MaD:409 | +| test.go:32:15:32:23 | tokenizer | test.go:32:15:32:34 | call to Buffered | provenance | MaD:419 | +| test.go:33:15:33:23 | tokenizer | test.go:33:15:33:29 | call to Raw | provenance | MaD:420 | | test.go:34:2:34:35 | ... := ...[1] | test.go:35:15:35:19 | value | provenance | | -| test.go:34:17:34:25 | tokenizer | test.go:34:2:34:35 | ... := ...[1] | provenance | MaD:416 | -| test.go:36:15:36:23 | tokenizer | test.go:36:15:36:30 | call to Text | provenance | MaD:417 | -| test.go:37:22:37:30 | tokenizer | test.go:37:22:37:38 | call to Token | provenance | MaD:418 | +| test.go:34:17:34:25 | tokenizer | test.go:34:2:34:35 | ... := ...[1] | provenance | MaD:421 | +| test.go:36:15:36:23 | tokenizer | test.go:36:15:36:30 | call to Text | provenance | MaD:422 | +| test.go:37:22:37:30 | tokenizer | test.go:37:22:37:38 | call to Token | provenance | MaD:423 | | test.go:37:22:37:38 | call to Token | test.go:37:15:37:44 | type conversion | provenance | | | test.go:39:23:39:77 | call to NewTokenizerFragment | test.go:40:15:40:31 | tokenizerFragment | provenance | | -| test.go:39:49:39:60 | selection of Body | test.go:39:23:39:77 | call to NewTokenizerFragment | provenance | MaD:405 | -| test.go:40:15:40:31 | tokenizerFragment | test.go:40:15:40:42 | call to Buffered | provenance | MaD:414 | +| test.go:39:49:39:60 | selection of Body | test.go:39:23:39:77 | call to NewTokenizerFragment | provenance | MaD:410 | +| test.go:40:15:40:31 | tokenizerFragment | test.go:40:15:40:42 | call to Buffered | provenance | MaD:419 | | test.go:42:6:42:14 | definition of cleanNode | test.go:45:22:45:31 | &... | provenance | | | test.go:42:6:42:14 | definition of cleanNode | test.go:45:22:45:31 | &... | provenance | | | test.go:42:6:42:14 | definition of cleanNode | test.go:45:23:45:31 | cleanNode | provenance | | | test.go:43:2:43:43 | ... := ...[0] | test.go:44:24:44:34 | taintedNode | provenance | | -| test.go:43:31:43:42 | selection of Body | test.go:43:2:43:43 | ... := ...[0] | provenance | MaD:406 | -| test.go:44:24:44:34 | taintedNode | test.go:42:6:42:14 | definition of cleanNode | provenance | MaD:412 | +| test.go:43:31:43:42 | selection of Body | test.go:43:2:43:43 | ... := ...[0] | provenance | MaD:411 | +| test.go:44:24:44:34 | taintedNode | test.go:42:6:42:14 | definition of cleanNode | provenance | MaD:417 | | test.go:45:22:45:31 | &... | test.go:45:22:45:31 | &... | provenance | | | test.go:45:22:45:31 | &... | test.go:45:22:45:31 | &... | provenance | | | test.go:45:22:45:31 | &... | test.go:45:23:45:31 | cleanNode | provenance | | @@ -46,8 +46,8 @@ edges | test.go:47:6:47:15 | definition of cleanNode2 | test.go:50:22:50:32 | &... | provenance | | | test.go:47:6:47:15 | definition of cleanNode2 | test.go:50:23:50:32 | cleanNode2 | provenance | | | test.go:48:2:48:44 | ... := ...[0] | test.go:49:26:49:37 | taintedNode2 | provenance | | -| test.go:48:32:48:43 | selection of Body | test.go:48:2:48:44 | ... := ...[0] | provenance | MaD:406 | -| test.go:49:26:49:37 | taintedNode2 | test.go:47:6:47:15 | definition of cleanNode2 | provenance | MaD:413 | +| test.go:48:32:48:43 | selection of Body | test.go:48:2:48:44 | ... := ...[0] | provenance | MaD:411 | +| test.go:49:26:49:37 | taintedNode2 | test.go:47:6:47:15 | definition of cleanNode2 | provenance | MaD:418 | | test.go:50:22:50:32 | &... | test.go:50:22:50:32 | &... | provenance | | | test.go:50:22:50:32 | &... | test.go:50:22:50:32 | &... | provenance | | | test.go:50:22:50:32 | &... | test.go:50:23:50:32 | cleanNode2 | provenance | | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/SqlInjection.expected b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/SqlInjection.expected index 8b3a16cd35ce..58ea540ced5a 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/SqlInjection.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/SqlInjection.expected @@ -1,6 +1,6 @@ edges -| test.go:56:2:56:42 | ... := ...[0] | test.go:57:29:57:40 | selection of Value | provenance | Src:MaD:664 | -| test.go:57:29:57:40 | selection of Value | test.go:57:11:57:41 | call to EscapeString | provenance | MaD:403 | +| test.go:56:2:56:42 | ... := ...[0] | test.go:57:29:57:40 | selection of Value | provenance | Src:MaD:669 | +| test.go:57:29:57:40 | selection of Value | test.go:57:11:57:41 | call to EscapeString | provenance | MaD:408 | nodes | test.go:56:2:56:42 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:57:11:57:41 | call to EscapeString | semmle.label | call to EscapeString | diff --git a/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected b/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected index f8c551ea7501..e94725e71d8e 100644 --- a/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected +++ b/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected @@ -1,10 +1,10 @@ edges -| TaintedPath.go:14:18:14:22 | selection of URL | TaintedPath.go:14:18:14:30 | call to Query | provenance | MaD:732 | +| TaintedPath.go:14:18:14:22 | selection of URL | TaintedPath.go:14:18:14:30 | call to Query | provenance | MaD:737 | | TaintedPath.go:14:18:14:30 | call to Query | TaintedPath.go:17:29:17:40 | tainted_path | provenance | | | TaintedPath.go:14:18:14:30 | call to Query | TaintedPath.go:21:57:21:68 | tainted_path | provenance | | | TaintedPath.go:14:18:14:30 | call to Query | TaintedPath.go:68:39:68:56 | ...+... | provenance | | | TaintedPath.go:21:57:21:68 | tainted_path | TaintedPath.go:21:28:21:69 | call to Join | provenance | FunctionModel | -| TaintedPath.go:68:39:68:56 | ...+... | TaintedPath.go:68:28:68:57 | call to Clean | provenance | MaD:758 | +| TaintedPath.go:68:39:68:56 | ...+... | TaintedPath.go:68:28:68:57 | call to Clean | provenance | MaD:763 | nodes | TaintedPath.go:14:18:14:22 | selection of URL | semmle.label | selection of URL | | TaintedPath.go:14:18:14:30 | call to Query | semmle.label | call to Query | diff --git a/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected b/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected index 14b42a974821..9b3e8dfe15c3 100644 --- a/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected +++ b/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected @@ -7,9 +7,9 @@ edges | UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate | provenance | | | ZipSlip.go:11:2:15:2 | range statement[1] | ZipSlip.go:12:24:12:29 | selection of Name | provenance | | | ZipSlip.go:12:3:12:30 | ... := ...[0] | ZipSlip.go:14:20:14:20 | p | provenance | | -| ZipSlip.go:12:24:12:29 | selection of Name | ZipSlip.go:12:3:12:30 | ... := ...[0] | provenance | MaD:744 | +| ZipSlip.go:12:24:12:29 | selection of Name | ZipSlip.go:12:3:12:30 | ... := ...[0] | provenance | MaD:749 | | tarslip.go:15:2:15:30 | ... := ...[0] | tarslip.go:16:23:16:33 | selection of Name | provenance | | -| tarslip.go:16:23:16:33 | selection of Name | tarslip.go:16:14:16:34 | call to Dir | provenance | MaD:759 | +| tarslip.go:16:23:16:33 | selection of Name | tarslip.go:16:14:16:34 | call to Dir | provenance | MaD:764 | | tst.go:23:2:43:2 | range statement[1] | tst.go:29:20:29:23 | path | provenance | | nodes | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate | semmle.label | definition of candidate | diff --git a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected index 8c8037fa57e0..42374120ce55 100644 --- a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected @@ -1,15 +1,15 @@ edges -| ArgumentInjection.go:9:10:9:16 | selection of URL | ArgumentInjection.go:9:10:9:24 | call to Query | provenance | MaD:732 | +| ArgumentInjection.go:9:10:9:16 | selection of URL | ArgumentInjection.go:9:10:9:24 | call to Query | provenance | MaD:737 | | ArgumentInjection.go:9:10:9:24 | call to Query | ArgumentInjection.go:10:31:10:34 | path | provenance | | -| CommandInjection.go:9:13:9:19 | selection of URL | CommandInjection.go:9:13:9:27 | call to Query | provenance | MaD:732 | +| CommandInjection.go:9:13:9:19 | selection of URL | CommandInjection.go:9:13:9:27 | call to Query | provenance | MaD:737 | | CommandInjection.go:9:13:9:27 | call to Query | CommandInjection.go:10:22:10:28 | cmdName | provenance | | -| GitSubcommands.go:10:13:10:19 | selection of URL | GitSubcommands.go:10:13:10:27 | call to Query | provenance | MaD:732 | +| GitSubcommands.go:10:13:10:19 | selection of URL | GitSubcommands.go:10:13:10:27 | call to Query | provenance | MaD:737 | | GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:12:31:12:37 | tainted | provenance | | | GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:13:31:13:37 | tainted | provenance | | | GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:14:30:14:36 | tainted | provenance | | | GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:15:35:15:41 | tainted | provenance | | | GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:16:36:16:42 | tainted | provenance | | -| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:9:13:9:27 | call to Query | provenance | MaD:732 | +| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:9:13:9:27 | call to Query | provenance | MaD:737 | | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:13:25:13:31 | tainted | provenance | | | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance | | | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:39:31:39:37 | tainted | provenance | | @@ -42,7 +42,7 @@ edges | SanitizingDoubleDash.go:69:14:69:35 | call to append [array, array] | SanitizingDoubleDash.go:70:23:70:30 | arrayLit | provenance | | | SanitizingDoubleDash.go:69:21:69:28 | arrayLit | SanitizingDoubleDash.go:69:14:69:35 | call to append | provenance | FunctionModel | | SanitizingDoubleDash.go:69:21:69:28 | arrayLit [array, array] | SanitizingDoubleDash.go:69:14:69:35 | call to append [array, array] | provenance | MaD:28 | -| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:92:13:92:27 | call to Query | provenance | MaD:732 | +| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:92:13:92:27 | call to Query | provenance | MaD:737 | | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:95:25:95:31 | tainted | provenance | | | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:96:24:96:34 | slice expression | provenance | | | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:100:31:100:37 | tainted | provenance | | diff --git a/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected b/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected index 8f4467cf2f8e..9940672f7556 100644 --- a/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected +++ b/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected @@ -1,45 +1,45 @@ edges -| ReflectedXss.go:11:15:11:20 | selection of Form | ReflectedXss.go:11:15:11:36 | call to Get | provenance | MaD:739 | +| ReflectedXss.go:11:15:11:20 | selection of Form | ReflectedXss.go:11:15:11:36 | call to Get | provenance | MaD:744 | | ReflectedXss.go:11:15:11:36 | call to Get | ReflectedXss.go:14:44:14:51 | username | provenance | | -| contenttype.go:11:11:11:16 | selection of Form | contenttype.go:11:11:11:28 | call to Get | provenance | MaD:739 | +| contenttype.go:11:11:11:16 | selection of Form | contenttype.go:11:11:11:28 | call to Get | provenance | MaD:744 | | contenttype.go:11:11:11:28 | call to Get | contenttype.go:17:11:17:22 | type conversion | provenance | | -| contenttype.go:49:11:49:16 | selection of Form | contenttype.go:49:11:49:28 | call to Get | provenance | MaD:739 | +| contenttype.go:49:11:49:16 | selection of Form | contenttype.go:49:11:49:28 | call to Get | provenance | MaD:744 | | contenttype.go:49:11:49:28 | call to Get | contenttype.go:53:34:53:37 | data | provenance | | -| contenttype.go:63:10:63:28 | call to FormValue | contenttype.go:64:52:64:55 | data | provenance | Src:MaD:667 | -| contenttype.go:73:10:73:28 | call to FormValue | contenttype.go:79:11:79:14 | data | provenance | Src:MaD:667 | -| contenttype.go:88:10:88:28 | call to FormValue | contenttype.go:91:4:91:7 | data | provenance | Src:MaD:667 | -| contenttype.go:113:10:113:28 | call to FormValue | contenttype.go:114:50:114:53 | data | provenance | Src:MaD:667 | -| reflectedxsstest.go:31:2:31:44 | ... := ...[0] | reflectedxsstest.go:32:34:32:37 | file | provenance | Src:MaD:666 | -| reflectedxsstest.go:31:2:31:44 | ... := ...[1] | reflectedxsstest.go:34:46:34:60 | selection of Filename | provenance | Src:MaD:666 | +| contenttype.go:63:10:63:28 | call to FormValue | contenttype.go:64:52:64:55 | data | provenance | Src:MaD:672 | +| contenttype.go:73:10:73:28 | call to FormValue | contenttype.go:79:11:79:14 | data | provenance | Src:MaD:672 | +| contenttype.go:88:10:88:28 | call to FormValue | contenttype.go:91:4:91:7 | data | provenance | Src:MaD:672 | +| contenttype.go:113:10:113:28 | call to FormValue | contenttype.go:114:50:114:53 | data | provenance | Src:MaD:672 | +| reflectedxsstest.go:31:2:31:44 | ... := ...[0] | reflectedxsstest.go:32:34:32:37 | file | provenance | Src:MaD:671 | +| reflectedxsstest.go:31:2:31:44 | ... := ...[1] | reflectedxsstest.go:34:46:34:60 | selection of Filename | provenance | Src:MaD:671 | | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | reflectedxsstest.go:33:49:33:55 | content | provenance | | -| reflectedxsstest.go:32:34:32:37 | file | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | provenance | MaD:537 | -| reflectedxsstest.go:33:17:33:56 | []type{args} [array] | reflectedxsstest.go:33:17:33:56 | call to Sprintf | provenance | MaD:242 | +| reflectedxsstest.go:32:34:32:37 | file | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | provenance | MaD:542 | +| reflectedxsstest.go:33:17:33:56 | []type{args} [array] | reflectedxsstest.go:33:17:33:56 | call to Sprintf | provenance | MaD:247 | | reflectedxsstest.go:33:17:33:56 | call to Sprintf | reflectedxsstest.go:33:10:33:57 | type conversion | provenance | | | reflectedxsstest.go:33:49:33:55 | content | reflectedxsstest.go:33:17:33:56 | []type{args} [array] | provenance | | | reflectedxsstest.go:33:49:33:55 | content | reflectedxsstest.go:33:17:33:56 | call to Sprintf | provenance | FunctionModel | -| reflectedxsstest.go:34:17:34:61 | []type{args} [array] | reflectedxsstest.go:34:17:34:61 | call to Sprintf | provenance | MaD:242 | +| reflectedxsstest.go:34:17:34:61 | []type{args} [array] | reflectedxsstest.go:34:17:34:61 | call to Sprintf | provenance | MaD:247 | | reflectedxsstest.go:34:17:34:61 | call to Sprintf | reflectedxsstest.go:34:10:34:62 | type conversion | provenance | | | reflectedxsstest.go:34:46:34:60 | selection of Filename | reflectedxsstest.go:34:17:34:61 | []type{args} [array] | provenance | | | reflectedxsstest.go:34:46:34:60 | selection of Filename | reflectedxsstest.go:34:17:34:61 | call to Sprintf | provenance | FunctionModel | -| reflectedxsstest.go:38:2:38:35 | ... := ...[0] | reflectedxsstest.go:39:16:39:21 | reader | provenance | Src:MaD:668 | +| reflectedxsstest.go:38:2:38:35 | ... := ...[0] | reflectedxsstest.go:39:16:39:21 | reader | provenance | Src:MaD:673 | | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | reflectedxsstest.go:40:14:40:17 | part | provenance | | | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | reflectedxsstest.go:42:2:42:5 | part | provenance | | -| reflectedxsstest.go:39:16:39:21 | reader | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | provenance | MaD:627 | -| reflectedxsstest.go:40:14:40:17 | part | reflectedxsstest.go:40:14:40:28 | call to FileName | provenance | MaD:625 | +| reflectedxsstest.go:39:16:39:21 | reader | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | provenance | MaD:632 | +| reflectedxsstest.go:40:14:40:17 | part | reflectedxsstest.go:40:14:40:28 | call to FileName | provenance | MaD:630 | | reflectedxsstest.go:40:14:40:28 | call to FileName | reflectedxsstest.go:44:46:44:53 | partName | provenance | | | reflectedxsstest.go:41:2:41:10 | definition of byteSlice | reflectedxsstest.go:45:10:45:18 | byteSlice | provenance | | -| reflectedxsstest.go:42:2:42:5 | part | reflectedxsstest.go:41:2:41:10 | definition of byteSlice | provenance | MaD:550 | -| reflectedxsstest.go:44:17:44:54 | []type{args} [array] | reflectedxsstest.go:44:17:44:54 | call to Sprintf | provenance | MaD:242 | +| reflectedxsstest.go:42:2:42:5 | part | reflectedxsstest.go:41:2:41:10 | definition of byteSlice | provenance | MaD:555 | +| reflectedxsstest.go:44:17:44:54 | []type{args} [array] | reflectedxsstest.go:44:17:44:54 | call to Sprintf | provenance | MaD:247 | | reflectedxsstest.go:44:17:44:54 | call to Sprintf | reflectedxsstest.go:44:10:44:55 | type conversion | provenance | | | reflectedxsstest.go:44:46:44:53 | partName | reflectedxsstest.go:44:17:44:54 | []type{args} [array] | provenance | | | reflectedxsstest.go:44:46:44:53 | partName | reflectedxsstest.go:44:17:44:54 | call to Sprintf | provenance | FunctionModel | -| reflectedxsstest.go:51:14:51:18 | selection of URL | reflectedxsstest.go:51:14:51:26 | call to Query | provenance | MaD:732 | +| reflectedxsstest.go:51:14:51:18 | selection of URL | reflectedxsstest.go:51:14:51:26 | call to Query | provenance | MaD:737 | | reflectedxsstest.go:51:14:51:26 | call to Query | reflectedxsstest.go:54:11:54:21 | type conversion | provenance | | -| tst.go:14:15:14:20 | selection of Form | tst.go:14:15:14:36 | call to Get | provenance | MaD:739 | +| tst.go:14:15:14:20 | selection of Form | tst.go:14:15:14:36 | call to Get | provenance | MaD:744 | | tst.go:14:15:14:36 | call to Get | tst.go:18:32:18:32 | a | provenance | | | tst.go:18:19:18:38 | call to Join | tst.go:18:12:18:39 | type conversion | provenance | | -| tst.go:18:32:18:32 | a | tst.go:18:19:18:38 | call to Join | provenance | MaD:831 | -| tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:34 | call to Get | provenance | MaD:739 | +| tst.go:18:32:18:32 | a | tst.go:18:19:18:38 | call to Join | provenance | MaD:836 | +| tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:34 | call to Get | provenance | MaD:744 | | tst.go:48:14:48:34 | call to Get | tst.go:53:12:53:26 | type conversion | provenance | | | websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | provenance | | | websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | provenance | | diff --git a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected index 1f46a8f43ba4..6d397ecc4f81 100644 --- a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected @@ -1,50 +1,50 @@ edges -| SqlInjection.go:10:7:11:30 | []type{args} [array] | SqlInjection.go:10:7:11:30 | call to Sprintf | provenance | MaD:242 | +| SqlInjection.go:10:7:11:30 | []type{args} [array] | SqlInjection.go:10:7:11:30 | call to Sprintf | provenance | MaD:247 | | SqlInjection.go:10:7:11:30 | call to Sprintf | SqlInjection.go:12:11:12:11 | q | provenance | | -| SqlInjection.go:11:3:11:9 | selection of URL | SqlInjection.go:11:3:11:17 | call to Query | provenance | MaD:732 | +| SqlInjection.go:11:3:11:9 | selection of URL | SqlInjection.go:11:3:11:17 | call to Query | provenance | MaD:737 | | SqlInjection.go:11:3:11:17 | call to Query | SqlInjection.go:11:3:11:29 | index expression | provenance | | | SqlInjection.go:11:3:11:29 | index expression | SqlInjection.go:10:7:11:30 | []type{args} [array] | provenance | | | SqlInjection.go:11:3:11:29 | index expression | SqlInjection.go:10:7:11:30 | call to Sprintf | provenance | FunctionModel | | issue48.go:17:2:17:33 | ... := ...[0] | issue48.go:18:17:18:17 | b | provenance | | -| issue48.go:17:25:17:32 | selection of Body | issue48.go:17:2:17:33 | ... := ...[0] | provenance | MaD:537 | -| issue48.go:18:17:18:17 | b | issue48.go:18:20:18:39 | &... | provenance | MaD:181 | +| issue48.go:17:25:17:32 | selection of Body | issue48.go:17:2:17:33 | ... := ...[0] | provenance | MaD:542 | +| issue48.go:18:17:18:17 | b | issue48.go:18:20:18:39 | &... | provenance | MaD:186 | | issue48.go:18:20:18:39 | &... | issue48.go:21:3:21:33 | index expression | provenance | | -| issue48.go:20:8:21:34 | []type{args} [array] | issue48.go:20:8:21:34 | call to Sprintf | provenance | MaD:242 | +| issue48.go:20:8:21:34 | []type{args} [array] | issue48.go:20:8:21:34 | call to Sprintf | provenance | MaD:247 | | issue48.go:20:8:21:34 | call to Sprintf | issue48.go:22:11:22:12 | q3 | provenance | | | issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | []type{args} [array] | provenance | | | issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | call to Sprintf | provenance | FunctionModel | | issue48.go:27:2:27:34 | ... := ...[0] | issue48.go:28:17:28:18 | b2 | provenance | | -| issue48.go:27:26:27:33 | selection of Body | issue48.go:27:2:27:34 | ... := ...[0] | provenance | MaD:537 | -| issue48.go:28:17:28:18 | b2 | issue48.go:28:21:28:41 | &... | provenance | MaD:181 | +| issue48.go:27:26:27:33 | selection of Body | issue48.go:27:2:27:34 | ... := ...[0] | provenance | MaD:542 | +| issue48.go:28:17:28:18 | b2 | issue48.go:28:21:28:41 | &... | provenance | MaD:186 | | issue48.go:28:21:28:41 | &... | issue48.go:31:3:31:31 | selection of Category | provenance | | -| issue48.go:30:8:31:32 | []type{args} [array] | issue48.go:30:8:31:32 | call to Sprintf | provenance | MaD:242 | +| issue48.go:30:8:31:32 | []type{args} [array] | issue48.go:30:8:31:32 | call to Sprintf | provenance | MaD:247 | | issue48.go:30:8:31:32 | call to Sprintf | issue48.go:32:11:32:12 | q4 | provenance | | | issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | []type{args} [array] | provenance | | | issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | call to Sprintf | provenance | FunctionModel | -| issue48.go:37:17:37:50 | type conversion | issue48.go:37:53:37:73 | &... | provenance | MaD:181 | -| issue48.go:37:24:37:30 | selection of URL | issue48.go:37:24:37:38 | call to Query | provenance | MaD:732 | +| issue48.go:37:17:37:50 | type conversion | issue48.go:37:53:37:73 | &... | provenance | MaD:186 | +| issue48.go:37:24:37:30 | selection of URL | issue48.go:37:24:37:38 | call to Query | provenance | MaD:737 | | issue48.go:37:24:37:38 | call to Query | issue48.go:37:17:37:50 | type conversion | provenance | | | issue48.go:37:53:37:73 | &... | issue48.go:40:3:40:31 | selection of Category | provenance | | -| issue48.go:39:8:40:32 | []type{args} [array] | issue48.go:39:8:40:32 | call to Sprintf | provenance | MaD:242 | +| issue48.go:39:8:40:32 | []type{args} [array] | issue48.go:39:8:40:32 | call to Sprintf | provenance | MaD:247 | | issue48.go:39:8:40:32 | call to Sprintf | issue48.go:41:11:41:12 | q5 | provenance | | | issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | []type{args} [array] | provenance | | | issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | call to Sprintf | provenance | FunctionModel | | main.go:11:11:11:16 | selection of Form | main.go:11:11:11:28 | index expression | provenance | | -| main.go:15:11:15:84 | []type{args} [array] | main.go:15:11:15:84 | call to Sprintf | provenance | MaD:242 | -| main.go:15:63:15:67 | selection of URL | main.go:15:63:15:75 | call to Query | provenance | MaD:732 | +| main.go:15:11:15:84 | []type{args} [array] | main.go:15:11:15:84 | call to Sprintf | provenance | MaD:247 | +| main.go:15:63:15:67 | selection of URL | main.go:15:63:15:75 | call to Query | provenance | MaD:737 | | main.go:15:63:15:75 | call to Query | main.go:15:63:15:83 | index expression | provenance | | | main.go:15:63:15:83 | index expression | main.go:15:11:15:84 | []type{args} [array] | provenance | | | main.go:15:63:15:83 | index expression | main.go:15:11:15:84 | call to Sprintf | provenance | FunctionModel | -| main.go:16:11:16:85 | []type{args} [array] | main.go:16:11:16:85 | call to Sprintf | provenance | MaD:242 | -| main.go:16:63:16:70 | selection of Header | main.go:16:63:16:84 | call to Get | provenance | MaD:652 | +| main.go:16:11:16:85 | []type{args} [array] | main.go:16:11:16:85 | call to Sprintf | provenance | MaD:247 | +| main.go:16:63:16:70 | selection of Header | main.go:16:63:16:84 | call to Get | provenance | MaD:657 | | main.go:16:63:16:84 | call to Get | main.go:16:11:16:85 | []type{args} [array] | provenance | | | main.go:16:63:16:84 | call to Get | main.go:16:11:16:85 | call to Sprintf | provenance | FunctionModel | | main.go:28:17:31:2 | &... [pointer, Category] | main.go:34:3:34:13 | RequestData [pointer, Category] | provenance | | | main.go:28:18:31:2 | struct literal [Category] | main.go:28:17:31:2 | &... [pointer, Category] | provenance | | -| main.go:30:13:30:19 | selection of URL | main.go:30:13:30:27 | call to Query | provenance | MaD:732 | +| main.go:30:13:30:19 | selection of URL | main.go:30:13:30:27 | call to Query | provenance | MaD:737 | | main.go:30:13:30:27 | call to Query | main.go:30:13:30:39 | index expression | provenance | | | main.go:30:13:30:39 | index expression | main.go:28:18:31:2 | struct literal [Category] | provenance | | -| main.go:33:7:34:23 | []type{args} [array] | main.go:33:7:34:23 | call to Sprintf | provenance | MaD:242 | +| main.go:33:7:34:23 | []type{args} [array] | main.go:33:7:34:23 | call to Sprintf | provenance | MaD:247 | | main.go:33:7:34:23 | call to Sprintf | main.go:35:11:35:11 | q | provenance | | | main.go:34:3:34:13 | RequestData [pointer, Category] | main.go:34:3:34:13 | implicit dereference [Category] | provenance | | | main.go:34:3:34:13 | implicit dereference [Category] | main.go:34:3:34:22 | selection of Category | provenance | | @@ -54,10 +54,10 @@ edges | main.go:39:2:39:12 | definition of RequestData [pointer, Category] | main.go:43:3:43:13 | RequestData [pointer, Category] | provenance | | | main.go:40:2:40:12 | RequestData [pointer, Category] | main.go:40:2:40:12 | implicit dereference [Category] | provenance | | | main.go:40:2:40:12 | implicit dereference [Category] | main.go:39:2:39:12 | definition of RequestData [pointer, Category] | provenance | | -| main.go:40:25:40:31 | selection of URL | main.go:40:25:40:39 | call to Query | provenance | MaD:732 | +| main.go:40:25:40:31 | selection of URL | main.go:40:25:40:39 | call to Query | provenance | MaD:737 | | main.go:40:25:40:39 | call to Query | main.go:40:25:40:51 | index expression | provenance | | | main.go:40:25:40:51 | index expression | main.go:40:2:40:12 | implicit dereference [Category] | provenance | | -| main.go:42:7:43:23 | []type{args} [array] | main.go:42:7:43:23 | call to Sprintf | provenance | MaD:242 | +| main.go:42:7:43:23 | []type{args} [array] | main.go:42:7:43:23 | call to Sprintf | provenance | MaD:247 | | main.go:42:7:43:23 | call to Sprintf | main.go:44:11:44:11 | q | provenance | | | main.go:43:3:43:13 | RequestData [pointer, Category] | main.go:43:3:43:13 | implicit dereference [Category] | provenance | | | main.go:43:3:43:13 | implicit dereference [Category] | main.go:43:3:43:22 | selection of Category | provenance | | @@ -67,10 +67,10 @@ edges | main.go:48:2:48:12 | definition of RequestData [pointer, Category] | main.go:52:3:52:13 | RequestData [pointer, Category] | provenance | | | main.go:49:3:49:14 | star expression [Category] | main.go:48:2:48:12 | definition of RequestData [pointer, Category] | provenance | | | main.go:49:4:49:14 | RequestData [pointer, Category] | main.go:49:3:49:14 | star expression [Category] | provenance | | -| main.go:49:28:49:34 | selection of URL | main.go:49:28:49:42 | call to Query | provenance | MaD:732 | +| main.go:49:28:49:34 | selection of URL | main.go:49:28:49:42 | call to Query | provenance | MaD:737 | | main.go:49:28:49:42 | call to Query | main.go:49:28:49:54 | index expression | provenance | | | main.go:49:28:49:54 | index expression | main.go:49:3:49:14 | star expression [Category] | provenance | | -| main.go:51:7:52:23 | []type{args} [array] | main.go:51:7:52:23 | call to Sprintf | provenance | MaD:242 | +| main.go:51:7:52:23 | []type{args} [array] | main.go:51:7:52:23 | call to Sprintf | provenance | MaD:247 | | main.go:51:7:52:23 | call to Sprintf | main.go:53:11:53:11 | q | provenance | | | main.go:52:3:52:13 | RequestData [pointer, Category] | main.go:52:3:52:13 | implicit dereference [Category] | provenance | | | main.go:52:3:52:13 | implicit dereference [Category] | main.go:52:3:52:22 | selection of Category | provenance | | @@ -80,16 +80,16 @@ edges | main.go:57:2:57:12 | definition of RequestData [pointer, Category] | main.go:61:5:61:15 | RequestData [pointer, Category] | provenance | | | main.go:58:3:58:14 | star expression [Category] | main.go:57:2:57:12 | definition of RequestData [pointer, Category] | provenance | | | main.go:58:4:58:14 | RequestData [pointer, Category] | main.go:58:3:58:14 | star expression [Category] | provenance | | -| main.go:58:28:58:34 | selection of URL | main.go:58:28:58:42 | call to Query | provenance | MaD:732 | +| main.go:58:28:58:34 | selection of URL | main.go:58:28:58:42 | call to Query | provenance | MaD:737 | | main.go:58:28:58:42 | call to Query | main.go:58:28:58:54 | index expression | provenance | | | main.go:58:28:58:54 | index expression | main.go:58:3:58:14 | star expression [Category] | provenance | | -| main.go:60:7:61:26 | []type{args} [array] | main.go:60:7:61:26 | call to Sprintf | provenance | MaD:242 | +| main.go:60:7:61:26 | []type{args} [array] | main.go:60:7:61:26 | call to Sprintf | provenance | MaD:247 | | main.go:60:7:61:26 | call to Sprintf | main.go:62:11:62:11 | q | provenance | | | main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | []type{args} [array] | provenance | | | main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | call to Sprintf | provenance | FunctionModel | | main.go:61:4:61:15 | star expression [Category] | main.go:61:3:61:25 | selection of Category | provenance | | | main.go:61:5:61:15 | RequestData [pointer, Category] | main.go:61:4:61:15 | star expression [Category] | provenance | | -| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:42:28:42:41 | untrustedInput | provenance | Src:MaD:670 | +| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:42:28:42:41 | untrustedInput | provenance | Src:MaD:675 | | mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:50:34:50:39 | filter | provenance | | | mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:61:27:61:32 | filter | provenance | | | mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:63:23:63:28 | filter | provenance | | diff --git a/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected b/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected index a356d8697be2..46a5161df2a6 100644 --- a/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected +++ b/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected @@ -2,10 +2,10 @@ edges | StringBreak.go:10:2:10:40 | ... := ...[0] | StringBreak.go:14:47:14:57 | versionJSON | provenance | | | StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | StringBreakMismatched.go:13:29:13:47 | type conversion | provenance | | | StringBreakMismatched.go:13:13:13:62 | call to Replace | StringBreakMismatched.go:17:26:17:32 | escaped | provenance | | -| StringBreakMismatched.go:13:29:13:47 | type conversion | StringBreakMismatched.go:13:13:13:62 | call to Replace | provenance | MaD:835 | +| StringBreakMismatched.go:13:29:13:47 | type conversion | StringBreakMismatched.go:13:13:13:62 | call to Replace | provenance | MaD:840 | | StringBreakMismatched.go:24:2:24:40 | ... := ...[0] | StringBreakMismatched.go:25:29:25:47 | type conversion | provenance | | | StringBreakMismatched.go:25:13:25:61 | call to Replace | StringBreakMismatched.go:29:27:29:33 | escaped | provenance | | -| StringBreakMismatched.go:25:29:25:47 | type conversion | StringBreakMismatched.go:25:13:25:61 | call to Replace | provenance | MaD:835 | +| StringBreakMismatched.go:25:29:25:47 | type conversion | StringBreakMismatched.go:25:13:25:61 | call to Replace | provenance | MaD:840 | nodes | StringBreak.go:10:2:10:40 | ... := ...[0] | semmle.label | ... := ...[0] | | StringBreak.go:14:47:14:57 | versionJSON | semmle.label | versionJSON | diff --git a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected index 7faf95dfde53..ae32673974c7 100644 --- a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected +++ b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected @@ -1,7 +1,7 @@ edges | sample.go:15:10:15:64 | call to Sum256 | sample.go:16:9:16:15 | slice expression | provenance | | | sample.go:15:24:15:63 | type conversion | sample.go:15:10:15:64 | call to Sum256 | provenance | FunctionModel | -| sample.go:15:31:15:62 | []type{args} [array] | sample.go:15:31:15:62 | call to Sprintf | provenance | MaD:242 | +| sample.go:15:31:15:62 | []type{args} [array] | sample.go:15:31:15:62 | call to Sprintf | provenance | MaD:247 | | sample.go:15:31:15:62 | call to Sprintf | sample.go:15:24:15:63 | type conversion | provenance | | | sample.go:15:49:15:61 | call to Uint32 | sample.go:15:31:15:62 | []type{args} [array] | provenance | | | sample.go:15:49:15:61 | call to Uint32 | sample.go:15:31:15:62 | call to Sprintf | provenance | FunctionModel | @@ -9,7 +9,7 @@ edges | sample.go:33:2:33:6 | definition of nonce | sample.go:37:25:37:29 | nonce | provenance | | | sample.go:33:2:33:6 | definition of nonce | sample.go:37:32:37:36 | nonce | provenance | | | sample.go:34:12:34:40 | call to New | sample.go:35:14:35:19 | random | provenance | | -| sample.go:35:14:35:19 | random | sample.go:33:2:33:6 | definition of nonce | provenance | MaD:546 | +| sample.go:35:14:35:19 | random | sample.go:33:2:33:6 | definition of nonce | provenance | MaD:551 | | sample.go:55:17:55:42 | call to Intn | sample.go:56:29:56:38 | randNumber | provenance | | | sample.go:56:11:56:40 | type conversion | sample.go:58:32:58:43 | type conversion | provenance | | | sample.go:56:18:56:39 | index expression | sample.go:56:11:56:40 | type conversion | provenance | | diff --git a/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected b/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected index e4d826db287f..444acdc353f5 100644 --- a/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected +++ b/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected @@ -1,16 +1,16 @@ edges -| go-jose.v3.go:25:16:25:20 | selection of URL | go-jose.v3.go:25:16:25:28 | call to Query | provenance | MaD:732 | -| go-jose.v3.go:25:16:25:28 | call to Query | go-jose.v3.go:25:16:25:47 | call to Get | provenance | MaD:739 | +| go-jose.v3.go:25:16:25:20 | selection of URL | go-jose.v3.go:25:16:25:28 | call to Query | provenance | MaD:737 | +| go-jose.v3.go:25:16:25:28 | call to Query | go-jose.v3.go:25:16:25:47 | call to Get | provenance | MaD:744 | | go-jose.v3.go:25:16:25:47 | call to Get | go-jose.v3.go:26:15:26:25 | signedToken | provenance | | | go-jose.v3.go:26:15:26:25 | signedToken | go-jose.v3.go:29:19:29:29 | definition of signedToken | provenance | | | go-jose.v3.go:29:19:29:29 | definition of signedToken | go-jose.v3.go:31:37:31:47 | signedToken | provenance | | -| go-jose.v3.go:31:2:31:48 | ... := ...[0] | go-jose.v3.go:33:12:33:23 | DecodedToken | provenance | Sink:MaD:318 | -| go-jose.v3.go:31:37:31:47 | signedToken | go-jose.v3.go:31:2:31:48 | ... := ...[0] | provenance | MaD:320 | -| golang-jwt-v5.go:28:16:28:20 | selection of URL | golang-jwt-v5.go:28:16:28:28 | call to Query | provenance | MaD:732 | -| golang-jwt-v5.go:28:16:28:28 | call to Query | golang-jwt-v5.go:28:16:28:47 | call to Get | provenance | MaD:739 | +| go-jose.v3.go:31:2:31:48 | ... := ...[0] | go-jose.v3.go:33:12:33:23 | DecodedToken | provenance | Sink:MaD:323 | +| go-jose.v3.go:31:37:31:47 | signedToken | go-jose.v3.go:31:2:31:48 | ... := ...[0] | provenance | MaD:325 | +| golang-jwt-v5.go:28:16:28:20 | selection of URL | golang-jwt-v5.go:28:16:28:28 | call to Query | provenance | MaD:737 | +| golang-jwt-v5.go:28:16:28:28 | call to Query | golang-jwt-v5.go:28:16:28:47 | call to Get | provenance | MaD:744 | | golang-jwt-v5.go:28:16:28:47 | call to Get | golang-jwt-v5.go:29:25:29:35 | signedToken | provenance | | | golang-jwt-v5.go:29:25:29:35 | signedToken | golang-jwt-v5.go:32:29:32:39 | definition of signedToken | provenance | | -| golang-jwt-v5.go:32:29:32:39 | definition of signedToken | golang-jwt-v5.go:34:58:34:68 | signedToken | provenance | Sink:MaD:332 | +| golang-jwt-v5.go:32:29:32:39 | definition of signedToken | golang-jwt-v5.go:34:58:34:68 | signedToken | provenance | Sink:MaD:337 | nodes | go-jose.v3.go:25:16:25:20 | selection of URL | semmle.label | selection of URL | | go-jose.v3.go:25:16:25:28 | call to Query | semmle.label | call to Query | diff --git a/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected b/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected index 9fafce7a9c73..ae9cd01be22a 100644 --- a/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected +++ b/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected @@ -12,8 +12,8 @@ edges | main.go:68:17:68:24 | argument corresponding to redirect | main.go:73:20:73:27 | redirect | provenance | | | main.go:68:17:68:24 | definition of redirect | main.go:73:20:73:27 | redirect | provenance | | | main.go:73:9:73:28 | call to Clean | main.go:77:25:77:39 | call to getTarget1 | provenance | | -| main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:758 | -| main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:758 | +| main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:763 | +| main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:763 | | main.go:76:19:76:21 | argument corresponding to url | main.go:77:36:77:38 | url | provenance | | | main.go:77:36:77:38 | url | main.go:68:17:68:24 | definition of redirect | provenance | | | main.go:77:36:77:38 | url | main.go:77:25:77:39 | call to getTarget1 | provenance | | diff --git a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected index 10af2ea535ce..dd83bbb581a4 100644 --- a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected +++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected @@ -54,11 +54,11 @@ edges | stdlib.go:173:35:173:39 | selection of URL | stdlib.go:173:35:173:52 | call to RequestURI | provenance | | | stdlib.go:173:35:173:52 | call to RequestURI | stdlib.go:173:24:173:52 | ...+... | provenance | | | stdlib.go:182:3:182:8 | definition of target | stdlib.go:184:23:184:28 | target | provenance | | -| stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:182:3:182:8 | definition of target | provenance | Src:MaD:667 | +| stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:182:3:182:8 | definition of target | provenance | Src:MaD:672 | | stdlib.go:190:3:190:8 | definition of target | stdlib.go:192:23:192:28 | target | provenance | | | stdlib.go:190:3:190:8 | definition of target | stdlib.go:194:23:194:28 | target | provenance | | | stdlib.go:190:3:190:57 | ... := ...[0] | stdlib.go:190:3:190:8 | definition of target | provenance | | -| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:190:3:190:57 | ... := ...[0] | provenance | Src:MaD:667 | +| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:190:3:190:57 | ... := ...[0] | provenance | Src:MaD:672 | | stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:190:3:190:8 | definition of target | provenance | | | stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:192:23:192:33 | selection of Path | provenance | | | stdlib.go:192:23:192:28 | target | stdlib.go:192:23:192:28 | implicit dereference | provenance | | diff --git a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected index 104d4837c57e..6d7c737ab811 100644 --- a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected @@ -1,23 +1,23 @@ edges -| EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:9:10:9:29 | call to Get | provenance | MaD:652 | +| EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:9:10:9:29 | call to Get | provenance | MaD:657 | | EmailBad.go:9:10:9:29 | call to Get | EmailBad.go:12:56:12:67 | type conversion | provenance | | -| main.go:29:21:29:31 | call to Referer | main.go:31:57:31:78 | type conversion | provenance | Src:MaD:670 | -| main.go:37:21:37:31 | call to Referer | main.go:41:25:41:38 | untrustedInput | provenance | Src:MaD:670 | -| main.go:41:25:41:38 | untrustedInput | main.go:40:3:40:7 | definition of write | provenance | MaD:549 | -| main.go:46:21:46:31 | call to Referer | main.go:52:46:52:59 | untrustedInput | provenance | Src:MaD:670 | -| main.go:46:21:46:31 | call to Referer | main.go:53:52:53:65 | untrustedInput | provenance | Src:MaD:670 | -| main.go:58:21:58:31 | call to Referer | main.go:60:47:60:60 | untrustedInput | provenance | Src:MaD:670 | +| main.go:29:21:29:31 | call to Referer | main.go:31:57:31:78 | type conversion | provenance | Src:MaD:675 | +| main.go:37:21:37:31 | call to Referer | main.go:41:25:41:38 | untrustedInput | provenance | Src:MaD:675 | +| main.go:41:25:41:38 | untrustedInput | main.go:40:3:40:7 | definition of write | provenance | MaD:554 | +| main.go:46:21:46:31 | call to Referer | main.go:52:46:52:59 | untrustedInput | provenance | Src:MaD:675 | +| main.go:46:21:46:31 | call to Referer | main.go:53:52:53:65 | untrustedInput | provenance | Src:MaD:675 | +| main.go:58:21:58:31 | call to Referer | main.go:60:47:60:60 | untrustedInput | provenance | Src:MaD:675 | | main.go:60:14:60:61 | call to NewContent | main.go:63:16:63:22 | content | provenance | | -| main.go:60:47:60:60 | untrustedInput | main.go:60:14:60:61 | call to NewContent | provenance | MaD:381 | -| main.go:68:21:68:31 | call to Referer | main.go:74:47:74:60 | untrustedInput | provenance | Src:MaD:670 | +| main.go:60:47:60:60 | untrustedInput | main.go:60:14:60:61 | call to NewContent | provenance | MaD:386 | +| main.go:68:21:68:31 | call to Referer | main.go:74:47:74:60 | untrustedInput | provenance | Src:MaD:675 | | main.go:74:14:74:61 | call to NewContent | main.go:76:50:76:56 | content | provenance | | | main.go:74:14:74:61 | call to NewContent | main.go:76:59:76:65 | content | provenance | | | main.go:74:14:74:61 | call to NewContent | main.go:77:16:77:22 | content | provenance | | -| main.go:74:47:74:60 | untrustedInput | main.go:74:14:74:61 | call to NewContent | provenance | MaD:381 | -| main.go:82:21:82:31 | call to Referer | main.go:89:37:89:50 | untrustedInput | provenance | Src:MaD:670 | -| main.go:82:21:82:31 | call to Referer | main.go:91:48:91:61 | untrustedInput | provenance | Src:MaD:670 | +| main.go:74:47:74:60 | untrustedInput | main.go:74:14:74:61 | call to NewContent | provenance | MaD:386 | +| main.go:82:21:82:31 | call to Referer | main.go:89:37:89:50 | untrustedInput | provenance | Src:MaD:675 | +| main.go:82:21:82:31 | call to Referer | main.go:91:48:91:61 | untrustedInput | provenance | Src:MaD:675 | | main.go:91:15:91:62 | call to NewContent | main.go:93:16:93:23 | content2 | provenance | | -| main.go:91:48:91:61 | untrustedInput | main.go:91:15:91:62 | call to NewContent | provenance | MaD:381 | +| main.go:91:48:91:61 | untrustedInput | main.go:91:15:91:62 | call to NewContent | provenance | MaD:386 | nodes | EmailBad.go:9:10:9:17 | selection of Header | semmle.label | selection of Header | | EmailBad.go:9:10:9:29 | call to Get | semmle.label | call to Get | diff --git a/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected b/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected index ac7f8b44ef39..32d3337b59aa 100644 --- a/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected @@ -1,16 +1,16 @@ edges -| XPathInjection.go:13:14:13:19 | selection of Form | XPathInjection.go:13:14:13:35 | call to Get | provenance | MaD:739 | +| XPathInjection.go:13:14:13:19 | selection of Form | XPathInjection.go:13:14:13:35 | call to Get | provenance | MaD:744 | | XPathInjection.go:13:14:13:35 | call to Get | XPathInjection.go:16:29:16:91 | ...+... | provenance | | -| tst.go:34:14:34:19 | selection of Form | tst.go:34:14:34:35 | call to Get | provenance | MaD:739 | +| tst.go:34:14:34:19 | selection of Form | tst.go:34:14:34:35 | call to Get | provenance | MaD:744 | | tst.go:34:14:34:35 | call to Get | tst.go:37:23:37:85 | ...+... | provenance | | | tst.go:34:14:34:35 | call to Get | tst.go:40:24:40:86 | ...+... | provenance | | | tst.go:34:14:34:35 | call to Get | tst.go:43:24:43:82 | ...+... | provenance | | -| tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:35 | call to Get | provenance | MaD:739 | +| tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:35 | call to Get | provenance | MaD:744 | | tst.go:48:14:48:35 | call to Get | tst.go:51:26:51:84 | ...+... | provenance | | | tst.go:48:14:48:35 | call to Get | tst.go:54:29:54:87 | ...+... | provenance | | | tst.go:48:14:48:35 | call to Get | tst.go:57:33:57:91 | ...+... | provenance | | | tst.go:48:14:48:35 | call to Get | tst.go:60:30:60:88 | ...+... | provenance | | -| tst.go:65:14:65:19 | selection of Form | tst.go:65:14:65:35 | call to Get | provenance | MaD:739 | +| tst.go:65:14:65:19 | selection of Form | tst.go:65:14:65:35 | call to Get | provenance | MaD:744 | | tst.go:65:14:65:35 | call to Get | tst.go:68:25:68:83 | ...+... | provenance | | | tst.go:65:14:65:35 | call to Get | tst.go:71:28:71:86 | ...+... | provenance | | | tst.go:65:14:65:35 | call to Get | tst.go:74:25:74:83 | ...+... | provenance | | @@ -19,38 +19,38 @@ edges | tst.go:65:14:65:35 | call to Get | tst.go:83:29:83:87 | ...+... | provenance | | | tst.go:65:14:65:35 | call to Get | tst.go:86:23:86:85 | ...+... | provenance | | | tst.go:65:14:65:35 | call to Get | tst.go:89:22:89:84 | ...+... | provenance | | -| tst.go:94:14:94:19 | selection of Form | tst.go:94:14:94:35 | call to Get | provenance | MaD:739 | +| tst.go:94:14:94:19 | selection of Form | tst.go:94:14:94:35 | call to Get | provenance | MaD:744 | | tst.go:94:14:94:35 | call to Get | tst.go:97:26:97:84 | ...+... | provenance | | | tst.go:94:14:94:35 | call to Get | tst.go:100:29:100:87 | ...+... | provenance | | | tst.go:94:14:94:35 | call to Get | tst.go:103:33:103:91 | ...+... | provenance | | | tst.go:94:14:94:35 | call to Get | tst.go:106:30:106:88 | ...+... | provenance | | -| tst.go:111:14:111:19 | selection of Form | tst.go:111:14:111:35 | call to Get | provenance | MaD:739 | +| tst.go:111:14:111:19 | selection of Form | tst.go:111:14:111:35 | call to Get | provenance | MaD:744 | | tst.go:111:14:111:35 | call to Get | tst.go:114:25:114:87 | ...+... | provenance | | | tst.go:111:14:111:35 | call to Get | tst.go:117:26:117:88 | ...+... | provenance | | -| tst.go:122:14:122:19 | selection of Form | tst.go:122:14:122:35 | call to Get | provenance | MaD:739 | +| tst.go:122:14:122:19 | selection of Form | tst.go:122:14:122:35 | call to Get | provenance | MaD:744 | | tst.go:122:14:122:35 | call to Get | tst.go:126:23:126:126 | ...+... | provenance | | | tst.go:122:14:122:35 | call to Get | tst.go:129:24:129:127 | ...+... | provenance | | | tst.go:122:14:122:35 | call to Get | tst.go:132:27:132:122 | ...+... | provenance | | -| tst.go:123:14:123:19 | selection of Form | tst.go:123:14:123:35 | call to Get | provenance | MaD:739 | +| tst.go:123:14:123:19 | selection of Form | tst.go:123:14:123:35 | call to Get | provenance | MaD:744 | | tst.go:123:14:123:35 | call to Get | tst.go:126:23:126:126 | ...+... | provenance | | | tst.go:123:14:123:35 | call to Get | tst.go:129:24:129:127 | ...+... | provenance | | | tst.go:123:14:123:35 | call to Get | tst.go:132:27:132:122 | ...+... | provenance | | -| tst.go:140:14:140:19 | selection of Form | tst.go:140:14:140:35 | call to Get | provenance | MaD:739 | +| tst.go:140:14:140:19 | selection of Form | tst.go:140:14:140:35 | call to Get | provenance | MaD:744 | | tst.go:140:14:140:35 | call to Get | tst.go:143:27:143:89 | ...+... | provenance | | | tst.go:140:14:140:35 | call to Get | tst.go:146:28:146:90 | ...+... | provenance | | -| tst.go:151:14:151:19 | selection of Form | tst.go:151:14:151:35 | call to Get | provenance | MaD:739 | +| tst.go:151:14:151:19 | selection of Form | tst.go:151:14:151:35 | call to Get | provenance | MaD:744 | | tst.go:151:14:151:35 | call to Get | tst.go:155:33:155:136 | ...+... | provenance | | | tst.go:151:14:151:35 | call to Get | tst.go:158:18:158:121 | ...+... | provenance | | | tst.go:151:14:151:35 | call to Get | tst.go:164:31:164:126 | ...+... | provenance | | | tst.go:151:14:151:35 | call to Get | tst.go:173:21:173:116 | ...+... | provenance | | | tst.go:151:14:151:35 | call to Get | tst.go:182:27:182:122 | ...+... | provenance | | -| tst.go:152:14:152:19 | selection of Form | tst.go:152:14:152:35 | call to Get | provenance | MaD:739 | +| tst.go:152:14:152:19 | selection of Form | tst.go:152:14:152:35 | call to Get | provenance | MaD:744 | | tst.go:152:14:152:35 | call to Get | tst.go:155:33:155:136 | ...+... | provenance | | | tst.go:152:14:152:35 | call to Get | tst.go:158:18:158:121 | ...+... | provenance | | | tst.go:152:14:152:35 | call to Get | tst.go:164:31:164:126 | ...+... | provenance | | | tst.go:152:14:152:35 | call to Get | tst.go:173:21:173:116 | ...+... | provenance | | | tst.go:152:14:152:35 | call to Get | tst.go:182:27:182:122 | ...+... | provenance | | -| tst.go:193:14:193:19 | selection of Form | tst.go:193:14:193:35 | call to Get | provenance | MaD:739 | +| tst.go:193:14:193:19 | selection of Form | tst.go:193:14:193:35 | call to Get | provenance | MaD:744 | | tst.go:193:14:193:35 | call to Get | tst.go:198:23:198:85 | ...+... | provenance | | nodes | XPathInjection.go:13:14:13:19 | selection of Form | semmle.label | selection of Form | diff --git a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected index 48bc45d7499f..8238b6826ab6 100644 --- a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected +++ b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected @@ -1,12 +1,12 @@ edges -| RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | provenance | Src:MaD:667 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:14:11:14:17 | tainted | provenance | Src:MaD:667 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:18:12:18:18 | tainted | provenance | Src:MaD:667 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:21:34:21:40 | tainted | provenance | Src:MaD:667 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:24:66:24:72 | tainted | provenance | Src:MaD:667 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:27:11:27:29 | ...+... | provenance | Src:MaD:667 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:29:11:29:40 | ...+... | provenance | Src:MaD:667 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:36:11:36:17 | tainted | provenance | Src:MaD:667 | +| RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | provenance | Src:MaD:672 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:14:11:14:17 | tainted | provenance | Src:MaD:672 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:18:12:18:18 | tainted | provenance | Src:MaD:672 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:21:34:21:40 | tainted | provenance | Src:MaD:672 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:24:66:24:72 | tainted | provenance | Src:MaD:672 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:27:11:27:29 | ...+... | provenance | Src:MaD:672 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:29:11:29:40 | ...+... | provenance | Src:MaD:672 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:36:11:36:17 | tainted | provenance | Src:MaD:672 | | tst.go:35:2:35:2 | definition of u [pointer] | tst.go:36:2:36:2 | u [pointer] | provenance | | | tst.go:36:2:36:2 | implicit dereference | tst.go:35:2:35:2 | definition of u [pointer] | provenance | | | tst.go:36:2:36:2 | implicit dereference | tst.go:36:2:36:2 | u | provenance | | @@ -17,16 +17,16 @@ edges | tst.go:36:2:36:2 | u [pointer] | tst.go:36:2:36:2 | implicit dereference | provenance | | | tst.go:36:11:36:17 | tainted | tst.go:36:2:36:2 | u | provenance | | | tst.go:36:11:36:17 | tainted | tst.go:37:11:37:11 | u | provenance | | -| tst.go:37:11:37:11 | u | tst.go:37:11:37:20 | call to String | provenance | MaD:232 | -| websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | provenance | Src:MaD:670 | -| websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | provenance | Src:MaD:670 | -| websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | provenance | Src:MaD:670 | -| websocket.go:107:21:107:31 | call to Referer | websocket.go:110:15:110:28 | untrustedInput | provenance | Src:MaD:670 | -| websocket.go:126:21:126:31 | call to Referer | websocket.go:129:38:129:51 | untrustedInput | provenance | Src:MaD:670 | -| websocket.go:154:21:154:31 | call to Referer | websocket.go:155:31:155:44 | untrustedInput | provenance | Src:MaD:670 | -| websocket.go:160:21:160:31 | call to Referer | websocket.go:162:31:162:44 | untrustedInput | provenance | Src:MaD:670 | -| websocket.go:195:21:195:31 | call to Referer | websocket.go:197:18:197:31 | untrustedInput | provenance | Src:MaD:670 | -| websocket.go:202:21:202:31 | call to Referer | websocket.go:204:11:204:24 | untrustedInput | provenance | Src:MaD:670 | +| tst.go:37:11:37:11 | u | tst.go:37:11:37:20 | call to String | provenance | MaD:237 | +| websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | provenance | Src:MaD:675 | +| websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | provenance | Src:MaD:675 | +| websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | provenance | Src:MaD:675 | +| websocket.go:107:21:107:31 | call to Referer | websocket.go:110:15:110:28 | untrustedInput | provenance | Src:MaD:675 | +| websocket.go:126:21:126:31 | call to Referer | websocket.go:129:38:129:51 | untrustedInput | provenance | Src:MaD:675 | +| websocket.go:154:21:154:31 | call to Referer | websocket.go:155:31:155:44 | untrustedInput | provenance | Src:MaD:675 | +| websocket.go:160:21:160:31 | call to Referer | websocket.go:162:31:162:44 | untrustedInput | provenance | Src:MaD:675 | +| websocket.go:195:21:195:31 | call to Referer | websocket.go:197:18:197:31 | untrustedInput | provenance | Src:MaD:675 | +| websocket.go:202:21:202:31 | call to Referer | websocket.go:204:11:204:24 | untrustedInput | provenance | Src:MaD:675 | nodes | RequestForgery.go:8:12:8:34 | call to FormValue | semmle.label | call to FormValue | | RequestForgery.go:11:24:11:65 | ...+... | semmle.label | ...+... | From f8e17fe8cc91bb89d1905ae0486b79559e8af7dd Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 10 May 2024 23:32:37 +0100 Subject: [PATCH 13/16] Accept expected test changes --- .../semmle/go/dataflow/ExternalValueFlow/test.go | 2 +- .../semmle/go/dataflow/FlowSteps/LocalTaintStep.expected | 7 ------- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go index 19c82d112e51..143fb3fa825e 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go @@ -124,7 +124,7 @@ func simpleflow() { slice1[0] = src.(string) slice2 := make([]string, 2) copy(slice2, slice1) - b.Sink1(slice2[0]) // $ MISSING: hasValueFlow="index expression" // this is a bug, but it is normally covered because it works with taint tracking + b.Sink1(slice2[0]) // $ hasValueFlow="index expression" ch := make(chan string) ch <- a.Src1().(string) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected index 1397e71759d2..2579716e50ae 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected @@ -3,13 +3,6 @@ | main.go:38:13:38:13 | 1 | main.go:38:7:38:20 | slice literal | | main.go:38:16:38:16 | 2 | main.go:38:7:38:20 | slice literal | | main.go:38:19:38:19 | 3 | main.go:38:7:38:20 | slice literal | -| main.go:39:15:39:15 | s | main.go:39:8:39:25 | call to append | -| main.go:39:18:39:18 | 4 | main.go:39:8:39:25 | call to append | -| main.go:39:21:39:21 | 5 | main.go:39:8:39:25 | call to append | -| main.go:39:24:39:24 | 6 | main.go:39:8:39:25 | call to append | -| main.go:40:15:40:15 | s | main.go:40:8:40:23 | call to append | -| main.go:40:18:40:19 | s1 | main.go:40:8:40:23 | call to append | -| main.go:42:10:42:11 | s4 | main.go:38:2:38:2 | definition of s | | main.go:47:20:47:21 | next key-value pair in range | main.go:47:2:50:2 | range statement[0] | | main.go:47:20:47:21 | next key-value pair in range | main.go:47:2:50:2 | range statement[1] | | main.go:47:20:47:21 | xs | main.go:47:2:50:2 | range statement[1] | From f7e6bf7ef52f26719f27742c8e7976174b09fc86 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 10 May 2024 23:35:38 +0100 Subject: [PATCH 14/16] Two tests have different paths but same results --- .../CWE-078/CommandInjection.expected | 88 ++++++++----------- .../Security/CWE-327/UnsafeTLS.expected | 34 ++++--- 2 files changed, 62 insertions(+), 60 deletions(-) diff --git a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected index 42374120ce55..652a6790f3a1 100644 --- a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected @@ -14,7 +14,6 @@ edges | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance | | | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:39:31:39:37 | tainted | provenance | | | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:52:24:52:30 | tainted | provenance | | -| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:53:21:53:28 | arrayLit | provenance | | | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:68:31:68:37 | tainted | provenance | | | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:80:23:80:29 | tainted | provenance | | | SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | provenance | | @@ -22,26 +21,24 @@ edges | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | SanitizingDoubleDash.go:14:23:14:33 | slice element node | provenance | | | SanitizingDoubleDash.go:14:23:14:33 | slice element node | SanitizingDoubleDash.go:14:23:14:33 | slice expression [array] | provenance | | | SanitizingDoubleDash.go:14:23:14:33 | slice expression [array] | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance | | -| SanitizingDoubleDash.go:39:14:39:44 | []type{args} [array] | SanitizingDoubleDash.go:39:14:39:44 | call to append [array, array] | provenance | MaD:29 | +| SanitizingDoubleDash.go:39:14:39:44 | []type{args} [array] | SanitizingDoubleDash.go:39:14:39:44 | call to append | provenance | MaD:29 | +| SanitizingDoubleDash.go:39:14:39:44 | []type{args} [array] | SanitizingDoubleDash.go:39:14:39:44 | call to append [array] | provenance | MaD:29 | | SanitizingDoubleDash.go:39:14:39:44 | call to append | SanitizingDoubleDash.go:40:23:40:30 | arrayLit | provenance | | -| SanitizingDoubleDash.go:39:14:39:44 | call to append [array, array] | SanitizingDoubleDash.go:40:23:40:30 | arrayLit | provenance | | +| SanitizingDoubleDash.go:39:14:39:44 | call to append [array] | SanitizingDoubleDash.go:40:23:40:30 | arrayLit | provenance | | | SanitizingDoubleDash.go:39:31:39:37 | tainted | SanitizingDoubleDash.go:39:14:39:44 | []type{args} [array] | provenance | | -| SanitizingDoubleDash.go:39:31:39:37 | tainted | SanitizingDoubleDash.go:39:14:39:44 | call to append | provenance | FunctionModel | | SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | SanitizingDoubleDash.go:53:21:53:28 | arrayLit [array] | provenance | | | SanitizingDoubleDash.go:52:24:52:30 | tainted | SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | provenance | | | SanitizingDoubleDash.go:53:14:53:35 | call to append | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | provenance | | | SanitizingDoubleDash.go:53:14:53:35 | call to append [array] | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | provenance | | -| SanitizingDoubleDash.go:53:21:53:28 | arrayLit | SanitizingDoubleDash.go:53:14:53:35 | call to append | provenance | FunctionModel | +| SanitizingDoubleDash.go:53:21:53:28 | arrayLit [array] | SanitizingDoubleDash.go:53:14:53:35 | call to append | provenance | MaD:28 | | SanitizingDoubleDash.go:53:21:53:28 | arrayLit [array] | SanitizingDoubleDash.go:53:14:53:35 | call to append [array] | provenance | MaD:28 | -| SanitizingDoubleDash.go:68:14:68:38 | []type{args} [array] | SanitizingDoubleDash.go:68:14:68:38 | call to append [array, array] | provenance | MaD:29 | -| SanitizingDoubleDash.go:68:14:68:38 | call to append | SanitizingDoubleDash.go:69:21:69:28 | arrayLit | provenance | | -| SanitizingDoubleDash.go:68:14:68:38 | call to append [array, array] | SanitizingDoubleDash.go:69:21:69:28 | arrayLit [array, array] | provenance | | +| SanitizingDoubleDash.go:68:14:68:38 | []type{args} [array] | SanitizingDoubleDash.go:68:14:68:38 | call to append [array] | provenance | MaD:29 | +| SanitizingDoubleDash.go:68:14:68:38 | call to append [array] | SanitizingDoubleDash.go:69:21:69:28 | arrayLit [array] | provenance | | | SanitizingDoubleDash.go:68:31:68:37 | tainted | SanitizingDoubleDash.go:68:14:68:38 | []type{args} [array] | provenance | | -| SanitizingDoubleDash.go:68:31:68:37 | tainted | SanitizingDoubleDash.go:68:14:68:38 | call to append | provenance | FunctionModel | | SanitizingDoubleDash.go:69:14:69:35 | call to append | SanitizingDoubleDash.go:70:23:70:30 | arrayLit | provenance | | -| SanitizingDoubleDash.go:69:14:69:35 | call to append [array, array] | SanitizingDoubleDash.go:70:23:70:30 | arrayLit | provenance | | -| SanitizingDoubleDash.go:69:21:69:28 | arrayLit | SanitizingDoubleDash.go:69:14:69:35 | call to append | provenance | FunctionModel | -| SanitizingDoubleDash.go:69:21:69:28 | arrayLit [array, array] | SanitizingDoubleDash.go:69:14:69:35 | call to append [array, array] | provenance | MaD:28 | +| SanitizingDoubleDash.go:69:14:69:35 | call to append [array] | SanitizingDoubleDash.go:70:23:70:30 | arrayLit | provenance | | +| SanitizingDoubleDash.go:69:21:69:28 | arrayLit [array] | SanitizingDoubleDash.go:69:14:69:35 | call to append | provenance | MaD:28 | +| SanitizingDoubleDash.go:69:21:69:28 | arrayLit [array] | SanitizingDoubleDash.go:69:14:69:35 | call to append [array] | provenance | MaD:28 | | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:92:13:92:27 | call to Query | provenance | MaD:737 | | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:95:25:95:31 | tainted | provenance | | | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:96:24:96:34 | slice expression | provenance | | @@ -53,7 +50,6 @@ edges | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:117:31:117:37 | tainted | provenance | | | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:123:31:123:37 | tainted | provenance | | | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:128:24:128:30 | tainted | provenance | | -| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:129:21:129:28 | arrayLit | provenance | | | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:136:31:136:37 | tainted | provenance | | | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:142:31:142:37 | tainted | provenance | | | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:148:30:148:36 | tainted | provenance | | @@ -70,41 +66,39 @@ edges | SanitizingDoubleDash.go:101:24:101:34 | slice expression [array] | SanitizingDoubleDash.go:101:24:101:34 | slice expression | provenance | | | SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] | SanitizingDoubleDash.go:106:24:106:31 | arrayLit | provenance | | | SanitizingDoubleDash.go:105:30:105:36 | tainted | SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] | provenance | | -| SanitizingDoubleDash.go:111:14:111:44 | []type{args} [array] | SanitizingDoubleDash.go:111:14:111:44 | call to append [array, array] | provenance | MaD:29 | +| SanitizingDoubleDash.go:111:14:111:44 | []type{args} [array] | SanitizingDoubleDash.go:111:14:111:44 | call to append | provenance | MaD:29 | +| SanitizingDoubleDash.go:111:14:111:44 | []type{args} [array] | SanitizingDoubleDash.go:111:14:111:44 | call to append [array] | provenance | MaD:29 | | SanitizingDoubleDash.go:111:14:111:44 | call to append | SanitizingDoubleDash.go:112:24:112:31 | arrayLit | provenance | | -| SanitizingDoubleDash.go:111:14:111:44 | call to append [array, array] | SanitizingDoubleDash.go:112:24:112:31 | arrayLit | provenance | | +| SanitizingDoubleDash.go:111:14:111:44 | call to append [array] | SanitizingDoubleDash.go:112:24:112:31 | arrayLit | provenance | | | SanitizingDoubleDash.go:111:37:111:43 | tainted | SanitizingDoubleDash.go:111:14:111:44 | []type{args} [array] | provenance | | -| SanitizingDoubleDash.go:111:37:111:43 | tainted | SanitizingDoubleDash.go:111:14:111:44 | call to append | provenance | FunctionModel | -| SanitizingDoubleDash.go:117:14:117:44 | []type{args} [array] | SanitizingDoubleDash.go:117:14:117:44 | call to append [array, array] | provenance | MaD:29 | +| SanitizingDoubleDash.go:117:14:117:44 | []type{args} [array] | SanitizingDoubleDash.go:117:14:117:44 | call to append | provenance | MaD:29 | +| SanitizingDoubleDash.go:117:14:117:44 | []type{args} [array] | SanitizingDoubleDash.go:117:14:117:44 | call to append [array] | provenance | MaD:29 | | SanitizingDoubleDash.go:117:14:117:44 | call to append | SanitizingDoubleDash.go:118:24:118:31 | arrayLit | provenance | | -| SanitizingDoubleDash.go:117:14:117:44 | call to append [array, array] | SanitizingDoubleDash.go:118:24:118:31 | arrayLit | provenance | | +| SanitizingDoubleDash.go:117:14:117:44 | call to append [array] | SanitizingDoubleDash.go:118:24:118:31 | arrayLit | provenance | | | SanitizingDoubleDash.go:117:31:117:37 | tainted | SanitizingDoubleDash.go:117:14:117:44 | []type{args} [array] | provenance | | -| SanitizingDoubleDash.go:117:31:117:37 | tainted | SanitizingDoubleDash.go:117:14:117:44 | call to append | provenance | FunctionModel | -| SanitizingDoubleDash.go:123:14:123:38 | []type{args} [array] | SanitizingDoubleDash.go:123:14:123:38 | call to append [array, array] | provenance | MaD:29 | +| SanitizingDoubleDash.go:123:14:123:38 | []type{args} [array] | SanitizingDoubleDash.go:123:14:123:38 | call to append | provenance | MaD:29 | +| SanitizingDoubleDash.go:123:14:123:38 | []type{args} [array] | SanitizingDoubleDash.go:123:14:123:38 | call to append [array] | provenance | MaD:29 | | SanitizingDoubleDash.go:123:14:123:38 | call to append | SanitizingDoubleDash.go:124:24:124:31 | arrayLit | provenance | | -| SanitizingDoubleDash.go:123:14:123:38 | call to append [array, array] | SanitizingDoubleDash.go:124:24:124:31 | arrayLit | provenance | | +| SanitizingDoubleDash.go:123:14:123:38 | call to append [array] | SanitizingDoubleDash.go:124:24:124:31 | arrayLit | provenance | | | SanitizingDoubleDash.go:123:31:123:37 | tainted | SanitizingDoubleDash.go:123:14:123:38 | []type{args} [array] | provenance | | -| SanitizingDoubleDash.go:123:31:123:37 | tainted | SanitizingDoubleDash.go:123:14:123:38 | call to append | provenance | FunctionModel | | SanitizingDoubleDash.go:128:15:128:31 | slice literal [array] | SanitizingDoubleDash.go:129:21:129:28 | arrayLit [array] | provenance | | | SanitizingDoubleDash.go:128:24:128:30 | tainted | SanitizingDoubleDash.go:128:15:128:31 | slice literal [array] | provenance | | | SanitizingDoubleDash.go:129:14:129:35 | call to append | SanitizingDoubleDash.go:130:24:130:31 | arrayLit | provenance | | | SanitizingDoubleDash.go:129:14:129:35 | call to append [array] | SanitizingDoubleDash.go:130:24:130:31 | arrayLit | provenance | | -| SanitizingDoubleDash.go:129:21:129:28 | arrayLit | SanitizingDoubleDash.go:129:14:129:35 | call to append | provenance | FunctionModel | +| SanitizingDoubleDash.go:129:21:129:28 | arrayLit [array] | SanitizingDoubleDash.go:129:14:129:35 | call to append | provenance | MaD:28 | | SanitizingDoubleDash.go:129:21:129:28 | arrayLit [array] | SanitizingDoubleDash.go:129:14:129:35 | call to append [array] | provenance | MaD:28 | -| SanitizingDoubleDash.go:136:14:136:38 | []type{args} [array] | SanitizingDoubleDash.go:136:14:136:38 | call to append [array, array] | provenance | MaD:29 | +| SanitizingDoubleDash.go:136:14:136:38 | []type{args} [array] | SanitizingDoubleDash.go:136:14:136:38 | call to append | provenance | MaD:29 | +| SanitizingDoubleDash.go:136:14:136:38 | []type{args} [array] | SanitizingDoubleDash.go:136:14:136:38 | call to append [array] | provenance | MaD:29 | | SanitizingDoubleDash.go:136:14:136:38 | call to append | SanitizingDoubleDash.go:137:24:137:31 | arrayLit | provenance | | -| SanitizingDoubleDash.go:136:14:136:38 | call to append [array, array] | SanitizingDoubleDash.go:137:24:137:31 | arrayLit | provenance | | +| SanitizingDoubleDash.go:136:14:136:38 | call to append [array] | SanitizingDoubleDash.go:137:24:137:31 | arrayLit | provenance | | | SanitizingDoubleDash.go:136:31:136:37 | tainted | SanitizingDoubleDash.go:136:14:136:38 | []type{args} [array] | provenance | | -| SanitizingDoubleDash.go:136:31:136:37 | tainted | SanitizingDoubleDash.go:136:14:136:38 | call to append | provenance | FunctionModel | -| SanitizingDoubleDash.go:142:14:142:38 | []type{args} [array] | SanitizingDoubleDash.go:142:14:142:38 | call to append [array, array] | provenance | MaD:29 | -| SanitizingDoubleDash.go:142:14:142:38 | call to append | SanitizingDoubleDash.go:143:21:143:28 | arrayLit | provenance | | -| SanitizingDoubleDash.go:142:14:142:38 | call to append [array, array] | SanitizingDoubleDash.go:143:21:143:28 | arrayLit [array, array] | provenance | | +| SanitizingDoubleDash.go:142:14:142:38 | []type{args} [array] | SanitizingDoubleDash.go:142:14:142:38 | call to append [array] | provenance | MaD:29 | +| SanitizingDoubleDash.go:142:14:142:38 | call to append [array] | SanitizingDoubleDash.go:143:21:143:28 | arrayLit [array] | provenance | | | SanitizingDoubleDash.go:142:31:142:37 | tainted | SanitizingDoubleDash.go:142:14:142:38 | []type{args} [array] | provenance | | -| SanitizingDoubleDash.go:142:31:142:37 | tainted | SanitizingDoubleDash.go:142:14:142:38 | call to append | provenance | FunctionModel | | SanitizingDoubleDash.go:143:14:143:35 | call to append | SanitizingDoubleDash.go:144:24:144:31 | arrayLit | provenance | | -| SanitizingDoubleDash.go:143:14:143:35 | call to append [array, array] | SanitizingDoubleDash.go:144:24:144:31 | arrayLit | provenance | | -| SanitizingDoubleDash.go:143:21:143:28 | arrayLit | SanitizingDoubleDash.go:143:14:143:35 | call to append | provenance | FunctionModel | -| SanitizingDoubleDash.go:143:21:143:28 | arrayLit [array, array] | SanitizingDoubleDash.go:143:14:143:35 | call to append [array, array] | provenance | MaD:28 | +| SanitizingDoubleDash.go:143:14:143:35 | call to append [array] | SanitizingDoubleDash.go:144:24:144:31 | arrayLit | provenance | | +| SanitizingDoubleDash.go:143:21:143:28 | arrayLit [array] | SanitizingDoubleDash.go:143:14:143:35 | call to append | provenance | MaD:28 | +| SanitizingDoubleDash.go:143:21:143:28 | arrayLit [array] | SanitizingDoubleDash.go:143:14:143:35 | call to append [array] | provenance | MaD:28 | nodes | ArgumentInjection.go:9:10:9:16 | selection of URL | semmle.label | selection of URL | | ArgumentInjection.go:9:10:9:24 | call to Query | semmle.label | call to Query | @@ -129,24 +123,21 @@ nodes | SanitizingDoubleDash.go:14:23:14:33 | slice expression [array] | semmle.label | slice expression [array] | | SanitizingDoubleDash.go:39:14:39:44 | []type{args} [array] | semmle.label | []type{args} [array] | | SanitizingDoubleDash.go:39:14:39:44 | call to append | semmle.label | call to append | -| SanitizingDoubleDash.go:39:14:39:44 | call to append [array, array] | semmle.label | call to append [array, array] | +| SanitizingDoubleDash.go:39:14:39:44 | call to append [array] | semmle.label | call to append [array] | | SanitizingDoubleDash.go:39:31:39:37 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:40:23:40:30 | arrayLit | semmle.label | arrayLit | | SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | semmle.label | slice literal [array] | | SanitizingDoubleDash.go:52:24:52:30 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:53:14:53:35 | call to append | semmle.label | call to append | | SanitizingDoubleDash.go:53:14:53:35 | call to append [array] | semmle.label | call to append [array] | -| SanitizingDoubleDash.go:53:21:53:28 | arrayLit | semmle.label | arrayLit | | SanitizingDoubleDash.go:53:21:53:28 | arrayLit [array] | semmle.label | arrayLit [array] | | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | semmle.label | arrayLit | | SanitizingDoubleDash.go:68:14:68:38 | []type{args} [array] | semmle.label | []type{args} [array] | -| SanitizingDoubleDash.go:68:14:68:38 | call to append | semmle.label | call to append | -| SanitizingDoubleDash.go:68:14:68:38 | call to append [array, array] | semmle.label | call to append [array, array] | +| SanitizingDoubleDash.go:68:14:68:38 | call to append [array] | semmle.label | call to append [array] | | SanitizingDoubleDash.go:68:31:68:37 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:69:14:69:35 | call to append | semmle.label | call to append | -| SanitizingDoubleDash.go:69:14:69:35 | call to append [array, array] | semmle.label | call to append [array, array] | -| SanitizingDoubleDash.go:69:21:69:28 | arrayLit | semmle.label | arrayLit | -| SanitizingDoubleDash.go:69:21:69:28 | arrayLit [array, array] | semmle.label | arrayLit [array, array] | +| SanitizingDoubleDash.go:69:14:69:35 | call to append [array] | semmle.label | call to append [array] | +| SanitizingDoubleDash.go:69:21:69:28 | arrayLit [array] | semmle.label | arrayLit [array] | | SanitizingDoubleDash.go:70:23:70:30 | arrayLit | semmle.label | arrayLit | | SanitizingDoubleDash.go:80:23:80:29 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | semmle.label | selection of URL | @@ -168,39 +159,36 @@ nodes | SanitizingDoubleDash.go:106:24:106:31 | arrayLit | semmle.label | arrayLit | | SanitizingDoubleDash.go:111:14:111:44 | []type{args} [array] | semmle.label | []type{args} [array] | | SanitizingDoubleDash.go:111:14:111:44 | call to append | semmle.label | call to append | -| SanitizingDoubleDash.go:111:14:111:44 | call to append [array, array] | semmle.label | call to append [array, array] | +| SanitizingDoubleDash.go:111:14:111:44 | call to append [array] | semmle.label | call to append [array] | | SanitizingDoubleDash.go:111:37:111:43 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:112:24:112:31 | arrayLit | semmle.label | arrayLit | | SanitizingDoubleDash.go:117:14:117:44 | []type{args} [array] | semmle.label | []type{args} [array] | | SanitizingDoubleDash.go:117:14:117:44 | call to append | semmle.label | call to append | -| SanitizingDoubleDash.go:117:14:117:44 | call to append [array, array] | semmle.label | call to append [array, array] | +| SanitizingDoubleDash.go:117:14:117:44 | call to append [array] | semmle.label | call to append [array] | | SanitizingDoubleDash.go:117:31:117:37 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:118:24:118:31 | arrayLit | semmle.label | arrayLit | | SanitizingDoubleDash.go:123:14:123:38 | []type{args} [array] | semmle.label | []type{args} [array] | | SanitizingDoubleDash.go:123:14:123:38 | call to append | semmle.label | call to append | -| SanitizingDoubleDash.go:123:14:123:38 | call to append [array, array] | semmle.label | call to append [array, array] | +| SanitizingDoubleDash.go:123:14:123:38 | call to append [array] | semmle.label | call to append [array] | | SanitizingDoubleDash.go:123:31:123:37 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:124:24:124:31 | arrayLit | semmle.label | arrayLit | | SanitizingDoubleDash.go:128:15:128:31 | slice literal [array] | semmle.label | slice literal [array] | | SanitizingDoubleDash.go:128:24:128:30 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:129:14:129:35 | call to append | semmle.label | call to append | | SanitizingDoubleDash.go:129:14:129:35 | call to append [array] | semmle.label | call to append [array] | -| SanitizingDoubleDash.go:129:21:129:28 | arrayLit | semmle.label | arrayLit | | SanitizingDoubleDash.go:129:21:129:28 | arrayLit [array] | semmle.label | arrayLit [array] | | SanitizingDoubleDash.go:130:24:130:31 | arrayLit | semmle.label | arrayLit | | SanitizingDoubleDash.go:136:14:136:38 | []type{args} [array] | semmle.label | []type{args} [array] | | SanitizingDoubleDash.go:136:14:136:38 | call to append | semmle.label | call to append | -| SanitizingDoubleDash.go:136:14:136:38 | call to append [array, array] | semmle.label | call to append [array, array] | +| SanitizingDoubleDash.go:136:14:136:38 | call to append [array] | semmle.label | call to append [array] | | SanitizingDoubleDash.go:136:31:136:37 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:137:24:137:31 | arrayLit | semmle.label | arrayLit | | SanitizingDoubleDash.go:142:14:142:38 | []type{args} [array] | semmle.label | []type{args} [array] | -| SanitizingDoubleDash.go:142:14:142:38 | call to append | semmle.label | call to append | -| SanitizingDoubleDash.go:142:14:142:38 | call to append [array, array] | semmle.label | call to append [array, array] | +| SanitizingDoubleDash.go:142:14:142:38 | call to append [array] | semmle.label | call to append [array] | | SanitizingDoubleDash.go:142:31:142:37 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:143:14:143:35 | call to append | semmle.label | call to append | -| SanitizingDoubleDash.go:143:14:143:35 | call to append [array, array] | semmle.label | call to append [array, array] | -| SanitizingDoubleDash.go:143:21:143:28 | arrayLit | semmle.label | arrayLit | -| SanitizingDoubleDash.go:143:21:143:28 | arrayLit [array, array] | semmle.label | arrayLit [array, array] | +| SanitizingDoubleDash.go:143:14:143:35 | call to append [array] | semmle.label | call to append [array] | +| SanitizingDoubleDash.go:143:21:143:28 | arrayLit [array] | semmle.label | arrayLit [array] | | SanitizingDoubleDash.go:144:24:144:31 | arrayLit | semmle.label | arrayLit | | SanitizingDoubleDash.go:148:30:148:36 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:152:24:152:30 | tainted | semmle.label | tainted | diff --git a/go/ql/test/query-tests/Security/CWE-327/UnsafeTLS.expected b/go/ql/test/query-tests/Security/CWE-327/UnsafeTLS.expected index b518d306322d..d87cdb8dcdcf 100644 --- a/go/ql/test/query-tests/Security/CWE-327/UnsafeTLS.expected +++ b/go/ql/test/query-tests/Security/CWE-327/UnsafeTLS.expected @@ -13,19 +13,27 @@ edges | UnsafeTLS.go:297:5:297:38 | selection of TLS_ECDHE_RSA_WITH_RC4_128_SHA | UnsafeTLS.go:296:18:298:4 | slice literal | provenance | | | UnsafeTLS.go:305:5:305:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:304:18:306:4 | slice literal | provenance | | | UnsafeTLS.go:313:5:313:45 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:312:18:314:4 | slice literal | provenance | | -| UnsafeTLS.go:329:53:329:93 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:329:25:329:94 | call to append | provenance | FunctionModel | +| UnsafeTLS.go:329:25:329:94 | []type{args} [array] | UnsafeTLS.go:329:25:329:94 | call to append | provenance | MaD:29 | +| UnsafeTLS.go:329:53:329:93 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:329:25:329:94 | []type{args} [array] | provenance | | | UnsafeTLS.go:334:13:334:38 | call to InsecureCipherSuites | UnsafeTLS.go:336:54:336:57 | selection of ID | provenance | | -| UnsafeTLS.go:336:54:336:57 | selection of ID | UnsafeTLS.go:336:26:336:58 | call to append | provenance | FunctionModel | +| UnsafeTLS.go:336:26:336:58 | []type{args} [array] | UnsafeTLS.go:336:26:336:58 | call to append | provenance | MaD:29 | +| UnsafeTLS.go:336:54:336:57 | selection of ID | UnsafeTLS.go:336:26:336:58 | []type{args} [array] | provenance | | | UnsafeTLS.go:342:13:342:38 | call to InsecureCipherSuites | UnsafeTLS.go:344:40:344:43 | selection of ID | provenance | | -| UnsafeTLS.go:344:19:344:44 | call to append | UnsafeTLS.go:344:26:344:37 | cipherSuites | provenance | | +| UnsafeTLS.go:344:19:344:44 | []type{args} [array] | UnsafeTLS.go:344:19:344:44 | call to append | provenance | MaD:29 | +| UnsafeTLS.go:344:19:344:44 | []type{args} [array] | UnsafeTLS.go:344:19:344:44 | call to append [array] | provenance | MaD:29 | | UnsafeTLS.go:344:19:344:44 | call to append | UnsafeTLS.go:346:25:346:36 | cipherSuites | provenance | | -| UnsafeTLS.go:344:26:344:37 | cipherSuites | UnsafeTLS.go:344:19:344:44 | call to append | provenance | FunctionModel | -| UnsafeTLS.go:344:40:344:43 | selection of ID | UnsafeTLS.go:344:19:344:44 | call to append | provenance | FunctionModel | +| UnsafeTLS.go:344:19:344:44 | call to append [array] | UnsafeTLS.go:344:26:344:37 | cipherSuites [array] | provenance | | +| UnsafeTLS.go:344:26:344:37 | cipherSuites [array] | UnsafeTLS.go:344:19:344:44 | call to append | provenance | MaD:28 | +| UnsafeTLS.go:344:26:344:37 | cipherSuites [array] | UnsafeTLS.go:344:19:344:44 | call to append [array] | provenance | MaD:28 | +| UnsafeTLS.go:344:40:344:43 | selection of ID | UnsafeTLS.go:344:19:344:44 | []type{args} [array] | provenance | | | UnsafeTLS.go:351:13:351:38 | call to InsecureCipherSuites | UnsafeTLS.go:353:40:353:51 | selection of ID | provenance | | -| UnsafeTLS.go:353:19:353:52 | call to append | UnsafeTLS.go:353:26:353:37 | cipherSuites | provenance | | +| UnsafeTLS.go:353:19:353:52 | []type{args} [array] | UnsafeTLS.go:353:19:353:52 | call to append | provenance | MaD:29 | +| UnsafeTLS.go:353:19:353:52 | []type{args} [array] | UnsafeTLS.go:353:19:353:52 | call to append [array] | provenance | MaD:29 | | UnsafeTLS.go:353:19:353:52 | call to append | UnsafeTLS.go:355:25:355:36 | cipherSuites | provenance | | -| UnsafeTLS.go:353:26:353:37 | cipherSuites | UnsafeTLS.go:353:19:353:52 | call to append | provenance | FunctionModel | -| UnsafeTLS.go:353:40:353:51 | selection of ID | UnsafeTLS.go:353:19:353:52 | call to append | provenance | FunctionModel | +| UnsafeTLS.go:353:19:353:52 | call to append [array] | UnsafeTLS.go:353:26:353:37 | cipherSuites [array] | provenance | | +| UnsafeTLS.go:353:26:353:37 | cipherSuites [array] | UnsafeTLS.go:353:19:353:52 | call to append | provenance | MaD:28 | +| UnsafeTLS.go:353:26:353:37 | cipherSuites [array] | UnsafeTLS.go:353:19:353:52 | call to append [array] | provenance | MaD:28 | +| UnsafeTLS.go:353:40:353:51 | selection of ID | UnsafeTLS.go:353:19:353:52 | []type{args} [array] | provenance | | | UnsafeTLS.go:363:5:363:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:362:18:364:4 | slice literal | provenance | | | UnsafeTLS.go:371:5:371:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:370:18:372:4 | slice literal | provenance | | | UnsafeTLS.go:379:5:379:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | UnsafeTLS.go:378:18:380:4 | slice literal | provenance | | @@ -99,19 +107,25 @@ nodes | UnsafeTLS.go:305:5:305:47 | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | | UnsafeTLS.go:312:18:314:4 | slice literal | semmle.label | slice literal | | UnsafeTLS.go:313:5:313:45 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | +| UnsafeTLS.go:329:25:329:94 | []type{args} [array] | semmle.label | []type{args} [array] | | UnsafeTLS.go:329:25:329:94 | call to append | semmle.label | call to append | | UnsafeTLS.go:329:53:329:93 | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | semmle.label | selection of TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | | UnsafeTLS.go:334:13:334:38 | call to InsecureCipherSuites | semmle.label | call to InsecureCipherSuites | +| UnsafeTLS.go:336:26:336:58 | []type{args} [array] | semmle.label | []type{args} [array] | | UnsafeTLS.go:336:26:336:58 | call to append | semmle.label | call to append | | UnsafeTLS.go:336:54:336:57 | selection of ID | semmle.label | selection of ID | | UnsafeTLS.go:342:13:342:38 | call to InsecureCipherSuites | semmle.label | call to InsecureCipherSuites | +| UnsafeTLS.go:344:19:344:44 | []type{args} [array] | semmle.label | []type{args} [array] | | UnsafeTLS.go:344:19:344:44 | call to append | semmle.label | call to append | -| UnsafeTLS.go:344:26:344:37 | cipherSuites | semmle.label | cipherSuites | +| UnsafeTLS.go:344:19:344:44 | call to append [array] | semmle.label | call to append [array] | +| UnsafeTLS.go:344:26:344:37 | cipherSuites [array] | semmle.label | cipherSuites [array] | | UnsafeTLS.go:344:40:344:43 | selection of ID | semmle.label | selection of ID | | UnsafeTLS.go:346:25:346:36 | cipherSuites | semmle.label | cipherSuites | | UnsafeTLS.go:351:13:351:38 | call to InsecureCipherSuites | semmle.label | call to InsecureCipherSuites | +| UnsafeTLS.go:353:19:353:52 | []type{args} [array] | semmle.label | []type{args} [array] | | UnsafeTLS.go:353:19:353:52 | call to append | semmle.label | call to append | -| UnsafeTLS.go:353:26:353:37 | cipherSuites | semmle.label | cipherSuites | +| UnsafeTLS.go:353:19:353:52 | call to append [array] | semmle.label | call to append [array] | +| UnsafeTLS.go:353:26:353:37 | cipherSuites [array] | semmle.label | cipherSuites [array] | | UnsafeTLS.go:353:40:353:51 | selection of ID | semmle.label | selection of ID | | UnsafeTLS.go:355:25:355:36 | cipherSuites | semmle.label | cipherSuites | | UnsafeTLS.go:362:18:364:4 | slice literal | semmle.label | slice literal | From ab5e1f8a69a725956f86bdcef67db8ab4ffe8354 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 14 May 2024 12:40:24 +0100 Subject: [PATCH 15/16] Fix models for `min` and `max` and improve tests Although the documentation makes them look variadic (and generic), they are actually special-cased in the compiler. Like all built-in functions they don't have a signature type, but the type of `min(a, b, c)` is `func(int, int, int) int` and not `func(int, ...int) int`. Go doesn't allow open-ended ranges for argument indices in models-as-data specifications (though Ruby and Python do), so I've used `1..1000`. --- go/ql/lib/ext/builtin.model.yml | 6 ++---- .../dataflow/ExternalValueFlow/sinks.expected | 6 ++++++ .../dataflow/ExternalValueFlow/steps.expected | 18 ++++++++++++++++++ .../go/dataflow/ExternalValueFlow/test.go | 8 ++++++++ .../dataflow/FlowSteps/LocalFlowStep.expected | 2 ++ 5 files changed, 36 insertions(+), 4 deletions(-) diff --git a/go/ql/lib/ext/builtin.model.yml b/go/ql/lib/ext/builtin.model.yml index d8fe093ecf10..37002f037ab8 100644 --- a/go/ql/lib/ext/builtin.model.yml +++ b/go/ql/lib/ext/builtin.model.yml @@ -6,7 +6,5 @@ extensions: - ["", "", False, "append", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"] - ["", "", False, "append", "", "", "Argument[1].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"] - ["", "", False, "copy", "", "", "Argument[1].ArrayElement", "Argument[0].ArrayElement", "value", "manual"] - - ["", "", False, "max", "", "", "Argument[0]", "ReturnValue", "value", "manual"] - - ["", "", False, "max", "", "", "Argument[1]", "ReturnValue", "value", "manual"] - - ["", "", False, "min", "", "", "Argument[0]", "ReturnValue", "value", "manual"] - - ["", "", False, "min", "", "", "Argument[1]", "ReturnValue", "value", "manual"] + - ["", "", False, "max", "", "", "Argument[0..1000]", "ReturnValue", "value", "manual"] + - ["", "", False, "min", "", "", "Argument[0..1000]", "ReturnValue", "value", "manual"] diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.expected index fd67fbe1c0de..3e058c30bb10 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.expected @@ -34,3 +34,9 @@ invalidModelRow | test.go:170:17:170:20 | arg1 | qltest | | test.go:170:23:170:26 | arg2 | qltest | | test.go:170:29:170:32 | arg3 | qltest | +| test.go:173:10:173:26 | call to max | qltest | +| test.go:174:10:174:26 | call to max | qltest | +| test.go:175:10:175:26 | call to max | qltest | +| test.go:176:10:176:26 | call to min | qltest | +| test.go:177:10:177:26 | call to min | qltest | +| test.go:178:10:178:26 | call to min | qltest | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.expected index 9173869eac95..9db387aad243 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.expected @@ -14,3 +14,21 @@ invalidModelRow | test.go:74:13:74:25 | type assertion | test.go:74:12:74:40 | call to StepQualRes | | test.go:78:3:78:15 | type assertion | test.go:77:6:77:11 | definition of taint6 | | test.go:81:34:81:36 | src | test.go:81:12:81:37 | call to StepArgResNoQual | +| test.go:173:14:173:19 | srcInt | test.go:173:10:173:26 | call to max | +| test.go:173:22:173:22 | 0 | test.go:173:10:173:26 | call to max | +| test.go:173:25:173:25 | 1 | test.go:173:10:173:26 | call to max | +| test.go:174:14:174:14 | 0 | test.go:174:10:174:26 | call to max | +| test.go:174:17:174:22 | srcInt | test.go:174:10:174:26 | call to max | +| test.go:174:25:174:25 | 1 | test.go:174:10:174:26 | call to max | +| test.go:175:14:175:14 | 0 | test.go:175:10:175:26 | call to max | +| test.go:175:17:175:17 | 1 | test.go:175:10:175:26 | call to max | +| test.go:175:20:175:25 | srcInt | test.go:175:10:175:26 | call to max | +| test.go:176:14:176:19 | srcInt | test.go:176:10:176:26 | call to min | +| test.go:176:22:176:22 | 0 | test.go:176:10:176:26 | call to min | +| test.go:176:25:176:25 | 1 | test.go:176:10:176:26 | call to min | +| test.go:177:14:177:14 | 0 | test.go:177:10:177:26 | call to min | +| test.go:177:17:177:22 | srcInt | test.go:177:10:177:26 | call to min | +| test.go:177:25:177:25 | 1 | test.go:177:10:177:26 | call to min | +| test.go:178:14:178:14 | 0 | test.go:178:10:178:26 | call to min | +| test.go:178:17:178:17 | 1 | test.go:178:10:178:26 | call to min | +| test.go:178:20:178:25 | srcInt | test.go:178:10:178:26 | call to min | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go index 143fb3fa825e..a2e96738caca 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go @@ -168,4 +168,12 @@ func simpleflow() { arg3 := src arg4 := src b.SinkManyArgs(arg1, arg2, arg3, arg4) // $ hasValueFlow="arg1" hasValueFlow="arg2" hasValueFlow="arg3" + + var srcInt int = src.(int) + b.Sink1(max(srcInt, 0, 1)) // $ hasValueFlow="call to max" + b.Sink1(max(0, srcInt, 1)) // $ hasValueFlow="call to max" + b.Sink1(max(0, 1, srcInt)) // $ hasValueFlow="call to max" + b.Sink1(min(srcInt, 0, 1)) // $ hasValueFlow="call to min" + b.Sink1(min(0, srcInt, 1)) // $ hasValueFlow="call to min" + b.Sink1(min(0, 1, srcInt)) // $ hasValueFlow="call to min" } diff --git a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected index 8f1e7ef04368..928d7a9f3949 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected @@ -127,10 +127,12 @@ | main.go:64:7:64:18 | call to min | main.go:64:2:64:2 | definition of a | | main.go:64:11:64:11 | x | main.go:64:7:64:18 | call to min | | main.go:64:14:64:14 | y | main.go:64:7:64:18 | call to min | +| main.go:64:17:64:17 | z | main.go:64:7:64:18 | call to min | | main.go:65:2:65:2 | definition of b | main.go:66:12:66:12 | b | | main.go:65:7:65:18 | call to max | main.go:65:2:65:2 | definition of b | | main.go:65:11:65:11 | x | main.go:65:7:65:18 | call to max | | main.go:65:14:65:14 | y | main.go:65:7:65:18 | call to max | +| main.go:65:17:65:17 | z | main.go:65:7:65:18 | call to max | | strings.go:8:12:8:12 | argument corresponding to s | strings.go:8:12:8:12 | definition of s | | strings.go:8:12:8:12 | definition of s | strings.go:9:24:9:24 | s | | strings.go:8:12:8:12 | definition of s | strings.go:10:27:10:27 | s | From 827d15aaa0f7f6b1a95cbcb593eef899ae6b9fbc Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 14 May 2024 14:18:12 +0100 Subject: [PATCH 16/16] Test changes due to model renumbering --- .../CWE-090/LDAPInjection.expected | 28 ++++---- .../test/experimental/CWE-203/Timing.expected | 6 +- .../CWE-287/ImproperLdapAuth.expected | 2 +- .../CWE-369/DivideByZero.expected | 12 ++-- .../DecompressionBombs.expected | 10 +-- .../experimental/CWE-74/DsnInjection.expected | 4 +- .../CWE-74/DsnInjectionLocal.expected | 4 +- .../HTMLTemplateEscapingPassthrough.expected | 26 ++++---- go/ql/test/experimental/CWE-918/SSRF.expected | 32 +++++----- .../DefaultSanitizer.expected | 2 +- .../go/frameworks/Beego/ReflectedXss.expected | 46 ++++++------- .../go/frameworks/Beego/TaintedPath.expected | 2 +- .../frameworks/BeegoOrm/SqlInjection.expected | 64 +++++++++---------- .../go/frameworks/Echo/ReflectedXss.expected | 14 ++-- .../go/frameworks/Encoding/jsoniter.expected | 8 +-- .../go/frameworks/Revel/ReflectedXss.expected | 6 +- .../go/frameworks/Revel/TaintedPath.expected | 4 +- .../frameworks/Twirp/RequestForgery.expected | 4 +- .../frameworks/XNetHtml/ReflectedXss.expected | 38 +++++------ .../frameworks/XNetHtml/SqlInjection.expected | 4 +- .../Security/CWE-022/TaintedPath.expected | 4 +- .../Security/CWE-022/ZipSlip.expected | 4 +- .../CWE-078/CommandInjection.expected | 10 +-- .../Security/CWE-079/ReflectedXss.expected | 42 ++++++------ .../Security/CWE-089/SqlInjection.expected | 48 +++++++------- .../Security/CWE-089/StringBreak.expected | 4 +- .../InsecureRandomness.expected | 4 +- .../CWE-347/MissingJwtSignatureCheck.expected | 14 ++-- .../BadRedirectCheck.expected | 4 +- .../OpenUrlRedirect/OpenUrlRedirect.expected | 4 +- .../Security/CWE-640/EmailInjection.expected | 26 ++++---- .../Security/CWE-643/XPathInjection.expected | 24 +++---- .../Security/CWE-918/RequestForgery.expected | 36 +++++------ 33 files changed, 270 insertions(+), 270 deletions(-) diff --git a/go/ql/test/experimental/CWE-090/LDAPInjection.expected b/go/ql/test/experimental/CWE-090/LDAPInjection.expected index c657d190f5bf..050f48cca808 100644 --- a/go/ql/test/experimental/CWE-090/LDAPInjection.expected +++ b/go/ql/test/experimental/CWE-090/LDAPInjection.expected @@ -1,18 +1,18 @@ edges -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:59:3:59:11 | untrusted | provenance | Src:MaD:676 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:61:3:61:51 | ...+... | provenance | Src:MaD:676 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:3:62:33 | slice literal | provenance | Src:MaD:676 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:24:62:32 | untrusted | provenance | Src:MaD:676 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:66:3:66:11 | untrusted | provenance | Src:MaD:676 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:68:3:68:51 | ...+... | provenance | Src:MaD:676 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:3:69:33 | slice literal | provenance | Src:MaD:676 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:24:69:32 | untrusted | provenance | Src:MaD:676 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:73:3:73:11 | untrusted | provenance | Src:MaD:676 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:75:3:75:51 | ...+... | provenance | Src:MaD:676 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:3:76:33 | slice literal | provenance | Src:MaD:676 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:24:76:32 | untrusted | provenance | Src:MaD:676 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:80:22:80:30 | untrusted | provenance | Src:MaD:676 | -| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:81:25:81:33 | untrusted | provenance | Src:MaD:676 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:59:3:59:11 | untrusted | provenance | Src:MaD:674 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:61:3:61:51 | ...+... | provenance | Src:MaD:674 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:3:62:33 | slice literal | provenance | Src:MaD:674 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:24:62:32 | untrusted | provenance | Src:MaD:674 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:66:3:66:11 | untrusted | provenance | Src:MaD:674 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:68:3:68:51 | ...+... | provenance | Src:MaD:674 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:3:69:33 | slice literal | provenance | Src:MaD:674 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:24:69:32 | untrusted | provenance | Src:MaD:674 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:73:3:73:11 | untrusted | provenance | Src:MaD:674 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:75:3:75:51 | ...+... | provenance | Src:MaD:674 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:3:76:33 | slice literal | provenance | Src:MaD:674 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:24:76:32 | untrusted | provenance | Src:MaD:674 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:80:22:80:30 | untrusted | provenance | Src:MaD:674 | +| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:81:25:81:33 | untrusted | provenance | Src:MaD:674 | | LDAPInjection.go:62:3:62:33 | slice literal [array] | LDAPInjection.go:62:3:62:33 | slice literal | provenance | | | LDAPInjection.go:62:24:62:32 | untrusted | LDAPInjection.go:62:3:62:33 | slice literal [array] | provenance | | | LDAPInjection.go:69:3:69:33 | slice literal [array] | LDAPInjection.go:69:3:69:33 | slice literal | provenance | | diff --git a/go/ql/test/experimental/CWE-203/Timing.expected b/go/ql/test/experimental/CWE-203/Timing.expected index 654620bd3db2..67abd2d9fdf9 100644 --- a/go/ql/test/experimental/CWE-203/Timing.expected +++ b/go/ql/test/experimental/CWE-203/Timing.expected @@ -1,9 +1,9 @@ edges -| timing.go:15:18:15:27 | selection of Header | timing.go:15:18:15:45 | call to Get | provenance | MaD:657 | +| timing.go:15:18:15:27 | selection of Header | timing.go:15:18:15:45 | call to Get | provenance | MaD:655 | | timing.go:15:18:15:45 | call to Get | timing.go:17:31:17:42 | headerSecret | provenance | | -| timing.go:28:18:28:27 | selection of Header | timing.go:28:18:28:45 | call to Get | provenance | MaD:657 | +| timing.go:28:18:28:27 | selection of Header | timing.go:28:18:28:45 | call to Get | provenance | MaD:655 | | timing.go:28:18:28:45 | call to Get | timing.go:30:47:30:58 | headerSecret | provenance | | -| timing.go:41:18:41:27 | selection of Header | timing.go:41:18:41:45 | call to Get | provenance | MaD:657 | +| timing.go:41:18:41:27 | selection of Header | timing.go:41:18:41:45 | call to Get | provenance | MaD:655 | | timing.go:41:18:41:45 | call to Get | timing.go:42:25:42:36 | headerSecret | provenance | | nodes | timing.go:15:18:15:27 | selection of Header | semmle.label | selection of Header | diff --git a/go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected b/go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected index 71d6b12625e6..93ac9a342095 100644 --- a/go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected +++ b/go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected @@ -1,5 +1,5 @@ edges -| ImproperLdapAuth.go:18:18:18:24 | selection of URL | ImproperLdapAuth.go:18:18:18:32 | call to Query | provenance | MaD:737 | +| ImproperLdapAuth.go:18:18:18:24 | selection of URL | ImproperLdapAuth.go:18:18:18:32 | call to Query | provenance | MaD:735 | | ImproperLdapAuth.go:18:18:18:32 | call to Query | ImproperLdapAuth.go:28:23:28:34 | bindPassword | provenance | | | ImproperLdapAuth.go:87:18:87:19 | "" | ImproperLdapAuth.go:97:23:97:34 | bindPassword | provenance | | nodes diff --git a/go/ql/test/experimental/CWE-369/DivideByZero.expected b/go/ql/test/experimental/CWE-369/DivideByZero.expected index 2d3226636c08..41317f62b421 100644 --- a/go/ql/test/experimental/CWE-369/DivideByZero.expected +++ b/go/ql/test/experimental/CWE-369/DivideByZero.expected @@ -1,24 +1,24 @@ edges -| DivideByZero.go:10:12:10:16 | selection of URL | DivideByZero.go:10:12:10:24 | call to Query | provenance | MaD:737 | +| DivideByZero.go:10:12:10:16 | selection of URL | DivideByZero.go:10:12:10:24 | call to Query | provenance | MaD:735 | | DivideByZero.go:10:12:10:24 | call to Query | DivideByZero.go:11:27:11:32 | param1 | provenance | | | DivideByZero.go:11:2:11:33 | ... := ...[0] | DivideByZero.go:12:16:12:20 | value | provenance | | | DivideByZero.go:11:27:11:32 | param1 | DivideByZero.go:11:2:11:33 | ... := ...[0] | provenance | | -| DivideByZero.go:17:12:17:16 | selection of URL | DivideByZero.go:17:12:17:24 | call to Query | provenance | MaD:737 | +| DivideByZero.go:17:12:17:16 | selection of URL | DivideByZero.go:17:12:17:24 | call to Query | provenance | MaD:735 | | DivideByZero.go:17:12:17:24 | call to Query | DivideByZero.go:18:11:18:24 | type conversion | provenance | | | DivideByZero.go:18:11:18:24 | type conversion | DivideByZero.go:19:16:19:20 | value | provenance | | -| DivideByZero.go:24:12:24:16 | selection of URL | DivideByZero.go:24:12:24:24 | call to Query | provenance | MaD:737 | +| DivideByZero.go:24:12:24:16 | selection of URL | DivideByZero.go:24:12:24:24 | call to Query | provenance | MaD:735 | | DivideByZero.go:24:12:24:24 | call to Query | DivideByZero.go:25:31:25:36 | param1 | provenance | | | DivideByZero.go:25:2:25:45 | ... := ...[0] | DivideByZero.go:26:16:26:20 | value | provenance | | | DivideByZero.go:25:31:25:36 | param1 | DivideByZero.go:25:2:25:45 | ... := ...[0] | provenance | | -| DivideByZero.go:31:12:31:16 | selection of URL | DivideByZero.go:31:12:31:24 | call to Query | provenance | MaD:737 | +| DivideByZero.go:31:12:31:16 | selection of URL | DivideByZero.go:31:12:31:24 | call to Query | provenance | MaD:735 | | DivideByZero.go:31:12:31:24 | call to Query | DivideByZero.go:32:33:32:38 | param1 | provenance | | | DivideByZero.go:32:2:32:43 | ... := ...[0] | DivideByZero.go:33:16:33:20 | value | provenance | | | DivideByZero.go:32:33:32:38 | param1 | DivideByZero.go:32:2:32:43 | ... := ...[0] | provenance | | -| DivideByZero.go:38:12:38:16 | selection of URL | DivideByZero.go:38:12:38:24 | call to Query | provenance | MaD:737 | +| DivideByZero.go:38:12:38:16 | selection of URL | DivideByZero.go:38:12:38:24 | call to Query | provenance | MaD:735 | | DivideByZero.go:38:12:38:24 | call to Query | DivideByZero.go:39:32:39:37 | param1 | provenance | | | DivideByZero.go:39:2:39:46 | ... := ...[0] | DivideByZero.go:40:16:40:20 | value | provenance | | | DivideByZero.go:39:32:39:37 | param1 | DivideByZero.go:39:2:39:46 | ... := ...[0] | provenance | | -| DivideByZero.go:54:12:54:16 | selection of URL | DivideByZero.go:54:12:54:24 | call to Query | provenance | MaD:737 | +| DivideByZero.go:54:12:54:16 | selection of URL | DivideByZero.go:54:12:54:24 | call to Query | provenance | MaD:735 | | DivideByZero.go:54:12:54:24 | call to Query | DivideByZero.go:55:11:55:24 | type conversion | provenance | | | DivideByZero.go:55:11:55:24 | type conversion | DivideByZero.go:57:17:57:21 | value | provenance | | nodes diff --git a/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected b/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected index d721e3f12deb..c396fc4e9ba6 100644 --- a/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected +++ b/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected @@ -1,5 +1,5 @@ edges -| test.go:59:16:59:44 | call to FormValue | test.go:128:20:128:27 | definition of filename | provenance | Src:MaD:672 | +| test.go:59:16:59:44 | call to FormValue | test.go:128:20:128:27 | definition of filename | provenance | Src:MaD:670 | | test.go:60:15:60:26 | selection of Body | test.go:158:19:158:22 | definition of file | provenance | | | test.go:61:24:61:35 | selection of Body | test.go:169:28:169:31 | definition of file | provenance | | | test.go:62:13:62:24 | selection of Body | test.go:181:17:181:20 | definition of file | provenance | | @@ -34,18 +34,18 @@ edges | test.go:145:12:145:19 | call to Open | test.go:147:37:147:38 | rc | provenance | | | test.go:158:19:158:22 | definition of file | test.go:159:25:159:28 | file | provenance | | | test.go:159:2:159:29 | ... := ...[0] | test.go:160:48:160:52 | file1 | provenance | | -| test.go:159:25:159:28 | file | test.go:159:2:159:29 | ... := ...[0] | provenance | MaD:549 | +| test.go:159:25:159:28 | file | test.go:159:2:159:29 | ... := ...[0] | provenance | MaD:547 | | test.go:160:2:160:69 | ... := ...[0] | test.go:163:26:163:29 | file | provenance | | | test.go:160:32:160:53 | call to NewReader | test.go:160:2:160:69 | ... := ...[0] | provenance | | -| test.go:160:48:160:52 | file1 | test.go:160:32:160:53 | call to NewReader | provenance | MaD:45 | +| test.go:160:48:160:52 | file1 | test.go:160:32:160:53 | call to NewReader | provenance | MaD:43 | | test.go:163:3:163:36 | ... := ...[0] | test.go:164:36:164:51 | fileReaderCloser | provenance | | | test.go:163:26:163:29 | file | test.go:163:3:163:36 | ... := ...[0] | provenance | MaD:8 | | test.go:169:28:169:31 | definition of file | test.go:170:25:170:28 | file | provenance | | | test.go:170:2:170:29 | ... := ...[0] | test.go:171:57:171:61 | file2 | provenance | | -| test.go:170:25:170:28 | file | test.go:170:2:170:29 | ... := ...[0] | provenance | MaD:549 | +| test.go:170:25:170:28 | file | test.go:170:2:170:29 | ... := ...[0] | provenance | MaD:547 | | test.go:171:2:171:78 | ... := ...[0] | test.go:175:26:175:29 | file | provenance | | | test.go:171:41:171:62 | call to NewReader | test.go:171:2:171:78 | ... := ...[0] | provenance | | -| test.go:171:57:171:61 | file2 | test.go:171:41:171:62 | call to NewReader | provenance | MaD:45 | +| test.go:171:57:171:61 | file2 | test.go:171:41:171:62 | call to NewReader | provenance | MaD:43 | | test.go:175:26:175:29 | file | test.go:175:26:175:36 | call to Open | provenance | | | test.go:175:26:175:36 | call to Open | test.go:176:36:176:51 | fileReaderCloser | provenance | | | test.go:181:17:181:20 | definition of file | test.go:184:41:184:44 | file | provenance | | diff --git a/go/ql/test/experimental/CWE-74/DsnInjection.expected b/go/ql/test/experimental/CWE-74/DsnInjection.expected index c3777f22fda0..1be313aa048f 100644 --- a/go/ql/test/experimental/CWE-74/DsnInjection.expected +++ b/go/ql/test/experimental/CWE-74/DsnInjection.expected @@ -1,6 +1,6 @@ edges -| Dsn.go:47:10:47:30 | call to FormValue | Dsn.go:49:102:49:105 | name | provenance | Src:MaD:672 | -| Dsn.go:49:11:49:106 | []type{args} [array] | Dsn.go:49:11:49:106 | call to Sprintf | provenance | MaD:247 | +| Dsn.go:47:10:47:30 | call to FormValue | Dsn.go:49:102:49:105 | name | provenance | Src:MaD:670 | +| Dsn.go:49:11:49:106 | []type{args} [array] | Dsn.go:49:11:49:106 | call to Sprintf | provenance | MaD:245 | | Dsn.go:49:11:49:106 | call to Sprintf | Dsn.go:50:29:50:33 | dbDSN | provenance | | | Dsn.go:49:102:49:105 | name | Dsn.go:49:11:49:106 | []type{args} [array] | provenance | | | Dsn.go:49:102:49:105 | name | Dsn.go:49:11:49:106 | call to Sprintf | provenance | FunctionModel | diff --git a/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected b/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected index b9c6fa34b736..37070877267c 100644 --- a/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected +++ b/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected @@ -1,6 +1,6 @@ edges | Dsn.go:26:11:26:17 | selection of Args | Dsn.go:28:102:28:109 | index expression | provenance | | -| Dsn.go:28:11:28:110 | []type{args} [array] | Dsn.go:28:11:28:110 | call to Sprintf | provenance | MaD:247 | +| Dsn.go:28:11:28:110 | []type{args} [array] | Dsn.go:28:11:28:110 | call to Sprintf | provenance | MaD:245 | | Dsn.go:28:11:28:110 | call to Sprintf | Dsn.go:29:29:29:33 | dbDSN | provenance | | | Dsn.go:28:102:28:109 | index expression | Dsn.go:28:11:28:110 | []type{args} [array] | provenance | | | Dsn.go:28:102:28:109 | index expression | Dsn.go:28:11:28:110 | call to Sprintf | provenance | FunctionModel | @@ -12,7 +12,7 @@ edges | Dsn.go:63:9:63:11 | implicit dereference | Dsn.go:67:102:67:108 | selection of dsn | provenance | | | Dsn.go:63:19:63:25 | selection of Args | Dsn.go:63:19:63:29 | slice expression | provenance | | | Dsn.go:63:19:63:29 | slice expression | Dsn.go:63:9:63:11 | implicit dereference | provenance | FunctionModel | -| Dsn.go:67:11:67:109 | []type{args} [array] | Dsn.go:67:11:67:109 | call to Sprintf | provenance | MaD:247 | +| Dsn.go:67:11:67:109 | []type{args} [array] | Dsn.go:67:11:67:109 | call to Sprintf | provenance | MaD:245 | | Dsn.go:67:11:67:109 | call to Sprintf | Dsn.go:68:29:68:33 | dbDSN | provenance | | | Dsn.go:67:102:67:104 | cfg [pointer] | Dsn.go:67:102:67:104 | implicit dereference | provenance | | | Dsn.go:67:102:67:104 | implicit dereference | Dsn.go:63:9:63:11 | implicit dereference | provenance | | diff --git a/go/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.expected b/go/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.expected index 9488e442b584..bef600d18879 100644 --- a/go/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.expected +++ b/go/ql/test/experimental/CWE-79/HTMLTemplateEscapingPassthrough.expected @@ -1,28 +1,28 @@ edges | HTMLTemplateEscapingPassthrough.go:29:12:29:41 | type conversion | HTMLTemplateEscapingPassthrough.go:30:39:30:39 | a | provenance | | -| HTMLTemplateEscapingPassthrough.go:29:26:29:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:29:12:29:41 | type conversion | provenance | Src:MaD:676 | +| HTMLTemplateEscapingPassthrough.go:29:26:29:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:29:12:29:41 | type conversion | provenance | Src:MaD:674 | | HTMLTemplateEscapingPassthrough.go:35:9:35:38 | type conversion | HTMLTemplateEscapingPassthrough.go:36:40:36:40 | a | provenance | | -| HTMLTemplateEscapingPassthrough.go:35:23:35:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:35:9:35:38 | type conversion | provenance | Src:MaD:676 | +| HTMLTemplateEscapingPassthrough.go:35:23:35:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:35:9:35:38 | type conversion | provenance | Src:MaD:674 | | HTMLTemplateEscapingPassthrough.go:40:9:40:34 | type conversion | HTMLTemplateEscapingPassthrough.go:41:40:41:40 | a | provenance | | -| HTMLTemplateEscapingPassthrough.go:40:19:40:33 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:40:9:40:34 | type conversion | provenance | Src:MaD:676 | +| HTMLTemplateEscapingPassthrough.go:40:19:40:33 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:40:9:40:34 | type conversion | provenance | Src:MaD:674 | | HTMLTemplateEscapingPassthrough.go:46:11:46:44 | type conversion | HTMLTemplateEscapingPassthrough.go:47:41:47:41 | c | provenance | | -| HTMLTemplateEscapingPassthrough.go:46:29:46:43 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:46:11:46:44 | type conversion | provenance | Src:MaD:676 | +| HTMLTemplateEscapingPassthrough.go:46:29:46:43 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:46:11:46:44 | type conversion | provenance | Src:MaD:674 | | HTMLTemplateEscapingPassthrough.go:50:11:50:38 | type conversion | HTMLTemplateEscapingPassthrough.go:51:44:51:44 | d | provenance | | -| HTMLTemplateEscapingPassthrough.go:50:23:50:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:50:11:50:38 | type conversion | provenance | Src:MaD:676 | +| HTMLTemplateEscapingPassthrough.go:50:23:50:37 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:50:11:50:38 | type conversion | provenance | Src:MaD:674 | | HTMLTemplateEscapingPassthrough.go:54:11:54:41 | type conversion | HTMLTemplateEscapingPassthrough.go:55:44:55:44 | e | provenance | | -| HTMLTemplateEscapingPassthrough.go:54:26:54:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:54:11:54:41 | type conversion | provenance | Src:MaD:676 | +| HTMLTemplateEscapingPassthrough.go:54:26:54:40 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:54:11:54:41 | type conversion | provenance | Src:MaD:674 | | HTMLTemplateEscapingPassthrough.go:58:11:58:39 | type conversion | HTMLTemplateEscapingPassthrough.go:59:38:59:38 | b | provenance | | -| HTMLTemplateEscapingPassthrough.go:58:24:58:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:58:11:58:39 | type conversion | provenance | Src:MaD:676 | +| HTMLTemplateEscapingPassthrough.go:58:24:58:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:58:11:58:39 | type conversion | provenance | Src:MaD:674 | | HTMLTemplateEscapingPassthrough.go:62:11:62:42 | type conversion | HTMLTemplateEscapingPassthrough.go:63:44:63:44 | f | provenance | | -| HTMLTemplateEscapingPassthrough.go:62:27:62:41 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:62:11:62:42 | type conversion | provenance | Src:MaD:676 | +| HTMLTemplateEscapingPassthrough.go:62:27:62:41 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:62:11:62:42 | type conversion | provenance | Src:MaD:674 | | HTMLTemplateEscapingPassthrough.go:66:11:66:39 | type conversion | HTMLTemplateEscapingPassthrough.go:67:38:67:38 | g | provenance | | -| HTMLTemplateEscapingPassthrough.go:66:24:66:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:66:11:66:39 | type conversion | provenance | Src:MaD:676 | -| HTMLTemplateEscapingPassthrough.go:75:17:75:31 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:76:38:76:44 | escaped | provenance | Src:MaD:676 | -| HTMLTemplateEscapingPassthrough.go:81:10:81:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:84:38:84:40 | src | provenance | Src:MaD:676 | -| HTMLTemplateEscapingPassthrough.go:89:10:89:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:91:64:91:66 | src | provenance | Src:MaD:676 | +| HTMLTemplateEscapingPassthrough.go:66:24:66:38 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:66:11:66:39 | type conversion | provenance | Src:MaD:674 | +| HTMLTemplateEscapingPassthrough.go:75:17:75:31 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:76:38:76:44 | escaped | provenance | Src:MaD:674 | +| HTMLTemplateEscapingPassthrough.go:81:10:81:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:84:38:84:40 | src | provenance | Src:MaD:674 | +| HTMLTemplateEscapingPassthrough.go:89:10:89:24 | call to UserAgent | HTMLTemplateEscapingPassthrough.go:91:64:91:66 | src | provenance | Src:MaD:674 | | HTMLTemplateEscapingPassthrough.go:91:16:91:77 | type conversion | HTMLTemplateEscapingPassthrough.go:92:38:92:46 | converted | provenance | | | HTMLTemplateEscapingPassthrough.go:91:38:91:67 | call to HTMLEscapeString | HTMLTemplateEscapingPassthrough.go:91:16:91:77 | type conversion | provenance | | -| HTMLTemplateEscapingPassthrough.go:91:64:91:66 | src | HTMLTemplateEscapingPassthrough.go:91:38:91:67 | call to HTMLEscapeString | provenance | MaD:524 | +| HTMLTemplateEscapingPassthrough.go:91:64:91:66 | src | HTMLTemplateEscapingPassthrough.go:91:38:91:67 | call to HTMLEscapeString | provenance | MaD:522 | nodes | HTMLTemplateEscapingPassthrough.go:29:12:29:41 | type conversion | semmle.label | type conversion | | HTMLTemplateEscapingPassthrough.go:29:26:29:40 | call to UserAgent | semmle.label | call to UserAgent | diff --git a/go/ql/test/experimental/CWE-918/SSRF.expected b/go/ql/test/experimental/CWE-918/SSRF.expected index 0f87bc3bb617..0f286ee27606 100644 --- a/go/ql/test/experimental/CWE-918/SSRF.expected +++ b/go/ql/test/experimental/CWE-918/SSRF.expected @@ -1,44 +1,44 @@ edges -| builtin.go:19:12:19:34 | call to FormValue | builtin.go:22:21:22:62 | ...+... | provenance | Src:MaD:672 | -| builtin.go:83:21:83:31 | call to Referer | builtin.go:88:27:88:40 | untrustedInput | provenance | Src:MaD:675 | -| builtin.go:97:21:97:31 | call to Referer | builtin.go:101:36:101:49 | untrustedInput | provenance | Src:MaD:675 | -| builtin.go:111:21:111:31 | call to Referer | builtin.go:114:15:114:28 | untrustedInput | provenance | Src:MaD:675 | -| builtin.go:129:21:129:31 | call to Referer | builtin.go:132:38:132:51 | untrustedInput | provenance | Src:MaD:675 | +| builtin.go:19:12:19:34 | call to FormValue | builtin.go:22:21:22:62 | ...+... | provenance | Src:MaD:670 | +| builtin.go:83:21:83:31 | call to Referer | builtin.go:88:27:88:40 | untrustedInput | provenance | Src:MaD:673 | +| builtin.go:97:21:97:31 | call to Referer | builtin.go:101:36:101:49 | untrustedInput | provenance | Src:MaD:673 | +| builtin.go:111:21:111:31 | call to Referer | builtin.go:114:15:114:28 | untrustedInput | provenance | Src:MaD:673 | +| builtin.go:129:21:129:31 | call to Referer | builtin.go:132:38:132:51 | untrustedInput | provenance | Src:MaD:673 | | new-tests.go:26:26:26:30 | &... | new-tests.go:31:48:31:56 | selection of word | provenance | | | new-tests.go:26:26:26:30 | &... | new-tests.go:32:48:32:56 | selection of safe | provenance | | | new-tests.go:26:26:26:30 | &... | new-tests.go:35:49:35:57 | selection of word | provenance | | -| new-tests.go:31:11:31:57 | []type{args} [array] | new-tests.go:31:11:31:57 | call to Sprintf | provenance | MaD:247 | +| new-tests.go:31:11:31:57 | []type{args} [array] | new-tests.go:31:11:31:57 | call to Sprintf | provenance | MaD:245 | | new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | []type{args} [array] | provenance | | | new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | call to Sprintf | provenance | FunctionModel | -| new-tests.go:32:11:32:57 | []type{args} [array] | new-tests.go:32:11:32:57 | call to Sprintf | provenance | MaD:247 | +| new-tests.go:32:11:32:57 | []type{args} [array] | new-tests.go:32:11:32:57 | call to Sprintf | provenance | MaD:245 | | new-tests.go:32:48:32:56 | selection of safe | new-tests.go:32:11:32:57 | []type{args} [array] | provenance | | | new-tests.go:32:48:32:56 | selection of safe | new-tests.go:32:11:32:57 | call to Sprintf | provenance | FunctionModel | -| new-tests.go:35:12:35:58 | []type{args} [array] | new-tests.go:35:12:35:58 | call to Sprintf | provenance | MaD:247 | +| new-tests.go:35:12:35:58 | []type{args} [array] | new-tests.go:35:12:35:58 | call to Sprintf | provenance | MaD:245 | | new-tests.go:35:49:35:57 | selection of word | new-tests.go:35:12:35:58 | []type{args} [array] | provenance | | | new-tests.go:35:49:35:57 | selection of word | new-tests.go:35:12:35:58 | call to Sprintf | provenance | FunctionModel | | new-tests.go:39:18:39:30 | call to Param | new-tests.go:47:11:47:46 | ...+... | provenance | | | new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... | provenance | | | new-tests.go:62:2:62:39 | ... := ...[0] | new-tests.go:63:17:63:23 | reqBody | provenance | | -| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] | provenance | MaD:542 | -| new-tests.go:63:17:63:23 | reqBody | new-tests.go:63:26:63:30 | &... | provenance | MaD:186 | +| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] | provenance | MaD:540 | +| new-tests.go:63:17:63:23 | reqBody | new-tests.go:63:26:63:30 | &... | provenance | MaD:184 | | new-tests.go:63:26:63:30 | &... | new-tests.go:68:48:68:56 | selection of word | provenance | | | new-tests.go:63:26:63:30 | &... | new-tests.go:69:48:69:56 | selection of safe | provenance | | | new-tests.go:63:26:63:30 | &... | new-tests.go:74:49:74:57 | selection of word | provenance | | -| new-tests.go:68:11:68:57 | []type{args} [array] | new-tests.go:68:11:68:57 | call to Sprintf | provenance | MaD:247 | +| new-tests.go:68:11:68:57 | []type{args} [array] | new-tests.go:68:11:68:57 | call to Sprintf | provenance | MaD:245 | | new-tests.go:68:48:68:56 | selection of word | new-tests.go:68:11:68:57 | []type{args} [array] | provenance | | | new-tests.go:68:48:68:56 | selection of word | new-tests.go:68:11:68:57 | call to Sprintf | provenance | FunctionModel | -| new-tests.go:69:11:69:57 | []type{args} [array] | new-tests.go:69:11:69:57 | call to Sprintf | provenance | MaD:247 | +| new-tests.go:69:11:69:57 | []type{args} [array] | new-tests.go:69:11:69:57 | call to Sprintf | provenance | MaD:245 | | new-tests.go:69:48:69:56 | selection of safe | new-tests.go:69:11:69:57 | []type{args} [array] | provenance | | | new-tests.go:69:48:69:56 | selection of safe | new-tests.go:69:11:69:57 | call to Sprintf | provenance | FunctionModel | -| new-tests.go:74:12:74:58 | []type{args} [array] | new-tests.go:74:12:74:58 | call to Sprintf | provenance | MaD:247 | +| new-tests.go:74:12:74:58 | []type{args} [array] | new-tests.go:74:12:74:58 | call to Sprintf | provenance | MaD:245 | | new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | []type{args} [array] | provenance | | | new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | call to Sprintf | provenance | FunctionModel | -| new-tests.go:78:18:78:24 | selection of URL | new-tests.go:78:18:78:32 | call to Query | provenance | MaD:737 | -| new-tests.go:78:18:78:32 | call to Query | new-tests.go:78:18:78:46 | call to Get | provenance | MaD:744 | +| new-tests.go:78:18:78:24 | selection of URL | new-tests.go:78:18:78:32 | call to Query | provenance | MaD:735 | +| new-tests.go:78:18:78:32 | call to Query | new-tests.go:78:18:78:46 | call to Get | provenance | MaD:742 | | new-tests.go:78:18:78:46 | call to Get | new-tests.go:79:11:79:46 | ...+... | provenance | | | new-tests.go:81:18:81:67 | call to TrimPrefix | new-tests.go:82:11:82:46 | ...+... | provenance | | | new-tests.go:81:37:81:43 | selection of URL | new-tests.go:81:37:81:48 | selection of Path | provenance | | -| new-tests.go:81:37:81:48 | selection of Path | new-tests.go:81:18:81:67 | call to TrimPrefix | provenance | MaD:860 | +| new-tests.go:81:37:81:48 | selection of Path | new-tests.go:81:18:81:67 | call to TrimPrefix | provenance | MaD:858 | | new-tests.go:86:10:86:20 | call to Vars | new-tests.go:88:11:88:46 | ...+... | provenance | | | new-tests.go:95:18:95:45 | call to URLParam | new-tests.go:96:11:96:46 | ...+... | provenance | | nodes diff --git a/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected b/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected index d5afe1570380..cbf4158c8386 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected @@ -1,6 +1,6 @@ edges | Builtin.go:6:2:6:2 | definition of b | Builtin.go:8:9:8:17 | type conversion | provenance | | -| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | MaD:555 | +| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | MaD:553 | nodes | Builtin.go:6:2:6:2 | definition of b | semmle.label | definition of b | | Builtin.go:7:2:7:15 | selection of Body | semmle.label | selection of Body | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected index 9be81aec8d3d..b8d86627021d 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected @@ -24,21 +24,21 @@ edges | test.go:199:15:199:26 | call to Data | test.go:204:36:204:53 | type assertion | provenance | | | test.go:199:15:199:26 | call to Data | test.go:205:34:205:51 | type assertion | provenance | | | test.go:200:21:200:54 | call to HTML2str | test.go:200:14:200:55 | type conversion | provenance | | -| test.go:200:36:200:53 | type assertion | test.go:200:21:200:54 | call to HTML2str | provenance | MaD:251 | +| test.go:200:36:200:53 | type assertion | test.go:200:21:200:54 | call to HTML2str | provenance | MaD:249 | | test.go:201:21:201:57 | call to Htmlunquote | test.go:201:14:201:58 | type conversion | provenance | | -| test.go:201:39:201:56 | type assertion | test.go:201:21:201:57 | call to Htmlunquote | provenance | MaD:253 | +| test.go:201:39:201:56 | type assertion | test.go:201:21:201:57 | call to Htmlunquote | provenance | MaD:251 | | test.go:202:2:202:68 | ... := ...[0] | test.go:203:14:203:28 | type assertion | provenance | | -| test.go:202:28:202:56 | type assertion | test.go:202:2:202:68 | ... := ...[0] | provenance | MaD:254 | +| test.go:202:28:202:56 | type assertion | test.go:202:2:202:68 | ... := ...[0] | provenance | MaD:252 | | test.go:204:21:204:54 | call to Str2html | test.go:204:14:204:55 | type conversion | provenance | | -| test.go:204:36:204:53 | type assertion | test.go:204:21:204:54 | call to Str2html | provenance | MaD:256 | +| test.go:204:36:204:53 | type assertion | test.go:204:21:204:54 | call to Str2html | provenance | MaD:254 | | test.go:205:21:205:58 | call to Substr | test.go:205:14:205:59 | type conversion | provenance | | -| test.go:205:34:205:51 | type assertion | test.go:205:21:205:58 | call to Substr | provenance | MaD:257 | +| test.go:205:34:205:51 | type assertion | test.go:205:21:205:58 | call to Substr | provenance | MaD:255 | | test.go:207:6:207:6 | definition of s | test.go:209:14:209:28 | type conversion | provenance | | -| test.go:208:18:208:33 | selection of Form | test.go:207:6:207:6 | definition of s | provenance | MaD:255 | +| test.go:208:18:208:33 | selection of Form | test.go:207:6:207:6 | definition of s | provenance | MaD:253 | | test.go:223:2:223:34 | ... := ...[0] | test.go:225:31:225:31 | f | provenance | | | test.go:223:2:223:34 | ... := ...[1] | test.go:224:14:224:32 | type conversion | provenance | | | test.go:225:2:225:32 | ... := ...[0] | test.go:226:14:226:20 | content | provenance | | -| test.go:225:31:225:31 | f | test.go:225:2:225:32 | ... := ...[0] | provenance | MaD:542 | +| test.go:225:31:225:31 | f | test.go:225:2:225:32 | ... := ...[0] | provenance | MaD:540 | | test.go:228:2:228:40 | ... := ...[0] | test.go:229:14:229:38 | type conversion | provenance | | | test.go:231:7:231:28 | call to GetString | test.go:232:14:232:22 | type conversion | provenance | | | test.go:234:8:234:35 | call to GetStrings | test.go:235:14:235:26 | type conversion | provenance | | @@ -66,39 +66,39 @@ edges | test.go:278:21:278:28 | index expression | test.go:276:2:276:13 | definition of genericFiles [array] | provenance | | | test.go:283:44:283:60 | selection of Filename | test.go:283:21:283:61 | call to GetDisplayString | provenance | FunctionModel | | test.go:284:21:284:53 | call to SliceChunk | test.go:284:21:284:92 | selection of Filename | provenance | | -| test.go:284:38:284:49 | genericFiles | test.go:284:21:284:53 | call to SliceChunk | provenance | MaD:265 | +| test.go:284:38:284:49 | genericFiles | test.go:284:21:284:53 | call to SliceChunk | provenance | MaD:263 | | test.go:285:21:285:60 | call to SliceDiff | test.go:285:21:285:96 | selection of Filename | provenance | | -| test.go:285:37:285:48 | genericFiles | test.go:285:21:285:60 | call to SliceDiff | provenance | MaD:266 | +| test.go:285:37:285:48 | genericFiles | test.go:285:21:285:60 | call to SliceDiff | provenance | MaD:264 | | test.go:290:3:292:44 | call to SliceFilter | test.go:290:3:292:80 | selection of Filename | provenance | | -| test.go:291:4:291:15 | genericFiles | test.go:290:3:292:44 | call to SliceFilter | provenance | MaD:267 | +| test.go:291:4:291:15 | genericFiles | test.go:290:3:292:44 | call to SliceFilter | provenance | MaD:265 | | test.go:293:21:293:65 | call to SliceIntersect | test.go:293:21:293:101 | selection of Filename | provenance | | -| test.go:293:42:293:53 | genericFiles | test.go:293:21:293:65 | call to SliceIntersect | provenance | MaD:268 | +| test.go:293:42:293:53 | genericFiles | test.go:293:21:293:65 | call to SliceIntersect | provenance | MaD:266 | | test.go:294:21:294:65 | call to SliceIntersect | test.go:294:21:294:101 | selection of Filename | provenance | | -| test.go:294:53:294:64 | genericFiles | test.go:294:21:294:65 | call to SliceIntersect | provenance | MaD:268 | +| test.go:294:53:294:64 | genericFiles | test.go:294:21:294:65 | call to SliceIntersect | provenance | MaD:266 | | test.go:295:21:295:61 | call to SliceMerge | test.go:295:21:295:97 | selection of Filename | provenance | | -| test.go:295:38:295:49 | genericFiles | test.go:295:21:295:61 | call to SliceMerge | provenance | MaD:269 | +| test.go:295:38:295:49 | genericFiles | test.go:295:21:295:61 | call to SliceMerge | provenance | MaD:267 | | test.go:296:21:296:61 | call to SliceMerge | test.go:296:21:296:97 | selection of Filename | provenance | | -| test.go:296:49:296:60 | genericFiles | test.go:296:21:296:61 | call to SliceMerge | provenance | MaD:269 | +| test.go:296:49:296:60 | genericFiles | test.go:296:21:296:61 | call to SliceMerge | provenance | MaD:267 | | test.go:297:21:297:66 | call to SlicePad | test.go:297:21:297:102 | selection of Filename | provenance | | | test.go:297:51:297:62 | genericFiles [array] | test.go:297:51:297:65 | index expression | provenance | | -| test.go:297:51:297:65 | index expression | test.go:297:21:297:66 | call to SlicePad | provenance | MaD:270 | +| test.go:297:51:297:65 | index expression | test.go:297:21:297:66 | call to SlicePad | provenance | MaD:268 | | test.go:298:21:298:66 | call to SlicePad | test.go:298:21:298:102 | selection of Filename | provenance | | -| test.go:298:36:298:47 | genericFiles | test.go:298:21:298:66 | call to SlicePad | provenance | MaD:270 | +| test.go:298:36:298:47 | genericFiles | test.go:298:21:298:66 | call to SlicePad | provenance | MaD:268 | | test.go:299:21:299:49 | call to SliceRand | test.go:299:21:299:82 | selection of Filename | provenance | | -| test.go:299:37:299:48 | genericFiles | test.go:299:21:299:49 | call to SliceRand | provenance | MaD:271 | +| test.go:299:37:299:48 | genericFiles | test.go:299:21:299:49 | call to SliceRand | provenance | MaD:269 | | test.go:301:21:301:97 | call to SliceReduce | test.go:301:21:301:133 | selection of Filename | provenance | | -| test.go:301:39:301:50 | genericFiles | test.go:301:21:301:97 | call to SliceReduce | provenance | MaD:272 | +| test.go:301:39:301:50 | genericFiles | test.go:301:21:301:97 | call to SliceReduce | provenance | MaD:270 | | test.go:302:21:302:52 | call to SliceShuffle | test.go:302:21:302:88 | selection of Filename | provenance | | -| test.go:302:40:302:51 | genericFiles | test.go:302:21:302:52 | call to SliceShuffle | provenance | MaD:273 | +| test.go:302:40:302:51 | genericFiles | test.go:302:21:302:52 | call to SliceShuffle | provenance | MaD:271 | | test.go:303:21:303:51 | call to SliceUnique | test.go:303:21:303:87 | selection of Filename | provenance | | -| test.go:303:39:303:50 | genericFiles | test.go:303:21:303:51 | call to SliceUnique | provenance | MaD:274 | +| test.go:303:39:303:50 | genericFiles | test.go:303:21:303:51 | call to SliceUnique | provenance | MaD:272 | | test.go:308:2:308:5 | definition of bMap | test.go:311:21:311:24 | bMap | provenance | | | test.go:308:2:308:5 | definition of bMap | test.go:312:21:312:24 | bMap | provenance | | | test.go:309:15:309:36 | call to GetString | test.go:310:22:310:30 | untrusted | provenance | | -| test.go:310:22:310:30 | untrusted | test.go:308:2:308:5 | definition of bMap | provenance | MaD:277 | -| test.go:311:21:311:24 | bMap | test.go:311:21:311:39 | call to Get | provenance | MaD:275 | +| test.go:310:22:310:30 | untrusted | test.go:308:2:308:5 | definition of bMap | provenance | MaD:275 | +| test.go:311:21:311:24 | bMap | test.go:311:21:311:39 | call to Get | provenance | MaD:273 | | test.go:311:21:311:39 | call to Get | test.go:311:21:311:48 | type assertion | provenance | | -| test.go:312:21:312:24 | bMap | test.go:312:21:312:32 | call to Items | provenance | MaD:276 | +| test.go:312:21:312:24 | bMap | test.go:312:21:312:32 | call to Items | provenance | MaD:274 | | test.go:312:21:312:32 | call to Items | test.go:312:21:312:52 | type assertion | provenance | | nodes | test.go:33:6:33:10 | definition of bound | semmle.label | definition of bound | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected index 1af201139353..05e9c6032760 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected @@ -2,7 +2,7 @@ edges | test.go:215:15:215:26 | call to Data | test.go:216:18:216:26 | untrusted | provenance | | | test.go:215:15:215:26 | call to Data | test.go:217:10:217:18 | untrusted | provenance | | | test.go:215:15:215:26 | call to Data | test.go:218:35:218:43 | untrusted | provenance | | -| test.go:324:17:324:37 | selection of RequestBody | test.go:324:40:324:43 | &... | provenance | MaD:186 | +| test.go:324:17:324:37 | selection of RequestBody | test.go:324:40:324:43 | &... | provenance | MaD:184 | | test.go:324:40:324:43 | &... | test.go:326:35:326:43 | untrusted | provenance | | | test.go:332:15:332:26 | call to Data | test.go:334:23:334:31 | untrusted | provenance | | | test.go:340:15:340:26 | call to Data | test.go:342:53:342:61 | untrusted | provenance | | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected index c9ab87236c84..db36747266e2 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected @@ -1,36 +1,36 @@ edges -| test.go:10:15:10:41 | call to UserAgent | test.go:12:11:12:19 | untrusted | provenance | Src:MaD:676 | -| test.go:10:15:10:41 | call to UserAgent | test.go:13:23:13:31 | untrusted | provenance | Src:MaD:676 | -| test.go:10:15:10:41 | call to UserAgent | test.go:14:14:14:22 | untrusted | provenance | Src:MaD:676 | -| test.go:10:15:10:41 | call to UserAgent | test.go:15:26:15:34 | untrusted | provenance | Src:MaD:676 | -| test.go:10:15:10:41 | call to UserAgent | test.go:16:12:16:20 | untrusted | provenance | Src:MaD:676 | -| test.go:10:15:10:41 | call to UserAgent | test.go:17:24:17:32 | untrusted | provenance | Src:MaD:676 | -| test.go:10:15:10:41 | call to UserAgent | test.go:18:15:18:23 | untrusted | provenance | Src:MaD:676 | -| test.go:10:15:10:41 | call to UserAgent | test.go:19:27:19:35 | untrusted | provenance | Src:MaD:676 | -| test.go:24:15:24:41 | call to UserAgent | test.go:26:12:26:20 | untrusted | provenance | Src:MaD:676 | -| test.go:24:15:24:41 | call to UserAgent | test.go:27:10:27:18 | untrusted | provenance | Src:MaD:676 | -| test.go:24:15:24:41 | call to UserAgent | test.go:28:15:28:23 | untrusted | provenance | Src:MaD:676 | -| test.go:24:15:24:41 | call to UserAgent | test.go:29:14:29:22 | untrusted | provenance | Src:MaD:676 | -| test.go:24:15:24:41 | call to UserAgent | test.go:30:15:30:23 | untrusted | provenance | Src:MaD:676 | -| test.go:24:15:24:41 | call to UserAgent | test.go:31:8:31:16 | untrusted | provenance | Src:MaD:676 | -| test.go:24:15:24:41 | call to UserAgent | test.go:32:11:32:19 | untrusted | provenance | Src:MaD:676 | -| test.go:24:15:24:41 | call to UserAgent | test.go:33:9:33:17 | untrusted | provenance | Src:MaD:676 | -| test.go:24:15:24:41 | call to UserAgent | test.go:34:8:34:16 | untrusted | provenance | Src:MaD:676 | -| test.go:24:15:24:41 | call to UserAgent | test.go:35:8:35:16 | untrusted | provenance | Src:MaD:676 | -| test.go:24:15:24:41 | call to UserAgent | test.go:36:13:36:21 | untrusted | provenance | Src:MaD:676 | -| test.go:24:15:24:41 | call to UserAgent | test.go:37:13:37:21 | untrusted | provenance | Src:MaD:676 | -| test.go:24:15:24:41 | call to UserAgent | test.go:38:12:38:20 | untrusted | provenance | Src:MaD:676 | -| test.go:24:15:24:41 | call to UserAgent | test.go:39:12:39:20 | untrusted | provenance | Src:MaD:676 | -| test.go:24:15:24:41 | call to UserAgent | test.go:40:9:40:17 | untrusted | provenance | Src:MaD:676 | -| test.go:24:15:24:41 | call to UserAgent | test.go:41:12:41:20 | untrusted | provenance | Src:MaD:676 | -| test.go:24:15:24:41 | call to UserAgent | test.go:42:16:42:24 | untrusted | provenance | Src:MaD:676 | -| test.go:24:15:24:41 | call to UserAgent | test.go:42:27:42:35 | untrusted | provenance | Src:MaD:676 | -| test.go:24:15:24:41 | call to UserAgent | test.go:43:12:43:20 | untrusted | provenance | Src:MaD:676 | -| test.go:24:15:24:41 | call to UserAgent | test.go:44:14:44:22 | untrusted | provenance | Src:MaD:676 | -| test.go:24:15:24:41 | call to UserAgent | test.go:44:25:44:33 | untrusted | provenance | Src:MaD:676 | -| test.go:48:15:48:41 | call to UserAgent | test.go:49:12:49:20 | untrusted | provenance | Src:MaD:676 | -| test.go:54:15:54:41 | call to UserAgent | test.go:56:31:56:39 | untrusted | provenance | Src:MaD:676 | -| test.go:60:15:60:41 | call to UserAgent | test.go:62:19:62:27 | untrusted | provenance | Src:MaD:676 | +| test.go:10:15:10:41 | call to UserAgent | test.go:12:11:12:19 | untrusted | provenance | Src:MaD:674 | +| test.go:10:15:10:41 | call to UserAgent | test.go:13:23:13:31 | untrusted | provenance | Src:MaD:674 | +| test.go:10:15:10:41 | call to UserAgent | test.go:14:14:14:22 | untrusted | provenance | Src:MaD:674 | +| test.go:10:15:10:41 | call to UserAgent | test.go:15:26:15:34 | untrusted | provenance | Src:MaD:674 | +| test.go:10:15:10:41 | call to UserAgent | test.go:16:12:16:20 | untrusted | provenance | Src:MaD:674 | +| test.go:10:15:10:41 | call to UserAgent | test.go:17:24:17:32 | untrusted | provenance | Src:MaD:674 | +| test.go:10:15:10:41 | call to UserAgent | test.go:18:15:18:23 | untrusted | provenance | Src:MaD:674 | +| test.go:10:15:10:41 | call to UserAgent | test.go:19:27:19:35 | untrusted | provenance | Src:MaD:674 | +| test.go:24:15:24:41 | call to UserAgent | test.go:26:12:26:20 | untrusted | provenance | Src:MaD:674 | +| test.go:24:15:24:41 | call to UserAgent | test.go:27:10:27:18 | untrusted | provenance | Src:MaD:674 | +| test.go:24:15:24:41 | call to UserAgent | test.go:28:15:28:23 | untrusted | provenance | Src:MaD:674 | +| test.go:24:15:24:41 | call to UserAgent | test.go:29:14:29:22 | untrusted | provenance | Src:MaD:674 | +| test.go:24:15:24:41 | call to UserAgent | test.go:30:15:30:23 | untrusted | provenance | Src:MaD:674 | +| test.go:24:15:24:41 | call to UserAgent | test.go:31:8:31:16 | untrusted | provenance | Src:MaD:674 | +| test.go:24:15:24:41 | call to UserAgent | test.go:32:11:32:19 | untrusted | provenance | Src:MaD:674 | +| test.go:24:15:24:41 | call to UserAgent | test.go:33:9:33:17 | untrusted | provenance | Src:MaD:674 | +| test.go:24:15:24:41 | call to UserAgent | test.go:34:8:34:16 | untrusted | provenance | Src:MaD:674 | +| test.go:24:15:24:41 | call to UserAgent | test.go:35:8:35:16 | untrusted | provenance | Src:MaD:674 | +| test.go:24:15:24:41 | call to UserAgent | test.go:36:13:36:21 | untrusted | provenance | Src:MaD:674 | +| test.go:24:15:24:41 | call to UserAgent | test.go:37:13:37:21 | untrusted | provenance | Src:MaD:674 | +| test.go:24:15:24:41 | call to UserAgent | test.go:38:12:38:20 | untrusted | provenance | Src:MaD:674 | +| test.go:24:15:24:41 | call to UserAgent | test.go:39:12:39:20 | untrusted | provenance | Src:MaD:674 | +| test.go:24:15:24:41 | call to UserAgent | test.go:40:9:40:17 | untrusted | provenance | Src:MaD:674 | +| test.go:24:15:24:41 | call to UserAgent | test.go:41:12:41:20 | untrusted | provenance | Src:MaD:674 | +| test.go:24:15:24:41 | call to UserAgent | test.go:42:16:42:24 | untrusted | provenance | Src:MaD:674 | +| test.go:24:15:24:41 | call to UserAgent | test.go:42:27:42:35 | untrusted | provenance | Src:MaD:674 | +| test.go:24:15:24:41 | call to UserAgent | test.go:43:12:43:20 | untrusted | provenance | Src:MaD:674 | +| test.go:24:15:24:41 | call to UserAgent | test.go:44:14:44:22 | untrusted | provenance | Src:MaD:674 | +| test.go:24:15:24:41 | call to UserAgent | test.go:44:25:44:33 | untrusted | provenance | Src:MaD:674 | +| test.go:48:15:48:41 | call to UserAgent | test.go:49:12:49:20 | untrusted | provenance | Src:MaD:674 | +| test.go:54:15:54:41 | call to UserAgent | test.go:56:31:56:39 | untrusted | provenance | Src:MaD:674 | +| test.go:60:15:60:41 | call to UserAgent | test.go:62:19:62:27 | untrusted | provenance | Src:MaD:674 | nodes | test.go:10:15:10:41 | call to UserAgent | semmle.label | call to UserAgent | | test.go:12:11:12:19 | untrusted | semmle.label | untrusted | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected index 1349a437811f..b0917d9bc3a8 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected @@ -8,28 +8,28 @@ edges | test.go:51:2:51:30 | ... := ...[0] | test.go:52:16:52:37 | index expression | provenance | | | test.go:57:2:57:46 | ... := ...[0] | test.go:58:13:58:22 | fileHeader | provenance | | | test.go:58:2:58:29 | ... := ...[0] | test.go:60:2:60:5 | file | provenance | | -| test.go:58:13:58:22 | fileHeader | test.go:58:2:58:29 | ... := ...[0] | provenance | MaD:629 | +| test.go:58:13:58:22 | fileHeader | test.go:58:2:58:29 | ... := ...[0] | provenance | MaD:627 | | test.go:59:2:59:7 | definition of buffer | test.go:61:20:61:25 | buffer | provenance | | -| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | provenance | MaD:555 | +| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | provenance | MaD:553 | | test.go:66:2:66:31 | ... := ...[0] | test.go:67:16:67:41 | index expression | provenance | | | test.go:72:2:72:31 | ... := ...[0] | test.go:74:13:74:22 | fileHeader | provenance | | | test.go:74:2:74:29 | ... := ...[0] | test.go:76:2:76:5 | file | provenance | | -| test.go:74:13:74:22 | fileHeader | test.go:74:2:74:29 | ... := ...[0] | provenance | MaD:629 | +| test.go:74:13:74:22 | fileHeader | test.go:74:2:74:29 | ... := ...[0] | provenance | MaD:627 | | test.go:75:2:75:7 | definition of buffer | test.go:77:20:77:25 | buffer | provenance | | -| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | provenance | MaD:555 | +| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | provenance | MaD:553 | | test.go:82:2:82:32 | ... := ...[0] | test.go:83:16:83:24 | selection of Value | provenance | | | test.go:88:13:88:25 | call to Cookies | test.go:89:16:89:31 | selection of Value | provenance | | | test.go:99:11:99:15 | &... | test.go:100:16:100:21 | selection of s | provenance | | | test.go:112:17:112:19 | definition of ctx | test.go:114:16:114:18 | ctx | provenance | | -| test.go:113:21:113:42 | call to Param | test.go:112:17:112:19 | definition of ctx | provenance | MaD:360 | -| test.go:114:16:114:18 | ctx | test.go:114:16:114:33 | call to Get | provenance | MaD:359 | +| test.go:113:21:113:42 | call to Param | test.go:112:17:112:19 | definition of ctx | provenance | MaD:358 | +| test.go:114:16:114:18 | ctx | test.go:114:16:114:33 | call to Get | provenance | MaD:357 | | test.go:114:16:114:33 | call to Get | test.go:114:16:114:42 | type assertion | provenance | | | test.go:124:11:124:32 | call to Param | test.go:125:16:125:20 | param | provenance | | | test.go:130:11:130:32 | call to Param | test.go:131:20:131:32 | type conversion | provenance | | | test.go:136:11:136:32 | call to Param | test.go:137:29:137:41 | type conversion | provenance | | | test.go:148:11:148:32 | call to Param | test.go:149:30:149:34 | param | provenance | | | test.go:149:12:149:35 | call to NewReader | test.go:150:31:150:36 | reader | provenance | | -| test.go:149:30:149:34 | param | test.go:149:12:149:35 | call to NewReader | provenance | MaD:838 | +| test.go:149:30:149:34 | param | test.go:149:12:149:35 | call to NewReader | provenance | MaD:836 | | test.go:164:11:164:32 | call to Param | test.go:165:23:165:35 | type conversion | provenance | | nodes | test.go:15:11:15:32 | call to Param | semmle.label | call to Param | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected b/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected index 7cecb3afae45..4bb254ce89d3 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected @@ -3,13 +3,13 @@ edges | jsoniter.go:23:20:23:38 | call to getUntrustedBytes | jsoniter.go:31:21:31:34 | untrustedInput | provenance | | | jsoniter.go:24:21:24:40 | call to getUntrustedString | jsoniter.go:35:27:35:41 | untrustedString | provenance | | | jsoniter.go:24:21:24:40 | call to getUntrustedString | jsoniter.go:39:31:39:45 | untrustedString | provenance | | -| jsoniter.go:27:17:27:30 | untrustedInput | jsoniter.go:27:33:27:37 | &... | provenance | MaD:351 | +| jsoniter.go:27:17:27:30 | untrustedInput | jsoniter.go:27:33:27:37 | &... | provenance | MaD:349 | | jsoniter.go:27:33:27:37 | &... | jsoniter.go:28:15:28:24 | selection of field | provenance | | -| jsoniter.go:31:21:31:34 | untrustedInput | jsoniter.go:31:37:31:42 | &... | provenance | MaD:349 | +| jsoniter.go:31:21:31:34 | untrustedInput | jsoniter.go:31:37:31:42 | &... | provenance | MaD:347 | | jsoniter.go:31:37:31:42 | &... | jsoniter.go:32:15:32:25 | selection of field | provenance | | -| jsoniter.go:35:27:35:41 | untrustedString | jsoniter.go:35:44:35:49 | &... | provenance | MaD:352 | +| jsoniter.go:35:27:35:41 | untrustedString | jsoniter.go:35:44:35:49 | &... | provenance | MaD:350 | | jsoniter.go:35:44:35:49 | &... | jsoniter.go:36:15:36:25 | selection of field | provenance | | -| jsoniter.go:39:31:39:45 | untrustedString | jsoniter.go:39:48:39:53 | &... | provenance | MaD:350 | +| jsoniter.go:39:31:39:45 | untrustedString | jsoniter.go:39:48:39:53 | &... | provenance | MaD:348 | | jsoniter.go:39:48:39:53 | &... | jsoniter.go:40:15:40:25 | selection of field | provenance | | nodes | jsoniter.go:23:20:23:38 | call to getUntrustedBytes | semmle.label | call to getUntrustedBytes | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected index 1ade29520c0f..3920d50cdc43 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected @@ -1,10 +1,10 @@ edges | EndToEnd.go:35:2:35:4 | definition of buf | EndToEnd.go:37:24:37:26 | buf | provenance | | | EndToEnd.go:36:18:36:25 | selection of Params | EndToEnd.go:36:18:36:30 | selection of Form | provenance | | -| EndToEnd.go:36:18:36:30 | selection of Form | EndToEnd.go:36:18:36:47 | call to Get | provenance | MaD:744 | -| EndToEnd.go:36:18:36:47 | call to Get | EndToEnd.go:35:2:35:4 | definition of buf | provenance | MaD:558 | +| EndToEnd.go:36:18:36:30 | selection of Form | EndToEnd.go:36:18:36:47 | call to Get | provenance | MaD:742 | +| EndToEnd.go:36:18:36:47 | call to Get | EndToEnd.go:35:2:35:4 | definition of buf | provenance | MaD:556 | | EndToEnd.go:69:22:69:29 | selection of Params | EndToEnd.go:69:22:69:34 | selection of Form | provenance | | -| EndToEnd.go:69:22:69:34 | selection of Form | EndToEnd.go:69:22:69:51 | call to Get | provenance | MaD:744 | +| EndToEnd.go:69:22:69:34 | selection of Form | EndToEnd.go:69:22:69:51 | call to Get | provenance | MaD:742 | | Revel.go:70:22:70:29 | selection of Params | Revel.go:70:22:70:35 | selection of Query | provenance | | | examples/booking/app/init.go:36:44:36:48 | selection of URL | examples/booking/app/init.go:36:44:36:53 | selection of Path | provenance | | | examples/booking/app/init.go:40:49:40:53 | selection of URL | examples/booking/app/init.go:40:49:40:58 | selection of Path | provenance | | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected index 61c37af821c8..fbe76bc2f917 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected @@ -1,8 +1,8 @@ edges | EndToEnd.go:58:18:58:25 | selection of Params | EndToEnd.go:58:18:58:30 | selection of Form | provenance | | -| EndToEnd.go:58:18:58:30 | selection of Form | EndToEnd.go:58:18:58:47 | call to Get | provenance | MaD:744 | +| EndToEnd.go:58:18:58:30 | selection of Form | EndToEnd.go:58:18:58:47 | call to Get | provenance | MaD:742 | | EndToEnd.go:64:26:64:33 | selection of Params | EndToEnd.go:64:26:64:38 | selection of Form | provenance | | -| EndToEnd.go:64:26:64:38 | selection of Form | EndToEnd.go:64:26:64:55 | call to Get | provenance | MaD:744 | +| EndToEnd.go:64:26:64:38 | selection of Form | EndToEnd.go:64:26:64:55 | call to Get | provenance | MaD:742 | nodes | EndToEnd.go:58:18:58:25 | selection of Params | semmle.label | selection of Params | | EndToEnd.go:58:18:58:30 | selection of Form | semmle.label | selection of Form | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected b/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected index 5e01fbbbc1a4..842a80368497 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected @@ -6,9 +6,9 @@ edges | rpc/notes/service.twirp.go:493:2:493:2 | capture variable reqContent | rpc/notes/service.twirp.go:495:35:495:44 | reqContent | provenance | | | rpc/notes/service.twirp.go:495:35:495:44 | reqContent | server/main.go:19:56:19:61 | definition of params | provenance | | | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | rpc/notes/service.twirp.go:544:27:544:29 | buf | provenance | | -| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | provenance | MaD:549 | +| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | provenance | MaD:547 | | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | rpc/notes/service.twirp.go:574:2:574:2 | capture variable reqContent | provenance | | -| rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | provenance | MaD:434 | +| rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | provenance | MaD:432 | | rpc/notes/service.twirp.go:554:6:554:13 | definition of typedReq | rpc/notes/service.twirp.go:558:44:558:51 | typedReq | provenance | | | rpc/notes/service.twirp.go:558:44:558:51 | typedReq | server/main.go:19:56:19:61 | definition of params | provenance | | | rpc/notes/service.twirp.go:574:2:574:2 | capture variable reqContent | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | provenance | | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected index 5198d2c30437..18ebd92b0986 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected @@ -1,40 +1,40 @@ edges -| test.go:12:12:12:22 | selection of URL | test.go:12:12:12:30 | call to Query | provenance | MaD:737 | -| test.go:12:12:12:30 | call to Query | test.go:12:12:12:44 | call to Get | provenance | MaD:744 | +| test.go:12:12:12:22 | selection of URL | test.go:12:12:12:30 | call to Query | provenance | MaD:735 | +| test.go:12:12:12:30 | call to Query | test.go:12:12:12:44 | call to Get | provenance | MaD:742 | | test.go:12:12:12:44 | call to Get | test.go:15:42:15:47 | param1 | provenance | | | test.go:15:22:15:48 | call to UnescapeString | test.go:15:15:15:49 | type conversion | provenance | | -| test.go:15:42:15:47 | param1 | test.go:15:22:15:48 | call to UnescapeString | provenance | MaD:416 | +| test.go:15:42:15:47 | param1 | test.go:15:22:15:48 | call to UnescapeString | provenance | MaD:414 | | test.go:17:2:17:36 | ... := ...[0] | test.go:18:15:18:31 | type conversion | provenance | | | test.go:17:2:17:36 | ... := ...[0] | test.go:29:22:29:25 | node | provenance | | -| test.go:17:24:17:35 | selection of Body | test.go:17:2:17:36 | ... := ...[0] | provenance | MaD:411 | +| test.go:17:24:17:35 | selection of Body | test.go:17:2:17:36 | ... := ...[0] | provenance | MaD:409 | | test.go:20:2:20:48 | ... := ...[0] | test.go:21:15:21:32 | type conversion | provenance | | -| test.go:20:36:20:47 | selection of Body | test.go:20:2:20:48 | ... := ...[0] | provenance | MaD:414 | +| test.go:20:36:20:47 | selection of Body | test.go:20:2:20:48 | ... := ...[0] | provenance | MaD:412 | | test.go:23:2:23:50 | ... := ...[0] | test.go:24:15:24:35 | type conversion | provenance | | -| test.go:23:33:23:44 | selection of Body | test.go:23:2:23:50 | ... := ...[0] | provenance | MaD:412 | +| test.go:23:33:23:44 | selection of Body | test.go:23:2:23:50 | ... := ...[0] | provenance | MaD:410 | | test.go:26:2:26:62 | ... := ...[0] | test.go:27:15:27:36 | type conversion | provenance | | -| test.go:26:45:26:56 | selection of Body | test.go:26:2:26:62 | ... := ...[0] | provenance | MaD:413 | +| test.go:26:45:26:56 | selection of Body | test.go:26:2:26:62 | ... := ...[0] | provenance | MaD:411 | | test.go:31:15:31:45 | call to NewTokenizer | test.go:32:15:32:23 | tokenizer | provenance | | | test.go:31:15:31:45 | call to NewTokenizer | test.go:33:15:33:23 | tokenizer | provenance | | | test.go:31:15:31:45 | call to NewTokenizer | test.go:34:17:34:25 | tokenizer | provenance | | | test.go:31:15:31:45 | call to NewTokenizer | test.go:36:15:36:23 | tokenizer | provenance | | | test.go:31:15:31:45 | call to NewTokenizer | test.go:37:22:37:30 | tokenizer | provenance | | -| test.go:31:33:31:44 | selection of Body | test.go:31:15:31:45 | call to NewTokenizer | provenance | MaD:409 | -| test.go:32:15:32:23 | tokenizer | test.go:32:15:32:34 | call to Buffered | provenance | MaD:419 | -| test.go:33:15:33:23 | tokenizer | test.go:33:15:33:29 | call to Raw | provenance | MaD:420 | +| test.go:31:33:31:44 | selection of Body | test.go:31:15:31:45 | call to NewTokenizer | provenance | MaD:407 | +| test.go:32:15:32:23 | tokenizer | test.go:32:15:32:34 | call to Buffered | provenance | MaD:417 | +| test.go:33:15:33:23 | tokenizer | test.go:33:15:33:29 | call to Raw | provenance | MaD:418 | | test.go:34:2:34:35 | ... := ...[1] | test.go:35:15:35:19 | value | provenance | | -| test.go:34:17:34:25 | tokenizer | test.go:34:2:34:35 | ... := ...[1] | provenance | MaD:421 | -| test.go:36:15:36:23 | tokenizer | test.go:36:15:36:30 | call to Text | provenance | MaD:422 | -| test.go:37:22:37:30 | tokenizer | test.go:37:22:37:38 | call to Token | provenance | MaD:423 | +| test.go:34:17:34:25 | tokenizer | test.go:34:2:34:35 | ... := ...[1] | provenance | MaD:419 | +| test.go:36:15:36:23 | tokenizer | test.go:36:15:36:30 | call to Text | provenance | MaD:420 | +| test.go:37:22:37:30 | tokenizer | test.go:37:22:37:38 | call to Token | provenance | MaD:421 | | test.go:37:22:37:38 | call to Token | test.go:37:15:37:44 | type conversion | provenance | | | test.go:39:23:39:77 | call to NewTokenizerFragment | test.go:40:15:40:31 | tokenizerFragment | provenance | | -| test.go:39:49:39:60 | selection of Body | test.go:39:23:39:77 | call to NewTokenizerFragment | provenance | MaD:410 | -| test.go:40:15:40:31 | tokenizerFragment | test.go:40:15:40:42 | call to Buffered | provenance | MaD:419 | +| test.go:39:49:39:60 | selection of Body | test.go:39:23:39:77 | call to NewTokenizerFragment | provenance | MaD:408 | +| test.go:40:15:40:31 | tokenizerFragment | test.go:40:15:40:42 | call to Buffered | provenance | MaD:417 | | test.go:42:6:42:14 | definition of cleanNode | test.go:45:22:45:31 | &... | provenance | | | test.go:42:6:42:14 | definition of cleanNode | test.go:45:22:45:31 | &... | provenance | | | test.go:42:6:42:14 | definition of cleanNode | test.go:45:23:45:31 | cleanNode | provenance | | | test.go:43:2:43:43 | ... := ...[0] | test.go:44:24:44:34 | taintedNode | provenance | | -| test.go:43:31:43:42 | selection of Body | test.go:43:2:43:43 | ... := ...[0] | provenance | MaD:411 | -| test.go:44:24:44:34 | taintedNode | test.go:42:6:42:14 | definition of cleanNode | provenance | MaD:417 | +| test.go:43:31:43:42 | selection of Body | test.go:43:2:43:43 | ... := ...[0] | provenance | MaD:409 | +| test.go:44:24:44:34 | taintedNode | test.go:42:6:42:14 | definition of cleanNode | provenance | MaD:415 | | test.go:45:22:45:31 | &... | test.go:45:22:45:31 | &... | provenance | | | test.go:45:22:45:31 | &... | test.go:45:22:45:31 | &... | provenance | | | test.go:45:22:45:31 | &... | test.go:45:23:45:31 | cleanNode | provenance | | @@ -46,8 +46,8 @@ edges | test.go:47:6:47:15 | definition of cleanNode2 | test.go:50:22:50:32 | &... | provenance | | | test.go:47:6:47:15 | definition of cleanNode2 | test.go:50:23:50:32 | cleanNode2 | provenance | | | test.go:48:2:48:44 | ... := ...[0] | test.go:49:26:49:37 | taintedNode2 | provenance | | -| test.go:48:32:48:43 | selection of Body | test.go:48:2:48:44 | ... := ...[0] | provenance | MaD:411 | -| test.go:49:26:49:37 | taintedNode2 | test.go:47:6:47:15 | definition of cleanNode2 | provenance | MaD:418 | +| test.go:48:32:48:43 | selection of Body | test.go:48:2:48:44 | ... := ...[0] | provenance | MaD:409 | +| test.go:49:26:49:37 | taintedNode2 | test.go:47:6:47:15 | definition of cleanNode2 | provenance | MaD:416 | | test.go:50:22:50:32 | &... | test.go:50:22:50:32 | &... | provenance | | | test.go:50:22:50:32 | &... | test.go:50:22:50:32 | &... | provenance | | | test.go:50:22:50:32 | &... | test.go:50:23:50:32 | cleanNode2 | provenance | | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/SqlInjection.expected b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/SqlInjection.expected index 58ea540ced5a..8c709e5b98cf 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/SqlInjection.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/SqlInjection.expected @@ -1,6 +1,6 @@ edges -| test.go:56:2:56:42 | ... := ...[0] | test.go:57:29:57:40 | selection of Value | provenance | Src:MaD:669 | -| test.go:57:29:57:40 | selection of Value | test.go:57:11:57:41 | call to EscapeString | provenance | MaD:408 | +| test.go:56:2:56:42 | ... := ...[0] | test.go:57:29:57:40 | selection of Value | provenance | Src:MaD:667 | +| test.go:57:29:57:40 | selection of Value | test.go:57:11:57:41 | call to EscapeString | provenance | MaD:406 | nodes | test.go:56:2:56:42 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:57:11:57:41 | call to EscapeString | semmle.label | call to EscapeString | diff --git a/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected b/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected index e94725e71d8e..a14903d578fb 100644 --- a/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected +++ b/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected @@ -1,10 +1,10 @@ edges -| TaintedPath.go:14:18:14:22 | selection of URL | TaintedPath.go:14:18:14:30 | call to Query | provenance | MaD:737 | +| TaintedPath.go:14:18:14:22 | selection of URL | TaintedPath.go:14:18:14:30 | call to Query | provenance | MaD:735 | | TaintedPath.go:14:18:14:30 | call to Query | TaintedPath.go:17:29:17:40 | tainted_path | provenance | | | TaintedPath.go:14:18:14:30 | call to Query | TaintedPath.go:21:57:21:68 | tainted_path | provenance | | | TaintedPath.go:14:18:14:30 | call to Query | TaintedPath.go:68:39:68:56 | ...+... | provenance | | | TaintedPath.go:21:57:21:68 | tainted_path | TaintedPath.go:21:28:21:69 | call to Join | provenance | FunctionModel | -| TaintedPath.go:68:39:68:56 | ...+... | TaintedPath.go:68:28:68:57 | call to Clean | provenance | MaD:763 | +| TaintedPath.go:68:39:68:56 | ...+... | TaintedPath.go:68:28:68:57 | call to Clean | provenance | MaD:761 | nodes | TaintedPath.go:14:18:14:22 | selection of URL | semmle.label | selection of URL | | TaintedPath.go:14:18:14:30 | call to Query | semmle.label | call to Query | diff --git a/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected b/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected index 9b3e8dfe15c3..3e46b5727ccd 100644 --- a/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected +++ b/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected @@ -7,9 +7,9 @@ edges | UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate | provenance | | | ZipSlip.go:11:2:15:2 | range statement[1] | ZipSlip.go:12:24:12:29 | selection of Name | provenance | | | ZipSlip.go:12:3:12:30 | ... := ...[0] | ZipSlip.go:14:20:14:20 | p | provenance | | -| ZipSlip.go:12:24:12:29 | selection of Name | ZipSlip.go:12:3:12:30 | ... := ...[0] | provenance | MaD:749 | +| ZipSlip.go:12:24:12:29 | selection of Name | ZipSlip.go:12:3:12:30 | ... := ...[0] | provenance | MaD:747 | | tarslip.go:15:2:15:30 | ... := ...[0] | tarslip.go:16:23:16:33 | selection of Name | provenance | | -| tarslip.go:16:23:16:33 | selection of Name | tarslip.go:16:14:16:34 | call to Dir | provenance | MaD:764 | +| tarslip.go:16:23:16:33 | selection of Name | tarslip.go:16:14:16:34 | call to Dir | provenance | MaD:762 | | tst.go:23:2:43:2 | range statement[1] | tst.go:29:20:29:23 | path | provenance | | nodes | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate | semmle.label | definition of candidate | diff --git a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected index 652a6790f3a1..77b37a3db7b6 100644 --- a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected @@ -1,15 +1,15 @@ edges -| ArgumentInjection.go:9:10:9:16 | selection of URL | ArgumentInjection.go:9:10:9:24 | call to Query | provenance | MaD:737 | +| ArgumentInjection.go:9:10:9:16 | selection of URL | ArgumentInjection.go:9:10:9:24 | call to Query | provenance | MaD:735 | | ArgumentInjection.go:9:10:9:24 | call to Query | ArgumentInjection.go:10:31:10:34 | path | provenance | | -| CommandInjection.go:9:13:9:19 | selection of URL | CommandInjection.go:9:13:9:27 | call to Query | provenance | MaD:737 | +| CommandInjection.go:9:13:9:19 | selection of URL | CommandInjection.go:9:13:9:27 | call to Query | provenance | MaD:735 | | CommandInjection.go:9:13:9:27 | call to Query | CommandInjection.go:10:22:10:28 | cmdName | provenance | | -| GitSubcommands.go:10:13:10:19 | selection of URL | GitSubcommands.go:10:13:10:27 | call to Query | provenance | MaD:737 | +| GitSubcommands.go:10:13:10:19 | selection of URL | GitSubcommands.go:10:13:10:27 | call to Query | provenance | MaD:735 | | GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:12:31:12:37 | tainted | provenance | | | GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:13:31:13:37 | tainted | provenance | | | GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:14:30:14:36 | tainted | provenance | | | GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:15:35:15:41 | tainted | provenance | | | GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:16:36:16:42 | tainted | provenance | | -| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:9:13:9:27 | call to Query | provenance | MaD:737 | +| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:9:13:9:27 | call to Query | provenance | MaD:735 | | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:13:25:13:31 | tainted | provenance | | | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance | | | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:39:31:39:37 | tainted | provenance | | @@ -39,7 +39,7 @@ edges | SanitizingDoubleDash.go:69:14:69:35 | call to append [array] | SanitizingDoubleDash.go:70:23:70:30 | arrayLit | provenance | | | SanitizingDoubleDash.go:69:21:69:28 | arrayLit [array] | SanitizingDoubleDash.go:69:14:69:35 | call to append | provenance | MaD:28 | | SanitizingDoubleDash.go:69:21:69:28 | arrayLit [array] | SanitizingDoubleDash.go:69:14:69:35 | call to append [array] | provenance | MaD:28 | -| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:92:13:92:27 | call to Query | provenance | MaD:737 | +| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:92:13:92:27 | call to Query | provenance | MaD:735 | | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:95:25:95:31 | tainted | provenance | | | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:96:24:96:34 | slice expression | provenance | | | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:100:31:100:37 | tainted | provenance | | diff --git a/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected b/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected index 9940672f7556..a691cc4e456d 100644 --- a/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected +++ b/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected @@ -1,45 +1,45 @@ edges -| ReflectedXss.go:11:15:11:20 | selection of Form | ReflectedXss.go:11:15:11:36 | call to Get | provenance | MaD:744 | +| ReflectedXss.go:11:15:11:20 | selection of Form | ReflectedXss.go:11:15:11:36 | call to Get | provenance | MaD:742 | | ReflectedXss.go:11:15:11:36 | call to Get | ReflectedXss.go:14:44:14:51 | username | provenance | | -| contenttype.go:11:11:11:16 | selection of Form | contenttype.go:11:11:11:28 | call to Get | provenance | MaD:744 | +| contenttype.go:11:11:11:16 | selection of Form | contenttype.go:11:11:11:28 | call to Get | provenance | MaD:742 | | contenttype.go:11:11:11:28 | call to Get | contenttype.go:17:11:17:22 | type conversion | provenance | | -| contenttype.go:49:11:49:16 | selection of Form | contenttype.go:49:11:49:28 | call to Get | provenance | MaD:744 | +| contenttype.go:49:11:49:16 | selection of Form | contenttype.go:49:11:49:28 | call to Get | provenance | MaD:742 | | contenttype.go:49:11:49:28 | call to Get | contenttype.go:53:34:53:37 | data | provenance | | -| contenttype.go:63:10:63:28 | call to FormValue | contenttype.go:64:52:64:55 | data | provenance | Src:MaD:672 | -| contenttype.go:73:10:73:28 | call to FormValue | contenttype.go:79:11:79:14 | data | provenance | Src:MaD:672 | -| contenttype.go:88:10:88:28 | call to FormValue | contenttype.go:91:4:91:7 | data | provenance | Src:MaD:672 | -| contenttype.go:113:10:113:28 | call to FormValue | contenttype.go:114:50:114:53 | data | provenance | Src:MaD:672 | -| reflectedxsstest.go:31:2:31:44 | ... := ...[0] | reflectedxsstest.go:32:34:32:37 | file | provenance | Src:MaD:671 | -| reflectedxsstest.go:31:2:31:44 | ... := ...[1] | reflectedxsstest.go:34:46:34:60 | selection of Filename | provenance | Src:MaD:671 | +| contenttype.go:63:10:63:28 | call to FormValue | contenttype.go:64:52:64:55 | data | provenance | Src:MaD:670 | +| contenttype.go:73:10:73:28 | call to FormValue | contenttype.go:79:11:79:14 | data | provenance | Src:MaD:670 | +| contenttype.go:88:10:88:28 | call to FormValue | contenttype.go:91:4:91:7 | data | provenance | Src:MaD:670 | +| contenttype.go:113:10:113:28 | call to FormValue | contenttype.go:114:50:114:53 | data | provenance | Src:MaD:670 | +| reflectedxsstest.go:31:2:31:44 | ... := ...[0] | reflectedxsstest.go:32:34:32:37 | file | provenance | Src:MaD:669 | +| reflectedxsstest.go:31:2:31:44 | ... := ...[1] | reflectedxsstest.go:34:46:34:60 | selection of Filename | provenance | Src:MaD:669 | | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | reflectedxsstest.go:33:49:33:55 | content | provenance | | -| reflectedxsstest.go:32:34:32:37 | file | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | provenance | MaD:542 | -| reflectedxsstest.go:33:17:33:56 | []type{args} [array] | reflectedxsstest.go:33:17:33:56 | call to Sprintf | provenance | MaD:247 | +| reflectedxsstest.go:32:34:32:37 | file | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | provenance | MaD:540 | +| reflectedxsstest.go:33:17:33:56 | []type{args} [array] | reflectedxsstest.go:33:17:33:56 | call to Sprintf | provenance | MaD:245 | | reflectedxsstest.go:33:17:33:56 | call to Sprintf | reflectedxsstest.go:33:10:33:57 | type conversion | provenance | | | reflectedxsstest.go:33:49:33:55 | content | reflectedxsstest.go:33:17:33:56 | []type{args} [array] | provenance | | | reflectedxsstest.go:33:49:33:55 | content | reflectedxsstest.go:33:17:33:56 | call to Sprintf | provenance | FunctionModel | -| reflectedxsstest.go:34:17:34:61 | []type{args} [array] | reflectedxsstest.go:34:17:34:61 | call to Sprintf | provenance | MaD:247 | +| reflectedxsstest.go:34:17:34:61 | []type{args} [array] | reflectedxsstest.go:34:17:34:61 | call to Sprintf | provenance | MaD:245 | | reflectedxsstest.go:34:17:34:61 | call to Sprintf | reflectedxsstest.go:34:10:34:62 | type conversion | provenance | | | reflectedxsstest.go:34:46:34:60 | selection of Filename | reflectedxsstest.go:34:17:34:61 | []type{args} [array] | provenance | | | reflectedxsstest.go:34:46:34:60 | selection of Filename | reflectedxsstest.go:34:17:34:61 | call to Sprintf | provenance | FunctionModel | -| reflectedxsstest.go:38:2:38:35 | ... := ...[0] | reflectedxsstest.go:39:16:39:21 | reader | provenance | Src:MaD:673 | +| reflectedxsstest.go:38:2:38:35 | ... := ...[0] | reflectedxsstest.go:39:16:39:21 | reader | provenance | Src:MaD:671 | | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | reflectedxsstest.go:40:14:40:17 | part | provenance | | | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | reflectedxsstest.go:42:2:42:5 | part | provenance | | -| reflectedxsstest.go:39:16:39:21 | reader | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | provenance | MaD:632 | -| reflectedxsstest.go:40:14:40:17 | part | reflectedxsstest.go:40:14:40:28 | call to FileName | provenance | MaD:630 | +| reflectedxsstest.go:39:16:39:21 | reader | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | provenance | MaD:630 | +| reflectedxsstest.go:40:14:40:17 | part | reflectedxsstest.go:40:14:40:28 | call to FileName | provenance | MaD:628 | | reflectedxsstest.go:40:14:40:28 | call to FileName | reflectedxsstest.go:44:46:44:53 | partName | provenance | | | reflectedxsstest.go:41:2:41:10 | definition of byteSlice | reflectedxsstest.go:45:10:45:18 | byteSlice | provenance | | -| reflectedxsstest.go:42:2:42:5 | part | reflectedxsstest.go:41:2:41:10 | definition of byteSlice | provenance | MaD:555 | -| reflectedxsstest.go:44:17:44:54 | []type{args} [array] | reflectedxsstest.go:44:17:44:54 | call to Sprintf | provenance | MaD:247 | +| reflectedxsstest.go:42:2:42:5 | part | reflectedxsstest.go:41:2:41:10 | definition of byteSlice | provenance | MaD:553 | +| reflectedxsstest.go:44:17:44:54 | []type{args} [array] | reflectedxsstest.go:44:17:44:54 | call to Sprintf | provenance | MaD:245 | | reflectedxsstest.go:44:17:44:54 | call to Sprintf | reflectedxsstest.go:44:10:44:55 | type conversion | provenance | | | reflectedxsstest.go:44:46:44:53 | partName | reflectedxsstest.go:44:17:44:54 | []type{args} [array] | provenance | | | reflectedxsstest.go:44:46:44:53 | partName | reflectedxsstest.go:44:17:44:54 | call to Sprintf | provenance | FunctionModel | -| reflectedxsstest.go:51:14:51:18 | selection of URL | reflectedxsstest.go:51:14:51:26 | call to Query | provenance | MaD:737 | +| reflectedxsstest.go:51:14:51:18 | selection of URL | reflectedxsstest.go:51:14:51:26 | call to Query | provenance | MaD:735 | | reflectedxsstest.go:51:14:51:26 | call to Query | reflectedxsstest.go:54:11:54:21 | type conversion | provenance | | -| tst.go:14:15:14:20 | selection of Form | tst.go:14:15:14:36 | call to Get | provenance | MaD:744 | +| tst.go:14:15:14:20 | selection of Form | tst.go:14:15:14:36 | call to Get | provenance | MaD:742 | | tst.go:14:15:14:36 | call to Get | tst.go:18:32:18:32 | a | provenance | | | tst.go:18:19:18:38 | call to Join | tst.go:18:12:18:39 | type conversion | provenance | | -| tst.go:18:32:18:32 | a | tst.go:18:19:18:38 | call to Join | provenance | MaD:836 | -| tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:34 | call to Get | provenance | MaD:744 | +| tst.go:18:32:18:32 | a | tst.go:18:19:18:38 | call to Join | provenance | MaD:834 | +| tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:34 | call to Get | provenance | MaD:742 | | tst.go:48:14:48:34 | call to Get | tst.go:53:12:53:26 | type conversion | provenance | | | websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | provenance | | | websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | provenance | | diff --git a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected index 6d397ecc4f81..b2b8053c3ab9 100644 --- a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected @@ -1,50 +1,50 @@ edges -| SqlInjection.go:10:7:11:30 | []type{args} [array] | SqlInjection.go:10:7:11:30 | call to Sprintf | provenance | MaD:247 | +| SqlInjection.go:10:7:11:30 | []type{args} [array] | SqlInjection.go:10:7:11:30 | call to Sprintf | provenance | MaD:245 | | SqlInjection.go:10:7:11:30 | call to Sprintf | SqlInjection.go:12:11:12:11 | q | provenance | | -| SqlInjection.go:11:3:11:9 | selection of URL | SqlInjection.go:11:3:11:17 | call to Query | provenance | MaD:737 | +| SqlInjection.go:11:3:11:9 | selection of URL | SqlInjection.go:11:3:11:17 | call to Query | provenance | MaD:735 | | SqlInjection.go:11:3:11:17 | call to Query | SqlInjection.go:11:3:11:29 | index expression | provenance | | | SqlInjection.go:11:3:11:29 | index expression | SqlInjection.go:10:7:11:30 | []type{args} [array] | provenance | | | SqlInjection.go:11:3:11:29 | index expression | SqlInjection.go:10:7:11:30 | call to Sprintf | provenance | FunctionModel | | issue48.go:17:2:17:33 | ... := ...[0] | issue48.go:18:17:18:17 | b | provenance | | -| issue48.go:17:25:17:32 | selection of Body | issue48.go:17:2:17:33 | ... := ...[0] | provenance | MaD:542 | -| issue48.go:18:17:18:17 | b | issue48.go:18:20:18:39 | &... | provenance | MaD:186 | +| issue48.go:17:25:17:32 | selection of Body | issue48.go:17:2:17:33 | ... := ...[0] | provenance | MaD:540 | +| issue48.go:18:17:18:17 | b | issue48.go:18:20:18:39 | &... | provenance | MaD:184 | | issue48.go:18:20:18:39 | &... | issue48.go:21:3:21:33 | index expression | provenance | | -| issue48.go:20:8:21:34 | []type{args} [array] | issue48.go:20:8:21:34 | call to Sprintf | provenance | MaD:247 | +| issue48.go:20:8:21:34 | []type{args} [array] | issue48.go:20:8:21:34 | call to Sprintf | provenance | MaD:245 | | issue48.go:20:8:21:34 | call to Sprintf | issue48.go:22:11:22:12 | q3 | provenance | | | issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | []type{args} [array] | provenance | | | issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | call to Sprintf | provenance | FunctionModel | | issue48.go:27:2:27:34 | ... := ...[0] | issue48.go:28:17:28:18 | b2 | provenance | | -| issue48.go:27:26:27:33 | selection of Body | issue48.go:27:2:27:34 | ... := ...[0] | provenance | MaD:542 | -| issue48.go:28:17:28:18 | b2 | issue48.go:28:21:28:41 | &... | provenance | MaD:186 | +| issue48.go:27:26:27:33 | selection of Body | issue48.go:27:2:27:34 | ... := ...[0] | provenance | MaD:540 | +| issue48.go:28:17:28:18 | b2 | issue48.go:28:21:28:41 | &... | provenance | MaD:184 | | issue48.go:28:21:28:41 | &... | issue48.go:31:3:31:31 | selection of Category | provenance | | -| issue48.go:30:8:31:32 | []type{args} [array] | issue48.go:30:8:31:32 | call to Sprintf | provenance | MaD:247 | +| issue48.go:30:8:31:32 | []type{args} [array] | issue48.go:30:8:31:32 | call to Sprintf | provenance | MaD:245 | | issue48.go:30:8:31:32 | call to Sprintf | issue48.go:32:11:32:12 | q4 | provenance | | | issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | []type{args} [array] | provenance | | | issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | call to Sprintf | provenance | FunctionModel | -| issue48.go:37:17:37:50 | type conversion | issue48.go:37:53:37:73 | &... | provenance | MaD:186 | -| issue48.go:37:24:37:30 | selection of URL | issue48.go:37:24:37:38 | call to Query | provenance | MaD:737 | +| issue48.go:37:17:37:50 | type conversion | issue48.go:37:53:37:73 | &... | provenance | MaD:184 | +| issue48.go:37:24:37:30 | selection of URL | issue48.go:37:24:37:38 | call to Query | provenance | MaD:735 | | issue48.go:37:24:37:38 | call to Query | issue48.go:37:17:37:50 | type conversion | provenance | | | issue48.go:37:53:37:73 | &... | issue48.go:40:3:40:31 | selection of Category | provenance | | -| issue48.go:39:8:40:32 | []type{args} [array] | issue48.go:39:8:40:32 | call to Sprintf | provenance | MaD:247 | +| issue48.go:39:8:40:32 | []type{args} [array] | issue48.go:39:8:40:32 | call to Sprintf | provenance | MaD:245 | | issue48.go:39:8:40:32 | call to Sprintf | issue48.go:41:11:41:12 | q5 | provenance | | | issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | []type{args} [array] | provenance | | | issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | call to Sprintf | provenance | FunctionModel | | main.go:11:11:11:16 | selection of Form | main.go:11:11:11:28 | index expression | provenance | | -| main.go:15:11:15:84 | []type{args} [array] | main.go:15:11:15:84 | call to Sprintf | provenance | MaD:247 | -| main.go:15:63:15:67 | selection of URL | main.go:15:63:15:75 | call to Query | provenance | MaD:737 | +| main.go:15:11:15:84 | []type{args} [array] | main.go:15:11:15:84 | call to Sprintf | provenance | MaD:245 | +| main.go:15:63:15:67 | selection of URL | main.go:15:63:15:75 | call to Query | provenance | MaD:735 | | main.go:15:63:15:75 | call to Query | main.go:15:63:15:83 | index expression | provenance | | | main.go:15:63:15:83 | index expression | main.go:15:11:15:84 | []type{args} [array] | provenance | | | main.go:15:63:15:83 | index expression | main.go:15:11:15:84 | call to Sprintf | provenance | FunctionModel | -| main.go:16:11:16:85 | []type{args} [array] | main.go:16:11:16:85 | call to Sprintf | provenance | MaD:247 | -| main.go:16:63:16:70 | selection of Header | main.go:16:63:16:84 | call to Get | provenance | MaD:657 | +| main.go:16:11:16:85 | []type{args} [array] | main.go:16:11:16:85 | call to Sprintf | provenance | MaD:245 | +| main.go:16:63:16:70 | selection of Header | main.go:16:63:16:84 | call to Get | provenance | MaD:655 | | main.go:16:63:16:84 | call to Get | main.go:16:11:16:85 | []type{args} [array] | provenance | | | main.go:16:63:16:84 | call to Get | main.go:16:11:16:85 | call to Sprintf | provenance | FunctionModel | | main.go:28:17:31:2 | &... [pointer, Category] | main.go:34:3:34:13 | RequestData [pointer, Category] | provenance | | | main.go:28:18:31:2 | struct literal [Category] | main.go:28:17:31:2 | &... [pointer, Category] | provenance | | -| main.go:30:13:30:19 | selection of URL | main.go:30:13:30:27 | call to Query | provenance | MaD:737 | +| main.go:30:13:30:19 | selection of URL | main.go:30:13:30:27 | call to Query | provenance | MaD:735 | | main.go:30:13:30:27 | call to Query | main.go:30:13:30:39 | index expression | provenance | | | main.go:30:13:30:39 | index expression | main.go:28:18:31:2 | struct literal [Category] | provenance | | -| main.go:33:7:34:23 | []type{args} [array] | main.go:33:7:34:23 | call to Sprintf | provenance | MaD:247 | +| main.go:33:7:34:23 | []type{args} [array] | main.go:33:7:34:23 | call to Sprintf | provenance | MaD:245 | | main.go:33:7:34:23 | call to Sprintf | main.go:35:11:35:11 | q | provenance | | | main.go:34:3:34:13 | RequestData [pointer, Category] | main.go:34:3:34:13 | implicit dereference [Category] | provenance | | | main.go:34:3:34:13 | implicit dereference [Category] | main.go:34:3:34:22 | selection of Category | provenance | | @@ -54,10 +54,10 @@ edges | main.go:39:2:39:12 | definition of RequestData [pointer, Category] | main.go:43:3:43:13 | RequestData [pointer, Category] | provenance | | | main.go:40:2:40:12 | RequestData [pointer, Category] | main.go:40:2:40:12 | implicit dereference [Category] | provenance | | | main.go:40:2:40:12 | implicit dereference [Category] | main.go:39:2:39:12 | definition of RequestData [pointer, Category] | provenance | | -| main.go:40:25:40:31 | selection of URL | main.go:40:25:40:39 | call to Query | provenance | MaD:737 | +| main.go:40:25:40:31 | selection of URL | main.go:40:25:40:39 | call to Query | provenance | MaD:735 | | main.go:40:25:40:39 | call to Query | main.go:40:25:40:51 | index expression | provenance | | | main.go:40:25:40:51 | index expression | main.go:40:2:40:12 | implicit dereference [Category] | provenance | | -| main.go:42:7:43:23 | []type{args} [array] | main.go:42:7:43:23 | call to Sprintf | provenance | MaD:247 | +| main.go:42:7:43:23 | []type{args} [array] | main.go:42:7:43:23 | call to Sprintf | provenance | MaD:245 | | main.go:42:7:43:23 | call to Sprintf | main.go:44:11:44:11 | q | provenance | | | main.go:43:3:43:13 | RequestData [pointer, Category] | main.go:43:3:43:13 | implicit dereference [Category] | provenance | | | main.go:43:3:43:13 | implicit dereference [Category] | main.go:43:3:43:22 | selection of Category | provenance | | @@ -67,10 +67,10 @@ edges | main.go:48:2:48:12 | definition of RequestData [pointer, Category] | main.go:52:3:52:13 | RequestData [pointer, Category] | provenance | | | main.go:49:3:49:14 | star expression [Category] | main.go:48:2:48:12 | definition of RequestData [pointer, Category] | provenance | | | main.go:49:4:49:14 | RequestData [pointer, Category] | main.go:49:3:49:14 | star expression [Category] | provenance | | -| main.go:49:28:49:34 | selection of URL | main.go:49:28:49:42 | call to Query | provenance | MaD:737 | +| main.go:49:28:49:34 | selection of URL | main.go:49:28:49:42 | call to Query | provenance | MaD:735 | | main.go:49:28:49:42 | call to Query | main.go:49:28:49:54 | index expression | provenance | | | main.go:49:28:49:54 | index expression | main.go:49:3:49:14 | star expression [Category] | provenance | | -| main.go:51:7:52:23 | []type{args} [array] | main.go:51:7:52:23 | call to Sprintf | provenance | MaD:247 | +| main.go:51:7:52:23 | []type{args} [array] | main.go:51:7:52:23 | call to Sprintf | provenance | MaD:245 | | main.go:51:7:52:23 | call to Sprintf | main.go:53:11:53:11 | q | provenance | | | main.go:52:3:52:13 | RequestData [pointer, Category] | main.go:52:3:52:13 | implicit dereference [Category] | provenance | | | main.go:52:3:52:13 | implicit dereference [Category] | main.go:52:3:52:22 | selection of Category | provenance | | @@ -80,16 +80,16 @@ edges | main.go:57:2:57:12 | definition of RequestData [pointer, Category] | main.go:61:5:61:15 | RequestData [pointer, Category] | provenance | | | main.go:58:3:58:14 | star expression [Category] | main.go:57:2:57:12 | definition of RequestData [pointer, Category] | provenance | | | main.go:58:4:58:14 | RequestData [pointer, Category] | main.go:58:3:58:14 | star expression [Category] | provenance | | -| main.go:58:28:58:34 | selection of URL | main.go:58:28:58:42 | call to Query | provenance | MaD:737 | +| main.go:58:28:58:34 | selection of URL | main.go:58:28:58:42 | call to Query | provenance | MaD:735 | | main.go:58:28:58:42 | call to Query | main.go:58:28:58:54 | index expression | provenance | | | main.go:58:28:58:54 | index expression | main.go:58:3:58:14 | star expression [Category] | provenance | | -| main.go:60:7:61:26 | []type{args} [array] | main.go:60:7:61:26 | call to Sprintf | provenance | MaD:247 | +| main.go:60:7:61:26 | []type{args} [array] | main.go:60:7:61:26 | call to Sprintf | provenance | MaD:245 | | main.go:60:7:61:26 | call to Sprintf | main.go:62:11:62:11 | q | provenance | | | main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | []type{args} [array] | provenance | | | main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | call to Sprintf | provenance | FunctionModel | | main.go:61:4:61:15 | star expression [Category] | main.go:61:3:61:25 | selection of Category | provenance | | | main.go:61:5:61:15 | RequestData [pointer, Category] | main.go:61:4:61:15 | star expression [Category] | provenance | | -| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:42:28:42:41 | untrustedInput | provenance | Src:MaD:675 | +| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:42:28:42:41 | untrustedInput | provenance | Src:MaD:673 | | mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:50:34:50:39 | filter | provenance | | | mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:61:27:61:32 | filter | provenance | | | mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:63:23:63:28 | filter | provenance | | diff --git a/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected b/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected index 46a5161df2a6..3f95c9129301 100644 --- a/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected +++ b/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected @@ -2,10 +2,10 @@ edges | StringBreak.go:10:2:10:40 | ... := ...[0] | StringBreak.go:14:47:14:57 | versionJSON | provenance | | | StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | StringBreakMismatched.go:13:29:13:47 | type conversion | provenance | | | StringBreakMismatched.go:13:13:13:62 | call to Replace | StringBreakMismatched.go:17:26:17:32 | escaped | provenance | | -| StringBreakMismatched.go:13:29:13:47 | type conversion | StringBreakMismatched.go:13:13:13:62 | call to Replace | provenance | MaD:840 | +| StringBreakMismatched.go:13:29:13:47 | type conversion | StringBreakMismatched.go:13:13:13:62 | call to Replace | provenance | MaD:838 | | StringBreakMismatched.go:24:2:24:40 | ... := ...[0] | StringBreakMismatched.go:25:29:25:47 | type conversion | provenance | | | StringBreakMismatched.go:25:13:25:61 | call to Replace | StringBreakMismatched.go:29:27:29:33 | escaped | provenance | | -| StringBreakMismatched.go:25:29:25:47 | type conversion | StringBreakMismatched.go:25:13:25:61 | call to Replace | provenance | MaD:840 | +| StringBreakMismatched.go:25:29:25:47 | type conversion | StringBreakMismatched.go:25:13:25:61 | call to Replace | provenance | MaD:838 | nodes | StringBreak.go:10:2:10:40 | ... := ...[0] | semmle.label | ... := ...[0] | | StringBreak.go:14:47:14:57 | versionJSON | semmle.label | versionJSON | diff --git a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected index ae32673974c7..721e49b35e0e 100644 --- a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected +++ b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected @@ -1,7 +1,7 @@ edges | sample.go:15:10:15:64 | call to Sum256 | sample.go:16:9:16:15 | slice expression | provenance | | | sample.go:15:24:15:63 | type conversion | sample.go:15:10:15:64 | call to Sum256 | provenance | FunctionModel | -| sample.go:15:31:15:62 | []type{args} [array] | sample.go:15:31:15:62 | call to Sprintf | provenance | MaD:247 | +| sample.go:15:31:15:62 | []type{args} [array] | sample.go:15:31:15:62 | call to Sprintf | provenance | MaD:245 | | sample.go:15:31:15:62 | call to Sprintf | sample.go:15:24:15:63 | type conversion | provenance | | | sample.go:15:49:15:61 | call to Uint32 | sample.go:15:31:15:62 | []type{args} [array] | provenance | | | sample.go:15:49:15:61 | call to Uint32 | sample.go:15:31:15:62 | call to Sprintf | provenance | FunctionModel | @@ -9,7 +9,7 @@ edges | sample.go:33:2:33:6 | definition of nonce | sample.go:37:25:37:29 | nonce | provenance | | | sample.go:33:2:33:6 | definition of nonce | sample.go:37:32:37:36 | nonce | provenance | | | sample.go:34:12:34:40 | call to New | sample.go:35:14:35:19 | random | provenance | | -| sample.go:35:14:35:19 | random | sample.go:33:2:33:6 | definition of nonce | provenance | MaD:551 | +| sample.go:35:14:35:19 | random | sample.go:33:2:33:6 | definition of nonce | provenance | MaD:549 | | sample.go:55:17:55:42 | call to Intn | sample.go:56:29:56:38 | randNumber | provenance | | | sample.go:56:11:56:40 | type conversion | sample.go:58:32:58:43 | type conversion | provenance | | | sample.go:56:18:56:39 | index expression | sample.go:56:11:56:40 | type conversion | provenance | | diff --git a/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected b/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected index 444acdc353f5..3bbaa18bcfa4 100644 --- a/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected +++ b/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected @@ -1,16 +1,16 @@ edges -| go-jose.v3.go:25:16:25:20 | selection of URL | go-jose.v3.go:25:16:25:28 | call to Query | provenance | MaD:737 | -| go-jose.v3.go:25:16:25:28 | call to Query | go-jose.v3.go:25:16:25:47 | call to Get | provenance | MaD:744 | +| go-jose.v3.go:25:16:25:20 | selection of URL | go-jose.v3.go:25:16:25:28 | call to Query | provenance | MaD:735 | +| go-jose.v3.go:25:16:25:28 | call to Query | go-jose.v3.go:25:16:25:47 | call to Get | provenance | MaD:742 | | go-jose.v3.go:25:16:25:47 | call to Get | go-jose.v3.go:26:15:26:25 | signedToken | provenance | | | go-jose.v3.go:26:15:26:25 | signedToken | go-jose.v3.go:29:19:29:29 | definition of signedToken | provenance | | | go-jose.v3.go:29:19:29:29 | definition of signedToken | go-jose.v3.go:31:37:31:47 | signedToken | provenance | | -| go-jose.v3.go:31:2:31:48 | ... := ...[0] | go-jose.v3.go:33:12:33:23 | DecodedToken | provenance | Sink:MaD:323 | -| go-jose.v3.go:31:37:31:47 | signedToken | go-jose.v3.go:31:2:31:48 | ... := ...[0] | provenance | MaD:325 | -| golang-jwt-v5.go:28:16:28:20 | selection of URL | golang-jwt-v5.go:28:16:28:28 | call to Query | provenance | MaD:737 | -| golang-jwt-v5.go:28:16:28:28 | call to Query | golang-jwt-v5.go:28:16:28:47 | call to Get | provenance | MaD:744 | +| go-jose.v3.go:31:2:31:48 | ... := ...[0] | go-jose.v3.go:33:12:33:23 | DecodedToken | provenance | Sink:MaD:321 | +| go-jose.v3.go:31:37:31:47 | signedToken | go-jose.v3.go:31:2:31:48 | ... := ...[0] | provenance | MaD:323 | +| golang-jwt-v5.go:28:16:28:20 | selection of URL | golang-jwt-v5.go:28:16:28:28 | call to Query | provenance | MaD:735 | +| golang-jwt-v5.go:28:16:28:28 | call to Query | golang-jwt-v5.go:28:16:28:47 | call to Get | provenance | MaD:742 | | golang-jwt-v5.go:28:16:28:47 | call to Get | golang-jwt-v5.go:29:25:29:35 | signedToken | provenance | | | golang-jwt-v5.go:29:25:29:35 | signedToken | golang-jwt-v5.go:32:29:32:39 | definition of signedToken | provenance | | -| golang-jwt-v5.go:32:29:32:39 | definition of signedToken | golang-jwt-v5.go:34:58:34:68 | signedToken | provenance | Sink:MaD:337 | +| golang-jwt-v5.go:32:29:32:39 | definition of signedToken | golang-jwt-v5.go:34:58:34:68 | signedToken | provenance | Sink:MaD:335 | nodes | go-jose.v3.go:25:16:25:20 | selection of URL | semmle.label | selection of URL | | go-jose.v3.go:25:16:25:28 | call to Query | semmle.label | call to Query | diff --git a/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected b/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected index ae9cd01be22a..df944f74e0fe 100644 --- a/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected +++ b/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected @@ -12,8 +12,8 @@ edges | main.go:68:17:68:24 | argument corresponding to redirect | main.go:73:20:73:27 | redirect | provenance | | | main.go:68:17:68:24 | definition of redirect | main.go:73:20:73:27 | redirect | provenance | | | main.go:73:9:73:28 | call to Clean | main.go:77:25:77:39 | call to getTarget1 | provenance | | -| main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:763 | -| main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:763 | +| main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:761 | +| main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:761 | | main.go:76:19:76:21 | argument corresponding to url | main.go:77:36:77:38 | url | provenance | | | main.go:77:36:77:38 | url | main.go:68:17:68:24 | definition of redirect | provenance | | | main.go:77:36:77:38 | url | main.go:77:25:77:39 | call to getTarget1 | provenance | | diff --git a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected index dd83bbb581a4..21f4b4e1d777 100644 --- a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected +++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected @@ -54,11 +54,11 @@ edges | stdlib.go:173:35:173:39 | selection of URL | stdlib.go:173:35:173:52 | call to RequestURI | provenance | | | stdlib.go:173:35:173:52 | call to RequestURI | stdlib.go:173:24:173:52 | ...+... | provenance | | | stdlib.go:182:3:182:8 | definition of target | stdlib.go:184:23:184:28 | target | provenance | | -| stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:182:3:182:8 | definition of target | provenance | Src:MaD:672 | +| stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:182:3:182:8 | definition of target | provenance | Src:MaD:670 | | stdlib.go:190:3:190:8 | definition of target | stdlib.go:192:23:192:28 | target | provenance | | | stdlib.go:190:3:190:8 | definition of target | stdlib.go:194:23:194:28 | target | provenance | | | stdlib.go:190:3:190:57 | ... := ...[0] | stdlib.go:190:3:190:8 | definition of target | provenance | | -| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:190:3:190:57 | ... := ...[0] | provenance | Src:MaD:672 | +| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:190:3:190:57 | ... := ...[0] | provenance | Src:MaD:670 | | stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:190:3:190:8 | definition of target | provenance | | | stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:192:23:192:33 | selection of Path | provenance | | | stdlib.go:192:23:192:28 | target | stdlib.go:192:23:192:28 | implicit dereference | provenance | | diff --git a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected index 6d7c737ab811..91125540c6c0 100644 --- a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected @@ -1,23 +1,23 @@ edges -| EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:9:10:9:29 | call to Get | provenance | MaD:657 | +| EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:9:10:9:29 | call to Get | provenance | MaD:655 | | EmailBad.go:9:10:9:29 | call to Get | EmailBad.go:12:56:12:67 | type conversion | provenance | | -| main.go:29:21:29:31 | call to Referer | main.go:31:57:31:78 | type conversion | provenance | Src:MaD:675 | -| main.go:37:21:37:31 | call to Referer | main.go:41:25:41:38 | untrustedInput | provenance | Src:MaD:675 | -| main.go:41:25:41:38 | untrustedInput | main.go:40:3:40:7 | definition of write | provenance | MaD:554 | -| main.go:46:21:46:31 | call to Referer | main.go:52:46:52:59 | untrustedInput | provenance | Src:MaD:675 | -| main.go:46:21:46:31 | call to Referer | main.go:53:52:53:65 | untrustedInput | provenance | Src:MaD:675 | -| main.go:58:21:58:31 | call to Referer | main.go:60:47:60:60 | untrustedInput | provenance | Src:MaD:675 | +| main.go:29:21:29:31 | call to Referer | main.go:31:57:31:78 | type conversion | provenance | Src:MaD:673 | +| main.go:37:21:37:31 | call to Referer | main.go:41:25:41:38 | untrustedInput | provenance | Src:MaD:673 | +| main.go:41:25:41:38 | untrustedInput | main.go:40:3:40:7 | definition of write | provenance | MaD:552 | +| main.go:46:21:46:31 | call to Referer | main.go:52:46:52:59 | untrustedInput | provenance | Src:MaD:673 | +| main.go:46:21:46:31 | call to Referer | main.go:53:52:53:65 | untrustedInput | provenance | Src:MaD:673 | +| main.go:58:21:58:31 | call to Referer | main.go:60:47:60:60 | untrustedInput | provenance | Src:MaD:673 | | main.go:60:14:60:61 | call to NewContent | main.go:63:16:63:22 | content | provenance | | -| main.go:60:47:60:60 | untrustedInput | main.go:60:14:60:61 | call to NewContent | provenance | MaD:386 | -| main.go:68:21:68:31 | call to Referer | main.go:74:47:74:60 | untrustedInput | provenance | Src:MaD:675 | +| main.go:60:47:60:60 | untrustedInput | main.go:60:14:60:61 | call to NewContent | provenance | MaD:384 | +| main.go:68:21:68:31 | call to Referer | main.go:74:47:74:60 | untrustedInput | provenance | Src:MaD:673 | | main.go:74:14:74:61 | call to NewContent | main.go:76:50:76:56 | content | provenance | | | main.go:74:14:74:61 | call to NewContent | main.go:76:59:76:65 | content | provenance | | | main.go:74:14:74:61 | call to NewContent | main.go:77:16:77:22 | content | provenance | | -| main.go:74:47:74:60 | untrustedInput | main.go:74:14:74:61 | call to NewContent | provenance | MaD:386 | -| main.go:82:21:82:31 | call to Referer | main.go:89:37:89:50 | untrustedInput | provenance | Src:MaD:675 | -| main.go:82:21:82:31 | call to Referer | main.go:91:48:91:61 | untrustedInput | provenance | Src:MaD:675 | +| main.go:74:47:74:60 | untrustedInput | main.go:74:14:74:61 | call to NewContent | provenance | MaD:384 | +| main.go:82:21:82:31 | call to Referer | main.go:89:37:89:50 | untrustedInput | provenance | Src:MaD:673 | +| main.go:82:21:82:31 | call to Referer | main.go:91:48:91:61 | untrustedInput | provenance | Src:MaD:673 | | main.go:91:15:91:62 | call to NewContent | main.go:93:16:93:23 | content2 | provenance | | -| main.go:91:48:91:61 | untrustedInput | main.go:91:15:91:62 | call to NewContent | provenance | MaD:386 | +| main.go:91:48:91:61 | untrustedInput | main.go:91:15:91:62 | call to NewContent | provenance | MaD:384 | nodes | EmailBad.go:9:10:9:17 | selection of Header | semmle.label | selection of Header | | EmailBad.go:9:10:9:29 | call to Get | semmle.label | call to Get | diff --git a/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected b/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected index 32d3337b59aa..e9cce302e7d1 100644 --- a/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected @@ -1,16 +1,16 @@ edges -| XPathInjection.go:13:14:13:19 | selection of Form | XPathInjection.go:13:14:13:35 | call to Get | provenance | MaD:744 | +| XPathInjection.go:13:14:13:19 | selection of Form | XPathInjection.go:13:14:13:35 | call to Get | provenance | MaD:742 | | XPathInjection.go:13:14:13:35 | call to Get | XPathInjection.go:16:29:16:91 | ...+... | provenance | | -| tst.go:34:14:34:19 | selection of Form | tst.go:34:14:34:35 | call to Get | provenance | MaD:744 | +| tst.go:34:14:34:19 | selection of Form | tst.go:34:14:34:35 | call to Get | provenance | MaD:742 | | tst.go:34:14:34:35 | call to Get | tst.go:37:23:37:85 | ...+... | provenance | | | tst.go:34:14:34:35 | call to Get | tst.go:40:24:40:86 | ...+... | provenance | | | tst.go:34:14:34:35 | call to Get | tst.go:43:24:43:82 | ...+... | provenance | | -| tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:35 | call to Get | provenance | MaD:744 | +| tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:35 | call to Get | provenance | MaD:742 | | tst.go:48:14:48:35 | call to Get | tst.go:51:26:51:84 | ...+... | provenance | | | tst.go:48:14:48:35 | call to Get | tst.go:54:29:54:87 | ...+... | provenance | | | tst.go:48:14:48:35 | call to Get | tst.go:57:33:57:91 | ...+... | provenance | | | tst.go:48:14:48:35 | call to Get | tst.go:60:30:60:88 | ...+... | provenance | | -| tst.go:65:14:65:19 | selection of Form | tst.go:65:14:65:35 | call to Get | provenance | MaD:744 | +| tst.go:65:14:65:19 | selection of Form | tst.go:65:14:65:35 | call to Get | provenance | MaD:742 | | tst.go:65:14:65:35 | call to Get | tst.go:68:25:68:83 | ...+... | provenance | | | tst.go:65:14:65:35 | call to Get | tst.go:71:28:71:86 | ...+... | provenance | | | tst.go:65:14:65:35 | call to Get | tst.go:74:25:74:83 | ...+... | provenance | | @@ -19,38 +19,38 @@ edges | tst.go:65:14:65:35 | call to Get | tst.go:83:29:83:87 | ...+... | provenance | | | tst.go:65:14:65:35 | call to Get | tst.go:86:23:86:85 | ...+... | provenance | | | tst.go:65:14:65:35 | call to Get | tst.go:89:22:89:84 | ...+... | provenance | | -| tst.go:94:14:94:19 | selection of Form | tst.go:94:14:94:35 | call to Get | provenance | MaD:744 | +| tst.go:94:14:94:19 | selection of Form | tst.go:94:14:94:35 | call to Get | provenance | MaD:742 | | tst.go:94:14:94:35 | call to Get | tst.go:97:26:97:84 | ...+... | provenance | | | tst.go:94:14:94:35 | call to Get | tst.go:100:29:100:87 | ...+... | provenance | | | tst.go:94:14:94:35 | call to Get | tst.go:103:33:103:91 | ...+... | provenance | | | tst.go:94:14:94:35 | call to Get | tst.go:106:30:106:88 | ...+... | provenance | | -| tst.go:111:14:111:19 | selection of Form | tst.go:111:14:111:35 | call to Get | provenance | MaD:744 | +| tst.go:111:14:111:19 | selection of Form | tst.go:111:14:111:35 | call to Get | provenance | MaD:742 | | tst.go:111:14:111:35 | call to Get | tst.go:114:25:114:87 | ...+... | provenance | | | tst.go:111:14:111:35 | call to Get | tst.go:117:26:117:88 | ...+... | provenance | | -| tst.go:122:14:122:19 | selection of Form | tst.go:122:14:122:35 | call to Get | provenance | MaD:744 | +| tst.go:122:14:122:19 | selection of Form | tst.go:122:14:122:35 | call to Get | provenance | MaD:742 | | tst.go:122:14:122:35 | call to Get | tst.go:126:23:126:126 | ...+... | provenance | | | tst.go:122:14:122:35 | call to Get | tst.go:129:24:129:127 | ...+... | provenance | | | tst.go:122:14:122:35 | call to Get | tst.go:132:27:132:122 | ...+... | provenance | | -| tst.go:123:14:123:19 | selection of Form | tst.go:123:14:123:35 | call to Get | provenance | MaD:744 | +| tst.go:123:14:123:19 | selection of Form | tst.go:123:14:123:35 | call to Get | provenance | MaD:742 | | tst.go:123:14:123:35 | call to Get | tst.go:126:23:126:126 | ...+... | provenance | | | tst.go:123:14:123:35 | call to Get | tst.go:129:24:129:127 | ...+... | provenance | | | tst.go:123:14:123:35 | call to Get | tst.go:132:27:132:122 | ...+... | provenance | | -| tst.go:140:14:140:19 | selection of Form | tst.go:140:14:140:35 | call to Get | provenance | MaD:744 | +| tst.go:140:14:140:19 | selection of Form | tst.go:140:14:140:35 | call to Get | provenance | MaD:742 | | tst.go:140:14:140:35 | call to Get | tst.go:143:27:143:89 | ...+... | provenance | | | tst.go:140:14:140:35 | call to Get | tst.go:146:28:146:90 | ...+... | provenance | | -| tst.go:151:14:151:19 | selection of Form | tst.go:151:14:151:35 | call to Get | provenance | MaD:744 | +| tst.go:151:14:151:19 | selection of Form | tst.go:151:14:151:35 | call to Get | provenance | MaD:742 | | tst.go:151:14:151:35 | call to Get | tst.go:155:33:155:136 | ...+... | provenance | | | tst.go:151:14:151:35 | call to Get | tst.go:158:18:158:121 | ...+... | provenance | | | tst.go:151:14:151:35 | call to Get | tst.go:164:31:164:126 | ...+... | provenance | | | tst.go:151:14:151:35 | call to Get | tst.go:173:21:173:116 | ...+... | provenance | | | tst.go:151:14:151:35 | call to Get | tst.go:182:27:182:122 | ...+... | provenance | | -| tst.go:152:14:152:19 | selection of Form | tst.go:152:14:152:35 | call to Get | provenance | MaD:744 | +| tst.go:152:14:152:19 | selection of Form | tst.go:152:14:152:35 | call to Get | provenance | MaD:742 | | tst.go:152:14:152:35 | call to Get | tst.go:155:33:155:136 | ...+... | provenance | | | tst.go:152:14:152:35 | call to Get | tst.go:158:18:158:121 | ...+... | provenance | | | tst.go:152:14:152:35 | call to Get | tst.go:164:31:164:126 | ...+... | provenance | | | tst.go:152:14:152:35 | call to Get | tst.go:173:21:173:116 | ...+... | provenance | | | tst.go:152:14:152:35 | call to Get | tst.go:182:27:182:122 | ...+... | provenance | | -| tst.go:193:14:193:19 | selection of Form | tst.go:193:14:193:35 | call to Get | provenance | MaD:744 | +| tst.go:193:14:193:19 | selection of Form | tst.go:193:14:193:35 | call to Get | provenance | MaD:742 | | tst.go:193:14:193:35 | call to Get | tst.go:198:23:198:85 | ...+... | provenance | | nodes | XPathInjection.go:13:14:13:19 | selection of Form | semmle.label | selection of Form | diff --git a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected index 8238b6826ab6..6397dbaeff0a 100644 --- a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected +++ b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected @@ -1,12 +1,12 @@ edges -| RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | provenance | Src:MaD:672 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:14:11:14:17 | tainted | provenance | Src:MaD:672 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:18:12:18:18 | tainted | provenance | Src:MaD:672 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:21:34:21:40 | tainted | provenance | Src:MaD:672 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:24:66:24:72 | tainted | provenance | Src:MaD:672 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:27:11:27:29 | ...+... | provenance | Src:MaD:672 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:29:11:29:40 | ...+... | provenance | Src:MaD:672 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:36:11:36:17 | tainted | provenance | Src:MaD:672 | +| RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | provenance | Src:MaD:670 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:14:11:14:17 | tainted | provenance | Src:MaD:670 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:18:12:18:18 | tainted | provenance | Src:MaD:670 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:21:34:21:40 | tainted | provenance | Src:MaD:670 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:24:66:24:72 | tainted | provenance | Src:MaD:670 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:27:11:27:29 | ...+... | provenance | Src:MaD:670 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:29:11:29:40 | ...+... | provenance | Src:MaD:670 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:36:11:36:17 | tainted | provenance | Src:MaD:670 | | tst.go:35:2:35:2 | definition of u [pointer] | tst.go:36:2:36:2 | u [pointer] | provenance | | | tst.go:36:2:36:2 | implicit dereference | tst.go:35:2:35:2 | definition of u [pointer] | provenance | | | tst.go:36:2:36:2 | implicit dereference | tst.go:36:2:36:2 | u | provenance | | @@ -17,16 +17,16 @@ edges | tst.go:36:2:36:2 | u [pointer] | tst.go:36:2:36:2 | implicit dereference | provenance | | | tst.go:36:11:36:17 | tainted | tst.go:36:2:36:2 | u | provenance | | | tst.go:36:11:36:17 | tainted | tst.go:37:11:37:11 | u | provenance | | -| tst.go:37:11:37:11 | u | tst.go:37:11:37:20 | call to String | provenance | MaD:237 | -| websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | provenance | Src:MaD:675 | -| websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | provenance | Src:MaD:675 | -| websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | provenance | Src:MaD:675 | -| websocket.go:107:21:107:31 | call to Referer | websocket.go:110:15:110:28 | untrustedInput | provenance | Src:MaD:675 | -| websocket.go:126:21:126:31 | call to Referer | websocket.go:129:38:129:51 | untrustedInput | provenance | Src:MaD:675 | -| websocket.go:154:21:154:31 | call to Referer | websocket.go:155:31:155:44 | untrustedInput | provenance | Src:MaD:675 | -| websocket.go:160:21:160:31 | call to Referer | websocket.go:162:31:162:44 | untrustedInput | provenance | Src:MaD:675 | -| websocket.go:195:21:195:31 | call to Referer | websocket.go:197:18:197:31 | untrustedInput | provenance | Src:MaD:675 | -| websocket.go:202:21:202:31 | call to Referer | websocket.go:204:11:204:24 | untrustedInput | provenance | Src:MaD:675 | +| tst.go:37:11:37:11 | u | tst.go:37:11:37:20 | call to String | provenance | MaD:235 | +| websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | provenance | Src:MaD:673 | +| websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | provenance | Src:MaD:673 | +| websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | provenance | Src:MaD:673 | +| websocket.go:107:21:107:31 | call to Referer | websocket.go:110:15:110:28 | untrustedInput | provenance | Src:MaD:673 | +| websocket.go:126:21:126:31 | call to Referer | websocket.go:129:38:129:51 | untrustedInput | provenance | Src:MaD:673 | +| websocket.go:154:21:154:31 | call to Referer | websocket.go:155:31:155:44 | untrustedInput | provenance | Src:MaD:673 | +| websocket.go:160:21:160:31 | call to Referer | websocket.go:162:31:162:44 | untrustedInput | provenance | Src:MaD:673 | +| websocket.go:195:21:195:31 | call to Referer | websocket.go:197:18:197:31 | untrustedInput | provenance | Src:MaD:673 | +| websocket.go:202:21:202:31 | call to Referer | websocket.go:204:11:204:24 | untrustedInput | provenance | Src:MaD:673 | nodes | RequestForgery.go:8:12:8:34 | call to FormValue | semmle.label | call to FormValue | | RequestForgery.go:11:24:11:65 | ...+... | semmle.label | ...+... |