diff --git a/go/ql/lib/change-notes/2024-12-06-improve-flow-out-of-variadic-parameter.md b/go/ql/lib/change-notes/2024-12-06-improve-flow-out-of-variadic-parameter.md deleted file mode 100644 index 8244ba069943..000000000000 --- a/go/ql/lib/change-notes/2024-12-06-improve-flow-out-of-variadic-parameter.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Data flow out of variadic parameters now works in more situations. Summary models defined using models-as-data work. Source models defined using models-as-data do not work yet. diff --git a/go/ql/lib/change-notes/2024-12-12-variadic-parameter-sources.md b/go/ql/lib/change-notes/2024-12-12-variadic-parameter-sources.md deleted file mode 100644 index 38d5ad2783f1..000000000000 --- a/go/ql/lib/change-notes/2024-12-12-variadic-parameter-sources.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Source models defined using models-as-data now work for variadic parameters. diff --git a/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll b/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll index bbef53935ad9..9f07693b7ea2 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll @@ -66,11 +66,6 @@ predicate containerReadStep(Node node1, Node node2, Content c) { ( node2.(Read).readsElement(node1, _) or - exists(ImplicitVarargsSlice ivs | - node1.(PostUpdateNode).getPreUpdateNode() = ivs and - node2.(PostUpdateNode).getPreUpdateNode() = ivs.getCallNode().getAnImplicitVarargsArgument() - ) - or node2.(RangeElementNode).getBase() = node1 or // To model data flow from array elements of the base of a `SliceNode` to diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll index 05283454cff0..cc353ab64df5 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll @@ -845,9 +845,6 @@ module Public { or preupd = getAWrittenNode() or - preupd instanceof ImplicitVarargsSlice and - mutableType(preupd.(ImplicitVarargsSlice).getType().(SliceType).getElementType()) - or preupd = any(ArgumentNode arg).getACorrespondingSyntacticArgument() and mutableType(preupd.getType()) ) and diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll index 032196312483..2fcbf2d350f2 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll @@ -458,13 +458,3 @@ class ContentApprox = Unit; /** Gets an approximated value for content `c`. */ pragma[inline] ContentApprox getContentApprox(Content c) { any() } - -/** - * Holds if the the content `c` is a container. - */ -predicate containerContent(ContentSet c) { - c instanceof ArrayContent or - c instanceof CollectionContent or - c instanceof MapKeyContent or - c instanceof MapValueContent -} diff --git a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll index 2605dd326c3c..5365228e2310 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll @@ -27,21 +27,11 @@ predicate localExprTaint(Expr src, Expr sink) { * Holds if taint can flow in one local step from `src` to `sink`. */ predicate localTaintStep(DataFlow::Node src, DataFlow::Node sink) { - DataFlow::localFlowStep(src, sink) - or - localAdditionalTaintStep(src, sink, _) - or + DataFlow::localFlowStep(src, sink) or + localAdditionalTaintStep(src, sink, _) or // Simple flow through library code is included in the exposed local // step relation, even though flow is technically inter-procedural FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(src, sink, _) - or - // Treat container flow as taint for the local taint flow relation - exists(DataFlow::Content c | DataFlowPrivate::containerContent(c) | - DataFlowPrivate::readStep(src, c, sink) or - DataFlowPrivate::storeStep(src, c, sink) or - FlowSummaryImpl::Private::Steps::summaryGetterStep(src, c, sink, _) or - FlowSummaryImpl::Private::Steps::summarySetterStep(src, c, sink, _) - ) } private Type getElementType(Type containerType) { @@ -98,18 +88,12 @@ class AdditionalTaintStep extends Unit { */ predicate localAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ, string model) { ( - referenceStep(pred, succ) - or - elementWriteStep(pred, succ) - or - fieldReadStep(pred, succ) - or - elementStep(pred, succ) - or - tupleStep(pred, succ) - or - stringConcatStep(pred, succ) - or + referenceStep(pred, succ) or + elementWriteStep(pred, succ) or + fieldReadStep(pred, succ) or + elementStep(pred, succ) or + tupleStep(pred, succ) or + stringConcatStep(pred, succ) or sliceStep(pred, succ) ) and model = "" @@ -179,12 +163,6 @@ predicate elementStep(DataFlow::Node pred, DataFlow::Node succ) { // only step into the value, not the index succ.asInstruction() = IR::extractTupleElement(nextEntry, 1) ) - or - exists(DataFlow::ImplicitVarargsSlice ivs | - pred.(DataFlow::PostUpdateNode).getPreUpdateNode() = ivs and - succ.(DataFlow::PostUpdateNode).getPreUpdateNode() = - ivs.getCallNode().getAnImplicitVarargsArgument() - ) } /** Holds if taint flows from `pred` to `succ` via an extract tuple operation. */ diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ql b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ql index a5dedbeacf47..6bbf16c2020e 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ql +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.ql @@ -9,9 +9,9 @@ import semmle.go.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl import utils.test.InlineFlowTest module Config implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { sourceNode(source, "qltest") } + predicate isSource(DataFlow::Node src) { sourceNode(src, "qltest") } - predicate isSink(DataFlow::Node sink) { sinkNode(sink, "qltest") } + predicate isSink(DataFlow::Node src) { sinkNode(src, "qltest") } } import ValueFlowTest diff --git a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected index abe37122ba6b..6fadcdaabe63 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected @@ -5,36 +5,24 @@ | main.go:38:19:38:19 | 3 | main.go:38:7:38:20 | slice literal | | main.go:39:8:39:25 | []type{args} | main.go:39:8:39:25 | call to append | | main.go:39:15:39:15 | s | main.go:39:8:39:25 | call to append | -| main.go:39:18:39:18 | 4 | main.go:39:8:39:25 | []type{args} | -| main.go:39:21:39:21 | 5 | main.go:39:8:39:25 | []type{args} | -| main.go:39:24:39:24 | 6 | main.go:39:8:39:25 | []type{args} | | main.go:40:15:40:15 | s | main.go:40:8:40:23 | call to append | | main.go:40:18:40:19 | s1 | main.go:40:8:40:23 | call to append | | main.go:42:10:42:11 | s4 | main.go:38:2:38:2 | definition of s | | main.go:47:20:47:21 | next key-value pair in range | main.go:47:2:50:2 | range statement[0] | | main.go:47:20:47:21 | next key-value pair in range | main.go:47:2:50:2 | range statement[1] | | main.go:47:20:47:21 | xs | main.go:47:2:50:2 | range statement[1] | -| main.go:56:8:56:11 | true | main.go:56:2:56:3 | ch | -| main.go:57:4:57:5 | ch | main.go:57:2:57:5 | <-... | | strings.go:9:24:9:24 | s | strings.go:9:8:9:38 | call to Replace | | strings.go:9:32:9:34 | "_" | strings.go:9:8:9:38 | call to Replace | | strings.go:10:27:10:27 | s | strings.go:10:8:10:42 | call to ReplaceAll | | strings.go:10:35:10:41 | "&" | strings.go:10:8:10:42 | call to ReplaceAll | -| strings.go:11:9:11:26 | []type{args} | strings.go:11:9:11:26 | call to Sprint | | strings.go:11:9:11:26 | call to Sprint | strings.go:11:9:11:50 | ...+... | | strings.go:11:9:11:50 | ...+... | strings.go:11:9:11:69 | ...+... | -| strings.go:11:20:11:21 | s2 | strings.go:11:9:11:26 | []type{args} | | strings.go:11:20:11:21 | s2 | strings.go:11:9:11:26 | call to Sprint | -| strings.go:11:24:11:25 | s3 | strings.go:11:9:11:26 | []type{args} | | strings.go:11:24:11:25 | s3 | strings.go:11:9:11:26 | call to Sprint | -| strings.go:11:30:11:50 | []type{args} | strings.go:11:30:11:50 | call to Sprintf | | strings.go:11:30:11:50 | call to Sprintf | strings.go:11:9:11:50 | ...+... | | strings.go:11:42:11:45 | "%q" | strings.go:11:30:11:50 | call to Sprintf | -| strings.go:11:48:11:49 | s2 | strings.go:11:30:11:50 | []type{args} | | strings.go:11:48:11:49 | s2 | strings.go:11:30:11:50 | call to Sprintf | -| strings.go:11:54:11:69 | []type{args} | strings.go:11:54:11:69 | call to Sprintln | | strings.go:11:54:11:69 | call to Sprintln | strings.go:11:9:11:69 | ...+... | -| strings.go:11:67:11:68 | s3 | strings.go:11:54:11:69 | []type{args} | | strings.go:11:67:11:68 | s3 | strings.go:11:54:11:69 | call to Sprintln | | url.go:12:14:12:48 | call to PathUnescape | url.go:12:3:12:48 | ... = ...[0] | | url.go:12:14:12:48 | call to PathUnescape | url.go:12:3:12:48 | ... = ...[1] | @@ -51,25 +39,17 @@ | url.go:27:9:27:30 | call to ParseRequestURI | url.go:27:2:27:30 | ... = ...[1] | | url.go:27:29:27:29 | s | url.go:27:2:27:30 | ... = ...[0] | | url.go:28:14:28:14 | u | url.go:28:14:28:28 | call to EscapedPath | -| url.go:28:14:28:28 | call to EscapedPath | url.go:28:2:28:29 | []type{args} | | url.go:29:14:29:14 | u | url.go:29:14:29:25 | call to Hostname | -| url.go:29:14:29:25 | call to Hostname | url.go:29:2:29:26 | []type{args} | | url.go:30:11:30:11 | u | url.go:30:2:30:27 | ... := ...[0] | | url.go:30:11:30:27 | call to MarshalBinary | url.go:30:2:30:27 | ... := ...[0] | | url.go:30:11:30:27 | call to MarshalBinary | url.go:30:2:30:27 | ... := ...[1] | -| url.go:31:2:31:16 | []type{args} | url.go:30:2:30:3 | definition of bs | -| url.go:31:14:31:15 | bs | url.go:31:2:31:16 | []type{args} | | url.go:32:9:32:9 | u | url.go:32:2:32:23 | ... = ...[0] | | url.go:32:9:32:23 | call to Parse | url.go:32:2:32:23 | ... = ...[0] | | url.go:32:9:32:23 | call to Parse | url.go:32:2:32:23 | ... = ...[1] | | url.go:32:17:32:22 | "/foo" | url.go:32:2:32:23 | ... = ...[0] | | url.go:33:14:33:14 | u | url.go:33:14:33:21 | call to Port | -| url.go:33:14:33:21 | call to Port | url.go:33:2:33:22 | []type{args} | -| url.go:34:2:34:23 | []type{args} | url.go:34:14:34:22 | call to Query | | url.go:34:14:34:14 | u | url.go:34:14:34:22 | call to Query | -| url.go:34:14:34:22 | call to Query | url.go:34:2:34:23 | []type{args} | | url.go:35:14:35:14 | u | url.go:35:14:35:27 | call to RequestURI | -| url.go:35:14:35:27 | call to RequestURI | url.go:35:2:35:28 | []type{args} | | url.go:36:6:36:6 | u | url.go:36:6:36:26 | call to ResolveReference | | url.go:36:25:36:25 | u | url.go:36:6:36:26 | call to ResolveReference | | url.go:41:17:41:20 | "me" | url.go:41:8:41:21 | call to User | @@ -78,35 +58,27 @@ | url.go:43:11:43:12 | ui | url.go:43:2:43:23 | ... := ...[0] | | url.go:43:11:43:23 | call to Password | url.go:43:2:43:23 | ... := ...[0] | | url.go:43:11:43:23 | call to Password | url.go:43:2:43:23 | ... := ...[1] | -| url.go:44:14:44:15 | pw | url.go:44:2:44:16 | []type{args} | | url.go:45:14:45:15 | ui | url.go:45:14:45:26 | call to Username | -| url.go:45:14:45:26 | call to Username | url.go:45:2:45:27 | []type{args} | | url.go:50:10:50:26 | call to ParseQuery | url.go:50:2:50:26 | ... := ...[0] | | url.go:50:10:50:26 | call to ParseQuery | url.go:50:2:50:26 | ... := ...[1] | | url.go:50:25:50:25 | q | url.go:50:2:50:26 | ... := ...[0] | | url.go:51:14:51:14 | v | url.go:51:14:51:23 | call to Encode | -| url.go:51:14:51:23 | call to Encode | url.go:51:2:51:24 | []type{args} | | url.go:52:14:52:14 | v | url.go:52:14:52:26 | call to Get | -| url.go:52:14:52:26 | call to Get | url.go:52:2:52:27 | []type{args} | | url.go:57:16:57:39 | call to JoinPath | url.go:57:2:57:39 | ... := ...[0] | | url.go:57:16:57:39 | call to JoinPath | url.go:57:2:57:39 | ... := ...[1] | | url.go:57:29:57:29 | q | url.go:57:2:57:39 | ... := ...[0] | | url.go:57:32:57:38 | "clean" | url.go:57:2:57:39 | ... := ...[0] | -| url.go:57:32:57:38 | "clean" | url.go:57:16:57:39 | []type{args} | | url.go:58:16:58:45 | call to JoinPath | url.go:58:2:58:45 | ... := ...[0] | | url.go:58:16:58:45 | call to JoinPath | url.go:58:2:58:45 | ... := ...[1] | | url.go:58:29:58:35 | "clean" | url.go:58:2:58:45 | ... := ...[0] | | url.go:58:38:58:44 | joined1 | url.go:58:2:58:45 | ... := ...[0] | -| url.go:58:38:58:44 | joined1 | url.go:58:16:58:45 | []type{args} | | url.go:59:14:59:31 | call to Parse | url.go:59:2:59:31 | ... := ...[0] | | url.go:59:14:59:31 | call to Parse | url.go:59:2:59:31 | ... := ...[1] | | url.go:59:24:59:30 | joined2 | url.go:59:2:59:31 | ... := ...[0] | | url.go:60:15:60:19 | asUrl | url.go:60:15:60:37 | call to JoinPath | -| url.go:60:30:60:36 | "clean" | url.go:60:15:60:37 | []type{args} | | url.go:60:30:60:36 | "clean" | url.go:60:15:60:37 | call to JoinPath | | url.go:65:17:65:48 | call to Parse | url.go:65:2:65:48 | ... := ...[0] | | url.go:65:17:65:48 | call to Parse | url.go:65:2:65:48 | ... := ...[1] | | url.go:65:27:65:47 | "http://harmless.org" | url.go:65:2:65:48 | ... := ...[0] | | url.go:66:9:66:16 | cleanUrl | url.go:66:9:66:28 | call to JoinPath | -| url.go:66:27:66:27 | q | url.go:66:9:66:28 | []type{args} | | url.go:66:27:66:27 | q | url.go:66:9:66:28 | call to JoinPath | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgs/main.go b/go/ql/test/library-tests/semmle/go/dataflow/VarArgs/main.go index 84e769659806..8e3a498656af 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgs/main.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgs/main.go @@ -4,7 +4,7 @@ func source() string { return "untrusted data" } -func sink(any) { +func sink(string) { } type A struct { @@ -19,10 +19,6 @@ func functionWithVarArgsParameter(s ...string) string { return s[1] } -func functionWithVarArgsOutParameter(in string, out ...*string) { - *out[0] = in -} - func functionWithSliceOfStructsParameter(s []A) string { return s[1].f } @@ -42,12 +38,6 @@ func main() { sink(functionWithVarArgsParameter(sSlice...)) // $ hasValueFlow="call to functionWithVarArgsParameter" sink(functionWithVarArgsParameter(s0, s1)) // $ hasValueFlow="call to functionWithVarArgsParameter" - var out1 *string - var out2 *string - functionWithVarArgsOutParameter(source(), out1, out2) - sink(out1) // $ MISSING: hasValueFlow="out1" - sink(out2) // $ MISSING: hasValueFlow="out2" - sliceOfStructs := []A{{f: source()}} sink(sliceOfStructs[0].f) // $ hasValueFlow="selection of f" diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.expected b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.expected deleted file mode 100644 index 55e9aed2e93c..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.expected +++ /dev/null @@ -1,2 +0,0 @@ -testFailures -invalidModelRow diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ext.yml b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ext.yml deleted file mode 100644 index ca3f9559536a..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ext.yml +++ /dev/null @@ -1,21 +0,0 @@ -extensions: - - addsTo: - pack: codeql/go-all - extensible: summaryModel - data: - - ["github.com/nonexistent/test", "", False, "FunctionWithParameter", "", "", "Argument[0]", "ReturnValue", "value", "manual"] - - ["github.com/nonexistent/test", "", False, "FunctionWithSliceParameter", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"] - - ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsParameter", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"] - - ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsOutParameter", "", "", "Argument[0]", "Argument[1].ArrayElement", "value", "manual"] - - ["github.com/nonexistent/test", "", False, "FunctionWithSliceOfStructsParameter", "", "", "Argument[0].ArrayElement.Field[github.com/nonexistent/test.A.Field]", "ReturnValue", "value", "manual"] - - ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsOfStructsParameter", "", "", "Argument[0].ArrayElement.Field[github.com/nonexistent/test.A.Field]", "ReturnValue", "value", "manual"] - - addsTo: - pack: codeql/go-all - extensible: sourceModel - data: - - ["github.com/nonexistent/test", "", False, "VariadicSource", "", "", "Argument[0]", "qltest", "manual"] - - addsTo: - pack: codeql/go-all - extensible: sinkModel - data: - - ["github.com/nonexistent/test", "", False, "VariadicSink", "", "", "Argument[0]", "qltest", "manual"] diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ql b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ql deleted file mode 100644 index 873143a6f81c..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/Flows.ql +++ /dev/null @@ -1,22 +0,0 @@ -import go -import semmle.go.dataflow.ExternalFlow -import ModelValidation -import utils.test.InlineFlowTest - -module Config implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { - sourceNode(source, "qltest") - or - exists(Function fn | fn.hasQualifiedName(_, ["source", "taint"]) | - source = fn.getACall().getResult() - ) - } - - predicate isSink(DataFlow::Node sink) { - sinkNode(sink, "qltest") - or - exists(Function fn | fn.hasQualifiedName(_, "sink") | sink = fn.getACall().getAnArgument()) - } -} - -import FlowTest diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/go.mod b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/go.mod deleted file mode 100644 index cdb11f2ee6cf..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/go.mod +++ /dev/null @@ -1,5 +0,0 @@ -module semmle.go.Packages - -go 1.23 - -require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000 diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/main.go b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/main.go deleted file mode 100644 index 9d978553d449..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/main.go +++ /dev/null @@ -1,57 +0,0 @@ -package main - -import ( - "github.com/nonexistent/test" -) - -func source() string { - return "untrusted data" -} - -func sink(any) { -} - -func main() { - s := source() - sink(test.FunctionWithParameter(s)) // $ hasValueFlow="call to FunctionWithParameter" - - stringSlice := []string{source()} - sink(stringSlice[0]) // $ hasValueFlow="index expression" - - s0 := "" - s1 := source() - sSlice := []string{s0, s1} - sink(test.FunctionWithParameter(sSlice[1])) // $ hasValueFlow="call to FunctionWithParameter" - sink(test.FunctionWithSliceParameter(sSlice)) // $ hasValueFlow="call to FunctionWithSliceParameter" - sink(test.FunctionWithVarArgsParameter(sSlice...)) // $ hasValueFlow="call to FunctionWithVarArgsParameter" - sink(test.FunctionWithVarArgsParameter(s0, s1)) // $ hasValueFlow="call to FunctionWithVarArgsParameter" - - var out1 *string - var out2 *string - test.FunctionWithVarArgsOutParameter(source(), out1, out2) - sink(out1) // $ hasValueFlow="out1" - sink(out2) // $ hasValueFlow="out2" - - sliceOfStructs := []test.A{{Field: source()}} - sink(sliceOfStructs[0].Field) // $ hasValueFlow="selection of Field" - - a0 := test.A{Field: ""} - a1 := test.A{Field: source()} - aSlice := []test.A{a0, a1} - sink(test.FunctionWithSliceOfStructsParameter(aSlice)) // $ hasValueFlow="call to FunctionWithSliceOfStructsParameter" - sink(test.FunctionWithVarArgsOfStructsParameter(aSlice...)) // $ hasValueFlow="call to FunctionWithVarArgsOfStructsParameter" - sink(test.FunctionWithVarArgsOfStructsParameter(a0, a1)) // $ hasValueFlow="call to FunctionWithVarArgsOfStructsParameter" - - var variadicSource string - test.VariadicSource(&variadicSource) - sink(variadicSource) // $ hasTaintFlow="variadicSource" - sink(&variadicSource) // $ hasTaintFlow="&..." - - var variadicSourcePtr *string - test.VariadicSource(variadicSourcePtr) - sink(variadicSourcePtr) // $ hasTaintFlow="variadicSourcePtr" - sink(*variadicSourcePtr) // $ hasTaintFlow="star expression" - - test.VariadicSink(source()) // $ hasTaintFlow="[]type{args}" - -} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/github.com/nonexistent/test/stub.go b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/github.com/nonexistent/test/stub.go deleted file mode 100644 index f23bc1d04814..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/github.com/nonexistent/test/stub.go +++ /dev/null @@ -1,31 +0,0 @@ -package test - -type A struct { - Field string -} - -func FunctionWithParameter(s string) string { - return "" -} - -func FunctionWithSliceParameter(s []string) string { - return "" -} - -func FunctionWithVarArgsParameter(s ...string) string { - return "" -} -func FunctionWithVarArgsOutParameter(in string, out ...*string) { -} - -func FunctionWithSliceOfStructsParameter(s []A) string { - return "" -} - -func FunctionWithVarArgsOfStructsParameter(s ...A) string { - return "" -} - -func VariadicSource(s ...*string) {} - -func VariadicSink(s ...string) {} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/modules.txt deleted file mode 100644 index b62dbf8819b5..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithExternalFlow/vendor/modules.txt +++ /dev/null @@ -1,3 +0,0 @@ -# github.com/nonexistent/test v0.0.0-20200203000000-0000000000000 -## explicit -github.com/nonexistent/test diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/Flows.ql b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/Flows.ql index 884e67cfb063..78e21d534e09 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/Flows.ql +++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/Flows.ql @@ -19,9 +19,6 @@ class SummaryModelTest extends DataFlow::FunctionModel { this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithVarArgsParameter") and (inp.isParameter(_) and outp.isResult()) or - this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithVarArgsOutParameter") and - (inp.isParameter(0) and outp.isParameter(any(int i | i >= 1))) - or this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithSliceOfStructsParameter") and (inp.isParameter(0) and outp.isResult()) or diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/go.mod b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/go.mod index cdb11f2ee6cf..ed18764ed282 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/go.mod +++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/go.mod @@ -1,5 +1,5 @@ module semmle.go.Packages -go 1.23 +go 1.17 require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000 diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/main.go b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/main.go index e8d53eb9b288..c561de0da2f0 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/main.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/main.go @@ -8,7 +8,7 @@ func source() string { return "untrusted data" } -func sink(any) { +func sink(string) { } func main() { @@ -21,17 +21,10 @@ func main() { s0 := "" s1 := source() sSlice := []string{s0, s1} - sink(test.FunctionWithParameter(sSlice[1])) // $ hasValueFlow="call to FunctionWithParameter" - sink(test.FunctionWithSliceParameter(sSlice)) // $ hasTaintFlow="call to FunctionWithSliceParameter" MISSING: hasValueFlow="call to FunctionWithSliceParameter" - sink(test.FunctionWithVarArgsParameter(sSlice...)) // $ hasTaintFlow="call to FunctionWithVarArgsParameter" MISSING: hasValueFlow="call to FunctionWithVarArgsParameter" - randomFunctionWithMoreThanOneParameter(1, 2, 3, 4, 5) // This is needed to make the next line pass, because we need to have seen a call to a function with at least 2 parameters for ParameterInput to exist with index 1. - sink(test.FunctionWithVarArgsParameter(s0, s1)) // $ hasValueFlow="call to FunctionWithVarArgsParameter" - - var out1 *string - var out2 *string - test.FunctionWithVarArgsOutParameter(source(), out1, out2) - sink(out1) // $ hasValueFlow="out1" - sink(out2) // $ hasValueFlow="out2" + sink(test.FunctionWithParameter(sSlice[1])) // $ hasValueFlow="call to FunctionWithParameter" + sink(test.FunctionWithSliceParameter(sSlice)) // $ hasTaintFlow="call to FunctionWithSliceParameter" MISSING: hasValueFlow="call to FunctionWithSliceParameter" + sink(test.FunctionWithVarArgsParameter(sSlice...)) // $ hasTaintFlow="call to FunctionWithVarArgsParameter" MISSING: hasValueFlow="call to FunctionWithVarArgsParameter" + sink(test.FunctionWithVarArgsParameter(s0, s1)) // $ MISSING: hasValueFlow="call to FunctionWithVarArgsParameter" sliceOfStructs := []test.A{{Field: source()}} sink(sliceOfStructs[0].Field) // $ hasValueFlow="selection of Field" @@ -44,6 +37,3 @@ func main() { sink(test.FunctionWithVarArgsOfStructsParameter(aSlice...)) // $ MISSING: hasValueFlow="call to FunctionWithVarArgsOfStructsParameter" sink(test.FunctionWithVarArgsOfStructsParameter(a0, a1)) // $ MISSING: hasValueFlow="call to FunctionWithVarArgsOfStructsParameter" } - -func randomFunctionWithMoreThanOneParameter(i1, i2, i3, i4, i5 int) { -} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/semmle.go.Packages b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/semmle.go.Packages new file mode 100755 index 000000000000..e3880ac8d5d9 Binary files /dev/null and b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/semmle.go.Packages differ diff --git a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/vendor/github.com/nonexistent/test/stub.go b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/vendor/github.com/nonexistent/test/stub.go index b3e407fcaa7c..66f3da7d6591 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/vendor/github.com/nonexistent/test/stub.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/vendor/github.com/nonexistent/test/stub.go @@ -15,8 +15,6 @@ func FunctionWithSliceParameter(s []string) string { func FunctionWithVarArgsParameter(s ...string) string { return "" } -func FunctionWithVarArgsOutParameter(in string, out ...*string) { -} func FunctionWithSliceOfStructsParameter(s []A) string { return "" diff --git a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected index 7524dd0f4108..861e3e97ed14 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected @@ -24,11 +24,7 @@ edges | test.go:148:16:148:23 | &... | test.go:149:13:149:39 | type conversion | provenance | | | test.go:152:15:152:24 | &... | test.go:153:13:153:47 | type conversion | provenance | | | test.go:156:18:156:30 | &... | test.go:157:13:157:38 | type conversion | provenance | | -| test.go:160:2:160:23 | []type{args} [array] | test.go:160:14:160:22 | &... | provenance | | -| test.go:160:14:160:22 | &... | test.go:160:2:160:23 | []type{args} [array] | provenance | | | test.go:160:14:160:22 | &... | test.go:161:13:161:28 | type conversion | provenance | | -| test.go:164:2:164:25 | []type{args} [array] | test.go:164:15:164:24 | &... | provenance | | -| test.go:164:15:164:24 | &... | test.go:164:2:164:25 | []type{args} [array] | provenance | | | test.go:164:15:164:24 | &... | test.go:165:13:165:32 | type conversion | provenance | | nodes | test.go:80:13:80:16 | &... | semmle.label | &... | @@ -80,10 +76,8 @@ nodes | test.go:153:13:153:47 | type conversion | semmle.label | type conversion | | test.go:156:18:156:30 | &... | semmle.label | &... | | test.go:157:13:157:38 | type conversion | semmle.label | type conversion | -| test.go:160:2:160:23 | []type{args} [array] | semmle.label | []type{args} [array] | | test.go:160:14:160:22 | &... | semmle.label | &... | | test.go:161:13:161:28 | type conversion | semmle.label | type conversion | -| test.go:164:2:164:25 | []type{args} [array] | semmle.label | []type{args} [array] | | test.go:164:15:164:24 | &... | semmle.label | &... | | test.go:165:13:165:32 | type conversion | semmle.label | type conversion | subpaths diff --git a/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected b/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected index 1e140bf28b15..b7c6f703cf51 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected @@ -10,13 +10,9 @@ invalidModelRow | io.go:14:31:14:43 | "some string" | io.go:14:13:14:44 | call to NewReader | | io.go:16:3:16:3 | definition of w | io.go:16:23:16:27 | &... | | io.go:16:3:16:3 | definition of w | io.go:16:30:16:34 | &... | -| io.go:16:8:16:35 | []type{args} | io.go:16:23:16:27 | &... | -| io.go:16:8:16:35 | []type{args} | io.go:16:30:16:34 | &... | | io.go:16:23:16:27 | &... | io.go:15:7:15:10 | definition of buf1 | -| io.go:16:23:16:27 | &... | io.go:16:8:16:35 | []type{args} | | io.go:16:24:16:27 | buf1 | io.go:16:23:16:27 | &... | | io.go:16:30:16:34 | &... | io.go:15:13:15:16 | definition of buf2 | -| io.go:16:30:16:34 | &... | io.go:16:8:16:35 | []type{args} | | io.go:16:31:16:34 | buf2 | io.go:16:30:16:34 | &... | | io.go:18:14:18:19 | reader | io.go:16:3:16:3 | definition of w | | io.go:22:31:22:43 | "some string" | io.go:22:13:22:44 | call to NewReader | @@ -31,10 +27,8 @@ invalidModelRow | io.go:39:11:39:19 | call to Pipe | io.go:39:3:39:19 | ... := ...[0] | | io.go:39:11:39:19 | call to Pipe | io.go:39:3:39:19 | ... := ...[1] | | io.go:40:17:40:31 | "some string\\n" | io.go:39:6:39:6 | definition of w | -| io.go:40:17:40:31 | "some string\\n" | io.go:40:3:40:32 | []type{args} | | io.go:43:16:43:16 | r | io.go:42:3:42:5 | definition of buf | | io.go:44:13:44:15 | buf | io.go:44:13:44:24 | call to String | -| io.go:44:13:44:24 | call to String | io.go:44:3:44:25 | []type{args} | | io.go:48:31:48:43 | "some string" | io.go:48:13:48:44 | call to NewReader | | io.go:50:18:50:23 | reader | io.go:49:3:49:5 | definition of buf | | io.go:54:31:54:43 | "some string" | io.go:54:13:54:44 | call to NewReader | @@ -52,14 +46,8 @@ invalidModelRow | io.go:82:27:82:36 | "reader1 " | io.go:82:9:82:37 | call to NewReader | | io.go:83:27:83:36 | "reader2 " | io.go:83:9:83:37 | call to NewReader | | io.go:84:27:84:35 | "reader3" | io.go:84:9:84:36 | call to NewReader | -| io.go:85:8:85:33 | []type{args} | io.go:82:3:82:4 | definition of r1 | -| io.go:85:8:85:33 | []type{args} | io.go:83:3:83:4 | definition of r2 | -| io.go:85:8:85:33 | []type{args} | io.go:84:3:84:4 | definition of r3 | -| io.go:85:23:85:24 | r1 | io.go:85:8:85:33 | []type{args} | | io.go:85:23:85:24 | r1 | io.go:85:8:85:33 | call to MultiReader | -| io.go:85:27:85:28 | r2 | io.go:85:8:85:33 | []type{args} | | io.go:85:27:85:28 | r2 | io.go:85:8:85:33 | call to MultiReader | -| io.go:85:31:85:32 | r3 | io.go:85:8:85:33 | []type{args} | | io.go:85:31:85:32 | r3 | io.go:85:8:85:33 | call to MultiReader | | io.go:86:22:86:22 | r | io.go:86:11:86:19 | selection of Stdout | | io.go:89:26:89:38 | "some string" | io.go:89:8:89:39 | call to NewReader | diff --git a/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected b/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected index a0b34cd05b47..12be518a98b9 100644 --- a/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected +++ b/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected @@ -3,15 +3,12 @@ edges | StoredCommand.go:11:2:11:27 | ... := ...[0] | StoredCommand.go:13:2:13:5 | rows | provenance | | | StoredCommand.go:13:2:13:5 | rows | StoredCommand.go:13:12:13:19 | &... | provenance | FunctionModel | -| StoredCommand.go:13:2:13:20 | []type{args} [array] | StoredCommand.go:13:12:13:19 | &... | provenance | | -| StoredCommand.go:13:12:13:19 | &... | StoredCommand.go:13:2:13:20 | []type{args} [array] | provenance | | | StoredCommand.go:13:12:13:19 | &... | StoredCommand.go:14:22:14:28 | cmdName | provenance | Sink:MaD:1 | models | 1 | Sink: os/exec; ; false; Command; ; ; Argument[0]; command-injection; manual | nodes | StoredCommand.go:11:2:11:27 | ... := ...[0] | semmle.label | ... := ...[0] | | StoredCommand.go:13:2:13:5 | rows | semmle.label | rows | -| StoredCommand.go:13:2:13:20 | []type{args} [array] | semmle.label | []type{args} [array] | | StoredCommand.go:13:12:13:19 | &... | semmle.label | &... | | StoredCommand.go:14:22:14:28 | cmdName | semmle.label | cmdName | subpaths diff --git a/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected b/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected index 321b1740c23b..647113f3c6b5 100644 --- a/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected +++ b/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected @@ -32,10 +32,8 @@ edges | contenttype.go:113:10:113:28 | call to FormValue | contenttype.go:114:50:114:53 | data | provenance | Src:MaD:8 | | reflectedxsstest.go:31:2:31:44 | ... := ...[0] | reflectedxsstest.go:32:34:32:37 | file | provenance | Src:MaD:7 | | reflectedxsstest.go:31:2:31:44 | ... := ...[1] | reflectedxsstest.go:34:46:34:60 | selection of Filename | provenance | Src:MaD:7 | -| reflectedxsstest.go:32:2:32:8 | definition of content | reflectedxsstest.go:33:49:33:55 | content | provenance | | | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | reflectedxsstest.go:33:49:33:55 | content | provenance | | | reflectedxsstest.go:32:34:32:37 | file | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | provenance | MaD:13 | -| reflectedxsstest.go:33:17:33:56 | []type{args} [array] | reflectedxsstest.go:32:2:32:8 | definition of content | provenance | | | reflectedxsstest.go:33:17:33:56 | []type{args} [array] | reflectedxsstest.go:33:17:33:56 | call to Sprintf | provenance | MaD:12 | | reflectedxsstest.go:33:17:33:56 | call to Sprintf | reflectedxsstest.go:33:10:33:57 | type conversion | provenance | | | reflectedxsstest.go:33:49:33:55 | content | reflectedxsstest.go:33:17:33:56 | []type{args} [array] | provenance | | @@ -65,33 +63,11 @@ edges | tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:34 | call to Get | provenance | Src:MaD:6 MaD:18 | | tst.go:48:14:48:34 | call to Get | tst.go:53:12:53:26 | type conversion | provenance | | | websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | provenance | Src:MaD:5 | -| websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | provenance | Src:MaD:5 | -| websocketXss.go:32:3:32:28 | []type{args} [array] | websocketXss.go:30:7:30:10 | definition of xnet | provenance | | -| websocketXss.go:32:24:32:27 | xnet | websocketXss.go:32:3:32:28 | []type{args} [array] | provenance | | -| websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | provenance | Src:MaD:4 | | websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | provenance | Src:MaD:4 | -| websocketXss.go:36:3:36:29 | []type{args} [array] | websocketXss.go:34:3:34:7 | definition of xnet2 | provenance | | -| websocketXss.go:36:24:36:28 | xnet2 | websocketXss.go:36:3:36:29 | []type{args} [array] | provenance | | -| websocketXss.go:40:3:40:40 | ... := ...[1] | websocketXss.go:41:24:41:29 | nhooyr | provenance | Src:MaD:11 | | websocketXss.go:40:3:40:40 | ... := ...[1] | websocketXss.go:41:24:41:29 | nhooyr | provenance | Src:MaD:11 | -| websocketXss.go:40:6:40:11 | definition of nhooyr | websocketXss.go:41:24:41:29 | nhooyr | provenance | | -| websocketXss.go:40:6:40:11 | definition of nhooyr | websocketXss.go:41:24:41:29 | nhooyr | provenance | | -| websocketXss.go:41:3:41:30 | []type{args} [array] | websocketXss.go:40:6:40:11 | definition of nhooyr | provenance | | -| websocketXss.go:41:24:41:29 | nhooyr | websocketXss.go:41:3:41:30 | []type{args} [array] | provenance | | | websocketXss.go:46:7:46:16 | definition of gorillaMsg | websocketXss.go:48:24:48:33 | gorillaMsg | provenance | Src:MaD:1 | -| websocketXss.go:46:7:46:16 | definition of gorillaMsg | websocketXss.go:48:24:48:33 | gorillaMsg | provenance | Src:MaD:1 | -| websocketXss.go:48:3:48:34 | []type{args} [array] | websocketXss.go:46:7:46:16 | definition of gorillaMsg | provenance | | -| websocketXss.go:48:24:48:33 | gorillaMsg | websocketXss.go:48:3:48:34 | []type{args} [array] | provenance | | -| websocketXss.go:50:3:50:10 | definition of gorilla2 | websocketXss.go:52:24:52:31 | gorilla2 | provenance | Src:MaD:2 | | websocketXss.go:50:3:50:10 | definition of gorilla2 | websocketXss.go:52:24:52:31 | gorilla2 | provenance | Src:MaD:2 | -| websocketXss.go:52:3:52:32 | []type{args} [array] | websocketXss.go:50:3:50:10 | definition of gorilla2 | provenance | | -| websocketXss.go:52:24:52:31 | gorilla2 | websocketXss.go:52:3:52:32 | []type{args} [array] | provenance | | -| websocketXss.go:54:3:54:38 | ... := ...[1] | websocketXss.go:55:24:55:31 | gorilla3 | provenance | Src:MaD:3 | | websocketXss.go:54:3:54:38 | ... := ...[1] | websocketXss.go:55:24:55:31 | gorilla3 | provenance | Src:MaD:3 | -| websocketXss.go:54:6:54:13 | definition of gorilla3 | websocketXss.go:55:24:55:31 | gorilla3 | provenance | | -| websocketXss.go:54:6:54:13 | definition of gorilla3 | websocketXss.go:55:24:55:31 | gorilla3 | provenance | | -| websocketXss.go:55:3:55:32 | []type{args} [array] | websocketXss.go:54:6:54:13 | definition of gorilla3 | provenance | | -| websocketXss.go:55:24:55:31 | gorilla3 | websocketXss.go:55:3:55:32 | []type{args} [array] | provenance | | models | 1 | Source: github.com/gorilla/websocket; ; false; ReadJSON; ; ; Argument[1]; remote; manual | | 2 | Source: github.com/gorilla/websocket; Conn; true; ReadJSON; ; ; Argument[0]; remote; manual | @@ -132,7 +108,6 @@ nodes | contenttype.go:114:50:114:53 | data | semmle.label | data | | reflectedxsstest.go:31:2:31:44 | ... := ...[0] | semmle.label | ... := ...[0] | | reflectedxsstest.go:31:2:31:44 | ... := ...[1] | semmle.label | ... := ...[1] | -| reflectedxsstest.go:32:2:32:8 | definition of content | semmle.label | definition of content | | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | semmle.label | ... := ...[0] | | reflectedxsstest.go:32:34:32:37 | file | semmle.label | file | | reflectedxsstest.go:33:10:33:57 | type conversion | semmle.label | type conversion | @@ -167,29 +142,15 @@ nodes | tst.go:48:14:48:34 | call to Get | semmle.label | call to Get | | tst.go:53:12:53:26 | type conversion | semmle.label | type conversion | | websocketXss.go:30:7:30:10 | definition of xnet | semmle.label | definition of xnet | -| websocketXss.go:32:3:32:28 | []type{args} [array] | semmle.label | []type{args} [array] | -| websocketXss.go:32:24:32:27 | xnet | semmle.label | xnet | | websocketXss.go:32:24:32:27 | xnet | semmle.label | xnet | | websocketXss.go:34:3:34:7 | definition of xnet2 | semmle.label | definition of xnet2 | -| websocketXss.go:36:3:36:29 | []type{args} [array] | semmle.label | []type{args} [array] | -| websocketXss.go:36:24:36:28 | xnet2 | semmle.label | xnet2 | | websocketXss.go:36:24:36:28 | xnet2 | semmle.label | xnet2 | | websocketXss.go:40:3:40:40 | ... := ...[1] | semmle.label | ... := ...[1] | -| websocketXss.go:40:6:40:11 | definition of nhooyr | semmle.label | definition of nhooyr | -| websocketXss.go:41:3:41:30 | []type{args} [array] | semmle.label | []type{args} [array] | -| websocketXss.go:41:24:41:29 | nhooyr | semmle.label | nhooyr | | websocketXss.go:41:24:41:29 | nhooyr | semmle.label | nhooyr | | websocketXss.go:46:7:46:16 | definition of gorillaMsg | semmle.label | definition of gorillaMsg | -| websocketXss.go:48:3:48:34 | []type{args} [array] | semmle.label | []type{args} [array] | -| websocketXss.go:48:24:48:33 | gorillaMsg | semmle.label | gorillaMsg | | websocketXss.go:48:24:48:33 | gorillaMsg | semmle.label | gorillaMsg | | websocketXss.go:50:3:50:10 | definition of gorilla2 | semmle.label | definition of gorilla2 | -| websocketXss.go:52:3:52:32 | []type{args} [array] | semmle.label | []type{args} [array] | -| websocketXss.go:52:24:52:31 | gorilla2 | semmle.label | gorilla2 | | websocketXss.go:52:24:52:31 | gorilla2 | semmle.label | gorilla2 | | websocketXss.go:54:3:54:38 | ... := ...[1] | semmle.label | ... := ...[1] | -| websocketXss.go:54:6:54:13 | definition of gorilla3 | semmle.label | definition of gorilla3 | -| websocketXss.go:55:3:55:32 | []type{args} [array] | semmle.label | []type{args} [array] | -| websocketXss.go:55:24:55:31 | gorilla3 | semmle.label | gorilla3 | | websocketXss.go:55:24:55:31 | gorilla3 | semmle.label | gorilla3 | subpaths diff --git a/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected b/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected index ebeedf3d0ef7..efe98650a4e4 100644 --- a/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected +++ b/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected @@ -1,12 +1,7 @@ edges | StoredXss.go:13:21:13:31 | call to Name | StoredXss.go:13:21:13:36 | ...+... | provenance | | | stored.go:18:3:18:28 | ... := ...[0] | stored.go:25:14:25:17 | rows | provenance | | -| stored.go:25:14:25:17 | rows | stored.go:25:24:25:26 | &... | provenance | FunctionModel | | stored.go:25:14:25:17 | rows | stored.go:25:29:25:33 | &... | provenance | FunctionModel | -| stored.go:25:14:25:34 | []type{args} [array] | stored.go:25:24:25:26 | &... | provenance | | -| stored.go:25:14:25:34 | []type{args} [array] | stored.go:25:29:25:33 | &... | provenance | | -| stored.go:25:24:25:26 | &... | stored.go:25:14:25:34 | []type{args} [array] | provenance | | -| stored.go:25:29:25:33 | &... | stored.go:25:14:25:34 | []type{args} [array] | provenance | | | stored.go:25:29:25:33 | &... | stored.go:30:22:30:25 | name | provenance | | | stored.go:59:30:59:33 | definition of path | stored.go:61:22:61:25 | path | provenance | | nodes @@ -14,8 +9,6 @@ nodes | StoredXss.go:13:21:13:36 | ...+... | semmle.label | ...+... | | stored.go:18:3:18:28 | ... := ...[0] | semmle.label | ... := ...[0] | | stored.go:25:14:25:17 | rows | semmle.label | rows | -| stored.go:25:14:25:34 | []type{args} [array] | semmle.label | []type{args} [array] | -| stored.go:25:24:25:26 | &... | semmle.label | &... | | stored.go:25:29:25:33 | &... | semmle.label | &... | | stored.go:30:22:30:25 | name | semmle.label | name | | stored.go:59:30:59:33 | definition of path | semmle.label | definition of path | diff --git a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected index 9a7084ac8369..1ce8c3d1dcf6 100644 --- a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected @@ -26,7 +26,6 @@ | mongoDB.go:81:18:81:25 | pipeline | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:81:18:81:25 | pipeline | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value | edges | SqlInjection.go:10:7:11:30 | []type{args} [array] | SqlInjection.go:10:7:11:30 | call to Sprintf | provenance | MaD:23 | -| SqlInjection.go:10:7:11:30 | []type{args} [array] | SqlInjection.go:11:3:11:29 | index expression | provenance | | | SqlInjection.go:10:7:11:30 | call to Sprintf | SqlInjection.go:12:11:12:11 | q | provenance | Sink:MaD:1 | | SqlInjection.go:11:3:11:9 | selection of URL | SqlInjection.go:11:3:11:17 | call to Query | provenance | Src:MaD:21 MaD:26 | | SqlInjection.go:11:3:11:17 | call to Query | SqlInjection.go:11:3:11:29 | index expression | provenance | | @@ -37,7 +36,6 @@ edges | issue48.go:18:17:18:17 | b | issue48.go:18:20:18:39 | &... | provenance | MaD:22 | | issue48.go:18:20:18:39 | &... | issue48.go:21:3:21:33 | index expression | provenance | | | issue48.go:20:8:21:34 | []type{args} [array] | issue48.go:20:8:21:34 | call to Sprintf | provenance | MaD:23 | -| issue48.go:20:8:21:34 | []type{args} [array] | issue48.go:21:3:21:33 | index expression | provenance | | | issue48.go:20:8:21:34 | call to Sprintf | issue48.go:22:11:22:12 | q3 | provenance | Sink:MaD:1 | | issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | []type{args} [array] | provenance | | | issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | call to Sprintf | provenance | FunctionModel | @@ -46,7 +44,6 @@ edges | issue48.go:28:17:28:18 | b2 | issue48.go:28:21:28:41 | &... | provenance | MaD:22 | | issue48.go:28:21:28:41 | &... | issue48.go:31:3:31:31 | selection of Category | provenance | | | issue48.go:30:8:31:32 | []type{args} [array] | issue48.go:30:8:31:32 | call to Sprintf | provenance | MaD:23 | -| issue48.go:30:8:31:32 | []type{args} [array] | issue48.go:31:3:31:31 | selection of Category | provenance | | | issue48.go:30:8:31:32 | call to Sprintf | issue48.go:32:11:32:12 | q4 | provenance | Sink:MaD:1 | | issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | []type{args} [array] | provenance | | | issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | call to Sprintf | provenance | FunctionModel | @@ -55,13 +52,11 @@ edges | issue48.go:37:24:37:38 | call to Query | issue48.go:37:17:37:50 | type conversion | provenance | | | issue48.go:37:53:37:73 | &... | issue48.go:40:3:40:31 | selection of Category | provenance | | | issue48.go:39:8:40:32 | []type{args} [array] | issue48.go:39:8:40:32 | call to Sprintf | provenance | MaD:23 | -| issue48.go:39:8:40:32 | []type{args} [array] | issue48.go:40:3:40:31 | selection of Category | provenance | | | issue48.go:39:8:40:32 | call to Sprintf | issue48.go:41:11:41:12 | q5 | provenance | Sink:MaD:1 | | issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | []type{args} [array] | provenance | | | issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | call to Sprintf | provenance | FunctionModel | | main.go:11:11:11:16 | selection of Form | main.go:11:11:11:28 | index expression | provenance | Src:MaD:18 Sink:MaD:1 | | main.go:15:11:15:84 | []type{args} [array] | main.go:15:11:15:84 | call to Sprintf | provenance | MaD:23 Sink:MaD:2 | -| main.go:15:11:15:84 | []type{args} [array] | main.go:15:63:15:83 | index expression | provenance | | | main.go:15:63:15:67 | selection of URL | main.go:15:63:15:75 | call to Query | provenance | Src:MaD:21 MaD:26 | | main.go:15:63:15:75 | call to Query | main.go:15:63:15:83 | index expression | provenance | | | main.go:15:63:15:83 | index expression | main.go:15:11:15:84 | []type{args} [array] | provenance | | @@ -76,7 +71,6 @@ edges | main.go:30:13:30:27 | call to Query | main.go:30:13:30:39 | index expression | provenance | | | main.go:30:13:30:39 | index expression | main.go:28:18:31:2 | struct literal [Category] | provenance | | | main.go:33:7:34:23 | []type{args} [array] | main.go:33:7:34:23 | call to Sprintf | provenance | MaD:23 | -| main.go:33:7:34:23 | []type{args} [array] | main.go:34:3:34:22 | selection of Category | provenance | | | main.go:33:7:34:23 | call to Sprintf | main.go:35:11:35:11 | q | provenance | Sink:MaD:1 | | main.go:34:3:34:13 | RequestData [pointer, Category] | main.go:34:3:34:13 | implicit dereference [Category] | provenance | | | main.go:34:3:34:13 | implicit dereference [Category] | main.go:34:3:34:22 | selection of Category | provenance | | @@ -90,7 +84,6 @@ edges | main.go:40:25:40:39 | call to Query | main.go:40:25:40:51 | index expression | provenance | | | main.go:40:25:40:51 | index expression | main.go:40:2:40:12 | implicit dereference [Category] | provenance | | | main.go:42:7:43:23 | []type{args} [array] | main.go:42:7:43:23 | call to Sprintf | provenance | MaD:23 | -| main.go:42:7:43:23 | []type{args} [array] | main.go:43:3:43:22 | selection of Category | provenance | | | main.go:42:7:43:23 | call to Sprintf | main.go:44:11:44:11 | q | provenance | Sink:MaD:1 | | main.go:43:3:43:13 | RequestData [pointer, Category] | main.go:43:3:43:13 | implicit dereference [Category] | provenance | | | main.go:43:3:43:13 | implicit dereference [Category] | main.go:43:3:43:22 | selection of Category | provenance | | @@ -104,7 +97,6 @@ edges | main.go:49:28:49:42 | call to Query | main.go:49:28:49:54 | index expression | provenance | | | main.go:49:28:49:54 | index expression | main.go:49:3:49:14 | star expression [Category] | provenance | | | main.go:51:7:52:23 | []type{args} [array] | main.go:51:7:52:23 | call to Sprintf | provenance | MaD:23 | -| main.go:51:7:52:23 | []type{args} [array] | main.go:52:3:52:22 | selection of Category | provenance | | | main.go:51:7:52:23 | call to Sprintf | main.go:53:11:53:11 | q | provenance | Sink:MaD:1 | | main.go:52:3:52:13 | RequestData [pointer, Category] | main.go:52:3:52:13 | implicit dereference [Category] | provenance | | | main.go:52:3:52:13 | implicit dereference [Category] | main.go:52:3:52:22 | selection of Category | provenance | | @@ -118,7 +110,6 @@ edges | main.go:58:28:58:42 | call to Query | main.go:58:28:58:54 | index expression | provenance | | | main.go:58:28:58:54 | index expression | main.go:58:3:58:14 | star expression [Category] | provenance | | | main.go:60:7:61:26 | []type{args} [array] | main.go:60:7:61:26 | call to Sprintf | provenance | MaD:23 | -| main.go:60:7:61:26 | []type{args} [array] | main.go:61:3:61:25 | selection of Category | provenance | | | main.go:60:7:61:26 | call to Sprintf | main.go:62:11:62:11 | q | provenance | Sink:MaD:1 | | main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | []type{args} [array] | provenance | | | main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | call to Sprintf | provenance | FunctionModel | diff --git a/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected b/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected index a3d0c59798f5..5deab249337e 100644 --- a/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected +++ b/go/ql/test/query-tests/Security/CWE-089/StringBreak.expected @@ -3,12 +3,7 @@ | StringBreakMismatched.go:17:26:17:32 | escaped | StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | StringBreakMismatched.go:17:26:17:32 | escaped | If this $@ contains a single quote, it could break out of the enclosing quotes. | StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | JSON value | | StringBreakMismatched.go:29:27:29:33 | escaped | StringBreakMismatched.go:24:2:24:40 | ... := ...[0] | StringBreakMismatched.go:29:27:29:33 | escaped | If this $@ contains a double quote, it could break out of the enclosing quotes. | StringBreakMismatched.go:24:2:24:40 | ... := ...[0] | JSON value | edges -| StringBreak.go:10:2:10:12 | definition of versionJSON | StringBreak.go:14:47:14:57 | versionJSON | provenance | | -| StringBreak.go:10:2:10:12 | definition of versionJSON | StringBreak.go:14:47:14:57 | versionJSON | provenance | | | StringBreak.go:10:2:10:40 | ... := ...[0] | StringBreak.go:14:47:14:57 | versionJSON | provenance | | -| StringBreak.go:10:2:10:40 | ... := ...[0] | StringBreak.go:14:47:14:57 | versionJSON | provenance | | -| StringBreak.go:14:22:14:58 | []type{args} [array] | StringBreak.go:10:2:10:12 | definition of versionJSON | provenance | | -| StringBreak.go:14:47:14:57 | versionJSON | StringBreak.go:14:22:14:58 | []type{args} [array] | provenance | | | StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | StringBreakMismatched.go:13:29:13:47 | type conversion | provenance | | | StringBreakMismatched.go:13:13:13:62 | call to Replace | StringBreakMismatched.go:17:26:17:32 | escaped | provenance | | | StringBreakMismatched.go:13:29:13:47 | type conversion | StringBreakMismatched.go:13:13:13:62 | call to Replace | provenance | MaD:1 | @@ -18,10 +13,7 @@ edges models | 1 | Summary: strings; ; false; Replace; ; ; Argument[0]; ReturnValue; taint; manual | nodes -| StringBreak.go:10:2:10:12 | definition of versionJSON | semmle.label | definition of versionJSON | | StringBreak.go:10:2:10:40 | ... := ...[0] | semmle.label | ... := ...[0] | -| StringBreak.go:14:22:14:58 | []type{args} [array] | semmle.label | []type{args} [array] | -| StringBreak.go:14:47:14:57 | versionJSON | semmle.label | versionJSON | | StringBreak.go:14:47:14:57 | versionJSON | semmle.label | versionJSON | | StringBreakMismatched.go:12:2:12:40 | ... := ...[0] | semmle.label | ... := ...[0] | | StringBreakMismatched.go:13:13:13:62 | call to Replace | semmle.label | call to Replace | diff --git a/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected b/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected index b3396e7451b5..c62c6126648c 100644 --- a/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected +++ b/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected @@ -1,16 +1,8 @@ edges | test.go:14:2:14:4 | definition of buf | test.go:17:10:17:12 | buf | provenance | | -| test.go:14:2:14:4 | definition of buf | test.go:20:29:20:31 | buf | provenance | | -| test.go:15:2:15:4 | definition of buf | test.go:17:10:17:12 | buf | provenance | | -| test.go:15:2:15:4 | definition of buf | test.go:20:29:20:31 | buf | provenance | | -| test.go:20:2:20:32 | []type{args} [array] | test.go:15:2:15:4 | definition of buf | provenance | | -| test.go:20:29:20:31 | buf | test.go:20:2:20:32 | []type{args} [array] | provenance | | nodes | test.go:14:2:14:4 | definition of buf | semmle.label | definition of buf | -| test.go:15:2:15:4 | definition of buf | semmle.label | definition of buf | | test.go:17:10:17:12 | buf | semmle.label | buf | -| test.go:20:2:20:32 | []type{args} [array] | semmle.label | []type{args} [array] | -| test.go:20:29:20:31 | buf | semmle.label | buf | subpaths #select | test.go:17:10:17:12 | buf | test.go:14:2:14:4 | definition of buf | test.go:17:10:17:12 | buf | HTTP response depends on $@ and may be exposed to an external user. | test.go:14:2:14:4 | definition of buf | stack trace information | diff --git a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected index 98c98dbf331f..3435eff77754 100644 --- a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected +++ b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected @@ -64,55 +64,28 @@ edges | passwords.go:8:12:8:12 | definition of x | passwords.go:9:14:9:14 | x | provenance | | | passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | definition of x | provenance | | | passwords.go:34:28:34:35 | password | passwords.go:34:14:34:35 | ...+... | provenance | Config | -| passwords.go:36:2:36:5 | definition of obj1 | passwords.go:39:14:39:17 | obj1 | provenance | | -| passwords.go:36:2:36:5 | definition of obj1 | passwords.go:39:14:39:17 | obj1 | provenance | | -| passwords.go:36:10:38:2 | struct literal | passwords.go:36:2:36:5 | definition of obj1 | provenance | | +| passwords.go:36:10:38:2 | struct literal | passwords.go:39:14:39:17 | obj1 | provenance | | | passwords.go:37:13:37:13 | x | passwords.go:36:10:38:2 | struct literal | provenance | Config | -| passwords.go:39:2:39:18 | []type{args} [array] | passwords.go:36:2:36:5 | definition of obj1 | provenance | | -| passwords.go:39:14:39:17 | obj1 | passwords.go:39:2:39:18 | []type{args} [array] | provenance | | -| passwords.go:41:2:41:5 | definition of obj2 | passwords.go:44:14:44:17 | obj2 | provenance | | -| passwords.go:41:2:41:5 | definition of obj2 | passwords.go:44:14:44:17 | obj2 | provenance | | -| passwords.go:41:10:43:2 | struct literal | passwords.go:41:2:41:5 | definition of obj2 | provenance | | +| passwords.go:41:10:43:2 | struct literal | passwords.go:44:14:44:17 | obj2 | provenance | | | passwords.go:42:6:42:13 | password | passwords.go:41:10:43:2 | struct literal | provenance | Config | -| passwords.go:44:2:44:18 | []type{args} [array] | passwords.go:41:2:41:5 | definition of obj2 | provenance | | -| passwords.go:44:14:44:17 | obj2 | passwords.go:44:2:44:18 | []type{args} [array] | provenance | | | passwords.go:46:6:46:9 | definition of obj3 | passwords.go:47:14:47:17 | obj3 | provenance | | -| passwords.go:46:6:46:9 | definition of obj3 | passwords.go:47:14:47:17 | obj3 | provenance | | -| passwords.go:47:2:47:18 | []type{args} [array] | passwords.go:46:6:46:9 | definition of obj3 | provenance | | -| passwords.go:47:14:47:17 | obj3 | passwords.go:47:2:47:18 | []type{args} [array] | provenance | | | passwords.go:48:11:48:18 | password | passwords.go:46:6:46:9 | definition of obj3 | provenance | Config | -| passwords.go:85:2:85:14 | definition of utilityObject | passwords.go:88:14:88:26 | utilityObject | provenance | | -| passwords.go:85:2:85:14 | definition of utilityObject | passwords.go:88:14:88:26 | utilityObject | provenance | | -| passwords.go:85:19:87:2 | struct literal | passwords.go:85:2:85:14 | definition of utilityObject | provenance | | +| passwords.go:85:19:87:2 | struct literal | passwords.go:88:14:88:26 | utilityObject | provenance | | | passwords.go:86:16:86:36 | call to make | passwords.go:85:19:87:2 | struct literal | provenance | Config | -| passwords.go:88:2:88:27 | []type{args} [array] | passwords.go:85:2:85:14 | definition of utilityObject | provenance | | -| passwords.go:88:14:88:26 | utilityObject | passwords.go:88:2:88:27 | []type{args} [array] | provenance | | | passwords.go:90:12:90:19 | password | passwords.go:91:23:91:28 | secret | provenance | | | passwords.go:101:33:101:40 | password | passwords.go:101:15:101:40 | ...+... | provenance | Config | | passwords.go:107:34:107:41 | password | passwords.go:107:16:107:41 | ...+... | provenance | Config | | passwords.go:112:33:112:40 | password | passwords.go:112:15:112:40 | ...+... | provenance | Config | | passwords.go:116:28:116:36 | password1 | passwords.go:116:28:116:45 | call to String | provenance | Config | | passwords.go:116:28:116:45 | call to String | passwords.go:116:14:116:45 | ...+... | provenance | Config | -| passwords.go:118:2:118:7 | definition of config | passwords.go:125:14:125:19 | config | provenance | | -| passwords.go:118:2:118:7 | definition of config | passwords.go:125:14:125:19 | config | provenance | | -| passwords.go:118:2:118:7 | definition of config [x] | passwords.go:125:14:125:19 | config [x] | provenance | | -| passwords.go:118:2:118:7 | definition of config [x] | passwords.go:126:14:126:19 | config [x] | provenance | | -| passwords.go:118:2:118:7 | definition of config [y] | passwords.go:125:14:125:19 | config [y] | provenance | | -| passwords.go:118:2:118:7 | definition of config [y] | passwords.go:127:14:127:19 | config [y] | provenance | | -| passwords.go:118:12:123:2 | struct literal | passwords.go:118:2:118:7 | definition of config | provenance | | -| passwords.go:118:12:123:2 | struct literal [x] | passwords.go:118:2:118:7 | definition of config [x] | provenance | | -| passwords.go:118:12:123:2 | struct literal [y] | passwords.go:118:2:118:7 | definition of config [y] | provenance | | +| passwords.go:118:12:123:2 | struct literal | passwords.go:125:14:125:19 | config | provenance | | +| passwords.go:118:12:123:2 | struct literal [x] | passwords.go:126:14:126:19 | config [x] | provenance | | +| passwords.go:118:12:123:2 | struct literal [y] | passwords.go:127:14:127:19 | config [y] | provenance | | | passwords.go:119:13:119:13 | x | passwords.go:118:12:123:2 | struct literal | provenance | Config | | passwords.go:121:13:121:20 | password | passwords.go:118:12:123:2 | struct literal | provenance | Config | | passwords.go:121:13:121:20 | password | passwords.go:118:12:123:2 | struct literal [x] | provenance | | | passwords.go:122:13:122:25 | call to getPassword | passwords.go:118:12:123:2 | struct literal | provenance | Config | | passwords.go:122:13:122:25 | call to getPassword | passwords.go:118:12:123:2 | struct literal [y] | provenance | | -| passwords.go:125:2:125:20 | []type{args} [array, x] | passwords.go:118:2:118:7 | definition of config [x] | provenance | | -| passwords.go:125:2:125:20 | []type{args} [array, y] | passwords.go:118:2:118:7 | definition of config [y] | provenance | | -| passwords.go:125:2:125:20 | []type{args} [array] | passwords.go:118:2:118:7 | definition of config | provenance | | -| passwords.go:125:14:125:19 | config | passwords.go:125:2:125:20 | []type{args} [array] | provenance | | -| passwords.go:125:14:125:19 | config [x] | passwords.go:125:2:125:20 | []type{args} [array, x] | provenance | | -| passwords.go:125:14:125:19 | config [y] | passwords.go:125:2:125:20 | []type{args} [array, y] | provenance | | | passwords.go:126:14:126:19 | config [x] | passwords.go:126:14:126:21 | selection of x | provenance | | | passwords.go:127:14:127:19 | config [y] | passwords.go:127:14:127:21 | selection of y | provenance | | | protobuf.go:11:2:11:6 | definition of query [pointer, Description] | protobuf.go:12:2:12:6 | query [pointer, Description] | provenance | | @@ -176,29 +149,18 @@ nodes | passwords.go:32:12:32:19 | password | semmle.label | password | | passwords.go:34:14:34:35 | ...+... | semmle.label | ...+... | | passwords.go:34:28:34:35 | password | semmle.label | password | -| passwords.go:36:2:36:5 | definition of obj1 | semmle.label | definition of obj1 | | passwords.go:36:10:38:2 | struct literal | semmle.label | struct literal | | passwords.go:37:13:37:13 | x | semmle.label | x | -| passwords.go:39:2:39:18 | []type{args} [array] | semmle.label | []type{args} [array] | -| passwords.go:39:14:39:17 | obj1 | semmle.label | obj1 | | passwords.go:39:14:39:17 | obj1 | semmle.label | obj1 | -| passwords.go:41:2:41:5 | definition of obj2 | semmle.label | definition of obj2 | | passwords.go:41:10:43:2 | struct literal | semmle.label | struct literal | | passwords.go:42:6:42:13 | password | semmle.label | password | -| passwords.go:44:2:44:18 | []type{args} [array] | semmle.label | []type{args} [array] | -| passwords.go:44:14:44:17 | obj2 | semmle.label | obj2 | | passwords.go:44:14:44:17 | obj2 | semmle.label | obj2 | | passwords.go:46:6:46:9 | definition of obj3 | semmle.label | definition of obj3 | -| passwords.go:47:2:47:18 | []type{args} [array] | semmle.label | []type{args} [array] | -| passwords.go:47:14:47:17 | obj3 | semmle.label | obj3 | | passwords.go:47:14:47:17 | obj3 | semmle.label | obj3 | | passwords.go:48:11:48:18 | password | semmle.label | password | | passwords.go:51:14:51:27 | fixed_password | semmle.label | fixed_password | -| passwords.go:85:2:85:14 | definition of utilityObject | semmle.label | definition of utilityObject | | passwords.go:85:19:87:2 | struct literal | semmle.label | struct literal | | passwords.go:86:16:86:36 | call to make | semmle.label | call to make | -| passwords.go:88:2:88:27 | []type{args} [array] | semmle.label | []type{args} [array] | -| passwords.go:88:14:88:26 | utilityObject | semmle.label | utilityObject | | passwords.go:88:14:88:26 | utilityObject | semmle.label | utilityObject | | passwords.go:90:12:90:19 | password | semmle.label | password | | passwords.go:91:23:91:28 | secret | semmle.label | secret | @@ -211,22 +173,13 @@ nodes | passwords.go:116:14:116:45 | ...+... | semmle.label | ...+... | | passwords.go:116:28:116:36 | password1 | semmle.label | password1 | | passwords.go:116:28:116:45 | call to String | semmle.label | call to String | -| passwords.go:118:2:118:7 | definition of config | semmle.label | definition of config | -| passwords.go:118:2:118:7 | definition of config [x] | semmle.label | definition of config [x] | -| passwords.go:118:2:118:7 | definition of config [y] | semmle.label | definition of config [y] | | passwords.go:118:12:123:2 | struct literal | semmle.label | struct literal | | passwords.go:118:12:123:2 | struct literal [x] | semmle.label | struct literal [x] | | passwords.go:118:12:123:2 | struct literal [y] | semmle.label | struct literal [y] | | passwords.go:119:13:119:13 | x | semmle.label | x | | passwords.go:121:13:121:20 | password | semmle.label | password | | passwords.go:122:13:122:25 | call to getPassword | semmle.label | call to getPassword | -| passwords.go:125:2:125:20 | []type{args} [array, x] | semmle.label | []type{args} [array, x] | -| passwords.go:125:2:125:20 | []type{args} [array, y] | semmle.label | []type{args} [array, y] | -| passwords.go:125:2:125:20 | []type{args} [array] | semmle.label | []type{args} [array] | -| passwords.go:125:14:125:19 | config | semmle.label | config | | passwords.go:125:14:125:19 | config | semmle.label | config | -| passwords.go:125:14:125:19 | config [x] | semmle.label | config [x] | -| passwords.go:125:14:125:19 | config [y] | semmle.label | config [y] | | passwords.go:126:14:126:19 | config [x] | semmle.label | config [x] | | passwords.go:126:14:126:21 | selection of x | semmle.label | selection of x | | passwords.go:127:14:127:19 | config [y] | semmle.label | config [y] | diff --git a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected index b729c7baf83c..ac5985f110d9 100644 --- a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected @@ -19,41 +19,17 @@ edges | main.go:46:21:46:31 | call to Referer | main.go:52:46:52:59 | untrustedInput | provenance | Src:MaD:2 | | main.go:46:21:46:31 | call to Referer | main.go:53:52:53:65 | untrustedInput | provenance | Src:MaD:2 | | main.go:58:21:58:31 | call to Referer | main.go:60:47:60:60 | untrustedInput | provenance | Src:MaD:2 | -| main.go:60:3:60:9 | definition of content | main.go:63:16:63:22 | content | provenance | | -| main.go:60:3:60:9 | definition of content | main.go:63:16:63:22 | content | provenance | | -| main.go:60:14:60:61 | call to NewContent | main.go:63:16:63:22 | content | provenance | | | main.go:60:14:60:61 | call to NewContent | main.go:63:16:63:22 | content | provenance | | | main.go:60:47:60:60 | untrustedInput | main.go:60:14:60:61 | call to NewContent | provenance | MaD:3 | -| main.go:63:3:63:23 | []type{args} [array] | main.go:60:3:60:9 | definition of content | provenance | | -| main.go:63:16:63:22 | content | main.go:63:3:63:23 | []type{args} [array] | provenance | | | main.go:68:21:68:31 | call to Referer | main.go:74:47:74:60 | untrustedInput | provenance | Src:MaD:2 | -| main.go:74:3:74:9 | definition of content | main.go:76:50:76:56 | content | provenance | | -| main.go:74:3:74:9 | definition of content | main.go:76:50:76:56 | content | provenance | | -| main.go:74:3:74:9 | definition of content | main.go:76:59:76:65 | content | provenance | | -| main.go:74:3:74:9 | definition of content | main.go:76:59:76:65 | content | provenance | | -| main.go:74:3:74:9 | definition of content | main.go:77:16:77:22 | content | provenance | | -| main.go:74:3:74:9 | definition of content | main.go:77:16:77:22 | content | provenance | | -| main.go:74:14:74:61 | call to NewContent | main.go:76:50:76:56 | content | provenance | | | main.go:74:14:74:61 | call to NewContent | main.go:76:50:76:56 | content | provenance | | | main.go:74:14:74:61 | call to NewContent | main.go:76:59:76:65 | content | provenance | | -| main.go:74:14:74:61 | call to NewContent | main.go:76:59:76:65 | content | provenance | | -| main.go:74:14:74:61 | call to NewContent | main.go:77:16:77:22 | content | provenance | | | main.go:74:14:74:61 | call to NewContent | main.go:77:16:77:22 | content | provenance | | | main.go:74:47:74:60 | untrustedInput | main.go:74:14:74:61 | call to NewContent | provenance | MaD:3 | -| main.go:76:8:76:66 | []type{args} [array] | main.go:74:3:74:9 | definition of content | provenance | | -| main.go:76:50:76:56 | content | main.go:76:8:76:66 | []type{args} [array] | provenance | | -| main.go:76:59:76:65 | content | main.go:76:8:76:66 | []type{args} [array] | provenance | | -| main.go:77:3:77:23 | []type{args} [array] | main.go:74:3:74:9 | definition of content | provenance | | -| main.go:77:16:77:22 | content | main.go:77:3:77:23 | []type{args} [array] | provenance | | | main.go:82:21:82:31 | call to Referer | main.go:89:37:89:50 | untrustedInput | provenance | Src:MaD:2 | | main.go:82:21:82:31 | call to Referer | main.go:91:48:91:61 | untrustedInput | provenance | Src:MaD:2 | -| main.go:91:3:91:10 | definition of content2 | main.go:93:16:93:23 | content2 | provenance | | -| main.go:91:3:91:10 | definition of content2 | main.go:93:16:93:23 | content2 | provenance | | -| main.go:91:15:91:62 | call to NewContent | main.go:93:16:93:23 | content2 | provenance | | | main.go:91:15:91:62 | call to NewContent | main.go:93:16:93:23 | content2 | provenance | | | main.go:91:48:91:61 | untrustedInput | main.go:91:15:91:62 | call to NewContent | provenance | MaD:3 | -| main.go:93:3:93:24 | []type{args} [array] | main.go:91:3:91:10 | definition of content2 | provenance | | -| main.go:93:16:93:23 | content2 | main.go:93:3:93:24 | []type{args} [array] | provenance | | models | 1 | Source: net/http; Request; true; Header; ; ; ; remote; manual | | 2 | Source: net/http; Request; true; Referer; ; ; ReturnValue; remote; manual | @@ -73,30 +49,18 @@ nodes | main.go:52:46:52:59 | untrustedInput | semmle.label | untrustedInput | | main.go:53:52:53:65 | untrustedInput | semmle.label | untrustedInput | | main.go:58:21:58:31 | call to Referer | semmle.label | call to Referer | -| main.go:60:3:60:9 | definition of content | semmle.label | definition of content | | main.go:60:14:60:61 | call to NewContent | semmle.label | call to NewContent | | main.go:60:47:60:60 | untrustedInput | semmle.label | untrustedInput | -| main.go:63:3:63:23 | []type{args} [array] | semmle.label | []type{args} [array] | -| main.go:63:16:63:22 | content | semmle.label | content | | main.go:63:16:63:22 | content | semmle.label | content | | main.go:68:21:68:31 | call to Referer | semmle.label | call to Referer | -| main.go:74:3:74:9 | definition of content | semmle.label | definition of content | | main.go:74:14:74:61 | call to NewContent | semmle.label | call to NewContent | | main.go:74:47:74:60 | untrustedInput | semmle.label | untrustedInput | -| main.go:76:8:76:66 | []type{args} [array] | semmle.label | []type{args} [array] | -| main.go:76:50:76:56 | content | semmle.label | content | | main.go:76:50:76:56 | content | semmle.label | content | | main.go:76:59:76:65 | content | semmle.label | content | -| main.go:76:59:76:65 | content | semmle.label | content | -| main.go:77:3:77:23 | []type{args} [array] | semmle.label | []type{args} [array] | -| main.go:77:16:77:22 | content | semmle.label | content | | main.go:77:16:77:22 | content | semmle.label | content | | main.go:82:21:82:31 | call to Referer | semmle.label | call to Referer | | main.go:89:37:89:50 | untrustedInput | semmle.label | untrustedInput | -| main.go:91:3:91:10 | definition of content2 | semmle.label | definition of content2 | | main.go:91:15:91:62 | call to NewContent | semmle.label | call to NewContent | | main.go:91:48:91:61 | untrustedInput | semmle.label | untrustedInput | -| main.go:93:3:93:24 | []type{args} [array] | semmle.label | []type{args} [array] | -| main.go:93:16:93:23 | content2 | semmle.label | content2 | | main.go:93:16:93:23 | content2 | semmle.label | content2 | subpaths