Skip to content

Commit a637f8a

Browse files
owen-mcowen-mc
committed
Expected test changes (odd because post update nodes are still at the def)
1 parent 94ac2fd commit a637f8a

File tree

3 files changed

+40
-36
lines changed

3 files changed

+40
-36
lines changed

go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected

Lines changed: 17 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -9,20 +9,22 @@ edges
99
| GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:14:30:14:36 | tainted |
1010
| GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:15:35:15:41 | tainted |
1111
| GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:16:36:16:42 | tainted |
12+
| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:13:25:13:31 | tainted |
13+
| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:14:23:14:33 | slice expression |
14+
| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:39:31:39:37 | tainted |
15+
| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:52:24:52:30 | tainted |
16+
| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:68:31:68:37 | tainted |
17+
| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:80:23:80:29 | tainted |
1218
| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:9:13:9:27 | call to Query |
13-
| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:13:25:13:31 | tainted |
14-
| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:14:23:14:33 | slice expression |
15-
| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:39:31:39:37 | tainted |
16-
| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:53:21:53:28 | arrayLit |
17-
| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:68:31:68:37 | tainted |
18-
| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:80:23:80:29 | tainted |
19+
| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:9:2:9:8 | definition of tainted |
1920
| SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] |
2021
| SanitizingDoubleDash.go:13:25:13:31 | tainted | SanitizingDoubleDash.go:13:15:13:32 | array literal [array] |
2122
| SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | SanitizingDoubleDash.go:14:23:14:33 | slice element node |
2223
| SanitizingDoubleDash.go:14:23:14:33 | slice element node | SanitizingDoubleDash.go:14:23:14:33 | slice expression [array] |
2324
| SanitizingDoubleDash.go:14:23:14:33 | slice expression [array] | SanitizingDoubleDash.go:14:23:14:33 | slice expression |
2425
| SanitizingDoubleDash.go:39:14:39:44 | call to append | SanitizingDoubleDash.go:40:23:40:30 | arrayLit |
2526
| SanitizingDoubleDash.go:39:31:39:37 | tainted | SanitizingDoubleDash.go:39:14:39:44 | call to append |
27+
| SanitizingDoubleDash.go:52:24:52:30 | tainted | SanitizingDoubleDash.go:53:21:53:28 | arrayLit |
2628
| SanitizingDoubleDash.go:53:14:53:35 | call to append | SanitizingDoubleDash.go:54:23:54:30 | arrayLit |
2729
| SanitizingDoubleDash.go:53:21:53:28 | arrayLit | SanitizingDoubleDash.go:53:14:53:35 | call to append |
2830
| SanitizingDoubleDash.go:68:14:68:38 | call to append | SanitizingDoubleDash.go:69:21:69:28 | arrayLit |
@@ -37,13 +39,6 @@ edges
3739
| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:105:30:105:36 | tainted |
3840
| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:106:24:106:31 | arrayLit |
3941
| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:111:37:111:43 | tainted |
40-
| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:117:31:117:37 | tainted |
41-
| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:123:31:123:37 | tainted |
42-
| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:129:21:129:28 | arrayLit |
43-
| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:136:31:136:37 | tainted |
44-
| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:142:31:142:37 | tainted |
45-
| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:148:30:148:36 | tainted |
46-
| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:152:24:152:30 | tainted |
4742
| SanitizingDoubleDash.go:95:15:95:32 | array literal [array] | SanitizingDoubleDash.go:96:24:96:31 | arrayLit [array] |
4843
| SanitizingDoubleDash.go:95:25:95:31 | tainted | SanitizingDoubleDash.go:95:15:95:32 | array literal [array] |
4944
| SanitizingDoubleDash.go:96:24:96:31 | arrayLit [array] | SanitizingDoubleDash.go:96:24:96:34 | slice element node |
@@ -58,16 +53,23 @@ edges
5853
| SanitizingDoubleDash.go:105:30:105:36 | tainted | SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] |
5954
| SanitizingDoubleDash.go:111:14:111:44 | call to append | SanitizingDoubleDash.go:112:24:112:31 | arrayLit |
6055
| SanitizingDoubleDash.go:111:37:111:43 | tainted | SanitizingDoubleDash.go:111:14:111:44 | call to append |
56+
| SanitizingDoubleDash.go:111:37:111:43 | tainted | SanitizingDoubleDash.go:117:31:117:37 | tainted |
6157
| SanitizingDoubleDash.go:117:14:117:44 | call to append | SanitizingDoubleDash.go:118:24:118:31 | arrayLit |
6258
| SanitizingDoubleDash.go:117:31:117:37 | tainted | SanitizingDoubleDash.go:117:14:117:44 | call to append |
59+
| SanitizingDoubleDash.go:117:31:117:37 | tainted | SanitizingDoubleDash.go:123:31:123:37 | tainted |
6360
| SanitizingDoubleDash.go:123:14:123:38 | call to append | SanitizingDoubleDash.go:124:24:124:31 | arrayLit |
6461
| SanitizingDoubleDash.go:123:31:123:37 | tainted | SanitizingDoubleDash.go:123:14:123:38 | call to append |
62+
| SanitizingDoubleDash.go:123:31:123:37 | tainted | SanitizingDoubleDash.go:129:21:129:28 | arrayLit |
63+
| SanitizingDoubleDash.go:123:31:123:37 | tainted | SanitizingDoubleDash.go:136:31:136:37 | tainted |
6564
| SanitizingDoubleDash.go:129:14:129:35 | call to append | SanitizingDoubleDash.go:130:24:130:31 | arrayLit |
6665
| SanitizingDoubleDash.go:129:21:129:28 | arrayLit | SanitizingDoubleDash.go:129:14:129:35 | call to append |
6766
| SanitizingDoubleDash.go:136:14:136:38 | call to append | SanitizingDoubleDash.go:137:24:137:31 | arrayLit |
6867
| SanitizingDoubleDash.go:136:31:136:37 | tainted | SanitizingDoubleDash.go:136:14:136:38 | call to append |
68+
| SanitizingDoubleDash.go:136:31:136:37 | tainted | SanitizingDoubleDash.go:142:31:142:37 | tainted |
6969
| SanitizingDoubleDash.go:142:14:142:38 | call to append | SanitizingDoubleDash.go:143:21:143:28 | arrayLit |
7070
| SanitizingDoubleDash.go:142:31:142:37 | tainted | SanitizingDoubleDash.go:142:14:142:38 | call to append |
71+
| SanitizingDoubleDash.go:142:31:142:37 | tainted | SanitizingDoubleDash.go:148:30:148:36 | tainted |
72+
| SanitizingDoubleDash.go:142:31:142:37 | tainted | SanitizingDoubleDash.go:152:24:152:30 | tainted |
7173
| SanitizingDoubleDash.go:143:14:143:35 | call to append | SanitizingDoubleDash.go:144:24:144:31 | arrayLit |
7274
| SanitizingDoubleDash.go:143:21:143:28 | arrayLit | SanitizingDoubleDash.go:143:14:143:35 | call to append |
7375
nodes
@@ -84,6 +86,7 @@ nodes
8486
| GitSubcommands.go:14:30:14:36 | tainted | semmle.label | tainted |
8587
| GitSubcommands.go:15:35:15:41 | tainted | semmle.label | tainted |
8688
| GitSubcommands.go:16:36:16:42 | tainted | semmle.label | tainted |
89+
| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | semmle.label | definition of tainted |
8790
| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | semmle.label | selection of URL |
8891
| SanitizingDoubleDash.go:9:13:9:27 | call to Query | semmle.label | call to Query |
8992
| SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | semmle.label | array literal [array] |
@@ -95,6 +98,7 @@ nodes
9598
| SanitizingDoubleDash.go:39:14:39:44 | call to append | semmle.label | call to append |
9699
| SanitizingDoubleDash.go:39:31:39:37 | tainted | semmle.label | tainted |
97100
| SanitizingDoubleDash.go:40:23:40:30 | arrayLit | semmle.label | arrayLit |
101+
| SanitizingDoubleDash.go:52:24:52:30 | tainted | semmle.label | tainted |
98102
| SanitizingDoubleDash.go:53:14:53:35 | call to append | semmle.label | call to append |
99103
| SanitizingDoubleDash.go:53:21:53:28 | arrayLit | semmle.label | arrayLit |
100104
| SanitizingDoubleDash.go:54:23:54:30 | arrayLit | semmle.label | arrayLit |

go/ql/test/query-tests/Security/CWE-078/SanitizingDoubleDash.go

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -93,62 +93,62 @@ func testDoubleDashIrrelevant(req *http.Request) {
9393

9494
{
9595
arrayLit := [1]string{tainted}
96-
exec.Command("sudo", arrayLit[:]...)
96+
exec.Command("sudo", arrayLit[:]...) // BAD
9797
}
9898

9999
{
100100
arrayLit := [2]string{"--", tainted}
101-
exec.Command("sudo", arrayLit[:]...)
101+
exec.Command("sudo", arrayLit[:]...) // BAD
102102
}
103103

104104
{
105105
arrayLit := []string{"--", tainted}
106-
exec.Command("sudo", arrayLit...)
106+
exec.Command("sudo", arrayLit...) // BAD
107107
}
108108

109109
{
110110
arrayLit := []string{}
111111
arrayLit = append(arrayLit, "--", tainted)
112-
exec.Command("sudo", arrayLit...)
112+
exec.Command("sudo", arrayLit...) // BAD
113113
}
114114

115115
{
116116
arrayLit := []string{}
117117
arrayLit = append(arrayLit, tainted, "--")
118-
exec.Command("sudo", arrayLit...)
118+
exec.Command("sudo", arrayLit...) // BAD
119119
}
120120

121121
{
122122
arrayLit := []string{"--"}
123123
arrayLit = append(arrayLit, tainted)
124-
exec.Command("sudo", arrayLit...)
124+
exec.Command("sudo", arrayLit...) // BAD
125125
}
126126

127127
{
128128
arrayLit := []string{tainted}
129129
arrayLit = append(arrayLit, "--")
130-
exec.Command("sudo", arrayLit...)
130+
exec.Command("sudo", arrayLit...) // BAD
131131
}
132132

133133
{
134134
arrayLit := []string{"--"}
135135
arrayLit = append(arrayLit, "something else")
136136
arrayLit = append(arrayLit, tainted)
137-
exec.Command("sudo", arrayLit...)
137+
exec.Command("sudo", arrayLit...) // BAD
138138
}
139139

140140
{
141141
arrayLit := []string{"something else"}
142142
arrayLit = append(arrayLit, tainted)
143143
arrayLit = append(arrayLit, "--")
144-
exec.Command("sudo", arrayLit...)
144+
exec.Command("sudo", arrayLit...) // BAD
145145
}
146146

147147
{
148-
exec.Command("sudo", "--", tainted)
148+
exec.Command("sudo", "--", tainted) // BAD
149149
}
150150

151151
{
152-
exec.Command("sudo", tainted, "--")
152+
exec.Command("sudo", tainted, "--") // BAD
153153
}
154154
}

go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -71,22 +71,22 @@ edges
7171
| main.go:61:5:61:15 | RequestData [pointer, Category] | main.go:61:4:61:15 | star expression [Category] |
7272
| mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:42:28:42:41 | untrustedInput |
7373
| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:50:34:50:39 | filter |
74-
| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:61:27:61:32 | filter |
75-
| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:63:23:63:28 | filter |
76-
| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:64:22:64:27 | filter |
77-
| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:66:32:66:37 | filter |
78-
| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:69:17:69:22 | filter |
79-
| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:70:20:70:25 | filter |
80-
| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:71:29:71:34 | filter |
81-
| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:72:30:72:35 | filter |
82-
| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:73:29:73:34 | filter |
83-
| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:78:23:78:28 | filter |
84-
| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:79:23:79:28 | filter |
85-
| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:80:22:80:27 | filter |
8674
| mongoDB.go:42:28:42:41 | untrustedInput | mongoDB.go:42:19:42:42 | struct literal |
8775
| mongoDB.go:50:23:50:40 | struct literal | mongoDB.go:57:22:57:29 | pipeline |
8876
| mongoDB.go:50:23:50:40 | struct literal | mongoDB.go:81:18:81:25 | pipeline |
8977
| mongoDB.go:50:34:50:39 | filter | mongoDB.go:50:23:50:40 | struct literal |
78+
| mongoDB.go:50:34:50:39 | filter | mongoDB.go:61:27:61:32 | filter |
79+
| mongoDB.go:50:34:50:39 | filter | mongoDB.go:63:23:63:28 | filter |
80+
| mongoDB.go:50:34:50:39 | filter | mongoDB.go:64:22:64:27 | filter |
81+
| mongoDB.go:50:34:50:39 | filter | mongoDB.go:66:32:66:37 | filter |
82+
| mongoDB.go:50:34:50:39 | filter | mongoDB.go:69:17:69:22 | filter |
83+
| mongoDB.go:50:34:50:39 | filter | mongoDB.go:70:20:70:25 | filter |
84+
| mongoDB.go:50:34:50:39 | filter | mongoDB.go:71:29:71:34 | filter |
85+
| mongoDB.go:50:34:50:39 | filter | mongoDB.go:72:30:72:35 | filter |
86+
| mongoDB.go:50:34:50:39 | filter | mongoDB.go:73:29:73:34 | filter |
87+
| mongoDB.go:50:34:50:39 | filter | mongoDB.go:78:23:78:28 | filter |
88+
| mongoDB.go:50:34:50:39 | filter | mongoDB.go:79:23:79:28 | filter |
89+
| mongoDB.go:50:34:50:39 | filter | mongoDB.go:80:22:80:27 | filter |
9090
nodes
9191
| SqlInjection.go:10:7:11:30 | call to Sprintf | semmle.label | call to Sprintf |
9292
| SqlInjection.go:11:3:11:9 | selection of URL | semmle.label | selection of URL |

0 commit comments

Comments
 (0)