Update tests: built-in models now work

owen-mc · owen-mc · commit 57ff30c5f351 · 2024-05-08T16:07:02.000+01:00
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected
@@ -1,3 +1,5 @@
+| file://:0:0:0:0 | [summary param] 1 in append | file://:0:0:0:0 | [summary] to write: ReturnValue.ArrayElement in append |
+| file://:0:0:0:0 | [summary] read: Argument[0].ArrayElement in append | file://:0:0:0:0 | [summary] to write: ReturnValue.ArrayElement in append |
 | file://:0:0:0:0 | function Encode | url.go:51:14:51:21 | selection of Encode |
 | file://:0:0:0:0 | function EscapedPath | url.go:28:14:28:26 | selection of EscapedPath |
 | file://:0:0:0:0 | function Get | url.go:52:14:52:18 | selection of Get |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected b/go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected
@@ -1,3 +1,5 @@
+| file://:0:0:0:0 | [summary param] 1 in append | file://:0:0:0:0 | [summary] to write: ReturnValue.ArrayElement in append |
+| file://:0:0:0:0 | [summary] read: Argument[0].ArrayElement in append | file://:0:0:0:0 | [summary] to write: ReturnValue.ArrayElement in append |
 | main.go:3:6:3:11 | function source | main.go:23:31:23:36 | source |
 | main.go:3:6:3:11 | function source | main.go:31:31:31:36 | source |
 | main.go:3:6:3:11 | function source | main.go:40:30:40:35 | source |
diff --git a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
@@ -13,6 +13,7 @@ edges
 | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:13:25:13:31 | tainted | provenance |  |
 | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance |  |
 | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:39:31:39:37 | tainted | provenance |  |
+| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:52:24:52:30 | tainted | provenance |  |
 | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:53:21:53:28 | arrayLit | provenance |  |
 | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:68:31:68:37 | tainted | provenance |  |
 | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:80:23:80:29 | tainted | provenance |  |
@@ -23,8 +24,12 @@ edges
 | SanitizingDoubleDash.go:14:23:14:33 | slice expression [array] | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance |  |
 | SanitizingDoubleDash.go:39:14:39:44 | call to append | SanitizingDoubleDash.go:40:23:40:30 | arrayLit | provenance |  |
 | SanitizingDoubleDash.go:39:31:39:37 | tainted | SanitizingDoubleDash.go:39:14:39:44 | call to append | provenance | FunctionModel |
+| SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | SanitizingDoubleDash.go:53:21:53:28 | arrayLit [array] | provenance |  |
+| SanitizingDoubleDash.go:52:24:52:30 | tainted | SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | provenance |  |
 | SanitizingDoubleDash.go:53:14:53:35 | call to append | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | provenance |  |
+| SanitizingDoubleDash.go:53:14:53:35 | call to append [array] | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | provenance |  |
 | SanitizingDoubleDash.go:53:21:53:28 | arrayLit | SanitizingDoubleDash.go:53:14:53:35 | call to append | provenance | FunctionModel |
+| SanitizingDoubleDash.go:53:21:53:28 | arrayLit [array] | SanitizingDoubleDash.go:53:14:53:35 | call to append [array] | provenance | MaD:28 |
 | SanitizingDoubleDash.go:68:14:68:38 | call to append | SanitizingDoubleDash.go:69:21:69:28 | arrayLit | provenance |  |
 | SanitizingDoubleDash.go:68:31:68:37 | tainted | SanitizingDoubleDash.go:68:14:68:38 | call to append | provenance | FunctionModel |
 | SanitizingDoubleDash.go:69:14:69:35 | call to append | SanitizingDoubleDash.go:70:23:70:30 | arrayLit | provenance |  |
@@ -39,6 +44,7 @@ edges
 | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:111:37:111:43 | tainted | provenance |  |
 | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:117:31:117:37 | tainted | provenance |  |
 | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:123:31:123:37 | tainted | provenance |  |
+| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:128:24:128:30 | tainted | provenance |  |
 | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:129:21:129:28 | arrayLit | provenance |  |
 | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:136:31:136:37 | tainted | provenance |  |
 | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:142:31:142:37 | tainted | provenance |  |
@@ -62,8 +68,12 @@ edges
 | SanitizingDoubleDash.go:117:31:117:37 | tainted | SanitizingDoubleDash.go:117:14:117:44 | call to append | provenance | FunctionModel |
 | SanitizingDoubleDash.go:123:14:123:38 | call to append | SanitizingDoubleDash.go:124:24:124:31 | arrayLit | provenance |  |
 | SanitizingDoubleDash.go:123:31:123:37 | tainted | SanitizingDoubleDash.go:123:14:123:38 | call to append | provenance | FunctionModel |
+| SanitizingDoubleDash.go:128:15:128:31 | slice literal [array] | SanitizingDoubleDash.go:129:21:129:28 | arrayLit [array] | provenance |  |
+| SanitizingDoubleDash.go:128:24:128:30 | tainted | SanitizingDoubleDash.go:128:15:128:31 | slice literal [array] | provenance |  |
 | SanitizingDoubleDash.go:129:14:129:35 | call to append | SanitizingDoubleDash.go:130:24:130:31 | arrayLit | provenance |  |
+| SanitizingDoubleDash.go:129:14:129:35 | call to append [array] | SanitizingDoubleDash.go:130:24:130:31 | arrayLit | provenance |  |
 | SanitizingDoubleDash.go:129:21:129:28 | arrayLit | SanitizingDoubleDash.go:129:14:129:35 | call to append | provenance | FunctionModel |
+| SanitizingDoubleDash.go:129:21:129:28 | arrayLit [array] | SanitizingDoubleDash.go:129:14:129:35 | call to append [array] | provenance | MaD:28 |
 | SanitizingDoubleDash.go:136:14:136:38 | call to append | SanitizingDoubleDash.go:137:24:137:31 | arrayLit | provenance |  |
 | SanitizingDoubleDash.go:136:31:136:37 | tainted | SanitizingDoubleDash.go:136:14:136:38 | call to append | provenance | FunctionModel |
 | SanitizingDoubleDash.go:142:14:142:38 | call to append | SanitizingDoubleDash.go:143:21:143:28 | arrayLit | provenance |  |
@@ -95,8 +105,12 @@ nodes
 | SanitizingDoubleDash.go:39:14:39:44 | call to append | semmle.label | call to append |
 | SanitizingDoubleDash.go:39:31:39:37 | tainted | semmle.label | tainted |
 | SanitizingDoubleDash.go:40:23:40:30 | arrayLit | semmle.label | arrayLit |
+| SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | semmle.label | slice literal [array] |
+| SanitizingDoubleDash.go:52:24:52:30 | tainted | semmle.label | tainted |
 | SanitizingDoubleDash.go:53:14:53:35 | call to append | semmle.label | call to append |
+| SanitizingDoubleDash.go:53:14:53:35 | call to append [array] | semmle.label | call to append [array] |
 | SanitizingDoubleDash.go:53:21:53:28 | arrayLit | semmle.label | arrayLit |
+| SanitizingDoubleDash.go:53:21:53:28 | arrayLit [array] | semmle.label | arrayLit [array] |
 | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | semmle.label | arrayLit |
 | SanitizingDoubleDash.go:68:14:68:38 | call to append | semmle.label | call to append |
 | SanitizingDoubleDash.go:68:31:68:37 | tainted | semmle.label | tainted |
@@ -130,8 +144,12 @@ nodes
 | SanitizingDoubleDash.go:123:14:123:38 | call to append | semmle.label | call to append |
 | SanitizingDoubleDash.go:123:31:123:37 | tainted | semmle.label | tainted |
 | SanitizingDoubleDash.go:124:24:124:31 | arrayLit | semmle.label | arrayLit |
+| SanitizingDoubleDash.go:128:15:128:31 | slice literal [array] | semmle.label | slice literal [array] |
+| SanitizingDoubleDash.go:128:24:128:30 | tainted | semmle.label | tainted |
 | SanitizingDoubleDash.go:129:14:129:35 | call to append | semmle.label | call to append |
+| SanitizingDoubleDash.go:129:14:129:35 | call to append [array] | semmle.label | call to append [array] |
 | SanitizingDoubleDash.go:129:21:129:28 | arrayLit | semmle.label | arrayLit |
+| SanitizingDoubleDash.go:129:21:129:28 | arrayLit [array] | semmle.label | arrayLit [array] |
 | SanitizingDoubleDash.go:130:24:130:31 | arrayLit | semmle.label | arrayLit |
 | SanitizingDoubleDash.go:136:14:136:38 | call to append | semmle.label | call to append |
 | SanitizingDoubleDash.go:136:31:136:37 | tainted | semmle.label | tainted |

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+\| file://:0:0:0:0 \| [summary param] 1 in append \| file://:0:0:0:0 \| [summary] to write: ReturnValue.ArrayElement in append \|`
	`2`	`+\| file://:0:0:0:0 \| [summary] read: Argument[0].ArrayElement in append \| file://:0:0:0:0 \| [summary] to write: ReturnValue.ArrayElement in append \|`
`1`	`3`	`\| file://:0:0:0:0 \| function Encode \| url.go:51:14:51:21 \| selection of Encode \|`
`2`	`4`	`\| file://:0:0:0:0 \| function EscapedPath \| url.go:28:14:28:26 \| selection of EscapedPath \|`
`3`	`5`	`\| file://:0:0:0:0 \| function Get \| url.go:52:14:52:18 \| selection of Get \|`