Expected test changes (odd because post update nodes are still at the def)

owen-mc · owen-mc · commit 68128b36ed7a · 2025-03-06T13:25:55.000Z
diff --git a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
@@ -48,14 +48,14 @@ edges
 | GitSubcommands.go:11:13:11:27 | call to Query | GitSubcommands.go:17:36:17:42 | tainted | provenance |  |
 | GitSubcommands.go:33:13:33:19 | selection of URL | GitSubcommands.go:33:13:33:27 | call to Query | provenance | Src:MaD:2 MaD:7 |
 | GitSubcommands.go:33:13:33:27 | call to Query | GitSubcommands.go:38:32:38:38 | tainted | provenance |  |
+| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:13:25:13:31 | tainted | provenance |  |
+| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance |  |
+| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:39:31:39:37 | tainted | provenance | Config |
+| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:52:24:52:30 | tainted | provenance | Config |
+| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:68:31:68:37 | tainted | provenance | Config |
+| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:80:23:80:29 | tainted | provenance | Config |
 | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:9:13:9:27 | call to Query | provenance | Src:MaD:2 MaD:7 |
-| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:13:25:13:31 | tainted | provenance |  |
-| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance |  |
-| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:39:31:39:37 | tainted | provenance |  |
-| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:52:24:52:30 | tainted | provenance |  |
-| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:53:21:53:28 | arrayLit | provenance |  |
-| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:68:31:68:37 | tainted | provenance |  |
-| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:80:23:80:29 | tainted | provenance |  |
+| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | provenance |  |
 | SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | provenance |  |
 | SanitizingDoubleDash.go:13:25:13:31 | tainted | SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | provenance |  |
 | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | SanitizingDoubleDash.go:14:23:14:33 | slice element node | provenance |  |
@@ -67,6 +67,7 @@ edges
 | SanitizingDoubleDash.go:39:31:39:37 | tainted | SanitizingDoubleDash.go:39:14:39:44 | []type{args} [array] | provenance |  |
 | SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | SanitizingDoubleDash.go:53:21:53:28 | arrayLit [array] | provenance |  |
 | SanitizingDoubleDash.go:52:24:52:30 | tainted | SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | provenance |  |
+| SanitizingDoubleDash.go:52:24:52:30 | tainted | SanitizingDoubleDash.go:53:21:53:28 | arrayLit | provenance |  |
 | SanitizingDoubleDash.go:53:14:53:35 | call to append | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | provenance |  |
 | SanitizingDoubleDash.go:53:14:53:35 | call to append [array] | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | provenance |  |
 | SanitizingDoubleDash.go:53:21:53:28 | arrayLit | SanitizingDoubleDash.go:53:14:53:35 | call to append | provenance | MaD:4 |
@@ -180,6 +181,7 @@ nodes
 | GitSubcommands.go:33:13:33:19 | selection of URL | semmle.label | selection of URL |
 | GitSubcommands.go:33:13:33:27 | call to Query | semmle.label | call to Query |
 | GitSubcommands.go:38:32:38:38 | tainted | semmle.label | tainted |
+| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | semmle.label | definition of tainted |
 | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | semmle.label | selection of URL |
 | SanitizingDoubleDash.go:9:13:9:27 | call to Query | semmle.label | call to Query |
 | SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | semmle.label | array literal [array] |
diff --git a/go/ql/test/query-tests/Security/CWE-078/SanitizingDoubleDash.go b/go/ql/test/query-tests/Security/CWE-078/SanitizingDoubleDash.go
@@ -93,62 +93,62 @@ func testDoubleDashIrrelevant(req *http.Request) {
 
 	{
 		arrayLit := [1]string{tainted}
-		exec.Command("sudo", arrayLit[:]...)
+		exec.Command("sudo", arrayLit[:]...) // BAD
 	}
 
 	{
 		arrayLit := [2]string{"--", tainted}
-		exec.Command("sudo", arrayLit[:]...)
+		exec.Command("sudo", arrayLit[:]...) // BAD
 	}
 
 	{
 		arrayLit := []string{"--", tainted}
-		exec.Command("sudo", arrayLit...)
+		exec.Command("sudo", arrayLit...) // BAD
 	}
 
 	{
 		arrayLit := []string{}
 		arrayLit = append(arrayLit, "--", tainted)
-		exec.Command("sudo", arrayLit...)
+		exec.Command("sudo", arrayLit...) // BAD
 	}
 
 	{
 		arrayLit := []string{}
 		arrayLit = append(arrayLit, tainted, "--")
-		exec.Command("sudo", arrayLit...)
+		exec.Command("sudo", arrayLit...) // BAD
 	}
 
 	{
 		arrayLit := []string{"--"}
 		arrayLit = append(arrayLit, tainted)
-		exec.Command("sudo", arrayLit...)
+		exec.Command("sudo", arrayLit...) // BAD
 	}
 
 	{
 		arrayLit := []string{tainted}
 		arrayLit = append(arrayLit, "--")
-		exec.Command("sudo", arrayLit...)
+		exec.Command("sudo", arrayLit...) // BAD
 	}
 
 	{
 		arrayLit := []string{"--"}
 		arrayLit = append(arrayLit, "something else")
 		arrayLit = append(arrayLit, tainted)
-		exec.Command("sudo", arrayLit...)
+		exec.Command("sudo", arrayLit...) // BAD
 	}
 
 	{
 		arrayLit := []string{"something else"}
 		arrayLit = append(arrayLit, tainted)
 		arrayLit = append(arrayLit, "--")
-		exec.Command("sudo", arrayLit...)
+		exec.Command("sudo", arrayLit...) // BAD
 	}
 
 	{
-		exec.Command("sudo", "--", tainted)
+		exec.Command("sudo", "--", tainted) // BAD
 	}
 
 	{
-		exec.Command("sudo", tainted, "--")
+		exec.Command("sudo", tainted, "--") // BAD
 	}
 }
diff --git a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
@@ -117,22 +117,22 @@ edges
 | main.go:61:5:61:15 | RequestData [pointer, Category] | main.go:61:4:61:15 | star expression [Category] | provenance |  |
 | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:42:28:42:41 | untrustedInput | provenance | Src:MaD:20  |
 | mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:50:34:50:39 | filter | provenance |  |
-| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:61:27:61:32 | filter | provenance | Sink:MaD:4 |
-| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:63:23:63:28 | filter | provenance | Sink:MaD:5 |
-| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:64:22:64:27 | filter | provenance | Sink:MaD:6 |
-| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:66:32:66:37 | filter | provenance | Sink:MaD:7 |
-| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:69:17:69:22 | filter | provenance | Sink:MaD:8 |
-| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:70:20:70:25 | filter | provenance | Sink:MaD:9 |
-| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:71:29:71:34 | filter | provenance | Sink:MaD:10 |
-| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:72:30:72:35 | filter | provenance | Sink:MaD:11 |
-| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:73:29:73:34 | filter | provenance | Sink:MaD:12 |
-| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:78:23:78:28 | filter | provenance | Sink:MaD:13 |
-| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:79:23:79:28 | filter | provenance | Sink:MaD:14 |
-| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:80:22:80:27 | filter | provenance | Sink:MaD:15 |
 | mongoDB.go:42:28:42:41 | untrustedInput | mongoDB.go:42:19:42:42 | struct literal | provenance | Config |
 | mongoDB.go:50:23:50:40 | struct literal | mongoDB.go:57:22:57:29 | pipeline | provenance | Sink:MaD:3 |
 | mongoDB.go:50:23:50:40 | struct literal | mongoDB.go:81:18:81:25 | pipeline | provenance | Sink:MaD:16 |
 | mongoDB.go:50:34:50:39 | filter | mongoDB.go:50:23:50:40 | struct literal | provenance | Config |
+| mongoDB.go:50:34:50:39 | filter | mongoDB.go:61:27:61:32 | filter | provenance | Sink:MaD:4 |
+| mongoDB.go:50:34:50:39 | filter | mongoDB.go:63:23:63:28 | filter | provenance | Sink:MaD:5 |
+| mongoDB.go:50:34:50:39 | filter | mongoDB.go:64:22:64:27 | filter | provenance | Sink:MaD:6 |
+| mongoDB.go:50:34:50:39 | filter | mongoDB.go:66:32:66:37 | filter | provenance | Sink:MaD:7 |
+| mongoDB.go:50:34:50:39 | filter | mongoDB.go:69:17:69:22 | filter | provenance | Sink:MaD:8 |
+| mongoDB.go:50:34:50:39 | filter | mongoDB.go:70:20:70:25 | filter | provenance | Sink:MaD:9 |
+| mongoDB.go:50:34:50:39 | filter | mongoDB.go:71:29:71:34 | filter | provenance | Sink:MaD:10 |
+| mongoDB.go:50:34:50:39 | filter | mongoDB.go:72:30:72:35 | filter | provenance | Sink:MaD:11 |
+| mongoDB.go:50:34:50:39 | filter | mongoDB.go:73:29:73:34 | filter | provenance | Sink:MaD:12 |
+| mongoDB.go:50:34:50:39 | filter | mongoDB.go:78:23:78:28 | filter | provenance | Sink:MaD:13 |
+| mongoDB.go:50:34:50:39 | filter | mongoDB.go:79:23:79:28 | filter | provenance | Sink:MaD:14 |
+| mongoDB.go:50:34:50:39 | filter | mongoDB.go:80:22:80:27 | filter | provenance | Sink:MaD:15 |
 models
 | 1 | Sink: database/sql; DB; true; Query; ; ; Argument[0]; sql-injection; manual |
 | 2 | Sink: database/sql; Tx; true; Query; ; ; Argument[0]; sql-injection; manual |

Original file line number	Diff line number	Diff line change
`@@ -93,62 +93,62 @@ func testDoubleDashIrrelevant(req *http.Request) {`
`93`	`93`
`94`	`94`	`{`
`95`	`95`	`arrayLit := [1]string{tainted}`
`96`		`- exec.Command("sudo", arrayLit[:]...)`
	`96`	`+ exec.Command("sudo", arrayLit[:]...) // BAD`
`97`	`97`	`}`
`98`	`98`
`99`	`99`	`{`
`100`	`100`	`arrayLit := [2]string{"--", tainted}`
`101`		`- exec.Command("sudo", arrayLit[:]...)`
	`101`	`+ exec.Command("sudo", arrayLit[:]...) // BAD`
`102`	`102`	`}`
`103`	`103`
`104`	`104`	`{`
`105`	`105`	`arrayLit := []string{"--", tainted}`
`106`		`- exec.Command("sudo", arrayLit...)`
	`106`	`+ exec.Command("sudo", arrayLit...) // BAD`
`107`	`107`	`}`
`108`	`108`
`109`	`109`	`{`
`110`	`110`	`arrayLit := []string{}`
`111`	`111`	`arrayLit = append(arrayLit, "--", tainted)`
`112`		`- exec.Command("sudo", arrayLit...)`
	`112`	`+ exec.Command("sudo", arrayLit...) // BAD`
`113`	`113`	`}`
`114`	`114`
`115`	`115`	`{`
`116`	`116`	`arrayLit := []string{}`
`117`	`117`	`arrayLit = append(arrayLit, tainted, "--")`
`118`		`- exec.Command("sudo", arrayLit...)`
	`118`	`+ exec.Command("sudo", arrayLit...) // BAD`
`119`	`119`	`}`
`120`	`120`
`121`	`121`	`{`
`122`	`122`	`arrayLit := []string{"--"}`
`123`	`123`	`arrayLit = append(arrayLit, tainted)`
`124`		`- exec.Command("sudo", arrayLit...)`
	`124`	`+ exec.Command("sudo", arrayLit...) // BAD`
`125`	`125`	`}`
`126`	`126`
`127`	`127`	`{`
`128`	`128`	`arrayLit := []string{tainted}`
`129`	`129`	`arrayLit = append(arrayLit, "--")`
`130`		`- exec.Command("sudo", arrayLit...)`
	`130`	`+ exec.Command("sudo", arrayLit...) // BAD`
`131`	`131`	`}`
`132`	`132`
`133`	`133`	`{`
`134`	`134`	`arrayLit := []string{"--"}`
`135`	`135`	`arrayLit = append(arrayLit, "something else")`
`136`	`136`	`arrayLit = append(arrayLit, tainted)`
`137`		`- exec.Command("sudo", arrayLit...)`
	`137`	`+ exec.Command("sudo", arrayLit...) // BAD`
`138`	`138`	`}`
`139`	`139`
`140`	`140`	`{`
`141`	`141`	`arrayLit := []string{"something else"}`
`142`	`142`	`arrayLit = append(arrayLit, tainted)`
`143`	`143`	`arrayLit = append(arrayLit, "--")`
`144`		`- exec.Command("sudo", arrayLit...)`
	`144`	`+ exec.Command("sudo", arrayLit...) // BAD`
`145`	`145`	`}`
`146`	`146`
`147`	`147`	`{`
`148`		`- exec.Command("sudo", "--", tainted)`
	`148`	`+ exec.Command("sudo", "--", tainted) // BAD`
`149`	`149`	`}`
`150`	`150`
`151`	`151`	`{`
`152`		`- exec.Command("sudo", tainted, "--")`
	`152`	`+ exec.Command("sudo", tainted, "--") // BAD`
`153`	`153`	`}`
`154`	`154`	`}`