Skip to content

Commit bf319e1

Browse files
owen-mcowen-mc
committed
Accept extra result in Request Forgery test for Twirp
Previously, basiclocalflowstep was not flowing to variable captures properly, so getACalleeSource was not finding any predecessors for `handler` outside of the anonymous function.
1 parent 5da2db7 commit bf319e1

File tree

1 file changed

+20
-0
lines changed

1 file changed

+20
-0
lines changed

go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,22 @@ edges
33
| client/main.go:16:35:16:78 | &... | server/main.go:19:56:19:61 | definition of params |
44
| rpc/notes/service.twirp.go:473:6:473:13 | definition of typedReq | rpc/notes/service.twirp.go:477:44:477:51 | typedReq |
55
| rpc/notes/service.twirp.go:477:44:477:51 | typedReq | server/main.go:19:56:19:61 | definition of params |
6+
| rpc/notes/service.twirp.go:493:2:493:2 | capture variable reqContent | rpc/notes/service.twirp.go:495:35:495:44 | reqContent |
7+
| rpc/notes/service.twirp.go:495:35:495:44 | reqContent | server/main.go:19:56:19:61 | definition of params |
8+
| rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | rpc/notes/service.twirp.go:544:27:544:29 | buf |
9+
| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] |
10+
| rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | rpc/notes/service.twirp.go:574:2:574:2 | capture variable reqContent |
11+
| rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | rpc/notes/service.twirp.go:576:35:576:44 | reqContent |
12+
| rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent |
613
| rpc/notes/service.twirp.go:554:6:554:13 | definition of typedReq | rpc/notes/service.twirp.go:558:44:558:51 | typedReq |
714
| rpc/notes/service.twirp.go:558:44:558:51 | typedReq | server/main.go:19:56:19:61 | definition of params |
15+
| rpc/notes/service.twirp.go:574:2:574:2 | capture variable reqContent | rpc/notes/service.twirp.go:576:35:576:44 | reqContent |
16+
| rpc/notes/service.twirp.go:576:35:576:44 | reqContent | server/main.go:19:56:19:61 | definition of params |
817
| server/main.go:19:56:19:61 | definition of params | client/main.go:16:35:16:78 | &... |
918
| server/main.go:19:56:19:61 | definition of params | rpc/notes/service.twirp.go:473:6:473:13 | definition of typedReq |
19+
| server/main.go:19:56:19:61 | definition of params | rpc/notes/service.twirp.go:493:2:493:2 | capture variable reqContent |
1020
| server/main.go:19:56:19:61 | definition of params | rpc/notes/service.twirp.go:554:6:554:13 | definition of typedReq |
21+
| server/main.go:19:56:19:61 | definition of params | rpc/notes/service.twirp.go:574:2:574:2 | capture variable reqContent |
1122
| server/main.go:19:56:19:61 | definition of params | server/main.go:19:56:19:61 | definition of params |
1223
| server/main.go:19:56:19:61 | definition of params | server/main.go:19:56:19:61 | definition of params |
1324
| server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text |
@@ -16,11 +27,20 @@ nodes
1627
| client/main.go:16:35:16:78 | &... | semmle.label | &... |
1728
| rpc/notes/service.twirp.go:473:6:473:13 | definition of typedReq | semmle.label | definition of typedReq |
1829
| rpc/notes/service.twirp.go:477:44:477:51 | typedReq | semmle.label | typedReq |
30+
| rpc/notes/service.twirp.go:493:2:493:2 | capture variable reqContent | semmle.label | capture variable reqContent |
31+
| rpc/notes/service.twirp.go:495:35:495:44 | reqContent | semmle.label | reqContent |
32+
| rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | semmle.label | ... := ...[0] |
33+
| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | semmle.label | selection of Body |
34+
| rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | semmle.label | definition of reqContent |
35+
| rpc/notes/service.twirp.go:544:27:544:29 | buf | semmle.label | buf |
1936
| rpc/notes/service.twirp.go:554:6:554:13 | definition of typedReq | semmle.label | definition of typedReq |
2037
| rpc/notes/service.twirp.go:558:44:558:51 | typedReq | semmle.label | typedReq |
38+
| rpc/notes/service.twirp.go:574:2:574:2 | capture variable reqContent | semmle.label | capture variable reqContent |
39+
| rpc/notes/service.twirp.go:576:35:576:44 | reqContent | semmle.label | reqContent |
2140
| server/main.go:19:56:19:61 | definition of params | semmle.label | definition of params |
2241
| server/main.go:19:56:19:61 | definition of params | semmle.label | definition of params |
2342
| server/main.go:30:38:30:48 | selection of Text | semmle.label | selection of Text |
2443
subpaths
2544
#select
45+
| server/main.go:30:38:30:48 | selection of Text | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | user-provided value |
2646
| server/main.go:30:38:30:48 | selection of Text | server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | server/main.go:19:56:19:61 | definition of params | user-provided value |

0 commit comments

Comments
 (0)