Fix linter warnings in Request Forgery tests

owen-mc · owen-mc · commit d10b9e665c84 · 2025-07-04T16:55:09.000+01:00
diff --git a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected
@@ -14,8 +14,8 @@
 | websocket.go:129:3:129:62 | call to DialContext | websocket.go:126:21:126:31 | call to Referer | websocket.go:129:38:129:51 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:129:38:129:51 | untrustedInput | WebSocket URL | websocket.go:126:21:126:31 | call to Referer | user-provided value |
 | websocket.go:155:3:155:45 | call to Dial | websocket.go:154:21:154:31 | call to Referer | websocket.go:155:31:155:44 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:155:31:155:44 | untrustedInput | WebSocket URL | websocket.go:154:21:154:31 | call to Referer | user-provided value |
 | websocket.go:162:3:162:45 | call to Dial | websocket.go:160:21:160:31 | call to Referer | websocket.go:162:31:162:44 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:162:31:162:44 | untrustedInput | WebSocket URL | websocket.go:160:21:160:31 | call to Referer | user-provided value |
-| websocket.go:197:3:197:32 | call to BuildProxy | websocket.go:195:21:195:31 | call to Referer | websocket.go:197:18:197:31 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:197:18:197:31 | untrustedInput | WebSocket URL | websocket.go:195:21:195:31 | call to Referer | user-provided value |
-| websocket.go:204:3:204:25 | call to New | websocket.go:202:21:202:31 | call to Referer | websocket.go:204:11:204:24 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:204:11:204:24 | untrustedInput | WebSocket URL | websocket.go:202:21:202:31 | call to Referer | user-provided value |
+| websocket.go:197:7:197:36 | call to BuildProxy | websocket.go:195:21:195:31 | call to Referer | websocket.go:197:22:197:35 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:197:22:197:35 | untrustedInput | WebSocket URL | websocket.go:195:21:195:31 | call to Referer | user-provided value |
+| websocket.go:204:7:204:29 | call to New | websocket.go:202:21:202:31 | call to Referer | websocket.go:204:15:204:28 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:204:15:204:28 | untrustedInput | WebSocket URL | websocket.go:202:21:202:31 | call to Referer | user-provided value |
 edges
 | RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | provenance | Src:MaD:1  |
 | tst.go:10:13:10:35 | call to FormValue | tst.go:14:11:14:17 | tainted | provenance | Src:MaD:1  |
@@ -42,8 +42,8 @@ edges
 | websocket.go:126:21:126:31 | call to Referer | websocket.go:129:38:129:51 | untrustedInput | provenance | Src:MaD:2  |
 | websocket.go:154:21:154:31 | call to Referer | websocket.go:155:31:155:44 | untrustedInput | provenance | Src:MaD:2  |
 | websocket.go:160:21:160:31 | call to Referer | websocket.go:162:31:162:44 | untrustedInput | provenance | Src:MaD:2  |
-| websocket.go:195:21:195:31 | call to Referer | websocket.go:197:18:197:31 | untrustedInput | provenance | Src:MaD:2  |
-| websocket.go:202:21:202:31 | call to Referer | websocket.go:204:11:204:24 | untrustedInput | provenance | Src:MaD:2  |
+| websocket.go:195:21:195:31 | call to Referer | websocket.go:197:22:197:35 | untrustedInput | provenance | Src:MaD:2  |
+| websocket.go:202:21:202:31 | call to Referer | websocket.go:204:15:204:28 | untrustedInput | provenance | Src:MaD:2  |
 models
 | 1 | Source: net/http; Request; true; FormValue; ; ; ReturnValue; remote; manual |
 | 2 | Source: net/http; Request; true; Referer; ; ; ReturnValue; remote; manual |
@@ -80,7 +80,7 @@ nodes
 | websocket.go:160:21:160:31 | call to Referer | semmle.label | call to Referer |
 | websocket.go:162:31:162:44 | untrustedInput | semmle.label | untrustedInput |
 | websocket.go:195:21:195:31 | call to Referer | semmle.label | call to Referer |
-| websocket.go:197:18:197:31 | untrustedInput | semmle.label | untrustedInput |
+| websocket.go:197:22:197:35 | untrustedInput | semmle.label | untrustedInput |
 | websocket.go:202:21:202:31 | call to Referer | semmle.label | call to Referer |
-| websocket.go:204:11:204:24 | untrustedInput | semmle.label | untrustedInput |
+| websocket.go:204:15:204:28 | untrustedInput | semmle.label | untrustedInput |
 subpaths
diff --git a/go/ql/test/query-tests/Security/CWE-918/websocket.go b/go/ql/test/query-tests/Security/CWE-918/websocket.go
@@ -166,7 +166,7 @@ func test() {
 	http.HandleFunc("/ex12", func(w http.ResponseWriter, r *http.Request) {
 		untrustedInput := r.Referer()
 
-		if "localhost" == untrustedInput {
+		if untrustedInput == "localhost" {
 			dialer := gobwas.Dialer{}
 			dialer.Dial(context.TODO(), untrustedInput)
 		}
@@ -176,32 +176,32 @@ func test() {
 	http.HandleFunc("/ex13", func(w http.ResponseWriter, r *http.Request) {
 		untrustedInput := r.Referer()
 
-		if "localhost" == untrustedInput {
-			sac.New(untrustedInput)
+		if untrustedInput == "localhost" {
+			_ = sac.New(untrustedInput)
 		}
 	})
 
 	// sac007 websocket BuildProxy good
 	http.HandleFunc("/ex14", func(w http.ResponseWriter, r *http.Request) {
 		untrustedInput := r.Referer()
 
-		if "localhost" == untrustedInput {
-			sac.BuildProxy(untrustedInput)
+		if untrustedInput == "localhost" {
+			_ = sac.BuildProxy(untrustedInput)
 		}
 	})
 
 	// sac007 websocket BuildProxy bad
 	http.HandleFunc("/ex15", func(w http.ResponseWriter, r *http.Request) {
 		untrustedInput := r.Referer()
 
-		sac.BuildProxy(untrustedInput)
+		_ = sac.BuildProxy(untrustedInput)
 	})
 
 	// sac007 websocket New bad
 	http.HandleFunc("/ex16", func(w http.ResponseWriter, r *http.Request) {
 		untrustedInput := r.Referer()
 
-		sac.New(untrustedInput)
+		_ = sac.New(untrustedInput)
 	})
 
 	log.Println(http.ListenAndServe(":80", nil))
