diff --git a/go/Makefile b/go/Makefile index ac3182ae5711..0b9dc9e4ea4c 100644 --- a/go/Makefile +++ b/go/Makefile @@ -54,9 +54,9 @@ ql/lib/go.dbscheme.stats: ql/lib/go.dbscheme build/stats/src.stamp extractor codeql dataset measure -o $@ build/stats/database/db-go test: all build/testdb/check-upgrade-path - codeql test run -j0 ql/test --search-path .. --check-diff-informed --consistency-queries ql/test/consistency --compilation-cache=$(cache) --dynamic-join-order-mode=$(rtjo) --check-databases --fail-on-trap-errors --check-undefined-labels --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition + codeql test run -j0 ql/test --search-path .. --check-diff-informed --consistency-queries ql/consistency-queries --compilation-cache=$(cache) --dynamic-join-order-mode=$(rtjo) --check-databases --fail-on-trap-errors --check-undefined-labels --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition # use GOOS=linux because GOOS=darwin GOARCH=386 is no longer supported - env GOOS=linux GOARCH=386 codeql$(EXE) test run -j0 ql/test/query-tests/Security/CWE-681 --search-path .. --check-diff-informed --consistency-queries ql/test/consistency --compilation-cache=$(cache) --dynamic-join-order-mode=$(rtjo) + env GOOS=linux GOARCH=386 codeql$(EXE) test run -j0 ql/test/query-tests/Security/CWE-681 --search-path .. --check-diff-informed --consistency-queries ql/consistency-queries --compilation-cache=$(cache) --dynamic-join-order-mode=$(rtjo) cd extractor; $(BAZEL) test ... bash extractor-smoke-test/test.sh || (echo "Extractor smoke test FAILED"; exit 1) diff --git a/go/ql/test/consistency/UnexpectedFrontendErrors.ql b/go/ql/consistency-queries/UnexpectedFrontendErrors.ql similarity index 100% rename from go/ql/test/consistency/UnexpectedFrontendErrors.ql rename to go/ql/consistency-queries/UnexpectedFrontendErrors.ql diff --git a/go/ql/lib/change-notes/2025-11-26-unexpected-frontend-errors-query-moved.md b/go/ql/lib/change-notes/2025-11-26-unexpected-frontend-errors-query-moved.md new file mode 100644 index 000000000000..7d6ca378a15a --- /dev/null +++ b/go/ql/lib/change-notes/2025-11-26-unexpected-frontend-errors-query-moved.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* The query `go/unexpected-frontend-error` has been moved from the `codeql/go-queries` query to the `codeql-go-consistency-queries` query pack. diff --git a/go/ql/lib/semmle/go/controlflow/IR.qll b/go/ql/lib/semmle/go/controlflow/IR.qll index 2c8b673184ea..868359a4970e 100644 --- a/go/ql/lib/semmle/go/controlflow/IR.qll +++ b/go/ql/lib/semmle/go/controlflow/IR.qll @@ -1588,4 +1588,8 @@ module IR { * in a field/method access, element access, or slice expression. */ EvalImplicitDerefInstruction implicitDerefInstruction(Expr e) { result = MkImplicitDeref(e) } + + Instruction lookThroughImplicitFieldRead(Instruction insn) { + result = insn.(ImplicitFieldReadInstruction).getBaseInstruction() + } } diff --git a/go/ql/lib/semmle/go/dataflow/SsaImpl.qll b/go/ql/lib/semmle/go/dataflow/SsaImpl.qll index 8549d9b497ad..089ba3af3d18 100644 --- a/go/ql/lib/semmle/go/dataflow/SsaImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/SsaImpl.qll @@ -387,7 +387,8 @@ private module Internal { or maxSsaRefRank(b1, v) = ssaRefRank(b1, i1, v, _) and varBlockStep(v, b1, b2) and - ssaRefRank(b2, i2, v, _) = 1 + ssaRefRank(b2, i2, v, _) = 1 and + not (b1 = b2 and i1 = i2) } predicate variableUse(SsaSourceVariable v, IR::Instruction use, ReachableBasicBlock bb, int i) { diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImplConsistency.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImplConsistency.qll index aa9c9da1bd13..b4d927711506 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImplConsistency.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImplConsistency.qll @@ -5,10 +5,25 @@ private import go private import DataFlowImplSpecific as Impl +private import DataFlowUtil private import TaintTrackingImplSpecific private import codeql.dataflow.internal.DataFlowImplConsistency private import semmle.go.dataflow.internal.DataFlowNodes -private module Input implements InputSig { } +private module Input implements InputSig { + predicate missingLocationExclude(DataFlow::Node n) { + n instanceof DataFlow::GlobalFunctionNode or n instanceof Private::FlowSummaryNode + } + + predicate uniqueNodeLocationExclude(DataFlow::Node n) { missingLocationExclude(n) } + + predicate localFlowIsLocalExclude(DataFlow::Node n1, DataFlow::Node n2) { + n1 instanceof DataFlow::FunctionNode and simpleLocalFlowStep(n1, n2, _) + } + + predicate argHasPostUpdateExclude(DataFlow::ArgumentNode n) { + not DataFlow::insnHasPostUpdateNode(n.asInstruction()) + } +} module Consistency = MakeConsistency; diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll index d48335d299f4..e9cefe8c8279 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll @@ -838,7 +838,11 @@ module Public { exists(IR::MethodReadInstruction mri | ce.getTarget() instanceof Method and mri = IR::evalExprInstruction(ce.getCalleeExpr()) and - insn = mri.getReceiver() + // If a.x is reading a promoted field, and it's equivalent to a.b.c.x, + // then mri.getReceiver() will give us the implicit field read a.b.c + // and we want to have post-update nodes for a, the implicit field + // read a.b and the implicit field read a.b.c. + insn = IR::lookThroughImplicitFieldRead*(mri.getReceiver()) ) ) and mutableType(insn.getResultType()) diff --git a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll index f12c9e6eeb1b..f4ad3862da07 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll @@ -384,17 +384,13 @@ module SourceSinkInterpretationInput implements } private DataFlow::Node skipImplicitFieldReads(DataFlow::Node n) { - not exists(lookThroughImplicitFieldRead(n)) and result = n + not exists(IR::lookThroughImplicitFieldRead(n.asInstruction())) and result = n or - result = skipImplicitFieldReads(lookThroughImplicitFieldRead(n)) - } - - private DataFlow::Node lookThroughImplicitFieldRead(DataFlow::Node n) { - result.asInstruction() = - n.(DataFlow::InstructionNode) - .asInstruction() - .(IR::ImplicitFieldReadInstruction) - .getBaseInstruction() + exists(DataFlow::Node mid | + mid.asInstruction() = IR::lookThroughImplicitFieldRead(n.asInstruction()) + | + result = skipImplicitFieldReads(mid) + ) } /** Provides additional sink specification logic. */ diff --git a/go/ql/test/consistency/UnexpectedFrontendErrors.expected b/go/ql/test/consistency/UnexpectedFrontendErrors.expected deleted file mode 100644 index 4c318786b77d..000000000000 --- a/go/ql/test/consistency/UnexpectedFrontendErrors.expected +++ /dev/null @@ -1 +0,0 @@ -| test.go:7:1:7:1 | expected declaration, found This | diff --git a/go/ql/test/experimental/CWE-203/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/experimental/CWE-203/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..0bd77bfcaa2d --- /dev/null +++ b/go/ql/test/experimental/CWE-203/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,5 @@ +reverseRead +| timing.go:15:18:15:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| timing.go:28:18:28:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| timing.go:41:18:41:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| timing.go:53:18:53:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/experimental/CWE-287/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/experimental/CWE-287/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..c77e608378d5 --- /dev/null +++ b/go/ql/test/experimental/CWE-287/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,4 @@ +reverseRead +| ImproperLdapAuth.go:18:18:18:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| ImproperLdapAuth.go:39:18:39:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| ImproperLdapAuth.go:64:18:64:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/experimental/CWE-321-V2/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/experimental/CWE-321-V2/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..3a9dc0286509 --- /dev/null +++ b/go/ql/test/experimental/CWE-321-V2/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,3 @@ +reverseRead +| go-jose.v3.go:16:17:16:17 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| golang-jwt-v5.go:22:17:22:17 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/experimental/CWE-369/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/experimental/CWE-369/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..d2ae8651ea5e --- /dev/null +++ b/go/ql/test/experimental/CWE-369/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,10 @@ +reverseRead +| DivideByZero.go:10:12:10:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| DivideByZero.go:17:12:17:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| DivideByZero.go:24:12:24:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| DivideByZero.go:31:12:31:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| DivideByZero.go:38:12:38:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| DivideByZero.go:45:12:45:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| DivideByZero.go:54:12:54:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| DivideByZero.go:63:12:63:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| DivideByZero.go:72:12:72:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/experimental/CWE-522-DecompressionBombs/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/experimental/CWE-522-DecompressionBombs/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..455781c6b15b --- /dev/null +++ b/go/ql/test/experimental/CWE-522-DecompressionBombs/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,36 @@ +reverseRead +| test.go:60:15:60:21 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:61:24:61:30 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:62:13:62:19 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:63:17:63:23 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:64:8:64:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:65:12:65:18 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:66:8:66:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:67:12:67:18 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:68:17:68:23 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:69:21:69:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:70:13:70:19 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:71:17:71:23 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:72:16:72:22 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:73:20:73:26 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:74:7:74:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:75:11:75:17 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:76:9:76:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:77:13:77:19 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:78:18:78:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:79:22:79:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:80:5:80:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:81:9:81:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:82:7:82:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:83:11:83:17 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:84:15:84:21 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:85:16:85:22 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:86:20:86:26 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:87:16:87:22 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:88:20:88:26 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:89:17:89:23 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:90:21:90:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:91:15:91:21 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:92:19:92:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:93:5:93:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:94:9:94:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/experimental/CWE-807/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/experimental/CWE-807/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..0b244f8f0333 --- /dev/null +++ b/go/ql/test/experimental/CWE-807/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,13 @@ +reverseRead +| SensitiveConditionBypassBad.go:7:5:7:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| condition.go:16:5:16:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| condition.go:25:5:25:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| condition.go:34:5:34:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| condition.go:41:5:41:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| condition.go:41:35:41:35 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| condition.go:49:5:49:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| condition.go:56:5:56:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| condition.go:63:5:63:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| condition.go:70:5:70:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| condition.go:77:5:77:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| condition.go:84:5:84:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/experimental/CWE-840/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/experimental/CWE-840/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..b2cb9694e61c --- /dev/null +++ b/go/ql/test/experimental/CWE-840/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,7 @@ +reverseRead +| ConditionalBypassBad.go:9:5:9:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| ConditionalBypassGood.go:9:5:9:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| condition.go:9:5:9:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| condition.go:16:5:16:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| condition.go:16:41:16:41 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| condition.go:23:5:23:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/experimental/CWE-918/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/experimental/CWE-918/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..082a5e7bd31c --- /dev/null +++ b/go/ql/test/experimental/CWE-918/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,8 @@ +reverseRead +| builtin.go:115:31:115:31 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| builtin.go:124:32:124:32 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| builtin.go:133:54:133:54 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| builtin.go:142:55:142:55 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| new-tests.go:62:31:62:33 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| new-tests.go:78:18:78:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| new-tests.go:81:37:81:39 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/experimental/CWE-942/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/experimental/CWE-942/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..736ff52258ff --- /dev/null +++ b/go/ql/test/experimental/CWE-942/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,15 @@ +reverseRead +| CorsMisconfiguration.go:52:14:52:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| CorsMisconfiguration.go:59:14:59:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| CorsMisconfiguration.go:66:17:66:19 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| CorsMisconfiguration.go:74:14:74:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| CorsMisconfiguration.go:81:14:81:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| CorsMisconfiguration.go:88:14:88:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| CorsMisconfiguration.go:101:14:101:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| CorsMisconfiguration.go:112:14:112:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| CorsMisconfiguration.go:126:15:126:17 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| CorsMisconfiguration.go:141:14:141:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| CorsMisconfiguration.go:156:14:156:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| CorsMisconfiguration.go:170:14:170:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| CorsMisconfiguration.go:194:17:194:19 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| CorsMisconfiguration.go:206:14:206:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/experimental/Unsafe/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/experimental/Unsafe/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..95ae768a95ee --- /dev/null +++ b/go/ql/test/experimental/Unsafe/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,6 @@ +reverseRead +| WrongUsageOfUnsafe.go:34:40:34:47 | harmless | Origin of readStep is missing a PostUpdateNode. | +| WrongUsageOfUnsafe.go:55:40:55:47 | harmless | Origin of readStep is missing a PostUpdateNode. | +| WrongUsageOfUnsafe.go:77:43:77:50 | harmless | Origin of readStep is missing a PostUpdateNode. | +| WrongUsageOfUnsafe.go:111:47:111:54 | harmless | Origin of readStep is missing a PostUpdateNode. | +| WrongUsageOfUnsafe.go:211:47:211:54 | harmless | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/experimental/frameworks/CleverGo/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/experimental/frameworks/CleverGo/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..f2a42c6dbedd --- /dev/null +++ b/go/ql/test/experimental/frameworks/CleverGo/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,2 @@ +reverseRead +| RemoteSources.go:98:9:98:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/Types/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/Types/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..d0324c7c4eb3 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/Types/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,5 @@ +reverseRead +| pkg1/tst.go:43:6:43:6 | t | Origin of readStep is missing a PostUpdateNode. | +| pkg1/tst.go:46:6:46:6 | t | Origin of readStep is missing a PostUpdateNode. | +| pkg1/tst.go:53:6:53:7 | t2 | Origin of readStep is missing a PostUpdateNode. | +| pkg1/tst.go:55:6:55:7 | t2 | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/concepts/HTTP/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/concepts/HTTP/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..ded5f21e3e6a --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/concepts/HTTP/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,9 @@ +reverseRead +| main.go:49:2:49:4 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| main.go:50:2:50:4 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| main.go:58:2:58:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| main.go:63:49:63:49 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| server.go:8:6:8:6 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| server.go:9:6:9:6 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| server.go:10:6:10:6 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| server.go:13:6:13:6 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..cf59277a48b3 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,6 @@ +reverseRead +| Builtin.go:7:2:7:10 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Builtin.go:13:2:13:10 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Builtin.go:22:2:22:10 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Builtin.go:32:2:32:10 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Builtin.go:39:2:39:10 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..44b43af68873 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,4 @@ +reverseRead +| test.go:90:10:90:15 | taint8 | Origin of readStep is missing a PostUpdateNode. | +| test.go:104:12:104:18 | taint10 | Origin of readStep is missing a PostUpdateNode. | +| test.go:150:10:150:14 | slice | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..44b43af68873 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,4 @@ +reverseRead +| test.go:90:10:90:15 | taint8 | Origin of readStep is missing a PostUpdateNode. | +| test.go:104:12:104:18 | taint10 | Origin of readStep is missing a PostUpdateNode. | +| test.go:150:10:150:14 | slice | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/GlobalValueNumbering/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/dataflow/GlobalValueNumbering/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..3eb5ee54756a --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/GlobalValueNumbering/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,3 @@ +reverseRead +| regressions.go:21:3:21:3 | x | Origin of readStep is missing a PostUpdateNode. | +| regressions.go:22:3:22:3 | y | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/GlobalVariableSideEffects/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/dataflow/GlobalVariableSideEffects/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..c9202aa28e6a --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/GlobalVariableSideEffects/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,3 @@ +reverseRead +| globalVariable.go:17:7:17:17 | globalArray | Origin of readStep is missing a PostUpdateNode. | +| globalVariable.go:18:7:18:17 | globalSlice | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..a9ab5a81df3d --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,2 @@ +reverseRead +| test.go:23:12:23:12 | a | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/SSA/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/dataflow/SSA/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..b435a5fa62d3 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/SSA/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,3 @@ +reverseRead +| main.go:97:2:97:8 | wrapper | Origin of readStep is missing a PostUpdateNode. | +| main.go:117:2:117:2 | p | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..b1b3608ee058 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/ThreatModels/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,2 @@ +reverseRead +| test.go:32:11:32:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Afero/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/frameworks/Afero/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..daba79d62f03 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Afero/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,2 @@ +reverseRead +| test.go:19:14:19:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..42b10a988b50 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,16 @@ +reverseRead +| test.go:142:3:142:9 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:143:3:143:9 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:143:23:143:29 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:208:18:208:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:208:18:208:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:229:21:229:25 | files | Origin of readStep is missing a PostUpdateNode. | +| test.go:259:2:259:2 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:270:37:270:37 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:283:44:283:48 | files | Origin of readStep is missing a PostUpdateNode. | +| test.go:297:51:297:62 | genericFiles | Origin of readStep is missing a PostUpdateNode. | +| test.go:298:54:298:62 | untainted | Origin of readStep is missing a PostUpdateNode. | +| test.go:317:13:317:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:318:20:318:22 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:324:17:324:19 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:324:17:324:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..9f6ffe14c070 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,2 @@ +reverseRead +| test.go:110:20:110:23 | objs | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Chi/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/frameworks/Chi/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..e87bbb9cdee9 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Chi/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,2 @@ +reverseRead +| test.go:13:12:13:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/frameworks/Echo/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..1765ea137674 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,4 @@ +reverseRead +| test.go:89:16:89:22 | cookies | Origin of readStep is missing a PostUpdateNode. | +| test.go:193:10:193:22 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:216:20:216:26 | cookies | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..b57f285e1425 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,22 @@ +reverseRead +| fasthttp.go:75:28:75:35 | lbclient | Origin of readStep is missing a PostUpdateNode. | +| fasthttp.go:102:7:102:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| fasthttp.go:162:3:162:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| fasthttp.go:163:3:163:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| fasthttp.go:164:3:164:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| fasthttp.go:165:15:165:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| fasthttp.go:166:15:166:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| fasthttp.go:167:15:167:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| fasthttp.go:168:15:168:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| fasthttp.go:170:3:170:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| fasthttp.go:172:3:172:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| fasthttp.go:173:3:173:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| fasthttp.go:174:3:174:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| fasthttp.go:175:3:175:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| fasthttp.go:183:3:183:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| fasthttp.go:184:3:184:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| fasthttp.go:185:16:185:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| fasthttp.go:194:3:194:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| fasthttp.go:195:3:195:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| fasthttp.go:196:3:196:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| fasthttp.go:197:3:197:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Gin/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/frameworks/Gin/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..d430ebd33f51 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Gin/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,5 @@ +reverseRead +| Gin.go:26:18:26:18 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Gin.go:26:28:26:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Gin.go:158:10:158:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Gin.go:162:13:162:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..0bbe91ae77ed --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,14 @@ +reverseRead +| proto/Hello.pb.go:34:10:34:40 | file_proto_Hello_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| proto/Hello.pb.go:47:9:47:39 | file_proto_Hello_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| proto/Hello.pb.go:81:10:81:40 | file_proto_Hello_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| proto/Hello.pb.go:94:9:94:39 | file_proto_Hello_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| proto/Hello.pb.go:169:13:169:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| proto/Hello.pb.go:171:13:171:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| proto/Hello.pb.go:173:13:173:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| proto/Hello.pb.go:181:13:181:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| proto/Hello.pb.go:183:13:183:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| proto/Hello.pb.go:185:13:185:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| proto/Hello.pb.micro.go:55:9:55:9 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| proto/Hello.pb.micro.go:57:9:57:9 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| proto/Hello.pb.micro.go:86:9:86:9 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Protobuf/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/frameworks/Protobuf/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..b69ab06bee15 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Protobuf/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,32 @@ +reverseRead +| protos/query/query.pb.go:58:9:58:34 | file_query_proto_enumTypes | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:62:10:62:35 | file_query_proto_enumTypes | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:88:10:88:34 | file_query_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:101:9:101:33 | file_query_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:156:10:156:34 | file_query_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:169:9:169:33 | file_query_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:204:10:204:34 | file_query_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:217:9:217:33 | file_query_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:318:13:318:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:320:13:320:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:322:13:322:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:330:13:330:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:332:13:332:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:334:13:334:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:342:13:342:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:344:13:344:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:346:13:346:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| testDeprecatedApi.go:74:24:74:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| testDeprecatedApi.go:85:24:85:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| testDeprecatedApi.go:98:13:98:24 | selection of Alerts | Origin of readStep is missing a PostUpdateNode. | +| testDeprecatedApi.go:124:12:124:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| testDeprecatedApi.go:167:12:167:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| testDeprecatedApi.go:176:24:176:28 | query | Origin of readStep is missing a PostUpdateNode. | +| testModernApi.go:94:12:94:21 | serialized | Origin of readStep is missing a PostUpdateNode. | +| testModernApi.go:102:24:102:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| testModernApi.go:113:24:113:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| testModernApi.go:126:13:126:24 | selection of Alerts | Origin of readStep is missing a PostUpdateNode. | +| testModernApi.go:162:12:162:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| testModernApi.go:186:12:186:21 | serialized | Origin of readStep is missing a PostUpdateNode. | +| testModernApi.go:224:12:224:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| testModernApi.go:233:24:233:28 | query | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..0fd726cd886a --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,127 @@ +reverseRead +| EndToEnd.go:30:35:30:35 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:30:35:30:42 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:36:18:36:18 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:36:18:36:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:44:18:44:18 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:44:18:44:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:51:20:51:20 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:51:20:51:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:58:18:58:18 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:58:18:58:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:64:26:64:26 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:64:26:64:33 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:69:22:69:22 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:69:22:69:29 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:74:22:74:22 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:74:22:74:29 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:79:35:79:35 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:79:35:79:42 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:84:22:84:22 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:84:22:84:29 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:89:21:89:21 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:89:21:89:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:94:20:94:20 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| EndToEnd.go:94:20:94:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:26:7:26:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:27:7:27:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:27:7:27:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:30:2:30:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:33:7:33:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:37:7:37:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:37:7:37:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:38:24:38:24 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:42:7:42:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:43:24:43:24 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:47:7:47:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:51:7:51:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:52:7:52:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:56:7:56:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:56:7:56:27 | index expression | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:60:7:60:7 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:60:7:60:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:63:2:63:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:70:22:70:22 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:75:7:75:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:76:7:76:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:77:7:77:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:77:7:77:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:78:7:78:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:79:7:79:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:80:7:80:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:82:13:82:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:85:13:85:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:88:13:88:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:89:7:89:28 | index expression | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:91:7:91:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:91:7:91:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:91:7:91:41 | index expression | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:93:28:93:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:96:15:96:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:99:7:99:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:101:7:101:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:103:15:103:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:109:7:109:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:111:7:111:7 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:116:2:116:2 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:116:2:116:10 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:120:2:120:2 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:120:2:120:10 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:125:13:125:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:125:13:125:21 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:128:14:128:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:128:14:128:22 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| Revel.go:133:13:133:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/app.go:34:2:34:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/app.go:47:2:47:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/app.go:56:2:56:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/app.go:57:2:57:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/app.go:59:16:59:16 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/app.go:61:5:61:5 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/app.go:62:3:62:3 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/app.go:68:2:68:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/app.go:79:5:79:5 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/app.go:81:5:81:5 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/app.go:83:4:83:4 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/app.go:89:2:89:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/app.go:95:10:95:10 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/hotels.go:44:3:44:3 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/hotels.go:51:2:51:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/hotels.go:143:26:143:26 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/hotels.go:144:2:144:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/hotels.go:146:2:146:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/hotels.go:148:5:148:5 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/hotels.go:149:3:149:3 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/hotels.go:153:2:153:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/hotels.go:166:19:166:19 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/hotels.go:168:5:168:5 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/hotels.go:168:33:168:33 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/hotels.go:169:3:169:3 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/hotels.go:174:5:174:5 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/hotels.go:175:3:175:3 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/hotels.go:176:4:176:10 | booking | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/controllers/hotels.go:184:2:184:2 | implicit read of field Controller | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/init.go:36:44:36:44 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/init.go:40:49:40:49 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/init.go:52:2:52:2 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/init.go:52:2:52:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/init.go:53:2:53:2 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/init.go:53:2:53:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/init.go:54:2:54:2 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/init.go:54:2:54:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/models/booking.go:33:13:33:19 | booking | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/models/booking.go:34:13:34:19 | booking | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/models/booking.go:35:13:35:19 | booking | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/models/booking.go:36:13:36:19 | booking | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/models/booking.go:49:9:49:9 | b | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/models/booking.go:53:14:53:14 | b | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/models/booking.go:53:38:53:38 | b | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/models/booking.go:67:3:67:3 | b | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/models/booking.go:68:3:68:3 | b | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/models/booking.go:69:3:69:3 | b | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/models/booking.go:73:39:73:39 | b | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/models/booking.go:73:47:73:47 | b | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/models/booking.go:81:13:81:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/models/booking.go:82:14:82:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/models/booking.go:83:17:83:17 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| examples/booking/app/models/booking.go:84:18:84:18 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..c7680b2b6ca1 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,2 @@ +reverseRead +| SystemCommandExecutors.go:25:12:25:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..f07ffbe60cfe --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,3 @@ +reverseRead +| main.go:28:2:28:4 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| main.go:34:2:34:4 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Twirp/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/frameworks/Twirp/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..d4e53cf33a9a --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/Twirp/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,97 @@ +reverseRead +| rpc/notes/service.pb.go:36:10:36:46 | file_rpc_notes_service_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.pb.go:49:9:49:45 | file_rpc_notes_service_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.pb.go:97:10:97:46 | file_rpc_notes_service_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.pb.go:110:9:110:45 | file_rpc_notes_service_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.pb.go:142:10:142:46 | file_rpc_notes_service_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.pb.go:155:9:155:45 | file_rpc_notes_service_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.pb.go:182:10:182:46 | file_rpc_notes_service_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.pb.go:195:9:195:45 | file_rpc_notes_service_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.pb.go:297:13:297:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.pb.go:299:13:299:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.pb.go:301:13:301:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.pb.go:309:13:309:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.pb.go:311:13:311:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.pb.go:313:13:313:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.pb.go:321:13:321:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.pb.go:323:13:323:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.pb.go:325:13:325:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.pb.go:333:13:333:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.pb.go:335:13:335:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.pb.go:337:13:337:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:82:40:82:49 | clientOpts | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:118:37:118:37 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:118:47:118:52 | selection of opts | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:124:24:124:29 | selection of opts | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:128:34:128:39 | selection of opts | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:164:37:164:37 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:164:47:164:52 | selection of opts | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:170:24:170:29 | selection of opts | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:174:34:174:39 | selection of opts | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:221:40:221:49 | clientOpts | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:257:33:257:33 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:257:43:257:48 | selection of opts | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:263:24:263:29 | selection of opts | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:267:34:267:39 | selection of opts | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:303:33:303:33 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:303:43:303:48 | selection of opts | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:309:24:309:29 | selection of opts | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:313:34:313:39 | selection of opts | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:350:45:350:54 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:360:29:360:29 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:389:38:389:38 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:397:58:397:60 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:402:47:402:49 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:404:48:404:50 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:405:58:405:60 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:409:95:409:97 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:410:58:410:60 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:422:48:422:50 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:423:58:423:60 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:429:12:429:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:440:53:440:55 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:441:43:441:45 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:449:36:449:36 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:455:23:455:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:477:13:477:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:494:41:494:41 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:507:34:507:34 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:524:24:524:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:526:24:526:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:532:36:532:36 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:538:25:538:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:558:13:558:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:575:41:575:41 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:588:34:588:34 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:603:24:603:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:605:24:605:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:609:12:609:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:620:53:620:55 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:621:43:621:45 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:629:36:629:36 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:635:23:635:25 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:657:13:657:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:674:41:674:41 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:687:34:687:34 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:704:24:704:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:706:24:706:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:712:36:712:36 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:718:25:718:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:738:13:738:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:755:41:755:41 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:768:34:768:34 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:783:24:783:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:785:24:785:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:969:8:969:13 | copied | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:984:2:984:4 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:985:2:985:4 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:986:2:986:4 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:1032:15:1032:18 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:1037:35:1037:38 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:1116:66:1116:66 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:1159:98:1159:98 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:1227:21:1227:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:1237:35:1237:38 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:1278:11:1278:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| rpc/notes/service.twirp.go:1292:23:1292:26 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| server/main.go:33:19:33:19 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..ace7b23eded1 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,2 @@ +reverseRead +| WebSocketReadWrite.go:27:9:27:9 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..e938aa2ca923 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,12 @@ +reverseRead +| test.go:12:12:12:18 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:17:24:17:30 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:20:36:20:42 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:23:33:23:39 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:24:22:24:26 | nodes | Origin of readStep is missing a PostUpdateNode. | +| test.go:26:45:26:51 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:27:22:27:27 | nodes2 | Origin of readStep is missing a PostUpdateNode. | +| test.go:31:33:31:39 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:39:49:39:55 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:43:31:43:37 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| test.go:48:32:48:38 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/query-tests/RedundantCode/DeadStoreOfLocal/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/query-tests/RedundantCode/DeadStoreOfLocal/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..fbede1f21200 --- /dev/null +++ b/go/ql/test/query-tests/RedundantCode/DeadStoreOfLocal/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,2 @@ +reverseRead +| testdata.go:206:7:206:7 | x | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..1861fe5d2b9d --- /dev/null +++ b/go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,5 @@ +reverseRead +| IncompleteHostnameRegexp.go:12:42:12:44 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| IncompleteHostnameRegexpGood2.go:12:42:12:44 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| IncompleteHostnameRegexpGood.go:12:42:12:44 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| main.go:18:57:18:57 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/query-tests/Security/CWE-020/MissingRegexpAnchor/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/query-tests/Security/CWE-020/MissingRegexpAnchor/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..a9e0caae7699 --- /dev/null +++ b/go/ql/test/query-tests/Security/CWE-020/MissingRegexpAnchor/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,3 @@ +reverseRead +| MissingRegexpAnchor.go:12:42:12:44 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| MissingRegexpAnchorGood.go:12:42:12:44 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/query-tests/Security/CWE-022/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/query-tests/Security/CWE-022/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..69de1fc20fd4 --- /dev/null +++ b/go/ql/test/query-tests/Security/CWE-022/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,3 @@ +reverseRead +| TaintedPath.go:15:18:15:18 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| TaintedPath.go:84:28:84:32 | files | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/query-tests/Security/CWE-078/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/query-tests/Security/CWE-078/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..51645e40047a --- /dev/null +++ b/go/ql/test/query-tests/Security/CWE-078/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,11 @@ +reverseRead +| ArgumentInjection.go:9:10:9:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| CommandInjection2.go:13:15:13:17 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| CommandInjection2.go:21:15:21:17 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| CommandInjection2.go:41:15:41:17 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| CommandInjection.go:9:13:9:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| GitSubcommands.go:11:13:11:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| GitSubcommands.go:22:13:22:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| GitSubcommands.go:33:13:33:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| SanitizingDoubleDash.go:9:13:9:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| SanitizingDoubleDash.go:92:13:92:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/query-tests/Security/CWE-079/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/query-tests/Security/CWE-079/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..0b22e7c6251b --- /dev/null +++ b/go/ql/test/query-tests/Security/CWE-079/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,21 @@ +reverseRead +| HtmlTemplateEscapingBypassXss.go:99:9:99:9 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| ReflectedXss.go:11:15:11:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| ReflectedXssGood.go:15:15:15:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| contenttype.go:11:11:11:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| contenttype.go:25:11:25:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| contenttype.go:39:11:39:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| contenttype.go:49:11:49:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| contenttype.go:61:11:61:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| contenttype.go:71:11:71:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| contenttype.go:86:11:86:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| contenttype.go:98:11:98:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| contenttype.go:111:11:111:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| reflectedxsstest.go:15:13:15:13 | r | Origin of readStep is missing a PostUpdateNode. | +| reflectedxsstest.go:21:13:21:13 | r | Origin of readStep is missing a PostUpdateNode. | +| reflectedxsstest.go:51:14:51:14 | r | Origin of readStep is missing a PostUpdateNode. | +| tst.go:14:15:14:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| tst.go:33:15:33:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| tst.go:48:14:48:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| tst.go:66:15:66:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| websocketXss.go:26:9:26:9 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/query-tests/Security/CWE-089/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/query-tests/Security/CWE-089/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..bb9cf32663a7 --- /dev/null +++ b/go/ql/test/query-tests/Security/CWE-089/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,23 @@ +reverseRead +| SqlInjection.go:11:3:11:5 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| SqlInjection.go:11:3:11:17 | call to Query | Origin of readStep is missing a PostUpdateNode. | +| SqlInjectionGood.go:10:14:10:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| SqlInjectionGood.go:10:14:10:28 | call to Query | Origin of readStep is missing a PostUpdateNode. | +| issue48.go:17:25:17:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| issue48.go:21:3:21:21 | RequestDataFromJson | Origin of readStep is missing a PostUpdateNode. | +| issue48.go:27:26:27:28 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| issue48.go:31:3:31:22 | RequestDataFromJson2 | Origin of readStep is missing a PostUpdateNode. | +| issue48.go:37:24:37:26 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| issue48.go:40:3:40:22 | RequestDataFromJson3 | Origin of readStep is missing a PostUpdateNode. | +| main.go:15:63:15:63 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| main.go:15:63:15:75 | call to Query | Origin of readStep is missing a PostUpdateNode. | +| main.go:16:63:16:63 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| main.go:30:13:30:15 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| main.go:34:3:34:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| main.go:40:25:40:27 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| main.go:43:3:43:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| main.go:49:28:49:30 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| main.go:52:3:52:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| main.go:58:28:58:30 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| main.go:61:4:61:15 | star expression | Origin of readStep is missing a PostUpdateNode. | +| main.go:68:18:68:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/query-tests/Security/CWE-117/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/query-tests/Security/CWE-117/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..2f4d9e320f8d --- /dev/null +++ b/go/ql/test/query-tests/Security/CWE-117/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,11 @@ +reverseRead +| LogInjection.go:32:14:32:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| LogInjection.go:33:14:33:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| LogInjection.go:34:18:34:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| LogInjection.go:35:14:35:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| LogInjection.go:447:14:447:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| LogInjection.go:455:14:455:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| LogInjection.go:463:14:463:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| LogInjection.go:498:14:498:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| LogInjection.go:499:14:499:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| LogInjection.go:724:12:724:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/query-tests/Security/CWE-190/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/query-tests/Security/CWE-190/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..26d6a7eec8e5 --- /dev/null +++ b/go/ql/test/query-tests/Security/CWE-190/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,3 @@ +reverseRead +| array_vs_contents.go:16:25:16:31 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| array_vs_contents.go:33:25:33:31 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/query-tests/Security/CWE-312/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/query-tests/Security/CWE-312/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..9161b6f3eb9c --- /dev/null +++ b/go/ql/test/query-tests/Security/CWE-312/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,31 @@ +reverseRead +| CleartextLogging.go:11:11:11:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| CleartextLogging.go:12:9:12:9 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| CleartextLoggingGood.go:12:11:12:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| CleartextLoggingGood.go:13:9:13:9 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| CleartextLoggingGood.go:25:14:25:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| klog.go:27:13:27:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| klog.go:28:13:28:20 | selection of Header | Origin of readStep is missing a PostUpdateNode. | +| klog.go:29:13:29:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:58:9:58:34 | file_query_proto_enumTypes | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:62:10:62:35 | file_query_proto_enumTypes | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:88:10:88:34 | file_query_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:101:9:101:33 | file_query_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:156:10:156:34 | file_query_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:169:9:169:33 | file_query_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:204:10:204:34 | file_query_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:217:9:217:33 | file_query_proto_msgTypes | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:318:13:318:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:320:13:320:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:322:13:322:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:330:13:330:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:332:13:332:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:334:13:334:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:342:13:342:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:344:13:344:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| protos/query/query.pb.go:346:13:346:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| server1.go:11:11:11:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| server1.go:13:11:13:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| server1.go:14:11:14:14 | vals | Origin of readStep is missing a PostUpdateNode. | +| server1.go:17:41:17:41 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| server1.go:21:46:21:46 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/query-tests/Security/CWE-327/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/query-tests/Security/CWE-327/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..95bea8fef591 --- /dev/null +++ b/go/ql/test/query-tests/Security/CWE-327/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,4 @@ +reverseRead +| UnsafeTLS.go:329:32:329:37 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| UnsafeTLS.go:336:33:336:38 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| UnsafeTLS.go:353:40:353:45 | suites | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/query-tests/Security/CWE-347/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/query-tests/Security/CWE-347/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..922af8fad2eb --- /dev/null +++ b/go/ql/test/query-tests/Security/CWE-347/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,5 @@ +reverseRead +| go-jose.v3.go:19:17:19:17 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| go-jose.v3.go:25:16:25:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| golang-jwt-v5.go:22:17:22:17 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| golang-jwt-v5.go:28:16:28:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..d6381960485e --- /dev/null +++ b/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,3 @@ +reverseRead +| cves.go:33:14:33:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| cves.go:41:14:41:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..f05017daafda --- /dev/null +++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,26 @@ +reverseRead +| OpenUrlRedirect.go:10:23:10:23 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| OpenUrlRedirectGood.go:12:16:12:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:13:13:13:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:22:13:22:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:33:13:33:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:48:13:48:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:56:13:56:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:68:13:68:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:77:13:77:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:85:13:85:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:93:13:93:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:102:13:102:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:115:6:115:6 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:117:24:117:24 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:126:13:126:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:138:13:138:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:150:13:150:13 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:163:11:163:11 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:176:6:176:6 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:177:35:177:35 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:220:3:220:3 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:226:23:226:23 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:227:23:227:23 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:228:23:228:23 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| stdlib.go:232:23:232:33 | call to Cookies | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/query-tests/Security/CWE-640/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/query-tests/Security/CWE-640/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..f3510be5f6c8 --- /dev/null +++ b/go/ql/test/query-tests/Security/CWE-640/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,2 @@ +reverseRead +| EmailBad.go:9:10:9:10 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/query-tests/Security/CWE-643/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/query-tests/Security/CWE-643/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..001bad6c8fc1 --- /dev/null +++ b/go/ql/test/query-tests/Security/CWE-643/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,13 @@ +reverseRead +| XPathInjection.go:13:14:13:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| tst.go:35:14:35:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| tst.go:46:14:46:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| tst.go:57:14:57:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| tst.go:72:14:72:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| tst.go:83:14:83:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| tst.go:92:14:92:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| tst.go:93:14:93:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| tst.go:106:14:106:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| tst.go:115:14:115:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| tst.go:116:14:116:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| tst.go:139:14:139:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/query-tests/Security/CWE-770/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/query-tests/Security/CWE-770/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..215578883b20 --- /dev/null +++ b/go/ql/test/query-tests/Security/CWE-770/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,6 @@ +reverseRead +| UncontrolledAllocationSizeBad.go:11:12:11:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| UncontrolledAllocationSizeGood.go:11:12:11:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| UncontrolledAllocationSizeGood.go:32:12:32:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| UncontrolledAllocationSizeGood.go:52:12:52:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| UncontrolledAllocationSizeGood.go:73:12:73:12 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/go/ql/test/query-tests/Security/CWE-918/CONSISTENCY/DataFlowConsistency.expected b/go/ql/test/query-tests/Security/CWE-918/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..cb71c6569c58 --- /dev/null +++ b/go/ql/test/query-tests/Security/CWE-918/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,5 @@ +reverseRead +| websocket.go:110:31:110:31 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| websocket.go:120:32:120:32 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| websocket.go:129:54:129:54 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | +| websocket.go:139:55:139:55 | implicit dereference | Origin of readStep is missing a PostUpdateNode. | diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImplConsistency.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImplConsistency.qll index 8f0d2cbdb771..c892cfe10348 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImplConsistency.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImplConsistency.qll @@ -74,6 +74,9 @@ signature module InputSig DataFlowL ) { none() } + + /** Holds if `(n1, n2)` should be excluded from the consistency test `localFlowIsLocal`. */ + default predicate localFlowIsLocalExclude(DataFlowLang::Node n1, DataFlowLang::Node n2) { none() } } module MakeConsistency< @@ -169,6 +172,7 @@ module MakeConsistency< query predicate localFlowIsLocal(Node n1, Node n2, string msg) { simpleLocalFlowStep(n1, n2, _) and nodeGetEnclosingCallable(n1) != nodeGetEnclosingCallable(n2) and + not Input::localFlowIsLocalExclude(n1, n2) and msg = "Local flow step does not preserve enclosing callable." } @@ -240,6 +244,13 @@ module MakeConsistency< private predicate hasPost(Node n) { exists(PostUpdateNode post | post.getPreUpdateNode() = n) } + /** + * Consider code like `a.b.f = source()`. There is flow from `source()` to + * `[post] a.b` (with an appropriate access path), but we also want there to + * be flow to `[post] a` (with an appropriate access path). The data flow + * library is able to infer this step because there is a read step from `a` + * to `a.b`, as long as the post-update node for `a` exists. + */ query predicate reverseRead(Node n, string msg) { exists(Node n2 | readStep(n, _, n2) and hasPost(n2) and not hasPost(n)) and not Input::reverseReadExclude(n) and