Add test exercising Go 1.20 array conversions

smowton · smowton · commit 368ca6cb3040 · 2023-02-15T12:31:09.000Z
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ArrayConversion/Flows.expected b/go/ql/test/library-tests/semmle/go/dataflow/ArrayConversion/Flows.expected
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ArrayConversion/Flows.ql b/go/ql/test/library-tests/semmle/go/dataflow/ArrayConversion/Flows.ql
@@ -0,0 +1,58 @@
+import go
+import TestUtilities.InlineExpectationsTest
+
+class DataConfiguration extends DataFlow::Configuration {
+  DataConfiguration() { this = "data-configuration" }
+
+  override predicate isSource(DataFlow::Node source) {
+    source = any(DataFlow::CallNode c | c.getCalleeName() = "source").getResult(0)
+  }
+
+  override predicate isSink(DataFlow::Node sink) {
+    sink = any(DataFlow::CallNode c | c.getCalleeName() = "sink").getArgument(0)
+  }
+}
+
+class DataFlowTest extends InlineExpectationsTest {
+  DataFlowTest() { this = "DataFlowTest" }
+
+  override string getARelevantTag() { result = "dataflow" }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    tag = "dataflow" and
+    exists(DataFlow::Node sink | any(DataConfiguration c).hasFlow(_, sink) |
+      element = sink.toString() and
+      value = "" and
+      sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn())
+    )
+  }
+}
+
+class TaintConfiguration extends TaintTracking::Configuration {
+  TaintConfiguration() { this = "taint-configuration" }
+
+  override predicate isSource(DataFlow::Node source) {
+    source = any(DataFlow::CallNode c | c.getCalleeName() = "source").getResult(0)
+  }
+
+  override predicate isSink(DataFlow::Node sink) {
+    sink = any(DataFlow::CallNode c | c.getCalleeName() = "sink").getArgument(0)
+  }
+}
+
+class TaintFlowTest extends InlineExpectationsTest {
+  TaintFlowTest() { this = "TaintFlowTest" }
+
+  override string getARelevantTag() { result = "taintflow" }
+
+  override predicate hasActualResult(Location location, string element, string tag, string value) {
+    tag = "taintflow" and
+    exists(DataFlow::Node sink | any(TaintConfiguration c).hasFlow(_, sink) |
+      element = sink.toString() and
+      value = "" and
+      sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn())
+    )
+  }
+}
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ArrayConversion/main.go b/go/ql/test/library-tests/semmle/go/dataflow/ArrayConversion/main.go
@@ -0,0 +1,26 @@
+package main
+
+func source() string {
+	return "untrusted data"
+}
+
+func sink(string) {
+}
+
+func sliceToArray(p []string) [1]string {
+	return [1]string(p)
+}
+
+func main() {
+	// Test the new slice->array conversion permitted in Go 1.20
+	var a [4]string
+	a[0] = source()
+	alias := sliceToArray(a[:])
+	sink(alias[0]) // $ taintflow
+
+	// Compare with the standard dataflow support for arrays
+	var b [4]string
+	b[0] = source()
+	sink(b[0]) // $ taintflow
+}
+
