microsoft
diff --git a/‎go/ql/test/example-tests/snippets/typeinfo.expected
Lines changed: 5 additions & 0 deletions b/‎go/ql/test/example-tests/snippets/typeinfo.expected
Lines changed: 5 additions & 0 deletions
diff --git a/‎go/ql/test/experimental/CWE-918/SSRF.expected
Lines changed: 6 additions & 33 deletions b/‎go/ql/test/experimental/CWE-918/SSRF.expected
Lines changed: 6 additions & 33 deletions
diff --git a/‎go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected
Lines changed: 9 additions & 2 deletions b/‎go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected
Lines changed: 9 additions & 2 deletions
diff --git a/‎go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected
Lines changed: 18 additions & 2 deletions b/‎go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected
Lines changed: 18 additions & 2 deletions
@@ -1,3 +1,8 @@
+| file://:0:0:0:0 | parameter 1 of ReadResponse |
+| file://:0:0:0:0 | parameter -1 of AddCookie |
+| file://:0:0:0:0 | parameter -1 of Clone |
+| file://:0:0:0:0 | parameter -1 of Write |
+| file://:0:0:0:0 | parameter -1 of WriteProxy |
 | main.go:18:12:18:14 | argument corresponding to req |
 | main.go:18:12:18:14 | definition of req |
 | main.go:20:5:20:7 | req |
@@ -7,34 +7,21 @@ edges
 | file://:0:0:0:0 | parameter 0 of ReadAll | file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll |
 | file://:0:0:0:0 | parameter 0 of TrimPrefix | file://:0:0:0:0 | [summary] to write: return (return[0]) in TrimPrefix |
 | file://:0:0:0:0 | parameter 0 of Unmarshal | file://:0:0:0:0 | [summary] to write: argument 1 in Unmarshal |
-| file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf |
 | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get |
 | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query |
-| new-tests.go:26:26:26:30 | &... | new-tests.go:31:48:31:56 | selection of word |
-| new-tests.go:26:26:26:30 | &... | new-tests.go:32:48:32:56 | selection of safe |
-| new-tests.go:26:26:26:30 | &... | new-tests.go:35:49:35:57 | selection of word |
-| new-tests.go:31:48:31:56 | selection of word | file://:0:0:0:0 | parameter 1 of Sprintf |
-| new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | call to Sprintf |
-| new-tests.go:32:48:32:56 | selection of safe | file://:0:0:0:0 | parameter 1 of Sprintf |
-| new-tests.go:32:48:32:56 | selection of safe | new-tests.go:32:11:32:57 | call to Sprintf |
-| new-tests.go:35:49:35:57 | selection of word | file://:0:0:0:0 | parameter 1 of Sprintf |
-| new-tests.go:35:49:35:57 | selection of word | new-tests.go:35:12:35:58 | call to Sprintf |
+| new-tests.go:26:26:26:30 | &... | new-tests.go:31:11:31:57 | call to Sprintf |
+| new-tests.go:26:26:26:30 | &... | new-tests.go:32:11:32:57 | call to Sprintf |
+| new-tests.go:26:26:26:30 | &... | new-tests.go:35:12:35:58 | call to Sprintf |
 | new-tests.go:39:18:39:30 | call to Param | new-tests.go:47:11:47:46 | ...+... |
 | new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... |
 | new-tests.go:62:2:62:39 | ... := ...[0] | new-tests.go:63:17:63:23 | reqBody |
 | new-tests.go:62:31:62:38 | selection of Body | file://:0:0:0:0 | parameter 0 of ReadAll |
 | new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] |
 | new-tests.go:63:17:63:23 | reqBody | file://:0:0:0:0 | parameter 0 of Unmarshal |
 | new-tests.go:63:17:63:23 | reqBody | new-tests.go:63:26:63:30 | &... |
-| new-tests.go:63:26:63:30 | &... | new-tests.go:68:48:68:56 | selection of word |
-| new-tests.go:63:26:63:30 | &... | new-tests.go:69:48:69:56 | selection of safe |
-| new-tests.go:63:26:63:30 | &... | new-tests.go:74:49:74:57 | selection of word |
-| new-tests.go:68:48:68:56 | selection of word | file://:0:0:0:0 | parameter 1 of Sprintf |
-| new-tests.go:68:48:68:56 | selection of word | new-tests.go:68:11:68:57 | call to Sprintf |
-| new-tests.go:69:48:69:56 | selection of safe | file://:0:0:0:0 | parameter 1 of Sprintf |
-| new-tests.go:69:48:69:56 | selection of safe | new-tests.go:69:11:69:57 | call to Sprintf |
-| new-tests.go:74:49:74:57 | selection of word | file://:0:0:0:0 | parameter 1 of Sprintf |
-| new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | call to Sprintf |
+| new-tests.go:63:26:63:30 | &... | new-tests.go:68:11:68:57 | call to Sprintf |
+| new-tests.go:63:26:63:30 | &... | new-tests.go:69:11:69:57 | call to Sprintf |
+| new-tests.go:63:26:63:30 | &... | new-tests.go:74:12:74:58 | call to Sprintf |
 | new-tests.go:78:18:78:24 | selection of URL | file://:0:0:0:0 | parameter -1 of Query |
 | new-tests.go:78:18:78:24 | selection of URL | new-tests.go:78:18:78:32 | call to Query |
 | new-tests.go:78:18:78:32 | call to Query | file://:0:0:0:0 | parameter -1 of Get |
@@ -61,21 +48,16 @@ nodes
 | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | semmle.label | [summary] to write: return (return[0]) in Get |
 | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | semmle.label | [summary] to write: return (return[0]) in Query |
 | file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll | semmle.label | [summary] to write: return (return[0]) in ReadAll |
-| file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | semmle.label | [summary] to write: return (return[0]) in Sprintf |
 | file://:0:0:0:0 | [summary] to write: return (return[0]) in TrimPrefix | semmle.label | [summary] to write: return (return[0]) in TrimPrefix |
 | file://:0:0:0:0 | parameter 0 of ReadAll | semmle.label | parameter 0 of ReadAll |
 | file://:0:0:0:0 | parameter 0 of TrimPrefix | semmle.label | parameter 0 of TrimPrefix |
 | file://:0:0:0:0 | parameter 0 of Unmarshal | semmle.label | parameter 0 of Unmarshal |
-| file://:0:0:0:0 | parameter 1 of Sprintf | semmle.label | parameter 1 of Sprintf |
 | file://:0:0:0:0 | parameter -1 of Get | semmle.label | parameter -1 of Get |
 | file://:0:0:0:0 | parameter -1 of Query | semmle.label | parameter -1 of Query |
 | new-tests.go:26:26:26:30 | &... | semmle.label | &... |
 | new-tests.go:31:11:31:57 | call to Sprintf | semmle.label | call to Sprintf |
-| new-tests.go:31:48:31:56 | selection of word | semmle.label | selection of word |
 | new-tests.go:32:11:32:57 | call to Sprintf | semmle.label | call to Sprintf |
-| new-tests.go:32:48:32:56 | selection of safe | semmle.label | selection of safe |
 | new-tests.go:35:12:35:58 | call to Sprintf | semmle.label | call to Sprintf |
-| new-tests.go:35:49:35:57 | selection of word | semmle.label | selection of word |
 | new-tests.go:39:18:39:30 | call to Param | semmle.label | call to Param |
 | new-tests.go:47:11:47:46 | ...+... | semmle.label | ...+... |
 | new-tests.go:49:18:49:30 | call to Query | semmle.label | call to Query |
@@ -85,11 +67,8 @@ nodes
 | new-tests.go:63:17:63:23 | reqBody | semmle.label | reqBody |
 | new-tests.go:63:26:63:30 | &... | semmle.label | &... |
 | new-tests.go:68:11:68:57 | call to Sprintf | semmle.label | call to Sprintf |
-| new-tests.go:68:48:68:56 | selection of word | semmle.label | selection of word |
 | new-tests.go:69:11:69:57 | call to Sprintf | semmle.label | call to Sprintf |
-| new-tests.go:69:48:69:56 | selection of safe | semmle.label | selection of safe |
 | new-tests.go:74:12:74:58 | call to Sprintf | semmle.label | call to Sprintf |
-| new-tests.go:74:49:74:57 | selection of word | semmle.label | selection of word |
 | new-tests.go:78:18:78:24 | selection of URL | semmle.label | selection of URL |
 | new-tests.go:78:18:78:32 | call to Query | semmle.label | call to Query |
 | new-tests.go:78:18:78:46 | call to Get | semmle.label | call to Get |
@@ -103,14 +82,8 @@ nodes
 | new-tests.go:95:18:95:45 | call to URLParam | semmle.label | call to URLParam |
 | new-tests.go:96:11:96:46 | ...+... | semmle.label | ...+... |
 subpaths
-| new-tests.go:31:48:31:56 | selection of word | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | new-tests.go:31:11:31:57 | call to Sprintf |
-| new-tests.go:32:48:32:56 | selection of safe | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | new-tests.go:32:11:32:57 | call to Sprintf |
-| new-tests.go:35:49:35:57 | selection of word | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | new-tests.go:35:12:35:58 | call to Sprintf |
 | new-tests.go:62:31:62:38 | selection of Body | file://:0:0:0:0 | parameter 0 of ReadAll | file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll | new-tests.go:62:2:62:39 | ... := ...[0] |
 | new-tests.go:63:17:63:23 | reqBody | file://:0:0:0:0 | parameter 0 of Unmarshal | file://:0:0:0:0 | [summary] to write: argument 1 in Unmarshal | new-tests.go:63:26:63:30 | &... |
-| new-tests.go:68:48:68:56 | selection of word | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | new-tests.go:68:11:68:57 | call to Sprintf |
-| new-tests.go:69:48:69:56 | selection of safe | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | new-tests.go:69:11:69:57 | call to Sprintf |
-| new-tests.go:74:49:74:57 | selection of word | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | new-tests.go:74:12:74:58 | call to Sprintf |
 | new-tests.go:78:18:78:24 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | new-tests.go:78:18:78:32 | call to Query |
 | new-tests.go:78:18:78:32 | call to Query | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | new-tests.go:78:18:78:46 | call to Get |
 | new-tests.go:81:37:81:48 | selection of Path | file://:0:0:0:0 | parameter 0 of TrimPrefix | file://:0:0:0:0 | [summary] to write: return (return[0]) in TrimPrefix | new-tests.go:81:18:81:67 | call to TrimPrefix |
 
@@ -1,14 +1,21 @@
 edges
-| TaintedPath.go:13:18:13:22 | selection of URL | TaintedPath.go:16:29:16:40 | tainted_path |
-| TaintedPath.go:13:18:13:22 | selection of URL | TaintedPath.go:20:28:20:69 | call to Join |
+| TaintedPath.go:13:18:13:22 | selection of URL | TaintedPath.go:13:18:13:30 | call to Query |
+| TaintedPath.go:13:18:13:22 | selection of URL | file://:0:0:0:0 | parameter -1 of Query |
+| TaintedPath.go:13:18:13:30 | call to Query | TaintedPath.go:16:29:16:40 | tainted_path |
+| TaintedPath.go:13:18:13:30 | call to Query | TaintedPath.go:20:28:20:69 | call to Join |
+| file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query |
 | tst.go:14:2:14:39 | ... := ...[1] | tst.go:17:41:17:56 | selection of Filename |
 nodes
 | TaintedPath.go:13:18:13:22 | selection of URL | semmle.label | selection of URL |
+| TaintedPath.go:13:18:13:30 | call to Query | semmle.label | call to Query |
 | TaintedPath.go:16:29:16:40 | tainted_path | semmle.label | tainted_path |
 | TaintedPath.go:20:28:20:69 | call to Join | semmle.label | call to Join |
+| file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | semmle.label | [summary] to write: return (return[0]) in Query |
+| file://:0:0:0:0 | parameter -1 of Query | semmle.label | parameter -1 of Query |
 | tst.go:14:2:14:39 | ... := ...[1] | semmle.label | ... := ...[1] |
 | tst.go:17:41:17:56 | selection of Filename | semmle.label | selection of Filename |
 subpaths
+| TaintedPath.go:13:18:13:22 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | TaintedPath.go:13:18:13:30 | call to Query |
 #select
 | TaintedPath.go:16:29:16:40 | tainted_path | TaintedPath.go:13:18:13:22 | selection of URL | TaintedPath.go:16:29:16:40 | tainted_path | This path depends on a $@. | TaintedPath.go:13:18:13:22 | selection of URL | user-provided value |
 | TaintedPath.go:20:28:20:69 | call to Join | TaintedPath.go:13:18:13:22 | selection of URL | TaintedPath.go:20:28:20:69 | call to Join | This path depends on a $@. | TaintedPath.go:13:18:13:22 | selection of URL | user-provided value |
 
@@ -4,8 +4,15 @@ edges
 | UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name |
 | UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate |
 | UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate |
-| ZipSlip.go:11:2:15:2 | range statement[1] | ZipSlip.go:14:20:14:20 | p |
-| tarslip.go:15:2:15:30 | ... := ...[0] | tarslip.go:16:14:16:34 | call to Dir |
+| ZipSlip.go:11:2:15:2 | range statement[1] | ZipSlip.go:12:24:12:29 | selection of Name |
+| ZipSlip.go:12:3:12:30 | ... := ...[0] | ZipSlip.go:14:20:14:20 | p |
+| ZipSlip.go:12:24:12:29 | selection of Name | ZipSlip.go:12:3:12:30 | ... := ...[0] |
+| ZipSlip.go:12:24:12:29 | selection of Name | file://:0:0:0:0 | parameter 0 of Abs |
+| file://:0:0:0:0 | parameter 0 of Abs | file://:0:0:0:0 | [summary] to write: return (return[0]) in Abs |
+| file://:0:0:0:0 | parameter 0 of Dir | file://:0:0:0:0 | [summary] to write: return (return[0]) in Dir |
+| tarslip.go:15:2:15:30 | ... := ...[0] | tarslip.go:16:23:16:33 | selection of Name |
+| tarslip.go:16:23:16:33 | selection of Name | file://:0:0:0:0 | parameter 0 of Dir |
+| tarslip.go:16:23:16:33 | selection of Name | tarslip.go:16:14:16:34 | call to Dir |
 | tst.go:23:2:43:2 | range statement[1] | tst.go:29:20:29:23 | path |
 nodes
 | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate | semmle.label | definition of candidate |
@@ -14,12 +21,21 @@ nodes
 | UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname | semmle.label | selection of Linkname |
 | UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name | semmle.label | selection of Name |
 | ZipSlip.go:11:2:15:2 | range statement[1] | semmle.label | range statement[1] |
+| ZipSlip.go:12:3:12:30 | ... := ...[0] | semmle.label | ... := ...[0] |
+| ZipSlip.go:12:24:12:29 | selection of Name | semmle.label | selection of Name |
 | ZipSlip.go:14:20:14:20 | p | semmle.label | p |
+| file://:0:0:0:0 | [summary] to write: return (return[0]) in Abs | semmle.label | [summary] to write: return (return[0]) in Abs |
+| file://:0:0:0:0 | [summary] to write: return (return[0]) in Dir | semmle.label | [summary] to write: return (return[0]) in Dir |
+| file://:0:0:0:0 | parameter 0 of Abs | semmle.label | parameter 0 of Abs |
+| file://:0:0:0:0 | parameter 0 of Dir | semmle.label | parameter 0 of Dir |
 | tarslip.go:15:2:15:30 | ... := ...[0] | semmle.label | ... := ...[0] |
 | tarslip.go:16:14:16:34 | call to Dir | semmle.label | call to Dir |
+| tarslip.go:16:23:16:33 | selection of Name | semmle.label | selection of Name |
 | tst.go:23:2:43:2 | range statement[1] | semmle.label | range statement[1] |
 | tst.go:29:20:29:23 | path | semmle.label | path |
 subpaths
+| ZipSlip.go:12:24:12:29 | selection of Name | file://:0:0:0:0 | parameter 0 of Abs | file://:0:0:0:0 | [summary] to write: return (return[0]) in Abs | ZipSlip.go:12:3:12:30 | ... := ...[0] |
+| tarslip.go:16:23:16:33 | selection of Name | file://:0:0:0:0 | parameter 0 of Dir | file://:0:0:0:0 | [summary] to write: return (return[0]) in Dir | tarslip.go:16:14:16:34 | call to Dir |
 #select
 | UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | Unsanitized archive entry, which may contain '..', is used in a $@. | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | file system operation |
 | ZipSlip.go:11:2:15:2 | range statement[1] | ZipSlip.go:11:2:15:2 | range statement[1] | ZipSlip.go:14:20:14:20 | p | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.go:14:20:14:20 | p | file system operation |