Skip to content

Commit 55422d2

Browse files
egregius313egregius313
committed
mongodb tests
1 parent 9a7f14f commit 55422d2

File tree

4 files changed

+606
-0
lines changed

4 files changed

+606
-0
lines changed

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,4 +5,5 @@ go 1.22.5
55
require (
66
gorm.io/gorm v1.23.0
77
github.com/jmoiron/sqlx v1.4.0
8+
go.mongodb.org/mongo-driver/mongo v1.17.2
89
)

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_mongo_driver_mongo.go

Lines changed: 106 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,106 @@
1+
package test
2+
3+
import (
4+
"context"
5+
6+
"go.mongodb.org/mongo-driver/mongo"
7+
)
8+
9+
func test_mongo_driver_mongo_collection(coll *mongo.Collection, ctx context.Context, pipeline any) {
10+
cursor, err := coll.Aggregate(ctx, pipeline) // $ source
11+
if err != nil {
12+
return
13+
}
14+
15+
var users []User
16+
17+
err = cursor.All(ctx, &users)
18+
19+
sink(users) // $ hasTaintFlow="users"
20+
21+
distinct, err := coll.Distinct(ctx, "name", nil) // $ source
22+
if err != nil {
23+
return
24+
}
25+
26+
sink(distinct) // $ hasTaintFlow="distinct"
27+
28+
cursor2, err := coll.Find(ctx, nil) // $ source
29+
if err != nil {
30+
return
31+
}
32+
33+
sink(cursor2) // $ hasTaintFlow="cursor2"
34+
35+
var user1, user2, user3, user4 User
36+
37+
single1 := coll.FindOne(ctx, nil) // $ source
38+
if err != nil {
39+
return
40+
}
41+
42+
single1.Decode(&user1)
43+
44+
sink(user1) // $ hasTaintFlow="user1"
45+
46+
single2 := coll.FindOneAndDelete(ctx, nil) // $ source
47+
if err != nil {
48+
return
49+
}
50+
51+
single2.Decode(&user2)
52+
53+
sink(user2) // $ hasTaintFlow="user2"
54+
55+
single3 := coll.FindOneAndReplace(ctx, nil) // $ source
56+
if err != nil {
57+
return
58+
}
59+
60+
single3.Decode(&user3)
61+
62+
sink(user3) // $ hasTaintFlow="user3"
63+
64+
single4 := coll.FindOneAndUpdate(ctx, nil, nil) // $ source
65+
if err != nil {
66+
return
67+
}
68+
69+
single4.Decode(&user4)
70+
71+
sink(user4) // $ hasTaintFlow="user4"
72+
73+
changeStream, err := coll.Watch(ctx, pipeline) // $ source
74+
if err != nil {
75+
return
76+
}
77+
78+
for changeStream.Next(ctx) {
79+
var userCs User
80+
changeStream.Decode(&userCs)
81+
sink(userCs) // $ hasTaintFlow="userCs"
82+
}
83+
}
84+
85+
func test_mongo_driver_mongo_database(db *mongo.Database, ctx context.Context, pipeline any) {
86+
agg, err := db.Aggregate(ctx, pipeline) // $ source
87+
88+
if err != nil {
89+
return
90+
}
91+
92+
var user User
93+
agg.Decode(&user)
94+
sink(user) // $ hasTaintFlow="user"
95+
96+
changeStream, err := db.Watch(ctx, pipeline) // $ source
97+
if err != nil {
98+
return
99+
}
100+
101+
for changeStream.Next(ctx) {
102+
var userCs User
103+
changeStream.Decode(&userCs)
104+
sink(userCs) // $ hasTaintFlow="userCs"
105+
}
106+
}

0 commit comments

Comments
 (0)