Add taint flow tests for clear

Author: mbg

go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/Builtin.go

@@ -0,0 +1,16 @@
+package main
+
+import "net/http"
+
+func clearTestBad(sourceReq *http.Request) string {
+	b := make([]byte, 8)
+	sourceReq.Body.Read(b)
+	return string(b)
+}
+
+func clearTestGood(sourceReq *http.Request) string {
+	b := make([]byte, 8)
+	sourceReq.Body.Read(b)
+	clear(b) // should prevent taint flow
+	return string(b)
+}

go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected

@@ -0,0 +1,10 @@
+edges
+| Builtin.go:6:2:6:2 | definition of b | Builtin.go:8:9:8:17 | type conversion |
+| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b |
+nodes
+| Builtin.go:6:2:6:2 | definition of b | semmle.label | definition of b |
+| Builtin.go:7:2:7:15 | selection of Body | semmle.label | selection of Body |
+| Builtin.go:8:9:8:17 | type conversion | semmle.label | type conversion |
+subpaths
+#select
+| Builtin.go:8:9:8:17 | type conversion | Builtin.go:7:2:7:15 | selection of Body | Builtin.go:8:9:8:17 | type conversion | Found taint flow |

go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.ql

@@ -0,0 +1,20 @@
+/**
+ * @description Check that DefaultTaintSanitizer instances prevent taint flow.
+ * @kind path-problem
+ */
+
+import go
+
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node n) { n instanceof UntrustedFlowSource }
+
+  predicate isSink(DataFlow::Node n) { any(ReturnStmt s).getAnExpr() = n.asExpr() }
+}
+
+module Flow = TaintTracking::Global<Config>;
+
+import Flow::PathGraph
+
+from Flow::PathNode source, Flow::PathNode sink
+where Flow::flowPath(source, sink)
+select sink.getNode(), source, sink, "Found taint flow"