Order DB, NamedStmt, Stmt, Tx in tests

egregius313 · egregius313 · commit e7f99cdfb737 · 2025-01-08T10:25:54.000-05:00
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_jmoiron_sqlx.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_jmoiron_sqlx.go
@@ -102,11 +102,11 @@ func test_sqlx_DB(db *sqlx.DB) {
 	db.Select(&user5, "SELECT * FROM users WHERE id = 1") // $ source
 }
 
-func test_sqlx_Tx(tx *sqlx.Tx) {
-	example, err := tx.Query("SELECT * FROM users") // $ source
+func test_sqlx_NamedStmt(stmt *sqlx.NamedStmt) {
+	example, err := stmt.Query("SELECT * FROM users") // $ source
 	ignore(example, err)
 
-	rows, err := tx.Queryx("SELECT * FROM users") // $ source
+	rows, err := stmt.Queryx("SELECT * FROM users") // $ source
 
 	if err != nil {
 		return
@@ -136,7 +136,7 @@ func test_sqlx_Tx(tx *sqlx.Tx) {
 		sink(user) // $ hasTaintFlow="user"
 	}
 
-	row := tx.QueryRowx("SELECT * FROM users WHERE id = 1") // $ source
+	row := stmt.QueryRowx("SELECT * FROM users WHERE id = 1") // $ source
 
 	userMap := make(map[string]interface{})
 	row.MapScan(userMap)
@@ -149,19 +149,13 @@ func test_sqlx_Tx(tx *sqlx.Tx) {
 	sink(user) // $ hasTaintFlow="user"
 
 	var user2 User
-	tx.Get(&user2, "SELECT * FROM users WHERE id = 1") // $ source
+	stmt.Get(&user2, "SELECT * FROM users WHERE id = 1") // $ source
 
 	var user3 User
-	tx.GetContext(nil, &user3, "SELECT * FROM users WHERE id = 1") // $ source
+	stmt.GetContext(nil, &user3, "SELECT * FROM users WHERE id = 1") // $ source
 
 	var user4 User
-	rows, err = tx.NamedQuery("SELECT * FROM users WHERE id = :id", map[string]any{"id": 1}) // $ source
-	ignore(err)
-	rows.StructScan(&user4)
-	sink(user4) // $ hasTaintFlow="user4"
-
-	var user5 User
-	tx.Select(&user5, "SELECT * FROM users WHERE id = 1") // $ source
+	stmt.Select(&user4, "SELECT * FROM users WHERE id = 1") // $ source
 }
 
 func test_sqlx_Stmt(stmt *sqlx.Stmt) {
@@ -220,11 +214,11 @@ func test_sqlx_Stmt(stmt *sqlx.Stmt) {
 	stmt.Select(&user4, "SELECT * FROM users WHERE id = 1") // $ source
 }
 
-func test_sqlx_NamedStmt(stmt *sqlx.NamedStmt) {
-	example, err := stmt.Query("SELECT * FROM users") // $ source
+func test_sqlx_Tx(tx *sqlx.Tx) {
+	example, err := tx.Query("SELECT * FROM users") // $ source
 	ignore(example, err)
 
-	rows, err := stmt.Queryx("SELECT * FROM users") // $ source
+	rows, err := tx.Queryx("SELECT * FROM users") // $ source
 
 	if err != nil {
 		return
@@ -254,7 +248,7 @@ func test_sqlx_NamedStmt(stmt *sqlx.NamedStmt) {
 		sink(user) // $ hasTaintFlow="user"
 	}
 
-	row := stmt.QueryRowx("SELECT * FROM users WHERE id = 1") // $ source
+	row := tx.QueryRowx("SELECT * FROM users WHERE id = 1") // $ source
 
 	userMap := make(map[string]interface{})
 	row.MapScan(userMap)
@@ -267,11 +261,17 @@ func test_sqlx_NamedStmt(stmt *sqlx.NamedStmt) {
 	sink(user) // $ hasTaintFlow="user"
 
 	var user2 User
-	stmt.Get(&user2, "SELECT * FROM users WHERE id = 1") // $ source
+	tx.Get(&user2, "SELECT * FROM users WHERE id = 1") // $ source
 
 	var user3 User
-	stmt.GetContext(nil, &user3, "SELECT * FROM users WHERE id = 1") // $ source
+	tx.GetContext(nil, &user3, "SELECT * FROM users WHERE id = 1") // $ source
 
 	var user4 User
-	stmt.Select(&user4, "SELECT * FROM users WHERE id = 1") // $ source
+	rows, err = tx.NamedQuery("SELECT * FROM users WHERE id = :id", map[string]any{"id": 1}) // $ source
+	ignore(err)
+	rows.StructScan(&user4)
+	sink(user4) // $ hasTaintFlow="user4"
+
+	var user5 User
+	tx.Select(&user5, "SELECT * FROM users WHERE id = 1") // $ source
 }
