Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 77b8103

Browse files
smowtonsmowton
committed
Adapt tests not to depend on TaintTracking::FunctionModel
1 parent 2e70fad commit 77b8103

1 file changed

Lines changed: 46 additions & 5 deletions

File tree

  • go/ql/test/library-tests/semmle/go/frameworks/Yaml

go/ql/test/library-tests/semmle/go/frameworks/Yaml/tests.ql

Lines changed: 46 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,59 @@
11
import go
22
import TestUtilities.InlineExpectationsTest
33

4+
predicate isYamlFunction(Function f) {
5+
f.hasQualifiedName(package("gopkg.in/yaml", ""), _)
6+
or
7+
f.(Method).hasQualifiedName(package("gopkg.in/yaml", ""), _, _)
8+
}
9+
10+
DataFlow::CallNode getAYamlCall() {
11+
isYamlFunction(result.getACalleeIncludingExternals().asFunction())
12+
}
13+
14+
class TaintTransitsFunctionConfig extends TaintTracking::Configuration {
15+
TaintTransitsFunctionConfig() { this = "TaintTransitsFunctionConfig" }
16+
17+
predicate isSourceSinkPair(DataFlow::Node inNode, DataFlow::Node outNode) {
18+
exists(DataFlow::CallNode cn | cn = getAYamlCall() |
19+
inNode = [cn.getAnArgument(), cn.getReceiver()] and
20+
(
21+
outNode.(DataFlow::PostUpdateNode).getPreUpdateNode() =
22+
[cn.getAnArgument(), cn.getReceiver()]
23+
or
24+
outNode = cn.getAResult()
25+
)
26+
)
27+
}
28+
29+
override predicate isSource(DataFlow::Node n) { isSourceSinkPair(n, _) }
30+
31+
override predicate isSink(DataFlow::Node n) { isSourceSinkPair(_, n) }
32+
}
33+
434
class TaintFunctionModelTest extends InlineExpectationsTest {
535
TaintFunctionModelTest() { this = "TaintFunctionModelTest" }
636

737
override string getARelevantTag() { result = "ttfnmodelstep" }
838

939
override predicate hasActualResult(Location location, string element, string tag, string value) {
1040
tag = "ttfnmodelstep" and
11-
exists(TaintTracking::FunctionModel model, DataFlow::CallNode call | call = model.getACall() |
12-
call.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
13-
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
14-
element = call.toString() and
15-
value = "\"" + model.getAnInputNode(call) + " -> " + model.getAnOutputNode(call) + "\""
41+
(
42+
exists(TaintTracking::FunctionModel model, DataFlow::CallNode call | call = model.getACall() |
43+
call.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
44+
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
45+
element = call.toString() and
46+
value = "\"" + model.getAnInputNode(call) + " -> " + model.getAnOutputNode(call) + "\""
47+
)
48+
or
49+
exists(TaintTransitsFunctionConfig config, DataFlow::Node arg, DataFlow::Node output |
50+
config.hasFlow(arg, output) and
51+
config.isSourceSinkPair(arg, output) and
52+
arg.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
53+
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
54+
element = arg.toString() and
55+
value = "\"" + arg + " -> " + output + "\""
56+
)
1657
)
1758
}
1859
}

0 commit comments

Comments
 (0)