Add modern-API variants of tests

smowton · smowton · commit 42d6250b8d80 · 2020-09-04T15:14:49.000+01:00
diff --git a/ql/test/library-tests/semmle/go/frameworks/Protobuf/FunctionModel.expected b/ql/test/library-tests/semmle/go/frameworks/Protobuf/FunctionModel.expected
@@ -31,3 +31,12 @@
 | testModernApi.go:75:53:75:57 | query | testModernApi.go:74:2:74:11 | definition of emptyArray |
 | testModernApi.go:75:53:75:57 | query | testModernApi.go:75:2:75:58 | ... := ...[0] |
 | testModernApi.go:87:12:87:16 | query | testModernApi.go:87:12:87:31 | call to ProtoReflect |
+| testModernApi.go:101:24:101:35 | selection of Alerts | testModernApi.go:101:17:101:43 | call to append |
+| testModernApi.go:101:38:101:42 | alert | testModernApi.go:101:17:101:43 | call to append |
+| testModernApi.go:103:33:103:37 | query | testModernApi.go:103:2:103:38 | ... := ...[0] |
+| testModernApi.go:112:24:112:35 | selection of Alerts | testModernApi.go:112:17:112:43 | call to append |
+| testModernApi.go:112:38:112:42 | alert | testModernApi.go:112:17:112:43 | call to append |
+| testModernApi.go:115:33:115:37 | query | testModernApi.go:115:2:115:38 | ... := ...[0] |
+| testModernApi.go:123:18:123:36 | untrustedSerialized | testModernApi.go:122:2:122:6 | definition of query |
+| testModernApi.go:143:33:143:37 | query | testModernApi.go:143:2:143:38 | ... := ...[0] |
+| testModernApi.go:154:33:154:37 | query | testModernApi.go:154:2:154:38 | ... := ...[0] |
diff --git a/ql/test/library-tests/semmle/go/frameworks/Protobuf/TaintFlows.expected b/ql/test/library-tests/semmle/go/frameworks/Protobuf/TaintFlows.expected
@@ -15,3 +15,8 @@
 | testModernApi.go:47:23:47:42 | call to getUntrustedString : string | testModernApi.go:54:12:54:21 | serialized |
 | testModernApi.go:59:22:59:41 | call to getUntrustedString : string | testModernApi.go:64:12:64:21 | serialized |
 | testModernApi.go:71:22:71:41 | call to getUntrustedString : string | testModernApi.go:77:12:77:21 | serialized |
+| testModernApi.go:98:14:98:33 | call to getUntrustedString : string | testModernApi.go:105:12:105:21 | serialized |
+| testModernApi.go:113:24:113:43 | call to getUntrustedString : string | testModernApi.go:117:12:117:21 | serialized |
+| testModernApi.go:121:25:121:43 | call to getUntrustedBytes : slice type | testModernApi.go:125:13:125:31 | selection of Msg |
+| testModernApi.go:132:22:132:41 | call to getUntrustedString : string | testModernApi.go:133:13:133:20 | selection of Id |
+| testModernApi.go:140:22:140:41 | call to getUntrustedString : string | testModernApi.go:145:12:145:21 | serialized |
diff --git a/ql/test/library-tests/semmle/go/frameworks/Protobuf/testModernApi.go b/ql/test/library-tests/semmle/go/frameworks/Protobuf/testModernApi.go
@@ -92,3 +92,66 @@ func testMarshalState() {
 
 	sinkBytes(serialized.Buf)
 }
+
+func testTaintedSubmessageModern() {
+	alert := &query.Query_Alert{}
+	alert.Msg = getUntrustedString()
+
+	query := &query.Query{}
+	query.Alerts = append(query.Alerts, alert)
+
+	serialized, _ := proto.Marshal(query)
+
+	sinkBytes(serialized) // BAD
+}
+
+func testTaintedSubmessageInPlaceModern() {
+	alert := &query.Query_Alert{}
+
+	query := &query.Query{}
+	query.Alerts = append(query.Alerts, alert)
+	query.Alerts[0].Msg = getUntrustedString()
+
+	serialized, _ := proto.Marshal(query)
+
+	sinkBytes(serialized) // BAD
+}
+
+func testUnmarshalTaintedSubmessageModern() {
+	untrustedSerialized := getUntrustedBytes()
+	query := &query.Query{}
+	proto.Unmarshal(untrustedSerialized, query)
+
+	sinkString(query.Alerts[0].Msg) // BAD
+}
+
+// This test should be ok, but is flagged because writing taint to a field of a Message
+// taints the entire Message structure in our current implementation.
+func testFieldConflationFalsePositiveModern() {
+	query := &query.Query{}
+	query.Description = getUntrustedString()
+	sinkString(query.Id) // OK (but incorrectly tainted)
+}
+
+// This test should be ok, but it flagged because our current implementation doesn't notice
+// that the taint applied to `query` is overwritten.
+func testMessageReuseFalsePositiveModern() {
+	query := &query.Query{}
+	query.Description = getUntrustedString()
+	query.Description = "clean"
+
+	serialized, _ := proto.Marshal(query)
+
+	sinkBytes(serialized) // OK (but incorrectly tainted)
+}
+
+// This test should be flagged, but we don't notice tainting via an alias of a field.
+func testSubmessageAliasFalseNegativeModern() {
+	query := &query.Query{}
+	alias := &query.Description
+	*alias = getUntrustedString()
+
+	serialized, _ := proto.Marshal(query)
+
+	sinkBytes(serialized) // BAD (but not noticed by our current implementation)
+}
