Skip to content
This repository was archived by the owner on Jan 5, 2023. It is now read-only.

Commit 7773828

Browse files
author
Max Schaefer
committed
Fix frontend errors in ql/test/library-tests/semmle/go/frameworks/Websocket.
1 parent 7e314f0 commit 7773828

2 files changed

Lines changed: 9 additions & 10 deletions

File tree

ql/test/library-tests/semmle/go/frameworks/Websocket/DialFunction.expected

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
1-
| DialFunction.go:25:11:25:52 | call to Dial | DialFunction.go:25:26:25:39 | untrustedInput |
2-
| DialFunction.go:28:12:28:39 | call to DialConfig | DialFunction.go:27:35:27:48 | untrustedInput |
1+
| DialFunction.go:25:2:25:43 | call to Dial | DialFunction.go:25:17:25:30 | untrustedInput |
2+
| DialFunction.go:28:2:28:29 | call to DialConfig | DialFunction.go:27:35:27:48 | untrustedInput |
33
| DialFunction.go:30:2:30:49 | call to Dial | DialFunction.go:30:30:30:43 | untrustedInput |
4-
| DialFunction.go:33:2:33:38 | call to Dial | DialFunction.go:33:14:33:27 | untrustedInput |
5-
| DialFunction.go:35:2:35:61 | call to DialContext | DialFunction.go:35:37:35:50 | untrustedInput |
4+
| DialFunction.go:33:2:33:33 | call to Dial | DialFunction.go:33:14:33:27 | untrustedInput |
5+
| DialFunction.go:35:2:35:56 | call to DialContext | DialFunction.go:35:37:35:50 | untrustedInput |
66
| DialFunction.go:37:2:37:44 | call to Dial | DialFunction.go:37:30:37:43 | untrustedInput |
77
| DialFunction.go:40:2:40:45 | call to Dial | DialFunction.go:40:31:40:44 | untrustedInput |
88
| DialFunction.go:42:2:42:31 | call to BuildProxy | DialFunction.go:42:17:42:30 | untrustedInput |

ql/test/library-tests/semmle/go/frameworks/Websocket/DialFunction.go

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -17,22 +17,22 @@ import (
1717
)
1818

1919
func main() {
20-
untrustedInput := r.Referer()
20+
untrustedInput := "referrer"
2121

2222
origin := "http://localhost/"
2323

2424
// bad as input is directly passed to dial function
25-
ws, _ := websocket.Dial(untrustedInput, "", origin)
25+
websocket.Dial(untrustedInput, "", origin)
2626

2727
config, _ := websocket.NewConfig(untrustedInput, origin) // good
28-
ws2, _ := websocket.DialConfig(config)
28+
websocket.DialConfig(config)
2929

3030
nhooyr.Dial(context.TODO(), untrustedInput, nil)
3131

3232
dialer := gorilla.Dialer{}
33-
dialer.Dial(untrustedInput, r.Header)
33+
dialer.Dial(untrustedInput, nil)
3434

35-
dialer.DialContext(context.TODO(), untrustedInput, r.Header)
35+
dialer.DialContext(context.TODO(), untrustedInput, nil)
3636

3737
gobwas.Dial(context.TODO(), untrustedInput)
3838

@@ -41,5 +41,4 @@ func main() {
4141

4242
sac.BuildProxy(untrustedInput)
4343
sac.New(untrustedInput)
44-
4544
}

0 commit comments

Comments
 (0)