Add test showing false-negative for MarshalState

smowton · smowton · commit c2ff2df403f7 · 2020-09-04T15:14:49.000+01:00
diff --git a/ql/test/library-tests/semmle/go/frameworks/Protobuf/FunctionModel.expected b/ql/test/library-tests/semmle/go/frameworks/Protobuf/FunctionModel.expected
@@ -40,3 +40,4 @@
 | testModernApi.go:123:18:123:36 | untrustedSerialized | testModernApi.go:122:2:122:6 | definition of query |
 | testModernApi.go:143:33:143:37 | query | testModernApi.go:143:2:143:38 | ... := ...[0] |
 | testModernApi.go:154:33:154:37 | query | testModernApi.go:154:2:154:38 | ... := ...[0] |
+| testModernApi.go:168:12:168:16 | query | testModernApi.go:168:12:168:31 | call to ProtoReflect |
diff --git a/ql/test/library-tests/semmle/go/frameworks/Protobuf/testModernApi.go b/ql/test/library-tests/semmle/go/frameworks/Protobuf/testModernApi.go
@@ -155,3 +155,22 @@ func testSubmessageAliasFalseNegativeModern() {
 
 	sinkBytes(serialized) // BAD (but not noticed by our current implementation)
 }
+
+// This test should be flagged, but we don't notice that marshalState2.Message is the
+// same as marshalState.Message.
+func testMarshalStateFalseNegative() {
+	query := &query.Query{}
+	query.Description = getUntrustedString()
+
+	options := proto.MarshalOptions{}
+	emptyArray := []byte{}
+	marshalState := protoiface.MarshalInput{
+		Message: query.ProtoReflect(),
+		Buf:     emptyArray,
+		Flags:   0,
+	}
+	marshalState2 := marshalState
+	serialized, _ := options.MarshalState(marshalState2)
+
+	sinkBytes(serialized.Buf) // BAD (but not noticed by our current implementation)
+}
