Skip to content

Commit 5ad892e

Browse files
owen-mcowen-mc
committed
For now, accept lost result due to missing flow to variable capture
The result listed here is valid but we don't find it because we still have a jump step from the definition of an `SsaVariable` to the `SsaCaptureVariable`, rather than from the last use before the capture. See for example `reqContent` on line 543 of go/ql/test/library-tests/semmle/go/frameworks/Twirp/rpc/notes/service.twirp.go . there is a use on line 544, which taints it, and a capture variable on line 574, but the jump step goes from 543 to 574, skipping 544.
1 parent 714e1d6 commit 5ad892e

File tree

1 file changed

+3
-34
lines changed

1 file changed

+3
-34
lines changed

go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected

Lines changed: 3 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -1,46 +1,15 @@
11
#select
2-
| server/main.go:30:38:30:48 | selection of Text | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | user-provided value |
32
| server/main.go:30:38:30:48 | selection of Text | server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | server/main.go:19:56:19:61 | definition of params | user-provided value |
43
edges
54
| client/main.go:16:35:16:78 | &... | server/main.go:19:56:19:61 | definition of params | provenance | |
6-
| rpc/notes/service.twirp.go:473:6:473:13 | definition of typedReq | rpc/notes/service.twirp.go:477:44:477:51 | typedReq | provenance | |
7-
| rpc/notes/service.twirp.go:477:44:477:51 | typedReq | server/main.go:19:56:19:61 | definition of params | provenance | |
8-
| rpc/notes/service.twirp.go:493:2:496:2 | capture variable reqContent | rpc/notes/service.twirp.go:495:35:495:44 | reqContent | provenance | |
9-
| rpc/notes/service.twirp.go:495:35:495:44 | reqContent | server/main.go:19:56:19:61 | definition of params | provenance | |
10-
| rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | rpc/notes/service.twirp.go:544:27:544:29 | buf | provenance | |
11-
| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | provenance | Src:MaD:1 MaD:3 |
12-
| rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | provenance | |
13-
| rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | provenance | MaD:2 |
14-
| rpc/notes/service.twirp.go:554:6:554:13 | definition of typedReq | rpc/notes/service.twirp.go:558:44:558:51 | typedReq | provenance | |
15-
| rpc/notes/service.twirp.go:558:44:558:51 | typedReq | server/main.go:19:56:19:61 | definition of params | provenance | |
16-
| rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | provenance | |
17-
| rpc/notes/service.twirp.go:576:35:576:44 | reqContent | server/main.go:19:56:19:61 | definition of params | provenance | |
5+
| client/main.go:16:35:16:78 | &... [postupdate] | client/main.go:16:35:16:78 | &... | provenance | |
186
| server/main.go:19:56:19:61 | definition of params | server/main.go:19:56:19:61 | definition of params [Return] | provenance | |
197
| server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | provenance | |
208
| server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | provenance | |
21-
| server/main.go:19:56:19:61 | definition of params [Return] | client/main.go:16:35:16:78 | &... | provenance | |
22-
| server/main.go:19:56:19:61 | definition of params [Return] | rpc/notes/service.twirp.go:473:6:473:13 | definition of typedReq | provenance | |
23-
| server/main.go:19:56:19:61 | definition of params [Return] | rpc/notes/service.twirp.go:493:2:496:2 | capture variable reqContent | provenance | |
24-
| server/main.go:19:56:19:61 | definition of params [Return] | rpc/notes/service.twirp.go:554:6:554:13 | definition of typedReq | provenance | |
25-
| server/main.go:19:56:19:61 | definition of params [Return] | rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | provenance | |
26-
models
27-
| 1 | Source: net/http; Request; true; Body; ; ; ; remote; manual |
28-
| 2 | Summary: google.golang.org/protobuf/proto; ; false; Unmarshal; ; ; Argument[0]; Argument[1]; taint; manual |
29-
| 3 | Summary: io; ; false; ReadAll; ; ; Argument[0]; ReturnValue[0]; taint; manual |
9+
| server/main.go:19:56:19:61 | definition of params [Return] | client/main.go:16:35:16:78 | &... [postupdate] | provenance | |
3010
nodes
3111
| client/main.go:16:35:16:78 | &... | semmle.label | &... |
32-
| rpc/notes/service.twirp.go:473:6:473:13 | definition of typedReq | semmle.label | definition of typedReq |
33-
| rpc/notes/service.twirp.go:477:44:477:51 | typedReq | semmle.label | typedReq |
34-
| rpc/notes/service.twirp.go:493:2:496:2 | capture variable reqContent | semmle.label | capture variable reqContent |
35-
| rpc/notes/service.twirp.go:495:35:495:44 | reqContent | semmle.label | reqContent |
36-
| rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | semmle.label | ... := ...[0] |
37-
| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | semmle.label | selection of Body |
38-
| rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | semmle.label | definition of reqContent |
39-
| rpc/notes/service.twirp.go:544:27:544:29 | buf | semmle.label | buf |
40-
| rpc/notes/service.twirp.go:554:6:554:13 | definition of typedReq | semmle.label | definition of typedReq |
41-
| rpc/notes/service.twirp.go:558:44:558:51 | typedReq | semmle.label | typedReq |
42-
| rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | semmle.label | capture variable reqContent |
43-
| rpc/notes/service.twirp.go:576:35:576:44 | reqContent | semmle.label | reqContent |
12+
| client/main.go:16:35:16:78 | &... [postupdate] | semmle.label | &... [postupdate] |
4413
| server/main.go:19:56:19:61 | definition of params | semmle.label | definition of params |
4514
| server/main.go:19:56:19:61 | definition of params | semmle.label | definition of params |
4615
| server/main.go:19:56:19:61 | definition of params [Return] | semmle.label | definition of params [Return] |

0 commit comments

Comments
 (0)