Add failing tests for ClearSanitizer

owen-mc · owen-mc · commit eec2aa82a690 · 2024-07-08T16:05:04.000+01:00
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/Builtin.go b/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/Builtin.go
@@ -8,9 +8,38 @@ func clearTestBad(sourceReq *http.Request) string {
 	return string(b)
 }
 
+func clearTestBad2(sourceReq *http.Request, x bool) string {
+	b := make([]byte, 8)
+	sourceReq.Body.Read(b)
+	if x {
+		clear(b)
+	}
+	return string(b)
+}
+
+func clearTestBad3(sourceReq *http.Request, x bool) string {
+	b := make([]byte, 8)
+	sourceReq.Body.Read(b)
+	if x {
+		return string(b)
+	}
+	clear(b)
+	return string(b)
+}
+
 func clearTestGood(sourceReq *http.Request) string {
 	b := make([]byte, 8)
 	sourceReq.Body.Read(b)
 	clear(b) // should prevent taint flow
 	return string(b)
 }
+
+func clearTestGood2(sourceReq *http.Request, x bool) string {
+	b := make([]byte, 8)
+	sourceReq.Body.Read(b)
+	clear(b) // should prevent taint flow
+	if x {
+		return string(b)
+	}
+	return ""
+}
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected b/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected
@@ -1,10 +1,22 @@
 edges
 | Builtin.go:6:2:6:2 | definition of b | Builtin.go:8:9:8:17 | type conversion | provenance |  |
 | Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | MaD:626 |
+| Builtin.go:12:2:12:2 | definition of b | Builtin.go:17:9:17:17 | type conversion | provenance |  |
+| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:12:2:12:2 | definition of b | provenance | MaD:626 |
+| Builtin.go:21:2:21:2 | definition of b | Builtin.go:24:10:24:18 | type conversion | provenance |  |
+| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:21:2:21:2 | definition of b | provenance | MaD:626 |
 nodes
 | Builtin.go:6:2:6:2 | definition of b | semmle.label | definition of b |
 | Builtin.go:7:2:7:15 | selection of Body | semmle.label | selection of Body |
 | Builtin.go:8:9:8:17 | type conversion | semmle.label | type conversion |
+| Builtin.go:12:2:12:2 | definition of b | semmle.label | definition of b |
+| Builtin.go:13:2:13:15 | selection of Body | semmle.label | selection of Body |
+| Builtin.go:17:9:17:17 | type conversion | semmle.label | type conversion |
+| Builtin.go:21:2:21:2 | definition of b | semmle.label | definition of b |
+| Builtin.go:22:2:22:15 | selection of Body | semmle.label | selection of Body |
+| Builtin.go:24:10:24:18 | type conversion | semmle.label | type conversion |
 subpaths
 #select
 | Builtin.go:8:9:8:17 | type conversion | Builtin.go:7:2:7:15 | selection of Body | Builtin.go:8:9:8:17 | type conversion | Found taint flow |
+| Builtin.go:17:9:17:17 | type conversion | Builtin.go:13:2:13:15 | selection of Body | Builtin.go:17:9:17:17 | type conversion | Found taint flow |
+| Builtin.go:24:10:24:18 | type conversion | Builtin.go:22:2:22:15 | selection of Body | Builtin.go:24:10:24:18 | type conversion | Found taint flow |
