Add more flow tests for external flow

Author: owen-mc

ql/test/library-tests/semmle/go/dataflow/ExternalFlow/completetest.ql

@@ -14,8 +14,15 @@ class SummaryModelTest extends SummaryModelCsv {
     row =
       [
         //`namespace; type; subtypes; name; signature; ext; input; output; kind`
+        "github.com/nonexistent/test;T;false;StepArgRes;;;Argument[0];ReturnValue;taint",
+        "github.com/nonexistent/test;T;false;StepArgRes1;;;Argument[0];ReturnValue[1];taint",
+        "github.com/nonexistent/test;T;false;StepArgArg;;;Argument[0];Argument[1];taint",
+        "github.com/nonexistent/test;T;false;StepArgQual;;;Argument[0];Argument[-1];taint",
+        "github.com/nonexistent/test;T;false;StepQualRes;;;Argument[-1];ReturnValue;taint",
+        "github.com/nonexistent/test;T;false;StepQualArg;;;Argument[-1];Argument[0];taint",
+        "github.com/nonexistent/test;;false;StepArgResNoQual;;;Argument[0];ReturnValue;taint",
         "github.com/nonexistent/test;;false;StepArgResContent;;;Argument[0];ArrayElement of ReturnValue;taint",
-        "github.com/nonexistent/test;T;false;StepArgRes;;;Argument[0];ReturnValue;taint"
+        "github.com/nonexistent/test;;false;StepArgContentRes;;;ArrayElement of Argument[0];ReturnValue;taint",
       ]
   }
 }

ql/test/library-tests/semmle/go/dataflow/ExternalFlow/sinks.expected

@@ -1,6 +1,13 @@
 invalidModelRow
 #select
-| test.go:40:10:40:12 | arg | qltest |
-| test.go:55:10:55:14 | taint | qltest |
-| test.go:66:10:66:17 | index expression | qltest |
-| test.go:78:10:78:17 | index expression | qltest |
+| test.go:43:10:43:12 | arg | qltest |
+| test.go:57:10:57:15 | taint1 | qltest |
+| test.go:60:10:60:15 | taint2 | qltest |
+| test.go:64:10:64:15 | taint3 | qltest |
+| test.go:68:10:68:15 | taint4 | qltest |
+| test.go:71:10:71:15 | taint5 | qltest |
+| test.go:75:10:75:15 | taint6 | qltest |
+| test.go:78:10:78:15 | taint7 | qltest |
+| test.go:81:10:81:18 | index expression | qltest |
+| test.go:85:10:85:15 | taint9 | qltest |
+| test.go:89:10:89:17 | index expression | qltest |

ql/test/library-tests/semmle/go/dataflow/ExternalFlow/srcs.expected

@@ -1,14 +1,12 @@
 invalidModelRow
 #select
-| test.go:11:6:11:8 | definition of arg | qltest-arg |
-| test.go:28:6:28:6 | definition of a | qltest-arg |
-| test.go:31:8:31:15 | call to Src1 | qltest |
-| test.go:32:8:32:15 | call to Src2 | qltest |
-| test.go:32:8:32:15 | call to Src2 | qltest-w-subtypes |
-| test.go:33:8:33:16 | call to Src2 | qltest-w-subtypes |
-| test.go:34:2:34:21 | ... = ...[0] | qltest |
-| test.go:34:2:34:21 | ... = ...[1] | qltest-w-subtypes |
-| test.go:35:2:35:22 | ... = ...[1] | qltest-w-subtypes |
-| test.go:51:9:51:16 | call to Src1 | qltest |
-| test.go:62:9:62:16 | call to Src1 | qltest |
-| test.go:73:9:73:16 | call to Src1 | qltest |
+| test.go:12:6:12:8 | definition of arg | qltest-arg |
+| test.go:31:6:31:6 | definition of a | qltest-arg |
+| test.go:34:8:34:15 | call to Src1 | qltest |
+| test.go:35:8:35:15 | call to Src2 | qltest |
+| test.go:35:8:35:15 | call to Src2 | qltest-w-subtypes |
+| test.go:36:8:36:16 | call to Src2 | qltest-w-subtypes |
+| test.go:37:2:37:21 | ... = ...[0] | qltest |
+| test.go:37:2:37:21 | ... = ...[1] | qltest-w-subtypes |
+| test.go:38:2:38:22 | ... = ...[1] | qltest-w-subtypes |
+| test.go:54:9:54:16 | call to Src1 | qltest |

ql/test/library-tests/semmle/go/dataflow/ExternalFlow/steps.expected

@@ -1,10 +1,16 @@
 invalidModelRow
 #select
-| test.go:16:23:16:25 | arg | test.go:16:10:16:26 | call to StepArgRes |
-| test.go:17:27:17:29 | arg | test.go:17:2:17:30 | ... = ...[1] |
-| test.go:18:15:18:17 | arg | test.go:12:6:12:9 | definition of arg1 |
-| test.go:19:16:19:18 | arg | test.go:13:6:13:6 | definition of t |
-| test.go:20:10:20:10 | t | test.go:20:10:20:24 | call to StepQualRes |
-| test.go:21:2:21:2 | t | test.go:11:6:11:8 | definition of arg |
-| test.go:22:32:22:34 | arg | test.go:22:10:22:35 | call to StepArgResNoQual |
-| test.go:53:24:53:26 | src | test.go:53:11:53:27 | call to StepArgRes |
+| test.go:19:23:19:25 | arg | test.go:19:10:19:26 | call to StepArgRes |
+| test.go:20:27:20:29 | arg | test.go:20:2:20:30 | ... = ...[1] |
+| test.go:21:15:21:17 | arg | test.go:13:6:13:9 | definition of arg1 |
+| test.go:22:16:22:18 | arg | test.go:15:6:15:6 | definition of t |
+| test.go:23:10:23:10 | t | test.go:23:10:23:24 | call to StepQualRes |
+| test.go:24:2:24:2 | t | test.go:12:6:12:8 | definition of arg |
+| test.go:25:32:25:34 | arg | test.go:25:10:25:35 | call to StepArgResNoQual |
+| test.go:56:25:56:27 | src | test.go:56:12:56:28 | call to StepArgRes |
+| test.go:59:29:59:31 | src | test.go:59:2:59:32 | ... := ...[1] |
+| test.go:63:15:63:17 | src | test.go:62:6:62:11 | definition of taint3 |
+| test.go:67:21:67:23 | src | test.go:66:6:66:11 | definition of taint4 |
+| test.go:70:13:70:25 | type assertion | test.go:70:12:70:40 | call to StepQualRes |
+| test.go:74:3:74:15 | type assertion | test.go:73:6:73:11 | definition of taint6 |
+| test.go:77:34:77:36 | src | test.go:77:12:77:37 | call to StepArgResNoQual |

ql/test/library-tests/semmle/go/dataflow/ExternalFlow/steps.ql

@@ -16,7 +16,7 @@ class SummaryModelTest extends SummaryModelCsv {
         "github.com/nonexistent/test;T;false;StepQualRes;;;Argument[-1];ReturnValue;taint",
         "github.com/nonexistent/test;T;false;StepQualArg;;;Argument[-1];Argument[0];taint",
         "github.com/nonexistent/test;;false;StepArgResNoQual;;;Argument[0];ReturnValue;taint",
-        "github.com/nonexistent/test;;false;StepArgResContent;;;Argument[0];Element of ReturnValue;taint",
+        "github.com/nonexistent/test;;false;StepArgResContent;;;Argument[0];ArrayElement of ReturnValue;taint",
         "github.com/nonexistent/test;;false;StepArgContentRes;;;ArrayElement of Argument[0];ReturnValue;taint"
       ]
   }

ql/test/library-tests/semmle/go/dataflow/ExternalFlow/test.go

@@ -1,17 +1,20 @@
 package main
 
 import (
-	"github.com/nonexistent/test"
 	"io"
+
+	"github.com/nonexistent/test"
 )
 
 func use(args ...interface{}) {}
 
 func main() {
 	var arg interface{}
 	var arg1 interface{}
+	var array []interface{}
 	var t *test.T
 	var taint interface{}
+	var taintSlice []interface{}
 
 	taint = t.StepArgRes(arg)
 	_, taint = t.StepArgRes1(arg)
@@ -20,8 +23,8 @@ func main() {
 	taint = t.StepQualRes()
 	t.StepQualArg(arg)
 	taint = test.StepArgResNoQual(arg)
-	taint = test.StepArgResContent(arg)
-	taint = test.StepArgContentRes(arg)
+	taintSlice = test.StepArgResContent(arg)
+	taint = test.StepArgContentRes(array)
 
 	var src interface{}
 	var src1 interface{}
@@ -40,7 +43,7 @@ func main() {
 	b.Sink1(arg)
 	b.SinkMethod().(io.Writer).Write(arg.([]byte))
 
-	use(arg, arg1, t, taint, src, src1)
+	use(arg, arg1, t, taint, taintSlice, src, src1)
 }
 
 func simpleflow() {
@@ -50,30 +53,38 @@ func simpleflow() {
 
 	src := a.Src1()
 
-	taint := t.StepArgRes(src)
+	taint1 := t.StepArgRes(src)
+	b.Sink1(taint1) // $ hasTaintFlow="taint1"
 
-	b.Sink1(taint) // $ hasTaintFlow="taint"
-}
+	_, taint2 := t.StepArgRes1(src)
+	b.Sink1(taint2) // $ hasTaintFlow="taint2"
 
-func simpleflow1() {
-	var a test.A
-	var b test.B
+	var taint3 interface{}
+	t.StepArgArg(src, taint3)
+	b.Sink1(taint3) // $ hasTaintFlow="taint3"
 
-	src := a.Src1()
+	var taint4 test.T
+	taint4.StepArgQual(src)
+	b.Sink1(taint4) // $ hasTaintFlow="taint4"
 
-	taint := test.StepArgResContent(src)
+	taint5 := (src.(*test.T)).StepQualRes()
+	b.Sink1(taint5) // $ hasTaintFlow="taint5"
 
-	b.Sink1(taint[0]) // $ hasTaintFlow="index expression"
-}
+	var taint6 interface{}
+	(src.(*test.T)).StepQualArg(taint6)
+	b.Sink1(taint6) // $ hasTaintFlow="taint6"
 
-func contentflow() {
-	var a test.A
-	var b test.B
+	taint7 := test.StepArgResNoQual(src)
+	b.Sink1(taint7) // $ hasTaintFlow="taint7"
 
-	src := a.Src1()
+	taint8 := test.StepArgResContent(src)
+	b.Sink1(taint8[0]) // $ hasTaintFlow="index expression"
+
+	srcArray := []interface{}{nil, src}
+	taint9 := test.StepArgContentRes(srcArray)
+	b.Sink1(taint9) // $ hasTaintFlow="taint9"
 
 	slice := make([]interface{}, 0)
 	slice = append(slice, src)
-
 	b.Sink1(slice[0]) // $ hasTaintFlow="index expression"
 }