File tree 4 files changed +37
-0
lines changed
go/ql/test/library-tests/semmle/go/frameworks/Stdlib
4 files changed +37
-0
lines changed Original file line number Diff line number Diff line change 1+ package main
2+
3+ import "mime/multipart"
4+
5+ func MimeMultipartSources (fh * multipart.FileHeader , form * multipart.Form ) {
6+ tainted1 , _ := fh .Open ()
7+ sink (tainted1 ) // $ hasValueFlow="tainted1"
8+ sink (fh .Filename ) // $ hasValueFlow="selection of Filename"
9+ sink (fh .Header ) // $ hasValueFlow="selection of Header"
10+ sink (form .Value ) // $ hasValueFlow="selection of Value"
11+ }
Original file line number Diff line number Diff line change 1+ import go
2+ import TestUtilities.InlineFlowTest
3+
4+ module TestConfig implements DataFlow:: ConfigSig {
5+ predicate isSource ( DataFlow:: Node source ) {
6+ source = any ( Function f | f .getName ( ) = "source" ) .getACall ( ) .getResult ( ) or
7+ source instanceof RemoteFlowSource
8+ }
9+
10+ predicate isSink ( DataFlow:: Node sink ) {
11+ sink = any ( Function f | f .getName ( ) = "sink" ) .getACall ( ) .getAnArgument ( )
12+ }
13+ }
14+
15+ import FlowTest< TestConfig , TestConfig >
Original file line number Diff line number Diff line change 1+ package main
2+
3+ func main () {}
4+
5+ func source () interface {} {
6+ return nil
7+ }
8+
9+ func sink (v interface {}) {}
10+
11+ func link (from interface {}, into interface {}) {}
You can’t perform that action at this time.
0 commit comments