Skip to content

Commit 4c411bb

Browse files
owen-mcowen-mc
committed
Convert hand-rolled inline expectations test
1 parent f591987 commit 4c411bb

7 files changed

Lines changed: 95 additions & 228 deletions

File tree

go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.qlref

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,4 @@
11
query: Security/CWE-918/RequestForgery.ql
2-
postprocess: utils/test/PrettyPrintModels.ql
2+
postprocess:
3+
- utils/test/PrettyPrintModels.ql
4+
- utils/test/InlineExpectationsTestQuery.ql

go/ql/test/library-tests/semmle/go/frameworks/Twirp/client/main.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ import (
99
)
1010

1111
func main() {
12-
client := notes.NewNotesServiceProtobufClient("http://localhost:8000", &http.Client{}) // test: ssrfSink
12+
client := notes.NewNotesServiceProtobufClient("http://localhost:8000", &http.Client{}) // $ ssrfSink
1313

1414
ctx := context.Background()
1515

go/ql/test/library-tests/semmle/go/frameworks/Twirp/rpc/notes/service.pb.go

Lines changed: 5 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

go/ql/test/library-tests/semmle/go/frameworks/Twirp/rpc/notes/service.twirp.go

Lines changed: 18 additions & 18 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

go/ql/test/library-tests/semmle/go/frameworks/Twirp/server/main.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ type notesService struct {
1616
CurrentId int32
1717
}
1818

19-
func (s *notesService) CreateNote(ctx context.Context, params *notes.CreateNoteParams) (*notes.Note, error) { // test: routeHandler, request
19+
func (s *notesService) CreateNote(ctx context.Context, params *notes.CreateNoteParams) (*notes.Note, error) { // $ Source request handler // route handler
2020
if len(params.Text) < 4 {
2121
return nil, twirp.InvalidArgument.Error("Text should be min 4 characters.")
2222
}
@@ -27,8 +27,8 @@ func (s *notesService) CreateNote(ctx context.Context, params *notes.CreateNoteP
2727
CreatedAt: time.Now().UnixMilli(),
2828
}
2929

30-
notes.NewNotesServiceProtobufClient(params.Text, &http.Client{}) // test: ssrfSink, ssrf
31-
notes.NewNotesServiceProtobufClient(strconv.FormatInt(int64(s.CurrentId), 10), &http.Client{}) // test: ssrfSink, !ssrf
30+
notes.NewNotesServiceProtobufClient(params.Text, &http.Client{}) // $ Alert ssrfSink ssrf
31+
notes.NewNotesServiceProtobufClient(strconv.FormatInt(int64(s.CurrentId), 10), &http.Client{}) // $ ssrfSink // not ssrf
3232

3333
s.Notes = append(s.Notes, note)
3434

@@ -37,7 +37,7 @@ func (s *notesService) CreateNote(ctx context.Context, params *notes.CreateNoteP
3737
return &note, nil
3838
}
3939

40-
func (s *notesService) GetAllNotes(ctx context.Context, params *notes.GetAllNotesParams) (*notes.GetAllNotesResult, error) { // test: routeHandler, request
40+
func (s *notesService) GetAllNotes(ctx context.Context, params *notes.GetAllNotesParams) (*notes.GetAllNotesResult, error) { // $ request handler // route handler
4141
allNotes := make([]*notes.Note, 0)
4242

4343
fmt.Println(params)
@@ -57,7 +57,7 @@ func main() {
5757
mux := http.NewServeMux()
5858
mux.Handle(notesServer.PathPrefix(), notesServer)
5959

60-
err := http.ListenAndServe(":8000", notesServer) // test: !ssrfSink
60+
err := http.ListenAndServe(":8000", notesServer) // not ssrfSink
6161
if err != nil {
6262
panic(err)
6363
}

go/ql/test/library-tests/semmle/go/frameworks/Twirp/tests.expected

Lines changed: 1 addition & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -1,32 +1,2 @@
11
invalidModelRow
2-
passingPositiveTests
3-
| PASSED | clientConstructor | rpc/notes/service.twirp.go:53:114:53:139 | comment |
4-
| PASSED | clientConstructor | rpc/notes/service.twirp.go:192:110:192:135 | comment |
5-
| PASSED | message | rpc/notes/service.pb.go:23:20:23:35 | comment |
6-
| PASSED | message | rpc/notes/service.pb.go:86:32:86:47 | comment |
7-
| PASSED | message | rpc/notes/service.pb.go:133:33:133:48 | comment |
8-
| PASSED | message | rpc/notes/service.pb.go:171:33:171:48 | comment |
9-
| PASSED | request | server/main.go:19:111:19:140 | comment |
10-
| PASSED | request | server/main.go:40:126:40:155 | comment |
11-
| PASSED | serverConstructor | rpc/notes/service.twirp.go:334:81:334:106 | comment |
12-
| PASSED | serviceClient | rpc/notes/service.twirp.go:44:42:44:63 | comment |
13-
| PASSED | serviceClient | rpc/notes/service.twirp.go:183:38:183:59 | comment |
14-
| PASSED | serviceInterface | rpc/notes/service.twirp.go:34:31:34:55 | comment |
15-
| PASSED | serviceServer | rpc/notes/service.twirp.go:322:34:322:55 | comment |
16-
| PASSED | ssrf | server/main.go:30:97:30:119 | comment |
17-
| PASSED | ssrfSink | client/main.go:12:89:12:105 | comment |
18-
| PASSED | ssrfSink | server/main.go:30:97:30:119 | comment |
19-
| PASSED | ssrfSink | server/main.go:31:97:31:120 | comment |
20-
failingPositiveTests
21-
passingNegativeTests
22-
| PASSED | !handler | rpc/notes/service.twirp.go:87:109:87:125 | comment |
23-
| PASSED | !handler | rpc/notes/service.twirp.go:116:113:116:129 | comment |
24-
| PASSED | !handler | rpc/notes/service.twirp.go:133:124:133:140 | comment |
25-
| PASSED | !handler | rpc/notes/service.twirp.go:162:128:162:144 | comment |
26-
| PASSED | !handler | rpc/notes/service.twirp.go:226:105:226:121 | comment |
27-
| PASSED | !handler | rpc/notes/service.twirp.go:255:109:255:125 | comment |
28-
| PASSED | !handler | rpc/notes/service.twirp.go:272:120:272:136 | comment |
29-
| PASSED | !handler | rpc/notes/service.twirp.go:301:124:301:140 | comment |
30-
| PASSED | !ssrf | server/main.go:31:97:31:120 | comment |
31-
| PASSED | !ssrfSink | server/main.go:60:51:60:68 | comment |
32-
failingNegativeTests
2+
testFailures

0 commit comments

Comments
 (0)