github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Updated .expected files

This commit is contained in:
Owen Mansel-Chan 2024-08-01 13:12:21 +01:00
Родитель cbe54717f6
Коммит 8325c4c69c
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 67E427E02E6DA1B8
6 изменённых файлов: 331 добавлений и 177 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

374
go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected
Просмотреть файл

@ -1,105 +1,279 @@
#select
| test.go:35:13:35:30 | type conversion | test.go:33:6:33:10 | definition of bound | test.go:35:13:35:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:33:6:33:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:36:13:36:27 | type conversion | test.go:33:6:33:10 | definition of bound | test.go:36:13:36:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:33:6:33:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:37:13:37:29 | type conversion | test.go:33:6:33:10 | definition of bound | test.go:37:13:37:29 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:33:6:33:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:42:13:42:43 | type conversion | test.go:42:20:42:42 | call to Cookie | test.go:42:13:42:43 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:42:20:42:42 | call to Cookie | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:47:13:47:52 | type conversion | test.go:47:20:47:31 | call to Data | test.go:47:13:47:52 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:47:20:47:31 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:52:13:52:53 | type conversion | test.go:52:20:52:43 | call to GetData | test.go:52:13:52:53 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:52:20:52:43 | call to GetData | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:57:13:57:43 | type conversion | test.go:57:20:57:42 | call to Header | test.go:57:13:57:43 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:57:20:57:42 | call to Header | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:62:13:62:42 | type conversion | test.go:62:20:62:41 | call to Param | test.go:62:13:62:42 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:62:20:62:41 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:67:13:67:45 | type conversion | test.go:67:20:67:33 | call to Params | test.go:67:13:67:45 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:67:20:67:33 | call to Params | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:72:13:72:42 | type conversion | test.go:72:20:72:41 | call to Query | test.go:72:13:72:42 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:72:20:72:41 | call to Query | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:77:13:77:33 | type conversion | test.go:77:20:77:32 | call to Refer | test.go:77:13:77:33 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:77:20:77:32 | call to Refer | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:82:13:82:35 | type conversion | test.go:82:20:82:34 | call to Referer | test.go:82:13:82:35 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:82:20:82:34 | call to Referer | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:87:13:87:31 | type conversion | test.go:87:20:87:30 | call to URI | test.go:87:13:87:31 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:87:20:87:30 | call to URI | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:92:13:92:31 | type conversion | test.go:92:20:92:30 | call to URL | test.go:92:13:92:31 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:92:20:92:30 | call to URL | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:97:13:97:37 | type conversion | test.go:97:20:97:36 | call to UserAgent | test.go:97:13:97:37 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:97:20:97:36 | call to UserAgent | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:102:14:102:45 | type assertion | test.go:102:14:102:25 | call to Data | test.go:102:14:102:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:102:14:102:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:114:14:114:45 | type assertion | test.go:114:14:114:25 | call to Data | test.go:114:14:114:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:114:14:114:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:126:14:126:45 | type assertion | test.go:126:14:126:25 | call to Data | test.go:126:14:126:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:126:14:126:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:143:23:143:62 | type assertion | test.go:143:23:143:42 | call to Data | test.go:143:23:143:62 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:143:23:143:42 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:200:14:200:55 | type conversion | test.go:199:15:199:26 | call to Data | test.go:200:14:200:55 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:199:15:199:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:201:14:201:58 | type conversion | test.go:199:15:199:26 | call to Data | test.go:201:14:201:58 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:199:15:199:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:203:14:203:28 | type assertion | test.go:199:15:199:26 | call to Data | test.go:203:14:203:28 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:199:15:199:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:204:14:204:55 | type conversion | test.go:199:15:199:26 | call to Data | test.go:204:14:204:55 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:199:15:199:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:205:14:205:59 | type conversion | test.go:199:15:199:26 | call to Data | test.go:205:14:205:59 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:199:15:199:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:209:14:209:28 | type conversion | test.go:208:18:208:33 | selection of Form | test.go:209:14:209:28 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:208:18:208:33 | selection of Form | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:224:14:224:32 | type conversion | test.go:223:2:223:34 | ... := ...[1] | test.go:224:14:224:32 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:223:2:223:34 | ... := ...[1] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:226:14:226:20 | content | test.go:223:2:223:34 | ... := ...[0] | test.go:226:14:226:20 | content | Cross-site scripting vulnerability due to $@. | test.go:223:2:223:34 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:229:14:229:38 | type conversion | test.go:228:2:228:40 | ... := ...[0] | test.go:229:14:229:38 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:228:2:228:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:232:14:232:22 | type conversion | test.go:231:7:231:28 | call to GetString | test.go:232:14:232:22 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:231:7:231:28 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:235:14:235:26 | type conversion | test.go:234:8:234:35 | call to GetStrings | test.go:235:14:235:26 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:234:8:234:35 | call to GetStrings | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:238:14:238:27 | type conversion | test.go:237:9:237:17 | call to Input | test.go:238:14:238:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:237:9:237:17 | call to Input | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:242:14:242:30 | type conversion | test.go:240:6:240:8 | definition of str | test.go:242:14:242:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:240:6:240:8 | definition of str | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:249:21:249:29 | untrusted | test.go:246:15:246:36 | call to GetString | test.go:249:21:249:29 | untrusted | Cross-site scripting vulnerability due to $@. | test.go:246:15:246:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:259:16:259:45 | type conversion | test.go:259:23:259:44 | call to GetCookie | test.go:259:16:259:45 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:259:23:259:44 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:264:16:264:37 | call to GetCookie | test.go:264:16:264:37 | call to GetCookie | test.go:264:16:264:37 | call to GetCookie | Cross-site scripting vulnerability due to $@. | test.go:264:16:264:37 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:265:15:265:41 | call to GetCookie | test.go:265:15:265:41 | call to GetCookie | test.go:265:15:265:41 | call to GetCookie | Cross-site scripting vulnerability due to $@. | test.go:265:15:265:41 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:270:55:270:84 | type conversion | test.go:270:62:270:83 | call to GetCookie | test.go:270:55:270:84 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:270:62:270:83 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:283:21:283:61 | call to GetDisplayString | test.go:275:2:275:40 | ... := ...[0] | test.go:283:21:283:61 | call to GetDisplayString | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:284:21:284:92 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:284:21:284:92 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:285:21:285:96 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:285:21:285:96 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:290:3:292:80 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:290:3:292:80 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:293:21:293:101 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:293:21:293:101 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:294:21:294:101 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:294:21:294:101 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:295:21:295:97 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:295:21:295:97 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:296:21:296:97 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:296:21:296:97 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:297:21:297:102 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:297:21:297:102 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:298:21:298:102 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:298:21:298:102 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:299:21:299:82 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:299:21:299:82 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:301:21:301:133 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:301:21:301:133 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:302:21:302:88 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:302:21:302:88 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:303:21:303:87 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:303:21:303:87 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:311:21:311:48 | type assertion | test.go:309:15:309:36 | call to GetString | test.go:311:21:311:48 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:309:15:309:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:312:21:312:52 | type assertion | test.go:309:15:309:36 | call to GetString | test.go:312:21:312:52 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:309:15:309:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | |
edges
| test.go:33:6:33:10 | definition of bound | test.go:35:13:35:30 | type conversion | provenance | Src:MaD:291 |
| test.go:33:6:33:10 | definition of bound | test.go:36:13:36:27 | type conversion | provenance | Src:MaD:291 |
| test.go:33:6:33:10 | definition of bound | test.go:37:13:37:29 | type conversion | provenance | Src:MaD:291 |
| test.go:42:20:42:42 | call to Cookie | test.go:42:13:42:43 | type conversion | provenance | Src:MaD:292 |
| test.go:47:20:47:31 | call to Data | test.go:47:13:47:52 | type conversion | provenance | Src:MaD:293 |
| test.go:52:20:52:43 | call to GetData | test.go:52:13:52:53 | type conversion | provenance | Src:MaD:294 |
| test.go:57:20:57:42 | call to Header | test.go:57:13:57:43 | type conversion | provenance | Src:MaD:295 |
| test.go:62:20:62:41 | call to Param | test.go:62:13:62:42 | type conversion | provenance | Src:MaD:296 |
| test.go:67:20:67:33 | call to Params | test.go:67:13:67:45 | type conversion | provenance | Src:MaD:297 |
| test.go:72:20:72:41 | call to Query | test.go:72:13:72:42 | type conversion | provenance | Src:MaD:298 |
| test.go:77:20:77:32 | call to Refer | test.go:77:13:77:33 | type conversion | provenance | Src:MaD:299 |
| test.go:82:20:82:34 | call to Referer | test.go:82:13:82:35 | type conversion | provenance | Src:MaD:300 |
| test.go:87:20:87:30 | call to URI | test.go:87:13:87:31 | type conversion | provenance | Src:MaD:302 |
| test.go:92:20:92:30 | call to URL | test.go:92:13:92:31 | type conversion | provenance | Src:MaD:303 |
| test.go:97:20:97:36 | call to UserAgent | test.go:97:13:97:37 | type conversion | provenance | Src:MaD:304 |
| test.go:102:14:102:25 | call to Data | test.go:102:14:102:45 | type assertion | provenance | Src:MaD:293 |
| test.go:114:14:114:25 | call to Data | test.go:114:14:114:45 | type assertion | provenance | Src:MaD:293 |
| test.go:126:14:126:25 | call to Data | test.go:126:14:126:45 | type assertion | provenance | Src:MaD:293 |
| test.go:143:23:143:42 | call to Data | test.go:143:23:143:62 | type assertion | provenance | Src:MaD:293 |
| test.go:199:15:199:26 | call to Data | test.go:200:36:200:53 | type assertion | provenance | Src:MaD:293 |
| test.go:199:15:199:26 | call to Data | test.go:201:39:201:56 | type assertion | provenance | Src:MaD:293 |
| test.go:199:15:199:26 | call to Data | test.go:202:28:202:56 | type assertion | provenance | Src:MaD:293 |
| test.go:199:15:199:26 | call to Data | test.go:204:36:204:53 | type assertion | provenance | Src:MaD:293 |
| test.go:199:15:199:26 | call to Data | test.go:205:34:205:51 | type assertion | provenance | Src:MaD:293 |
| test.go:33:6:33:10 | definition of bound | test.go:35:13:35:30 | type conversion | provenance | Src:MaD:14 |
| test.go:33:6:33:10 | definition of bound | test.go:36:13:36:27 | type conversion | provenance | Src:MaD:14 |
| test.go:33:6:33:10 | definition of bound | test.go:37:13:37:29 | type conversion | provenance | Src:MaD:14 |
| test.go:42:20:42:42 | call to Cookie | test.go:42:13:42:43 | type conversion | provenance | Src:MaD:15 |
| test.go:47:20:47:31 | call to Data | test.go:47:13:47:52 | type conversion | provenance | Src:MaD:16 |
| test.go:52:20:52:43 | call to GetData | test.go:52:13:52:53 | type conversion | provenance | Src:MaD:17 |
| test.go:57:20:57:42 | call to Header | test.go:57:13:57:43 | type conversion | provenance | Src:MaD:18 |
| test.go:62:20:62:41 | call to Param | test.go:62:13:62:42 | type conversion | provenance | Src:MaD:19 |
| test.go:67:20:67:33 | call to Params | test.go:67:13:67:45 | type conversion | provenance | Src:MaD:20 |
| test.go:72:20:72:41 | call to Query | test.go:72:13:72:42 | type conversion | provenance | Src:MaD:21 |
| test.go:77:20:77:32 | call to Refer | test.go:77:13:77:33 | type conversion | provenance | Src:MaD:22 |
| test.go:82:20:82:34 | call to Referer | test.go:82:13:82:35 | type conversion | provenance | Src:MaD:23 |
| test.go:87:20:87:30 | call to URI | test.go:87:13:87:31 | type conversion | provenance | Src:MaD:24 |
| test.go:92:20:92:30 | call to URL | test.go:92:13:92:31 | type conversion | provenance | Src:MaD:25 |
| test.go:97:20:97:36 | call to UserAgent | test.go:97:13:97:37 | type conversion | provenance | Src:MaD:26 |
| test.go:102:14:102:25 | call to Data | test.go:102:14:102:45 | type assertion | provenance | Src:MaD:16 |
| test.go:114:14:114:25 | call to Data | test.go:114:14:114:45 | type assertion | provenance | Src:MaD:16 |
| test.go:126:14:126:25 | call to Data | test.go:126:14:126:45 | type assertion | provenance | Src:MaD:16 |
| test.go:143:23:143:42 | call to Data | test.go:143:23:143:62 | type assertion | provenance | Src:MaD:16 |
| test.go:199:15:199:26 | call to Data | test.go:200:36:200:53 | type assertion | provenance | Src:MaD:16 |
| test.go:199:15:199:26 | call to Data | test.go:201:39:201:56 | type assertion | provenance | Src:MaD:16 |
| test.go:199:15:199:26 | call to Data | test.go:202:28:202:56 | type assertion | provenance | Src:MaD:16 |
| test.go:199:15:199:26 | call to Data | test.go:204:36:204:53 | type assertion | provenance | Src:MaD:16 |
| test.go:199:15:199:26 | call to Data | test.go:205:34:205:51 | type assertion | provenance | Src:MaD:16 |
| test.go:200:21:200:54 | call to HTML2str | test.go:200:14:200:55 | type conversion | provenance | |
| test.go:200:36:200:53 | type assertion | test.go:200:21:200:54 | call to HTML2str | provenance | MaD:309 |
| test.go:200:36:200:53 | type assertion | test.go:200:21:200:54 | call to HTML2str | provenance | MaD:28 |
| test.go:201:21:201:57 | call to Htmlunquote | test.go:201:14:201:58 | type conversion | provenance | |
| test.go:201:39:201:56 | type assertion | test.go:201:21:201:57 | call to Htmlunquote | provenance | MaD:311 |
| test.go:201:39:201:56 | type assertion | test.go:201:21:201:57 | call to Htmlunquote | provenance | MaD:29 |
| test.go:202:2:202:68 | ... := ...[0] | test.go:203:14:203:28 | type assertion | provenance | |
| test.go:202:28:202:56 | type assertion | test.go:202:2:202:68 | ... := ...[0] | provenance | MaD:312 |
| test.go:202:28:202:56 | type assertion | test.go:202:2:202:68 | ... := ...[0] | provenance | MaD:30 |
| test.go:204:21:204:54 | call to Str2html | test.go:204:14:204:55 | type conversion | provenance | |
| test.go:204:36:204:53 | type assertion | test.go:204:21:204:54 | call to Str2html | provenance | MaD:314 |
| test.go:204:36:204:53 | type assertion | test.go:204:21:204:54 | call to Str2html | provenance | MaD:32 |
| test.go:205:21:205:58 | call to Substr | test.go:205:14:205:59 | type conversion | provenance | |
| test.go:205:34:205:51 | type assertion | test.go:205:21:205:58 | call to Substr | provenance | MaD:315 |
| test.go:205:34:205:51 | type assertion | test.go:205:21:205:58 | call to Substr | provenance | MaD:33 |
| test.go:207:6:207:6 | definition of s | test.go:209:14:209:28 | type conversion | provenance | |
| test.go:208:18:208:33 | selection of Form | test.go:207:6:207:6 | definition of s | provenance | Src:MaD:867 MaD:313 |
| test.go:223:2:223:34 | ... := ...[0] | test.go:225:31:225:31 | f | provenance | Src:MaD:317 |
| test.go:223:2:223:34 | ... := ...[1] | test.go:224:14:224:32 | type conversion | provenance | Src:MaD:317 |
| test.go:208:18:208:33 | selection of Form | test.go:207:6:207:6 | definition of s | provenance | Src:MaD:41 MaD:31 |
| test.go:223:2:223:34 | ... := ...[0] | test.go:225:31:225:31 | f | provenance | Src:MaD:35 |
| test.go:223:2:223:34 | ... := ...[1] | test.go:224:14:224:32 | type conversion | provenance | Src:MaD:35 |
| test.go:225:2:225:32 | ... := ...[0] | test.go:226:14:226:20 | content | provenance | |
| test.go:225:31:225:31 | f | test.go:225:2:225:32 | ... := ...[0] | provenance | MaD:730 |
| test.go:228:2:228:40 | ... := ...[0] | test.go:229:14:229:38 | type conversion | provenance | Src:MaD:318 |
| test.go:231:7:231:28 | call to GetString | test.go:232:14:232:22 | type conversion | provenance | Src:MaD:319 |
| test.go:234:8:234:35 | call to GetStrings | test.go:235:14:235:26 | type conversion | provenance | Src:MaD:320 |
| test.go:237:9:237:17 | call to Input | test.go:238:14:238:27 | type conversion | provenance | Src:MaD:321 |
| test.go:240:6:240:8 | definition of str | test.go:242:14:242:30 | type conversion | provenance | Src:MaD:316 |
| test.go:246:15:246:36 | call to GetString | test.go:249:21:249:29 | untrusted | provenance | Src:MaD:319 |
| test.go:259:23:259:44 | call to GetCookie | test.go:259:16:259:45 | type conversion | provenance | Src:MaD:305 |
| test.go:270:62:270:83 | call to GetCookie | test.go:270:55:270:84 | type conversion | provenance | Src:MaD:305 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:278:21:278:28 | index expression | provenance | Src:MaD:318 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:283:44:283:60 | selection of Filename | provenance | Src:MaD:318 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:284:38:284:49 | genericFiles | provenance | Src:MaD:318 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:285:37:285:48 | genericFiles | provenance | Src:MaD:318 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:291:4:291:15 | genericFiles | provenance | Src:MaD:318 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:293:42:293:53 | genericFiles | provenance | Src:MaD:318 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:294:53:294:64 | genericFiles | provenance | Src:MaD:318 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:295:38:295:49 | genericFiles | provenance | Src:MaD:318 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:296:49:296:60 | genericFiles | provenance | Src:MaD:318 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:297:51:297:65 | index expression | provenance | Src:MaD:318 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:298:36:298:47 | genericFiles | provenance | Src:MaD:318 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:299:37:299:48 | genericFiles | provenance | Src:MaD:318 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:301:39:301:50 | genericFiles | provenance | Src:MaD:318 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:302:40:302:51 | genericFiles | provenance | Src:MaD:318 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:303:39:303:50 | genericFiles | provenance | Src:MaD:318 |
| test.go:225:31:225:31 | f | test.go:225:2:225:32 | ... := ...[0] | provenance | MaD:40 |
| test.go:228:2:228:40 | ... := ...[0] | test.go:229:14:229:38 | type conversion | provenance | Src:MaD:36 |
| test.go:231:7:231:28 | call to GetString | test.go:232:14:232:22 | type conversion | provenance | Src:MaD:37 |
| test.go:234:8:234:35 | call to GetStrings | test.go:235:14:235:26 | type conversion | provenance | Src:MaD:38 |
| test.go:237:9:237:17 | call to Input | test.go:238:14:238:27 | type conversion | provenance | Src:MaD:39 |
| test.go:240:6:240:8 | definition of str | test.go:242:14:242:30 | type conversion | provenance | Src:MaD:34 |
| test.go:246:15:246:36 | call to GetString | test.go:249:21:249:29 | untrusted | provenance | Src:MaD:37 |
| test.go:259:23:259:44 | call to GetCookie | test.go:259:16:259:45 | type conversion | provenance | Src:MaD:27 |
| test.go:270:62:270:83 | call to GetCookie | test.go:270:55:270:84 | type conversion | provenance | Src:MaD:27 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:278:21:278:28 | index expression | provenance | Src:MaD:36 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:283:44:283:60 | selection of Filename | provenance | Src:MaD:36 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:284:38:284:49 | genericFiles | provenance | Src:MaD:36 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:285:37:285:48 | genericFiles | provenance | Src:MaD:36 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:291:4:291:15 | genericFiles | provenance | Src:MaD:36 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:293:42:293:53 | genericFiles | provenance | Src:MaD:36 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:294:53:294:64 | genericFiles | provenance | Src:MaD:36 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:295:38:295:49 | genericFiles | provenance | Src:MaD:36 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:296:49:296:60 | genericFiles | provenance | Src:MaD:36 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:297:51:297:65 | index expression | provenance | Src:MaD:36 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:298:36:298:47 | genericFiles | provenance | Src:MaD:36 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:299:37:299:48 | genericFiles | provenance | Src:MaD:36 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:301:39:301:50 | genericFiles | provenance | Src:MaD:36 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:302:40:302:51 | genericFiles | provenance | Src:MaD:36 |
| test.go:275:2:275:40 | ... := ...[0] | test.go:303:39:303:50 | genericFiles | provenance | Src:MaD:36 |
| test.go:276:2:276:13 | definition of genericFiles [array] | test.go:297:51:297:62 | genericFiles [array] | provenance | |
| test.go:278:21:278:28 | index expression | test.go:276:2:276:13 | definition of genericFiles [array] | provenance | |
| test.go:283:44:283:60 | selection of Filename | test.go:283:21:283:61 | call to GetDisplayString | provenance | FunctionModel |
| test.go:284:21:284:53 | call to SliceChunk | test.go:284:21:284:92 | selection of Filename | provenance | |
| test.go:284:38:284:49 | genericFiles | test.go:284:21:284:53 | call to SliceChunk | provenance | MaD:274 |
| test.go:284:38:284:49 | genericFiles | test.go:284:21:284:53 | call to SliceChunk | provenance | MaD:1 |
| test.go:285:21:285:60 | call to SliceDiff | test.go:285:21:285:96 | selection of Filename | provenance | |
| test.go:285:37:285:48 | genericFiles | test.go:285:21:285:60 | call to SliceDiff | provenance | MaD:275 |
| test.go:285:37:285:48 | genericFiles | test.go:285:21:285:60 | call to SliceDiff | provenance | MaD:2 |
| test.go:290:3:292:44 | call to SliceFilter | test.go:290:3:292:80 | selection of Filename | provenance | |
| test.go:291:4:291:15 | genericFiles | test.go:290:3:292:44 | call to SliceFilter | provenance | MaD:276 |
| test.go:291:4:291:15 | genericFiles | test.go:290:3:292:44 | call to SliceFilter | provenance | MaD:3 |
| test.go:293:21:293:65 | call to SliceIntersect | test.go:293:21:293:101 | selection of Filename | provenance | |
| test.go:293:42:293:53 | genericFiles | test.go:293:21:293:65 | call to SliceIntersect | provenance | MaD:277 |
| test.go:293:42:293:53 | genericFiles | test.go:293:21:293:65 | call to SliceIntersect | provenance | MaD:4 |
| test.go:294:21:294:65 | call to SliceIntersect | test.go:294:21:294:101 | selection of Filename | provenance | |
| test.go:294:53:294:64 | genericFiles | test.go:294:21:294:65 | call to SliceIntersect | provenance | MaD:277 |
| test.go:294:53:294:64 | genericFiles | test.go:294:21:294:65 | call to SliceIntersect | provenance | MaD:4 |
| test.go:295:21:295:61 | call to SliceMerge | test.go:295:21:295:97 | selection of Filename | provenance | |
| test.go:295:38:295:49 | genericFiles | test.go:295:21:295:61 | call to SliceMerge | provenance | MaD:278 |
| test.go:295:38:295:49 | genericFiles | test.go:295:21:295:61 | call to SliceMerge | provenance | MaD:5 |
| test.go:296:21:296:61 | call to SliceMerge | test.go:296:21:296:97 | selection of Filename | provenance | |
| test.go:296:49:296:60 | genericFiles | test.go:296:21:296:61 | call to SliceMerge | provenance | MaD:278 |
| test.go:296:49:296:60 | genericFiles | test.go:296:21:296:61 | call to SliceMerge | provenance | MaD:5 |
| test.go:297:21:297:66 | call to SlicePad | test.go:297:21:297:102 | selection of Filename | provenance | |
| test.go:297:51:297:62 | genericFiles [array] | test.go:297:51:297:65 | index expression | provenance | |
| test.go:297:51:297:65 | index expression | test.go:297:21:297:66 | call to SlicePad | provenance | MaD:279 |
| test.go:297:51:297:65 | index expression | test.go:297:21:297:66 | call to SlicePad | provenance | MaD:6 |
| test.go:298:21:298:66 | call to SlicePad | test.go:298:21:298:102 | selection of Filename | provenance | |
| test.go:298:36:298:47 | genericFiles | test.go:298:21:298:66 | call to SlicePad | provenance | MaD:279 |
| test.go:298:36:298:47 | genericFiles | test.go:298:21:298:66 | call to SlicePad | provenance | MaD:6 |
| test.go:299:21:299:49 | call to SliceRand | test.go:299:21:299:82 | selection of Filename | provenance | |
| test.go:299:37:299:48 | genericFiles | test.go:299:21:299:49 | call to SliceRand | provenance | MaD:280 |
| test.go:299:37:299:48 | genericFiles | test.go:299:21:299:49 | call to SliceRand | provenance | MaD:7 |
| test.go:301:21:301:97 | call to SliceReduce | test.go:301:21:301:133 | selection of Filename | provenance | |
| test.go:301:39:301:50 | genericFiles | test.go:301:21:301:97 | call to SliceReduce | provenance | MaD:281 |
| test.go:301:39:301:50 | genericFiles | test.go:301:21:301:97 | call to SliceReduce | provenance | MaD:8 |
| test.go:302:21:302:52 | call to SliceShuffle | test.go:302:21:302:88 | selection of Filename | provenance | |
| test.go:302:40:302:51 | genericFiles | test.go:302:21:302:52 | call to SliceShuffle | provenance | MaD:282 |
| test.go:302:40:302:51 | genericFiles | test.go:302:21:302:52 | call to SliceShuffle | provenance | MaD:9 |
| test.go:303:21:303:51 | call to SliceUnique | test.go:303:21:303:87 | selection of Filename | provenance | |
| test.go:303:39:303:50 | genericFiles | test.go:303:21:303:51 | call to SliceUnique | provenance | MaD:283 |
| test.go:303:39:303:50 | genericFiles | test.go:303:21:303:51 | call to SliceUnique | provenance | MaD:10 |
| test.go:308:2:308:5 | definition of bMap | test.go:311:21:311:24 | bMap | provenance | |
| test.go:308:2:308:5 | definition of bMap | test.go:312:21:312:24 | bMap | provenance | |
| test.go:309:15:309:36 | call to GetString | test.go:310:22:310:30 | untrusted | provenance | Src:MaD:319 |
| test.go:310:22:310:30 | untrusted | test.go:308:2:308:5 | definition of bMap | provenance | MaD:286 |
| test.go:311:21:311:24 | bMap | test.go:311:21:311:39 | call to Get | provenance | MaD:284 |
| test.go:309:15:309:36 | call to GetString | test.go:310:22:310:30 | untrusted | provenance | Src:MaD:37 |
| test.go:310:22:310:30 | untrusted | test.go:308:2:308:5 | definition of bMap | provenance | MaD:13 |
| test.go:311:21:311:24 | bMap | test.go:311:21:311:39 | call to Get | provenance | MaD:11 |
| test.go:311:21:311:39 | call to Get | test.go:311:21:311:48 | type assertion | provenance | |
| test.go:312:21:312:24 | bMap | test.go:312:21:312:32 | call to Items | provenance | MaD:285 |
| test.go:312:21:312:24 | bMap | test.go:312:21:312:32 | call to Items | provenance | MaD:12 |
| test.go:312:21:312:32 | call to Items | test.go:312:21:312:52 | type assertion | provenance | |
models
| 1 | Summary: github.com/astaxie/beego/utils; ; false; SliceChunk; ; ; Argument[0]; ReturnValue; taint; manual |
| 1 | Summary: github.com/beego/beego/core/utils; ; false; SliceChunk; ; ; Argument[0]; ReturnValue; taint; manual |
| 1 | Summary: github.com/beego/beego/utils; ; false; SliceChunk; ; ; Argument[0]; ReturnValue; taint; manual |
| 2 | Summary: github.com/astaxie/beego/utils; ; false; SliceDiff; ; ; Argument[0]; ReturnValue; taint; manual |
| 2 | Summary: github.com/beego/beego/core/utils; ; false; SliceDiff; ; ; Argument[0]; ReturnValue; taint; manual |
| 2 | Summary: github.com/beego/beego/utils; ; false; SliceDiff; ; ; Argument[0]; ReturnValue; taint; manual |
| 3 | Summary: github.com/astaxie/beego/utils; ; false; SliceFilter; ; ; Argument[0]; ReturnValue; taint; manual |
| 3 | Summary: github.com/beego/beego/core/utils; ; false; SliceFilter; ; ; Argument[0]; ReturnValue; taint; manual |
| 3 | Summary: github.com/beego/beego/utils; ; false; SliceFilter; ; ; Argument[0]; ReturnValue; taint; manual |
| 4 | Summary: github.com/astaxie/beego/utils; ; false; SliceIntersect; ; ; Argument[0..1]; ReturnValue; taint; manual |
| 4 | Summary: github.com/beego/beego/core/utils; ; false; SliceIntersect; ; ; Argument[0..1]; ReturnValue; taint; manual |
| 4 | Summary: github.com/beego/beego/utils; ; false; SliceIntersect; ; ; Argument[0..1]; ReturnValue; taint; manual |
| 5 | Summary: github.com/astaxie/beego/utils; ; false; SliceMerge; ; ; Argument[0..1]; ReturnValue; taint; manual |
| 5 | Summary: github.com/beego/beego/core/utils; ; false; SliceMerge; ; ; Argument[0..1]; ReturnValue; taint; manual |
| 5 | Summary: github.com/beego/beego/utils; ; false; SliceMerge; ; ; Argument[0..1]; ReturnValue; taint; manual |
| 6 | Summary: github.com/astaxie/beego/utils; ; false; SlicePad; ; ; Argument[0..2]; ReturnValue; taint; manual |
| 6 | Summary: github.com/beego/beego/core/utils; ; false; SlicePad; ; ; Argument[0..2]; ReturnValue; taint; manual |
| 6 | Summary: github.com/beego/beego/utils; ; false; SlicePad; ; ; Argument[0..2]; ReturnValue; taint; manual |
| 7 | Summary: github.com/astaxie/beego/utils; ; false; SliceRand; ; ; Argument[0]; ReturnValue; taint; manual |
| 7 | Summary: github.com/beego/beego/core/utils; ; false; SliceRand; ; ; Argument[0]; ReturnValue; taint; manual |
| 7 | Summary: github.com/beego/beego/utils; ; false; SliceRand; ; ; Argument[0]; ReturnValue; taint; manual |
| 8 | Summary: github.com/astaxie/beego/utils; ; false; SliceReduce; ; ; Argument[0]; ReturnValue; taint; manual |
| 8 | Summary: github.com/beego/beego/core/utils; ; false; SliceReduce; ; ; Argument[0]; ReturnValue; taint; manual |
| 8 | Summary: github.com/beego/beego/utils; ; false; SliceReduce; ; ; Argument[0]; ReturnValue; taint; manual |
| 9 | Summary: github.com/astaxie/beego/utils; ; false; SliceShuffle; ; ; Argument[0]; ReturnValue; taint; manual |
| 9 | Summary: github.com/beego/beego/core/utils; ; false; SliceShuffle; ; ; Argument[0]; ReturnValue; taint; manual |
| 9 | Summary: github.com/beego/beego/utils; ; false; SliceShuffle; ; ; Argument[0]; ReturnValue; taint; manual |
| 10 | Summary: github.com/astaxie/beego/utils; ; false; SliceUnique; ; ; Argument[0]; ReturnValue; taint; manual |
| 10 | Summary: github.com/beego/beego/core/utils; ; false; SliceUnique; ; ; Argument[0]; ReturnValue; taint; manual |
| 10 | Summary: github.com/beego/beego/utils; ; false; SliceUnique; ; ; Argument[0]; ReturnValue; taint; manual |
| 11 | Summary: github.com/astaxie/beego/utils; BeeMap; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
| 11 | Summary: github.com/beego/beego/core/utils; BeeMap; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
| 11 | Summary: github.com/beego/beego/utils; BeeMap; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
| 12 | Summary: github.com/astaxie/beego/utils; BeeMap; true; Items; ; ; Argument[receiver]; ReturnValue; taint; manual |
| 12 | Summary: github.com/beego/beego/core/utils; BeeMap; true; Items; ; ; Argument[receiver]; ReturnValue; taint; manual |
| 12 | Summary: github.com/beego/beego/utils; BeeMap; true; Items; ; ; Argument[receiver]; ReturnValue; taint; manual |
| 13 | Summary: github.com/astaxie/beego/utils; BeeMap; true; Set; ; ; Argument[1]; Argument[receiver]; taint; manual |
| 13 | Summary: github.com/beego/beego/core/utils; BeeMap; true; Set; ; ; Argument[1]; Argument[receiver]; taint; manual |
| 13 | Summary: github.com/beego/beego/utils; BeeMap; true; Set; ; ; Argument[1]; Argument[receiver]; taint; manual |
| 14 | Source: github.com/astaxie/beego/context; BeegoInput; true; Bind; ; ; Argument[0]; remote; manual |
| 14 | Source: github.com/beego/beego/context; BeegoInput; true; Bind; ; ; Argument[0]; remote; manual |
| 14 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Bind; ; ; Argument[0]; remote; manual |
| 15 | Source: github.com/astaxie/beego/context; BeegoInput; true; Cookie; ; ; ReturnValue[0]; remote; manual |
| 15 | Source: github.com/beego/beego/context; BeegoInput; true; Cookie; ; ; ReturnValue[0]; remote; manual |
| 15 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Cookie; ; ; ReturnValue[0]; remote; manual |
| 16 | Source: github.com/astaxie/beego/context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual |
| 16 | Source: github.com/beego/beego/context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual |
| 16 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual |
| 17 | Source: github.com/astaxie/beego/context; BeegoInput; true; GetData; ; ; ReturnValue[0]; remote; manual |
| 17 | Source: github.com/beego/beego/context; BeegoInput; true; GetData; ; ; ReturnValue[0]; remote; manual |
| 17 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; GetData; ; ; ReturnValue[0]; remote; manual |
| 18 | Source: github.com/astaxie/beego/context; BeegoInput; true; Header; ; ; ReturnValue[0]; remote; manual |
| 18 | Source: github.com/beego/beego/context; BeegoInput; true; Header; ; ; ReturnValue[0]; remote; manual |
| 18 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Header; ; ; ReturnValue[0]; remote; manual |
| 19 | Source: github.com/astaxie/beego/context; BeegoInput; true; Param; ; ; ReturnValue[0]; remote; manual |
| 19 | Source: github.com/beego/beego/context; BeegoInput; true; Param; ; ; ReturnValue[0]; remote; manual |
| 19 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Param; ; ; ReturnValue[0]; remote; manual |
| 20 | Source: github.com/astaxie/beego/context; BeegoInput; true; Params; ; ; ReturnValue[0]; remote; manual |
| 20 | Source: github.com/beego/beego/context; BeegoInput; true; Params; ; ; ReturnValue[0]; remote; manual |
| 20 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Params; ; ; ReturnValue[0]; remote; manual |
| 21 | Source: github.com/astaxie/beego/context; BeegoInput; true; Query; ; ; ReturnValue[0]; remote; manual |
| 21 | Source: github.com/beego/beego/context; BeegoInput; true; Query; ; ; ReturnValue[0]; remote; manual |
| 21 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Query; ; ; ReturnValue[0]; remote; manual |
| 22 | Source: github.com/astaxie/beego/context; BeegoInput; true; Refer; ; ; ReturnValue[0]; remote; manual |
| 22 | Source: github.com/beego/beego/context; BeegoInput; true; Refer; ; ; ReturnValue[0]; remote; manual |
| 22 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Refer; ; ; ReturnValue[0]; remote; manual |
| 23 | Source: github.com/astaxie/beego/context; BeegoInput; true; Referer; ; ; ReturnValue[0]; remote; manual |
| 23 | Source: github.com/beego/beego/context; BeegoInput; true; Referer; ; ; ReturnValue[0]; remote; manual |
| 23 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Referer; ; ; ReturnValue[0]; remote; manual |
| 24 | Source: github.com/astaxie/beego/context; BeegoInput; true; URI; ; ; ReturnValue[0]; remote; manual |
| 24 | Source: github.com/beego/beego/context; BeegoInput; true; URI; ; ; ReturnValue[0]; remote; manual |
| 24 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; URI; ; ; ReturnValue[0]; remote; manual |
| 25 | Source: github.com/astaxie/beego/context; BeegoInput; true; URL; ; ; ReturnValue[0]; remote; manual |
| 25 | Source: github.com/beego/beego/context; BeegoInput; true; URL; ; ; ReturnValue[0]; remote; manual |
| 25 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; URL; ; ; ReturnValue[0]; remote; manual |
| 26 | Source: github.com/astaxie/beego/context; BeegoInput; true; UserAgent; ; ; ReturnValue[0]; remote; manual |
| 26 | Source: github.com/beego/beego/context; BeegoInput; true; UserAgent; ; ; ReturnValue[0]; remote; manual |
| 26 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; UserAgent; ; ; ReturnValue[0]; remote; manual |
| 27 | Source: github.com/astaxie/beego/context; Context; true; GetCookie; ; ; ReturnValue; remote; manual |
| 27 | Source: github.com/beego/beego/context; Context; true; GetCookie; ; ; ReturnValue; remote; manual |
| 27 | Source: github.com/beego/beego/server/web/context; Context; true; GetCookie; ; ; ReturnValue; remote; manual |
| 28 | Summary: github.com/astaxie/beego; ; false; HTML2str; ; ; Argument[0]; ReturnValue; taint; manual |
| 28 | Summary: github.com/beego/beego/server/web; ; false; HTML2str; ; ; Argument[0]; ReturnValue; taint; manual |
| 28 | Summary: github.com/beego/beego; ; false; HTML2str; ; ; Argument[0]; ReturnValue; taint; manual |
| 29 | Summary: github.com/astaxie/beego; ; false; Htmlunquote; ; ; Argument[0]; ReturnValue; taint; manual |
| 29 | Summary: github.com/beego/beego/server/web; ; false; Htmlunquote; ; ; Argument[0]; ReturnValue; taint; manual |
| 29 | Summary: github.com/beego/beego; ; false; Htmlunquote; ; ; Argument[0]; ReturnValue; taint; manual |
| 30 | Summary: github.com/astaxie/beego; ; false; MapGet; ; ; Argument[0]; ReturnValue[0]; taint; manual |
| 30 | Summary: github.com/beego/beego/server/web; ; false; MapGet; ; ; Argument[0]; ReturnValue[0]; taint; manual |
| 30 | Summary: github.com/beego/beego; ; false; MapGet; ; ; Argument[0]; ReturnValue[0]; taint; manual |
| 31 | Summary: github.com/astaxie/beego; ; false; ParseForm; ; ; Argument[0]; Argument[1]; taint; manual |
| 31 | Summary: github.com/beego/beego/server/web; ; false; ParseForm; ; ; Argument[0]; Argument[1]; taint; manual |
| 31 | Summary: github.com/beego/beego; ; false; ParseForm; ; ; Argument[0]; Argument[1]; taint; manual |
| 32 | Summary: github.com/astaxie/beego; ; false; Str2html; ; ; Argument[0]; ReturnValue; taint; manual |
| 32 | Summary: github.com/beego/beego/server/web; ; false; Str2html; ; ; Argument[0]; ReturnValue; taint; manual |
| 32 | Summary: github.com/beego/beego; ; false; Str2html; ; ; Argument[0]; ReturnValue; taint; manual |
| 33 | Summary: github.com/astaxie/beego; ; false; Substr; ; ; Argument[0]; ReturnValue; taint; manual |
| 33 | Summary: github.com/beego/beego/server/web; ; false; Substr; ; ; Argument[0]; ReturnValue; taint; manual |
| 33 | Summary: github.com/beego/beego; ; false; Substr; ; ; Argument[0]; ReturnValue; taint; manual |
| 34 | Source: github.com/astaxie/beego; Controller; true; ParseForm; ; ; Argument[0]; remote; manual |
| 34 | Source: github.com/beego/beego/server/web; Controller; true; ParseForm; ; ; Argument[0]; remote; manual |
| 34 | Source: github.com/beego/beego; Controller; true; ParseForm; ; ; Argument[0]; remote; manual |
| 35 | Source: github.com/astaxie/beego; Controller; true; GetFile; ; ; ReturnValue[0..1]; remote; manual |
| 35 | Source: github.com/beego/beego/server/web; Controller; true; GetFile; ; ; ReturnValue[0..1]; remote; manual |
| 35 | Source: github.com/beego/beego; Controller; true; GetFile; ; ; ReturnValue[0..1]; remote; manual |
| 36 | Source: github.com/astaxie/beego; Controller; true; GetFiles; ; ; ReturnValue[0]; remote; manual |
| 36 | Source: github.com/beego/beego/server/web; Controller; true; GetFiles; ; ; ReturnValue[0]; remote; manual |
| 36 | Source: github.com/beego/beego; Controller; true; GetFiles; ; ; ReturnValue[0]; remote; manual |
| 37 | Source: github.com/astaxie/beego; Controller; true; GetString; ; ; ReturnValue[0]; remote; manual |
| 37 | Source: github.com/beego/beego/server/web; Controller; true; GetString; ; ; ReturnValue[0]; remote; manual |
| 37 | Source: github.com/beego/beego; Controller; true; GetString; ; ; ReturnValue[0]; remote; manual |
| 38 | Source: github.com/astaxie/beego; Controller; true; GetStrings; ; ; ReturnValue[0]; remote; manual |
| 38 | Source: github.com/beego/beego/server/web; Controller; true; GetStrings; ; ; ReturnValue[0]; remote; manual |
| 38 | Source: github.com/beego/beego; Controller; true; GetStrings; ; ; ReturnValue[0]; remote; manual |
| 39 | Source: github.com/astaxie/beego; Controller; true; Input; ; ; ReturnValue[0]; remote; manual |
| 39 | Source: github.com/beego/beego/server/web; Controller; true; Input; ; ; ReturnValue[0]; remote; manual |
| 39 | Source: github.com/beego/beego; Controller; true; Input; ; ; ReturnValue[0]; remote; manual |
| 40 | Summary: io/ioutil; ; false; ReadAll; ; ; Argument[0]; ReturnValue[0]; taint; manual |
| 41 | Source: net/http; Request; true; Form; ; ; ; remote; manual |
nodes
| test.go:33:6:33:10 | definition of bound | semmle.label | definition of bound |
| test.go:35:13:35:30 | type conversion | semmle.label | type conversion |
@ -235,57 +409,3 @@ nodes
| test.go:312:21:312:32 | call to Items | semmle.label | call to Items |
| test.go:312:21:312:52 | type assertion | semmle.label | type assertion |
subpaths
#select
| test.go:35:13:35:30 | type conversion | test.go:33:6:33:10 | definition of bound | test.go:35:13:35:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:33:6:33:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:36:13:36:27 | type conversion | test.go:33:6:33:10 | definition of bound | test.go:36:13:36:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:33:6:33:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:37:13:37:29 | type conversion | test.go:33:6:33:10 | definition of bound | test.go:37:13:37:29 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:33:6:33:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:42:13:42:43 | type conversion | test.go:42:20:42:42 | call to Cookie | test.go:42:13:42:43 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:42:20:42:42 | call to Cookie | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:47:13:47:52 | type conversion | test.go:47:20:47:31 | call to Data | test.go:47:13:47:52 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:47:20:47:31 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:52:13:52:53 | type conversion | test.go:52:20:52:43 | call to GetData | test.go:52:13:52:53 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:52:20:52:43 | call to GetData | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:57:13:57:43 | type conversion | test.go:57:20:57:42 | call to Header | test.go:57:13:57:43 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:57:20:57:42 | call to Header | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:62:13:62:42 | type conversion | test.go:62:20:62:41 | call to Param | test.go:62:13:62:42 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:62:20:62:41 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:67:13:67:45 | type conversion | test.go:67:20:67:33 | call to Params | test.go:67:13:67:45 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:67:20:67:33 | call to Params | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:72:13:72:42 | type conversion | test.go:72:20:72:41 | call to Query | test.go:72:13:72:42 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:72:20:72:41 | call to Query | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:77:13:77:33 | type conversion | test.go:77:20:77:32 | call to Refer | test.go:77:13:77:33 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:77:20:77:32 | call to Refer | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:82:13:82:35 | type conversion | test.go:82:20:82:34 | call to Referer | test.go:82:13:82:35 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:82:20:82:34 | call to Referer | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:87:13:87:31 | type conversion | test.go:87:20:87:30 | call to URI | test.go:87:13:87:31 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:87:20:87:30 | call to URI | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:92:13:92:31 | type conversion | test.go:92:20:92:30 | call to URL | test.go:92:13:92:31 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:92:20:92:30 | call to URL | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:97:13:97:37 | type conversion | test.go:97:20:97:36 | call to UserAgent | test.go:97:13:97:37 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:97:20:97:36 | call to UserAgent | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:102:14:102:45 | type assertion | test.go:102:14:102:25 | call to Data | test.go:102:14:102:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:102:14:102:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:114:14:114:45 | type assertion | test.go:114:14:114:25 | call to Data | test.go:114:14:114:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:114:14:114:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:126:14:126:45 | type assertion | test.go:126:14:126:25 | call to Data | test.go:126:14:126:45 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:126:14:126:25 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:143:23:143:62 | type assertion | test.go:143:23:143:42 | call to Data | test.go:143:23:143:62 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:143:23:143:42 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:200:14:200:55 | type conversion | test.go:199:15:199:26 | call to Data | test.go:200:14:200:55 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:199:15:199:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:201:14:201:58 | type conversion | test.go:199:15:199:26 | call to Data | test.go:201:14:201:58 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:199:15:199:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:203:14:203:28 | type assertion | test.go:199:15:199:26 | call to Data | test.go:203:14:203:28 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:199:15:199:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:204:14:204:55 | type conversion | test.go:199:15:199:26 | call to Data | test.go:204:14:204:55 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:199:15:199:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:205:14:205:59 | type conversion | test.go:199:15:199:26 | call to Data | test.go:205:14:205:59 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:199:15:199:26 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:209:14:209:28 | type conversion | test.go:208:18:208:33 | selection of Form | test.go:209:14:209:28 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:208:18:208:33 | selection of Form | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:224:14:224:32 | type conversion | test.go:223:2:223:34 | ... := ...[1] | test.go:224:14:224:32 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:223:2:223:34 | ... := ...[1] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:226:14:226:20 | content | test.go:223:2:223:34 | ... := ...[0] | test.go:226:14:226:20 | content | Cross-site scripting vulnerability due to $@. | test.go:223:2:223:34 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:229:14:229:38 | type conversion | test.go:228:2:228:40 | ... := ...[0] | test.go:229:14:229:38 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:228:2:228:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:232:14:232:22 | type conversion | test.go:231:7:231:28 | call to GetString | test.go:232:14:232:22 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:231:7:231:28 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:235:14:235:26 | type conversion | test.go:234:8:234:35 | call to GetStrings | test.go:235:14:235:26 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:234:8:234:35 | call to GetStrings | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:238:14:238:27 | type conversion | test.go:237:9:237:17 | call to Input | test.go:238:14:238:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:237:9:237:17 | call to Input | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:242:14:242:30 | type conversion | test.go:240:6:240:8 | definition of str | test.go:242:14:242:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:240:6:240:8 | definition of str | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:249:21:249:29 | untrusted | test.go:246:15:246:36 | call to GetString | test.go:249:21:249:29 | untrusted | Cross-site scripting vulnerability due to $@. | test.go:246:15:246:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:259:16:259:45 | type conversion | test.go:259:23:259:44 | call to GetCookie | test.go:259:16:259:45 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:259:23:259:44 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:264:16:264:37 | call to GetCookie | test.go:264:16:264:37 | call to GetCookie | test.go:264:16:264:37 | call to GetCookie | Cross-site scripting vulnerability due to $@. | test.go:264:16:264:37 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:265:15:265:41 | call to GetCookie | test.go:265:15:265:41 | call to GetCookie | test.go:265:15:265:41 | call to GetCookie | Cross-site scripting vulnerability due to $@. | test.go:265:15:265:41 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:270:55:270:84 | type conversion | test.go:270:62:270:83 | call to GetCookie | test.go:270:55:270:84 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:270:62:270:83 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:283:21:283:61 | call to GetDisplayString | test.go:275:2:275:40 | ... := ...[0] | test.go:283:21:283:61 | call to GetDisplayString | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:284:21:284:92 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:284:21:284:92 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:285:21:285:96 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:285:21:285:96 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:290:3:292:80 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:290:3:292:80 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:293:21:293:101 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:293:21:293:101 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:294:21:294:101 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:294:21:294:101 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:295:21:295:97 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:295:21:295:97 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:296:21:296:97 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:296:21:296:97 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:297:21:297:102 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:297:21:297:102 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:298:21:298:102 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:298:21:298:102 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:299:21:299:82 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:299:21:299:82 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:301:21:301:133 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:301:21:301:133 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:302:21:302:88 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:302:21:302:88 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:303:21:303:87 | selection of Filename | test.go:275:2:275:40 | ... := ...[0] | test.go:303:21:303:87 | selection of Filename | Cross-site scripting vulnerability due to $@. | test.go:275:2:275:40 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:311:21:311:48 | type assertion | test.go:309:15:309:36 | call to GetString | test.go:311:21:311:48 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:309:15:309:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | |
| test.go:312:21:312:52 | type assertion | test.go:309:15:309:36 | call to GetString | test.go:312:21:312:52 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:309:15:309:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | |

38
go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected
Просмотреть файл

@ -1,12 +1,28 @@
#select
| test.go:216:18:216:26 | untrusted | test.go:215:15:215:26 | call to Data | test.go:216:18:216:26 | untrusted | This path depends on a $@. | test.go:215:15:215:26 | call to Data | user-provided value |
| test.go:217:10:217:18 | untrusted | test.go:215:15:215:26 | call to Data | test.go:217:10:217:18 | untrusted | This path depends on a $@. | test.go:215:15:215:26 | call to Data | user-provided value |
| test.go:218:35:218:43 | untrusted | test.go:215:15:215:26 | call to Data | test.go:218:35:218:43 | untrusted | This path depends on a $@. | test.go:215:15:215:26 | call to Data | user-provided value |
| test.go:326:35:326:43 | untrusted | test.go:324:17:324:37 | selection of RequestBody | test.go:326:35:326:43 | untrusted | This path depends on a $@. | test.go:324:17:324:37 | selection of RequestBody | user-provided value |
| test.go:334:23:334:31 | untrusted | test.go:332:15:332:26 | call to Data | test.go:334:23:334:31 | untrusted | This path depends on a $@. | test.go:332:15:332:26 | call to Data | user-provided value |
| test.go:342:53:342:61 | untrusted | test.go:340:15:340:26 | call to Data | test.go:342:53:342:61 | untrusted | This path depends on a $@. | test.go:340:15:340:26 | call to Data | user-provided value |
| test.go:344:23:344:31 | untrusted | test.go:340:15:340:26 | call to Data | test.go:344:23:344:31 | untrusted | This path depends on a $@. | test.go:340:15:340:26 | call to Data | user-provided value |
edges
| test.go:215:15:215:26 | call to Data | test.go:216:18:216:26 | untrusted | provenance | Src:MaD:293 |
| test.go:215:15:215:26 | call to Data | test.go:217:10:217:18 | untrusted | provenance | Src:MaD:293 |
| test.go:215:15:215:26 | call to Data | test.go:218:35:218:43 | untrusted | provenance | Src:MaD:293 |
| test.go:324:17:324:37 | selection of RequestBody | test.go:324:40:324:43 | &... | provenance | Src:MaD:301 MaD:187 |
| test.go:215:15:215:26 | call to Data | test.go:216:18:216:26 | untrusted | provenance | Src:MaD:2 |
| test.go:215:15:215:26 | call to Data | test.go:217:10:217:18 | untrusted | provenance | Src:MaD:2 |
| test.go:215:15:215:26 | call to Data | test.go:218:35:218:43 | untrusted | provenance | Src:MaD:2 |
| test.go:324:17:324:37 | selection of RequestBody | test.go:324:40:324:43 | &... | provenance | Src:MaD:3 MaD:1 |
| test.go:324:40:324:43 | &... | test.go:326:35:326:43 | untrusted | provenance | |
| test.go:332:15:332:26 | call to Data | test.go:334:23:334:31 | untrusted | provenance | Src:MaD:293 |
| test.go:340:15:340:26 | call to Data | test.go:342:53:342:61 | untrusted | provenance | Src:MaD:293 |
| test.go:340:15:340:26 | call to Data | test.go:344:23:344:31 | untrusted | provenance | Src:MaD:293 |
| test.go:332:15:332:26 | call to Data | test.go:334:23:334:31 | untrusted | provenance | Src:MaD:2 |
| test.go:340:15:340:26 | call to Data | test.go:342:53:342:61 | untrusted | provenance | Src:MaD:2 |
| test.go:340:15:340:26 | call to Data | test.go:344:23:344:31 | untrusted | provenance | Src:MaD:2 |
models
| 1 | Summary: encoding/json; ; false; Unmarshal; ; ; Argument[0]; Argument[1]; taint; manual |
| 2 | Source: github.com/astaxie/beego/context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual |
| 2 | Source: github.com/beego/beego/context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual |
| 2 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual |
| 3 | Source: github.com/astaxie/beego/context; BeegoInput; true; RequestBody; ; ; ; remote; manual |
| 3 | Source: github.com/beego/beego/context; BeegoInput; true; RequestBody; ; ; ; remote; manual |
| 3 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; RequestBody; ; ; ; remote; manual |
nodes
| test.go:215:15:215:26 | call to Data | semmle.label | call to Data |
| test.go:216:18:216:26 | untrusted | semmle.label | untrusted |
@ -21,11 +37,3 @@ nodes
| test.go:342:53:342:61 | untrusted | semmle.label | untrusted |
| test.go:344:23:344:31 | untrusted | semmle.label | untrusted |
subpaths
#select
| test.go:216:18:216:26 | untrusted | test.go:215:15:215:26 | call to Data | test.go:216:18:216:26 | untrusted | This path depends on a $@. | test.go:215:15:215:26 | call to Data | user-provided value |
| test.go:217:10:217:18 | untrusted | test.go:215:15:215:26 | call to Data | test.go:217:10:217:18 | untrusted | This path depends on a $@. | test.go:215:15:215:26 | call to Data | user-provided value |
| test.go:218:35:218:43 | untrusted | test.go:215:15:215:26 | call to Data | test.go:218:35:218:43 | untrusted | This path depends on a $@. | test.go:215:15:215:26 | call to Data | user-provided value |
| test.go:326:35:326:43 | untrusted | test.go:324:17:324:37 | selection of RequestBody | test.go:326:35:326:43 | untrusted | This path depends on a $@. | test.go:324:17:324:37 | selection of RequestBody | user-provided value |
| test.go:334:23:334:31 | untrusted | test.go:332:15:332:26 | call to Data | test.go:334:23:334:31 | untrusted | This path depends on a $@. | test.go:332:15:332:26 | call to Data | user-provided value |
| test.go:342:53:342:61 | untrusted | test.go:340:15:340:26 | call to Data | test.go:342:53:342:61 | untrusted | This path depends on a $@. | test.go:340:15:340:26 | call to Data | user-provided value |
| test.go:344:23:344:31 | untrusted | test.go:340:15:340:26 | call to Data | test.go:344:23:344:31 | untrusted | This path depends on a $@. | test.go:340:15:340:26 | call to Data | user-provided value |

11
go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected
Просмотреть файл

@ -1,14 +1,17 @@
#select
| EndToEnd.go:94:20:94:49 | call to Get | EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:49 | call to Get | This path to an untrusted URL redirection depends on a $@. | EndToEnd.go:94:20:94:27 | selection of Params | user-provided value |
edges
| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:27 | selection of Params | provenance | Config |
| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Config |
| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:27 | implicit dereference | provenance | Src:MaD:525 Config |
| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Src:MaD:525 Config |
| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:27 | implicit dereference | provenance | Src:MaD:1 Config |
| EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Src:MaD:1 Config |
| EndToEnd.go:94:20:94:32 | selection of Form | EndToEnd.go:94:20:94:49 | call to Get | provenance | Config |
models
| 1 | Source: github.com/revel/revel; Controller; true; Params; ; ; ; remote; manual |
| 1 | Source: github.com/robfig/revel; Controller; true; Params; ; ; ; remote; manual |
nodes
| EndToEnd.go:94:20:94:27 | implicit dereference | semmle.label | implicit dereference |
| EndToEnd.go:94:20:94:27 | selection of Params | semmle.label | selection of Params |
| EndToEnd.go:94:20:94:32 | selection of Form | semmle.label | selection of Form |
| EndToEnd.go:94:20:94:49 | call to Get | semmle.label | call to Get |
subpaths
#select
| EndToEnd.go:94:20:94:49 | call to Get | EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:49 | call to Get | This path to an untrusted URL redirection depends on a $@. | EndToEnd.go:94:20:94:27 | selection of Params | user-provided value |

34
go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected
Просмотреть файл

@ -1,13 +1,25 @@
#select
| EndToEnd.go:37:24:37:26 | buf | EndToEnd.go:36:18:36:25 | selection of Params | EndToEnd.go:37:24:37:26 | buf | Cross-site scripting vulnerability due to $@. | EndToEnd.go:36:18:36:25 | selection of Params | user-provided value | EndToEnd.go:0:0:0:0 | EndToEnd.go | |
| EndToEnd.go:69:22:69:51 | call to Get | EndToEnd.go:69:22:69:29 | selection of Params | EndToEnd.go:69:22:69:51 | call to Get | Cross-site scripting vulnerability due to $@. | EndToEnd.go:69:22:69:29 | selection of Params | user-provided value | EndToEnd.go:0:0:0:0 | EndToEnd.go | |
| Revel.go:70:22:70:35 | selection of Query | Revel.go:70:22:70:29 | selection of Params | Revel.go:70:22:70:35 | selection of Query | Cross-site scripting vulnerability due to $@. The value is $@. | Revel.go:70:22:70:29 | selection of Params | user-provided value | views/myAppController/rawRead.html:1:1:2:9 | {{raw .Foo}}\n{{.Bar}}\n | instantiated as a raw template |
| examples/booking/app/init.go:36:44:36:53 | selection of Path | examples/booking/app/init.go:36:44:36:48 | selection of URL | examples/booking/app/init.go:36:44:36:53 | selection of Path | Cross-site scripting vulnerability due to $@. | examples/booking/app/init.go:36:44:36:48 | selection of URL | user-provided value | examples/booking/app/init.go:0:0:0:0 | examples/booking/app/init.go | |
| examples/booking/app/init.go:40:49:40:58 | selection of Path | examples/booking/app/init.go:40:49:40:53 | selection of URL | examples/booking/app/init.go:40:49:40:58 | selection of Path | Cross-site scripting vulnerability due to $@. | examples/booking/app/init.go:40:49:40:53 | selection of URL | user-provided value | examples/booking/app/init.go:0:0:0:0 | examples/booking/app/init.go | |
edges
| EndToEnd.go:35:2:35:4 | definition of buf | EndToEnd.go:37:24:37:26 | buf | provenance | |
| EndToEnd.go:36:18:36:25 | selection of Params | EndToEnd.go:36:18:36:30 | selection of Form | provenance | Src:MaD:525 |
| EndToEnd.go:36:18:36:30 | selection of Form | EndToEnd.go:36:18:36:47 | call to Get | provenance | MaD:940 |
| EndToEnd.go:36:18:36:47 | call to Get | EndToEnd.go:35:2:35:4 | definition of buf | provenance | MaD:746 |
| EndToEnd.go:69:22:69:29 | selection of Params | EndToEnd.go:69:22:69:34 | selection of Form | provenance | Src:MaD:525 |
| EndToEnd.go:69:22:69:34 | selection of Form | EndToEnd.go:69:22:69:51 | call to Get | provenance | MaD:940 |
| Revel.go:70:22:70:29 | selection of Params | Revel.go:70:22:70:35 | selection of Query | provenance | Src:MaD:525 |
| examples/booking/app/init.go:36:44:36:48 | selection of URL | examples/booking/app/init.go:36:44:36:53 | selection of Path | provenance | Src:MaD:872 |
| examples/booking/app/init.go:40:49:40:53 | selection of URL | examples/booking/app/init.go:40:49:40:58 | selection of Path | provenance | Src:MaD:872 |
| EndToEnd.go:36:18:36:25 | selection of Params | EndToEnd.go:36:18:36:30 | selection of Form | provenance | Src:MaD:1 |
| EndToEnd.go:36:18:36:30 | selection of Form | EndToEnd.go:36:18:36:47 | call to Get | provenance | MaD:4 |
| EndToEnd.go:36:18:36:47 | call to Get | EndToEnd.go:35:2:35:4 | definition of buf | provenance | MaD:2 |
| EndToEnd.go:69:22:69:29 | selection of Params | EndToEnd.go:69:22:69:34 | selection of Form | provenance | Src:MaD:1 |
| EndToEnd.go:69:22:69:34 | selection of Form | EndToEnd.go:69:22:69:51 | call to Get | provenance | MaD:4 |
| Revel.go:70:22:70:29 | selection of Params | Revel.go:70:22:70:35 | selection of Query | provenance | Src:MaD:1 |
| examples/booking/app/init.go:36:44:36:48 | selection of URL | examples/booking/app/init.go:36:44:36:53 | selection of Path | provenance | Src:MaD:3 |
| examples/booking/app/init.go:40:49:40:53 | selection of URL | examples/booking/app/init.go:40:49:40:58 | selection of Path | provenance | Src:MaD:3 |
models
| 1 | Source: github.com/revel/revel; Controller; true; Params; ; ; ; remote; manual |
| 1 | Source: github.com/robfig/revel; Controller; true; Params; ; ; ; remote; manual |
| 2 | Summary: io; StringWriter; true; WriteString; ; ; Argument[0]; Argument[receiver]; taint; manual |
| 3 | Source: net/http; Request; true; URL; ; ; ; remote; manual |
| 4 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
nodes
| EndToEnd.go:35:2:35:4 | definition of buf | semmle.label | definition of buf |
| EndToEnd.go:36:18:36:25 | selection of Params | semmle.label | selection of Params |
@ -24,9 +36,3 @@ nodes
| examples/booking/app/init.go:40:49:40:53 | selection of URL | semmle.label | selection of URL |
| examples/booking/app/init.go:40:49:40:58 | selection of Path | semmle.label | selection of Path |
subpaths
#select
| EndToEnd.go:37:24:37:26 | buf | EndToEnd.go:36:18:36:25 | selection of Params | EndToEnd.go:37:24:37:26 | buf | Cross-site scripting vulnerability due to $@. | EndToEnd.go:36:18:36:25 | selection of Params | user-provided value | EndToEnd.go:0:0:0:0 | EndToEnd.go | |
| EndToEnd.go:69:22:69:51 | call to Get | EndToEnd.go:69:22:69:29 | selection of Params | EndToEnd.go:69:22:69:51 | call to Get | Cross-site scripting vulnerability due to $@. | EndToEnd.go:69:22:69:29 | selection of Params | user-provided value | EndToEnd.go:0:0:0:0 | EndToEnd.go | |
| Revel.go:70:22:70:35 | selection of Query | Revel.go:70:22:70:29 | selection of Params | Revel.go:70:22:70:35 | selection of Query | Cross-site scripting vulnerability due to $@. The value is $@. | Revel.go:70:22:70:29 | selection of Params | user-provided value | views/myAppController/rawRead.html:1:1:2:9 | {{raw .Foo}}\n{{.Bar}}\n | instantiated as a raw template |
| examples/booking/app/init.go:36:44:36:53 | selection of Path | examples/booking/app/init.go:36:44:36:48 | selection of URL | examples/booking/app/init.go:36:44:36:53 | selection of Path | Cross-site scripting vulnerability due to $@. | examples/booking/app/init.go:36:44:36:48 | selection of URL | user-provided value | examples/booking/app/init.go:0:0:0:0 | examples/booking/app/init.go | |
| examples/booking/app/init.go:40:49:40:58 | selection of Path | examples/booking/app/init.go:40:49:40:53 | selection of URL | examples/booking/app/init.go:40:49:40:58 | selection of Path | Cross-site scripting vulnerability due to $@. | examples/booking/app/init.go:40:49:40:53 | selection of URL | user-provided value | examples/booking/app/init.go:0:0:0:0 | examples/booking/app/init.go | |

18
go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected
Просмотреть файл

@ -1,8 +1,15 @@
#select
| EndToEnd.go:58:18:58:47 | call to Get | EndToEnd.go:58:18:58:25 | selection of Params | EndToEnd.go:58:18:58:47 | call to Get | This path depends on a $@. | EndToEnd.go:58:18:58:25 | selection of Params | user-provided value |
| EndToEnd.go:64:26:64:55 | call to Get | EndToEnd.go:64:26:64:33 | selection of Params | EndToEnd.go:64:26:64:55 | call to Get | This path depends on a $@. | EndToEnd.go:64:26:64:33 | selection of Params | user-provided value |
edges
| EndToEnd.go:58:18:58:25 | selection of Params | EndToEnd.go:58:18:58:30 | selection of Form | provenance | Src:MaD:525 |
| EndToEnd.go:58:18:58:30 | selection of Form | EndToEnd.go:58:18:58:47 | call to Get | provenance | MaD:940 |
| EndToEnd.go:64:26:64:33 | selection of Params | EndToEnd.go:64:26:64:38 | selection of Form | provenance | Src:MaD:525 |
| EndToEnd.go:64:26:64:38 | selection of Form | EndToEnd.go:64:26:64:55 | call to Get | provenance | MaD:940 |
| EndToEnd.go:58:18:58:25 | selection of Params | EndToEnd.go:58:18:58:30 | selection of Form | provenance | Src:MaD:1 |
| EndToEnd.go:58:18:58:30 | selection of Form | EndToEnd.go:58:18:58:47 | call to Get | provenance | MaD:2 |
| EndToEnd.go:64:26:64:33 | selection of Params | EndToEnd.go:64:26:64:38 | selection of Form | provenance | Src:MaD:1 |
| EndToEnd.go:64:26:64:38 | selection of Form | EndToEnd.go:64:26:64:55 | call to Get | provenance | MaD:2 |
models
| 1 | Source: github.com/revel/revel; Controller; true; Params; ; ; ; remote; manual |
| 1 | Source: github.com/robfig/revel; Controller; true; Params; ; ; ; remote; manual |
| 2 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
nodes
| EndToEnd.go:58:18:58:25 | selection of Params | semmle.label | selection of Params |
| EndToEnd.go:58:18:58:30 | selection of Form | semmle.label | selection of Form |
@ -11,6 +18,3 @@ nodes
| EndToEnd.go:64:26:64:38 | selection of Form | semmle.label | selection of Form |
| EndToEnd.go:64:26:64:55 | call to Get | semmle.label | call to Get |
subpaths
#select
| EndToEnd.go:58:18:58:47 | call to Get | EndToEnd.go:58:18:58:25 | selection of Params | EndToEnd.go:58:18:58:47 | call to Get | This path depends on a $@. | EndToEnd.go:58:18:58:25 | selection of Params | user-provided value |
| EndToEnd.go:64:26:64:55 | call to Get | EndToEnd.go:64:26:64:33 | selection of Params | EndToEnd.go:64:26:64:55 | call to Get | This path depends on a $@. | EndToEnd.go:64:26:64:33 | selection of Params | user-provided value |

33
go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected
Просмотреть файл

@ -1,16 +1,32 @@
#select
| go-jose.v3.go:33:12:33:23 | DecodedToken | go-jose.v3.go:25:16:25:20 | selection of URL | go-jose.v3.go:33:12:33:23 | DecodedToken | This JWT is parsed without verification and received from $@. | go-jose.v3.go:25:16:25:20 | selection of URL | this user-controlled source |
| golang-jwt-v5.go:34:58:34:68 | signedToken | golang-jwt-v5.go:28:16:28:20 | selection of URL | golang-jwt-v5.go:34:58:34:68 | signedToken | This JWT is parsed without verification and received from $@. | golang-jwt-v5.go:28:16:28:20 | selection of URL | this user-controlled source |
edges
| go-jose.v3.go:25:16:25:20 | selection of URL | go-jose.v3.go:25:16:25:28 | call to Query | provenance | Src:MaD:872 MaD:933 |
| go-jose.v3.go:25:16:25:28 | call to Query | go-jose.v3.go:25:16:25:47 | call to Get | provenance | MaD:940 |
| go-jose.v3.go:25:16:25:20 | selection of URL | go-jose.v3.go:25:16:25:28 | call to Query | provenance | Src:MaD:4 MaD:5 |
| go-jose.v3.go:25:16:25:28 | call to Query | go-jose.v3.go:25:16:25:47 | call to Get | provenance | MaD:6 |
| go-jose.v3.go:25:16:25:47 | call to Get | go-jose.v3.go:26:15:26:25 | signedToken | provenance | |
| go-jose.v3.go:26:15:26:25 | signedToken | go-jose.v3.go:29:19:29:29 | definition of signedToken | provenance | |
| go-jose.v3.go:29:19:29:29 | definition of signedToken | go-jose.v3.go:31:37:31:47 | signedToken | provenance | |
| go-jose.v3.go:31:2:31:48 | ... := ...[0] | go-jose.v3.go:33:12:33:23 | DecodedToken | provenance | Sink:MaD:440 |
| go-jose.v3.go:31:37:31:47 | signedToken | go-jose.v3.go:31:2:31:48 | ... := ...[0] | provenance | MaD:442 |
| golang-jwt-v5.go:28:16:28:20 | selection of URL | golang-jwt-v5.go:28:16:28:28 | call to Query | provenance | Src:MaD:872 MaD:933 |
| golang-jwt-v5.go:28:16:28:28 | call to Query | golang-jwt-v5.go:28:16:28:47 | call to Get | provenance | MaD:940 |
| go-jose.v3.go:31:2:31:48 | ... := ...[0] | go-jose.v3.go:33:12:33:23 | DecodedToken | provenance | Sink:MaD:1 |
| go-jose.v3.go:31:37:31:47 | signedToken | go-jose.v3.go:31:2:31:48 | ... := ...[0] | provenance | MaD:2 |
| golang-jwt-v5.go:28:16:28:20 | selection of URL | golang-jwt-v5.go:28:16:28:28 | call to Query | provenance | Src:MaD:4 MaD:5 |
| golang-jwt-v5.go:28:16:28:28 | call to Query | golang-jwt-v5.go:28:16:28:47 | call to Get | provenance | MaD:6 |
| golang-jwt-v5.go:28:16:28:47 | call to Get | golang-jwt-v5.go:29:25:29:35 | signedToken | provenance | |
| golang-jwt-v5.go:29:25:29:35 | signedToken | golang-jwt-v5.go:32:29:32:39 | definition of signedToken | provenance | |
| golang-jwt-v5.go:32:29:32:39 | definition of signedToken | golang-jwt-v5.go:34:58:34:68 | signedToken | provenance | Sink:MaD:465 |
| golang-jwt-v5.go:32:29:32:39 | definition of signedToken | golang-jwt-v5.go:34:58:34:68 | signedToken | provenance | Sink:MaD:3 |
models
| 1 | Sink: github.com/go-jose/go-jose/jwt; JSONWebToken; true; UnsafeClaimsWithoutVerification; ; ; Argument[receiver]; jwt; manual |
| 1 | Sink: github.com/square/go-jose/jwt; JSONWebToken; true; UnsafeClaimsWithoutVerification; ; ; Argument[receiver]; jwt; manual |
| 1 | Sink: gopkg.in/go-jose/go-jose/jwt; JSONWebToken; true; UnsafeClaimsWithoutVerification; ; ; Argument[receiver]; jwt; manual |
| 1 | Sink: gopkg.in/square/go-jose/jwt; JSONWebToken; true; UnsafeClaimsWithoutVerification; ; ; Argument[receiver]; jwt; manual |
| 2 | Summary: github.com/go-jose/go-jose/jwt; ; true; ParseSigned; ; ; Argument[0]; ReturnValue[0]; taint; manual |
| 2 | Summary: github.com/square/go-jose/jwt; ; true; ParseSigned; ; ; Argument[0]; ReturnValue[0]; taint; manual |
| 2 | Summary: gopkg.in/go-jose/go-jose/jwt; ; true; ParseSigned; ; ; Argument[0]; ReturnValue[0]; taint; manual |
| 2 | Summary: gopkg.in/square/go-jose/jwt; ; true; ParseSigned; ; ; Argument[0]; ReturnValue[0]; taint; manual |
| 3 | Sink: github.com/golang-jwt/jwt; Parser; true; ParseUnverified; ; ; Argument[0]; jwt; manual |
| 4 | Source: net/http; Request; true; URL; ; ; ; remote; manual |
| 5 | Summary: net/url; URL; true; Query; ; ; Argument[receiver]; ReturnValue; taint; manual |
| 6 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
nodes
| go-jose.v3.go:25:16:25:20 | selection of URL | semmle.label | selection of URL |
| go-jose.v3.go:25:16:25:28 | call to Query | semmle.label | call to Query |
@ -27,6 +43,3 @@ nodes
| golang-jwt-v5.go:32:29:32:39 | definition of signedToken | semmle.label | definition of signedToken |
| golang-jwt-v5.go:34:58:34:68 | signedToken | semmle.label | signedToken |
subpaths
#select
| go-jose.v3.go:33:12:33:23 | DecodedToken | go-jose.v3.go:25:16:25:20 | selection of URL | go-jose.v3.go:33:12:33:23 | DecodedToken | This JWT is parsed without verification and received from $@. | go-jose.v3.go:25:16:25:20 | selection of URL | this user-controlled source |
| golang-jwt-v5.go:34:58:34:68 | signedToken | golang-jwt-v5.go:28:16:28:20 | selection of URL | golang-jwt-v5.go:34:58:34:68 | signedToken | This JWT is parsed without verification and received from $@. | golang-jwt-v5.go:28:16:28:20 | selection of URL | this user-controlled source |