upgrade tests

Author: am0o0

go/ql/lib/go.qll

@@ -41,6 +41,7 @@ import semmle.go.frameworks.Email
 import semmle.go.frameworks.Encoding
 import semmle.go.frameworks.Fiber
 import semmle.go.frameworks.Gin
+import semmle.go.frameworks.Fasthttp
 import semmle.go.frameworks.Glog
 import semmle.go.frameworks.GoKit
 import semmle.go.frameworks.GoMicro

go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/AdditionalTaintSteps.expected

@@ -0,0 +1,2 @@
+testFailures
+failures

go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/AdditionalTaintSteps.ql

@@ -0,0 +1,28 @@
+import go
+import TestUtilities.InlineExpectationsTest
+
+module FasthttpTest implements TestSig {
+  string getARelevantTag() { result = ["URI", "req"] }
+
+  predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(Fasthttp::Request::RequestAdditionalStep q, DataFlow::Node succ |
+      q.hasTaintStep(_, succ)
+    |
+      succ.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
+      element = succ.toString() and
+      value = succ.toString() and
+      tag = "req"
+    )
+    or
+    exists(Fasthttp::URI::UriAdditionalStep q, DataFlow::Node succ | q.hasTaintStep(_, succ) |
+      succ.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
+        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
+      element = succ.toString() and
+      value = succ.toString() and
+      tag = "URI"
+    )
+  }
+}
+
+import MakeTest<FasthttpTest>

go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/OpenRedirect.expected

@@ -0,0 +1,2 @@
+| fasthttp.go:217:23:217:50 | "https://userControlled.com" |
+| fasthttp.go:218:28:218:63 | type conversion |

go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/OpenRedirect.ql

@@ -0,0 +1,4 @@
+import go
+import semmle.go.security.OpenUrlRedirectCustomizations
+
+select any(OpenUrlRedirect::Sink s)

go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/SSRF.expected

@@ -0,0 +1,38 @@
+| fasthttp.go:13:42:13:57 | "127.0.0.1:8909" |
+| fasthttp.go:14:32:14:46 | "google.com:80" |
+| fasthttp.go:15:39:15:53 | "google.com:80" |
+| fasthttp.go:16:48:16:62 | "google.com:80" |
+| fasthttp.go:27:24:27:46 | "http://127.0.0.1:8909" |
+| fasthttp.go:28:32:28:54 | "http://127.0.0.1:8909" |
+| fasthttp.go:29:31:29:53 | "http://127.0.0.1:8909" |
+| fasthttp.go:30:25:30:47 | "http://127.0.0.1:8909" |
+| fasthttp.go:32:14:32:16 | req |
+| fasthttp.go:33:23:33:25 | req |
+| fasthttp.go:34:22:34:24 | req |
+| fasthttp.go:35:21:35:23 | req |
+| fasthttp.go:54:26:54:48 | "http://127.0.0.1:8909" |
+| fasthttp.go:55:34:55:56 | "http://127.0.0.1:8909" |
+| fasthttp.go:56:33:56:55 | "http://127.0.0.1:8909" |
+| fasthttp.go:57:27:57:49 | "http://127.0.0.1:8909" |
+| fasthttp.go:58:16:58:18 | req |
+| fasthttp.go:59:24:59:26 | req |
+| fasthttp.go:60:25:60:27 | req |
+| fasthttp.go:61:23:61:25 | req |
+| fasthttp.go:65:14:65:16 | req |
+| fasthttp.go:66:22:66:24 | req |
+| fasthttp.go:67:21:67:23 | req |
+| fasthttp.go:70:13:70:19 | resByte |
+| fasthttp.go:71:21:71:27 | resByte |
+| fasthttp.go:72:20:72:26 | resByte |
+| fasthttp.go:73:14:73:20 | resByte |
+| fasthttp.go:74:12:74:14 | req |
+| fasthttp.go:75:20:75:22 | req |
+| fasthttp.go:76:21:76:23 | req |
+| fasthttp.go:77:19:77:21 | req |
+| fasthttp.go:80:20:80:22 | req |
+| fasthttp.go:81:28:81:30 | req |
+| fasthttp.go:82:27:82:29 | req |
+| fasthttp.go:85:17:85:32 | "127.0.0.1:8909" |
+| fasthttp.go:86:24:86:39 | "127.0.0.1:8909" |
+| fasthttp.go:87:26:87:41 | "127.0.0.1:8909" |
+| fasthttp.go:88:33:88:48 | "127.0.0.1:8909" |

go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/SSRF.ql

@@ -0,0 +1,4 @@
+import go
+import semmle.go.security.RequestForgery
+
+select any(RequestForgery::Sink s)

go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/UntrustedRemoteFlowSource.expected

@@ -0,0 +1,54 @@
+| fasthttp.go:102:15:102:53 | call to Peek |
+| fasthttp.go:119:23:119:31 | dstWriter |
+| fasthttp.go:120:3:120:24 | call to Header |
+| fasthttp.go:121:3:121:31 | call to TrailerHeader |
+| fasthttp.go:123:3:123:28 | call to RequestURI |
+| fasthttp.go:124:3:124:22 | call to Host |
+| fasthttp.go:125:3:125:27 | call to UserAgent |
+| fasthttp.go:126:3:126:33 | call to ContentEncoding |
+| fasthttp.go:127:3:127:29 | call to ContentType |
+| fasthttp.go:128:3:128:33 | call to Cookie |
+| fasthttp.go:129:3:129:46 | call to CookieBytes |
+| fasthttp.go:130:3:130:39 | call to MultipartFormBoundary |
+| fasthttp.go:131:3:131:35 | call to Peek |
+| fasthttp.go:132:3:132:38 | call to PeekAll |
+| fasthttp.go:133:3:133:48 | call to PeekBytes |
+| fasthttp.go:134:3:134:26 | call to PeekKeys |
+| fasthttp.go:135:3:135:33 | call to PeekTrailerKeys |
+| fasthttp.go:136:3:136:25 | call to Referer |
+| fasthttp.go:137:3:137:28 | call to RawHeaders |
+| fasthttp.go:140:3:140:25 | call to Path |
+| fasthttp.go:141:3:141:33 | call to PathOriginal |
+| fasthttp.go:144:3:144:28 | call to FullURI |
+| fasthttp.go:145:3:145:36 | call to LastPathSegment |
+| fasthttp.go:146:3:146:32 | call to QueryString |
+| fasthttp.go:147:3:147:27 | call to String |
+| fasthttp.go:148:28:148:36 | dstWriter |
+| fasthttp.go:153:3:153:43 | call to Peek |
+| fasthttp.go:154:3:154:56 | call to PeekBytes |
+| fasthttp.go:155:3:155:48 | call to PeekMulti |
+| fasthttp.go:156:3:156:61 | call to PeekMultiBytes |
+| fasthttp.go:157:3:157:44 | call to QueryString |
+| fasthttp.go:158:3:158:39 | call to String |
+| fasthttp.go:159:40:159:48 | dstWriter |
+| fasthttp.go:163:3:163:19 | call to Path |
+| fasthttp.go:167:3:167:22 | call to Referer |
+| fasthttp.go:168:3:168:23 | call to PostBody |
+| fasthttp.go:169:3:169:32 | call to RequestBodyStream |
+| fasthttp.go:170:3:170:25 | call to RequestURI |
+| fasthttp.go:171:3:171:24 | call to UserAgent |
+| fasthttp.go:172:3:172:19 | call to Host |
+| fasthttp.go:174:3:174:27 | call to Host |
+| fasthttp.go:175:3:175:27 | call to Body |
+| fasthttp.go:176:3:176:33 | call to RequestURI |
+| fasthttp.go:177:3:177:33 | call to BodyGunzip |
+| fasthttp.go:178:3:178:34 | call to BodyInflate |
+| fasthttp.go:179:3:179:35 | call to BodyUnbrotli |
+| fasthttp.go:180:3:180:33 | call to BodyStream |
+| fasthttp.go:181:34:181:42 | dstWriter |
+| fasthttp.go:182:30:182:38 | dstWriter |
+| fasthttp.go:183:3:183:39 | call to BodyUncompressed |
+| fasthttp.go:184:31:184:39 | dstReader |
+| fasthttp.go:185:36:185:44 | dstReader |
+| fasthttp.go:186:45:186:53 | dstReader |
+| fasthttp.go:187:39:187:47 | dstReader |

go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/UntrustedRemoteFlowSource.ql

@@ -0,0 +1,3 @@
+import go
+
+select any(UntrustedFlowSource s)

go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/Xss.expected

@@ -0,0 +1,11 @@
+| fasthttp.go:193:34:193:58 | type conversion |
+| fasthttp.go:194:40:194:56 | "user Controlled" |
+| fasthttp.go:197:31:197:55 | type conversion |
+| fasthttp.go:198:37:198:53 | "user Controlled" |
+| fasthttp.go:199:34:199:58 | type conversion |
+| fasthttp.go:200:37:200:45 | dstReader |
+| fasthttp.go:206:26:206:39 | type conversion |
+| fasthttp.go:207:32:207:37 | "body" |
+| fasthttp.go:212:34:212:90 | call to AppendQuotedArg |
+| fasthttp.go:213:34:213:83 | call to AppendHTMLEscape |
+| fasthttp.go:214:34:214:96 | call to AppendHTMLEscapeBytes |