Add failing tests for newly added functions

owen-mc · owen-mc · commit 63263d57edcc · 2026-01-21T14:33:34.000Z
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/completetest.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/completetest.expected
@@ -1,2 +1,4 @@
 invalidModelRow
 testFailures
+| test.go:204:21:204:51 | comment | Missing result: hasTaintFlow="call to new" |
+| test.go:205:21:205:55 | comment | Missing result: hasTaintFlow="star expression" |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/go.mod b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/go.mod
@@ -1,5 +1,5 @@
 module semmle.go.Packages
 
-go 1.13
+go 1.26
 
 require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/sinks.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/sinks.expected
@@ -44,4 +44,6 @@ invalidModelRow
 | test.go:199:23:199:26 | arg2 | qltest |
 | test.go:199:29:199:32 | arg3 | qltest |
 | test.go:202:22:202:25 | temp | qltest |
-| test.go:206:10:206:12 | src | qltest |
+| test.go:204:10:204:17 | call to new | qltest |
+| test.go:205:10:205:18 | star expression | qltest |
+| test.go:209:10:209:12 | src | qltest |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected
@@ -22,4 +22,4 @@ invalidModelRow
 | test.go:187:24:187:31 | call to Src1 | qltest |
 | test.go:191:24:191:31 | call to Src1 | qltest |
 | test.go:201:10:201:28 | selection of SourceVariable | qltest |
-| test.go:205:15:205:17 | definition of src | qltest |
+| test.go:208:15:208:17 | definition of src | qltest |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go
@@ -200,6 +200,9 @@ func simpleflow() {
 
 	temp := test.SourceVariable
 	test.SinkVariable = temp // $ hasTaintFlow="temp"
+
+	b.Sink1(new(src))  // $ hasTaintFlow="call to new"
+	b.Sink1(*new(src)) // $ hasTaintFlow="star expression"
 }
 
 func srcParam(src string, b test.B) {
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/completetest.expected
@@ -1,2 +1,3 @@
 invalidModelRow
 testFailures
+| test.go:213:21:213:55 | comment | Missing result: hasValueFlow="star expression" |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/go.mod b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/go.mod
@@ -1,5 +1,5 @@
 module semmle.go.Packages
 
-go 1.21
+go 1.26
 
 require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/sinks.expected
@@ -50,4 +50,6 @@ invalidModelRow
 | test.go:206:10:206:26 | call to min | qltest |
 | test.go:207:10:207:26 | call to min | qltest |
 | test.go:210:22:210:25 | temp | qltest |
-| test.go:214:10:214:12 | src | qltest |
+| test.go:212:10:212:17 | call to new | qltest |
+| test.go:213:10:213:18 | star expression | qltest |
+| test.go:217:10:217:12 | src | qltest |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected
@@ -22,4 +22,4 @@ invalidModelRow
 | test.go:187:24:187:31 | call to Src1 | qltest |
 | test.go:191:24:191:31 | call to Src1 | qltest |
 | test.go:209:10:209:28 | selection of SourceVariable | qltest |
-| test.go:213:15:213:17 | definition of src | qltest |
+| test.go:216:15:216:17 | definition of src | qltest |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go
@@ -208,6 +208,9 @@ func simpleflow() {
 
 	temp := test.SourceVariable
 	test.SinkVariable = temp // $ hasValueFlow="temp"
+
+	b.Sink1(new(src))
+	b.Sink1(*new(src)) // $ hasValueFlow="star expression"
 }
 
 func srcParam(src string, b test.B) {
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Builtin.go b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Builtin.go
@@ -60,6 +60,13 @@ func TaintStepTest_Min(sourceCQL interface{}) interface{} {
 	return intoInterface
 }
 
+func TaintStepTest_New(sourceCQL interface{}) interface{} {
+	from := sourceCQL.(int)
+	var intoInterface *int
+	intoInterface = new(from)
+	return *intoInterface
+}
+
 func RunAllTaints_Builtin() {
 	{
 		source := newSource(0)
@@ -101,4 +108,9 @@ func RunAllTaints_Builtin() {
 		out := TaintStepTest_Min(source)
 		sink(4, out)
 	}
+	{
+		source := newSource(5)
+		out := TaintStepTest_New(source)
+		sink(5, out)
+	}
 }
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Bytes.go b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Bytes.go
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Errors.go b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Errors.go
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected
@@ -0,0 +1,3 @@
+| Builtin.go:112:13:112:24 | call to newSource | No flow to its sink |
+| Bytes.go:635:13:635:25 | call to newSource | No flow to its sink |
+| Errors.go:72:13:72:24 | call to newSource | No flow to its sink |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/go.mod b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/go.mod
@@ -1,6 +1,6 @@
 module example.com/m
 
-go 1.24
+go 1.26
 
 require (
 	golang.org/x/net v0.0.0-20201010224723-4f7140c49acb

-Original file line number
+Diff line change
@@ @@ -1,5 +1,5 @@ @@
 module semmle.go.Packages
 -go 1.13
 +go 1.26
 require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000
Original file line number	Diff line number	Diff line change
`@@ -200,6 +200,9 @@ func simpleflow() {`
`200`	`200`
`201`	`201`	`temp := test.SourceVariable`
`202`	`202`	`test.SinkVariable = temp // $ hasTaintFlow="temp"`
	`203`	`+`
	`204`	`+ b.Sink1(new(src)) // $ hasTaintFlow="call to new"`
	`205`	`+ b.Sink1(*new(src)) // $ hasTaintFlow="star expression"`
`203`	`206`	`}`
`204`	`207`
`205`	`208`	`func srcParam(src string, b test.B) {`
Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,3 @@`
`1`	`1`	`invalidModelRow`
`2`	`2`	`testFailures`
	`3`	`+\| test.go:213:21:213:55 \| comment \| Missing result: hasValueFlow="star expression" \|`
Original file line number	Diff line number	Diff line change
`@@ -208,6 +208,9 @@ func simpleflow() {`
`208`	`208`
`209`	`209`	`temp := test.SourceVariable`
`210`	`210`	`test.SinkVariable = temp // $ hasValueFlow="temp"`
	`211`	`+`
	`212`	`+ b.Sink1(new(src))`
	`213`	`+ b.Sink1(*new(src)) // $ hasValueFlow="star expression"`
`211`	`214`	`}`
`212`	`215`
`213`	`216`	`func srcParam(src string, b test.B) {`