Add tests for MaD inheritance

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/go.mod

@@ -0,0 +1,5 @@
+module semmle.go.Packages
+
+go 1.21
+
+require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_i1_subtypes_false.expected

@@ -0,0 +1,10 @@
+invalidModelRow
+paths
+| test.go:8:7:8:16 | call to Source | test.go:10:9:10:9 | y |
+| test.go:32:7:32:16 | call to Source | test.go:34:9:34:9 | y |
+sources
+| test.go:8:7:8:16 | call to Source |
+| test.go:32:7:32:16 | call to Source |
+sinks
+| test.go:10:9:10:9 | y |
+| test.go:34:9:34:9 | y |

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_i1_subtypes_false.ext.yml

@@ -0,0 +1,16 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sourceModel
+    data:
+      - ["github.com/nonexistent/test", "I1", False, "Source", "", "", "ReturnValue", "remote", "manual"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: summaryModel
+    data:
+      - ["github.com/nonexistent/test", "I1", False, "Step", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/nonexistent/test", "I1", False, "Sink", "", "", "Argument[0]", "path-injection", "manual"]

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_i1_subtypes_false.ql

@@ -0,0 +1,18 @@
+import go
+import semmle.go.dataflow.ExternalFlow
+import ModelValidation
+import semmle.go.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
+
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { sources(source) }
+
+  predicate isSink(DataFlow::Node sink) { sinks(sink) }
+}
+
+module Flow = DataFlow::Global<Config>;
+
+query predicate paths(DataFlow::Node source, DataFlow::Node sink) { Flow::flow(source, sink) }
+
+query predicate sources(DataFlow::Node source) { source instanceof RemoteFlowSource }
+
+query predicate sinks(DataFlow::Node sink) { sink = any(FileSystemAccess fsa).getAPathArgument() }

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_i1_subtypes_true.expected

@@ -0,0 +1,40 @@
+invalidModelRow
+paths
+| test.go:8:7:8:16 | call to Source | test.go:10:9:10:9 | y |
+| test.go:14:7:14:16 | call to Source | test.go:16:9:16:9 | y |
+| test.go:20:7:20:16 | call to Source | test.go:22:9:22:9 | y |
+| test.go:26:7:26:16 | call to Source | test.go:28:9:28:9 | y |
+| test.go:32:7:32:16 | call to Source | test.go:34:9:34:9 | y |
+| test.go:38:7:38:16 | call to Source | test.go:40:9:40:9 | y |
+| test.go:44:7:44:16 | call to Source | test.go:46:9:46:9 | y |
+| test.go:50:7:50:16 | call to Source | test.go:52:9:52:9 | y |
+| test.go:56:7:56:16 | call to Source | test.go:58:9:58:9 | y |
+| test.go:62:7:62:16 | call to Source | test.go:64:9:64:9 | y |
+| test.go:68:7:68:16 | call to Source | test.go:70:9:70:9 | y |
+| test.go:74:7:74:16 | call to Source | test.go:76:9:76:9 | y |
+sources
+| test.go:8:7:8:16 | call to Source |
+| test.go:14:7:14:16 | call to Source |
+| test.go:20:7:20:16 | call to Source |
+| test.go:26:7:26:16 | call to Source |
+| test.go:32:7:32:16 | call to Source |
+| test.go:38:7:38:16 | call to Source |
+| test.go:44:7:44:16 | call to Source |
+| test.go:50:7:50:16 | call to Source |
+| test.go:56:7:56:16 | call to Source |
+| test.go:62:7:62:16 | call to Source |
+| test.go:68:7:68:16 | call to Source |
+| test.go:74:7:74:16 | call to Source |
+sinks
+| test.go:10:9:10:9 | y |
+| test.go:16:9:16:9 | y |
+| test.go:22:9:22:9 | y |
+| test.go:28:9:28:9 | y |
+| test.go:34:9:34:9 | y |
+| test.go:40:9:40:9 | y |
+| test.go:46:9:46:9 | y |
+| test.go:52:9:52:9 | y |
+| test.go:58:9:58:9 | y |
+| test.go:64:9:64:9 | y |
+| test.go:70:9:70:9 | y |
+| test.go:76:9:76:9 | y |

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_i1_subtypes_true.ext.yml

@@ -0,0 +1,16 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sourceModel
+    data:
+      - ["github.com/nonexistent/test", "I1", True, "Source", "", "", "ReturnValue", "remote", "manual"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: summaryModel
+    data:
+      - ["github.com/nonexistent/test", "I1", True, "Step", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/nonexistent/test", "I1", True, "Sink", "", "", "Argument[0]", "path-injection", "manual"]

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_i1_subtypes_true.ql

@@ -0,0 +1,18 @@
+import go
+import semmle.go.dataflow.ExternalFlow
+import ModelValidation
+import semmle.go.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
+
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { sources(source) }
+
+  predicate isSink(DataFlow::Node sink) { sinks(sink) }
+}
+
+module Flow = DataFlow::Global<Config>;
+
+query predicate paths(DataFlow::Node source, DataFlow::Node sink) { Flow::flow(source, sink) }
+
+query predicate sources(DataFlow::Node source) { source instanceof RemoteFlowSource }
+
+query predicate sinks(DataFlow::Node sink) { sink = any(FileSystemAccess fsa).getAPathArgument() }

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_i2_subtypes_false.expected

@@ -0,0 +1,10 @@
+invalidModelRow
+paths
+| test.go:14:7:14:16 | call to Source | test.go:16:9:16:9 | y |
+| test.go:38:7:38:16 | call to Source | test.go:40:9:40:9 | y |
+sources
+| test.go:14:7:14:16 | call to Source |
+| test.go:38:7:38:16 | call to Source |
+sinks
+| test.go:16:9:16:9 | y |
+| test.go:40:9:40:9 | y |

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_i2_subtypes_false.ext.yml

@@ -0,0 +1,16 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sourceModel
+    data:
+      - ["github.com/nonexistent/test", "I2", False, "Source", "", "", "ReturnValue", "remote", "manual"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: summaryModel
+    data:
+      - ["github.com/nonexistent/test", "I2", False, "Step", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/nonexistent/test", "I2", False, "Sink", "", "", "Argument[0]", "path-injection", "manual"]

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_i2_subtypes_false.ql

@@ -0,0 +1,18 @@
+import go
+import semmle.go.dataflow.ExternalFlow
+import ModelValidation
+import semmle.go.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
+
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { sources(source) }
+
+  predicate isSink(DataFlow::Node sink) { sinks(sink) }
+}
+
+module Flow = DataFlow::Global<Config>;
+
+query predicate paths(DataFlow::Node source, DataFlow::Node sink) { Flow::flow(source, sink) }
+
+query predicate sources(DataFlow::Node source) { source instanceof RemoteFlowSource }
+
+query predicate sinks(DataFlow::Node sink) { sink = any(FileSystemAccess fsa).getAPathArgument() }

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_i2_subtypes_true.expected

@@ -0,0 +1,22 @@
+invalidModelRow
+paths
+| test.go:14:7:14:16 | call to Source | test.go:16:9:16:9 | y |
+| test.go:26:7:26:16 | call to Source | test.go:28:9:28:9 | y |
+| test.go:38:7:38:16 | call to Source | test.go:40:9:40:9 | y |
+| test.go:50:7:50:16 | call to Source | test.go:52:9:52:9 | y |
+| test.go:62:7:62:16 | call to Source | test.go:64:9:64:9 | y |
+| test.go:74:7:74:16 | call to Source | test.go:76:9:76:9 | y |
+sources
+| test.go:14:7:14:16 | call to Source |
+| test.go:26:7:26:16 | call to Source |
+| test.go:38:7:38:16 | call to Source |
+| test.go:50:7:50:16 | call to Source |
+| test.go:62:7:62:16 | call to Source |
+| test.go:74:7:74:16 | call to Source |
+sinks
+| test.go:16:9:16:9 | y |
+| test.go:28:9:28:9 | y |
+| test.go:40:9:40:9 | y |
+| test.go:52:9:52:9 | y |
+| test.go:64:9:64:9 | y |
+| test.go:76:9:76:9 | y |

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_i2_subtypes_true.ext.yml

@@ -0,0 +1,16 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sourceModel
+    data:
+      - ["github.com/nonexistent/test", "I2", True, "Source", "", "", "ReturnValue", "remote", "manual"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: summaryModel
+    data:
+      - ["github.com/nonexistent/test", "I2", True, "Step", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/nonexistent/test", "I2", True, "Sink", "", "", "Argument[0]", "path-injection", "manual"]

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_i2_subtypes_true.ql

@@ -0,0 +1,18 @@
+import go
+import semmle.go.dataflow.ExternalFlow
+import ModelValidation
+import semmle.go.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
+
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { sources(source) }
+
+  predicate isSink(DataFlow::Node sink) { sinks(sink) }
+}
+
+module Flow = DataFlow::Global<Config>;
+
+query predicate paths(DataFlow::Node source, DataFlow::Node sink) { Flow::flow(source, sink) }
+
+query predicate sources(DataFlow::Node source) { source instanceof RemoteFlowSource }
+
+query predicate sinks(DataFlow::Node sink) { sink = any(FileSystemAccess fsa).getAPathArgument() }

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_s1_subtypes_false.expected

@@ -0,0 +1,10 @@
+invalidModelRow
+paths
+| test.go:20:7:20:16 | call to Source | test.go:22:9:22:9 | y |
+| test.go:56:7:56:16 | call to Source | test.go:58:9:58:9 | y |
+sources
+| test.go:20:7:20:16 | call to Source |
+| test.go:56:7:56:16 | call to Source |
+sinks
+| test.go:22:9:22:9 | y |
+| test.go:58:9:58:9 | y |

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_s1_subtypes_false.ext.yml

@@ -0,0 +1,16 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sourceModel
+    data:
+      - ["github.com/nonexistent/test", "S1", False, "Source", "", "", "ReturnValue", "remote", "manual"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: summaryModel
+    data:
+      - ["github.com/nonexistent/test", "S1", False, "Step", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/nonexistent/test", "S1", False, "Sink", "", "", "Argument[0]", "path-injection", "manual"]

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_s1_subtypes_false.ql

@@ -0,0 +1,18 @@
+import go
+import semmle.go.dataflow.ExternalFlow
+import ModelValidation
+import semmle.go.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
+
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { sources(source) }
+
+  predicate isSink(DataFlow::Node sink) { sinks(sink) }
+}
+
+module Flow = DataFlow::Global<Config>;
+
+query predicate paths(DataFlow::Node source, DataFlow::Node sink) { Flow::flow(source, sink) }
+
+query predicate sources(DataFlow::Node source) { source instanceof RemoteFlowSource }
+
+query predicate sinks(DataFlow::Node sink) { sink = any(FileSystemAccess fsa).getAPathArgument() }

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_s1_subtypes_true.expected

@@ -0,0 +1,10 @@
+invalidModelRow
+paths
+| test.go:20:7:20:16 | call to Source | test.go:22:9:22:9 | y |
+| test.go:56:7:56:16 | call to Source | test.go:58:9:58:9 | y |
+sources
+| test.go:20:7:20:16 | call to Source |
+| test.go:56:7:56:16 | call to Source |
+sinks
+| test.go:22:9:22:9 | y |
+| test.go:58:9:58:9 | y |

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_s1_subtypes_true.ext.yml

@@ -0,0 +1,16 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sourceModel
+    data:
+      - ["github.com/nonexistent/test", "S1", True, "Source", "", "", "ReturnValue", "remote", "manual"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: summaryModel
+    data:
+      - ["github.com/nonexistent/test", "S1", True, "Step", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/nonexistent/test", "S1", True, "Sink", "", "", "Argument[0]", "path-injection", "manual"]

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_s1_subtypes_true.ql

@@ -0,0 +1,18 @@
+import go
+import semmle.go.dataflow.ExternalFlow
+import ModelValidation
+import semmle.go.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
+
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { sources(source) }
+
+  predicate isSink(DataFlow::Node sink) { sinks(sink) }
+}
+
+module Flow = DataFlow::Global<Config>;
+
+query predicate paths(DataFlow::Node source, DataFlow::Node sink) { Flow::flow(source, sink) }
+
+query predicate sources(DataFlow::Node source) { source instanceof RemoteFlowSource }
+
+query predicate sinks(DataFlow::Node sink) { sink = any(FileSystemAccess fsa).getAPathArgument() }

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/ql_i1.expected

@@ -0,0 +1,10 @@
+invalidModelRow
+paths
+| test.go:8:7:8:16 | call to Source | test.go:10:9:10:9 | y |
+| test.go:32:7:32:16 | call to Source | test.go:34:9:34:9 | y |
+sources
+| test.go:8:7:8:16 | call to Source |
+| test.go:32:7:32:16 | call to Source |
+sinks
+| test.go:10:9:10:9 | y |
+| test.go:34:9:34:9 | y |

go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/ql_i1.ql

@@ -0,0 +1,46 @@
+import go
+import semmle.go.dataflow.ExternalFlow
+import ModelValidation
+import semmle.go.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
+
+class MySource extends RemoteFlowSource::Range instanceof DataFlow::Node {
+  MySource() {
+    exists(Method m |
+      m.hasQualifiedName("github.com/nonexistent/test", "I1", "Source") and
+      this = m.getACall().getResult()
+    )
+  }
+}
+
+class MyStep extends DataFlow::FunctionModel, Method {
+  MyStep() { this.hasQualifiedName("github.com/nonexistent/test", "I1", "Step") }
+
+  override predicate hasDataFlow(FunctionInput input, FunctionOutput output) {
+    input.isParameter(0) and output.isResult()
+  }
+}
+
+class MySink extends FileSystemAccess::Range, DataFlow::CallNode {
+  MySink() {
+    exists(Method m |
+      m.hasQualifiedName("github.com/nonexistent/test", "I1", "Sink") and
+      this = m.getACall()
+    )
+  }
+
+  override DataFlow::Node getAPathArgument() { result = this.getArgument(0) }
+}
+
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { sources(source) }
+
+  predicate isSink(DataFlow::Node sink) { sinks(sink) }
+}
+
+module Flow = DataFlow::Global<Config>;
+
+query predicate paths(DataFlow::Node source, DataFlow::Node sink) { Flow::flow(source, sink) }
+
+query predicate sources(DataFlow::Node source) { source instanceof RemoteFlowSource }
+
+query predicate sinks(DataFlow::Node sink) { sink = any(FileSystemAccess fsa).getAPathArgument() }