github
diff --git a/‎go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected
Lines changed: 75 additions & 0 deletions b/‎go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected
Lines changed: 75 additions & 0 deletions
@@ -1,20 +1,60 @@
 #select
+| server/main.go:30:38:30:48 | selection of Text | rpc/notes/service.twirp.go:455:23:455:30 | selection of Body | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | rpc/notes/service.twirp.go:455:23:455:30 | selection of Body | user-provided value |
 | server/main.go:30:38:30:48 | selection of Text | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | user-provided value |
+| server/main.go:30:38:30:48 | selection of Text | rpc/notes/service.twirp.go:635:23:635:30 | selection of Body | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | rpc/notes/service.twirp.go:635:23:635:30 | selection of Body | user-provided value |
+| server/main.go:30:38:30:48 | selection of Text | rpc/notes/service.twirp.go:718:25:718:32 | selection of Body | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | rpc/notes/service.twirp.go:718:25:718:32 | selection of Body | user-provided value |
 | server/main.go:30:38:30:48 | selection of Text | server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | server/main.go:19:56:19:61 | definition of params | user-provided value |
 edges
 | client/main.go:16:35:16:78 | &... | server/main.go:19:56:19:61 | definition of params | provenance |  |
+| rpc/notes/service.twirp.go:382:66:382:68 | definition of req [pointer, Body] | rpc/notes/service.twirp.go:416:32:416:34 | req [pointer, Body] | provenance |  |
+| rpc/notes/service.twirp.go:416:32:416:34 | req [pointer, Body] | rpc/notes/service.twirp.go:428:93:428:95 | definition of req [pointer, Body] | provenance |  |
+| rpc/notes/service.twirp.go:428:93:428:95 | definition of req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:382:66:382:68 | definition of req [pointer, Body] | provenance |  |
+| rpc/notes/service.twirp.go:428:93:428:95 | definition of req [pointer, Body] | rpc/notes/service.twirp.go:428:93:428:95 | definition of req [Reverse] [pointer, Body] | provenance |  |
+| rpc/notes/service.twirp.go:428:93:428:95 | definition of req [pointer, Body] | rpc/notes/service.twirp.go:438:40:438:42 | req [pointer, Body] | provenance |  |
+| rpc/notes/service.twirp.go:428:93:428:95 | definition of req [pointer, Body] | rpc/notes/service.twirp.go:438:40:438:42 | req [pointer, Body] | provenance |  |
+| rpc/notes/service.twirp.go:438:40:438:42 | req [pointer, Body] | rpc/notes/service.twirp.go:529:101:529:103 | definition of req [pointer, Body] | provenance |  |
+| rpc/notes/service.twirp.go:438:40:438:42 | req [pointer, Body] | rpc/notes/service.twirp.go:529:101:529:103 | definition of req [pointer, Body] | provenance |  |
+| rpc/notes/service.twirp.go:446:97:446:99 | definition of req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:428:93:428:95 | definition of req [pointer, Body] | provenance |  |
+| rpc/notes/service.twirp.go:455:23:455:25 | implicit dereference [Reverse] [Body] | rpc/notes/service.twirp.go:455:23:455:25 | req [Reverse] [pointer, Body] | provenance |  |
+| rpc/notes/service.twirp.go:455:23:455:25 | req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:446:97:446:99 | definition of req [Reverse] [pointer, Body] | provenance |  |
+| rpc/notes/service.twirp.go:455:23:455:30 | selection of Body | rpc/notes/service.twirp.go:455:23:455:30 | selection of Body [Reverse] | provenance | Src:MaD:1  |
+| rpc/notes/service.twirp.go:455:23:455:30 | selection of Body [Reverse] | rpc/notes/service.twirp.go:455:23:455:25 | implicit dereference [Reverse] [Body] | provenance |  |
 | rpc/notes/service.twirp.go:473:6:473:13 | definition of typedReq | rpc/notes/service.twirp.go:477:44:477:51 | typedReq | provenance |  |
 | rpc/notes/service.twirp.go:477:44:477:51 | typedReq | server/main.go:19:56:19:61 | definition of params | provenance |  |
 | rpc/notes/service.twirp.go:493:2:493:2 | capture variable reqContent | rpc/notes/service.twirp.go:495:35:495:44 | reqContent | provenance |  |
 | rpc/notes/service.twirp.go:495:35:495:44 | reqContent | server/main.go:19:56:19:61 | definition of params | provenance |  |
+| rpc/notes/service.twirp.go:529:101:529:103 | definition of req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:428:93:428:95 | definition of req [pointer, Body] | provenance |  |
+| rpc/notes/service.twirp.go:529:101:529:103 | definition of req [pointer, Body] | rpc/notes/service.twirp.go:538:25:538:27 | req [pointer, Body] | provenance |  |
 | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | rpc/notes/service.twirp.go:544:27:544:29 | buf | provenance |  |
+| rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | rpc/notes/service.twirp.go:544:27:544:29 | buf | provenance |  |
+| rpc/notes/service.twirp.go:538:25:538:27 | implicit dereference [Body] | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | provenance |  |
+| rpc/notes/service.twirp.go:538:25:538:27 | implicit dereference [Reverse] [Body] | rpc/notes/service.twirp.go:538:25:538:27 | req [Reverse] [pointer, Body] | provenance |  |
+| rpc/notes/service.twirp.go:538:25:538:27 | req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:529:101:529:103 | definition of req [Reverse] [pointer, Body] | provenance |  |
+| rpc/notes/service.twirp.go:538:25:538:27 | req [pointer, Body] | rpc/notes/service.twirp.go:538:25:538:27 | implicit dereference [Body] | provenance |  |
+| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | provenance | MaD:3 |
 | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | provenance | Src:MaD:1 MaD:3 |
+| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body [Reverse] | provenance | Src:MaD:1  |
+| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body [Reverse] | rpc/notes/service.twirp.go:538:25:538:27 | implicit dereference [Reverse] [Body] | provenance |  |
+| rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | rpc/notes/service.twirp.go:574:2:574:2 | capture variable reqContent | provenance |  |
 | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | rpc/notes/service.twirp.go:574:2:574:2 | capture variable reqContent | provenance |  |
 | rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | provenance | MaD:2 |
+| rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | provenance | MaD:2 |
 | rpc/notes/service.twirp.go:554:6:554:13 | definition of typedReq | rpc/notes/service.twirp.go:558:44:558:51 | typedReq | provenance |  |
 | rpc/notes/service.twirp.go:558:44:558:51 | typedReq | server/main.go:19:56:19:61 | definition of params | provenance |  |
 | rpc/notes/service.twirp.go:574:2:574:2 | capture variable reqContent | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | provenance |  |
 | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | server/main.go:19:56:19:61 | definition of params | provenance |  |
+| rpc/notes/service.twirp.go:608:94:608:96 | definition of req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:382:66:382:68 | definition of req [pointer, Body] | provenance |  |
+| rpc/notes/service.twirp.go:608:94:608:96 | definition of req [pointer, Body] | rpc/notes/service.twirp.go:608:94:608:96 | definition of req [Reverse] [pointer, Body] | provenance |  |
+| rpc/notes/service.twirp.go:626:98:626:100 | definition of req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:608:94:608:96 | definition of req [pointer, Body] | provenance |  |
+| rpc/notes/service.twirp.go:635:23:635:25 | implicit dereference [Reverse] [Body] | rpc/notes/service.twirp.go:635:23:635:25 | req [Reverse] [pointer, Body] | provenance |  |
+| rpc/notes/service.twirp.go:635:23:635:25 | req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:626:98:626:100 | definition of req [Reverse] [pointer, Body] | provenance |  |
+| rpc/notes/service.twirp.go:635:23:635:30 | selection of Body | rpc/notes/service.twirp.go:635:23:635:30 | selection of Body [Reverse] | provenance | Src:MaD:1  |
+| rpc/notes/service.twirp.go:635:23:635:30 | selection of Body [Reverse] | rpc/notes/service.twirp.go:635:23:635:25 | implicit dereference [Reverse] [Body] | provenance |  |
+| rpc/notes/service.twirp.go:709:102:709:104 | definition of req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:608:94:608:96 | definition of req [pointer, Body] | provenance |  |
+| rpc/notes/service.twirp.go:718:25:718:27 | implicit dereference [Reverse] [Body] | rpc/notes/service.twirp.go:718:25:718:27 | req [Reverse] [pointer, Body] | provenance |  |
+| rpc/notes/service.twirp.go:718:25:718:27 | req [Reverse] [pointer, Body] | rpc/notes/service.twirp.go:709:102:709:104 | definition of req [Reverse] [pointer, Body] | provenance |  |
+| rpc/notes/service.twirp.go:718:25:718:32 | selection of Body | rpc/notes/service.twirp.go:718:25:718:32 | selection of Body [Reverse] | provenance | Src:MaD:1  |
+| rpc/notes/service.twirp.go:718:25:718:32 | selection of Body [Reverse] | rpc/notes/service.twirp.go:718:25:718:27 | implicit dereference [Reverse] [Body] | provenance |  |
 | server/main.go:19:56:19:61 | definition of params | server/main.go:19:56:19:61 | definition of params [Reverse] | provenance |  |
 | server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | provenance |  |
 | server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | provenance |  |
@@ -29,18 +69,53 @@ models
 | 3 | Summary: io; ; false; ReadAll; ; ; Argument[0]; ReturnValue[0]; taint; manual |
 nodes
 | client/main.go:16:35:16:78 | &... | semmle.label | &... |
+| rpc/notes/service.twirp.go:382:66:382:68 | definition of req [pointer, Body] | semmle.label | definition of req [pointer, Body] |
+| rpc/notes/service.twirp.go:416:32:416:34 | req [pointer, Body] | semmle.label | req [pointer, Body] |
+| rpc/notes/service.twirp.go:428:93:428:95 | definition of req [Reverse] [pointer, Body] | semmle.label | definition of req [Reverse] [pointer, Body] |
+| rpc/notes/service.twirp.go:428:93:428:95 | definition of req [pointer, Body] | semmle.label | definition of req [pointer, Body] |
+| rpc/notes/service.twirp.go:428:93:428:95 | definition of req [pointer, Body] | semmle.label | definition of req [pointer, Body] |
+| rpc/notes/service.twirp.go:438:40:438:42 | req [pointer, Body] | semmle.label | req [pointer, Body] |
+| rpc/notes/service.twirp.go:438:40:438:42 | req [pointer, Body] | semmle.label | req [pointer, Body] |
+| rpc/notes/service.twirp.go:446:97:446:99 | definition of req [Reverse] [pointer, Body] | semmle.label | definition of req [Reverse] [pointer, Body] |
+| rpc/notes/service.twirp.go:455:23:455:25 | implicit dereference [Reverse] [Body] | semmle.label | implicit dereference [Reverse] [Body] |
+| rpc/notes/service.twirp.go:455:23:455:25 | req [Reverse] [pointer, Body] | semmle.label | req [Reverse] [pointer, Body] |
+| rpc/notes/service.twirp.go:455:23:455:30 | selection of Body | semmle.label | selection of Body |
+| rpc/notes/service.twirp.go:455:23:455:30 | selection of Body [Reverse] | semmle.label | selection of Body [Reverse] |
 | rpc/notes/service.twirp.go:473:6:473:13 | definition of typedReq | semmle.label | definition of typedReq |
 | rpc/notes/service.twirp.go:477:44:477:51 | typedReq | semmle.label | typedReq |
 | rpc/notes/service.twirp.go:493:2:493:2 | capture variable reqContent | semmle.label | capture variable reqContent |
 | rpc/notes/service.twirp.go:495:35:495:44 | reqContent | semmle.label | reqContent |
+| rpc/notes/service.twirp.go:529:101:529:103 | definition of req [Reverse] [pointer, Body] | semmle.label | definition of req [Reverse] [pointer, Body] |
+| rpc/notes/service.twirp.go:529:101:529:103 | definition of req [pointer, Body] | semmle.label | definition of req [pointer, Body] |
+| rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | semmle.label | ... := ...[0] |
 | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | semmle.label | ... := ...[0] |
+| rpc/notes/service.twirp.go:538:25:538:27 | implicit dereference [Body] | semmle.label | implicit dereference [Body] |
+| rpc/notes/service.twirp.go:538:25:538:27 | implicit dereference [Reverse] [Body] | semmle.label | implicit dereference [Reverse] [Body] |
+| rpc/notes/service.twirp.go:538:25:538:27 | req [Reverse] [pointer, Body] | semmle.label | req [Reverse] [pointer, Body] |
+| rpc/notes/service.twirp.go:538:25:538:27 | req [pointer, Body] | semmle.label | req [pointer, Body] |
 | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | semmle.label | selection of Body |
+| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | semmle.label | selection of Body |
+| rpc/notes/service.twirp.go:538:25:538:32 | selection of Body [Reverse] | semmle.label | selection of Body [Reverse] |
+| rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | semmle.label | definition of reqContent |
 | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | semmle.label | definition of reqContent |
 | rpc/notes/service.twirp.go:544:27:544:29 | buf | semmle.label | buf |
+| rpc/notes/service.twirp.go:544:27:544:29 | buf | semmle.label | buf |
 | rpc/notes/service.twirp.go:554:6:554:13 | definition of typedReq | semmle.label | definition of typedReq |
 | rpc/notes/service.twirp.go:558:44:558:51 | typedReq | semmle.label | typedReq |
 | rpc/notes/service.twirp.go:574:2:574:2 | capture variable reqContent | semmle.label | capture variable reqContent |
 | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | semmle.label | reqContent |
+| rpc/notes/service.twirp.go:608:94:608:96 | definition of req [Reverse] [pointer, Body] | semmle.label | definition of req [Reverse] [pointer, Body] |
+| rpc/notes/service.twirp.go:608:94:608:96 | definition of req [pointer, Body] | semmle.label | definition of req [pointer, Body] |
+| rpc/notes/service.twirp.go:626:98:626:100 | definition of req [Reverse] [pointer, Body] | semmle.label | definition of req [Reverse] [pointer, Body] |
+| rpc/notes/service.twirp.go:635:23:635:25 | implicit dereference [Reverse] [Body] | semmle.label | implicit dereference [Reverse] [Body] |
+| rpc/notes/service.twirp.go:635:23:635:25 | req [Reverse] [pointer, Body] | semmle.label | req [Reverse] [pointer, Body] |
+| rpc/notes/service.twirp.go:635:23:635:30 | selection of Body | semmle.label | selection of Body |
+| rpc/notes/service.twirp.go:635:23:635:30 | selection of Body [Reverse] | semmle.label | selection of Body [Reverse] |
+| rpc/notes/service.twirp.go:709:102:709:104 | definition of req [Reverse] [pointer, Body] | semmle.label | definition of req [Reverse] [pointer, Body] |
+| rpc/notes/service.twirp.go:718:25:718:27 | implicit dereference [Reverse] [Body] | semmle.label | implicit dereference [Reverse] [Body] |
+| rpc/notes/service.twirp.go:718:25:718:27 | req [Reverse] [pointer, Body] | semmle.label | req [Reverse] [pointer, Body] |
+| rpc/notes/service.twirp.go:718:25:718:32 | selection of Body | semmle.label | selection of Body |
+| rpc/notes/service.twirp.go:718:25:718:32 | selection of Body [Reverse] | semmle.label | selection of Body [Reverse] |
 | server/main.go:19:56:19:61 | definition of params | semmle.label | definition of params |
 | server/main.go:19:56:19:61 | definition of params | semmle.label | definition of params |
 | server/main.go:19:56:19:61 | definition of params [Reverse] | semmle.label | definition of params [Reverse] |