mirror of
https://github.com/hohn/codeql-dataflow-sql-injection-go.git
synced 2025-12-15 18:03:03 +01:00
27 lines
576 B
Plaintext
27 lines
576 B
Plaintext
/**
|
|
* @name Sink identification
|
|
* @description Sink identification
|
|
* @kind problem
|
|
* @id go/demo/sink
|
|
* @problem.severity warning
|
|
|
|
* Identify the sink: the 3rd argument to exec.Command(...), i.e., index 2.
|
|
* Uses AST/semantic matching via resolved call target and argument position.
|
|
*/
|
|
|
|
import go
|
|
|
|
/** A sink expression corresponding to the 3rd argument to exec.Command. */
|
|
predicate isSink(Expr e) {
|
|
exists(CallExpr c |
|
|
c.getCalleeName() = "Command"
|
|
and
|
|
e = c.getArgument(2)
|
|
)
|
|
}
|
|
|
|
from Expr e
|
|
where isSink(e)
|
|
select e, "Sink: 3rd argument to exec.Command"
|
|
|