mirror of
https://github.com/hohn/codeql-dataflow-sql-injection-go.git
synced 2025-12-16 10:13:04 +01:00
22 lines
524 B
Plaintext
22 lines
524 B
Plaintext
/**
|
|
* Identify the sink: the 3rd argument to exec.Command(...), i.e., index 2.
|
|
* Uses AST/semantic matching via resolved call target and argument position.
|
|
*/
|
|
|
|
import go
|
|
|
|
/** A sink expression corresponding to the 3rd argument to exec.Command. */
|
|
predicate isSink(Expr e) {
|
|
exists(Call c, Function f |
|
|
f = c.getTarget() and
|
|
f.getName() = "Command" and
|
|
f.getDeclaringPackage().getName() = "exec" and
|
|
e = c.getArgument(2)
|
|
)
|
|
}
|
|
|
|
from Expr e
|
|
where isSink(e)
|
|
select e, "Sink: 3rd argument to exec.Command"
|
|
|