hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 14:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add a field read taint step

Browse Source
This commit is contained in:
Sauyon Lee
2019-11-18 23:51:10 -08:00
parent e0c589060a
commit 09865a5f5c
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ql/src/semmle/go/dataflow/TaintTracking.qll
View File

@@ -95,6 +95,11 @@ module TaintTracking {
succ.asExpr().(StarExpr).getBase() = pred.asExpr()
}
predicate fieldReadStep(DataFlow::Node pred, DataFlow::Node succ) {
// if x is tainted, then so is `x.y`
succ.(DataFlow::FieldReadNode).getBase() = pred
}
predicate arrayStep(DataFlow::Node pred, DataFlow::Node succ) {
// if an array is tainted, then so are all its elements
succ.asExpr().(IndexExpr).getBase() = pred.asExpr()
@@ -130,6 +135,7 @@ module TaintTracking {
*/
private predicate taintStep(DataFlow::Node pred, DataFlow::Node succ) {
referenceStep(pred, succ) or
fieldReadStep(pred, succ) or
arrayStep(pred, succ) or
tupleStep(pred, succ) or
stringConcatStep(pred, succ) or