mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
Switch to use-use dataflow. This will make post-update nodes easy to implement.
Queries / tests that required changes: * The CleartextLogging and MissingErrorCheck queries are updated because they assumed def-use flow * The CommandInjection query works around the shortcomings of use-use flow by essentially reintroducing def-use flow when it applies a sanitizer * The OpenUrlRedirect query currently just accepts its fate; the tests are updated to avoid excess sanitization while the query comments on the problem. We should choose this approach or the CommandInjection one.
This commit is contained in:
Owen Mansel-Chan
@@ -197,6 +197,8 @@ class SsaExplicitDefinition extends SsaDefinition, TExplicitDef {
|
||||
override string prettyPrintDef() { result = "definition of " + this.getSourceVariable() }
|
||||
|
||||
override Location getLocation() { result = this.getInstruction().getLocation() }
|
||||
|
||||
IR::Instruction getAFirstUse() { firstUse(this, result) }
|
||||
}
|
||||
|
||||
/** Provides a helper predicate for working with explicit SSA definitions. */
|
||||
@@ -410,3 +412,5 @@ DataFlow::Node getASimilarReadNode(DataFlow::Node node) {
|
||||
result = readFields.similar().getAUse()
|
||||
)
|
||||
}
|
||||
|
||||
IR::Instruction getAnAdjacentUse(IR::Instruction pred) { adjacentUseUse(pred, result) }
|
||||
|
||||
@@ -199,6 +199,8 @@ private module Internal {
|
||||
/**
|
||||
* Holds if the `i`th node of `bb` is a use or an SSA definition of variable `v`, with
|
||||
* `k` indicating whether it is the former or the latter.
|
||||
*
|
||||
* Note this includes phi nodes, whereas `ref` above only includes explicit writes and captures.
|
||||
*/
|
||||
private predicate ssaRef(ReachableBasicBlock bb, int i, SsaSourceVariable v, RefKind k) {
|
||||
useAt(bb, i, v) and k = ReadRef()
|
||||
@@ -290,6 +292,145 @@ private module Internal {
|
||||
or
|
||||
rewindReads(bb, i, v) = 1 and result = getDefReachingEndOf(bb.getImmediateDominator(), v)
|
||||
}
|
||||
|
||||
private module AdjacentUsesImpl {
|
||||
/** Holds if `v` is defined or used in `b`. */
|
||||
private predicate varOccursInBlock(SsaSourceVariable v, ReachableBasicBlock b) {
|
||||
ssaRef(b, _, v, _)
|
||||
}
|
||||
|
||||
/** Holds if `v` occurs in `b` or one of `b`'s transitive successors. */
|
||||
private predicate blockPrecedesVar(SsaSourceVariable v, ReachableBasicBlock b) {
|
||||
varOccursInBlock(v, b)
|
||||
or
|
||||
exists(getDefReachingEndOf(b, v))
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and
|
||||
* in `b2` or one of its transitive successors but not in any block on the path
|
||||
* between `b1` and `b2`.
|
||||
*/
|
||||
private predicate varBlockReaches(
|
||||
SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2
|
||||
) {
|
||||
varOccursInBlock(v, b1) and
|
||||
b2 = b1.getASuccessor() and
|
||||
blockPrecedesVar(v, b2)
|
||||
or
|
||||
exists(ReachableBasicBlock mid |
|
||||
varBlockReaches(v, b1, mid) and
|
||||
b2 = mid.getASuccessor() and
|
||||
not varOccursInBlock(v, mid) and
|
||||
blockPrecedesVar(v, b2)
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and
|
||||
* `b2` but not in any block on the path between `b1` and `b2`.
|
||||
*/
|
||||
private predicate varBlockStep(
|
||||
SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2
|
||||
) {
|
||||
varBlockReaches(v, b1, b2) and
|
||||
varOccursInBlock(v, b2)
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the maximum rank among all SSA references to `v` in basic block `bb`.
|
||||
*/
|
||||
private int maxSsaRefRank(ReachableBasicBlock bb, SsaSourceVariable v) {
|
||||
result = max(ssaRefRank(bb, _, v, _))
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `v` occurs at index `i1` in `b1` and at index `i2` in `b2` and
|
||||
* there is a path between them without any occurrence of `v`.
|
||||
*/
|
||||
pragma[nomagic]
|
||||
predicate adjacentVarRefs(
|
||||
SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2
|
||||
) {
|
||||
exists(int rankix |
|
||||
b1 = b2 and
|
||||
ssaRefRank(b1, i1, v, _) = rankix and
|
||||
ssaRefRank(b2, i2, v, _) = rankix + 1
|
||||
)
|
||||
or
|
||||
maxSsaRefRank(b1, v) = ssaRefRank(b1, i1, v, _) and
|
||||
varBlockStep(v, b1, b2) and
|
||||
ssaRefRank(b2, i2, v, _) = 1
|
||||
}
|
||||
|
||||
predicate variableUse(SsaSourceVariable v, IR::Instruction use, ReachableBasicBlock bb, int i) {
|
||||
bb.getNode(i) = use and
|
||||
exists(SsaVariable sv |
|
||||
sv.getSourceVariable() = v and
|
||||
use = sv.getAUse()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
private import AdjacentUsesImpl
|
||||
|
||||
/**
|
||||
* Holds if the value defined at `def` can reach `use` without passing through
|
||||
* any other uses, but possibly through phi nodes.
|
||||
*/
|
||||
cached
|
||||
predicate firstUse(SsaDefinition def, IR::Instruction use) {
|
||||
exists(SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2 |
|
||||
adjacentVarRefs(v, b1, i1, b2, i2) and
|
||||
def.definesAt(b1, i1, v) and
|
||||
variableUse(v, use, b2, i2)
|
||||
)
|
||||
or
|
||||
exists(
|
||||
SsaSourceVariable v, SsaPhiNode redef, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2,
|
||||
int i2
|
||||
|
|
||||
adjacentVarRefs(v, b1, i1, b2, i2) and
|
||||
def.definesAt(b1, i1, v) and
|
||||
redef.definesAt(b2, i2, v) and
|
||||
firstUse(redef, use)
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `use1` and `use2` form an adjacent use-use-pair of the same SSA
|
||||
* variable, that is, the value read in `use1` can reach `use2` without passing
|
||||
* through any other use or any SSA definition of the variable.
|
||||
*/
|
||||
cached
|
||||
predicate adjacentUseUseSameVar(IR::Instruction use1, IR::Instruction use2) {
|
||||
exists(SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2 |
|
||||
adjacentVarRefs(v, b1, i1, b2, i2) and
|
||||
variableUse(v, use1, b1, i1) and
|
||||
variableUse(v, use2, b2, i2)
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `use1` and `use2` form an adjacent use-use-pair of the same
|
||||
* `SsaSourceVariable`, that is, the value read in `use1` can reach `use2`
|
||||
* without passing through any other use or any SSA definition of the variable
|
||||
* except for phi nodes and uncertain implicit updates.
|
||||
*/
|
||||
cached
|
||||
predicate adjacentUseUse(IR::Instruction use1, IR::Instruction use2) {
|
||||
adjacentUseUseSameVar(use1, use2)
|
||||
or
|
||||
exists(
|
||||
SsaSourceVariable v, SsaPhiNode def, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2,
|
||||
int i2
|
||||
|
|
||||
adjacentVarRefs(v, b1, i1, b2, i2) and
|
||||
variableUse(v, use1, b1, i1) and
|
||||
def.definesAt(b2, i2, v) and
|
||||
firstUse(def, use2)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
import Internal
|
||||
|
||||
@@ -65,26 +65,36 @@ predicate basicLocalFlowStep(Node nodeFrom, Node nodeTo) {
|
||||
else nodeTo.asInstruction() = evalAssert
|
||||
)
|
||||
or
|
||||
// Instruction -> SSA
|
||||
// Instruction -> SSA defn
|
||||
exists(IR::Instruction pred, SsaExplicitDefinition succ |
|
||||
succ.getRhs() = pred and
|
||||
nodeFrom = instructionNode(pred) and
|
||||
nodeTo = ssaNode(succ)
|
||||
)
|
||||
or
|
||||
// SSA -> SSA
|
||||
exists(SsaDefinition pred, SsaPseudoDefinition succ | succ.getAnInput() = pred |
|
||||
// SSA defn -> SSA capture
|
||||
exists(SsaExplicitDefinition pred, SsaVariableCapture succ |
|
||||
// Check: should these flow from PHIs as well? Perhaps they should be included
|
||||
// in the use-use graph?
|
||||
succ.(SsaVariableCapture).getSourceVariable() = pred.(SsaExplicitDefinition).getSourceVariable()
|
||||
|
|
||||
nodeFrom = ssaNode(pred) and
|
||||
nodeTo = ssaNode(succ)
|
||||
)
|
||||
or
|
||||
// SSA -> Instruction
|
||||
exists(SsaDefinition pred, IR::Instruction succ |
|
||||
succ = pred.getVariable().getAUse() and
|
||||
// SSA defn -> first SSA use
|
||||
exists(SsaExplicitDefinition pred, IR::Instruction succ | succ = pred.getAFirstUse() |
|
||||
nodeFrom = ssaNode(pred) and
|
||||
nodeTo = instructionNode(succ)
|
||||
)
|
||||
or
|
||||
// SSA use -> successive SSA use
|
||||
// Note this case includes Phi node traversal
|
||||
exists(IR::Instruction pred, IR::Instruction succ | succ = getAnAdjacentUse(pred) |
|
||||
nodeFrom = instructionNode(pred) and
|
||||
nodeTo = instructionNode(succ)
|
||||
)
|
||||
or
|
||||
// GlobalFunctionNode -> use
|
||||
nodeFrom =
|
||||
any(GlobalFunctionNode fn | fn.getFunction() = nodeTo.asExpr().(FunctionName).getTarget())
|
||||
|
||||
@@ -55,6 +55,8 @@ module CleartextLogging {
|
||||
|
|
||||
this.asExpr().(Ident).getName() = name
|
||||
or
|
||||
this.(DataFlow::SsaNode).getSourceVariable().getName() = name
|
||||
or
|
||||
this.(DataFlow::FieldReadNode).getFieldName() = name
|
||||
or
|
||||
this.(DataFlow::CallNode).getCalleeName() = name
|
||||
@@ -143,7 +145,7 @@ module CleartextLogging {
|
||||
not this instanceof NonCleartextPassword and
|
||||
name.regexpMatch(maybePassword()) and
|
||||
(
|
||||
this.asExpr().(Ident).getName() = name
|
||||
this.(DataFlow::SsaNode).getSourceVariable().getName() = name
|
||||
or
|
||||
exists(DataFlow::FieldReadNode fn |
|
||||
fn = this and
|
||||
|
||||
@@ -84,6 +84,28 @@ module CommandInjection {
|
||||
}
|
||||
|
||||
predicate observeDiffInformedIncrementalMode() { any() }
|
||||
|
||||
// Hack: with use-use flow, we might have x (use at line 1) -> x (use at line 2),
|
||||
// x (use at line 1) -> array at line 1 and x (use at line 2) -> array at line 2,
|
||||
// in the context
|
||||
//
|
||||
// array1 := {"--", x}
|
||||
// array2 := {x, "--"}
|
||||
//
|
||||
// We want to taint array2 but not array1, which suggests excluding the edge x (use 1) -> array1
|
||||
// However isSanitizer only allows us to remove nodes (isSanitizerIn/Out permit removing all outgoing
|
||||
// or incoming edges); we can't remove an individual edge, so instead we supply extra edges connecting
|
||||
// the definition with the next use.
|
||||
predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
exists(
|
||||
ArgumentArrayWithDoubleDash array, DataFlow::InstructionNode sanitized,
|
||||
DataFlow::SsaNode defn
|
||||
|
|
||||
sanitized = array.getASanitizedElement() and sanitized = defn.getAUse()
|
||||
|
|
||||
pred = defn and succ = sanitized.getASuccessor()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -73,6 +73,16 @@ predicate checksValue(IR::Instruction instruction, DataFlow::SsaNode value) {
|
||||
)
|
||||
}
|
||||
|
||||
// Now that we have use-use flow, phi nodes aren't directly involved in the flow graph. TODO: change this?
|
||||
DataFlow::SsaNode phiDefinedFrom(DataFlow::SsaNode node) {
|
||||
result.getDefinition().(SsaPseudoDefinition).getAnInput() = node.getDefinition().getVariable()
|
||||
}
|
||||
|
||||
DataFlow::SsaNode definedFrom(DataFlow::SsaNode node) {
|
||||
DataFlow::localFlow(node, result) or
|
||||
result = phiDefinedFrom*(node)
|
||||
}
|
||||
|
||||
/**
|
||||
* Matches if `call` is a function returning (`ptr`, `err`) where `ptr` may be nil, and neither
|
||||
* `ptr` not `err` has been checked for validity as of `node`.
|
||||
@@ -99,7 +109,7 @@ predicate returnUncheckedAtNode(
|
||||
// localFlow is used to permit checks via either an SSA phi node or ordinary assignment.
|
||||
returnUncheckedAtNode(call, node.getAPredecessor(), ptr, err) and
|
||||
not exists(DataFlow::SsaNode checked |
|
||||
DataFlow::localFlow(ptr, checked) or DataFlow::localFlow(err, checked)
|
||||
checked = definedFrom(ptr) or checked = definedFrom(err)
|
||||
|
|
||||
checksValue(node, checked)
|
||||
)
|
||||
|
||||
@@ -49,27 +49,28 @@
|
||||
| main.go:3:6:3:10 | function test1 | main.go:34:2:34:6 | test1 |
|
||||
| main.go:3:12:3:12 | argument corresponding to x | main.go:3:12:3:12 | definition of x |
|
||||
| main.go:3:12:3:12 | definition of x | main.go:5:5:5:5 | x |
|
||||
| main.go:3:12:3:12 | definition of x | main.go:6:7:6:7 | x |
|
||||
| main.go:3:12:3:12 | definition of x | main.go:8:8:8:8 | x |
|
||||
| main.go:3:12:3:12 | definition of x | main.go:10:7:10:7 | x |
|
||||
| main.go:3:12:3:12 | definition of x | main.go:10:22:10:22 | x |
|
||||
| main.go:3:19:3:20 | argument corresponding to fn | main.go:3:19:3:20 | definition of fn |
|
||||
| main.go:3:19:3:20 | definition of fn | main.go:10:24:10:25 | fn |
|
||||
| main.go:6:3:6:3 | definition of y | main.go:10:2:10:2 | y = phi(def@6:3, def@8:3) |
|
||||
| main.go:5:5:5:5 | x | main.go:6:7:6:7 | x |
|
||||
| main.go:5:5:5:5 | x | main.go:8:8:8:8 | x |
|
||||
| main.go:6:3:6:3 | definition of y | main.go:10:12:10:12 | y |
|
||||
| main.go:6:7:6:7 | x | main.go:6:3:6:3 | definition of y |
|
||||
| main.go:8:3:8:3 | definition of y | main.go:10:2:10:2 | y = phi(def@6:3, def@8:3) |
|
||||
| main.go:6:7:6:7 | x | main.go:10:7:10:7 | x |
|
||||
| main.go:8:3:8:3 | definition of y | main.go:10:12:10:12 | y |
|
||||
| main.go:8:7:8:8 | -... | main.go:8:3:8:3 | definition of y |
|
||||
| main.go:8:8:8:8 | x | main.go:10:7:10:7 | x |
|
||||
| main.go:10:2:10:2 | definition of z | main.go:11:14:11:14 | z |
|
||||
| main.go:10:2:10:2 | y = phi(def@6:3, def@8:3) | main.go:10:12:10:12 | y |
|
||||
| main.go:10:2:10:2 | y = phi(def@6:3, def@8:3) | main.go:10:17:10:17 | y |
|
||||
| main.go:10:7:10:7 | x | main.go:10:22:10:22 | x |
|
||||
| main.go:10:7:10:12 | ...<=... | main.go:10:7:10:27 | ...&&... |
|
||||
| main.go:10:7:10:27 | ...&&... | main.go:10:2:10:2 | definition of z |
|
||||
| main.go:10:12:10:12 | y | main.go:10:17:10:17 | y |
|
||||
| main.go:10:17:10:27 | ...>=... | main.go:10:7:10:27 | ...&&... |
|
||||
| main.go:11:14:11:14 | z | main.go:11:9:11:15 | type conversion |
|
||||
| main.go:14:6:14:10 | function test2 | main.go:34:8:34:12 | test2 |
|
||||
| main.go:14:6:14:10 | function test2 | main.go:34:19:34:23 | test2 |
|
||||
| main.go:15:2:15:4 | definition of acc | main.go:16:9:19:2 | capture variable acc |
|
||||
| main.go:15:9:15:9 | 0 | main.go:15:2:15:4 | definition of acc |
|
||||
| main.go:16:9:19:2 | capture variable acc | main.go:17:3:17:5 | acc |
|
||||
| main.go:17:3:17:7 | definition of acc | main.go:16:9:19:2 | capture variable acc |
|
||||
| main.go:17:3:17:7 | definition of acc | main.go:18:10:18:12 | acc |
|
||||
| main.go:17:3:17:7 | rhs of increment statement | main.go:17:3:17:7 | definition of acc |
|
||||
| main.go:22:12:22:12 | argument corresponding to b | main.go:22:12:22:12 | definition of b |
|
||||
@@ -84,50 +85,50 @@
|
||||
| main.go:26:5:26:6 | definition of ok | main.go:27:5:27:6 | ok |
|
||||
| main.go:26:11:26:11 | x | main.go:26:2:26:17 | ... := ...[0] |
|
||||
| main.go:38:2:38:2 | definition of s | main.go:39:15:39:15 | s |
|
||||
| main.go:38:2:38:2 | definition of s | main.go:40:15:40:15 | s |
|
||||
| main.go:38:2:38:2 | definition of s | main.go:42:7:42:7 | s |
|
||||
| main.go:38:7:38:20 | slice literal | main.go:38:2:38:2 | definition of s |
|
||||
| main.go:39:2:39:3 | definition of s1 | main.go:40:18:40:19 | s1 |
|
||||
| main.go:39:8:39:25 | call to append | main.go:39:2:39:3 | definition of s1 |
|
||||
| main.go:39:15:39:15 | s | main.go:40:15:40:15 | s |
|
||||
| main.go:40:2:40:3 | definition of s2 | main.go:43:9:43:10 | s2 |
|
||||
| main.go:40:8:40:23 | call to append | main.go:40:2:40:3 | definition of s2 |
|
||||
| main.go:40:15:40:15 | s | main.go:42:7:42:7 | s |
|
||||
| main.go:41:2:41:3 | definition of s4 | main.go:42:10:42:11 | s4 |
|
||||
| main.go:41:8:41:21 | call to make | main.go:41:2:41:3 | definition of s4 |
|
||||
| main.go:46:13:46:14 | argument corresponding to xs | main.go:46:13:46:14 | definition of xs |
|
||||
| main.go:46:13:46:14 | definition of xs | main.go:47:20:47:21 | xs |
|
||||
| main.go:46:24:46:27 | definition of keys | main.go:47:20:47:21 | keys = phi(def@46:24, def@49:3) |
|
||||
| main.go:46:24:46:27 | definition of keys | main.go:46:24:46:27 | implicit read of keys |
|
||||
| main.go:46:24:46:27 | definition of keys | main.go:49:3:49:6 | keys |
|
||||
| main.go:46:24:46:27 | zero value for keys | main.go:46:24:46:27 | definition of keys |
|
||||
| main.go:46:34:46:37 | definition of vals | main.go:47:20:47:21 | vals = phi(def@46:34, def@48:3) |
|
||||
| main.go:46:34:46:37 | definition of vals | main.go:46:34:46:37 | implicit read of vals |
|
||||
| main.go:46:34:46:37 | definition of vals | main.go:48:3:48:6 | vals |
|
||||
| main.go:46:34:46:37 | zero value for vals | main.go:46:34:46:37 | definition of vals |
|
||||
| main.go:47:2:50:2 | range statement[0] | main.go:47:6:47:6 | definition of k |
|
||||
| main.go:47:2:50:2 | range statement[1] | main.go:47:9:47:9 | definition of v |
|
||||
| main.go:47:6:47:6 | definition of k | main.go:49:11:49:11 | k |
|
||||
| main.go:47:9:47:9 | definition of v | main.go:48:11:48:11 | v |
|
||||
| main.go:47:20:47:21 | keys = phi(def@46:24, def@49:3) | main.go:46:24:46:27 | implicit read of keys |
|
||||
| main.go:47:20:47:21 | keys = phi(def@46:24, def@49:3) | main.go:49:3:49:6 | keys |
|
||||
| main.go:47:20:47:21 | vals = phi(def@46:34, def@48:3) | main.go:46:34:46:37 | implicit read of vals |
|
||||
| main.go:47:20:47:21 | vals = phi(def@46:34, def@48:3) | main.go:48:3:48:6 | vals |
|
||||
| main.go:48:3:48:6 | definition of vals | main.go:47:20:47:21 | vals = phi(def@46:34, def@48:3) |
|
||||
| main.go:48:3:48:6 | definition of vals | main.go:46:34:46:37 | implicit read of vals |
|
||||
| main.go:48:3:48:6 | definition of vals | main.go:48:3:48:6 | vals |
|
||||
| main.go:48:3:48:11 | ... += ... | main.go:48:3:48:6 | definition of vals |
|
||||
| main.go:49:3:49:6 | definition of keys | main.go:47:20:47:21 | keys = phi(def@46:24, def@49:3) |
|
||||
| main.go:49:3:49:6 | definition of keys | main.go:46:24:46:27 | implicit read of keys |
|
||||
| main.go:49:3:49:6 | definition of keys | main.go:49:3:49:6 | keys |
|
||||
| main.go:49:3:49:11 | ... += ... | main.go:49:3:49:6 | definition of keys |
|
||||
| main.go:55:6:55:7 | definition of ch | main.go:56:2:56:3 | ch |
|
||||
| main.go:55:6:55:7 | definition of ch | main.go:57:4:57:5 | ch |
|
||||
| main.go:55:6:55:7 | zero value for ch | main.go:55:6:55:7 | definition of ch |
|
||||
| main.go:56:2:56:3 | ch | main.go:57:4:57:5 | ch |
|
||||
| main.go:61:2:61:2 | definition of x | main.go:64:11:64:11 | x |
|
||||
| main.go:61:2:61:2 | definition of x | main.go:65:11:65:11 | x |
|
||||
| main.go:61:7:61:7 | 1 | main.go:61:2:61:2 | definition of x |
|
||||
| main.go:62:2:62:2 | definition of y | main.go:64:14:64:14 | y |
|
||||
| main.go:62:2:62:2 | definition of y | main.go:65:14:65:14 | y |
|
||||
| main.go:62:7:62:7 | 2 | main.go:62:2:62:2 | definition of y |
|
||||
| main.go:63:2:63:2 | definition of z | main.go:64:17:64:17 | z |
|
||||
| main.go:63:2:63:2 | definition of z | main.go:65:17:65:17 | z |
|
||||
| main.go:63:7:63:7 | 3 | main.go:63:2:63:2 | definition of z |
|
||||
| main.go:64:2:64:2 | definition of a | main.go:66:9:66:9 | a |
|
||||
| main.go:64:7:64:18 | call to min | main.go:64:2:64:2 | definition of a |
|
||||
| main.go:64:11:64:11 | x | main.go:64:7:64:18 | call to min |
|
||||
| main.go:64:11:64:11 | x | main.go:65:11:65:11 | x |
|
||||
| main.go:64:14:64:14 | y | main.go:64:7:64:18 | call to min |
|
||||
| main.go:64:14:64:14 | y | main.go:65:14:65:14 | y |
|
||||
| main.go:64:17:64:17 | z | main.go:64:7:64:18 | call to min |
|
||||
| main.go:64:17:64:17 | z | main.go:65:17:65:17 | z |
|
||||
| main.go:65:2:65:2 | definition of b | main.go:66:12:66:12 | b |
|
||||
| main.go:65:7:65:18 | call to max | main.go:65:2:65:2 | definition of b |
|
||||
| main.go:65:11:65:11 | x | main.go:65:7:65:18 | call to max |
|
||||
@@ -135,62 +136,60 @@
|
||||
| main.go:65:17:65:17 | z | main.go:65:7:65:18 | call to max |
|
||||
| strings.go:8:12:8:12 | argument corresponding to s | strings.go:8:12:8:12 | definition of s |
|
||||
| strings.go:8:12:8:12 | definition of s | strings.go:9:24:9:24 | s |
|
||||
| strings.go:8:12:8:12 | definition of s | strings.go:10:27:10:27 | s |
|
||||
| strings.go:9:2:9:3 | definition of s2 | strings.go:11:20:11:21 | s2 |
|
||||
| strings.go:9:2:9:3 | definition of s2 | strings.go:11:48:11:49 | s2 |
|
||||
| strings.go:9:8:9:38 | call to Replace | strings.go:9:2:9:3 | definition of s2 |
|
||||
| strings.go:9:24:9:24 | s | strings.go:10:27:10:27 | s |
|
||||
| strings.go:10:2:10:3 | definition of s3 | strings.go:11:24:11:25 | s3 |
|
||||
| strings.go:10:2:10:3 | definition of s3 | strings.go:11:67:11:68 | s3 |
|
||||
| strings.go:10:8:10:42 | call to ReplaceAll | strings.go:10:2:10:3 | definition of s3 |
|
||||
| strings.go:11:20:11:21 | s2 | strings.go:11:48:11:49 | s2 |
|
||||
| strings.go:11:24:11:25 | s3 | strings.go:11:67:11:68 | s3 |
|
||||
| url.go:8:12:8:12 | argument corresponding to b | url.go:8:12:8:12 | definition of b |
|
||||
| url.go:8:12:8:12 | definition of b | url.go:11:5:11:5 | b |
|
||||
| url.go:8:20:8:20 | argument corresponding to s | url.go:8:20:8:20 | definition of s |
|
||||
| url.go:8:20:8:20 | definition of s | url.go:12:46:12:46 | s |
|
||||
| url.go:8:20:8:20 | definition of s | url.go:14:48:14:48 | s |
|
||||
| url.go:12:3:12:5 | definition of res | url.go:16:5:16:7 | res = phi(def@12:3, def@14:3) |
|
||||
| url.go:12:3:12:5 | definition of res | url.go:19:9:19:11 | res |
|
||||
| url.go:12:3:12:48 | ... = ...[0] | url.go:12:3:12:5 | definition of res |
|
||||
| url.go:12:3:12:48 | ... = ...[1] | url.go:12:8:12:10 | definition of err |
|
||||
| url.go:12:8:12:10 | definition of err | url.go:16:5:16:7 | err = phi(def@12:8, def@14:8) |
|
||||
| url.go:14:3:14:5 | definition of res | url.go:16:5:16:7 | res = phi(def@12:3, def@14:3) |
|
||||
| url.go:12:8:12:10 | definition of err | url.go:16:5:16:7 | err |
|
||||
| url.go:14:3:14:5 | definition of res | url.go:19:9:19:11 | res |
|
||||
| url.go:14:3:14:50 | ... = ...[0] | url.go:14:3:14:5 | definition of res |
|
||||
| url.go:14:3:14:50 | ... = ...[1] | url.go:14:8:14:10 | definition of err |
|
||||
| url.go:14:8:14:10 | definition of err | url.go:16:5:16:7 | err = phi(def@12:8, def@14:8) |
|
||||
| url.go:16:5:16:7 | err = phi(def@12:8, def@14:8) | url.go:16:5:16:7 | err |
|
||||
| url.go:16:5:16:7 | res = phi(def@12:3, def@14:3) | url.go:19:9:19:11 | res |
|
||||
| url.go:14:8:14:10 | definition of err | url.go:16:5:16:7 | err |
|
||||
| url.go:22:12:22:12 | argument corresponding to i | url.go:22:12:22:12 | definition of i |
|
||||
| url.go:22:12:22:12 | definition of i | url.go:24:5:24:5 | i |
|
||||
| url.go:22:19:22:19 | argument corresponding to s | url.go:22:19:22:19 | definition of s |
|
||||
| url.go:22:19:22:19 | definition of s | url.go:23:20:23:20 | s |
|
||||
| url.go:22:19:22:19 | definition of s | url.go:27:29:27:29 | s |
|
||||
| url.go:23:2:23:2 | definition of u | url.go:25:10:25:10 | u |
|
||||
| url.go:23:2:23:21 | ... := ...[0] | url.go:23:2:23:2 | definition of u |
|
||||
| url.go:23:20:23:20 | s | url.go:27:29:27:29 | s |
|
||||
| url.go:27:2:27:2 | definition of u | url.go:28:14:28:14 | u |
|
||||
| url.go:27:2:27:2 | definition of u | url.go:29:14:29:14 | u |
|
||||
| url.go:27:2:27:2 | definition of u | url.go:30:11:30:11 | u |
|
||||
| url.go:27:2:27:2 | definition of u | url.go:32:9:32:9 | u |
|
||||
| url.go:27:2:27:30 | ... = ...[0] | url.go:27:2:27:2 | definition of u |
|
||||
| url.go:28:14:28:14 | u | url.go:29:14:29:14 | u |
|
||||
| url.go:29:14:29:14 | u | url.go:30:11:30:11 | u |
|
||||
| url.go:30:2:30:3 | definition of bs | url.go:31:14:31:15 | bs |
|
||||
| url.go:30:2:30:27 | ... := ...[0] | url.go:30:2:30:3 | definition of bs |
|
||||
| url.go:30:11:30:11 | u | url.go:32:9:32:9 | u |
|
||||
| url.go:32:2:32:2 | definition of u | url.go:33:14:33:14 | u |
|
||||
| url.go:32:2:32:2 | definition of u | url.go:34:14:34:14 | u |
|
||||
| url.go:32:2:32:2 | definition of u | url.go:35:14:35:14 | u |
|
||||
| url.go:32:2:32:2 | definition of u | url.go:36:6:36:6 | u |
|
||||
| url.go:32:2:32:2 | definition of u | url.go:36:25:36:25 | u |
|
||||
| url.go:32:2:32:23 | ... = ...[0] | url.go:32:2:32:2 | definition of u |
|
||||
| url.go:33:14:33:14 | u | url.go:34:14:34:14 | u |
|
||||
| url.go:34:14:34:14 | u | url.go:35:14:35:14 | u |
|
||||
| url.go:35:14:35:14 | u | url.go:36:6:36:6 | u |
|
||||
| url.go:36:2:36:2 | definition of u | url.go:37:9:37:9 | u |
|
||||
| url.go:36:6:36:6 | u | url.go:36:25:36:25 | u |
|
||||
| url.go:36:6:36:26 | call to ResolveReference | url.go:36:2:36:2 | definition of u |
|
||||
| url.go:42:2:42:3 | definition of ui | url.go:43:11:43:12 | ui |
|
||||
| url.go:42:2:42:3 | definition of ui | url.go:45:14:45:15 | ui |
|
||||
| url.go:42:2:42:3 | definition of ui | url.go:46:9:46:10 | ui |
|
||||
| url.go:42:7:42:38 | call to UserPassword | url.go:42:2:42:3 | definition of ui |
|
||||
| url.go:43:2:43:3 | definition of pw | url.go:44:14:44:15 | pw |
|
||||
| url.go:43:2:43:23 | ... := ...[0] | url.go:43:2:43:3 | definition of pw |
|
||||
| url.go:43:11:43:12 | ui | url.go:45:14:45:15 | ui |
|
||||
| url.go:45:14:45:15 | ui | url.go:46:9:46:10 | ui |
|
||||
| url.go:49:12:49:12 | argument corresponding to q | url.go:49:12:49:12 | definition of q |
|
||||
| url.go:49:12:49:12 | definition of q | url.go:50:25:50:25 | q |
|
||||
| url.go:50:2:50:2 | definition of v | url.go:51:14:51:14 | v |
|
||||
| url.go:50:2:50:2 | definition of v | url.go:52:14:52:14 | v |
|
||||
| url.go:50:2:50:2 | definition of v | url.go:53:9:53:9 | v |
|
||||
| url.go:50:2:50:26 | ... := ...[0] | url.go:50:2:50:2 | definition of v |
|
||||
| url.go:51:14:51:14 | v | url.go:52:14:52:14 | v |
|
||||
| url.go:52:14:52:14 | v | url.go:53:9:53:9 | v |
|
||||
| url.go:56:12:56:12 | argument corresponding to q | url.go:56:12:56:12 | definition of q |
|
||||
| url.go:56:12:56:12 | definition of q | url.go:57:29:57:29 | q |
|
||||
| url.go:57:2:57:8 | definition of joined1 | url.go:58:38:58:44 | joined1 |
|
||||
|
||||
@@ -1,14 +1,14 @@
|
||||
#select
|
||||
| test.go:173:20:173:24 | param | test.go:172:11:172:32 | call to Param | test.go:173:20:173:24 | param | This path to an untrusted URL redirection depends on a $@. | test.go:172:11:172:32 | call to Param | user-provided value |
|
||||
| test.go:182:20:182:28 | ...+... | test.go:178:11:178:32 | call to Param | test.go:182:20:182:28 | ...+... | This path to an untrusted URL redirection depends on a $@. | test.go:178:11:178:32 | call to Param | user-provided value |
|
||||
| test.go:185:20:185:29 | ...+... | test.go:178:11:178:32 | call to Param | test.go:185:20:185:29 | ...+... | This path to an untrusted URL redirection depends on a $@. | test.go:178:11:178:32 | call to Param | user-provided value |
|
||||
edges
|
||||
| test.go:172:11:172:32 | call to Param | test.go:173:20:173:24 | param | provenance | Src:MaD:2 Sink:MaD:1 |
|
||||
| test.go:178:11:178:32 | call to Param | test.go:182:24:182:28 | param | provenance | Src:MaD:2 |
|
||||
| test.go:182:24:182:28 | param | test.go:182:20:182:28 | ...+... | provenance | Config Sink:MaD:1 |
|
||||
| test.go:190:9:190:26 | star expression | test.go:190:10:190:26 | selection of URL | provenance | Config |
|
||||
| test.go:190:9:190:26 | star expression | test.go:193:21:193:23 | url | provenance | |
|
||||
| test.go:190:10:190:26 | selection of URL | test.go:190:9:190:26 | star expression | provenance | Src:MaD:3 Config |
|
||||
| test.go:193:21:193:23 | url | test.go:193:21:193:32 | call to String | provenance | Config Sink:MaD:1 |
|
||||
| test.go:178:11:178:32 | call to Param | test.go:185:24:185:29 | param2 | provenance | Src:MaD:2 |
|
||||
| test.go:185:24:185:29 | param2 | test.go:185:20:185:29 | ...+... | provenance | Config Sink:MaD:1 |
|
||||
| test.go:193:9:193:26 | star expression | test.go:193:10:193:26 | selection of URL | provenance | Config |
|
||||
| test.go:193:9:193:26 | star expression | test.go:196:21:196:23 | url | provenance | |
|
||||
| test.go:193:10:193:26 | selection of URL | test.go:193:9:193:26 | star expression | provenance | Src:MaD:3 Config |
|
||||
| test.go:196:21:196:23 | url | test.go:196:21:196:32 | call to String | provenance | Config Sink:MaD:1 |
|
||||
models
|
||||
| 1 | Sink: github.com/labstack/echo; Context; true; Redirect; ; ; Argument[1]; url-redirection; manual |
|
||||
| 2 | Source: github.com/labstack/echo; Context; true; Param; ; ; ReturnValue[0]; remote; manual |
|
||||
@@ -17,10 +17,10 @@ nodes
|
||||
| test.go:172:11:172:32 | call to Param | semmle.label | call to Param |
|
||||
| test.go:173:20:173:24 | param | semmle.label | param |
|
||||
| test.go:178:11:178:32 | call to Param | semmle.label | call to Param |
|
||||
| test.go:182:20:182:28 | ...+... | semmle.label | ...+... |
|
||||
| test.go:182:24:182:28 | param | semmle.label | param |
|
||||
| test.go:190:9:190:26 | star expression | semmle.label | star expression |
|
||||
| test.go:190:10:190:26 | selection of URL | semmle.label | selection of URL |
|
||||
| test.go:193:21:193:23 | url | semmle.label | url |
|
||||
| test.go:193:21:193:32 | call to String | semmle.label | call to String |
|
||||
| test.go:185:20:185:29 | ...+... | semmle.label | ...+... |
|
||||
| test.go:185:24:185:29 | param2 | semmle.label | param2 |
|
||||
| test.go:193:9:193:26 | star expression | semmle.label | star expression |
|
||||
| test.go:193:10:193:26 | selection of URL | semmle.label | selection of URL |
|
||||
| test.go:196:21:196:23 | url | semmle.label | url |
|
||||
| test.go:196:21:196:32 | call to String | semmle.label | call to String |
|
||||
subpaths
|
||||
|
||||
@@ -176,12 +176,15 @@ func testRedirect(ctx echo.Context) error {
|
||||
|
||||
func testLocalRedirects(ctx echo.Context) error {
|
||||
param := ctx.Param("someParam")
|
||||
param2 := param
|
||||
param3 := param
|
||||
// Gratuitious copy because sanitization of uses propagates to subsequent uses
|
||||
// GOOD: local redirects are unproblematic
|
||||
ctx.Redirect(301, "/local"+param)
|
||||
// BAD: this could be a non-local redirect
|
||||
ctx.Redirect(301, "/"+param)
|
||||
ctx.Redirect(301, "/"+param2)
|
||||
// GOOD: localhost redirects are unproblematic
|
||||
ctx.Redirect(301, "//localhost/"+param)
|
||||
ctx.Redirect(301, "//localhost/"+param3)
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
@@ -1,97 +1,235 @@
|
||||
#select
|
||||
| klog.go:23:15:23:20 | header | klog.go:21:30:21:37 | selection of Header | klog.go:23:15:23:20 | header | $@ flows to a logging call. | klog.go:21:30:21:37 | selection of Header | Sensitive data returned by HTTP request headers |
|
||||
| klog.go:29:13:29:41 | call to Get | klog.go:29:13:29:20 | selection of Header | klog.go:29:13:29:41 | call to Get | $@ flows to a logging call. | klog.go:29:13:29:20 | selection of Header | Sensitive data returned by HTTP request headers |
|
||||
| main.go:16:12:16:19 | password | main.go:16:12:16:19 | password | main.go:16:12:16:19 | password | $@ flows to a logging call. | main.go:16:12:16:19 | password | Sensitive data returned by an access to password |
|
||||
| main.go:17:19:17:26 | password | main.go:17:19:17:26 | password | main.go:17:19:17:26 | password | $@ flows to a logging call. | main.go:17:19:17:26 | password | Sensitive data returned by an access to password |
|
||||
| main.go:18:13:18:20 | password | main.go:18:13:18:20 | password | main.go:18:13:18:20 | password | $@ flows to a logging call. | main.go:18:13:18:20 | password | Sensitive data returned by an access to password |
|
||||
| main.go:19:14:19:21 | password | main.go:19:14:19:21 | password | main.go:19:14:19:21 | password | $@ flows to a logging call. | main.go:19:14:19:21 | password | Sensitive data returned by an access to password |
|
||||
| main.go:20:12:20:19 | password | main.go:20:12:20:19 | password | main.go:20:12:20:19 | password | $@ flows to a logging call. | main.go:20:12:20:19 | password | Sensitive data returned by an access to password |
|
||||
| main.go:21:19:21:26 | password | main.go:21:19:21:26 | password | main.go:21:19:21:26 | password | $@ flows to a logging call. | main.go:21:19:21:26 | password | Sensitive data returned by an access to password |
|
||||
| main.go:22:13:22:20 | password | main.go:22:13:22:20 | password | main.go:22:13:22:20 | password | $@ flows to a logging call. | main.go:22:13:22:20 | password | Sensitive data returned by an access to password |
|
||||
| main.go:23:14:23:21 | password | main.go:23:14:23:21 | password | main.go:23:14:23:21 | password | $@ flows to a logging call. | main.go:23:14:23:21 | password | Sensitive data returned by an access to password |
|
||||
| main.go:24:12:24:19 | password | main.go:24:12:24:19 | password | main.go:24:12:24:19 | password | $@ flows to a logging call. | main.go:24:12:24:19 | password | Sensitive data returned by an access to password |
|
||||
| main.go:25:19:25:26 | password | main.go:25:19:25:26 | password | main.go:25:19:25:26 | password | $@ flows to a logging call. | main.go:25:19:25:26 | password | Sensitive data returned by an access to password |
|
||||
| main.go:26:13:26:20 | password | main.go:26:13:26:20 | password | main.go:26:13:26:20 | password | $@ flows to a logging call. | main.go:26:13:26:20 | password | Sensitive data returned by an access to password |
|
||||
| main.go:27:14:27:21 | password | main.go:27:14:27:21 | password | main.go:27:14:27:21 | password | $@ flows to a logging call. | main.go:27:14:27:21 | password | Sensitive data returned by an access to password |
|
||||
| main.go:28:16:28:23 | password | main.go:28:16:28:23 | password | main.go:28:16:28:23 | password | $@ flows to a logging call. | main.go:28:16:28:23 | password | Sensitive data returned by an access to password |
|
||||
| main.go:32:10:32:17 | password | main.go:32:10:32:17 | password | main.go:32:10:32:17 | password | $@ flows to a logging call. | main.go:32:10:32:17 | password | Sensitive data returned by an access to password |
|
||||
| main.go:33:17:33:24 | password | main.go:33:17:33:24 | password | main.go:33:17:33:24 | password | $@ flows to a logging call. | main.go:33:17:33:24 | password | Sensitive data returned by an access to password |
|
||||
| main.go:34:11:34:18 | password | main.go:34:11:34:18 | password | main.go:34:11:34:18 | password | $@ flows to a logging call. | main.go:34:11:34:18 | password | Sensitive data returned by an access to password |
|
||||
| main.go:35:12:35:19 | password | main.go:35:12:35:19 | password | main.go:35:12:35:19 | password | $@ flows to a logging call. | main.go:35:12:35:19 | password | Sensitive data returned by an access to password |
|
||||
| main.go:36:10:36:17 | password | main.go:36:10:36:17 | password | main.go:36:10:36:17 | password | $@ flows to a logging call. | main.go:36:10:36:17 | password | Sensitive data returned by an access to password |
|
||||
| main.go:37:17:37:24 | password | main.go:37:17:37:24 | password | main.go:37:17:37:24 | password | $@ flows to a logging call. | main.go:37:17:37:24 | password | Sensitive data returned by an access to password |
|
||||
| main.go:38:11:38:18 | password | main.go:38:11:38:18 | password | main.go:38:11:38:18 | password | $@ flows to a logging call. | main.go:38:11:38:18 | password | Sensitive data returned by an access to password |
|
||||
| main.go:39:12:39:19 | password | main.go:39:12:39:19 | password | main.go:39:12:39:19 | password | $@ flows to a logging call. | main.go:39:12:39:19 | password | Sensitive data returned by an access to password |
|
||||
| main.go:40:10:40:17 | password | main.go:40:10:40:17 | password | main.go:40:10:40:17 | password | $@ flows to a logging call. | main.go:40:10:40:17 | password | Sensitive data returned by an access to password |
|
||||
| main.go:41:17:41:24 | password | main.go:41:17:41:24 | password | main.go:41:17:41:24 | password | $@ flows to a logging call. | main.go:41:17:41:24 | password | Sensitive data returned by an access to password |
|
||||
| main.go:42:11:42:18 | password | main.go:42:11:42:18 | password | main.go:42:11:42:18 | password | $@ flows to a logging call. | main.go:42:11:42:18 | password | Sensitive data returned by an access to password |
|
||||
| main.go:43:12:43:19 | password | main.go:43:12:43:19 | password | main.go:43:12:43:19 | password | $@ flows to a logging call. | main.go:43:12:43:19 | password | Sensitive data returned by an access to password |
|
||||
| main.go:44:14:44:21 | password | main.go:44:14:44:21 | password | main.go:44:14:44:21 | password | $@ flows to a logging call. | main.go:44:14:44:21 | password | Sensitive data returned by an access to password |
|
||||
| main.go:47:12:47:19 | password | main.go:47:12:47:19 | password | main.go:47:12:47:19 | password | $@ flows to a logging call. | main.go:47:12:47:19 | password | Sensitive data returned by an access to password |
|
||||
| main.go:48:17:48:24 | password | main.go:48:17:48:24 | password | main.go:48:17:48:24 | password | $@ flows to a logging call. | main.go:48:17:48:24 | password | Sensitive data returned by an access to password |
|
||||
| main.go:55:35:55:42 | password | main.go:55:35:55:42 | password | main.go:55:35:55:42 | password | $@ flows to a logging call. | main.go:55:35:55:42 | password | Sensitive data returned by an access to password |
|
||||
| overrides.go:13:14:13:23 | call to String | overrides.go:9:9:9:16 | password | overrides.go:13:14:13:23 | call to String | $@ flows to a logging call. | overrides.go:9:9:9:16 | password | Sensitive data returned by an access to password |
|
||||
| passwords.go:9:14:9:14 | x | passwords.go:30:8:30:15 | password | passwords.go:9:14:9:14 | x | $@ flows to a logging call. | passwords.go:30:8:30:15 | password | Sensitive data returned by an access to password |
|
||||
| passwords.go:25:14:25:21 | password | passwords.go:25:14:25:21 | password | passwords.go:25:14:25:21 | password | $@ flows to a logging call. | passwords.go:25:14:25:21 | password | Sensitive data returned by an access to password |
|
||||
| main.go:19:12:19:19 | password | main.go:17:2:17:9 | definition of password | main.go:19:12:19:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:20:19:20:26 | password | main.go:17:2:17:9 | definition of password | main.go:20:19:20:26 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:21:13:21:20 | password | main.go:17:2:17:9 | definition of password | main.go:21:13:21:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:22:14:22:21 | password | main.go:17:2:17:9 | definition of password | main.go:22:14:22:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:24:13:24:20 | password | main.go:17:2:17:9 | definition of password | main.go:24:13:24:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:27:20:27:27 | password | main.go:17:2:17:9 | definition of password | main.go:27:20:27:27 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:30:14:30:21 | password | main.go:17:2:17:9 | definition of password | main.go:30:14:30:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:33:15:33:22 | password | main.go:17:2:17:9 | definition of password | main.go:33:15:33:22 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:36:13:36:20 | password | main.go:17:2:17:9 | definition of password | main.go:36:13:36:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:39:20:39:27 | password | main.go:17:2:17:9 | definition of password | main.go:39:20:39:27 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:42:14:42:21 | password | main.go:17:2:17:9 | definition of password | main.go:42:14:42:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:45:15:45:22 | password | main.go:17:2:17:9 | definition of password | main.go:45:15:45:22 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:47:16:47:23 | password | main.go:17:2:17:9 | definition of password | main.go:47:16:47:23 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:51:10:51:17 | password | main.go:17:2:17:9 | definition of password | main.go:51:10:51:17 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:52:17:52:24 | password | main.go:17:2:17:9 | definition of password | main.go:52:17:52:24 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:53:11:53:18 | password | main.go:17:2:17:9 | definition of password | main.go:53:11:53:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:54:12:54:19 | password | main.go:17:2:17:9 | definition of password | main.go:54:12:54:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:56:11:56:18 | password | main.go:17:2:17:9 | definition of password | main.go:56:11:56:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:59:18:59:25 | password | main.go:17:2:17:9 | definition of password | main.go:59:18:59:25 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:62:12:62:19 | password | main.go:17:2:17:9 | definition of password | main.go:62:12:62:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:65:13:65:20 | password | main.go:17:2:17:9 | definition of password | main.go:65:13:65:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:68:11:68:18 | password | main.go:17:2:17:9 | definition of password | main.go:68:11:68:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:71:18:71:25 | password | main.go:17:2:17:9 | definition of password | main.go:71:18:71:25 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:74:12:74:19 | password | main.go:17:2:17:9 | definition of password | main.go:74:12:74:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:77:13:77:20 | password | main.go:17:2:17:9 | definition of password | main.go:77:13:77:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:79:14:79:21 | password | main.go:17:2:17:9 | definition of password | main.go:79:14:79:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:82:12:82:19 | password | main.go:17:2:17:9 | definition of password | main.go:82:12:82:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:83:17:83:24 | password | main.go:17:2:17:9 | definition of password | main.go:83:17:83:24 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:87:29:87:34 | fields | main.go:17:2:17:9 | definition of password | main.go:87:29:87:34 | fields | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| main.go:90:35:90:42 | password | main.go:17:2:17:9 | definition of password | main.go:90:35:90:42 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| overrides.go:13:14:13:23 | call to String | overrides.go:8:2:8:9 | definition of password | overrides.go:13:14:13:23 | call to String | $@ flows to a logging call. | overrides.go:8:2:8:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| passwords.go:9:14:9:14 | x | passwords.go:21:2:21:9 | definition of password | passwords.go:9:14:9:14 | x | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| passwords.go:25:14:25:21 | password | passwords.go:21:2:21:9 | definition of password | passwords.go:25:14:25:21 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | $@ flows to a logging call. | passwords.go:26:14:26:23 | selection of password | Sensitive data returned by an access to password |
|
||||
| passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | $@ flows to a logging call. | passwords.go:27:14:27:26 | call to getPassword | Sensitive data returned by a call to getPassword |
|
||||
| passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | $@ flows to a logging call. | passwords.go:28:14:28:28 | call to getPassword | Sensitive data returned by a call to getPassword |
|
||||
| passwords.go:32:12:32:19 | password | passwords.go:32:12:32:19 | password | passwords.go:32:12:32:19 | password | $@ flows to a logging call. | passwords.go:32:12:32:19 | password | Sensitive data returned by an access to password |
|
||||
| passwords.go:34:14:34:35 | ...+... | passwords.go:34:28:34:35 | password | passwords.go:34:14:34:35 | ...+... | $@ flows to a logging call. | passwords.go:34:28:34:35 | password | Sensitive data returned by an access to password |
|
||||
| passwords.go:32:12:32:19 | password | passwords.go:21:2:21:9 | definition of password | passwords.go:32:12:32:19 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| passwords.go:34:14:34:35 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:34:14:34:35 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| passwords.go:39:14:39:17 | obj1 | passwords.go:37:13:37:13 | x | passwords.go:39:14:39:17 | obj1 | $@ flows to a logging call. | passwords.go:37:13:37:13 | x | Sensitive data returned by an access to password |
|
||||
| passwords.go:44:14:44:17 | obj2 | passwords.go:42:6:42:13 | password | passwords.go:44:14:44:17 | obj2 | $@ flows to a logging call. | passwords.go:42:6:42:13 | password | Sensitive data returned by an access to password |
|
||||
| passwords.go:47:14:47:17 | obj3 | passwords.go:48:11:48:18 | password | passwords.go:47:14:47:17 | obj3 | $@ flows to a logging call. | passwords.go:48:11:48:18 | password | Sensitive data returned by an access to password |
|
||||
| passwords.go:51:14:51:27 | fixed_password | passwords.go:51:14:51:27 | fixed_password | passwords.go:51:14:51:27 | fixed_password | $@ flows to a logging call. | passwords.go:51:14:51:27 | fixed_password | Sensitive data returned by an access to fixed_password |
|
||||
| passwords.go:88:14:88:26 | utilityObject | passwords.go:86:16:86:36 | call to make | passwords.go:88:14:88:26 | utilityObject | $@ flows to a logging call. | passwords.go:86:16:86:36 | call to make | Sensitive data returned by an access to passwordSet |
|
||||
| passwords.go:91:23:91:28 | secret | passwords.go:90:12:90:19 | password | passwords.go:91:23:91:28 | secret | $@ flows to a logging call. | passwords.go:90:12:90:19 | password | Sensitive data returned by an access to password |
|
||||
| passwords.go:101:15:101:40 | ...+... | passwords.go:101:33:101:40 | password | passwords.go:101:15:101:40 | ...+... | $@ flows to a logging call. | passwords.go:101:33:101:40 | password | Sensitive data returned by an access to password |
|
||||
| passwords.go:107:16:107:41 | ...+... | passwords.go:107:34:107:41 | password | passwords.go:107:16:107:41 | ...+... | $@ flows to a logging call. | passwords.go:107:34:107:41 | password | Sensitive data returned by an access to password |
|
||||
| passwords.go:112:15:112:40 | ...+... | passwords.go:112:33:112:40 | password | passwords.go:112:15:112:40 | ...+... | $@ flows to a logging call. | passwords.go:112:33:112:40 | password | Sensitive data returned by an access to password |
|
||||
| passwords.go:116:14:116:45 | ...+... | passwords.go:116:28:116:36 | password1 | passwords.go:116:14:116:45 | ...+... | $@ flows to a logging call. | passwords.go:116:28:116:36 | password1 | Sensitive data returned by an access to password1 |
|
||||
| passwords.go:125:14:125:19 | config | passwords.go:119:13:119:13 | x | passwords.go:125:14:125:19 | config | $@ flows to a logging call. | passwords.go:119:13:119:13 | x | Sensitive data returned by an access to password |
|
||||
| passwords.go:125:14:125:19 | config | passwords.go:121:13:121:20 | password | passwords.go:125:14:125:19 | config | $@ flows to a logging call. | passwords.go:121:13:121:20 | password | Sensitive data returned by an access to password |
|
||||
| passwords.go:125:14:125:19 | config | passwords.go:122:13:122:25 | call to getPassword | passwords.go:125:14:125:19 | config | $@ flows to a logging call. | passwords.go:122:13:122:25 | call to getPassword | Sensitive data returned by a call to getPassword |
|
||||
| passwords.go:126:14:126:21 | selection of x | passwords.go:121:13:121:20 | password | passwords.go:126:14:126:21 | selection of x | $@ flows to a logging call. | passwords.go:121:13:121:20 | password | Sensitive data returned by an access to password |
|
||||
| passwords.go:127:14:127:21 | selection of y | passwords.go:122:13:122:25 | call to getPassword | passwords.go:127:14:127:21 | selection of y | $@ flows to a logging call. | passwords.go:122:13:122:25 | call to getPassword | Sensitive data returned by a call to getPassword |
|
||||
| protobuf.go:14:14:14:35 | call to GetDescription | protobuf.go:12:22:12:29 | password | protobuf.go:14:14:14:35 | call to GetDescription | $@ flows to a logging call. | protobuf.go:12:22:12:29 | password | Sensitive data returned by an access to password |
|
||||
| passwords.go:44:14:44:17 | obj2 | passwords.go:21:2:21:9 | definition of password | passwords.go:44:14:44:17 | obj2 | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| passwords.go:47:14:47:17 | obj3 | passwords.go:21:2:21:9 | definition of password | passwords.go:47:14:47:17 | obj3 | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| passwords.go:51:14:51:27 | fixed_password | passwords.go:50:2:50:15 | definition of fixed_password | passwords.go:51:14:51:27 | fixed_password | $@ flows to a logging call. | passwords.go:50:2:50:15 | definition of fixed_password | Sensitive data returned by an access to fixed_password |
|
||||
| passwords.go:89:14:89:26 | utilityObject | passwords.go:87:16:87:36 | call to make | passwords.go:89:14:89:26 | utilityObject | $@ flows to a logging call. | passwords.go:87:16:87:36 | call to make | Sensitive data returned by an access to passwordSet |
|
||||
| passwords.go:92:23:92:28 | secret | passwords.go:21:2:21:9 | definition of password | passwords.go:92:23:92:28 | secret | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| passwords.go:102:15:102:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:102:15:102:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| passwords.go:108:16:108:41 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:108:16:108:41 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| passwords.go:113:15:113:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:113:15:113:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| passwords.go:117:14:117:45 | ...+... | passwords.go:116:6:116:14 | definition of password1 | passwords.go:117:14:117:45 | ...+... | $@ flows to a logging call. | passwords.go:116:6:116:14 | definition of password1 | Sensitive data returned by an access to password1 |
|
||||
| passwords.go:127:14:127:19 | config | passwords.go:21:2:21:9 | definition of password | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| passwords.go:127:14:127:19 | config | passwords.go:121:13:121:14 | x3 | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:121:13:121:14 | x3 | Sensitive data returned by an access to password |
|
||||
| passwords.go:127:14:127:19 | config | passwords.go:124:13:124:25 | call to getPassword | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:124:13:124:25 | call to getPassword | Sensitive data returned by a call to getPassword |
|
||||
| passwords.go:128:14:128:21 | selection of x | passwords.go:21:2:21:9 | definition of password | passwords.go:128:14:128:21 | selection of x | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
||||
| passwords.go:129:14:129:21 | selection of y | passwords.go:124:13:124:25 | call to getPassword | passwords.go:129:14:129:21 | selection of y | $@ flows to a logging call. | passwords.go:124:13:124:25 | call to getPassword | Sensitive data returned by a call to getPassword |
|
||||
| protobuf.go:14:14:14:35 | call to GetDescription | protobuf.go:9:2:9:9 | definition of password | protobuf.go:14:14:14:35 | call to GetDescription | $@ flows to a logging call. | protobuf.go:9:2:9:9 | definition of password | Sensitive data returned by an access to password |
|
||||
edges
|
||||
| klog.go:21:3:26:3 | range statement[1] | klog.go:22:27:22:33 | headers | provenance | |
|
||||
| klog.go:21:30:21:37 | selection of Header | klog.go:21:3:26:3 | range statement[1] | provenance | Src:MaD:1 Config |
|
||||
| klog.go:21:30:21:37 | selection of Header | klog.go:21:3:26:3 | range statement[1] | provenance | Src:MaD:11 Config |
|
||||
| klog.go:22:4:25:4 | range statement[1] | klog.go:23:15:23:20 | header | provenance | |
|
||||
| klog.go:22:27:22:33 | headers | klog.go:22:4:25:4 | range statement[1] | provenance | Config |
|
||||
| klog.go:29:13:29:20 | selection of Header | klog.go:29:13:29:41 | call to Get | provenance | Src:MaD:1 Config |
|
||||
| klog.go:29:13:29:20 | selection of Header | klog.go:29:13:29:41 | call to Get | provenance | Src:MaD:11 Config |
|
||||
| main.go:17:2:17:9 | definition of password | main.go:19:12:19:19 | password | provenance | |
|
||||
| main.go:17:2:17:9 | definition of password | main.go:20:19:20:26 | password | provenance | |
|
||||
| main.go:17:2:17:9 | definition of password | main.go:21:13:21:20 | password | provenance | Sink:MaD:6 |
|
||||
| main.go:17:2:17:9 | definition of password | main.go:22:14:22:21 | password | provenance | |
|
||||
| main.go:17:2:17:9 | definition of password | main.go:24:13:24:20 | password | provenance | |
|
||||
| main.go:17:2:17:9 | definition of password | main.go:27:20:27:27 | password | provenance | |
|
||||
| main.go:17:2:17:9 | definition of password | main.go:30:14:30:21 | password | provenance | Sink:MaD:3 |
|
||||
| main.go:17:2:17:9 | definition of password | main.go:33:15:33:22 | password | provenance | |
|
||||
| main.go:17:2:17:9 | definition of password | main.go:36:13:36:20 | password | provenance | |
|
||||
| main.go:17:2:17:9 | definition of password | main.go:39:20:39:27 | password | provenance | |
|
||||
| main.go:17:2:17:9 | definition of password | main.go:42:14:42:21 | password | provenance | Sink:MaD:5 |
|
||||
| main.go:17:2:17:9 | definition of password | main.go:45:15:45:22 | password | provenance | |
|
||||
| main.go:17:2:17:9 | definition of password | main.go:47:16:47:23 | password | provenance | Sink:MaD:4 |
|
||||
| main.go:17:2:17:9 | definition of password | main.go:51:10:51:17 | password | provenance | |
|
||||
| main.go:17:2:17:9 | definition of password | main.go:51:10:51:17 | password | provenance | |
|
||||
| main.go:51:10:51:17 | password | main.go:52:17:52:24 | password | provenance | |
|
||||
| main.go:51:10:51:17 | password | main.go:52:17:52:24 | password | provenance | |
|
||||
| main.go:52:17:52:24 | password | main.go:53:11:53:18 | password | provenance | |
|
||||
| main.go:52:17:52:24 | password | main.go:53:11:53:18 | password | provenance | Sink:MaD:10 |
|
||||
| main.go:53:11:53:18 | password | main.go:54:12:54:19 | password | provenance | |
|
||||
| main.go:53:11:53:18 | password | main.go:54:12:54:19 | password | provenance | |
|
||||
| main.go:54:12:54:19 | password | main.go:56:11:56:18 | password | provenance | |
|
||||
| main.go:54:12:54:19 | password | main.go:56:11:56:18 | password | provenance | |
|
||||
| main.go:54:12:54:19 | password | main.go:59:18:59:25 | password | provenance | |
|
||||
| main.go:54:12:54:19 | password | main.go:59:18:59:25 | password | provenance | |
|
||||
| main.go:54:12:54:19 | password | main.go:62:12:62:19 | password | provenance | |
|
||||
| main.go:54:12:54:19 | password | main.go:62:12:62:19 | password | provenance | Sink:MaD:7 |
|
||||
| main.go:54:12:54:19 | password | main.go:65:13:65:20 | password | provenance | |
|
||||
| main.go:54:12:54:19 | password | main.go:65:13:65:20 | password | provenance | |
|
||||
| main.go:54:12:54:19 | password | main.go:68:11:68:18 | password | provenance | |
|
||||
| main.go:54:12:54:19 | password | main.go:68:11:68:18 | password | provenance | |
|
||||
| main.go:54:12:54:19 | password | main.go:71:18:71:25 | password | provenance | |
|
||||
| main.go:54:12:54:19 | password | main.go:71:18:71:25 | password | provenance | |
|
||||
| main.go:54:12:54:19 | password | main.go:74:12:74:19 | password | provenance | |
|
||||
| main.go:54:12:54:19 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
|
||||
| main.go:54:12:54:19 | password | main.go:77:13:77:20 | password | provenance | |
|
||||
| main.go:54:12:54:19 | password | main.go:77:13:77:20 | password | provenance | |
|
||||
| main.go:54:12:54:19 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
|
||||
| main.go:54:12:54:19 | password | main.go:80:17:80:24 | password | provenance | |
|
||||
| main.go:56:11:56:18 | password | main.go:59:18:59:25 | password | provenance | |
|
||||
| main.go:56:11:56:18 | password | main.go:59:18:59:25 | password | provenance | |
|
||||
| main.go:56:11:56:18 | password | main.go:62:12:62:19 | password | provenance | |
|
||||
| main.go:56:11:56:18 | password | main.go:62:12:62:19 | password | provenance | Sink:MaD:7 |
|
||||
| main.go:56:11:56:18 | password | main.go:65:13:65:20 | password | provenance | |
|
||||
| main.go:56:11:56:18 | password | main.go:65:13:65:20 | password | provenance | |
|
||||
| main.go:56:11:56:18 | password | main.go:68:11:68:18 | password | provenance | |
|
||||
| main.go:56:11:56:18 | password | main.go:68:11:68:18 | password | provenance | |
|
||||
| main.go:56:11:56:18 | password | main.go:71:18:71:25 | password | provenance | |
|
||||
| main.go:56:11:56:18 | password | main.go:71:18:71:25 | password | provenance | |
|
||||
| main.go:56:11:56:18 | password | main.go:74:12:74:19 | password | provenance | |
|
||||
| main.go:56:11:56:18 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
|
||||
| main.go:56:11:56:18 | password | main.go:77:13:77:20 | password | provenance | |
|
||||
| main.go:56:11:56:18 | password | main.go:77:13:77:20 | password | provenance | |
|
||||
| main.go:56:11:56:18 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
|
||||
| main.go:56:11:56:18 | password | main.go:80:17:80:24 | password | provenance | |
|
||||
| main.go:59:18:59:25 | password | main.go:62:12:62:19 | password | provenance | |
|
||||
| main.go:59:18:59:25 | password | main.go:62:12:62:19 | password | provenance | Sink:MaD:7 |
|
||||
| main.go:59:18:59:25 | password | main.go:65:13:65:20 | password | provenance | |
|
||||
| main.go:59:18:59:25 | password | main.go:65:13:65:20 | password | provenance | |
|
||||
| main.go:59:18:59:25 | password | main.go:68:11:68:18 | password | provenance | |
|
||||
| main.go:59:18:59:25 | password | main.go:68:11:68:18 | password | provenance | |
|
||||
| main.go:59:18:59:25 | password | main.go:71:18:71:25 | password | provenance | |
|
||||
| main.go:59:18:59:25 | password | main.go:71:18:71:25 | password | provenance | |
|
||||
| main.go:59:18:59:25 | password | main.go:74:12:74:19 | password | provenance | |
|
||||
| main.go:59:18:59:25 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
|
||||
| main.go:59:18:59:25 | password | main.go:77:13:77:20 | password | provenance | |
|
||||
| main.go:59:18:59:25 | password | main.go:77:13:77:20 | password | provenance | |
|
||||
| main.go:59:18:59:25 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
|
||||
| main.go:59:18:59:25 | password | main.go:80:17:80:24 | password | provenance | |
|
||||
| main.go:62:12:62:19 | password | main.go:65:13:65:20 | password | provenance | |
|
||||
| main.go:62:12:62:19 | password | main.go:65:13:65:20 | password | provenance | |
|
||||
| main.go:62:12:62:19 | password | main.go:68:11:68:18 | password | provenance | |
|
||||
| main.go:62:12:62:19 | password | main.go:68:11:68:18 | password | provenance | |
|
||||
| main.go:62:12:62:19 | password | main.go:71:18:71:25 | password | provenance | |
|
||||
| main.go:62:12:62:19 | password | main.go:71:18:71:25 | password | provenance | |
|
||||
| main.go:62:12:62:19 | password | main.go:74:12:74:19 | password | provenance | |
|
||||
| main.go:62:12:62:19 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
|
||||
| main.go:62:12:62:19 | password | main.go:77:13:77:20 | password | provenance | |
|
||||
| main.go:62:12:62:19 | password | main.go:77:13:77:20 | password | provenance | |
|
||||
| main.go:62:12:62:19 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
|
||||
| main.go:62:12:62:19 | password | main.go:80:17:80:24 | password | provenance | |
|
||||
| main.go:65:13:65:20 | password | main.go:68:11:68:18 | password | provenance | |
|
||||
| main.go:65:13:65:20 | password | main.go:68:11:68:18 | password | provenance | |
|
||||
| main.go:65:13:65:20 | password | main.go:71:18:71:25 | password | provenance | |
|
||||
| main.go:65:13:65:20 | password | main.go:71:18:71:25 | password | provenance | |
|
||||
| main.go:65:13:65:20 | password | main.go:74:12:74:19 | password | provenance | |
|
||||
| main.go:65:13:65:20 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
|
||||
| main.go:65:13:65:20 | password | main.go:77:13:77:20 | password | provenance | |
|
||||
| main.go:65:13:65:20 | password | main.go:77:13:77:20 | password | provenance | |
|
||||
| main.go:65:13:65:20 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
|
||||
| main.go:65:13:65:20 | password | main.go:80:17:80:24 | password | provenance | |
|
||||
| main.go:68:11:68:18 | password | main.go:71:18:71:25 | password | provenance | |
|
||||
| main.go:68:11:68:18 | password | main.go:71:18:71:25 | password | provenance | |
|
||||
| main.go:68:11:68:18 | password | main.go:74:12:74:19 | password | provenance | |
|
||||
| main.go:68:11:68:18 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
|
||||
| main.go:68:11:68:18 | password | main.go:77:13:77:20 | password | provenance | |
|
||||
| main.go:68:11:68:18 | password | main.go:77:13:77:20 | password | provenance | |
|
||||
| main.go:68:11:68:18 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
|
||||
| main.go:68:11:68:18 | password | main.go:80:17:80:24 | password | provenance | |
|
||||
| main.go:71:18:71:25 | password | main.go:74:12:74:19 | password | provenance | |
|
||||
| main.go:71:18:71:25 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
|
||||
| main.go:71:18:71:25 | password | main.go:77:13:77:20 | password | provenance | |
|
||||
| main.go:71:18:71:25 | password | main.go:77:13:77:20 | password | provenance | |
|
||||
| main.go:71:18:71:25 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
|
||||
| main.go:71:18:71:25 | password | main.go:80:17:80:24 | password | provenance | |
|
||||
| main.go:74:12:74:19 | password | main.go:77:13:77:20 | password | provenance | |
|
||||
| main.go:74:12:74:19 | password | main.go:77:13:77:20 | password | provenance | |
|
||||
| main.go:74:12:74:19 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
|
||||
| main.go:74:12:74:19 | password | main.go:80:17:80:24 | password | provenance | |
|
||||
| main.go:77:13:77:20 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
|
||||
| main.go:77:13:77:20 | password | main.go:80:17:80:24 | password | provenance | |
|
||||
| main.go:80:17:80:24 | password | main.go:82:12:82:19 | password | provenance | |
|
||||
| main.go:80:17:80:24 | password | main.go:83:17:83:24 | password | provenance | |
|
||||
| main.go:80:17:80:24 | password | main.go:86:19:86:26 | password | provenance | |
|
||||
| main.go:85:2:85:7 | definition of fields | main.go:87:29:87:34 | fields | provenance | Sink:MaD:2 |
|
||||
| main.go:86:19:86:26 | password | main.go:85:2:85:7 | definition of fields | provenance | Config |
|
||||
| main.go:86:19:86:26 | password | main.go:90:35:90:42 | password | provenance | Sink:MaD:1 |
|
||||
| overrides.go:8:2:8:9 | definition of password | overrides.go:9:9:9:16 | password | provenance | |
|
||||
| overrides.go:9:9:9:16 | password | overrides.go:13:14:13:23 | call to String | provenance | |
|
||||
| passwords.go:8:12:8:12 | definition of x | passwords.go:9:14:9:14 | x | provenance | |
|
||||
| passwords.go:21:2:21:9 | definition of password | passwords.go:25:14:25:21 | password | provenance | |
|
||||
| passwords.go:21:2:21:9 | definition of password | passwords.go:30:8:30:15 | password | provenance | |
|
||||
| passwords.go:21:2:21:9 | definition of password | passwords.go:32:12:32:19 | password | provenance | |
|
||||
| passwords.go:21:2:21:9 | definition of password | passwords.go:34:28:34:35 | password | provenance | |
|
||||
| passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | definition of x | provenance | |
|
||||
| passwords.go:34:28:34:35 | password | passwords.go:34:14:34:35 | ...+... | provenance | Config |
|
||||
| passwords.go:34:28:34:35 | password | passwords.go:42:6:42:13 | password | provenance | |
|
||||
| passwords.go:36:10:38:2 | struct literal | passwords.go:39:14:39:17 | obj1 | provenance | |
|
||||
| passwords.go:37:13:37:13 | x | passwords.go:36:10:38:2 | struct literal | provenance | Config |
|
||||
| passwords.go:41:10:43:2 | struct literal | passwords.go:44:14:44:17 | obj2 | provenance | |
|
||||
| passwords.go:42:6:42:13 | password | passwords.go:41:10:43:2 | struct literal | provenance | Config |
|
||||
| passwords.go:42:6:42:13 | password | passwords.go:48:11:48:18 | password | provenance | |
|
||||
| passwords.go:46:6:46:9 | definition of obj3 | passwords.go:47:14:47:17 | obj3 | provenance | |
|
||||
| passwords.go:48:11:48:18 | password | passwords.go:46:6:46:9 | definition of obj3 | provenance | Config |
|
||||
| passwords.go:85:19:87:2 | struct literal | passwords.go:88:14:88:26 | utilityObject | provenance | |
|
||||
| passwords.go:86:16:86:36 | call to make | passwords.go:85:19:87:2 | struct literal | provenance | Config |
|
||||
| passwords.go:90:12:90:19 | password | passwords.go:91:23:91:28 | secret | provenance | |
|
||||
| passwords.go:101:33:101:40 | password | passwords.go:101:15:101:40 | ...+... | provenance | Config |
|
||||
| passwords.go:107:34:107:41 | password | passwords.go:107:16:107:41 | ...+... | provenance | Config |
|
||||
| passwords.go:112:33:112:40 | password | passwords.go:112:15:112:40 | ...+... | provenance | Config |
|
||||
| passwords.go:116:28:116:36 | password1 | passwords.go:116:28:116:45 | call to String | provenance | Config |
|
||||
| passwords.go:116:28:116:45 | call to String | passwords.go:116:14:116:45 | ...+... | provenance | Config |
|
||||
| passwords.go:118:12:123:2 | struct literal | passwords.go:125:14:125:19 | config | provenance | |
|
||||
| passwords.go:118:12:123:2 | struct literal [x] | passwords.go:126:14:126:19 | config [x] | provenance | |
|
||||
| passwords.go:118:12:123:2 | struct literal [y] | passwords.go:127:14:127:19 | config [y] | provenance | |
|
||||
| passwords.go:119:13:119:13 | x | passwords.go:118:12:123:2 | struct literal | provenance | Config |
|
||||
| passwords.go:121:13:121:20 | password | passwords.go:118:12:123:2 | struct literal | provenance | Config |
|
||||
| passwords.go:121:13:121:20 | password | passwords.go:118:12:123:2 | struct literal [x] | provenance | |
|
||||
| passwords.go:122:13:122:25 | call to getPassword | passwords.go:118:12:123:2 | struct literal | provenance | Config |
|
||||
| passwords.go:122:13:122:25 | call to getPassword | passwords.go:118:12:123:2 | struct literal [y] | provenance | |
|
||||
| passwords.go:126:14:126:19 | config [x] | passwords.go:126:14:126:21 | selection of x | provenance | |
|
||||
| passwords.go:127:14:127:19 | config [y] | passwords.go:127:14:127:21 | selection of y | provenance | |
|
||||
| passwords.go:48:11:48:18 | password | passwords.go:92:23:92:28 | secret | provenance | |
|
||||
| passwords.go:48:11:48:18 | password | passwords.go:102:33:102:40 | password | provenance | |
|
||||
| passwords.go:48:11:48:18 | password | passwords.go:108:34:108:41 | password | provenance | |
|
||||
| passwords.go:48:11:48:18 | password | passwords.go:113:33:113:40 | password | provenance | |
|
||||
| passwords.go:48:11:48:18 | password | passwords.go:123:13:123:20 | password | provenance | |
|
||||
| passwords.go:50:2:50:15 | definition of fixed_password | passwords.go:51:14:51:27 | fixed_password | provenance | |
|
||||
| passwords.go:86:19:88:2 | struct literal | passwords.go:89:14:89:26 | utilityObject | provenance | |
|
||||
| passwords.go:87:16:87:36 | call to make | passwords.go:86:19:88:2 | struct literal | provenance | Config |
|
||||
| passwords.go:102:33:102:40 | password | passwords.go:102:15:102:40 | ...+... | provenance | Config |
|
||||
| passwords.go:102:33:102:40 | password | passwords.go:108:34:108:41 | password | provenance | |
|
||||
| passwords.go:102:33:102:40 | password | passwords.go:113:33:113:40 | password | provenance | |
|
||||
| passwords.go:102:33:102:40 | password | passwords.go:123:13:123:20 | password | provenance | |
|
||||
| passwords.go:108:34:108:41 | password | passwords.go:108:16:108:41 | ...+... | provenance | Config |
|
||||
| passwords.go:108:34:108:41 | password | passwords.go:113:33:113:40 | password | provenance | |
|
||||
| passwords.go:108:34:108:41 | password | passwords.go:123:13:123:20 | password | provenance | |
|
||||
| passwords.go:113:33:113:40 | password | passwords.go:113:15:113:40 | ...+... | provenance | Config |
|
||||
| passwords.go:113:33:113:40 | password | passwords.go:123:13:123:20 | password | provenance | |
|
||||
| passwords.go:116:6:116:14 | definition of password1 | passwords.go:117:28:117:36 | password1 | provenance | |
|
||||
| passwords.go:117:28:117:36 | password1 | passwords.go:117:28:117:45 | call to String | provenance | Config |
|
||||
| passwords.go:117:28:117:45 | call to String | passwords.go:117:14:117:45 | ...+... | provenance | Config |
|
||||
| passwords.go:120:12:125:2 | struct literal | passwords.go:127:14:127:19 | config | provenance | |
|
||||
| passwords.go:120:12:125:2 | struct literal [x] | passwords.go:128:14:128:19 | config [x] | provenance | |
|
||||
| passwords.go:120:12:125:2 | struct literal [y] | passwords.go:129:14:129:19 | config [y] | provenance | |
|
||||
| passwords.go:121:13:121:14 | x3 | passwords.go:120:12:125:2 | struct literal | provenance | Config |
|
||||
| passwords.go:123:13:123:20 | password | passwords.go:120:12:125:2 | struct literal | provenance | Config |
|
||||
| passwords.go:123:13:123:20 | password | passwords.go:120:12:125:2 | struct literal [x] | provenance | |
|
||||
| passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal | provenance | Config |
|
||||
| passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal [y] | provenance | |
|
||||
| passwords.go:128:14:128:19 | config [x] | passwords.go:128:14:128:21 | selection of x | provenance | |
|
||||
| passwords.go:129:14:129:19 | config [y] | passwords.go:129:14:129:21 | selection of y | provenance | |
|
||||
| protobuf.go:9:2:9:9 | definition of password | protobuf.go:12:22:12:29 | password | provenance | |
|
||||
| protobuf.go:11:2:11:6 | definition of query [pointer, Description] | protobuf.go:12:2:12:6 | query [pointer, Description] | provenance | |
|
||||
| protobuf.go:11:2:11:6 | definition of query [pointer, Description] | protobuf.go:14:14:14:18 | query [pointer, Description] | provenance | |
|
||||
| protobuf.go:12:2:12:6 | implicit dereference [Description] | protobuf.go:11:2:11:6 | definition of query [pointer, Description] | provenance | |
|
||||
| protobuf.go:12:2:12:6 | query [pointer, Description] | protobuf.go:12:2:12:6 | implicit dereference [Description] | provenance | |
|
||||
| protobuf.go:12:2:12:6 | query [pointer, Description] | protobuf.go:14:14:14:18 | query [pointer, Description] | provenance | |
|
||||
| protobuf.go:12:22:12:29 | password | protobuf.go:12:2:12:6 | implicit dereference [Description] | provenance | |
|
||||
| protobuf.go:14:14:14:18 | query [pointer, Description] | protobuf.go:14:14:14:35 | call to GetDescription | provenance | |
|
||||
| protobuf.go:14:14:14:18 | query [pointer, Description] | protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] | provenance | |
|
||||
@@ -99,7 +237,17 @@ edges
|
||||
| protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] | protos/query/query.pb.go:119:10:119:22 | selection of Description | provenance | |
|
||||
| protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] | protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] | provenance | |
|
||||
models
|
||||
| 1 | Source: net/http; Request; true; Header; ; ; ; remote; manual |
|
||||
| 1 | Sink: group:logrus; ; false; WithField; ; ; Argument[0..1]; log-injection; manual |
|
||||
| 2 | Sink: group:logrus; ; false; WithFields; ; ; Argument[0]; log-injection; manual |
|
||||
| 3 | Sink: log; ; false; Fatalf; ; ; Argument[0..1]; log-injection; manual |
|
||||
| 4 | Sink: log; ; false; Output; ; ; Argument[1]; log-injection; manual |
|
||||
| 5 | Sink: log; ; false; Panicf; ; ; Argument[0..1]; log-injection; manual |
|
||||
| 6 | Sink: log; ; false; Printf; ; ; Argument[0..1]; log-injection; manual |
|
||||
| 7 | Sink: log; Logger; true; Fatalf; ; ; Argument[0..1]; log-injection; manual |
|
||||
| 8 | Sink: log; Logger; true; Output; ; ; Argument[1]; log-injection; manual |
|
||||
| 9 | Sink: log; Logger; true; Panicf; ; ; Argument[0..1]; log-injection; manual |
|
||||
| 10 | Sink: log; Logger; true; Printf; ; ; Argument[0..1]; log-injection; manual |
|
||||
| 11 | Source: net/http; Request; true; Header; ; ; ; remote; manual |
|
||||
nodes
|
||||
| klog.go:21:3:26:3 | range statement[1] | semmle.label | range statement[1] |
|
||||
| klog.go:21:30:21:37 | selection of Header | semmle.label | selection of Header |
|
||||
@@ -108,39 +256,58 @@ nodes
|
||||
| klog.go:23:15:23:20 | header | semmle.label | header |
|
||||
| klog.go:29:13:29:20 | selection of Header | semmle.label | selection of Header |
|
||||
| klog.go:29:13:29:41 | call to Get | semmle.label | call to Get |
|
||||
| main.go:16:12:16:19 | password | semmle.label | password |
|
||||
| main.go:17:19:17:26 | password | semmle.label | password |
|
||||
| main.go:18:13:18:20 | password | semmle.label | password |
|
||||
| main.go:19:14:19:21 | password | semmle.label | password |
|
||||
| main.go:20:12:20:19 | password | semmle.label | password |
|
||||
| main.go:21:19:21:26 | password | semmle.label | password |
|
||||
| main.go:22:13:22:20 | password | semmle.label | password |
|
||||
| main.go:23:14:23:21 | password | semmle.label | password |
|
||||
| main.go:24:12:24:19 | password | semmle.label | password |
|
||||
| main.go:25:19:25:26 | password | semmle.label | password |
|
||||
| main.go:26:13:26:20 | password | semmle.label | password |
|
||||
| main.go:27:14:27:21 | password | semmle.label | password |
|
||||
| main.go:28:16:28:23 | password | semmle.label | password |
|
||||
| main.go:32:10:32:17 | password | semmle.label | password |
|
||||
| main.go:33:17:33:24 | password | semmle.label | password |
|
||||
| main.go:34:11:34:18 | password | semmle.label | password |
|
||||
| main.go:35:12:35:19 | password | semmle.label | password |
|
||||
| main.go:36:10:36:17 | password | semmle.label | password |
|
||||
| main.go:37:17:37:24 | password | semmle.label | password |
|
||||
| main.go:38:11:38:18 | password | semmle.label | password |
|
||||
| main.go:39:12:39:19 | password | semmle.label | password |
|
||||
| main.go:40:10:40:17 | password | semmle.label | password |
|
||||
| main.go:41:17:41:24 | password | semmle.label | password |
|
||||
| main.go:42:11:42:18 | password | semmle.label | password |
|
||||
| main.go:43:12:43:19 | password | semmle.label | password |
|
||||
| main.go:44:14:44:21 | password | semmle.label | password |
|
||||
| main.go:47:12:47:19 | password | semmle.label | password |
|
||||
| main.go:48:17:48:24 | password | semmle.label | password |
|
||||
| main.go:55:35:55:42 | password | semmle.label | password |
|
||||
| main.go:17:2:17:9 | definition of password | semmle.label | definition of password |
|
||||
| main.go:19:12:19:19 | password | semmle.label | password |
|
||||
| main.go:20:19:20:26 | password | semmle.label | password |
|
||||
| main.go:21:13:21:20 | password | semmle.label | password |
|
||||
| main.go:22:14:22:21 | password | semmle.label | password |
|
||||
| main.go:24:13:24:20 | password | semmle.label | password |
|
||||
| main.go:27:20:27:27 | password | semmle.label | password |
|
||||
| main.go:30:14:30:21 | password | semmle.label | password |
|
||||
| main.go:33:15:33:22 | password | semmle.label | password |
|
||||
| main.go:36:13:36:20 | password | semmle.label | password |
|
||||
| main.go:39:20:39:27 | password | semmle.label | password |
|
||||
| main.go:42:14:42:21 | password | semmle.label | password |
|
||||
| main.go:45:15:45:22 | password | semmle.label | password |
|
||||
| main.go:47:16:47:23 | password | semmle.label | password |
|
||||
| main.go:51:10:51:17 | password | semmle.label | password |
|
||||
| main.go:51:10:51:17 | password | semmle.label | password |
|
||||
| main.go:52:17:52:24 | password | semmle.label | password |
|
||||
| main.go:52:17:52:24 | password | semmle.label | password |
|
||||
| main.go:53:11:53:18 | password | semmle.label | password |
|
||||
| main.go:53:11:53:18 | password | semmle.label | password |
|
||||
| main.go:54:12:54:19 | password | semmle.label | password |
|
||||
| main.go:54:12:54:19 | password | semmle.label | password |
|
||||
| main.go:56:11:56:18 | password | semmle.label | password |
|
||||
| main.go:56:11:56:18 | password | semmle.label | password |
|
||||
| main.go:59:18:59:25 | password | semmle.label | password |
|
||||
| main.go:59:18:59:25 | password | semmle.label | password |
|
||||
| main.go:62:12:62:19 | password | semmle.label | password |
|
||||
| main.go:62:12:62:19 | password | semmle.label | password |
|
||||
| main.go:65:13:65:20 | password | semmle.label | password |
|
||||
| main.go:65:13:65:20 | password | semmle.label | password |
|
||||
| main.go:68:11:68:18 | password | semmle.label | password |
|
||||
| main.go:68:11:68:18 | password | semmle.label | password |
|
||||
| main.go:71:18:71:25 | password | semmle.label | password |
|
||||
| main.go:71:18:71:25 | password | semmle.label | password |
|
||||
| main.go:74:12:74:19 | password | semmle.label | password |
|
||||
| main.go:74:12:74:19 | password | semmle.label | password |
|
||||
| main.go:77:13:77:20 | password | semmle.label | password |
|
||||
| main.go:77:13:77:20 | password | semmle.label | password |
|
||||
| main.go:79:14:79:21 | password | semmle.label | password |
|
||||
| main.go:80:17:80:24 | password | semmle.label | password |
|
||||
| main.go:82:12:82:19 | password | semmle.label | password |
|
||||
| main.go:83:17:83:24 | password | semmle.label | password |
|
||||
| main.go:85:2:85:7 | definition of fields | semmle.label | definition of fields |
|
||||
| main.go:86:19:86:26 | password | semmle.label | password |
|
||||
| main.go:87:29:87:34 | fields | semmle.label | fields |
|
||||
| main.go:90:35:90:42 | password | semmle.label | password |
|
||||
| overrides.go:8:2:8:9 | definition of password | semmle.label | definition of password |
|
||||
| overrides.go:9:9:9:16 | password | semmle.label | password |
|
||||
| overrides.go:13:14:13:23 | call to String | semmle.label | call to String |
|
||||
| passwords.go:8:12:8:12 | definition of x | semmle.label | definition of x |
|
||||
| passwords.go:9:14:9:14 | x | semmle.label | x |
|
||||
| passwords.go:21:2:21:9 | definition of password | semmle.label | definition of password |
|
||||
| passwords.go:25:14:25:21 | password | semmle.label | password |
|
||||
| passwords.go:26:14:26:23 | selection of password | semmle.label | selection of password |
|
||||
| passwords.go:27:14:27:26 | call to getPassword | semmle.label | call to getPassword |
|
||||
@@ -158,32 +325,34 @@ nodes
|
||||
| passwords.go:46:6:46:9 | definition of obj3 | semmle.label | definition of obj3 |
|
||||
| passwords.go:47:14:47:17 | obj3 | semmle.label | obj3 |
|
||||
| passwords.go:48:11:48:18 | password | semmle.label | password |
|
||||
| passwords.go:50:2:50:15 | definition of fixed_password | semmle.label | definition of fixed_password |
|
||||
| passwords.go:51:14:51:27 | fixed_password | semmle.label | fixed_password |
|
||||
| passwords.go:85:19:87:2 | struct literal | semmle.label | struct literal |
|
||||
| passwords.go:86:16:86:36 | call to make | semmle.label | call to make |
|
||||
| passwords.go:88:14:88:26 | utilityObject | semmle.label | utilityObject |
|
||||
| passwords.go:90:12:90:19 | password | semmle.label | password |
|
||||
| passwords.go:91:23:91:28 | secret | semmle.label | secret |
|
||||
| passwords.go:101:15:101:40 | ...+... | semmle.label | ...+... |
|
||||
| passwords.go:101:33:101:40 | password | semmle.label | password |
|
||||
| passwords.go:107:16:107:41 | ...+... | semmle.label | ...+... |
|
||||
| passwords.go:107:34:107:41 | password | semmle.label | password |
|
||||
| passwords.go:112:15:112:40 | ...+... | semmle.label | ...+... |
|
||||
| passwords.go:112:33:112:40 | password | semmle.label | password |
|
||||
| passwords.go:116:14:116:45 | ...+... | semmle.label | ...+... |
|
||||
| passwords.go:116:28:116:36 | password1 | semmle.label | password1 |
|
||||
| passwords.go:116:28:116:45 | call to String | semmle.label | call to String |
|
||||
| passwords.go:118:12:123:2 | struct literal | semmle.label | struct literal |
|
||||
| passwords.go:118:12:123:2 | struct literal [x] | semmle.label | struct literal [x] |
|
||||
| passwords.go:118:12:123:2 | struct literal [y] | semmle.label | struct literal [y] |
|
||||
| passwords.go:119:13:119:13 | x | semmle.label | x |
|
||||
| passwords.go:121:13:121:20 | password | semmle.label | password |
|
||||
| passwords.go:122:13:122:25 | call to getPassword | semmle.label | call to getPassword |
|
||||
| passwords.go:125:14:125:19 | config | semmle.label | config |
|
||||
| passwords.go:126:14:126:19 | config [x] | semmle.label | config [x] |
|
||||
| passwords.go:126:14:126:21 | selection of x | semmle.label | selection of x |
|
||||
| passwords.go:127:14:127:19 | config [y] | semmle.label | config [y] |
|
||||
| passwords.go:127:14:127:21 | selection of y | semmle.label | selection of y |
|
||||
| passwords.go:86:19:88:2 | struct literal | semmle.label | struct literal |
|
||||
| passwords.go:87:16:87:36 | call to make | semmle.label | call to make |
|
||||
| passwords.go:89:14:89:26 | utilityObject | semmle.label | utilityObject |
|
||||
| passwords.go:92:23:92:28 | secret | semmle.label | secret |
|
||||
| passwords.go:102:15:102:40 | ...+... | semmle.label | ...+... |
|
||||
| passwords.go:102:33:102:40 | password | semmle.label | password |
|
||||
| passwords.go:108:16:108:41 | ...+... | semmle.label | ...+... |
|
||||
| passwords.go:108:34:108:41 | password | semmle.label | password |
|
||||
| passwords.go:113:15:113:40 | ...+... | semmle.label | ...+... |
|
||||
| passwords.go:113:33:113:40 | password | semmle.label | password |
|
||||
| passwords.go:116:6:116:14 | definition of password1 | semmle.label | definition of password1 |
|
||||
| passwords.go:117:14:117:45 | ...+... | semmle.label | ...+... |
|
||||
| passwords.go:117:28:117:36 | password1 | semmle.label | password1 |
|
||||
| passwords.go:117:28:117:45 | call to String | semmle.label | call to String |
|
||||
| passwords.go:120:12:125:2 | struct literal | semmle.label | struct literal |
|
||||
| passwords.go:120:12:125:2 | struct literal [x] | semmle.label | struct literal [x] |
|
||||
| passwords.go:120:12:125:2 | struct literal [y] | semmle.label | struct literal [y] |
|
||||
| passwords.go:121:13:121:14 | x3 | semmle.label | x3 |
|
||||
| passwords.go:123:13:123:20 | password | semmle.label | password |
|
||||
| passwords.go:124:13:124:25 | call to getPassword | semmle.label | call to getPassword |
|
||||
| passwords.go:127:14:127:19 | config | semmle.label | config |
|
||||
| passwords.go:128:14:128:19 | config [x] | semmle.label | config [x] |
|
||||
| passwords.go:128:14:128:21 | selection of x | semmle.label | selection of x |
|
||||
| passwords.go:129:14:129:19 | config [y] | semmle.label | config [y] |
|
||||
| passwords.go:129:14:129:21 | selection of y | semmle.label | selection of y |
|
||||
| protobuf.go:9:2:9:9 | definition of password | semmle.label | definition of password |
|
||||
| protobuf.go:11:2:11:6 | definition of query [pointer, Description] | semmle.label | definition of query [pointer, Description] |
|
||||
| protobuf.go:12:2:12:6 | implicit dereference [Description] | semmle.label | implicit dereference [Description] |
|
||||
| protobuf.go:12:2:12:6 | query [pointer, Description] | semmle.label | query [pointer, Description] |
|
||||
@@ -196,3 +365,18 @@ nodes
|
||||
| protos/query/query.pb.go:119:10:119:22 | selection of Description | semmle.label | selection of Description |
|
||||
subpaths
|
||||
| protobuf.go:14:14:14:18 | query [pointer, Description] | protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] | protos/query/query.pb.go:119:10:119:22 | selection of Description | protobuf.go:14:14:14:35 | call to GetDescription |
|
||||
testFailures
|
||||
| main.go:17:2:17:9 | definition of password | Unexpected result: Source |
|
||||
| main.go:87:29:87:34 | fields | Unexpected result: Alert |
|
||||
| overrides.go:8:2:8:9 | definition of password | Unexpected result: Source |
|
||||
| overrides.go:9:18:9:28 | comment | Missing result: Source |
|
||||
| passwords.go:21:2:21:9 | definition of password | Unexpected result: Source |
|
||||
| passwords.go:30:18:30:28 | comment | Missing result: Source |
|
||||
| passwords.go:42:16:42:26 | comment | Missing result: Source |
|
||||
| passwords.go:48:20:48:30 | comment | Missing result: Source |
|
||||
| passwords.go:50:2:50:15 | definition of fixed_password | Unexpected result: Source |
|
||||
| passwords.go:91:31:91:41 | comment | Missing result: Source |
|
||||
| passwords.go:116:6:116:14 | definition of password1 | Unexpected result: Source |
|
||||
| passwords.go:123:28:123:38 | comment | Missing result: Source |
|
||||
| protobuf.go:9:2:9:9 | definition of password | Unexpected result: Source |
|
||||
| protobuf.go:12:31:12:41 | comment | Missing result: Source |
|
||||
|
||||
@@ -5,11 +5,14 @@ package main
|
||||
|
||||
import (
|
||||
"log"
|
||||
"math/rand"
|
||||
|
||||
"github.com/golang/glog"
|
||||
"github.com/sirupsen/logrus"
|
||||
)
|
||||
|
||||
var i int = rand.Int()
|
||||
|
||||
func main() {
|
||||
password := "P4ssw0rd"
|
||||
|
||||
@@ -17,15 +20,31 @@ func main() {
|
||||
log.Printf("%s", password) // $ Alert
|
||||
log.Printf(password, "") // $ Alert
|
||||
log.Println(password) // $ Alert
|
||||
log.Fatal(password) // $ Alert
|
||||
log.Fatalf("%s", password) // $ Alert
|
||||
log.Fatalf(password, "") // $ Alert
|
||||
log.Fatalln(password) // $ Alert
|
||||
log.Panic(password) // $ Alert
|
||||
log.Panicf("%s", password) // $ Alert
|
||||
log.Panicf(password, "") // $ Alert
|
||||
log.Panicln(password) // $ Alert
|
||||
log.Output(0, password) // $ Alert
|
||||
if i == 0 {
|
||||
log.Fatal(password) // $ Alert
|
||||
}
|
||||
if i == 1 {
|
||||
log.Fatalf("%s", password) // $ Alert
|
||||
}
|
||||
if i == 2 {
|
||||
log.Fatalf(password, "") // $ Alert
|
||||
}
|
||||
if i == 3 {
|
||||
log.Fatalln(password) // $ Alert
|
||||
}
|
||||
if i == 4 {
|
||||
log.Panic(password) // $ Alert
|
||||
}
|
||||
if i == 5 {
|
||||
log.Panicf("%s", password) // $ Alert
|
||||
}
|
||||
if i == 6 {
|
||||
log.Panicf(password, "") // $ Alert
|
||||
}
|
||||
if i == 7 {
|
||||
log.Panicln(password) // $ Alert
|
||||
}
|
||||
log.Output(0, password) // $ Alert
|
||||
log.Printf("%T", password)
|
||||
|
||||
l := log.Default()
|
||||
@@ -33,15 +52,31 @@ func main() {
|
||||
l.Printf("%s", password) // $ Alert
|
||||
l.Printf(password, "") // $ Alert
|
||||
l.Println(password) // $ Alert
|
||||
l.Fatal(password) // $ Alert
|
||||
l.Fatalf("%s", password) // $ Alert
|
||||
l.Fatalf(password, "") // $ Alert
|
||||
l.Fatalln(password) // $ Alert
|
||||
l.Panic(password) // $ Alert
|
||||
l.Panicf("%s", password) // $ Alert
|
||||
l.Panicf(password, "") // $ Alert
|
||||
l.Panicln(password) // $ Alert
|
||||
l.Output(0, password) // $ Alert
|
||||
if i == 100 {
|
||||
l.Fatal(password) // $ Alert
|
||||
}
|
||||
if i == 101 {
|
||||
l.Fatalf("%s", password) // $ Alert
|
||||
}
|
||||
if i == 102 {
|
||||
l.Fatalf(password, "") // $ Alert
|
||||
}
|
||||
if i == 103 {
|
||||
l.Fatalln(password) // $ Alert
|
||||
}
|
||||
if i == 104 {
|
||||
l.Panic(password) // $ Alert
|
||||
}
|
||||
if i == 105 {
|
||||
l.Panicf("%s", password) // $ Alert
|
||||
}
|
||||
if i == 106 {
|
||||
l.Panicf(password, "") // $ Alert
|
||||
}
|
||||
if i == 107 {
|
||||
l.Panicln(password) // $ Alert
|
||||
}
|
||||
l.Output(0, password) // $ Alert
|
||||
l.Printf("%T", password)
|
||||
|
||||
glog.Info(password) // $ Alert
|
||||
|
||||
@@ -65,7 +65,8 @@ func test() {
|
||||
log.Println(actually_secure_password) // OK
|
||||
|
||||
var user1 cryptedStruct
|
||||
user1.cryptedPassword = x
|
||||
x2 := "perhaps sensitive"
|
||||
user1.cryptedPassword = x2
|
||||
log.Println(user1) // OK
|
||||
|
||||
var user2 passStruct
|
||||
@@ -115,8 +116,9 @@ func test() {
|
||||
var password1 stringable = stringable{"arstneio"}
|
||||
log.Println(name + ", " + password1.String()) // $ Alert
|
||||
|
||||
x3 := "sheepbatterystaplecorrect"
|
||||
config := Config{
|
||||
password: x, // $ Source
|
||||
password: x3, // $ Source
|
||||
hostname: "tarski",
|
||||
x: password, // $ Source
|
||||
y: getPassword(), // $ Source
|
||||
|
||||
@@ -2,69 +2,71 @@
|
||||
| OpenUrlRedirect.go:10:23:10:42 | call to Get | OpenUrlRedirect.go:10:23:10:28 | selection of Form | OpenUrlRedirect.go:10:23:10:42 | call to Get | This path to an untrusted URL redirection depends on a $@. | OpenUrlRedirect.go:10:23:10:28 | selection of Form | user-provided value |
|
||||
| stdlib.go:15:30:15:35 | target | stdlib.go:13:13:13:18 | selection of Form | stdlib.go:15:30:15:35 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:13:13:13:18 | selection of Form | user-provided value |
|
||||
| stdlib.go:24:30:24:35 | target | stdlib.go:22:13:22:18 | selection of Form | stdlib.go:24:30:24:35 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:22:13:22:18 | selection of Form | user-provided value |
|
||||
| stdlib.go:35:30:35:39 | ...+... | stdlib.go:31:13:31:18 | selection of Form | stdlib.go:35:30:35:39 | ...+... | This path to an untrusted URL redirection depends on a $@. | stdlib.go:31:13:31:18 | selection of Form | user-provided value |
|
||||
| stdlib.go:46:23:46:28 | target | stdlib.go:44:13:44:18 | selection of Form | stdlib.go:46:23:46:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:44:13:44:18 | selection of Form | user-provided value |
|
||||
| stdlib.go:67:23:67:40 | ...+... | stdlib.go:64:13:64:18 | selection of Form | stdlib.go:67:23:67:40 | ...+... | This path to an untrusted URL redirection depends on a $@. | stdlib.go:64:13:64:18 | selection of Form | user-provided value |
|
||||
| stdlib.go:92:23:92:28 | target | stdlib.go:89:13:89:18 | selection of Form | stdlib.go:92:23:92:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:89:13:89:18 | selection of Form | user-provided value |
|
||||
| stdlib.go:152:23:152:28 | target | stdlib.go:146:13:146:18 | selection of Form | stdlib.go:152:23:152:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:146:13:146:18 | selection of Form | user-provided value |
|
||||
| stdlib.go:184:23:184:28 | target | stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:184:23:184:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:182:13:182:33 | call to FormValue | user-provided value |
|
||||
| stdlib.go:192:23:192:33 | selection of Path | stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:192:23:192:33 | selection of Path | This path to an untrusted URL redirection depends on a $@. | stdlib.go:190:36:190:56 | call to FormValue | user-provided value |
|
||||
| stdlib.go:194:23:194:42 | call to EscapedPath | stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:194:23:194:42 | call to EscapedPath | This path to an untrusted URL redirection depends on a $@. | stdlib.go:190:36:190:56 | call to FormValue | user-provided value |
|
||||
| stdlib.go:39:30:39:40 | ...+... | stdlib.go:33:13:33:18 | selection of Form | stdlib.go:39:30:39:40 | ...+... | This path to an untrusted URL redirection depends on a $@. | stdlib.go:33:13:33:18 | selection of Form | user-provided value |
|
||||
| stdlib.go:50:23:50:28 | target | stdlib.go:48:13:48:18 | selection of Form | stdlib.go:50:23:50:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:48:13:48:18 | selection of Form | user-provided value |
|
||||
| stdlib.go:71:23:71:40 | ...+... | stdlib.go:68:13:68:18 | selection of Form | stdlib.go:71:23:71:40 | ...+... | This path to an untrusted URL redirection depends on a $@. | stdlib.go:68:13:68:18 | selection of Form | user-provided value |
|
||||
| stdlib.go:96:23:96:28 | target | stdlib.go:93:13:93:18 | selection of Form | stdlib.go:96:23:96:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:93:13:93:18 | selection of Form | user-provided value |
|
||||
| stdlib.go:156:23:156:28 | target | stdlib.go:150:13:150:18 | selection of Form | stdlib.go:156:23:156:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:150:13:150:18 | selection of Form | user-provided value |
|
||||
| stdlib.go:188:23:188:28 | target | stdlib.go:186:13:186:33 | call to FormValue | stdlib.go:188:23:188:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:186:13:186:33 | call to FormValue | user-provided value |
|
||||
| stdlib.go:196:23:196:33 | selection of Path | stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:196:23:196:33 | selection of Path | This path to an untrusted URL redirection depends on a $@. | stdlib.go:194:36:194:56 | call to FormValue | user-provided value |
|
||||
| stdlib.go:198:23:198:42 | call to EscapedPath | stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:198:23:198:42 | call to EscapedPath | This path to an untrusted URL redirection depends on a $@. | stdlib.go:194:36:194:56 | call to FormValue | user-provided value |
|
||||
edges
|
||||
| OpenUrlRedirect.go:10:23:10:28 | selection of Form | OpenUrlRedirect.go:10:23:10:42 | call to Get | provenance | Src:MaD:2 Config Sink:MaD:1 |
|
||||
| stdlib.go:13:13:13:18 | selection of Form | stdlib.go:13:13:13:32 | call to Get | provenance | Src:MaD:2 Config |
|
||||
| stdlib.go:13:13:13:32 | call to Get | stdlib.go:15:30:15:35 | target | provenance | |
|
||||
| stdlib.go:22:13:22:18 | selection of Form | stdlib.go:22:13:22:32 | call to Get | provenance | Src:MaD:2 Config |
|
||||
| stdlib.go:22:13:22:32 | call to Get | stdlib.go:24:30:24:35 | target | provenance | |
|
||||
| stdlib.go:31:13:31:18 | selection of Form | stdlib.go:31:13:31:32 | call to Get | provenance | Src:MaD:2 Config |
|
||||
| stdlib.go:31:13:31:32 | call to Get | stdlib.go:35:34:35:39 | target | provenance | |
|
||||
| stdlib.go:35:34:35:39 | target | stdlib.go:35:30:35:39 | ...+... | provenance | Config |
|
||||
| stdlib.go:44:13:44:18 | selection of Form | stdlib.go:44:13:44:32 | call to Get | provenance | Src:MaD:2 Config |
|
||||
| stdlib.go:44:13:44:32 | call to Get | stdlib.go:46:23:46:28 | target | provenance | Sink:MaD:1 |
|
||||
| stdlib.go:64:13:64:18 | selection of Form | stdlib.go:64:13:64:32 | call to Get | provenance | Src:MaD:2 Config |
|
||||
| stdlib.go:64:13:64:32 | call to Get | stdlib.go:67:23:67:28 | target | provenance | |
|
||||
| stdlib.go:67:23:67:28 | target | stdlib.go:67:23:67:37 | ...+... | provenance | Config |
|
||||
| stdlib.go:67:23:67:37 | ...+... | stdlib.go:67:23:67:40 | ...+... | provenance | Config Sink:MaD:1 |
|
||||
| stdlib.go:89:13:89:18 | selection of Form | stdlib.go:89:13:89:32 | call to Get | provenance | Src:MaD:2 Config |
|
||||
| stdlib.go:89:13:89:32 | call to Get | stdlib.go:90:3:90:8 | target | provenance | |
|
||||
| stdlib.go:90:3:90:8 | target | stdlib.go:90:3:90:25 | ... += ... | provenance | Config |
|
||||
| stdlib.go:90:3:90:25 | ... += ... | stdlib.go:92:23:92:28 | target | provenance | Sink:MaD:1 |
|
||||
| stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] | stdlib.go:112:4:112:4 | r [pointer, URL, pointer] | provenance | |
|
||||
| stdlib.go:107:54:107:54 | definition of r [pointer, URL] | stdlib.go:112:4:112:4 | r [pointer, URL] | provenance | |
|
||||
| stdlib.go:107:54:107:54 | definition of r [pointer, URL] | stdlib.go:113:24:113:24 | r [pointer, URL] | provenance | |
|
||||
| stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] | provenance | |
|
||||
| stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | stdlib.go:112:4:112:8 | selection of URL [pointer] | provenance | |
|
||||
| stdlib.go:112:4:112:4 | implicit dereference [URL] | stdlib.go:107:54:107:54 | definition of r [pointer, URL] | provenance | |
|
||||
| stdlib.go:112:4:112:4 | implicit dereference [URL] | stdlib.go:112:4:112:8 | selection of URL | provenance | |
|
||||
| stdlib.go:112:4:112:4 | r [pointer, URL, pointer] | stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | provenance | |
|
||||
| stdlib.go:112:4:112:4 | r [pointer, URL] | stdlib.go:112:4:112:4 | implicit dereference [URL] | provenance | |
|
||||
| stdlib.go:112:4:112:8 | implicit dereference | stdlib.go:112:4:112:8 | selection of URL | provenance | Config |
|
||||
| stdlib.go:112:4:112:8 | implicit dereference | stdlib.go:112:4:112:8 | selection of URL [pointer] | provenance | |
|
||||
| stdlib.go:112:4:112:8 | selection of URL | stdlib.go:112:4:112:4 | implicit dereference [URL] | provenance | Src:MaD:4 |
|
||||
| stdlib.go:112:4:112:8 | selection of URL | stdlib.go:112:4:112:8 | implicit dereference | provenance | Src:MaD:4 Config |
|
||||
| stdlib.go:112:4:112:8 | selection of URL [pointer] | stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | provenance | |
|
||||
| stdlib.go:112:4:112:8 | selection of URL [pointer] | stdlib.go:112:4:112:8 | implicit dereference | provenance | |
|
||||
| stdlib.go:113:24:113:24 | implicit dereference [URL] | stdlib.go:113:24:113:28 | selection of URL | provenance | |
|
||||
| stdlib.go:113:24:113:24 | r [pointer, URL] | stdlib.go:113:24:113:24 | implicit dereference [URL] | provenance | |
|
||||
| stdlib.go:113:24:113:28 | selection of URL | stdlib.go:113:24:113:37 | call to String | provenance | Src:MaD:4 Config Sink:MaD:1 |
|
||||
| stdlib.go:146:13:146:18 | selection of Form | stdlib.go:146:13:146:32 | call to Get | provenance | Src:MaD:2 Config |
|
||||
| stdlib.go:146:13:146:32 | call to Get | stdlib.go:152:23:152:28 | target | provenance | Sink:MaD:1 |
|
||||
| stdlib.go:159:10:159:15 | star expression | stdlib.go:159:11:159:15 | selection of URL | provenance | Config |
|
||||
| stdlib.go:159:10:159:15 | star expression | stdlib.go:162:24:162:26 | url | provenance | |
|
||||
| stdlib.go:159:11:159:15 | selection of URL | stdlib.go:159:10:159:15 | star expression | provenance | Src:MaD:4 Config |
|
||||
| stdlib.go:162:24:162:26 | url | stdlib.go:162:24:162:35 | call to String | provenance | Config Sink:MaD:1 |
|
||||
| stdlib.go:173:35:173:39 | selection of URL | stdlib.go:173:35:173:52 | call to RequestURI | provenance | Src:MaD:4 Config |
|
||||
| stdlib.go:173:35:173:52 | call to RequestURI | stdlib.go:173:24:173:52 | ...+... | provenance | Config Sink:MaD:1 |
|
||||
| stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:184:23:184:28 | target | provenance | Src:MaD:3 Sink:MaD:1 |
|
||||
| stdlib.go:190:3:190:8 | definition of target | stdlib.go:192:23:192:28 | target | provenance | |
|
||||
| stdlib.go:190:3:190:8 | definition of target | stdlib.go:194:23:194:28 | target | provenance | |
|
||||
| stdlib.go:190:3:190:57 | ... := ...[0] | stdlib.go:190:3:190:8 | definition of target | provenance | |
|
||||
| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:190:3:190:57 | ... := ...[0] | provenance | Src:MaD:3 Config |
|
||||
| stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:190:3:190:8 | definition of target | provenance | Config |
|
||||
| stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:192:23:192:33 | selection of Path | provenance | Config Sink:MaD:1 |
|
||||
| stdlib.go:192:23:192:28 | target | stdlib.go:192:23:192:28 | implicit dereference | provenance | Config |
|
||||
| stdlib.go:192:23:192:28 | target | stdlib.go:192:23:192:33 | selection of Path | provenance | Config Sink:MaD:1 |
|
||||
| stdlib.go:194:23:194:28 | target | stdlib.go:194:23:194:42 | call to EscapedPath | provenance | Config Sink:MaD:1 |
|
||||
| stdlib.go:33:13:33:18 | selection of Form | stdlib.go:33:13:33:32 | call to Get | provenance | Src:MaD:2 Config |
|
||||
| stdlib.go:33:13:33:32 | call to Get | stdlib.go:39:34:39:40 | target2 | provenance | |
|
||||
| stdlib.go:39:34:39:40 | target2 | stdlib.go:39:30:39:40 | ...+... | provenance | Config |
|
||||
| stdlib.go:48:13:48:18 | selection of Form | stdlib.go:48:13:48:32 | call to Get | provenance | Src:MaD:2 Config |
|
||||
| stdlib.go:48:13:48:32 | call to Get | stdlib.go:50:23:50:28 | target | provenance | Sink:MaD:1 |
|
||||
| stdlib.go:68:13:68:18 | selection of Form | stdlib.go:68:13:68:32 | call to Get | provenance | Src:MaD:2 Config |
|
||||
| stdlib.go:68:13:68:32 | call to Get | stdlib.go:71:23:71:28 | target | provenance | |
|
||||
| stdlib.go:71:23:71:28 | target | stdlib.go:71:23:71:37 | ...+... | provenance | Config |
|
||||
| stdlib.go:71:23:71:37 | ...+... | stdlib.go:71:23:71:40 | ...+... | provenance | Config Sink:MaD:1 |
|
||||
| stdlib.go:93:13:93:18 | selection of Form | stdlib.go:93:13:93:32 | call to Get | provenance | Src:MaD:2 Config |
|
||||
| stdlib.go:93:13:93:32 | call to Get | stdlib.go:94:3:94:8 | target | provenance | |
|
||||
| stdlib.go:94:3:94:8 | target | stdlib.go:94:3:94:25 | ... += ... | provenance | Config |
|
||||
| stdlib.go:94:3:94:25 | ... += ... | stdlib.go:96:23:96:28 | target | provenance | Sink:MaD:1 |
|
||||
| stdlib.go:111:54:111:54 | definition of r [pointer, URL, pointer] | stdlib.go:115:6:115:6 | r [pointer, URL, pointer] | provenance | |
|
||||
| stdlib.go:111:54:111:54 | definition of r [pointer, URL] | stdlib.go:115:6:115:6 | r [pointer, URL] | provenance | |
|
||||
| stdlib.go:115:6:115:6 | r [pointer, URL, pointer] | stdlib.go:116:4:116:4 | r [pointer, URL, pointer] | provenance | |
|
||||
| stdlib.go:115:6:115:6 | r [pointer, URL] | stdlib.go:116:4:116:4 | r [pointer, URL] | provenance | |
|
||||
| stdlib.go:116:4:116:4 | implicit dereference [URL, pointer] | stdlib.go:111:54:111:54 | definition of r [pointer, URL, pointer] | provenance | |
|
||||
| stdlib.go:116:4:116:4 | implicit dereference [URL, pointer] | stdlib.go:116:4:116:8 | selection of URL [pointer] | provenance | |
|
||||
| stdlib.go:116:4:116:4 | implicit dereference [URL] | stdlib.go:111:54:111:54 | definition of r [pointer, URL] | provenance | |
|
||||
| stdlib.go:116:4:116:4 | implicit dereference [URL] | stdlib.go:116:4:116:8 | selection of URL | provenance | |
|
||||
| stdlib.go:116:4:116:4 | r [pointer, URL, pointer] | stdlib.go:116:4:116:4 | implicit dereference [URL, pointer] | provenance | |
|
||||
| stdlib.go:116:4:116:4 | r [pointer, URL] | stdlib.go:116:4:116:4 | implicit dereference [URL] | provenance | |
|
||||
| stdlib.go:116:4:116:4 | r [pointer, URL] | stdlib.go:117:24:117:24 | r [pointer, URL] | provenance | |
|
||||
| stdlib.go:116:4:116:8 | implicit dereference | stdlib.go:116:4:116:8 | selection of URL | provenance | Config |
|
||||
| stdlib.go:116:4:116:8 | implicit dereference | stdlib.go:116:4:116:8 | selection of URL [pointer] | provenance | |
|
||||
| stdlib.go:116:4:116:8 | selection of URL | stdlib.go:116:4:116:4 | implicit dereference [URL] | provenance | Src:MaD:4 |
|
||||
| stdlib.go:116:4:116:8 | selection of URL | stdlib.go:116:4:116:8 | implicit dereference | provenance | Src:MaD:4 Config |
|
||||
| stdlib.go:116:4:116:8 | selection of URL [pointer] | stdlib.go:116:4:116:4 | implicit dereference [URL, pointer] | provenance | |
|
||||
| stdlib.go:116:4:116:8 | selection of URL [pointer] | stdlib.go:116:4:116:8 | implicit dereference | provenance | |
|
||||
| stdlib.go:117:24:117:24 | implicit dereference [URL] | stdlib.go:117:24:117:28 | selection of URL | provenance | |
|
||||
| stdlib.go:117:24:117:24 | r [pointer, URL] | stdlib.go:117:24:117:24 | implicit dereference [URL] | provenance | |
|
||||
| stdlib.go:117:24:117:28 | selection of URL | stdlib.go:117:24:117:37 | call to String | provenance | Src:MaD:4 Config Sink:MaD:1 |
|
||||
| stdlib.go:150:13:150:18 | selection of Form | stdlib.go:150:13:150:32 | call to Get | provenance | Src:MaD:2 Config |
|
||||
| stdlib.go:150:13:150:32 | call to Get | stdlib.go:156:23:156:28 | target | provenance | Sink:MaD:1 |
|
||||
| stdlib.go:163:10:163:15 | star expression | stdlib.go:163:11:163:15 | selection of URL | provenance | Config |
|
||||
| stdlib.go:163:10:163:15 | star expression | stdlib.go:166:24:166:26 | url | provenance | |
|
||||
| stdlib.go:163:11:163:15 | selection of URL | stdlib.go:163:10:163:15 | star expression | provenance | Src:MaD:4 Config |
|
||||
| stdlib.go:166:24:166:26 | url | stdlib.go:166:24:166:35 | call to String | provenance | Config Sink:MaD:1 |
|
||||
| stdlib.go:177:35:177:39 | selection of URL | stdlib.go:177:35:177:52 | call to RequestURI | provenance | Src:MaD:4 Config |
|
||||
| stdlib.go:177:35:177:52 | call to RequestURI | stdlib.go:177:24:177:52 | ...+... | provenance | Config Sink:MaD:1 |
|
||||
| stdlib.go:186:13:186:33 | call to FormValue | stdlib.go:188:23:188:28 | target | provenance | Src:MaD:3 Sink:MaD:1 |
|
||||
| stdlib.go:194:3:194:8 | definition of target | stdlib.go:196:23:196:28 | target | provenance | |
|
||||
| stdlib.go:194:3:194:57 | ... := ...[0] | stdlib.go:194:3:194:8 | definition of target | provenance | |
|
||||
| stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:194:3:194:57 | ... := ...[0] | provenance | Src:MaD:3 Config |
|
||||
| stdlib.go:196:23:196:28 | implicit dereference | stdlib.go:194:3:194:8 | definition of target | provenance | Config |
|
||||
| stdlib.go:196:23:196:28 | implicit dereference | stdlib.go:196:23:196:33 | selection of Path | provenance | Config Sink:MaD:1 |
|
||||
| stdlib.go:196:23:196:28 | target | stdlib.go:196:23:196:28 | implicit dereference | provenance | Config |
|
||||
| stdlib.go:196:23:196:28 | target | stdlib.go:196:23:196:33 | selection of Path | provenance | Config Sink:MaD:1 |
|
||||
| stdlib.go:196:23:196:28 | target | stdlib.go:198:23:198:28 | target | provenance | |
|
||||
| stdlib.go:198:23:198:28 | target | stdlib.go:198:23:198:42 | call to EscapedPath | provenance | Config Sink:MaD:1 |
|
||||
models
|
||||
| 1 | Sink: net/http; ; false; Redirect; ; ; Argument[2]; url-redirection[0]; manual |
|
||||
| 2 | Source: net/http; Request; true; Form; ; ; ; remote; manual |
|
||||
@@ -79,54 +81,56 @@ nodes
|
||||
| stdlib.go:22:13:22:18 | selection of Form | semmle.label | selection of Form |
|
||||
| stdlib.go:22:13:22:32 | call to Get | semmle.label | call to Get |
|
||||
| stdlib.go:24:30:24:35 | target | semmle.label | target |
|
||||
| stdlib.go:31:13:31:18 | selection of Form | semmle.label | selection of Form |
|
||||
| stdlib.go:31:13:31:32 | call to Get | semmle.label | call to Get |
|
||||
| stdlib.go:35:30:35:39 | ...+... | semmle.label | ...+... |
|
||||
| stdlib.go:35:34:35:39 | target | semmle.label | target |
|
||||
| stdlib.go:44:13:44:18 | selection of Form | semmle.label | selection of Form |
|
||||
| stdlib.go:44:13:44:32 | call to Get | semmle.label | call to Get |
|
||||
| stdlib.go:46:23:46:28 | target | semmle.label | target |
|
||||
| stdlib.go:64:13:64:18 | selection of Form | semmle.label | selection of Form |
|
||||
| stdlib.go:64:13:64:32 | call to Get | semmle.label | call to Get |
|
||||
| stdlib.go:67:23:67:28 | target | semmle.label | target |
|
||||
| stdlib.go:67:23:67:37 | ...+... | semmle.label | ...+... |
|
||||
| stdlib.go:67:23:67:40 | ...+... | semmle.label | ...+... |
|
||||
| stdlib.go:89:13:89:18 | selection of Form | semmle.label | selection of Form |
|
||||
| stdlib.go:89:13:89:32 | call to Get | semmle.label | call to Get |
|
||||
| stdlib.go:90:3:90:8 | target | semmle.label | target |
|
||||
| stdlib.go:90:3:90:25 | ... += ... | semmle.label | ... += ... |
|
||||
| stdlib.go:92:23:92:28 | target | semmle.label | target |
|
||||
| stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] | semmle.label | definition of r [pointer, URL, pointer] |
|
||||
| stdlib.go:107:54:107:54 | definition of r [pointer, URL] | semmle.label | definition of r [pointer, URL] |
|
||||
| stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | semmle.label | implicit dereference [URL, pointer] |
|
||||
| stdlib.go:112:4:112:4 | implicit dereference [URL] | semmle.label | implicit dereference [URL] |
|
||||
| stdlib.go:112:4:112:4 | r [pointer, URL, pointer] | semmle.label | r [pointer, URL, pointer] |
|
||||
| stdlib.go:112:4:112:4 | r [pointer, URL] | semmle.label | r [pointer, URL] |
|
||||
| stdlib.go:112:4:112:8 | implicit dereference | semmle.label | implicit dereference |
|
||||
| stdlib.go:112:4:112:8 | selection of URL | semmle.label | selection of URL |
|
||||
| stdlib.go:112:4:112:8 | selection of URL [pointer] | semmle.label | selection of URL [pointer] |
|
||||
| stdlib.go:113:24:113:24 | implicit dereference [URL] | semmle.label | implicit dereference [URL] |
|
||||
| stdlib.go:113:24:113:24 | r [pointer, URL] | semmle.label | r [pointer, URL] |
|
||||
| stdlib.go:113:24:113:28 | selection of URL | semmle.label | selection of URL |
|
||||
| stdlib.go:113:24:113:37 | call to String | semmle.label | call to String |
|
||||
| stdlib.go:146:13:146:18 | selection of Form | semmle.label | selection of Form |
|
||||
| stdlib.go:146:13:146:32 | call to Get | semmle.label | call to Get |
|
||||
| stdlib.go:152:23:152:28 | target | semmle.label | target |
|
||||
| stdlib.go:159:10:159:15 | star expression | semmle.label | star expression |
|
||||
| stdlib.go:159:11:159:15 | selection of URL | semmle.label | selection of URL |
|
||||
| stdlib.go:162:24:162:26 | url | semmle.label | url |
|
||||
| stdlib.go:162:24:162:35 | call to String | semmle.label | call to String |
|
||||
| stdlib.go:173:24:173:52 | ...+... | semmle.label | ...+... |
|
||||
| stdlib.go:173:35:173:39 | selection of URL | semmle.label | selection of URL |
|
||||
| stdlib.go:173:35:173:52 | call to RequestURI | semmle.label | call to RequestURI |
|
||||
| stdlib.go:182:13:182:33 | call to FormValue | semmle.label | call to FormValue |
|
||||
| stdlib.go:184:23:184:28 | target | semmle.label | target |
|
||||
| stdlib.go:190:3:190:8 | definition of target | semmle.label | definition of target |
|
||||
| stdlib.go:190:3:190:57 | ... := ...[0] | semmle.label | ... := ...[0] |
|
||||
| stdlib.go:190:36:190:56 | call to FormValue | semmle.label | call to FormValue |
|
||||
| stdlib.go:192:23:192:28 | implicit dereference | semmle.label | implicit dereference |
|
||||
| stdlib.go:192:23:192:28 | target | semmle.label | target |
|
||||
| stdlib.go:192:23:192:33 | selection of Path | semmle.label | selection of Path |
|
||||
| stdlib.go:194:23:194:28 | target | semmle.label | target |
|
||||
| stdlib.go:194:23:194:42 | call to EscapedPath | semmle.label | call to EscapedPath |
|
||||
| stdlib.go:33:13:33:18 | selection of Form | semmle.label | selection of Form |
|
||||
| stdlib.go:33:13:33:32 | call to Get | semmle.label | call to Get |
|
||||
| stdlib.go:39:30:39:40 | ...+... | semmle.label | ...+... |
|
||||
| stdlib.go:39:34:39:40 | target2 | semmle.label | target2 |
|
||||
| stdlib.go:48:13:48:18 | selection of Form | semmle.label | selection of Form |
|
||||
| stdlib.go:48:13:48:32 | call to Get | semmle.label | call to Get |
|
||||
| stdlib.go:50:23:50:28 | target | semmle.label | target |
|
||||
| stdlib.go:68:13:68:18 | selection of Form | semmle.label | selection of Form |
|
||||
| stdlib.go:68:13:68:32 | call to Get | semmle.label | call to Get |
|
||||
| stdlib.go:71:23:71:28 | target | semmle.label | target |
|
||||
| stdlib.go:71:23:71:37 | ...+... | semmle.label | ...+... |
|
||||
| stdlib.go:71:23:71:40 | ...+... | semmle.label | ...+... |
|
||||
| stdlib.go:93:13:93:18 | selection of Form | semmle.label | selection of Form |
|
||||
| stdlib.go:93:13:93:32 | call to Get | semmle.label | call to Get |
|
||||
| stdlib.go:94:3:94:8 | target | semmle.label | target |
|
||||
| stdlib.go:94:3:94:25 | ... += ... | semmle.label | ... += ... |
|
||||
| stdlib.go:96:23:96:28 | target | semmle.label | target |
|
||||
| stdlib.go:111:54:111:54 | definition of r [pointer, URL, pointer] | semmle.label | definition of r [pointer, URL, pointer] |
|
||||
| stdlib.go:111:54:111:54 | definition of r [pointer, URL] | semmle.label | definition of r [pointer, URL] |
|
||||
| stdlib.go:115:6:115:6 | r [pointer, URL, pointer] | semmle.label | r [pointer, URL, pointer] |
|
||||
| stdlib.go:115:6:115:6 | r [pointer, URL] | semmle.label | r [pointer, URL] |
|
||||
| stdlib.go:116:4:116:4 | implicit dereference [URL, pointer] | semmle.label | implicit dereference [URL, pointer] |
|
||||
| stdlib.go:116:4:116:4 | implicit dereference [URL] | semmle.label | implicit dereference [URL] |
|
||||
| stdlib.go:116:4:116:4 | r [pointer, URL, pointer] | semmle.label | r [pointer, URL, pointer] |
|
||||
| stdlib.go:116:4:116:4 | r [pointer, URL] | semmle.label | r [pointer, URL] |
|
||||
| stdlib.go:116:4:116:8 | implicit dereference | semmle.label | implicit dereference |
|
||||
| stdlib.go:116:4:116:8 | selection of URL | semmle.label | selection of URL |
|
||||
| stdlib.go:116:4:116:8 | selection of URL [pointer] | semmle.label | selection of URL [pointer] |
|
||||
| stdlib.go:117:24:117:24 | implicit dereference [URL] | semmle.label | implicit dereference [URL] |
|
||||
| stdlib.go:117:24:117:24 | r [pointer, URL] | semmle.label | r [pointer, URL] |
|
||||
| stdlib.go:117:24:117:28 | selection of URL | semmle.label | selection of URL |
|
||||
| stdlib.go:117:24:117:37 | call to String | semmle.label | call to String |
|
||||
| stdlib.go:150:13:150:18 | selection of Form | semmle.label | selection of Form |
|
||||
| stdlib.go:150:13:150:32 | call to Get | semmle.label | call to Get |
|
||||
| stdlib.go:156:23:156:28 | target | semmle.label | target |
|
||||
| stdlib.go:163:10:163:15 | star expression | semmle.label | star expression |
|
||||
| stdlib.go:163:11:163:15 | selection of URL | semmle.label | selection of URL |
|
||||
| stdlib.go:166:24:166:26 | url | semmle.label | url |
|
||||
| stdlib.go:166:24:166:35 | call to String | semmle.label | call to String |
|
||||
| stdlib.go:177:24:177:52 | ...+... | semmle.label | ...+... |
|
||||
| stdlib.go:177:35:177:39 | selection of URL | semmle.label | selection of URL |
|
||||
| stdlib.go:177:35:177:52 | call to RequestURI | semmle.label | call to RequestURI |
|
||||
| stdlib.go:186:13:186:33 | call to FormValue | semmle.label | call to FormValue |
|
||||
| stdlib.go:188:23:188:28 | target | semmle.label | target |
|
||||
| stdlib.go:194:3:194:8 | definition of target | semmle.label | definition of target |
|
||||
| stdlib.go:194:3:194:57 | ... := ...[0] | semmle.label | ... := ...[0] |
|
||||
| stdlib.go:194:36:194:56 | call to FormValue | semmle.label | call to FormValue |
|
||||
| stdlib.go:196:23:196:28 | implicit dereference | semmle.label | implicit dereference |
|
||||
| stdlib.go:196:23:196:28 | target | semmle.label | target |
|
||||
| stdlib.go:196:23:196:33 | selection of Path | semmle.label | selection of Path |
|
||||
| stdlib.go:198:23:198:28 | target | semmle.label | target |
|
||||
| stdlib.go:198:23:198:42 | call to EscapedPath | semmle.label | call to EscapedPath |
|
||||
subpaths
|
||||
|
||||
@@ -28,13 +28,17 @@ func serveStdlib() {
|
||||
http.HandleFunc("/ex2", func(w http.ResponseWriter, r *http.Request) {
|
||||
r.ParseForm()
|
||||
|
||||
// Taking gratuitous copies of target so that sanitizing the use in
|
||||
// the first request doesn't also sanitize other uses
|
||||
target := r.Form.Get("target")
|
||||
target2 := target
|
||||
target3 := target
|
||||
// GOOD: local redirects are unproblematic
|
||||
w.Header().Set("Location", "/local"+target)
|
||||
// BAD: this could be a non-local redirect
|
||||
w.Header().Set("Location", "/"+target)
|
||||
w.Header().Set("Location", "/"+target2)
|
||||
// GOOD: localhost redirects are unproblematic
|
||||
w.Header().Set("Location", "//localhost/"+target)
|
||||
w.Header().Set("Location", "//localhost/"+target3)
|
||||
w.WriteHeader(302)
|
||||
})
|
||||
|
||||
|
||||
@@ -1,18 +1,18 @@
|
||||
#select
|
||||
| RequestForgery.go:11:15:11:66 | call to Get | RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | The $@ of this request depends on a $@. | RequestForgery.go:11:24:11:65 | ...+... | URL | RequestForgery.go:8:12:8:34 | call to FormValue | user-provided value |
|
||||
| tst.go:14:2:14:18 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:14:11:14:17 | tainted | The $@ of this request depends on a $@. | tst.go:14:11:14:17 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:16:2:16:19 | call to Head | tst.go:10:13:10:35 | call to FormValue | tst.go:16:12:16:18 | tainted | The $@ of this request depends on a $@. | tst.go:16:12:16:18 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:18:2:18:38 | call to Post | tst.go:10:13:10:35 | call to FormValue | tst.go:18:12:18:18 | tainted | The $@ of this request depends on a $@. | tst.go:18:12:18:18 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:20:2:20:28 | call to PostForm | tst.go:10:13:10:35 | call to FormValue | tst.go:20:16:20:22 | tainted | The $@ of this request depends on a $@. | tst.go:20:16:20:22 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:24:2:24:15 | call to Do | tst.go:10:13:10:35 | call to FormValue | tst.go:23:35:23:41 | tainted | The $@ of this request depends on a $@. | tst.go:23:35:23:41 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:27:2:27:15 | call to Do | tst.go:10:13:10:35 | call to FormValue | tst.go:26:68:26:74 | tainted | The $@ of this request depends on a $@. | tst.go:26:68:26:74 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:29:2:29:20 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:29:13:29:19 | tainted | The $@ of this request depends on a $@. | tst.go:29:13:29:19 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:30:2:30:21 | call to Head | tst.go:10:13:10:35 | call to FormValue | tst.go:30:14:30:20 | tainted | The $@ of this request depends on a $@. | tst.go:30:14:30:20 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:31:2:31:40 | call to Post | tst.go:10:13:10:35 | call to FormValue | tst.go:31:14:31:20 | tainted | The $@ of this request depends on a $@. | tst.go:31:14:31:20 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:32:2:32:30 | call to PostForm | tst.go:10:13:10:35 | call to FormValue | tst.go:32:18:32:24 | tainted | The $@ of this request depends on a $@. | tst.go:32:18:32:24 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:34:2:34:30 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:34:11:34:29 | ...+... | The $@ of this request depends on a $@. | tst.go:34:11:34:29 | ...+... | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:36:2:36:41 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:36:11:36:40 | ...+... | The $@ of this request depends on a $@. | tst.go:36:11:36:40 | ...+... | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:44:2:44:21 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:44:11:44:20 | call to String | The $@ of this request depends on a $@. | tst.go:44:11:44:20 | call to String | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:18:2:18:18 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:18:11:18:17 | tainted | The $@ of this request depends on a $@. | tst.go:18:11:18:17 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:20:2:20:19 | call to Head | tst.go:10:13:10:35 | call to FormValue | tst.go:20:12:20:18 | tainted | The $@ of this request depends on a $@. | tst.go:20:12:20:18 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:22:2:22:38 | call to Post | tst.go:10:13:10:35 | call to FormValue | tst.go:22:12:22:18 | tainted | The $@ of this request depends on a $@. | tst.go:22:12:22:18 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:24:2:24:28 | call to PostForm | tst.go:10:13:10:35 | call to FormValue | tst.go:24:16:24:22 | tainted | The $@ of this request depends on a $@. | tst.go:24:16:24:22 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:28:2:28:15 | call to Do | tst.go:10:13:10:35 | call to FormValue | tst.go:27:35:27:41 | tainted | The $@ of this request depends on a $@. | tst.go:27:35:27:41 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:31:2:31:15 | call to Do | tst.go:10:13:10:35 | call to FormValue | tst.go:30:68:30:74 | tainted | The $@ of this request depends on a $@. | tst.go:30:68:30:74 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:33:2:33:20 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:33:13:33:19 | tainted | The $@ of this request depends on a $@. | tst.go:33:13:33:19 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:34:2:34:21 | call to Head | tst.go:10:13:10:35 | call to FormValue | tst.go:34:14:34:20 | tainted | The $@ of this request depends on a $@. | tst.go:34:14:34:20 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:35:2:35:40 | call to Post | tst.go:10:13:10:35 | call to FormValue | tst.go:35:14:35:20 | tainted | The $@ of this request depends on a $@. | tst.go:35:14:35:20 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:36:2:36:30 | call to PostForm | tst.go:10:13:10:35 | call to FormValue | tst.go:36:18:36:24 | tainted | The $@ of this request depends on a $@. | tst.go:36:18:36:24 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:38:2:38:30 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:38:11:38:29 | ...+... | The $@ of this request depends on a $@. | tst.go:38:11:38:29 | ...+... | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:40:2:40:41 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:40:11:40:40 | ...+... | The $@ of this request depends on a $@. | tst.go:40:11:40:40 | ...+... | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| tst.go:48:2:48:21 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:48:11:48:20 | call to String | The $@ of this request depends on a $@. | tst.go:48:11:48:20 | call to String | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value |
|
||||
| websocket.go:65:12:65:53 | call to Dial | websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:65:27:65:40 | untrustedInput | WebSocket URL | websocket.go:60:21:60:31 | call to Referer | user-provided value |
|
||||
| websocket.go:79:13:79:40 | call to DialConfig | websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:78:36:78:49 | untrustedInput | WebSocket URL | websocket.go:74:21:74:31 | call to Referer | user-provided value |
|
||||
| websocket.go:91:3:91:50 | call to Dial | websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:91:31:91:44 | untrustedInput | WebSocket URL | websocket.go:88:21:88:31 | call to Referer | user-provided value |
|
||||
@@ -24,29 +24,28 @@
|
||||
| websocket.go:204:7:204:29 | call to New | websocket.go:202:21:202:31 | call to Referer | websocket.go:204:15:204:28 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:204:15:204:28 | untrustedInput | WebSocket URL | websocket.go:202:21:202:31 | call to Referer | user-provided value |
|
||||
edges
|
||||
| RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:14:11:14:17 | tainted | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:16:12:16:18 | tainted | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:18:12:18:18 | tainted | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:20:16:20:22 | tainted | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:23:35:23:41 | tainted | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:26:68:26:74 | tainted | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:29:13:29:19 | tainted | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:30:14:30:20 | tainted | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:31:14:31:20 | tainted | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:32:18:32:24 | tainted | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:34:11:34:29 | ...+... | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:36:11:36:40 | ...+... | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:43:11:43:17 | tainted | provenance | Src:MaD:1 |
|
||||
| tst.go:42:2:42:2 | definition of u [pointer] | tst.go:43:2:43:2 | u [pointer] | provenance | |
|
||||
| tst.go:43:2:43:2 | implicit dereference | tst.go:42:2:42:2 | definition of u [pointer] | provenance | |
|
||||
| tst.go:43:2:43:2 | implicit dereference | tst.go:43:2:43:2 | u | provenance | |
|
||||
| tst.go:43:2:43:2 | implicit dereference | tst.go:44:11:44:11 | u | provenance | |
|
||||
| tst.go:43:2:43:2 | u | tst.go:43:2:43:2 | implicit dereference | provenance | |
|
||||
| tst.go:43:2:43:2 | u | tst.go:44:11:44:11 | u | provenance | |
|
||||
| tst.go:43:2:43:2 | u [pointer] | tst.go:43:2:43:2 | implicit dereference | provenance | |
|
||||
| tst.go:43:11:43:17 | tainted | tst.go:43:2:43:2 | u | provenance | Config |
|
||||
| tst.go:43:11:43:17 | tainted | tst.go:44:11:44:11 | u | provenance | Config |
|
||||
| tst.go:44:11:44:11 | u | tst.go:44:11:44:20 | call to String | provenance | MaD:3 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:18:11:18:17 | tainted | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:20:12:20:18 | tainted | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:22:12:22:18 | tainted | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:24:16:24:22 | tainted | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:27:35:27:41 | tainted | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:30:68:30:74 | tainted | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:33:13:33:19 | tainted | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:34:14:34:20 | tainted | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:35:14:35:20 | tainted | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:36:18:36:24 | tainted | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:38:11:38:29 | ...+... | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:40:11:40:40 | ...+... | provenance | Src:MaD:1 |
|
||||
| tst.go:10:13:10:35 | call to FormValue | tst.go:47:11:47:18 | tainted2 | provenance | Src:MaD:1 |
|
||||
| tst.go:46:2:46:2 | definition of u [pointer] | tst.go:47:2:47:2 | u [pointer] | provenance | |
|
||||
| tst.go:47:2:47:2 | implicit dereference | tst.go:46:2:46:2 | definition of u [pointer] | provenance | |
|
||||
| tst.go:47:2:47:2 | implicit dereference | tst.go:47:2:47:2 | u | provenance | |
|
||||
| tst.go:47:2:47:2 | u | tst.go:47:2:47:2 | implicit dereference | provenance | |
|
||||
| tst.go:47:2:47:2 | u | tst.go:48:11:48:11 | u | provenance | |
|
||||
| tst.go:47:2:47:2 | u [pointer] | tst.go:47:2:47:2 | implicit dereference | provenance | |
|
||||
| tst.go:47:11:47:18 | tainted2 | tst.go:47:2:47:2 | u | provenance | Config |
|
||||
| tst.go:47:11:47:18 | tainted2 | tst.go:48:11:48:11 | u | provenance | Config |
|
||||
| tst.go:48:11:48:11 | u | tst.go:48:11:48:20 | call to String | provenance | MaD:3 |
|
||||
| websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | provenance | Src:MaD:2 |
|
||||
| websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | provenance | Src:MaD:2 |
|
||||
| websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | provenance | Src:MaD:2 |
|
||||
@@ -64,25 +63,25 @@ nodes
|
||||
| RequestForgery.go:8:12:8:34 | call to FormValue | semmle.label | call to FormValue |
|
||||
| RequestForgery.go:11:24:11:65 | ...+... | semmle.label | ...+... |
|
||||
| tst.go:10:13:10:35 | call to FormValue | semmle.label | call to FormValue |
|
||||
| tst.go:14:11:14:17 | tainted | semmle.label | tainted |
|
||||
| tst.go:16:12:16:18 | tainted | semmle.label | tainted |
|
||||
| tst.go:18:12:18:18 | tainted | semmle.label | tainted |
|
||||
| tst.go:20:16:20:22 | tainted | semmle.label | tainted |
|
||||
| tst.go:23:35:23:41 | tainted | semmle.label | tainted |
|
||||
| tst.go:26:68:26:74 | tainted | semmle.label | tainted |
|
||||
| tst.go:29:13:29:19 | tainted | semmle.label | tainted |
|
||||
| tst.go:30:14:30:20 | tainted | semmle.label | tainted |
|
||||
| tst.go:31:14:31:20 | tainted | semmle.label | tainted |
|
||||
| tst.go:32:18:32:24 | tainted | semmle.label | tainted |
|
||||
| tst.go:34:11:34:29 | ...+... | semmle.label | ...+... |
|
||||
| tst.go:36:11:36:40 | ...+... | semmle.label | ...+... |
|
||||
| tst.go:42:2:42:2 | definition of u [pointer] | semmle.label | definition of u [pointer] |
|
||||
| tst.go:43:2:43:2 | implicit dereference | semmle.label | implicit dereference |
|
||||
| tst.go:43:2:43:2 | u | semmle.label | u |
|
||||
| tst.go:43:2:43:2 | u [pointer] | semmle.label | u [pointer] |
|
||||
| tst.go:43:11:43:17 | tainted | semmle.label | tainted |
|
||||
| tst.go:44:11:44:11 | u | semmle.label | u |
|
||||
| tst.go:44:11:44:20 | call to String | semmle.label | call to String |
|
||||
| tst.go:18:11:18:17 | tainted | semmle.label | tainted |
|
||||
| tst.go:20:12:20:18 | tainted | semmle.label | tainted |
|
||||
| tst.go:22:12:22:18 | tainted | semmle.label | tainted |
|
||||
| tst.go:24:16:24:22 | tainted | semmle.label | tainted |
|
||||
| tst.go:27:35:27:41 | tainted | semmle.label | tainted |
|
||||
| tst.go:30:68:30:74 | tainted | semmle.label | tainted |
|
||||
| tst.go:33:13:33:19 | tainted | semmle.label | tainted |
|
||||
| tst.go:34:14:34:20 | tainted | semmle.label | tainted |
|
||||
| tst.go:35:14:35:20 | tainted | semmle.label | tainted |
|
||||
| tst.go:36:18:36:24 | tainted | semmle.label | tainted |
|
||||
| tst.go:38:11:38:29 | ...+... | semmle.label | ...+... |
|
||||
| tst.go:40:11:40:40 | ...+... | semmle.label | ...+... |
|
||||
| tst.go:46:2:46:2 | definition of u [pointer] | semmle.label | definition of u [pointer] |
|
||||
| tst.go:47:2:47:2 | implicit dereference | semmle.label | implicit dereference |
|
||||
| tst.go:47:2:47:2 | u | semmle.label | u |
|
||||
| tst.go:47:2:47:2 | u [pointer] | semmle.label | u [pointer] |
|
||||
| tst.go:47:11:47:18 | tainted2 | semmle.label | tainted2 |
|
||||
| tst.go:48:11:48:11 | u | semmle.label | u |
|
||||
| tst.go:48:11:48:20 | call to String | semmle.label | call to String |
|
||||
| websocket.go:60:21:60:31 | call to Referer | semmle.label | call to Referer |
|
||||
| websocket.go:65:27:65:40 | untrustedInput | semmle.label | untrustedInput |
|
||||
| websocket.go:74:21:74:31 | call to Referer | semmle.label | call to Referer |
|
||||
|
||||
@@ -8,6 +8,10 @@ import (
|
||||
|
||||
func handler2(w http.ResponseWriter, req *http.Request) {
|
||||
tainted := req.FormValue("target") // $ Source
|
||||
// Gratuitous copy due to use-use flow propagating sanitization when
|
||||
// used as a suffix in the last two OK cases forwards onto the final
|
||||
// Not OK case.
|
||||
tainted2 := tainted
|
||||
|
||||
http.Get("example.com") // OK
|
||||
|
||||
@@ -40,7 +44,7 @@ func handler2(w http.ResponseWriter, req *http.Request) {
|
||||
http.Get("http://example.com/?" + tainted) // OK
|
||||
|
||||
u, _ := url.Parse("http://example.com/relative-path")
|
||||
u.Host = tainted
|
||||
u.Host = tainted2
|
||||
http.Get(u.String()) // $ Alert
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user