mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
Merge pull request #12197 from smowton/smowton/admin/go-120-features
Go: complete Go 1.20 support
This commit is contained in:
Chris Smowton
@@ -16,7 +16,7 @@
|
||||
.NET Core up to 3.1
|
||||
|
||||
.NET 5, .NET 6","``.sln``, ``.csproj``, ``.cs``, ``.cshtml``, ``.xaml``"
|
||||
Go (aka Golang), "Go up to 1.19", "Go 1.11 or more recent", ``.go``
|
||||
Go (aka Golang), "Go up to 1.20", "Go 1.11 or more recent", ``.go``
|
||||
Java,"Java 7 to 19 [4]_","javac (OpenJDK and Oracle JDK),
|
||||
|
||||
Eclipse compiler for Java (ECJ) [5]_",``.java``
|
||||
|
||||
4
go/ql/lib/change-notes/2023-02-15-golang-120.md
Normal file
4
go/ql/lib/change-notes/2023-02-15-golang-120.md
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Go 1.20 is now supported. The extractor now functions as expected when Go 1.20 is installed, the definitions of `implementsComparable` has been updated according to Go 1.20's new, more-liberal rules, and taint flow models have been added for relevant new standard library functions.
|
||||
@@ -112,22 +112,10 @@ class Type extends @type {
|
||||
or
|
||||
u instanceof ArrayType and u.(ArrayType).getElementType().implementsComparable()
|
||||
or
|
||||
exists(InterfaceType uif | uif = u |
|
||||
not uif instanceof BasicInterfaceType and
|
||||
if exists(uif.getAnEmbeddedTypeSetLiteral())
|
||||
then
|
||||
// All types in the intersection of all the embedded type set
|
||||
// literals must implement comparable.
|
||||
forall(Type intersectionType |
|
||||
intersectionType = uif.getAnEmbeddedTypeSetLiteral().getATerm().getType() and
|
||||
forall(TypeSetLiteralType tslit | tslit = uif.getAnEmbeddedTypeSetLiteral() |
|
||||
intersectionType = tslit.getATerm().getType()
|
||||
)
|
||||
|
|
||||
intersectionType.implementsComparable()
|
||||
)
|
||||
else uif.isOrEmbedsComparable()
|
||||
)
|
||||
// As of Go 1.20, any interface type satisfies the `comparable` constraint, even though comparison
|
||||
// may panic at runtime depending on the actual object's concrete type.
|
||||
// Look at git history here if you need the old definition.
|
||||
u instanceof InterfaceType
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -65,6 +65,7 @@ import semmle.go.frameworks.stdlib.Syscall
|
||||
import semmle.go.frameworks.stdlib.TextScanner
|
||||
import semmle.go.frameworks.stdlib.TextTabwriter
|
||||
import semmle.go.frameworks.stdlib.TextTemplate
|
||||
import semmle.go.frameworks.stdlib.Unsafe
|
||||
|
||||
/** A `String()` method. */
|
||||
class StringMethod extends TaintTracking::FunctionModel, Method {
|
||||
|
||||
@@ -11,6 +11,15 @@ module Bytes {
|
||||
FunctionOutput outp;
|
||||
|
||||
FunctionModels() {
|
||||
hasQualifiedName("bytes", "Clone") and
|
||||
(inp.isParameter(0) and outp.isResult())
|
||||
or
|
||||
hasQualifiedName("bytes", "Cut") and
|
||||
(inp.isParameter(0) and outp.isResult([0, 1]))
|
||||
or
|
||||
hasQualifiedName("bytes", ["CutPrefix", "CutSuffix"]) and
|
||||
(inp.isParameter(0) and outp.isResult(0))
|
||||
or
|
||||
// signature: func Fields(s []byte) [][]byte
|
||||
hasQualifiedName("bytes", "Fields") and
|
||||
(inp.isParameter(0) and outp.isResult())
|
||||
|
||||
@@ -22,6 +22,10 @@ module Errors {
|
||||
// signature: func Unwrap(err error) error
|
||||
hasQualifiedName("errors", "Unwrap") and
|
||||
(inp.isParameter(0) and outp.isResult())
|
||||
or
|
||||
// signature: func Join(errs ...error) error
|
||||
hasQualifiedName("errors", "Join") and
|
||||
(inp.isParameter(_) and outp.isResult())
|
||||
}
|
||||
|
||||
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
|
||||
|
||||
@@ -11,6 +11,9 @@ module Sync {
|
||||
FunctionOutput outp;
|
||||
|
||||
MethodModels() {
|
||||
hasQualifiedName("sync", "Map", "CompareAndSwap") and
|
||||
(inp.isParameter(2) and outp.isReceiver())
|
||||
or
|
||||
// signature: func (*Map) Load(key interface{}) (value interface{}, ok bool)
|
||||
hasQualifiedName("sync", "Map", "Load") and
|
||||
(inp.isReceiver() and outp.isResult(0))
|
||||
@@ -28,6 +31,13 @@ module Sync {
|
||||
hasQualifiedName("sync", "Map", "Store") and
|
||||
(inp.isParameter(_) and outp.isReceiver())
|
||||
or
|
||||
hasQualifiedName("sync", "Map", "Swap") and
|
||||
(
|
||||
inp.isReceiver() and outp.isResult(0)
|
||||
or
|
||||
inp.isParameter(_) and outp.isReceiver()
|
||||
)
|
||||
or
|
||||
// signature: func (*Pool) Get() interface{}
|
||||
hasQualifiedName("sync", "Pool", "Get") and
|
||||
(inp.isReceiver() and outp.isResult())
|
||||
|
||||
22
go/ql/lib/semmle/go/frameworks/stdlib/Unsafe.qll
Normal file
22
go/ql/lib/semmle/go/frameworks/stdlib/Unsafe.qll
Normal file
@@ -0,0 +1,22 @@
|
||||
/**
|
||||
* Provides classes modeling security-relevant aspects of the `unsafe` package.
|
||||
*/
|
||||
|
||||
import go
|
||||
|
||||
/** Provides models of commonly used functions in the `unsafe` package. */
|
||||
module Unsafe {
|
||||
private class FunctionModels extends TaintTracking::FunctionModel {
|
||||
FunctionInput inp;
|
||||
FunctionOutput outp;
|
||||
|
||||
FunctionModels() {
|
||||
hasQualifiedName("unsafe", ["String", "StringData", "Slice", "SliceData"]) and
|
||||
(inp.isParameter(0) and outp.isResult())
|
||||
}
|
||||
|
||||
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
|
||||
input = inp and output = outp
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -51,31 +51,31 @@
|
||||
| interface.go:95:6:95:8 | i18 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.i18 |
|
||||
| interface.go:101:6:101:8 | i19 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.i19 |
|
||||
| interface.go:105:6:105:8 | i20 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.i20 |
|
||||
| interface.go:110:6:110:19 | testComparable | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable |
|
||||
| interface.go:111:6:111:20 | testComparable0 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable0 |
|
||||
| interface.go:112:6:112:20 | testComparable1 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable1 |
|
||||
| interface.go:113:6:113:20 | testComparable2 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable2 |
|
||||
| interface.go:114:6:114:20 | testComparable3 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable3 |
|
||||
| interface.go:115:6:115:20 | testComparable4 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable4 |
|
||||
| interface.go:116:6:116:20 | testComparable5 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable5 |
|
||||
| interface.go:117:6:117:20 | testComparable6 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable6 |
|
||||
| interface.go:118:6:118:20 | testComparable7 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable7 |
|
||||
| interface.go:119:6:119:20 | testComparable8 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable8 |
|
||||
| interface.go:120:6:120:20 | testComparable9 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable9 |
|
||||
| interface.go:121:6:121:21 | testComparable10 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable10 |
|
||||
| interface.go:122:6:122:21 | testComparable11 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable11 |
|
||||
| interface.go:123:6:123:21 | testComparable12 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable12 |
|
||||
| interface.go:124:6:124:21 | testComparable13 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable13 |
|
||||
| interface.go:125:6:125:21 | testComparable14 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable14 |
|
||||
| interface.go:126:6:126:21 | testComparable15 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable15 |
|
||||
| interface.go:127:6:127:21 | testComparable16 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable16 |
|
||||
| interface.go:128:6:128:21 | testComparable17 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable17 |
|
||||
| interface.go:129:6:129:21 | testComparable18 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable18 |
|
||||
| interface.go:130:6:130:21 | testComparable19 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable19 |
|
||||
| interface.go:131:6:131:21 | testComparable20 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable20 |
|
||||
| interface.go:132:6:132:21 | testComparable21 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable21 |
|
||||
| interface.go:133:6:133:21 | testComparable22 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable22 |
|
||||
| interface.go:134:6:134:21 | testComparable23 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable23 |
|
||||
| interface.go:114:6:114:19 | testComparable | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable |
|
||||
| interface.go:115:6:115:20 | testComparable0 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable0 |
|
||||
| interface.go:116:6:116:20 | testComparable1 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable1 |
|
||||
| interface.go:117:6:117:20 | testComparable2 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable2 |
|
||||
| interface.go:118:6:118:20 | testComparable3 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable3 |
|
||||
| interface.go:119:6:119:20 | testComparable4 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable4 |
|
||||
| interface.go:120:6:120:20 | testComparable5 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable5 |
|
||||
| interface.go:121:6:121:20 | testComparable6 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable6 |
|
||||
| interface.go:122:6:122:20 | testComparable7 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable7 |
|
||||
| interface.go:123:6:123:20 | testComparable8 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable8 |
|
||||
| interface.go:124:6:124:20 | testComparable9 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable9 |
|
||||
| interface.go:125:6:125:21 | testComparable10 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable10 |
|
||||
| interface.go:126:6:126:21 | testComparable11 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable11 |
|
||||
| interface.go:127:6:127:21 | testComparable12 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable12 |
|
||||
| interface.go:128:6:128:21 | testComparable13 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable13 |
|
||||
| interface.go:129:6:129:21 | testComparable14 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable14 |
|
||||
| interface.go:130:6:130:21 | testComparable15 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable15 |
|
||||
| interface.go:131:6:131:21 | testComparable16 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable16 |
|
||||
| interface.go:132:6:132:21 | testComparable17 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable17 |
|
||||
| interface.go:133:6:133:21 | testComparable18 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable18 |
|
||||
| interface.go:134:6:134:21 | testComparable19 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable19 |
|
||||
| interface.go:135:6:135:21 | testComparable20 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable20 |
|
||||
| interface.go:136:6:136:21 | testComparable21 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable21 |
|
||||
| interface.go:137:6:137:21 | testComparable22 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable22 |
|
||||
| interface.go:138:6:138:21 | testComparable23 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types.testComparable23 |
|
||||
| pkg1/embedding.go:8:6:8:9 | base | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.base |
|
||||
| pkg1/embedding.go:19:6:19:13 | embedder | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.embedder |
|
||||
| pkg1/embedding.go:22:6:22:16 | ptrembedder | github.com/github/codeql-go/ql/test/library-tests/semmle/go/Types/pkg1.ptrembedder |
|
||||
|
||||
@@ -51,31 +51,31 @@
|
||||
| interface.go:95:6:95:8 | i18 | i18 |
|
||||
| interface.go:101:6:101:8 | i19 | i19 |
|
||||
| interface.go:105:6:105:8 | i20 | i20 |
|
||||
| interface.go:110:6:110:19 | testComparable | testComparable |
|
||||
| interface.go:111:6:111:20 | testComparable0 | testComparable0 |
|
||||
| interface.go:112:6:112:20 | testComparable1 | testComparable1 |
|
||||
| interface.go:113:6:113:20 | testComparable2 | testComparable2 |
|
||||
| interface.go:114:6:114:20 | testComparable3 | testComparable3 |
|
||||
| interface.go:115:6:115:20 | testComparable4 | testComparable4 |
|
||||
| interface.go:116:6:116:20 | testComparable5 | testComparable5 |
|
||||
| interface.go:117:6:117:20 | testComparable6 | testComparable6 |
|
||||
| interface.go:118:6:118:20 | testComparable7 | testComparable7 |
|
||||
| interface.go:119:6:119:20 | testComparable8 | testComparable8 |
|
||||
| interface.go:120:6:120:20 | testComparable9 | testComparable9 |
|
||||
| interface.go:121:6:121:21 | testComparable10 | testComparable10 |
|
||||
| interface.go:122:6:122:21 | testComparable11 | testComparable11 |
|
||||
| interface.go:123:6:123:21 | testComparable12 | testComparable12 |
|
||||
| interface.go:124:6:124:21 | testComparable13 | testComparable13 |
|
||||
| interface.go:125:6:125:21 | testComparable14 | testComparable14 |
|
||||
| interface.go:126:6:126:21 | testComparable15 | testComparable15 |
|
||||
| interface.go:127:6:127:21 | testComparable16 | testComparable16 |
|
||||
| interface.go:128:6:128:21 | testComparable17 | testComparable17 |
|
||||
| interface.go:129:6:129:21 | testComparable18 | testComparable18 |
|
||||
| interface.go:130:6:130:21 | testComparable19 | testComparable19 |
|
||||
| interface.go:131:6:131:21 | testComparable20 | testComparable20 |
|
||||
| interface.go:132:6:132:21 | testComparable21 | testComparable21 |
|
||||
| interface.go:133:6:133:21 | testComparable22 | testComparable22 |
|
||||
| interface.go:134:6:134:21 | testComparable23 | testComparable23 |
|
||||
| interface.go:114:6:114:19 | testComparable | testComparable |
|
||||
| interface.go:115:6:115:20 | testComparable0 | testComparable0 |
|
||||
| interface.go:116:6:116:20 | testComparable1 | testComparable1 |
|
||||
| interface.go:117:6:117:20 | testComparable2 | testComparable2 |
|
||||
| interface.go:118:6:118:20 | testComparable3 | testComparable3 |
|
||||
| interface.go:119:6:119:20 | testComparable4 | testComparable4 |
|
||||
| interface.go:120:6:120:20 | testComparable5 | testComparable5 |
|
||||
| interface.go:121:6:121:20 | testComparable6 | testComparable6 |
|
||||
| interface.go:122:6:122:20 | testComparable7 | testComparable7 |
|
||||
| interface.go:123:6:123:20 | testComparable8 | testComparable8 |
|
||||
| interface.go:124:6:124:20 | testComparable9 | testComparable9 |
|
||||
| interface.go:125:6:125:21 | testComparable10 | testComparable10 |
|
||||
| interface.go:126:6:126:21 | testComparable11 | testComparable11 |
|
||||
| interface.go:127:6:127:21 | testComparable12 | testComparable12 |
|
||||
| interface.go:128:6:128:21 | testComparable13 | testComparable13 |
|
||||
| interface.go:129:6:129:21 | testComparable14 | testComparable14 |
|
||||
| interface.go:130:6:130:21 | testComparable15 | testComparable15 |
|
||||
| interface.go:131:6:131:21 | testComparable16 | testComparable16 |
|
||||
| interface.go:132:6:132:21 | testComparable17 | testComparable17 |
|
||||
| interface.go:133:6:133:21 | testComparable18 | testComparable18 |
|
||||
| interface.go:134:6:134:21 | testComparable19 | testComparable19 |
|
||||
| interface.go:135:6:135:21 | testComparable20 | testComparable20 |
|
||||
| interface.go:136:6:136:21 | testComparable21 | testComparable21 |
|
||||
| interface.go:137:6:137:21 | testComparable22 | testComparable22 |
|
||||
| interface.go:138:6:138:21 | testComparable23 | testComparable23 |
|
||||
| pkg1/embedding.go:8:6:8:9 | base | base |
|
||||
| pkg1/embedding.go:19:6:19:13 | embedder | embedder |
|
||||
| pkg1/embedding.go:22:6:22:16 | ptrembedder | ptrembedder |
|
||||
|
||||
@@ -107,28 +107,32 @@ type i20 interface {
|
||||
StringB() string
|
||||
}
|
||||
|
||||
type testComparable[T comparable] struct{} // $ implementsComparable
|
||||
type testComparable0[T0 i0] struct{} // $ implementsComparable
|
||||
type testComparable1[T1 i1] struct{} // $ implementsComparable
|
||||
type testComparable2[T2 i2] struct{} // $ implementsComparable
|
||||
type testComparable3[T3 i3] struct{} // $ implementsComparable
|
||||
type testComparable4[T4 i4] struct{} // $ implementsComparable
|
||||
type testComparable5[T5 i5] struct{} // does not implement comparable
|
||||
type testComparable6[T6 i6] struct{} // does not implement comparable
|
||||
type testComparable7[T7 i7] struct{} // $ implementsComparable
|
||||
type testComparable8[T8 i8] struct{} // does not implement comparable
|
||||
type testComparable9[T9 i9] struct{} // does not implement comparable
|
||||
type testComparable10[T10 i10] struct{} // $ implementsComparable
|
||||
type testComparable11[T11 i11] struct{} // $ implementsComparable
|
||||
type testComparable12[T12 i12] struct{} // does not implement comparable
|
||||
type testComparable13[T13 i13] struct{} // does not implement comparable
|
||||
type testComparable14[T14 i14] struct{} // $ implementsComparable
|
||||
type testComparable15[T15 i15] struct{} // $ implementsComparable
|
||||
type testComparable16[T16 i16] struct{} // does not implement comparable
|
||||
type testComparable17[T17 i17] struct{} // does not implement comparable
|
||||
type testComparable18[T18 i18] struct{} // $ implementsComparable
|
||||
type testComparable19[T19 i19] struct{} // does not implement comparable
|
||||
type testComparable20[T20 i20] struct{} // $ implementsComparable
|
||||
type testComparable21[T21 ~[]byte | string] struct{} // does not implement comparable
|
||||
type testComparable22[T22 any] struct{} // does not implement comparable
|
||||
type testComparable23[T23 ~[5]byte | string] struct{} // $ implementsComparable
|
||||
// These used to distinguish strictly-comparable interfaces (i.e. those which will not panic at runtime on attempting a comparison),
|
||||
// which were required to satisfy the `comparable` type constraint in Go <1.20. Now they all match `comparable` as all interfaces
|
||||
// are accepted. I mark those which are also strictly comparable for the future in case we want to expose that concept in QL.
|
||||
|
||||
type testComparable[T comparable] struct{} // $ implementsComparable isStrictlyComparable
|
||||
type testComparable0[T0 i0] struct{} // $ implementsComparable isStrictlyComparable
|
||||
type testComparable1[T1 i1] struct{} // $ implementsComparable isStrictlyComparable
|
||||
type testComparable2[T2 i2] struct{} // $ implementsComparable isStrictlyComparable
|
||||
type testComparable3[T3 i3] struct{} // $ implementsComparable isStrictlyComparable
|
||||
type testComparable4[T4 i4] struct{} // $ implementsComparable isStrictlyComparable
|
||||
type testComparable5[T5 i5] struct{} // $ implementsComparable
|
||||
type testComparable6[T6 i6] struct{} // $ implementsComparable
|
||||
type testComparable7[T7 i7] struct{} // $ implementsComparable isStrictlyComparable
|
||||
type testComparable8[T8 i8] struct{} // $ implementsComparable
|
||||
type testComparable9[T9 i9] struct{} // $ implementsComparable
|
||||
type testComparable10[T10 i10] struct{} // $ implementsComparable isStrictlyComparable
|
||||
type testComparable11[T11 i11] struct{} // $ implementsComparable isStrictlyComparable
|
||||
type testComparable12[T12 i12] struct{} // $ implementsComparable
|
||||
type testComparable13[T13 i13] struct{} // $ implementsComparable
|
||||
type testComparable14[T14 i14] struct{} // $ implementsComparable isStrictlyComparable
|
||||
type testComparable15[T15 i15] struct{} // $ implementsComparable isStrictlyComparable
|
||||
type testComparable16[T16 i16] struct{} // $ implementsComparable
|
||||
type testComparable17[T17 i17] struct{} // $ implementsComparable
|
||||
type testComparable18[T18 i18] struct{} // $ implementsComparable isStrictlyComparable
|
||||
type testComparable19[T19 i19] struct{} // $ implementsComparable
|
||||
type testComparable20[T20 i20] struct{} // $ implementsComparable isStrictlyComparable
|
||||
type testComparable21[T21 ~[]byte | string] struct{} // $ implementsComparable
|
||||
type testComparable22[T22 any] struct{} // $ implementsComparable
|
||||
type testComparable23[T23 ~[5]byte | string] struct{} // $ implementsComparable isStrictlyComparable
|
||||
|
||||
@@ -0,0 +1,58 @@
|
||||
import go
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class DataConfiguration extends DataFlow::Configuration {
|
||||
DataConfiguration() { this = "data-configuration" }
|
||||
|
||||
override predicate isSource(DataFlow::Node source) {
|
||||
source = any(DataFlow::CallNode c | c.getCalleeName() = "source").getResult(0)
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) {
|
||||
sink = any(DataFlow::CallNode c | c.getCalleeName() = "sink").getArgument(0)
|
||||
}
|
||||
}
|
||||
|
||||
class DataFlowTest extends InlineExpectationsTest {
|
||||
DataFlowTest() { this = "DataFlowTest" }
|
||||
|
||||
override string getARelevantTag() { result = "dataflow" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "dataflow" and
|
||||
exists(DataFlow::Node sink | any(DataConfiguration c).hasFlow(_, sink) |
|
||||
element = sink.toString() and
|
||||
value = "" and
|
||||
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
|
||||
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
class TaintConfiguration extends TaintTracking::Configuration {
|
||||
TaintConfiguration() { this = "taint-configuration" }
|
||||
|
||||
override predicate isSource(DataFlow::Node source) {
|
||||
source = any(DataFlow::CallNode c | c.getCalleeName() = "source").getResult(0)
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) {
|
||||
sink = any(DataFlow::CallNode c | c.getCalleeName() = "sink").getArgument(0)
|
||||
}
|
||||
}
|
||||
|
||||
class TaintFlowTest extends InlineExpectationsTest {
|
||||
TaintFlowTest() { this = "TaintFlowTest" }
|
||||
|
||||
override string getARelevantTag() { result = "taintflow" }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "taintflow" and
|
||||
exists(DataFlow::Node sink | any(TaintConfiguration c).hasFlow(_, sink) |
|
||||
element = sink.toString() and
|
||||
value = "" and
|
||||
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
|
||||
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
|
||||
)
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,25 @@
|
||||
package main
|
||||
|
||||
func source() string {
|
||||
return "untrusted data"
|
||||
}
|
||||
|
||||
func sink(string) {
|
||||
}
|
||||
|
||||
func sliceToArray(p []string) [1]string {
|
||||
return [1]string(p)
|
||||
}
|
||||
|
||||
func main() {
|
||||
// Test the new slice->array conversion permitted in Go 1.20
|
||||
var a [4]string
|
||||
a[0] = source()
|
||||
alias := sliceToArray(a[:])
|
||||
sink(alias[0]) // $ taintflow
|
||||
|
||||
// Compare with the standard dataflow support for arrays
|
||||
var b [4]string
|
||||
b[0] = source()
|
||||
sink(b[0]) // $ taintflow
|
||||
}
|
||||
@@ -316,6 +316,39 @@ func TaintStepTest_BytesReaderWriteTo_B0I0O0(sourceCQL interface{}) interface{}
|
||||
return intoWriter197
|
||||
}
|
||||
|
||||
func TaintStepTest_Clone(sourceCQL interface{}) interface{} {
|
||||
fromReader628 := sourceCQL.([]byte)
|
||||
return bytes.Clone(fromReader628)
|
||||
}
|
||||
|
||||
func TaintStepTest_Cutleft(sourceCQL interface{}) interface{} {
|
||||
fromReader628 := sourceCQL.([]byte)
|
||||
sep := []byte{}
|
||||
left, _, _ := bytes.Cut(fromReader628, sep)
|
||||
return left
|
||||
}
|
||||
|
||||
func TaintStepTest_Cutright(sourceCQL interface{}) interface{} {
|
||||
fromReader628 := sourceCQL.([]byte)
|
||||
sep := []byte{}
|
||||
_, right, _ := bytes.Cut(fromReader628, sep)
|
||||
return right
|
||||
}
|
||||
|
||||
func TaintStepTest_CutPrefix(sourceCQL interface{}) interface{} {
|
||||
fromReader628 := sourceCQL.([]byte)
|
||||
sep := []byte{}
|
||||
result, _ := bytes.CutPrefix(fromReader628, sep)
|
||||
return result
|
||||
}
|
||||
|
||||
func TaintStepTest_CutSuffix(sourceCQL interface{}) interface{} {
|
||||
fromReader628 := sourceCQL.([]byte)
|
||||
sep := []byte{}
|
||||
result, _ := bytes.CutSuffix(fromReader628, sep)
|
||||
return result
|
||||
}
|
||||
|
||||
func RunAllTaints_Bytes() {
|
||||
{
|
||||
source := newSource(0)
|
||||
@@ -567,4 +600,29 @@ func RunAllTaints_Bytes() {
|
||||
out := TaintStepTest_BytesReaderWriteTo_B0I0O0(source)
|
||||
sink(49, out)
|
||||
}
|
||||
{
|
||||
source := newSource(50)
|
||||
out := TaintStepTest_Cutleft(source)
|
||||
sink(50, out)
|
||||
}
|
||||
{
|
||||
source := newSource(51)
|
||||
out := TaintStepTest_Cutright(source)
|
||||
sink(51, out)
|
||||
}
|
||||
{
|
||||
source := newSource(52)
|
||||
out := TaintStepTest_CutPrefix(source)
|
||||
sink(52, out)
|
||||
}
|
||||
{
|
||||
source := newSource(53)
|
||||
out := TaintStepTest_CutSuffix(source)
|
||||
sink(53, out)
|
||||
}
|
||||
{
|
||||
source := newSource(54)
|
||||
out := TaintStepTest_Clone(source)
|
||||
sink(54, out)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -23,6 +23,18 @@ func TaintStepTest_ErrorsUnwrap_B0I0O0(sourceCQL interface{}) interface{} {
|
||||
return intoError957
|
||||
}
|
||||
|
||||
func TaintStepTest_ErrorsJoin1(sourceCQL interface{}) interface{} {
|
||||
fromError784 := sourceCQL.(error)
|
||||
intoError957 := errors.Join(fromError784, errors.New(""))
|
||||
return intoError957
|
||||
}
|
||||
|
||||
func TaintStepTest_ErrorsJoin2(sourceCQL interface{}) interface{} {
|
||||
fromError784 := sourceCQL.(error)
|
||||
intoError957 := errors.Join(errors.New(""), fromError784)
|
||||
return intoError957
|
||||
}
|
||||
|
||||
func RunAllTaints_Errors() {
|
||||
{
|
||||
source := newSource(0)
|
||||
@@ -39,4 +51,14 @@ func RunAllTaints_Errors() {
|
||||
out := TaintStepTest_ErrorsUnwrap_B0I0O0(source)
|
||||
sink(2, out)
|
||||
}
|
||||
{
|
||||
source := newSource(3)
|
||||
out := TaintStepTest_ErrorsJoin1(source)
|
||||
sink(3, out)
|
||||
}
|
||||
{
|
||||
source := newSource(4)
|
||||
out := TaintStepTest_ErrorsJoin2(source)
|
||||
sink(4, out)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -58,6 +58,30 @@ func TaintStepTest_SyncMapStore_B0I1O0(sourceCQL interface{}) interface{} {
|
||||
return intoMap881
|
||||
}
|
||||
|
||||
func TaintStepTest_SyncMapSwapinkey(sourceCQL interface{}) interface{} {
|
||||
var m sync.Map
|
||||
m.Swap(sourceCQL, "value")
|
||||
return m
|
||||
}
|
||||
|
||||
func TaintStepTest_SyncMapSwapinvalue(sourceCQL interface{}) interface{} {
|
||||
var m sync.Map
|
||||
m.Swap("key", sourceCQL)
|
||||
return m
|
||||
}
|
||||
|
||||
func TaintStepTest_SyncMapSwapout(sourceCQL interface{}) interface{} {
|
||||
m := sourceCQL.(sync.Map)
|
||||
oldVal, _ := m.Swap("key", "value")
|
||||
return oldVal
|
||||
}
|
||||
|
||||
func TaintStepTest_SyncMapCompareAndSwap(sourceCQL interface{}) interface{} {
|
||||
var m sync.Map
|
||||
m.CompareAndSwap("key", "compareTo", sourceCQL)
|
||||
return m
|
||||
}
|
||||
|
||||
func TaintStepTest_SyncPoolGet_B0I0O0(sourceCQL interface{}) interface{} {
|
||||
fromPool186 := sourceCQL.(sync.Pool)
|
||||
intoInterface284 := fromPool186.Get()
|
||||
@@ -122,4 +146,24 @@ func RunAllTaints_Sync() {
|
||||
out := TaintStepTest_SyncPoolPut_B0I0O0(source)
|
||||
sink(9, out)
|
||||
}
|
||||
{
|
||||
source := newSource(10)
|
||||
out := TaintStepTest_SyncMapSwapinkey(source)
|
||||
sink(10, out)
|
||||
}
|
||||
{
|
||||
source := newSource(11)
|
||||
out := TaintStepTest_SyncMapSwapinvalue(source)
|
||||
sink(11, out)
|
||||
}
|
||||
{
|
||||
source := newSource(12)
|
||||
out := TaintStepTest_SyncMapSwapout(source)
|
||||
sink(12, out)
|
||||
}
|
||||
{
|
||||
source := newSource(13)
|
||||
out := TaintStepTest_SyncMapCompareAndSwap(source)
|
||||
sink(13, out)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,46 @@
|
||||
package main
|
||||
|
||||
import "unsafe"
|
||||
|
||||
func TaintStepTest_UnsafeSlice(sourceCQL interface{}) interface{} {
|
||||
s := sourceCQL.(*byte)
|
||||
return unsafe.Slice(s, 1)
|
||||
}
|
||||
|
||||
func TaintStepTest_UnsafeSliceData(sourceCQL interface{}) interface{} {
|
||||
s := sourceCQL.([]byte)
|
||||
return unsafe.SliceData(s)
|
||||
}
|
||||
|
||||
func TaintStepTest_UnsafeString(sourceCQL interface{}) interface{} {
|
||||
s := sourceCQL.(*byte)
|
||||
return unsafe.String(s, 1)
|
||||
}
|
||||
|
||||
func TaintStepTest_UnsafeStringData(sourceCQL interface{}) interface{} {
|
||||
s := sourceCQL.(string)
|
||||
return unsafe.StringData(s)
|
||||
}
|
||||
|
||||
func RunAllTaints_Unsafe() {
|
||||
{
|
||||
source := newSource(0)
|
||||
out := TaintStepTest_UnsafeSlice(source)
|
||||
sink(0, out)
|
||||
}
|
||||
{
|
||||
source := newSource(1)
|
||||
out := TaintStepTest_UnsafeSliceData(source)
|
||||
sink(1, out)
|
||||
}
|
||||
{
|
||||
source := newSource(2)
|
||||
out := TaintStepTest_UnsafeString(source)
|
||||
sink(2, out)
|
||||
}
|
||||
{
|
||||
source := newSource(3)
|
||||
out := TaintStepTest_UnsafeStringData(source)
|
||||
sink(3, out)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user