Extend context models to cover its old golang.org/x/net/context home.

2026-01-29 06:12:58 +01:00 · 2020-10-12 10:09:16 +01:00
parent b370a865f1
commit 40869480e1
6 changed files with 139 additions and 5 deletions
--- a/change-notes/2020-10-12-old-context-package.md
+++ b/change-notes/2020-10-12-old-context-package.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Added support for the `golang.org/x/net/context` package, which was already supported under its modern standard-library name `context`.
--- a/ql/src/semmle/go/frameworks/stdlib/Context.qll
+++ b/ql/src/semmle/go/frameworks/stdlib/Context.qll
@@ -6,25 +6,33 @@ import go

 /** Provides models of commonly used functions in the `context` package. */
 module Context {
+  /**
+   * Gets the package name `context` or `golang.org/x/net/context`.
+   *
+   * The two packages are identical; before Go 1.7 it was only available
+   * under `golang.org/x`; as of Go 1.7 it is included in the standard library.
+   */
+  private string packagePath() { result = ["context", "golang.org/x/net/context"] }
+
  private class FunctionModels extends TaintTracking::FunctionModel {
    FunctionInput inp;
    FunctionOutput outp;

    FunctionModels() {
      // signature: func WithCancel(parent Context) (ctx Context, cancel CancelFunc)
-      hasQualifiedName("context", "WithCancel") and
+      hasQualifiedName(packagePath(), "WithCancel") and
      (inp.isParameter(0) and outp.isResult(0))
      or
      // signature: func WithDeadline(parent Context, d time.Time) (Context, CancelFunc)
-      hasQualifiedName("context", "WithDeadline") and
+      hasQualifiedName(packagePath(), "WithDeadline") and
      (inp.isParameter(0) and outp.isResult(0))
      or
      // signature: func WithTimeout(parent Context, timeout time.Duration) (Context, CancelFunc)
-      hasQualifiedName("context", "WithTimeout") and
+      hasQualifiedName(packagePath(), "WithTimeout") and
      (inp.isParameter(0) and outp.isResult(0))
      or
      // signature: func WithValue(parent Context, key interface{}, val interface{}) Context
-      hasQualifiedName("context", "WithValue") and
+      hasQualifiedName(packagePath(), "WithValue") and
      (inp.isParameter(_) and outp.isResult())
    }

@@ -39,7 +47,7 @@ module Context {

    MethodModels() {
      // signature: func (Context).Value(key interface{}) interface{}
-      implements("context", "Context", "Value") and
+      implements(packagePath(), "Context", "Value") and
      (inp.isReceiver() and outp.isResult())
    }

--- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Context.go
+++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Context.go
@@ -4,6 +4,7 @@ package main

 import (
 	"context"
+	oldcontext "golang.org/x/net/context"
 	"time"
 )

@@ -49,6 +50,48 @@ func TaintStepTest_ContextContextValue_B0I0O0(sourceCQL interface{}) interface{}
 	return intoInterface584
 }

+func TaintStepTest_OldContextWithCancel_B0I0O0(sourceCQL interface{}) interface{} {
+	fromContext656 := sourceCQL.(oldcontext.Context)
+	intoContext414, _ := oldcontext.WithCancel(fromContext656)
+	return intoContext414
+}
+
+func TaintStepTest_OldContextWithDeadline_B0I0O0(sourceCQL interface{}) interface{} {
+	fromContext518 := sourceCQL.(oldcontext.Context)
+	intoContext650, _ := oldcontext.WithDeadline(fromContext518, time.Time{})
+	return intoContext650
+}
+
+func TaintStepTest_OldContextWithTimeout_B0I0O0(sourceCQL interface{}) interface{} {
+	fromContext784 := sourceCQL.(oldcontext.Context)
+	intoContext957, _ := oldcontext.WithTimeout(fromContext784, 0)
+	return intoContext957
+}
+
+func TaintStepTest_OldContextWithValue_B0I0O0(sourceCQL interface{}) interface{} {
+	fromContext520 := sourceCQL.(oldcontext.Context)
+	intoContext443 := oldcontext.WithValue(fromContext520, nil, nil)
+	return intoContext443
+}
+
+func TaintStepTest_OldContextWithValue_B0I1O0(sourceCQL interface{}) interface{} {
+	fromInterface127 := sourceCQL.(interface{})
+	intoContext483 := oldcontext.WithValue(nil, fromInterface127, nil)
+	return intoContext483
+}
+
+func TaintStepTest_OldContextWithValue_B0I2O0(sourceCQL interface{}) interface{} {
+	fromInterface989 := sourceCQL.(interface{})
+	intoContext982 := oldcontext.WithValue(nil, nil, fromInterface989)
+	return intoContext982
+}
+
+func TaintStepTest_OldContextContextValue_B0I0O0(sourceCQL interface{}) interface{} {
+	fromContext417 := sourceCQL.(oldcontext.Context)
+	intoInterface584 := fromContext417.Value(nil)
+	return intoInterface584
+}
+
 func RunAllTaints_Context() {
 	{
 		source := newSource(0)
@@ -85,4 +128,39 @@ func RunAllTaints_Context() {
 		out := TaintStepTest_ContextContextValue_B0I0O0(source)
 		sink(6, out)
 	}
+	{
+		source := newSource(7)
+		out := TaintStepTest_OldContextWithCancel_B0I0O0(source)
+		sink(7, out)
+	}
+	{
+		source := newSource(8)
+		out := TaintStepTest_OldContextWithDeadline_B0I0O0(source)
+		sink(8, out)
+	}
+	{
+		source := newSource(9)
+		out := TaintStepTest_OldContextWithTimeout_B0I0O0(source)
+		sink(9, out)
+	}
+	{
+		source := newSource(10)
+		out := TaintStepTest_OldContextWithValue_B0I0O0(source)
+		sink(10, out)
+	}
+	{
+		source := newSource(11)
+		out := TaintStepTest_OldContextWithValue_B0I1O0(source)
+		sink(11, out)
+	}
+	{
+		source := newSource(12)
+		out := TaintStepTest_OldContextWithValue_B0I2O0(source)
+		sink(12, out)
+	}
+	{
+		source := newSource(13)
+		out := TaintStepTest_OldContextContextValue_B0I0O0(source)
+		sink(13, out)
+	}
 }
--- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/go.mod
+++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/go.mod
@@ -0,0 +1,7 @@
+module example.com/m
+
+go 1.14
+
+require (
+	golang.org/x/net v0.0.0-20201010224723-4f7140c49acb
+)
--- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/vendor/golang.org/x/net/context/stub.go
+++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/vendor/golang.org/x/net/context/stub.go
@@ -0,0 +1,36 @@
+// Code generated by depstubber. DO NOT EDIT.
+// This is a simple stub for golang.org/x/net/context, strictly for use in testing.
+
+// See the LICENSE file for information about the licensing of the original library.
+// Source: golang.org/x/net/context (exports: Context; functions: WithCancel,WithDeadline,WithTimeout,WithValue)
+
+// Package context is a stub of golang.org/x/net/context, generated by depstubber.
+package context
+
+import (
+	context "context"
+	time "time"
+)
+
+type Context interface {
+	Deadline() (time.Time, bool)
+	Done() <-chan struct{}
+	Err() error
+	Value(_ interface{}) interface{}
+}
+
+func WithCancel(_ context.Context) (context.Context, context.CancelFunc) {
+	return nil, nil
+}
+
+func WithDeadline(_ context.Context, _ time.Time) (context.Context, context.CancelFunc) {
+	return nil, nil
+}
+
+func WithTimeout(_ context.Context, _ time.Duration) (context.Context, context.CancelFunc) {
+	return nil, nil
+}
+
+func WithValue(_ context.Context, _ interface{}, _ interface{}) context.Context {
+	return nil
+}
--- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/vendor/modules.txt
+++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/vendor/modules.txt
@@ -0,0 +1,3 @@
+# golang.org/x/net v0.0.0-20201010224723-4f7140c49acb
+## explicit
+golang.org/x/net