Model moved io/ioutil functions

2026-01-29 14:23:03 +01:00 · 2021-02-18 15:17:46 -08:00
parent 4056ac4ab5
commit 41cacd579f
4 changed files with 34 additions and 1 deletions
--- a/ql/src/semmle/go/frameworks/stdlib/Io.qll
+++ b/ql/src/semmle/go/frameworks/stdlib/Io.qll
@@ -61,6 +61,14 @@ module Io {
      // signature: func WriteString(w Writer, s string) (n int, err error)
      hasQualifiedName("io", "WriteString") and
      (inp.isParameter(1) and outp.isParameter(0))
+      or
+      // signature: func NopCloser(r io.Reader) io.ReadCloser
+      hasQualifiedName("io", "NopCloser") and
+      (inp.isParameter(0) and outp.isResult())
+      or
+      // signature: func ReadAll(r io.Reader) ([]byte, error)
+      hasQualifiedName("io", "ReadAll") and
+      (inp.isParameter(0) and outp.isResult(0))
    }

    override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
--- a/ql/src/semmle/go/frameworks/stdlib/Os.qll
+++ b/ql/src/semmle/go/frameworks/stdlib/Os.qll
@@ -55,6 +55,16 @@ module Os {
        fn = "Truncate" and pathidx = 0
        or
        fn = "DirFS" and pathidx = 0
+        or
+        fn = "ReadDir" and pathidx = 0
+        or
+        fn = "ReadFile" and pathidx = 0
+        or
+        fn = "MkdirTemp" and pathidx in [0 .. 1]
+        or
+        fn = "CreateTemp" and pathidx in [0 .. 1]
+        or
+        fn = "WriteFile" and pathidx = 0
      )
    }

--- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Io.go
+++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Io.go
@@ -302,4 +302,14 @@ func RunAllTaints_Io() {
 		out := TaintStepTest_IoWriterToWriteTo_B0I0O0(source)
 		sink(24, out)
 	}
+	{
+		source := newSource(25).(io.Reader)
+		out := io.NopCloser(source)
+		sink(25, out)
+	}
+	{
+		source := newSource(26).(io.Reader)
+		out, _ := io.ReadAll(source)
+		sink(26, out)
+	}
 }
--- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Os.go
+++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Os.go
@@ -152,7 +152,7 @@ func RunAllTaints_Os() {
 }

 func fsAccesses() {
-	var path, path1 string
+	var path, path1, part string
 	var time time.Time
 	os.Chdir(path)                       // $fsaccess=path
 	os.Chmod(path, 0600)                 // $fsaccess=path
@@ -175,4 +175,9 @@ func fsAccesses() {
 	os.Symlink(path, path1)              // $fsaccess=path $fsaccess=path1
 	os.Truncate(path, 1000)              // $fsaccess=path
 	os.DirFS(path)                       // $fsaccess=path
+	os.ReadDir(path)                     // $fsaccess=path
+	os.ReadFile(path)                    // $fsaccess=path
+	os.MkdirTemp(path, part)             // $fsaccess=path $fsaccess=part
+	os.CreateTemp(path, part)            // $fsaccess=path $fsaccess=part
+	os.WriteFile(path, []byte{}, 0600)   // $fsaccess=path
 }