hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add models for Go 1.19's new url.JoinPath and URL.JoinPath functions

Browse Source
This commit is contained in:
Chris Smowton
2022-08-18 19:03:46 +01:00
parent 6068f63e9e
commit 45f922b3f2
4 changed files with 70 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
go/ql/lib/semmle/go/frameworks/Stdlib.qll
View File

@@ -170,6 +170,25 @@ module URL {
}
}
/** The `JoinPath` function. */
class JoinPath extends TaintTracking::FunctionModel {
JoinPath() { this.hasQualifiedName("net/url", "JoinPath") }
override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
inp.isParameter(_) and outp.isResult(0)
}
}
/** The method `URL.JoinPath`. */
class JoinPathMethod extends TaintTracking::FunctionModel, Method {
JoinPathMethod() { this.hasQualifiedName("net/url", "URL", "JoinPath") }
override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
(inp.isReceiver() or inp.isParameter(_)) and
outp.isResult(0)
}
}
/** A method that returns a part of a URL. */
class UrlGetter extends TaintTracking::FunctionModel, Method {
UrlGetter() {

20
go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected
View File

@@ -2,9 +2,15 @@
| file://:0:0:0:0 | function EscapedPath | url.go:28:14:28:26 | selection of EscapedPath |
| file://:0:0:0:0 | function Get | url.go:52:14:52:18 | selection of Get |
| file://:0:0:0:0 | function Hostname | url.go:29:14:29:23 | selection of Hostname |
| file://:0:0:0:0 | function JoinPath | url.go:57:16:57:27 | selection of JoinPath |
| file://:0:0:0:0 | function JoinPath | url.go:58:16:58:27 | selection of JoinPath |
| file://:0:0:0:0 | function JoinPath | url.go:60:15:60:28 | selection of JoinPath |
| file://:0:0:0:0 | function JoinPath | url.go:66:9:66:25 | selection of JoinPath |
| file://:0:0:0:0 | function MarshalBinary | url.go:30:11:30:25 | selection of MarshalBinary |
| file://:0:0:0:0 | function Parse | url.go:23:10:23:18 | selection of Parse |
| file://:0:0:0:0 | function Parse | url.go:32:9:32:15 | selection of Parse |
| file://:0:0:0:0 | function Parse | url.go:59:14:59:22 | selection of Parse |
| file://:0:0:0:0 | function Parse | url.go:65:17:65:25 | selection of Parse |
| file://:0:0:0:0 | function ParseQuery | url.go:50:10:50:23 | selection of ParseQuery |
| file://:0:0:0:0 | function ParseRequestURI | url.go:27:9:27:27 | selection of ParseRequestURI |
| file://:0:0:0:0 | function Password | url.go:43:11:43:21 | selection of Password |
@@ -164,3 +170,17 @@
| url.go:50:2:50:2 | definition of v | url.go:52:14:52:14 | v |
| url.go:50:2:50:2 | definition of v | url.go:53:9:53:9 | v |
| url.go:50:2:50:26 | ... := ...[0] | url.go:50:2:50:2 | definition of v |
| url.go:56:12:56:12 | argument corresponding to q | url.go:56:12:56:12 | definition of q |
| url.go:56:12:56:12 | definition of q | url.go:57:29:57:29 | q |
| url.go:57:2:57:8 | definition of joined1 | url.go:58:38:58:44 | joined1 |
| url.go:57:2:57:39 | ... := ...[0] | url.go:57:2:57:8 | definition of joined1 |
| url.go:58:2:58:8 | definition of joined2 | url.go:59:24:59:30 | joined2 |
| url.go:58:2:58:45 | ... := ...[0] | url.go:58:2:58:8 | definition of joined2 |
| url.go:59:2:59:6 | definition of asUrl | url.go:60:15:60:19 | asUrl |
| url.go:59:2:59:31 | ... := ...[0] | url.go:59:2:59:6 | definition of asUrl |
| url.go:60:2:60:10 | definition of joinedUrl | url.go:61:9:61:17 | joinedUrl |
| url.go:60:15:60:37 | call to JoinPath | url.go:60:2:60:10 | definition of joinedUrl |
| url.go:64:13:64:13 | argument corresponding to q | url.go:64:13:64:13 | definition of q |
| url.go:64:13:64:13 | definition of q | url.go:66:27:66:27 | q |
| url.go:65:2:65:9 | definition of cleanUrl | url.go:66:9:66:16 | cleanUrl |
| url.go:65:2:65:48 | ... := ...[0] | url.go:65:2:65:9 | definition of cleanUrl |

18
go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected
View File

@@ -66,3 +66,21 @@
| url.go:50:25:50:25 | q | url.go:50:2:50:26 | ... := ...[0] |
| url.go:51:14:51:14 | v | url.go:51:14:51:23 | call to Encode |
| url.go:52:14:52:14 | v | url.go:52:14:52:26 | call to Get |
| url.go:57:16:57:39 | call to JoinPath | url.go:57:2:57:39 | ... := ...[0] |
| url.go:57:16:57:39 | call to JoinPath | url.go:57:2:57:39 | ... := ...[1] |
| url.go:57:29:57:29 | q | url.go:57:2:57:39 | ... := ...[0] |
| url.go:57:32:57:38 | "clean" | url.go:57:2:57:39 | ... := ...[0] |
| url.go:58:16:58:45 | call to JoinPath | url.go:58:2:58:45 | ... := ...[0] |
| url.go:58:16:58:45 | call to JoinPath | url.go:58:2:58:45 | ... := ...[1] |
| url.go:58:29:58:35 | "clean" | url.go:58:2:58:45 | ... := ...[0] |
| url.go:58:38:58:44 | joined1 | url.go:58:2:58:45 | ... := ...[0] |
| url.go:59:14:59:31 | call to Parse | url.go:59:2:59:31 | ... := ...[0] |
| url.go:59:14:59:31 | call to Parse | url.go:59:2:59:31 | ... := ...[1] |
| url.go:59:24:59:30 | joined2 | url.go:59:2:59:31 | ... := ...[0] |
| url.go:60:15:60:19 | asUrl | url.go:60:15:60:37 | call to JoinPath |
| url.go:60:30:60:36 | "clean" | url.go:60:15:60:37 | call to JoinPath |
| url.go:65:17:65:48 | call to Parse | url.go:65:2:65:48 | ... := ...[0] |
| url.go:65:17:65:48 | call to Parse | url.go:65:2:65:48 | ... := ...[1] |
| url.go:65:27:65:47 | "http://harmless.org" | url.go:65:2:65:48 | ... := ...[0] |
| url.go:66:9:66:16 | cleanUrl | url.go:66:9:66:28 | call to JoinPath |
| url.go:66:27:66:27 | q | url.go:66:9:66:28 | call to JoinPath |

13
go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/url.go
View File

@@ -52,3 +52,16 @@ func func8(q string) url.Values {
fmt.Println(v.Get("page"))
return v
}
func func9(q string) *url.URL {
joined1, _ := url.JoinPath(q, "clean")
joined2, _ := url.JoinPath("clean", joined1)
asUrl, _ := url.Parse(joined2)
joinedUrl := asUrl.JoinPath("clean")
return joinedUrl
}
func func10(q string) *url.URL {
cleanUrl, _ := url.Parse("http://harmless.org")
return cleanUrl.JoinPath(q)
}