feat: client service support

2026-04-25 16:55:19 +02:00 · 2023-06-30 12:44:09 +01:00
parent 62bad6c02f
commit 48966d65dd
1 changed files with 52 additions and 0 deletions
--- a/go/ql/lib/semmle/go/frameworks/GoMicro.qll
+++ b/go/ql/lib/semmle/go/frameworks/GoMicro.qll
@@ -3,6 +3,7 @@
 */

 import go
+private import semmle.go.security.RequestForgeryCustomizations

 /**
 * Module for Go-Micro framework.
@@ -15,6 +16,13 @@ module GoMicro {
    GoMicroServerType() { this.hasQualifiedName("go-micro.dev/v4/server", "Server") }
  }

+  /**
+   * A GoMicro client type.
+   */
+  class GoMicroClientType extends Type {
+    GoMicroClientType() { this.hasQualifiedName("go-micro.dev/v4/client", "Client") }
+  }
+
  /**
   * A file that is generated by the protobuf compiler.
   */
@@ -84,6 +92,20 @@ module GoMicro {
    }
  }

+  /**
+   * A Client server handler type.
+   */
+  class ClientServiceType extends NamedType {
+    ClientServiceType() {
+      exists(ServiceInterfaceType i, TypeEntity te |
+        this.implements(i) and
+        this.getName().regexpMatch("(?i).*Service") and
+        te.getType() = this and
+        te.getDeclaration().getLocation().getFile() instanceof ProtocGeneratedFile
+      )
+    }
+  }
+
  /**
   * A service register handler.
   */
@@ -111,6 +133,36 @@ module GoMicro {
    }
  }

+  /**
+   * A client service function.
+   */
+  class ClientService extends Function {
+    ClientService() {
+      exists(ClientServiceType c |
+        this.getName().regexpMatch("(?i)new" + c.getName()) and
+        this.getParameterType(0) instanceof StringType and
+        this.getParameterType(1) instanceof GoMicroClientType and
+        this.getDeclaration().getLocation().getFile() instanceof ProtocGeneratedFile
+      )
+    }
+  }
+
+  /**
+   * An SSRF sink for the Client service function.
+   */
+  class ClientRequestUrlAsSink extends RequestForgery::Sink {
+    ClientRequestUrlAsSink() {
+      exists(DataFlow::CallNode call |
+        call.getArgument(0) = this and
+        call.getTarget() instanceof ClientService
+      )
+    }
+
+    override DataFlow::Node getARequest() { result = this }
+
+    override string getKind() { result = "URL" }
+  }
+
  /**
   * A set of remote requests from a service handler.
   */