Add getSourceType declarations to existing remote flow sources

2026-04-22 07:15:15 +02:00 · 2024-06-06 18:41:52 -04:00
parent df6449cfc7
commit 49fb372eb9
19 changed files with 66 additions and 0 deletions
--- a/go/ql/lib/semmle/go/frameworks/AwsLambda.qll
+++ b/go/ql/lib/semmle/go/frameworks/AwsLambda.qll
@@ -14,6 +14,8 @@ private class LambdaInput extends RemoteFlowSource::Range {
      not p instanceof ReceiverVariable
    )
  }
+
+  override string getSourceType() { result = "AWS Lambda Input" }
 }

 private class HandlerFunction extends FuncDef {
--- a/go/ql/lib/semmle/go/frameworks/Beego.qll
+++ b/go/ql/lib/semmle/go/frameworks/Beego.qll
@@ -71,6 +71,8 @@ module Beego {
    }

    predicate isSafeUrlSource() { methodName in ["URI", "URL"] }
+
+    override string getSourceType() { result = "Beego Input" }
  }

  /** `BeegoInput` sources that are safe to use for redirection. */
@@ -100,6 +102,8 @@ module Beego {
        )
      )
    }
+
+    override string getSourceType() { result = "a Beego Controller" }
  }

  /**
@@ -111,6 +115,8 @@ module Beego {
        frn.getField().hasQualifiedName(contextPackagePath(), "BeegoInput", "RequestBody")
      )
    }
+
+    override string getSourceType() { result = "Beego Input Request Body" }
  }

  /**
@@ -122,6 +128,8 @@ module Beego {
        this = m.getACall().getResult()
      )
    }
+
+    override string getSourceType() { result = "a Beego cookie" }
  }

  private class BeegoOutputInstance extends Http::ResponseWriter::Range {
--- a/go/ql/lib/semmle/go/frameworks/Chi.qll
+++ b/go/ql/lib/semmle/go/frameworks/Chi.qll
@@ -15,6 +15,8 @@ private module Chi {
    UserControlledFunction() {
      this.getTarget().hasQualifiedName(packagePath(), ["URLParam", "URLParamFromCtx"])
    }
+
+    override string getSourceType() { result = "URL parameter" }
  }

  /**
@@ -26,5 +28,7 @@ private module Chi {
    UserControlledRequestMethod() {
      this.getTarget().hasQualifiedName(packagePath(), "Context", "URLParam")
    }
+
+    override string getSourceType() { result = "URL parameter" }
  }
 }
--- a/go/ql/lib/semmle/go/frameworks/Echo.qll
+++ b/go/ql/lib/semmle/go/frameworks/Echo.qll
@@ -24,6 +24,8 @@ private module Echo {
        this = call.getResult(0)
      )
    }
+
+    override string getSourceType() { result = "HTTP request context" }
  }

  /**
@@ -50,6 +52,8 @@ private module Echo {
        this = FunctionOutput::parameter(0).getExitNode(call)
      )
    }
+
+    override string getSourceType() { result = "HTTP request data" }
  }

  /**
--- a/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll
+++ b/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll
@@ -106,6 +106,8 @@ module ElazarlGoproxy {
        call.getTarget().hasQualifiedName(packagePath(), "ProxyCtx", "Charset")
      )
    }
+
+    override string getSourceType() { result = "HTTP request data" }
  }

  private class ProxyLogFunction extends StringOps::Formatting::Range, Method {
--- a/go/ql/lib/semmle/go/frameworks/Fasthttp.qll
+++ b/go/ql/lib/semmle/go/frameworks/Fasthttp.qll
@@ -271,6 +271,8 @@ module Fasthttp {
          this = m.getACall().getResult(0)
        )
      }
+
+      override string getSourceType() { result = "a component of a URI" }
    }
  }

@@ -296,6 +298,8 @@ module Fasthttp {
          this = m.getACall().getResult(0)
        )
      }
+
+      override string getSourceType() { result = "URL Parameters" }
    }
  }

@@ -421,6 +425,8 @@ module Fasthttp {
          this = m.getACall().getArgument(0)
        )
      }
+
+      override string getSourceType() { result = "HTTP request" }
    }

    /**
@@ -499,6 +505,8 @@ module Fasthttp {
          this = m.getACall().getResult(0)
        )
      }
+
+      override string getSourceType() { result = "HTTP header" }
    }
  }

@@ -529,6 +537,8 @@ module Fasthttp {
          this = m.getACall().getResult(0)
        )
      }
+
+      override string getSourceType() { result = "HTTP request header" }
    }
  }
 }
--- a/go/ql/lib/semmle/go/frameworks/Gin.qll
+++ b/go/ql/lib/semmle/go/frameworks/Gin.qll
@@ -34,6 +34,8 @@ private module Gin {
        this = fld.getARead()
      )
    }
+
+    override string getSourceType() { result = "HTTP request context" }
  }

  /**
@@ -53,6 +55,8 @@ private module Gin {
        this = FunctionOutput::parameter(0).getExitNode(call)
      )
    }
+
+    override string getSourceType() { result = "HTTP request data" }
  }

  /**
--- a/go/ql/lib/semmle/go/frameworks/GoKit.qll
+++ b/go/ql/lib/semmle/go/frameworks/GoKit.qll
@@ -37,6 +37,8 @@ module GoKit {

    private class EndpointRequest extends RemoteFlowSource::Range {
      EndpointRequest() { this = DataFlow::parameterNode(getAnEndpointFunction().getParameter(1)) }
+
+      override string getSourceType() { result = "Go Kit endpoint request" }
    }
  }
 }
--- a/go/ql/lib/semmle/go/frameworks/GoMicro.qll
+++ b/go/ql/lib/semmle/go/frameworks/GoMicro.qll
@@ -150,5 +150,7 @@ module GoMicro {
        this.getType().(PointerType).getBaseType() instanceof ProtocMessageType
      )
    }
+
+    override string getSourceType() { result = "service handler request" }
  }
 }
--- a/go/ql/lib/semmle/go/frameworks/GoRestfulHttp.qll
+++ b/go/ql/lib/semmle/go/frameworks/GoRestfulHttp.qll
@@ -29,6 +29,8 @@ private module GoRestfulHttp {
   */
  private class GoRestfulSource extends RemoteFlowSource::Range {
    GoRestfulSource() { this = any(GoRestfulSourceMethod g).getACall() }
+
+    override string getSourceType() { result = "HTTP request" }
  }

  /**
@@ -42,5 +44,7 @@ private module GoRestfulHttp {
        this = FunctionOutput::parameter(0).getExitNode(call)
      )
    }
+
+    override string getSourceType() { result = "HTTP request body" }
  }
 }
--- a/go/ql/lib/semmle/go/frameworks/Gqlgen.qll
+++ b/go/ql/lib/semmle/go/frameworks/Gqlgen.qll
@@ -43,5 +43,7 @@ module Gqlgen {
    ResolverParameter() {
      this.asParameter() = any(ResolverImplementationMethod h).getAnUntrustedParameter()
    }
+
+    override string getSourceType() { result = "GraphQL request" }
  }
 }
--- a/go/ql/lib/semmle/go/frameworks/Mux.qll
+++ b/go/ql/lib/semmle/go/frameworks/Mux.qll
@@ -13,5 +13,7 @@ module Mux {
    RequestVars() {
      this.getTarget().hasQualifiedName(package("github.com/gorilla/mux", ""), "Vars")
    }
+
+    override string getSourceType() { result = "Mux request variable" }
  }
 }
--- a/go/ql/lib/semmle/go/frameworks/Revel.qll
+++ b/go/ql/lib/semmle/go/frameworks/Revel.qll
@@ -19,6 +19,8 @@ module Revel {
        f.hasQualifiedName(packagePath(), "Controller", "Params")
      )
    }
+
+    override string getSourceType() { result = "Revel controller parameter" }
  }

  private class ParamsFixedSanitizer extends TaintTracking::DefaultTaintSanitizer,
@@ -39,6 +41,8 @@ module Revel {
        f.hasQualifiedName(packagePath(), "RouteMatch", "Params")
      )
    }
+
+    override string getSourceType() { result = "Revel route match parameter" }
  }

  /** An access to an HTTP request field whose value may be controlled by an untrusted user. */
@@ -52,6 +56,8 @@ module Revel {
          ]
      )
    }
+
+    override string getSourceType() { result = "HTTP request field" }
  }

  private class UserControlledRequestMethod extends RemoteFlowSource::Range,
@@ -65,6 +71,8 @@ module Revel {
              "Cookie", "GetHttpHeader", "GetRequestURI", "MultipartReader", "Referer", "UserAgent"
            ])
    }
+
+    override string getSourceType() { result = "Revel request method" }
  }

  private string contentTypeFromFilename(DataFlow::Node filename) {
--- a/go/ql/lib/semmle/go/frameworks/Twirp.qll
+++ b/go/ql/lib/semmle/go/frameworks/Twirp.qll
@@ -138,5 +138,7 @@ module Twirp {
        this.getType().(PointerType).getBaseType() instanceof ProtobufMessageType
      )
    }
+
+    override string getSourceType() { result = "Twirp request" }
  }
 }
--- a/go/ql/lib/semmle/go/frameworks/WebSocket.qll
+++ b/go/ql/lib/semmle/go/frameworks/WebSocket.qll
@@ -131,6 +131,8 @@ class WebSocketReaderAsSource extends RemoteFlowSource::Range {
  WebSocketReaderAsSource() {
    exists(WebSocketReader r | this = r.getAnOutput().getNode(r.getACall()))
  }
+
+  override string getSourceType() { result = "WebSocket reader" }
 }

 /**
--- a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
+++ b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
@@ -16,6 +16,8 @@ module NetHttp {
          ["Body", "GetBody", "Form", "PostForm", "MultipartForm", "Header", "Trailer", "URL"]
      )
    }
+
+    override string getSourceType() { result = "HTTP request" }
  }

  /** The declaration of a variable which either is or has a field that implements the http.ResponseWriter type */
--- a/go/ql/src/experimental/frameworks/CleverGo.qll
+++ b/go/ql/src/experimental/frameworks/CleverGo.qll
@@ -100,6 +100,8 @@ private module CleverGo {
        this = v.getARead()
      )
    }
+
+    override string getSourceType() { result = "Clever Go" }
  }

  /**
--- a/go/ql/src/experimental/frameworks/DecompressionBombs.qll
+++ b/go/ql/src/experimental/frameworks/DecompressionBombs.qll
@@ -19,6 +19,8 @@ class MimeMultipartFileHeader extends RemoteFlowSource::Range {
      frn.getField().hasQualifiedName("mime/multipart", "Form", "Value")
    )
  }
+
+  override string getSourceType() { result = "mime/multipart file header" }
 }

 /** Provides a taint tracking configuration for reasoning about decompression bomb vulnerabilities. */
--- a/go/ql/src/experimental/frameworks/Fiber.qll
+++ b/go/ql/src/experimental/frameworks/Fiber.qll
@@ -386,5 +386,7 @@ private module Fiber {
        fields = "Message"
      )
    }
+
+    override string getSourceType() { result = "HTTP request" }
  }
 }