hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use data-flow API in stringConcatStep

Browse Source
This commit is contained in:
Sauyon Lee
2019-11-21 23:28:15 -08:00
parent 9651a0bfc4
commit 4ea45dbf34
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ql/src/semmle/go/dataflow/TaintTracking.qll
View File

@@ -111,7 +111,9 @@ module TaintTracking {
/** Holds if taint flows from `pred` to `succ` via string concatenation. */
predicate stringConcatStep(DataFlow::Node pred, DataFlow::Node succ) {
succ.asExpr().(AddExpr).getAnOperand() = pred.asExpr()
exists(DataFlow::BinaryOperationNode conc | conc.getOperator() = "+" |
succ = conc and conc.getAnOperand() = pred
)
}
/** Holds if taint flows from `pred` to `succ` via a slice operation. */

2
ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected
View File

@@ -1,5 +1,7 @@
| main.go:10:22:10:22 | x | main.go:10:22:10:27 | ...+... |
| main.go:10:24:10:27 | call to fn | main.go:10:22:10:27 | ...+... |
| main.go:17:3:17:5 | acc | main.go:17:3:17:7 | rhs of increment statement |
| main.go:17:3:17:7 | 1 | main.go:17:3:17:7 | rhs of increment statement |
| main.go:26:11:26:17 | type assertion | main.go:26:2:26:17 | ... := ...[0] |
| main.go:26:11:26:17 | type assertion | main.go:26:2:26:17 | ... := ...[1] |
| strings.go:9:24:9:24 | s | strings.go:9:8:9:38 | call to Replace |