hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Convert net/http UserControlledRequestField sources to MaD

Browse Source
This commit is contained in:
Owen Mansel-Chan
2024-07-14 22:43:12 +01:00
parent 873fd6646b
commit 535b4ea986
2 changed files with 8 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
go/ql/lib/ext/net.http.model.yml
View File

@@ -37,3 +37,11 @@ extensions:
- ["net/http", "Request", True, "PostFormValue", "", "", "ReturnValue", "remote", "manual"]
- ["net/http", "Request", True, "Referer", "", "", "ReturnValue", "remote", "manual"]
- ["net/http", "Request", True, "UserAgent", "", "", "ReturnValue", "remote", "manual"]
- ["net/http", "Request", True, "Body", "", "", "", "remote", "manual"]
- ["net/http", "Request", True, "GetBody", "", "", "", "remote", "manual"]
- ["net/http", "Request", True, "Form", "", "", "", "remote", "manual"]
- ["net/http", "Request", True, "PostForm", "", "", "", "remote", "manual"]
- ["net/http", "Request", True, "MultipartForm", "", "", "", "remote", "manual"]
- ["net/http", "Request", True, "Header", "", "", "", "remote", "manual"]
- ["net/http", "Request", True, "Trailer", "", "", "", "remote", "manual"]
- ["net/http", "Request", True, "URL", "", "", "", "remote", "manual"]

10
go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
View File

@@ -8,16 +8,6 @@ private import semmle.go.dataflow.internal.FlowSummaryImpl::Private
/** Provides models of commonly used functions in the `net/http` package. */
module NetHttp {
/** An access to an HTTP request field whose value may be controlled by an untrusted user. */
private class UserControlledRequestField extends RemoteFlowSource::Range, DataFlow::FieldReadNode {
UserControlledRequestField() {
exists(string fieldName | this.getField().hasQualifiedName("net/http", "Request", fieldName) |
fieldName =
["Body", "GetBody", "Form", "PostForm", "MultipartForm", "Header", "Trailer", "URL"]
)
}
}
/** The declaration of a variable which either is or has a field that implements the http.ResponseWriter type */
private class StdlibResponseWriter extends Http::ResponseWriter::Range {
SsaWithFields v;