mirror of
https://github.com/github/codeql.git
synced 2026-01-29 14:23:03 +01:00
Update data-flow libraries.
This brings `DataFlowImpl.qll` and `DataFlowImplCommon.qll` up-to-date with the other languages as of https://github.com/Semmle/ql/pull/2480.
This commit is contained in:
Max Schaefer
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -1,9 +1,9 @@
|
||||
private import go
|
||||
private import DataFlowUtil
|
||||
private import DataFlowImplCommon::Public
|
||||
|
||||
private newtype TReturnKind =
|
||||
TSingleReturn()
|
||||
or
|
||||
TSingleReturn() or
|
||||
TMultiReturn(int i) { exists(SignatureType st | exists(st.getResultType(i))) }
|
||||
|
||||
/**
|
||||
@@ -17,9 +17,7 @@ class ReturnKind extends TReturnKind {
|
||||
this = TSingleReturn() and
|
||||
result = "return"
|
||||
or
|
||||
exists(int i | this = TMultiReturn(i) |
|
||||
result = "return[" + i + "]"
|
||||
)
|
||||
exists(int i | this = TMultiReturn(i) | result = "return[" + i + "]")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -29,10 +27,7 @@ class ReturnNode extends ResultNode {
|
||||
|
||||
ReturnNode() {
|
||||
exists(int nr | nr = fd.getType().getNumResult() |
|
||||
if nr = 1 then
|
||||
kind = TSingleReturn()
|
||||
else
|
||||
kind = TMultiReturn(i)
|
||||
if nr = 1 then kind = TSingleReturn() else kind = TMultiReturn(i)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -43,7 +38,6 @@ class ReturnNode extends ResultNode {
|
||||
/** A data flow node that represents the output of a call. */
|
||||
class OutNode extends DataFlow::Node {
|
||||
DataFlow::CallNode call;
|
||||
|
||||
int i;
|
||||
|
||||
OutNode() {
|
||||
@@ -66,9 +60,7 @@ OutNode getAnOutNode(DataFlowCall call, ReturnKind kind) {
|
||||
kind = TSingleReturn() and
|
||||
result = c.getResult()
|
||||
or
|
||||
exists(int i | kind = TMultiReturn(i) |
|
||||
result = c.getResult(i)
|
||||
)
|
||||
exists(int i | kind = TMultiReturn(i) | result = c.getResult(i))
|
||||
)
|
||||
}
|
||||
|
||||
@@ -241,3 +233,38 @@ class DataFlowCall extends Expr {
|
||||
/** Gets the enclosing callable of this call. */
|
||||
DataFlowCallable getEnclosingCallable() { result = this.getEnclosingFunction() }
|
||||
}
|
||||
|
||||
/** Holds if `e` is an expression that always has the same Boolean value `val`. */
|
||||
private predicate constantBooleanExpr(Expr e, boolean val) {
|
||||
e.getBoolValue() = val
|
||||
or
|
||||
exists(SsaExplicitDefinition v, Expr src |
|
||||
IR::evalExprInstruction(e) = v.getVariable().getAUse() and
|
||||
IR::evalExprInstruction(src) = v.getRhs() and
|
||||
constantBooleanExpr(src, val)
|
||||
)
|
||||
}
|
||||
|
||||
/** An argument that always has the same Boolean value. */
|
||||
private class ConstantBooleanArgumentNode extends ArgumentNode, ExprNode {
|
||||
ConstantBooleanArgumentNode() { constantBooleanExpr(this.getExpr(), _) }
|
||||
|
||||
/** Gets the Boolean value of this expression. */
|
||||
boolean getBooleanValue() { constantBooleanExpr(this.getExpr(), result) }
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if the node `n` is unreachable when the call context is `call`.
|
||||
*/
|
||||
cached
|
||||
predicate isUnreachableInCall(Node n, DataFlowCall call) {
|
||||
exists(
|
||||
ParameterNode param, ConstantBooleanArgumentNode arg, ControlFlow::ConditionGuardNode guard
|
||||
|
|
||||
// get constant bool argument and parameter for this call
|
||||
viableParamArg(call, param, arg) and
|
||||
// which is used in a guard controlling `n` with the opposite value of `arg`
|
||||
guard.ensures(param.getAUse(), arg.getBooleanValue().booleanNot()) and
|
||||
guard.dominates(n.getBasicBlock())
|
||||
)
|
||||
}
|
||||
|
||||
@@ -683,8 +683,18 @@ Node extractTupleElement(Node t, int i) {
|
||||
* Holds if data flows from `nodeFrom` to `nodeTo` in exactly one local
|
||||
* (intra-procedural) step.
|
||||
*/
|
||||
cached
|
||||
predicate localFlowStep(Node nodeFrom, Node nodeTo) {
|
||||
simpleLocalFlowStep(nodeFrom, nodeTo)
|
||||
}
|
||||
|
||||
/**
|
||||
* INTERNAL: do not use.
|
||||
*
|
||||
* This is the local flow predicate that's used as a building block in global
|
||||
* data flow. It may have less flow than the `localFlowStep` predicate.
|
||||
*/
|
||||
cached
|
||||
predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) {
|
||||
// Instruction -> Instruction
|
||||
exists(Expr pred, Expr succ |
|
||||
succ.(LogicalBinaryExpr).getAnOperand() = pred or
|
||||
|
||||
@@ -1,6 +1,9 @@
|
||||
edges
|
||||
| IncompleteHostnameRegexp.go:11:11:11:39 | "^((www\|beta).)?example.com/" [string] | IncompleteHostnameRegexp.go:12:41:12:42 | re |
|
||||
| main.go:12:15:12:39 | `https://www.example.com` [string] | main.go:12:15:12:39 | `https://www.example.com` |
|
||||
| IncompleteHostnameRegexp.go:11:11:11:39 | "^((www\|beta).)?example.com/" : string | IncompleteHostnameRegexp.go:12:41:12:42 | re |
|
||||
nodes
|
||||
| IncompleteHostnameRegexp.go:11:11:11:39 | "^((www\|beta).)?example.com/" : string | semmle.label | "^((www\|beta).)?example.com/" : string |
|
||||
| IncompleteHostnameRegexp.go:12:41:12:42 | re | semmle.label | re |
|
||||
| main.go:12:15:12:39 | `https://www.example.com` | semmle.label | `https://www.example.com` |
|
||||
#select
|
||||
| IncompleteHostnameRegexp.go:11:11:11:39 | "^((www\|beta).)?example.com/" [string] | IncompleteHostnameRegexp.go:11:11:11:39 | "^((www\|beta).)?example.com/" [string] | IncompleteHostnameRegexp.go:12:41:12:42 | re | This regular expression has an unescaped dot before ')?example.com', so it might match more hosts than expected when used $@. | IncompleteHostnameRegexp.go:12:41:12:42 | re | here |
|
||||
| main.go:12:15:12:39 | `https://www.example.com` [string] | main.go:12:15:12:39 | `https://www.example.com` [string] | main.go:12:15:12:39 | `https://www.example.com` | This regular expression has an unescaped dot before 'example.com', so it might match more hosts than expected when used $@. | main.go:12:15:12:39 | `https://www.example.com` | here |
|
||||
| IncompleteHostnameRegexp.go:11:11:11:39 | "^((www\|beta).)?example.com/" : string | IncompleteHostnameRegexp.go:11:11:11:39 | "^((www\|beta).)?example.com/" : string | IncompleteHostnameRegexp.go:12:41:12:42 | re | This regular expression has an unescaped dot before ')?example.com', so it might match more hosts than expected when used $@. | IncompleteHostnameRegexp.go:12:41:12:42 | re | here |
|
||||
| main.go:12:15:12:39 | `https://www.example.com` | main.go:12:15:12:39 | `https://www.example.com` | main.go:12:15:12:39 | `https://www.example.com` | This regular expression has an unescaped dot before 'example.com', so it might match more hosts than expected when used $@. | main.go:12:15:12:39 | `https://www.example.com` | here |
|
||||
|
||||
@@ -1,6 +1,10 @@
|
||||
edges
|
||||
| TaintedPath.go:10:10:10:14 | selection of URL [pointer type] | TaintedPath.go:13:29:13:32 | path |
|
||||
| TaintedPath.go:10:10:10:14 | selection of URL [pointer type] | TaintedPath.go:17:28:17:61 | call to Join |
|
||||
| TaintedPath.go:10:10:10:14 | selection of URL : pointer type | TaintedPath.go:13:29:13:32 | path |
|
||||
| TaintedPath.go:10:10:10:14 | selection of URL : pointer type | TaintedPath.go:17:28:17:61 | call to Join |
|
||||
nodes
|
||||
| TaintedPath.go:10:10:10:14 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
|
||||
| TaintedPath.go:13:29:13:32 | path | semmle.label | path |
|
||||
| TaintedPath.go:17:28:17:61 | call to Join | semmle.label | call to Join |
|
||||
#select
|
||||
| TaintedPath.go:13:29:13:32 | path | TaintedPath.go:10:10:10:14 | selection of URL [pointer type] | TaintedPath.go:13:29:13:32 | path | This path depends on $@. | TaintedPath.go:10:10:10:14 | selection of URL | a user-provided value |
|
||||
| TaintedPath.go:17:28:17:61 | call to Join | TaintedPath.go:10:10:10:14 | selection of URL [pointer type] | TaintedPath.go:17:28:17:61 | call to Join | This path depends on $@. | TaintedPath.go:10:10:10:14 | selection of URL | a user-provided value |
|
||||
| TaintedPath.go:13:29:13:32 | path | TaintedPath.go:10:10:10:14 | selection of URL : pointer type | TaintedPath.go:13:29:13:32 | path | This path depends on $@. | TaintedPath.go:10:10:10:14 | selection of URL | a user-provided value |
|
||||
| TaintedPath.go:17:28:17:61 | call to Join | TaintedPath.go:10:10:10:14 | selection of URL : pointer type | TaintedPath.go:17:28:17:61 | call to Join | This path depends on $@. | TaintedPath.go:10:10:10:14 | selection of URL | a user-provided value |
|
||||
|
||||
@@ -1,6 +1,11 @@
|
||||
edges
|
||||
| ZipSlip.go:12:24:12:29 | selection of Name [string] | ZipSlip.go:14:20:14:20 | p |
|
||||
| tst.go:15:11:15:16 | selection of Name [string] | tst.go:20:20:20:23 | path |
|
||||
| ZipSlip.go:12:24:12:29 | selection of Name : string | ZipSlip.go:14:20:14:20 | p |
|
||||
| tst.go:15:11:15:16 | selection of Name : string | tst.go:20:20:20:23 | path |
|
||||
nodes
|
||||
| ZipSlip.go:12:24:12:29 | selection of Name : string | semmle.label | selection of Name : string |
|
||||
| ZipSlip.go:14:20:14:20 | p | semmle.label | p |
|
||||
| tst.go:15:11:15:16 | selection of Name : string | semmle.label | selection of Name : string |
|
||||
| tst.go:20:20:20:23 | path | semmle.label | path |
|
||||
#select
|
||||
| ZipSlip.go:12:24:12:29 | selection of Name | ZipSlip.go:12:24:12:29 | selection of Name [string] | ZipSlip.go:14:20:14:20 | p | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.go:14:20:14:20 | p | file system operation |
|
||||
| tst.go:15:11:15:16 | selection of Name | tst.go:15:11:15:16 | selection of Name [string] | tst.go:20:20:20:23 | path | Unsanitized archive entry, which may contain '..', is used in a $@. | tst.go:20:20:20:23 | path | file system operation |
|
||||
| ZipSlip.go:12:24:12:29 | selection of Name | ZipSlip.go:12:24:12:29 | selection of Name : string | ZipSlip.go:14:20:14:20 | p | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.go:14:20:14:20 | p | file system operation |
|
||||
| tst.go:15:11:15:16 | selection of Name | tst.go:15:11:15:16 | selection of Name : string | tst.go:20:20:20:23 | path | Unsanitized archive entry, which may contain '..', is used in a $@. | tst.go:20:20:20:23 | path | file system operation |
|
||||
|
||||
@@ -1,4 +1,7 @@
|
||||
edges
|
||||
| CommandInjection.go:9:13:9:19 | selection of URL [pointer type] | CommandInjection.go:10:22:10:28 | cmdName |
|
||||
| CommandInjection.go:9:13:9:19 | selection of URL : pointer type | CommandInjection.go:10:22:10:28 | cmdName |
|
||||
nodes
|
||||
| CommandInjection.go:9:13:9:19 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
|
||||
| CommandInjection.go:10:22:10:28 | cmdName | semmle.label | cmdName |
|
||||
#select
|
||||
| CommandInjection.go:10:22:10:28 | cmdName | CommandInjection.go:9:13:9:19 | selection of URL [pointer type] | CommandInjection.go:10:22:10:28 | cmdName | This command depends on $@. | CommandInjection.go:9:13:9:19 | selection of URL | a user-provided value |
|
||||
| CommandInjection.go:10:22:10:28 | cmdName | CommandInjection.go:9:13:9:19 | selection of URL : pointer type | CommandInjection.go:10:22:10:28 | cmdName | This command depends on $@. | CommandInjection.go:9:13:9:19 | selection of URL | a user-provided value |
|
||||
|
||||
@@ -1,6 +1,11 @@
|
||||
edges
|
||||
| ReflectedXss.go:11:15:11:20 | selection of Form [Values] | ReflectedXss.go:14:39:14:46 | username |
|
||||
| contenttype.go:10:11:10:16 | selection of Form [Values] | contenttype.go:16:11:16:22 | type conversion |
|
||||
| ReflectedXss.go:11:15:11:20 | selection of Form : Values | ReflectedXss.go:14:39:14:46 | username |
|
||||
| contenttype.go:10:11:10:16 | selection of Form : Values | contenttype.go:16:11:16:22 | type conversion |
|
||||
nodes
|
||||
| ReflectedXss.go:11:15:11:20 | selection of Form : Values | semmle.label | selection of Form : Values |
|
||||
| ReflectedXss.go:14:39:14:46 | username | semmle.label | username |
|
||||
| contenttype.go:10:11:10:16 | selection of Form : Values | semmle.label | selection of Form : Values |
|
||||
| contenttype.go:16:11:16:22 | type conversion | semmle.label | type conversion |
|
||||
#select
|
||||
| ReflectedXss.go:14:39:14:46 | username | ReflectedXss.go:11:15:11:20 | selection of Form [Values] | ReflectedXss.go:14:39:14:46 | username | Cross-site scripting vulnerability due to $@. | ReflectedXss.go:11:15:11:20 | selection of Form | user-provided value |
|
||||
| contenttype.go:16:11:16:22 | type conversion | contenttype.go:10:11:10:16 | selection of Form [Values] | contenttype.go:16:11:16:22 | type conversion | Cross-site scripting vulnerability due to $@. | contenttype.go:10:11:10:16 | selection of Form | user-provided value |
|
||||
| ReflectedXss.go:14:39:14:46 | username | ReflectedXss.go:11:15:11:20 | selection of Form : Values | ReflectedXss.go:14:39:14:46 | username | Cross-site scripting vulnerability due to $@. | ReflectedXss.go:11:15:11:20 | selection of Form | user-provided value |
|
||||
| contenttype.go:16:11:16:22 | type conversion | contenttype.go:10:11:10:16 | selection of Form : Values | contenttype.go:16:11:16:22 | type conversion | Cross-site scripting vulnerability due to $@. | contenttype.go:10:11:10:16 | selection of Form | user-provided value |
|
||||
|
||||
@@ -1,6 +1,11 @@
|
||||
edges
|
||||
| SqlInjection.go:11:3:11:9 | selection of URL [pointer type] | SqlInjection.go:12:11:12:11 | q |
|
||||
| main.go:9:11:9:16 | selection of Form [Values] | main.go:9:11:9:28 | index expression |
|
||||
| SqlInjection.go:11:3:11:9 | selection of URL : pointer type | SqlInjection.go:12:11:12:11 | q |
|
||||
| main.go:9:11:9:16 | selection of Form : Values | main.go:9:11:9:28 | index expression |
|
||||
nodes
|
||||
| SqlInjection.go:11:3:11:9 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
|
||||
| SqlInjection.go:12:11:12:11 | q | semmle.label | q |
|
||||
| main.go:9:11:9:16 | selection of Form : Values | semmle.label | selection of Form : Values |
|
||||
| main.go:9:11:9:28 | index expression | semmle.label | index expression |
|
||||
#select
|
||||
| SqlInjection.go:12:11:12:11 | q | SqlInjection.go:11:3:11:9 | selection of URL [pointer type] | SqlInjection.go:12:11:12:11 | q | This query depends on $@. | SqlInjection.go:11:3:11:9 | selection of URL | a user-provided value |
|
||||
| main.go:9:11:9:28 | index expression | main.go:9:11:9:16 | selection of Form [Values] | main.go:9:11:9:28 | index expression | This query depends on $@. | main.go:9:11:9:16 | selection of Form | a user-provided value |
|
||||
| SqlInjection.go:12:11:12:11 | q | SqlInjection.go:11:3:11:9 | selection of URL : pointer type | SqlInjection.go:12:11:12:11 | q | This query depends on $@. | SqlInjection.go:11:3:11:9 | selection of URL | a user-provided value |
|
||||
| main.go:9:11:9:28 | index expression | main.go:9:11:9:16 | selection of Form : Values | main.go:9:11:9:28 | index expression | This query depends on $@. | main.go:9:11:9:16 | selection of Form | a user-provided value |
|
||||
|
||||
@@ -1,54 +1,88 @@
|
||||
edges
|
||||
| passwords.go:8:12:8:12 | definition of x [string] | passwords.go:9:14:9:14 | x |
|
||||
| passwords.go:25:14:25:21 | password [string] | passwords.go:25:14:25:21 | password |
|
||||
| passwords.go:26:14:26:23 | selection of password [string] | passwords.go:26:14:26:23 | selection of password |
|
||||
| passwords.go:27:14:27:26 | call to getPassword [string] | passwords.go:27:14:27:26 | call to getPassword |
|
||||
| passwords.go:28:14:28:28 | call to getPassword [string] | passwords.go:28:14:28:28 | call to getPassword |
|
||||
| passwords.go:30:8:30:15 | password [string] | passwords.go:8:12:8:12 | definition of x [string] |
|
||||
| passwords.go:32:12:32:19 | password [string] | passwords.go:32:12:32:19 | password |
|
||||
| passwords.go:34:28:34:35 | password [string] | passwords.go:34:14:34:35 | ...+... |
|
||||
| passwords.go:36:10:38:2 | composite literal [passStruct] | passwords.go:39:14:39:17 | obj1 |
|
||||
| passwords.go:42:6:42:13 | password [string] | passwords.go:44:14:44:17 | obj2 |
|
||||
| passwords.go:48:11:48:18 | password [string] | passwords.go:47:14:47:17 | obj3 |
|
||||
| passwords.go:51:14:51:27 | fixed_password [string] | passwords.go:51:14:51:27 | fixed_password |
|
||||
| passwords.go:85:19:87:2 | composite literal [passSetStruct] | passwords.go:88:14:88:26 | utilityObject |
|
||||
| passwords.go:90:12:90:19 | password [string] | passwords.go:91:23:91:28 | secret |
|
||||
| passwords.go:101:33:101:40 | password [string] | passwords.go:101:15:101:40 | ...+... |
|
||||
| passwords.go:107:34:107:41 | password [string] | passwords.go:107:16:107:41 | ...+... |
|
||||
| passwords.go:112:33:112:40 | password [string] | passwords.go:112:15:112:40 | ...+... |
|
||||
| passwords.go:116:28:116:36 | password1 [stringable] | passwords.go:116:14:116:45 | ...+... |
|
||||
| passwords.go:118:12:123:2 | composite literal [Config] | passwords.go:125:14:125:19 | config |
|
||||
| passwords.go:118:12:123:2 | composite literal [x, ... (1)] | passwords.go:126:14:126:19 | config [x, ... (1)] |
|
||||
| passwords.go:118:12:123:2 | composite literal [y, ... (1)] | passwords.go:127:14:127:19 | config [y, ... (1)] |
|
||||
| passwords.go:121:13:121:20 | password [string] | passwords.go:118:12:123:2 | composite literal [x, ... (1)] |
|
||||
| passwords.go:121:13:121:20 | password [string] | passwords.go:125:14:125:19 | config |
|
||||
| passwords.go:122:13:122:25 | call to getPassword [string] | passwords.go:118:12:123:2 | composite literal [y, ... (1)] |
|
||||
| passwords.go:122:13:122:25 | call to getPassword [string] | passwords.go:125:14:125:19 | config |
|
||||
| passwords.go:126:14:126:19 | config [x, ... (1)] | passwords.go:126:14:126:21 | selection of x |
|
||||
| passwords.go:127:14:127:19 | config [y, ... (1)] | passwords.go:127:14:127:21 | selection of y |
|
||||
| util.go:14:9:14:18 | selection of password [string] | passwords.go:28:14:28:28 | call to getPassword |
|
||||
| util.go:14:9:14:18 | selection of password [string] | passwords.go:28:14:28:28 | call to getPassword [string] |
|
||||
| passwords.go:8:12:8:12 | definition of x : string | passwords.go:9:14:9:14 | x |
|
||||
| passwords.go:30:8:30:15 | password : string | passwords.go:8:12:8:12 | definition of x : string |
|
||||
| passwords.go:34:28:34:35 | password : string | passwords.go:34:14:34:35 | ...+... |
|
||||
| passwords.go:36:10:38:2 | composite literal : passStruct | passwords.go:39:14:39:17 | obj1 |
|
||||
| passwords.go:42:6:42:13 | password : string | passwords.go:44:14:44:17 | obj2 |
|
||||
| passwords.go:48:11:48:18 | password : string | passwords.go:47:14:47:17 | obj3 |
|
||||
| passwords.go:85:19:87:2 | composite literal : passSetStruct | passwords.go:88:14:88:26 | utilityObject |
|
||||
| passwords.go:90:12:90:19 | password : string | passwords.go:91:23:91:28 | secret |
|
||||
| passwords.go:101:33:101:40 | password : string | passwords.go:101:15:101:40 | ...+... |
|
||||
| passwords.go:107:34:107:41 | password : string | passwords.go:107:16:107:41 | ...+... |
|
||||
| passwords.go:112:33:112:40 | password : string | passwords.go:112:15:112:40 | ...+... |
|
||||
| passwords.go:116:28:116:36 | password1 : stringable | passwords.go:116:14:116:45 | ...+... |
|
||||
| passwords.go:118:12:123:2 | composite literal : Config | passwords.go:125:14:125:19 | config |
|
||||
| passwords.go:118:12:123:2 | composite literal [x] : string | passwords.go:126:14:126:19 | config [x] : string |
|
||||
| passwords.go:118:12:123:2 | composite literal [y] : string | passwords.go:127:14:127:19 | config [y] : string |
|
||||
| passwords.go:121:13:121:20 | password : string | passwords.go:118:12:123:2 | composite literal [x] : string |
|
||||
| passwords.go:121:13:121:20 | password : string | passwords.go:125:14:125:19 | config |
|
||||
| passwords.go:122:13:122:25 | call to getPassword : string | passwords.go:118:12:123:2 | composite literal [y] : string |
|
||||
| passwords.go:122:13:122:25 | call to getPassword : string | passwords.go:125:14:125:19 | config |
|
||||
| passwords.go:126:14:126:19 | config [x] : string | passwords.go:126:14:126:21 | selection of x |
|
||||
| passwords.go:127:14:127:19 | config [y] : string | passwords.go:127:14:127:21 | selection of y |
|
||||
| util.go:14:9:14:18 | selection of password : string | passwords.go:28:14:28:28 | call to getPassword |
|
||||
nodes
|
||||
| passwords.go:8:12:8:12 | definition of x : string | semmle.label | definition of x : string |
|
||||
| passwords.go:9:14:9:14 | x | semmle.label | x |
|
||||
| passwords.go:25:14:25:21 | password | semmle.label | password |
|
||||
| passwords.go:26:14:26:23 | selection of password | semmle.label | selection of password |
|
||||
| passwords.go:27:14:27:26 | call to getPassword | semmle.label | call to getPassword |
|
||||
| passwords.go:28:14:28:28 | call to getPassword | semmle.label | call to getPassword |
|
||||
| passwords.go:30:8:30:15 | password : string | semmle.label | password : string |
|
||||
| passwords.go:32:12:32:19 | password | semmle.label | password |
|
||||
| passwords.go:34:14:34:35 | ...+... | semmle.label | ...+... |
|
||||
| passwords.go:34:28:34:35 | password : string | semmle.label | password : string |
|
||||
| passwords.go:36:10:38:2 | composite literal : passStruct | semmle.label | composite literal : passStruct |
|
||||
| passwords.go:39:14:39:17 | obj1 | semmle.label | obj1 |
|
||||
| passwords.go:42:6:42:13 | password : string | semmle.label | password : string |
|
||||
| passwords.go:44:14:44:17 | obj2 | semmle.label | obj2 |
|
||||
| passwords.go:47:14:47:17 | obj3 | semmle.label | obj3 |
|
||||
| passwords.go:48:11:48:18 | password : string | semmle.label | password : string |
|
||||
| passwords.go:51:14:51:27 | fixed_password | semmle.label | fixed_password |
|
||||
| passwords.go:85:19:87:2 | composite literal : passSetStruct | semmle.label | composite literal : passSetStruct |
|
||||
| passwords.go:88:14:88:26 | utilityObject | semmle.label | utilityObject |
|
||||
| passwords.go:90:12:90:19 | password : string | semmle.label | password : string |
|
||||
| passwords.go:91:23:91:28 | secret | semmle.label | secret |
|
||||
| passwords.go:101:15:101:40 | ...+... | semmle.label | ...+... |
|
||||
| passwords.go:101:33:101:40 | password : string | semmle.label | password : string |
|
||||
| passwords.go:107:16:107:41 | ...+... | semmle.label | ...+... |
|
||||
| passwords.go:107:34:107:41 | password : string | semmle.label | password : string |
|
||||
| passwords.go:112:15:112:40 | ...+... | semmle.label | ...+... |
|
||||
| passwords.go:112:33:112:40 | password : string | semmle.label | password : string |
|
||||
| passwords.go:116:14:116:45 | ...+... | semmle.label | ...+... |
|
||||
| passwords.go:116:28:116:36 | password1 : stringable | semmle.label | password1 : stringable |
|
||||
| passwords.go:118:12:123:2 | composite literal : Config | semmle.label | composite literal : Config |
|
||||
| passwords.go:118:12:123:2 | composite literal [x] : string | semmle.label | composite literal [x] : string |
|
||||
| passwords.go:118:12:123:2 | composite literal [y] : string | semmle.label | composite literal [y] : string |
|
||||
| passwords.go:121:13:121:20 | password : string | semmle.label | password : string |
|
||||
| passwords.go:122:13:122:25 | call to getPassword : string | semmle.label | call to getPassword : string |
|
||||
| passwords.go:125:14:125:19 | config | semmle.label | config |
|
||||
| passwords.go:126:14:126:19 | config [x] : string | semmle.label | config [x] : string |
|
||||
| passwords.go:126:14:126:21 | selection of x | semmle.label | selection of x |
|
||||
| passwords.go:127:14:127:19 | config [y] : string | semmle.label | config [y] : string |
|
||||
| passwords.go:127:14:127:21 | selection of y | semmle.label | selection of y |
|
||||
| util.go:14:9:14:18 | selection of password : string | semmle.label | selection of password : string |
|
||||
#select
|
||||
| passwords.go:9:14:9:14 | x | passwords.go:30:8:30:15 | password [string] | passwords.go:9:14:9:14 | x | Sensitive data returned by $@ is logged here. | passwords.go:30:8:30:15 | password | an access to password |
|
||||
| passwords.go:25:14:25:21 | password | passwords.go:25:14:25:21 | password [string] | passwords.go:25:14:25:21 | password | Sensitive data returned by $@ is logged here. | passwords.go:25:14:25:21 | password | an access to password |
|
||||
| passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password [string] | passwords.go:26:14:26:23 | selection of password | Sensitive data returned by $@ is logged here. | passwords.go:26:14:26:23 | selection of password | an access to password |
|
||||
| passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword [string] | passwords.go:27:14:27:26 | call to getPassword | Sensitive data returned by $@ is logged here. | passwords.go:27:14:27:26 | call to getPassword | a call to getPassword |
|
||||
| passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword [string] | passwords.go:28:14:28:28 | call to getPassword | Sensitive data returned by $@ is logged here. | passwords.go:28:14:28:28 | call to getPassword | a call to getPassword |
|
||||
| passwords.go:28:14:28:28 | call to getPassword | util.go:14:9:14:18 | selection of password [string] | passwords.go:28:14:28:28 | call to getPassword | Sensitive data returned by $@ is logged here. | util.go:14:9:14:18 | selection of password | an access to password |
|
||||
| passwords.go:32:12:32:19 | password | passwords.go:32:12:32:19 | password [string] | passwords.go:32:12:32:19 | password | Sensitive data returned by $@ is logged here. | passwords.go:32:12:32:19 | password | an access to password |
|
||||
| passwords.go:34:14:34:35 | ...+... | passwords.go:34:28:34:35 | password [string] | passwords.go:34:14:34:35 | ...+... | Sensitive data returned by $@ is logged here. | passwords.go:34:28:34:35 | password | an access to password |
|
||||
| passwords.go:39:14:39:17 | obj1 | passwords.go:36:10:38:2 | composite literal [passStruct] | passwords.go:39:14:39:17 | obj1 | Sensitive data returned by $@ is logged here. | passwords.go:36:10:38:2 | composite literal | an access to password |
|
||||
| passwords.go:44:14:44:17 | obj2 | passwords.go:42:6:42:13 | password [string] | passwords.go:44:14:44:17 | obj2 | Sensitive data returned by $@ is logged here. | passwords.go:42:6:42:13 | password | an access to password |
|
||||
| passwords.go:47:14:47:17 | obj3 | passwords.go:48:11:48:18 | password [string] | passwords.go:47:14:47:17 | obj3 | Sensitive data returned by $@ is logged here. | passwords.go:48:11:48:18 | password | an access to password |
|
||||
| passwords.go:51:14:51:27 | fixed_password | passwords.go:51:14:51:27 | fixed_password [string] | passwords.go:51:14:51:27 | fixed_password | Sensitive data returned by $@ is logged here. | passwords.go:51:14:51:27 | fixed_password | an access to fixed_password |
|
||||
| passwords.go:88:14:88:26 | utilityObject | passwords.go:85:19:87:2 | composite literal [passSetStruct] | passwords.go:88:14:88:26 | utilityObject | Sensitive data returned by $@ is logged here. | passwords.go:85:19:87:2 | composite literal | an access to passwordSet |
|
||||
| passwords.go:91:23:91:28 | secret | passwords.go:90:12:90:19 | password [string] | passwords.go:91:23:91:28 | secret | Sensitive data returned by $@ is logged here. | passwords.go:90:12:90:19 | password | an access to password |
|
||||
| passwords.go:101:15:101:40 | ...+... | passwords.go:101:33:101:40 | password [string] | passwords.go:101:15:101:40 | ...+... | Sensitive data returned by $@ is logged here. | passwords.go:101:33:101:40 | password | an access to password |
|
||||
| passwords.go:107:16:107:41 | ...+... | passwords.go:107:34:107:41 | password [string] | passwords.go:107:16:107:41 | ...+... | Sensitive data returned by $@ is logged here. | passwords.go:107:34:107:41 | password | an access to password |
|
||||
| passwords.go:112:15:112:40 | ...+... | passwords.go:112:33:112:40 | password [string] | passwords.go:112:15:112:40 | ...+... | Sensitive data returned by $@ is logged here. | passwords.go:112:33:112:40 | password | an access to password |
|
||||
| passwords.go:116:14:116:45 | ...+... | passwords.go:116:28:116:36 | password1 [stringable] | passwords.go:116:14:116:45 | ...+... | Sensitive data returned by $@ is logged here. | passwords.go:116:28:116:36 | password1 | an access to password1 |
|
||||
| passwords.go:125:14:125:19 | config | passwords.go:118:12:123:2 | composite literal [Config] | passwords.go:125:14:125:19 | config | Sensitive data returned by $@ is logged here. | passwords.go:118:12:123:2 | composite literal | an access to password |
|
||||
| passwords.go:125:14:125:19 | config | passwords.go:121:13:121:20 | password [string] | passwords.go:125:14:125:19 | config | Sensitive data returned by $@ is logged here. | passwords.go:121:13:121:20 | password | an access to password |
|
||||
| passwords.go:125:14:125:19 | config | passwords.go:122:13:122:25 | call to getPassword [string] | passwords.go:125:14:125:19 | config | Sensitive data returned by $@ is logged here. | passwords.go:122:13:122:25 | call to getPassword | a call to getPassword |
|
||||
| passwords.go:126:14:126:21 | selection of x | passwords.go:121:13:121:20 | password [string] | passwords.go:126:14:126:21 | selection of x | Sensitive data returned by $@ is logged here. | passwords.go:121:13:121:20 | password | an access to password |
|
||||
| passwords.go:127:14:127:21 | selection of y | passwords.go:122:13:122:25 | call to getPassword [string] | passwords.go:127:14:127:21 | selection of y | Sensitive data returned by $@ is logged here. | passwords.go:122:13:122:25 | call to getPassword | a call to getPassword |
|
||||
| passwords.go:9:14:9:14 | x | passwords.go:30:8:30:15 | password : string | passwords.go:9:14:9:14 | x | Sensitive data returned by $@ is logged here. | passwords.go:30:8:30:15 | password | an access to password |
|
||||
| passwords.go:25:14:25:21 | password | passwords.go:25:14:25:21 | password | passwords.go:25:14:25:21 | password | Sensitive data returned by $@ is logged here. | passwords.go:25:14:25:21 | password | an access to password |
|
||||
| passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | Sensitive data returned by $@ is logged here. | passwords.go:26:14:26:23 | selection of password | an access to password |
|
||||
| passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | Sensitive data returned by $@ is logged here. | passwords.go:27:14:27:26 | call to getPassword | a call to getPassword |
|
||||
| passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | Sensitive data returned by $@ is logged here. | passwords.go:28:14:28:28 | call to getPassword | a call to getPassword |
|
||||
| passwords.go:28:14:28:28 | call to getPassword | util.go:14:9:14:18 | selection of password : string | passwords.go:28:14:28:28 | call to getPassword | Sensitive data returned by $@ is logged here. | util.go:14:9:14:18 | selection of password | an access to password |
|
||||
| passwords.go:32:12:32:19 | password | passwords.go:32:12:32:19 | password | passwords.go:32:12:32:19 | password | Sensitive data returned by $@ is logged here. | passwords.go:32:12:32:19 | password | an access to password |
|
||||
| passwords.go:34:14:34:35 | ...+... | passwords.go:34:28:34:35 | password : string | passwords.go:34:14:34:35 | ...+... | Sensitive data returned by $@ is logged here. | passwords.go:34:28:34:35 | password | an access to password |
|
||||
| passwords.go:39:14:39:17 | obj1 | passwords.go:36:10:38:2 | composite literal : passStruct | passwords.go:39:14:39:17 | obj1 | Sensitive data returned by $@ is logged here. | passwords.go:36:10:38:2 | composite literal | an access to password |
|
||||
| passwords.go:44:14:44:17 | obj2 | passwords.go:42:6:42:13 | password : string | passwords.go:44:14:44:17 | obj2 | Sensitive data returned by $@ is logged here. | passwords.go:42:6:42:13 | password | an access to password |
|
||||
| passwords.go:47:14:47:17 | obj3 | passwords.go:48:11:48:18 | password : string | passwords.go:47:14:47:17 | obj3 | Sensitive data returned by $@ is logged here. | passwords.go:48:11:48:18 | password | an access to password |
|
||||
| passwords.go:51:14:51:27 | fixed_password | passwords.go:51:14:51:27 | fixed_password | passwords.go:51:14:51:27 | fixed_password | Sensitive data returned by $@ is logged here. | passwords.go:51:14:51:27 | fixed_password | an access to fixed_password |
|
||||
| passwords.go:88:14:88:26 | utilityObject | passwords.go:85:19:87:2 | composite literal : passSetStruct | passwords.go:88:14:88:26 | utilityObject | Sensitive data returned by $@ is logged here. | passwords.go:85:19:87:2 | composite literal | an access to passwordSet |
|
||||
| passwords.go:91:23:91:28 | secret | passwords.go:90:12:90:19 | password : string | passwords.go:91:23:91:28 | secret | Sensitive data returned by $@ is logged here. | passwords.go:90:12:90:19 | password | an access to password |
|
||||
| passwords.go:101:15:101:40 | ...+... | passwords.go:101:33:101:40 | password : string | passwords.go:101:15:101:40 | ...+... | Sensitive data returned by $@ is logged here. | passwords.go:101:33:101:40 | password | an access to password |
|
||||
| passwords.go:107:16:107:41 | ...+... | passwords.go:107:34:107:41 | password : string | passwords.go:107:16:107:41 | ...+... | Sensitive data returned by $@ is logged here. | passwords.go:107:34:107:41 | password | an access to password |
|
||||
| passwords.go:112:15:112:40 | ...+... | passwords.go:112:33:112:40 | password : string | passwords.go:112:15:112:40 | ...+... | Sensitive data returned by $@ is logged here. | passwords.go:112:33:112:40 | password | an access to password |
|
||||
| passwords.go:116:14:116:45 | ...+... | passwords.go:116:28:116:36 | password1 : stringable | passwords.go:116:14:116:45 | ...+... | Sensitive data returned by $@ is logged here. | passwords.go:116:28:116:36 | password1 | an access to password1 |
|
||||
| passwords.go:125:14:125:19 | config | passwords.go:118:12:123:2 | composite literal : Config | passwords.go:125:14:125:19 | config | Sensitive data returned by $@ is logged here. | passwords.go:118:12:123:2 | composite literal | an access to password |
|
||||
| passwords.go:125:14:125:19 | config | passwords.go:121:13:121:20 | password : string | passwords.go:125:14:125:19 | config | Sensitive data returned by $@ is logged here. | passwords.go:121:13:121:20 | password | an access to password |
|
||||
| passwords.go:125:14:125:19 | config | passwords.go:122:13:122:25 | call to getPassword : string | passwords.go:125:14:125:19 | config | Sensitive data returned by $@ is logged here. | passwords.go:122:13:122:25 | call to getPassword | a call to getPassword |
|
||||
| passwords.go:126:14:126:21 | selection of x | passwords.go:121:13:121:20 | password : string | passwords.go:126:14:126:21 | selection of x | Sensitive data returned by $@ is logged here. | passwords.go:121:13:121:20 | password | an access to password |
|
||||
| passwords.go:127:14:127:21 | selection of y | passwords.go:122:13:122:25 | call to getPassword : string | passwords.go:127:14:127:21 | selection of y | Sensitive data returned by $@ is logged here. | passwords.go:122:13:122:25 | call to getPassword | a call to getPassword |
|
||||
|
||||
@@ -1,16 +1,31 @@
|
||||
edges
|
||||
| OpenUrlRedirect.go:10:23:10:28 | selection of Form [Values] | OpenUrlRedirect.go:10:23:10:42 | call to Get |
|
||||
| stdlib.go:12:13:12:18 | selection of Form [Values] | stdlib.go:14:30:14:35 | target |
|
||||
| stdlib.go:21:13:21:18 | selection of Form [Values] | stdlib.go:23:30:23:35 | target |
|
||||
| stdlib.go:30:13:30:18 | selection of Form [Values] | stdlib.go:34:30:34:39 | ...+... |
|
||||
| stdlib.go:43:13:43:18 | selection of Form [Values] | stdlib.go:45:23:45:28 | target |
|
||||
| stdlib.go:63:13:63:18 | selection of Form [Values] | stdlib.go:66:23:66:40 | ...+... |
|
||||
| stdlib.go:88:13:88:18 | selection of Form [Values] | stdlib.go:91:23:91:28 | target |
|
||||
| OpenUrlRedirect.go:10:23:10:28 | selection of Form : Values | OpenUrlRedirect.go:10:23:10:42 | call to Get |
|
||||
| stdlib.go:12:13:12:18 | selection of Form : Values | stdlib.go:14:30:14:35 | target |
|
||||
| stdlib.go:21:13:21:18 | selection of Form : Values | stdlib.go:23:30:23:35 | target |
|
||||
| stdlib.go:30:13:30:18 | selection of Form : Values | stdlib.go:34:30:34:39 | ...+... |
|
||||
| stdlib.go:43:13:43:18 | selection of Form : Values | stdlib.go:45:23:45:28 | target |
|
||||
| stdlib.go:63:13:63:18 | selection of Form : Values | stdlib.go:66:23:66:40 | ...+... |
|
||||
| stdlib.go:88:13:88:18 | selection of Form : Values | stdlib.go:91:23:91:28 | target |
|
||||
nodes
|
||||
| OpenUrlRedirect.go:10:23:10:28 | selection of Form : Values | semmle.label | selection of Form : Values |
|
||||
| OpenUrlRedirect.go:10:23:10:42 | call to Get | semmle.label | call to Get |
|
||||
| stdlib.go:12:13:12:18 | selection of Form : Values | semmle.label | selection of Form : Values |
|
||||
| stdlib.go:14:30:14:35 | target | semmle.label | target |
|
||||
| stdlib.go:21:13:21:18 | selection of Form : Values | semmle.label | selection of Form : Values |
|
||||
| stdlib.go:23:30:23:35 | target | semmle.label | target |
|
||||
| stdlib.go:30:13:30:18 | selection of Form : Values | semmle.label | selection of Form : Values |
|
||||
| stdlib.go:34:30:34:39 | ...+... | semmle.label | ...+... |
|
||||
| stdlib.go:43:13:43:18 | selection of Form : Values | semmle.label | selection of Form : Values |
|
||||
| stdlib.go:45:23:45:28 | target | semmle.label | target |
|
||||
| stdlib.go:63:13:63:18 | selection of Form : Values | semmle.label | selection of Form : Values |
|
||||
| stdlib.go:66:23:66:40 | ...+... | semmle.label | ...+... |
|
||||
| stdlib.go:88:13:88:18 | selection of Form : Values | semmle.label | selection of Form : Values |
|
||||
| stdlib.go:91:23:91:28 | target | semmle.label | target |
|
||||
#select
|
||||
| OpenUrlRedirect.go:10:23:10:42 | call to Get | OpenUrlRedirect.go:10:23:10:28 | selection of Form [Values] | OpenUrlRedirect.go:10:23:10:42 | call to Get | Untrusted URL redirection due to $@. | OpenUrlRedirect.go:10:23:10:28 | selection of Form | user-provided value |
|
||||
| stdlib.go:14:30:14:35 | target | stdlib.go:12:13:12:18 | selection of Form [Values] | stdlib.go:14:30:14:35 | target | Untrusted URL redirection due to $@. | stdlib.go:12:13:12:18 | selection of Form | user-provided value |
|
||||
| stdlib.go:23:30:23:35 | target | stdlib.go:21:13:21:18 | selection of Form [Values] | stdlib.go:23:30:23:35 | target | Untrusted URL redirection due to $@. | stdlib.go:21:13:21:18 | selection of Form | user-provided value |
|
||||
| stdlib.go:34:30:34:39 | ...+... | stdlib.go:30:13:30:18 | selection of Form [Values] | stdlib.go:34:30:34:39 | ...+... | Untrusted URL redirection due to $@. | stdlib.go:30:13:30:18 | selection of Form | user-provided value |
|
||||
| stdlib.go:45:23:45:28 | target | stdlib.go:43:13:43:18 | selection of Form [Values] | stdlib.go:45:23:45:28 | target | Untrusted URL redirection due to $@. | stdlib.go:43:13:43:18 | selection of Form | user-provided value |
|
||||
| stdlib.go:66:23:66:40 | ...+... | stdlib.go:63:13:63:18 | selection of Form [Values] | stdlib.go:66:23:66:40 | ...+... | Untrusted URL redirection due to $@. | stdlib.go:63:13:63:18 | selection of Form | user-provided value |
|
||||
| stdlib.go:91:23:91:28 | target | stdlib.go:88:13:88:18 | selection of Form [Values] | stdlib.go:91:23:91:28 | target | Untrusted URL redirection due to $@. | stdlib.go:88:13:88:18 | selection of Form | user-provided value |
|
||||
| OpenUrlRedirect.go:10:23:10:42 | call to Get | OpenUrlRedirect.go:10:23:10:28 | selection of Form : Values | OpenUrlRedirect.go:10:23:10:42 | call to Get | Untrusted URL redirection due to $@. | OpenUrlRedirect.go:10:23:10:28 | selection of Form | user-provided value |
|
||||
| stdlib.go:14:30:14:35 | target | stdlib.go:12:13:12:18 | selection of Form : Values | stdlib.go:14:30:14:35 | target | Untrusted URL redirection due to $@. | stdlib.go:12:13:12:18 | selection of Form | user-provided value |
|
||||
| stdlib.go:23:30:23:35 | target | stdlib.go:21:13:21:18 | selection of Form : Values | stdlib.go:23:30:23:35 | target | Untrusted URL redirection due to $@. | stdlib.go:21:13:21:18 | selection of Form | user-provided value |
|
||||
| stdlib.go:34:30:34:39 | ...+... | stdlib.go:30:13:30:18 | selection of Form : Values | stdlib.go:34:30:34:39 | ...+... | Untrusted URL redirection due to $@. | stdlib.go:30:13:30:18 | selection of Form | user-provided value |
|
||||
| stdlib.go:45:23:45:28 | target | stdlib.go:43:13:43:18 | selection of Form : Values | stdlib.go:45:23:45:28 | target | Untrusted URL redirection due to $@. | stdlib.go:43:13:43:18 | selection of Form | user-provided value |
|
||||
| stdlib.go:66:23:66:40 | ...+... | stdlib.go:63:13:63:18 | selection of Form : Values | stdlib.go:66:23:66:40 | ...+... | Untrusted URL redirection due to $@. | stdlib.go:63:13:63:18 | selection of Form | user-provided value |
|
||||
| stdlib.go:91:23:91:28 | target | stdlib.go:88:13:88:18 | selection of Form : Values | stdlib.go:91:23:91:28 | target | Untrusted URL redirection due to $@. | stdlib.go:88:13:88:18 | selection of Form | user-provided value |
|
||||
|
||||
Reference in New Issue
Block a user