diff --git a/ql/src/semmle/go/frameworks/Stdlib.qll b/ql/src/semmle/go/frameworks/Stdlib.qll index cb5b97e0609..df794f8f073 100644 --- a/ql/src/semmle/go/frameworks/Stdlib.qll +++ b/ql/src/semmle/go/frameworks/Stdlib.qll @@ -30,6 +30,7 @@ import semmle.go.frameworks.stdlib.EncodingXml import semmle.go.frameworks.stdlib.Html import semmle.go.frameworks.stdlib.HtmlTemplate import semmle.go.frameworks.stdlib.Errors +import semmle.go.frameworks.stdlib.Expvar import semmle.go.frameworks.stdlib.Path import semmle.go.frameworks.stdlib.PathFilepath import semmle.go.frameworks.stdlib.Reflect diff --git a/ql/src/semmle/go/frameworks/stdlib/Expvar.qll b/ql/src/semmle/go/frameworks/stdlib/Expvar.qll new file mode 100644 index 00000000000..a2650c9db35 --- /dev/null +++ b/ql/src/semmle/go/frameworks/stdlib/Expvar.qll @@ -0,0 +1,51 @@ +/** + * Provides classes modeling security-relevant aspects of the `expvar` package. + */ + +import go + +/** Provides models of commonly used functions in the `expvar` package. */ +module Expvar { + private class MethodModels extends TaintTracking::FunctionModel, Method { + FunctionInput inp; + FunctionOutput outp; + + MethodModels() { + // signature: func (Func).Value() interface{} + this.hasQualifiedName("expvar", "Func", "Value") and + (inp.isReceiver() and outp.isResult()) + or + // signature: func (*Map).Get(key string) Var + this.hasQualifiedName("expvar", "Map", "Get") and + (inp.isReceiver() and outp.isResult()) + or + // signature: func (*Map).Set(key string, av Var) + this.hasQualifiedName("expvar", "Map", "Set") and + (inp.isParameter(_) and outp.isReceiver()) + or + // signature: func (*Map).String() string + this.hasQualifiedName("expvar", "Map", "String") and + (inp.isReceiver() and outp.isResult()) + or + // signature: func (*String).Set(value string) + this.hasQualifiedName("expvar", "String", "Set") and + (inp.isParameter(0) and outp.isReceiver()) + or + // signature: func (*String).String() string + this.hasQualifiedName("expvar", "String", "String") and + (inp.isReceiver() and outp.isResult()) + or + // signature: func (*String).Value() string + this.hasQualifiedName("expvar", "String", "Value") and + (inp.isReceiver() and outp.isResult()) + or + // signature: func (Var).String() string + this.implements("expvar", "Var", "String") and + (inp.isReceiver() and outp.isResult()) + } + + override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { + input = inp and output = outp + } + } +} diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Expvar.go b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Expvar.go new file mode 100644 index 00000000000..429612f221b --- /dev/null +++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Expvar.go @@ -0,0 +1,110 @@ +// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT. + +package main + +import "expvar" + +func TaintStepTest_ExpvarFuncValue_B0I0O0(sourceCQL interface{}) interface{} { + fromFunc656 := sourceCQL.(expvar.Func) + intoInterface414 := fromFunc656.Value() + return intoInterface414 +} + +func TaintStepTest_ExpvarMapGet_B0I0O0(sourceCQL interface{}) interface{} { + fromMap518 := sourceCQL.(expvar.Map) + intoVar650 := fromMap518.Get("") + return intoVar650 +} + +func TaintStepTest_ExpvarMapSet_B0I0O0(sourceCQL interface{}) interface{} { + fromString784 := sourceCQL.(string) + var intoMap957 expvar.Map + intoMap957.Set(fromString784, nil) + return intoMap957 +} + +func TaintStepTest_ExpvarMapSet_B0I1O0(sourceCQL interface{}) interface{} { + fromVar520 := sourceCQL.(expvar.Var) + var intoMap443 expvar.Map + intoMap443.Set("", fromVar520) + return intoMap443 +} + +func TaintStepTest_ExpvarMapString_B0I0O0(sourceCQL interface{}) interface{} { + fromMap127 := sourceCQL.(expvar.Map) + intoString483 := fromMap127.String() + return intoString483 +} + +func TaintStepTest_ExpvarStringSet_B0I0O0(sourceCQL interface{}) interface{} { + fromString989 := sourceCQL.(string) + var intoString982 expvar.String + intoString982.Set(fromString989) + return intoString982 +} + +func TaintStepTest_ExpvarStringString_B0I0O0(sourceCQL interface{}) interface{} { + fromString417 := sourceCQL.(expvar.String) + intoString584 := fromString417.String() + return intoString584 +} + +func TaintStepTest_ExpvarStringValue_B0I0O0(sourceCQL interface{}) interface{} { + fromString991 := sourceCQL.(expvar.String) + intoString881 := fromString991.Value() + return intoString881 +} + +func TaintStepTest_ExpvarVarString_B0I0O0(sourceCQL interface{}) interface{} { + fromVar186 := sourceCQL.(expvar.Var) + intoString284 := fromVar186.String() + return intoString284 +} + +func RunAllTaints_Expvar() { + { + source := newSource(0) + out := TaintStepTest_ExpvarFuncValue_B0I0O0(source) + sink(0, out) + } + { + source := newSource(1) + out := TaintStepTest_ExpvarMapGet_B0I0O0(source) + sink(1, out) + } + { + source := newSource(2) + out := TaintStepTest_ExpvarMapSet_B0I0O0(source) + sink(2, out) + } + { + source := newSource(3) + out := TaintStepTest_ExpvarMapSet_B0I1O0(source) + sink(3, out) + } + { + source := newSource(4) + out := TaintStepTest_ExpvarMapString_B0I0O0(source) + sink(4, out) + } + { + source := newSource(5) + out := TaintStepTest_ExpvarStringSet_B0I0O0(source) + sink(5, out) + } + { + source := newSource(6) + out := TaintStepTest_ExpvarStringString_B0I0O0(source) + sink(6, out) + } + { + source := newSource(7) + out := TaintStepTest_ExpvarStringValue_B0I0O0(source) + sink(7, out) + } + { + source := newSource(8) + out := TaintStepTest_ExpvarVarString_B0I0O0(source) + sink(8, out) + } +}