hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Convert Fasthttp::URI::RemoteFlowSource to MaD

Browse Source
This commit is contained in:
Owen Mansel-Chan
2024-06-23 14:06:47 +01:00
parent f33927457f
commit 5a00b5ec96
2 changed files with 18 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
go/ql/lib/ext/github.com.valyala.fasthttp.model.yml
View File

@@ -8,3 +8,14 @@ extensions:
- ["github.com/valyala/fasthttp", "URI", False, "Update", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"]
- ["github.com/valyala/fasthttp", "URI", False, "UpdateBytes", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"]
- ["github.com/valyala/fasthttp", "URI", False, "Parse", "", "", "Argument[0..1]", "Argument[receiver]", "taint", "manual"]
- addsTo:
pack: codeql/go-all
extensible: sourceModel
data:
- ["github.com/valyala/fasthttp", "URI", True, "FullURI", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/valyala/fasthttp", "URI", True, "LastPathSegment", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/valyala/fasthttp", "URI", True, "Path", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/valyala/fasthttp", "URI", True, "PathOriginal", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/valyala/fasthttp", "URI", True, "QueryString", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/valyala/fasthttp", "URI", True, "String", "", "", "ReturnValue[0]", "remote", "manual"]

10
go/ql/lib/semmle/go/frameworks/Fasthttp.qll
View File

@@ -252,18 +252,22 @@ module Fasthttp {
}
/**
* DEPRECATED
*
* Provide modeling for fasthttp.URI Type.
*/
module URI {
deprecated module URI {
/**
* DEPRECATED: Use `RemoteFlowSource` instead.
* DEPRECATED: Use `RemoteFlowSource::Range` instead.
*/
deprecated class UntrustedFlowSource = RemoteFlowSource;
/**
* DEPRECATED: Use `RemoteFlowSource::Range` instead.
*
* The methods as Remote user controllable source which are part of the incoming URL.
*/
class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
deprecated class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
RemoteFlowSource() {
exists(Method m |
m.hasQualifiedName(packagePath(), "URI",