From 64a61bd64884bcea71a1d28f285f1048df9d9bfa Mon Sep 17 00:00:00 2001 From: Slavomir Date: Wed, 9 Sep 2020 14:20:17 +0200 Subject: [PATCH] Remove redundant taint-tracking from `MarshalingFunction` and `UnmarshalingFunction` classes in `EncodingXml` module. --- ql/src/semmle/go/frameworks/stdlib/EncodingXml.qll | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/ql/src/semmle/go/frameworks/stdlib/EncodingXml.qll b/ql/src/semmle/go/frameworks/stdlib/EncodingXml.qll index aa50ed1fd1f..27f48a76b0a 100644 --- a/ql/src/semmle/go/frameworks/stdlib/EncodingXml.qll +++ b/ql/src/semmle/go/frameworks/stdlib/EncodingXml.qll @@ -7,16 +7,12 @@ import go /** Provides models of commonly used functions in the `encoding/xml` package. */ module EncodingXml { /** The `Marshal` or `MarshalIndent` function in the `encoding/xml` package. */ - class MarshalFunction extends TaintTracking::FunctionModel, MarshalingFunction::Range { + private class MarshalFunction extends MarshalingFunction::Range { MarshalFunction() { this.hasQualifiedName("encoding/xml", "Marshal") or this.hasQualifiedName("encoding/xml", "MarshalIndent") } - override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) { - inp = getAnInput() and outp = getOutput() - } - override FunctionInput getAnInput() { result.isParameter(0) } override FunctionOutput getOutput() { result.isResult(0) } @@ -24,13 +20,9 @@ module EncodingXml { override string getFormat() { result = "XML" } } - private class UnmarshalFunction extends TaintTracking::FunctionModel, UnmarshalingFunction::Range { + private class UnmarshalFunction extends UnmarshalingFunction::Range { UnmarshalFunction() { this.hasQualifiedName("encoding/xml", "Unmarshal") } - override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) { - inp = getAnInput() and outp = getOutput() - } - override FunctionInput getAnInput() { result.isParameter(0) } override FunctionOutput getOutput() { result.isParameter(1) }