hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 05:05:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Move EncodingJson to stdlib; add Escape class.

Browse Source
This commit is contained in:
Slavomir
2020-09-06 18:29:07 +02:00
parent 24c23ba333
commit 669ed91b0b
2 changed files with 38 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
ql/src/semmle/go/frameworks/Stdlib.qll
View File

@@ -707,41 +707,6 @@ module Log {
}
}
/** Provides models of some functions in the `encoding/json` package. */
module EncodingJson {
/** The `Marshal` or `MarshalIndent` function in the `encoding/json` package. */
class MarshalFunction extends TaintTracking::FunctionModel, MarshalingFunction::Range {
MarshalFunction() {
this.hasQualifiedName("encoding/json", "Marshal") or
this.hasQualifiedName("encoding/json", "MarshalIndent")
}
override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
inp = getAnInput() and outp = getOutput()
}
override FunctionInput getAnInput() { result.isParameter(0) }
override FunctionOutput getOutput() { result.isResult(0) }
override string getFormat() { result = "JSON" }
}
private class UnmarshalFunction extends TaintTracking::FunctionModel, UnmarshalingFunction::Range {
UnmarshalFunction() { this.hasQualifiedName("encoding/json", "Unmarshal") }
override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
inp = getAnInput() and outp = getOutput()
}
override FunctionInput getAnInput() { result.isParameter(0) }
override FunctionOutput getOutput() { result.isParameter(1) }
override string getFormat() { result = "JSON" }
}
}
/** Provides models of some functions in the `crypto/cipher` package. */
module CryptoCipher {
private class AeadOpenFunction extends TaintTracking::FunctionModel, Method {

38
ql/src/semmle/go/frameworks/stdlib/EncodingJson.qll
View File

@@ -6,6 +6,44 @@ import go
/** Provides models of commonly used functions in the `encoding/json` package. */
module EncodingJson {
private class Escape extends EscapeFunction::Range {
Escape() { hasQualifiedName("encoding/json", "HTMLEscape") }
override string kind() { result = "html" }
}
/** The `Marshal` or `MarshalIndent` function in the `encoding/json` package. */
class MarshalFunction extends TaintTracking::FunctionModel, MarshalingFunction::Range {
MarshalFunction() {
this.hasQualifiedName("encoding/json", "Marshal") or
this.hasQualifiedName("encoding/json", "MarshalIndent")
}
override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
inp = getAnInput() and outp = getOutput()
}
override FunctionInput getAnInput() { result.isParameter(0) }
override FunctionOutput getOutput() { result.isResult(0) }
override string getFormat() { result = "JSON" }
}
private class UnmarshalFunction extends TaintTracking::FunctionModel, UnmarshalingFunction::Range {
UnmarshalFunction() { this.hasQualifiedName("encoding/json", "Unmarshal") }
override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
inp = getAnInput() and outp = getOutput()
}
override FunctionInput getAnInput() { result.isParameter(0) }
override FunctionOutput getOutput() { result.isParameter(1) }
override string getFormat() { result = "JSON" }
}
private class FunctionModels extends TaintTracking::FunctionModel {
FunctionInput inp;
FunctionOutput outp;