hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 14:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #345 from gagliardetto/from-331-to-337

Browse Source 
Merge #331, #332, #333, #334, #335, #336, #337
This commit is contained in:
Chris Smowton
2020-09-21 09:34:41 +01:00
committed by GitHub
parent fee596ac83 a7dba54001
commit 6770c74b7f
27 changed files with 4071 additions and 373 deletions
Download Patch File Download Diff File Expand all files Collapse all files

228
ql/src/semmle/go/frameworks/HTTP.qll
View File

@@ -4,234 +4,6 @@
import go
private module StdlibHttp {
/** An access to an HTTP request field whose value may be controlled by an untrusted user. */
private class UserControlledRequestField extends UntrustedFlowSource::Range,
DataFlow::FieldReadNode {
UserControlledRequestField() {
exists(string fieldName | this.getField().hasQualifiedName("net/http", "Request", fieldName) |
fieldName = "Body" or
fieldName = "GetBody" or
fieldName = "Form" or
fieldName = "PostForm" or
fieldName = "MultipartForm" or
fieldName = "Header" or
fieldName = "Trailer" or
fieldName = "URL"
)
}
}
private class UserControlledRequestMethod extends UntrustedFlowSource::Range,
DataFlow::MethodCallNode {
UserControlledRequestMethod() {
exists(string methName | this.getTarget().hasQualifiedName("net/http", "Request", methName) |
methName = "Cookie" or
methName = "Cookies" or
methName = "FormFile" or
methName = "FormValue" or
methName = "MultipartReader" or
methName = "PostFormValue" or
methName = "Referer" or
methName = "UserAgent"
)
}
}
private class HeaderGet extends TaintTracking::FunctionModel, Method {
HeaderGet() { this.hasQualifiedName("net/http", "Header", "Get") }
override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
inp.isReceiver() and outp.isResult()
}
}
private class HeaderValues extends TaintTracking::FunctionModel, Method {
HeaderValues() { this.hasQualifiedName("net/http", "Header", "Values") }
override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
inp.isReceiver() and outp.isResult()
}
}
/** The declaration of a variable which either is or has a field that implements the http.ResponseWriter type */
private class StdlibResponseWriter extends HTTP::ResponseWriter::Range {
SsaWithFields v;
StdlibResponseWriter() {
this = v.getBaseVariable().getSourceVariable() and
exists(Type t | t.implements("net/http", "ResponseWriter") | v.getType() = t)
}
override DataFlow::Node getANode() { result = v.similar().getAUse().getASuccessor*() }
/** Gets a header object that corresponds to this HTTP response. */
DataFlow::MethodCallNode getAHeaderObject() {
result.getTarget().getName() = "Header" and
this.getANode() = result.getReceiver()
}
}
private class HeaderWriteCall extends HTTP::HeaderWrite::Range, DataFlow::MethodCallNode {
HeaderWriteCall() {
this.getTarget().hasQualifiedName("net/http", "Header", "Add") or
this.getTarget().hasQualifiedName("net/http", "Header", "Set")
}
override DataFlow::Node getName() { result = this.getArgument(0) }
override DataFlow::Node getValue() { result = this.getArgument(1) }
override HTTP::ResponseWriter getResponseWriter() {
// find `v` in
// ```
// header := v.Header()
// header.Add(...)
// ```
result.(StdlibResponseWriter).getAHeaderObject().getASuccessor*() = this.getReceiver()
}
}
private class MapWrite extends HTTP::HeaderWrite::Range, DataFlow::Node {
Write write;
DataFlow::Node index;
DataFlow::Node rhs;
MapWrite() {
this.getType().hasQualifiedName("net/http", "Header") and
write.writesElement(this, index, rhs)
}
override DataFlow::Node getName() { result = index }
override DataFlow::Node getValue() { result = rhs }
override HTTP::ResponseWriter getResponseWriter() {
// find `v` in
// ```
// header := v.Header()
// header[...] = ...
// ```
result.(StdlibResponseWriter).getAHeaderObject().getASuccessor*() = this
}
}
private class ResponseWriteHeaderCall extends HTTP::HeaderWrite::Range, DataFlow::MethodCallNode {
ResponseWriteHeaderCall() {
this.getTarget().implements("net/http", "ResponseWriter", "WriteHeader")
}
override string getHeaderName() { result = "status" }
override predicate definesHeader(string header, string value) {
header = "status" and value = this.getValue().getIntValue().toString()
}
override DataFlow::Node getName() { none() }
override DataFlow::Node getValue() { result = this.getArgument(0) }
override HTTP::ResponseWriter getResponseWriter() { result.getANode() = this.getReceiver() }
}
private class RequestBody extends HTTP::RequestBody::Range, DataFlow::ExprNode {
RequestBody() {
exists(Function newRequest |
newRequest.hasQualifiedName("net/http", "NewRequest") and
this = newRequest.getACall().getArgument(2)
)
or
exists(Field body, Type request |
request.hasQualifiedName("net/http", "Request") and
body = request.getField("Body") and
this = body.getAWrite().getRhs()
)
}
}
private class ResponseBody extends HTTP::ResponseBody::Range, DataFlow::ArgumentNode {
int arg;
ResponseBody() {
exists(DataFlow::CallNode call |
call.getTarget().(Method).implements("net/http", "ResponseWriter", "Write") and
arg = 0
or
(
call.getTarget().hasQualifiedName("fmt", "Fprintf")
or
call.getTarget().hasQualifiedName("io", "WriteString")
) and
call.getArgument(0).getType().hasQualifiedName("net/http", "ResponseWriter") and
arg >= 1
|
this = call.getArgument(arg)
)
}
override HTTP::ResponseWriter getResponseWriter() {
// the response writer is the receiver of this call
result.getANode() = this.getCall().(DataFlow::MethodCallNode).getReceiver()
or
// the response writer is an argument to Fprintf or WriteString
arg >= 1 and
result.getANode() = this.getCall().getArgument(0)
}
}
private class RedirectCall extends HTTP::Redirect::Range, DataFlow::CallNode {
RedirectCall() { this.getTarget().hasQualifiedName("net/http", "Redirect") }
override DataFlow::Node getUrl() { result = this.getArgument(2) }
override HTTP::ResponseWriter getResponseWriter() { result.getANode() = this.getArgument(0) }
}
/** A call to a function in the `net/http` package that performs an HTTP request to a URL. */
private class RequestCall extends HTTP::ClientRequest::Range, DataFlow::CallNode {
RequestCall() {
exists(string functionName |
(
this.getTarget().hasQualifiedName("net/http", functionName)
or
this.getTarget().(Method).hasQualifiedName("net/http", "Client", functionName)
) and
(functionName = "Get" or functionName = "Post" or functionName = "PostForm")
)
}
/** Gets the URL of the request. */
override DataFlow::Node getUrl() { result = this.getArgument(0) }
}
/** A call to the Client.Do function in the `net/http` package. */
private class ClientDo extends HTTP::ClientRequest::Range, DataFlow::MethodCallNode {
ClientDo() { this.getTarget().hasQualifiedName("net/http", "Client", "Do") }
override DataFlow::Node getUrl() {
// A URL passed to `NewRequest`, whose result is passed to this `Do` call
exists(DataFlow::CallNode call | call.getTarget().hasQualifiedName("net/http", "NewRequest") |
this.getArgument(0) = call.getResult(0).getASuccessor*() and
result = call.getArgument(1)
)
or
// A URL passed to `NewRequestWithContext`, whose result is passed to this `Do` call
exists(DataFlow::CallNode call |
call.getTarget().hasQualifiedName("net/http", "NewRequestWithContext")
|
this.getArgument(0) = call.getResult(0).getASuccessor*() and
result = call.getArgument(2)
)
or
// A URL assigned to a request that is passed to this `Do` call
exists(Write w, Field f |
f.hasQualifiedName("net/http", "Request", "URL") and
w.writesField(this.getArgument(0).getAPredecessor*(), f, result)
)
}
}
}
/**
* Provides models of the go-restful library (https://github.com/emicklei/go-restful).
*/

157
ql/src/semmle/go/frameworks/Stdlib.qll
View File

@@ -29,11 +29,23 @@ import semmle.go.frameworks.stdlib.EncodingPem
import semmle.go.frameworks.stdlib.EncodingXml
import semmle.go.frameworks.stdlib.Html
import semmle.go.frameworks.stdlib.HtmlTemplate
import semmle.go.frameworks.stdlib.Context
import semmle.go.frameworks.stdlib.Os
import semmle.go.frameworks.stdlib.Net
import semmle.go.frameworks.stdlib.NetHttp
import semmle.go.frameworks.stdlib.NetHttpHttputil
import semmle.go.frameworks.stdlib.NetMail
import semmle.go.frameworks.stdlib.NetTextproto
import semmle.go.frameworks.stdlib.Path
import semmle.go.frameworks.stdlib.PathFilepath
import semmle.go.frameworks.stdlib.Reflect
import semmle.go.frameworks.stdlib.Strconv
import semmle.go.frameworks.stdlib.Strings
import semmle.go.frameworks.stdlib.Sync
import semmle.go.frameworks.stdlib.SyncAtomic
import semmle.go.frameworks.stdlib.Syscall
import semmle.go.frameworks.stdlib.Sort
import semmle.go.frameworks.stdlib.Regexp
import semmle.go.frameworks.stdlib.TextScanner
import semmle.go.frameworks.stdlib.TextTabwriter
import semmle.go.frameworks.stdlib.TextTemplate
@@ -394,87 +406,6 @@ module IoUtil {
}
}
/** Provides models of commonly used functions in the `os` package. */
module OS {
/**
* A call to a function in `os` that accesses the file system.
*/
private class OsFileSystemAccess extends FileSystemAccess::Range, DataFlow::CallNode {
int pathidx;
OsFileSystemAccess() {
exists(string fn | getTarget().hasQualifiedName("os", fn) |
fn = "Chdir" and pathidx = 0
or
fn = "Chmod" and pathidx = 0
or
fn = "Chown" and pathidx = 0
or
fn = "Chtimes" and pathidx = 0
or
fn = "Create" and pathidx = 0
or
fn = "Lchown" and pathidx = 0
or
fn = "Link" and pathidx in [0 .. 1]
or
fn = "Lstat" and pathidx = 0
or
fn = "Mkdir" and pathidx = 0
or
fn = "MkdirAll" and pathidx = 0
or
fn = "NewFile" and pathidx = 1
or
fn = "Open" and pathidx = 0
or
fn = "OpenFile" and pathidx = 0
or
fn = "Readlink" and pathidx = 0
or
fn = "Remove" and pathidx = 0
or
fn = "RemoveAll" and pathidx = 0
or
fn = "Rename" and pathidx in [0 .. 1]
or
fn = "Stat" and pathidx = 0
or
fn = "Symlink" and pathidx in [0 .. 1]
or
fn = "Truncate" and pathidx = 0
)
}
override DataFlow::Node getAPathArgument() { result = getArgument(pathidx) }
}
/** The `Expand` function. */
class Expand extends TaintTracking::FunctionModel {
Expand() { hasQualifiedName("os", "Expand") }
override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
inp.isParameter(0) and outp.isResult()
}
}
/** The `ExpandEnv` function. */
class ExpandEnv extends TaintTracking::FunctionModel {
ExpandEnv() { hasQualifiedName("os", "ExpandEnv") }
override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
inp.isParameter(0) and outp.isResult()
}
}
/** The `os.Exit` function, which ends the process. */
private class Exit extends Function {
Exit() { hasQualifiedName("os", "Exit") }
override predicate mayReturnNormally() { none() }
}
}
/** Provides a class for modeling functions which convert strings into integers. */
module IntegerParser {
/**
@@ -619,70 +550,6 @@ module URL {
}
}
/** Provides models of commonly used APIs in the `regexp` package. */
module Regexp {
private class Pattern extends RegexpPattern::Range, DataFlow::ArgumentNode {
string fnName;
Pattern() {
exists(Function fn | fnName.matches("Match%") or fnName.matches("%Compile%") |
fn.hasQualifiedName("regexp", fnName) and
this = fn.getACall().getArgument(0)
)
}
override DataFlow::Node getAParse() { result = this.getCall() }
override string getPattern() { result = this.asExpr().getStringValue() }
override DataFlow::Node getAUse() {
fnName.matches("MustCompile%") and
result = this.getCall().getASuccessor*()
or
fnName.matches("Compile%") and
result = this.getCall().getResult(0).getASuccessor*()
or
result = this
}
}
private class MatchFunction extends RegexpMatchFunction::Range, Function {
MatchFunction() {
exists(string fn | fn.matches("Match%") | this.hasQualifiedName("regexp", fn))
}
override FunctionInput getRegexpArg() { result.isParameter(0) }
override FunctionInput getValue() { result.isParameter(1) }
override FunctionOutput getResult() { result.isResult(0) }
}
private class MatchMethod extends RegexpMatchFunction::Range, Method {
MatchMethod() {
exists(string fn | fn.matches("Match%") | this.hasQualifiedName("regexp", "Regexp", fn))
}
override FunctionInput getRegexpArg() { result.isReceiver() }
override FunctionInput getValue() { result.isParameter(0) }
override FunctionOutput getResult() { result.isResult() }
}
private class ReplaceFunction extends RegexpReplaceFunction::Range, Method {
ReplaceFunction() {
exists(string fn | fn.matches("ReplaceAll%") | this.hasQualifiedName("regexp", "Regexp", fn))
}
override FunctionInput getRegexpArg() { result.isReceiver() }
override FunctionInput getSource() { result.isParameter(0) }
override FunctionOutput getResult() { result.isResult() }
}
}
/** Provides models of commonly used functions in the `log` package. */
module Log {
private class LogCall extends LoggerCall::Range, DataFlow::CallNode {

50
ql/src/semmle/go/frameworks/stdlib/Context.qll Normal file
View File

@@ -0,0 +1,50 @@
/**
* Provides classes modeling security-relevant aspects of the `context` package.
*/
import go
/** Provides models of commonly used functions in the `context` package. */
module Context {
private class FunctionModels extends TaintTracking::FunctionModel {
FunctionInput inp;
FunctionOutput outp;
FunctionModels() {
// signature: func WithCancel(parent Context) (ctx Context, cancel CancelFunc)
hasQualifiedName("context", "WithCancel") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func WithDeadline(parent Context, d time.Time) (Context, CancelFunc)
hasQualifiedName("context", "WithDeadline") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func WithTimeout(parent Context, timeout time.Duration) (Context, CancelFunc)
hasQualifiedName("context", "WithTimeout") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func WithValue(parent Context, key interface{}, val interface{}) Context
hasQualifiedName("context", "WithValue") and
(inp.isParameter(_) and outp.isResult())
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
private class MethodModels extends TaintTracking::FunctionModel, Method {
FunctionInput inp;
FunctionOutput outp;
MethodModels() {
// signature: func (Context).Value(key interface{}) interface{}
this.implements("context", "Context", "Value") and
(inp.isReceiver() and outp.isResult())
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
}

230
ql/src/semmle/go/frameworks/stdlib/Net.qll Normal file
View File

@@ -0,0 +1,230 @@
/**
* Provides classes modeling security-relevant aspects of the `net` package.
*/
import go
/** Provides models of commonly used functions in the `net` package. */
module Net {
private class FunctionModels extends TaintTracking::FunctionModel {
FunctionInput inp;
FunctionOutput outp;
FunctionModels() {
// signature: func FileConn(f *os.File) (c Conn, err error)
hasQualifiedName("net", "FileConn") and
(
inp.isParameter(0) and outp.isResult(0)
or
inp.isResult(0) and outp.isParameter(0)
)
or
// signature: func FilePacketConn(f *os.File) (c PacketConn, err error)
hasQualifiedName("net", "FilePacketConn") and
(
inp.isParameter(0) and outp.isResult(0)
or
inp.isResult(0) and outp.isParameter(0)
)
or
// signature: func JoinHostPort(host string, port string) string
hasQualifiedName("net", "JoinHostPort") and
(inp.isParameter(_) and outp.isResult())
or
// signature: func Pipe() (Conn, Conn)
hasQualifiedName("net", "Pipe") and
(
inp.isResult(0) and outp.isResult(1)
or
inp.isResult(1) and outp.isResult(0)
)
or
// signature: func SplitHostPort(hostport string) (host string, port string, err error)
hasQualifiedName("net", "SplitHostPort") and
(inp.isParameter(0) and outp.isResult([0, 1]))
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
private class MethodModels extends TaintTracking::FunctionModel, Method {
FunctionInput inp;
FunctionOutput outp;
MethodModels() {
// signature: func (*Buffers).Read(p []byte) (n int, err error)
this.hasQualifiedName("net", "Buffers", "Read") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*Buffers).WriteTo(w io.Writer) (n int64, err error)
this.hasQualifiedName("net", "Buffers", "WriteTo") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*IPConn).ReadFrom(b []byte) (int, Addr, error)
this.hasQualifiedName("net", "IPConn", "ReadFrom") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*IPConn).ReadFromIP(b []byte) (int, *IPAddr, error)
this.hasQualifiedName("net", "IPConn", "ReadFromIP") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*IPConn).ReadMsgIP(b []byte, oob []byte) (n int, oobn int, flags int, addr *IPAddr, err error)
this.hasQualifiedName("net", "IPConn", "ReadMsgIP") and
(inp.isReceiver() and outp.isParameter(_))
or
// signature: func (*IPConn).SyscallConn() (syscall.RawConn, error)
this.hasQualifiedName("net", "IPConn", "SyscallConn") and
(
inp.isReceiver() and outp.isResult(0)
or
inp.isResult(0) and outp.isReceiver()
)
or
// signature: func (*IPConn).WriteMsgIP(b []byte, oob []byte, addr *IPAddr) (n int, oobn int, err error)
this.hasQualifiedName("net", "IPConn", "WriteMsgIP") and
(inp.isParameter([0, 1]) and outp.isReceiver())
or
// signature: func (*IPConn).WriteTo(b []byte, addr Addr) (int, error)
this.hasQualifiedName("net", "IPConn", "WriteTo") and
(inp.isParameter(0) and outp.isReceiver())
or
// signature: func (*IPConn).WriteToIP(b []byte, addr *IPAddr) (int, error)
this.hasQualifiedName("net", "IPConn", "WriteToIP") and
(inp.isParameter(0) and outp.isReceiver())
or
// signature: func (*TCPConn).ReadFrom(r io.Reader) (int64, error)
this.hasQualifiedName("net", "TCPConn", "ReadFrom") and
(inp.isParameter(0) and outp.isReceiver())
or
// signature: func (*TCPConn).SyscallConn() (syscall.RawConn, error)
this.hasQualifiedName("net", "TCPConn", "SyscallConn") and
(
inp.isReceiver() and outp.isResult(0)
or
inp.isResult(0) and outp.isReceiver()
)
or
// signature: func (*TCPListener).File() (f *os.File, err error)
this.hasQualifiedName("net", "TCPListener", "File") and
(
inp.isReceiver() and outp.isResult(0)
or
inp.isResult(0) and outp.isReceiver()
)
or
// signature: func (*TCPListener).SyscallConn() (syscall.RawConn, error)
this.hasQualifiedName("net", "TCPListener", "SyscallConn") and
(
inp.isReceiver() and outp.isResult(0)
or
inp.isResult(0) and outp.isReceiver()
)
or
// signature: func (*UDPConn).ReadFrom(b []byte) (int, Addr, error)
this.hasQualifiedName("net", "UDPConn", "ReadFrom") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*UDPConn).ReadFromUDP(b []byte) (int, *UDPAddr, error)
this.hasQualifiedName("net", "UDPConn", "ReadFromUDP") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*UDPConn).ReadMsgUDP(b []byte, oob []byte) (n int, oobn int, flags int, addr *UDPAddr, err error)
this.hasQualifiedName("net", "UDPConn", "ReadMsgUDP") and
(inp.isReceiver() and outp.isParameter(_))
or
// signature: func (*UDPConn).SyscallConn() (syscall.RawConn, error)
this.hasQualifiedName("net", "UDPConn", "SyscallConn") and
(
inp.isReceiver() and outp.isResult(0)
or
inp.isResult(0) and outp.isReceiver()
)
or
// signature: func (*UDPConn).WriteMsgUDP(b []byte, oob []byte, addr *UDPAddr) (n int, oobn int, err error)
this.hasQualifiedName("net", "UDPConn", "WriteMsgUDP") and
(inp.isParameter([0, 1]) and outp.isReceiver())
or
// signature: func (*UDPConn).WriteTo(b []byte, addr Addr) (int, error)
this.hasQualifiedName("net", "UDPConn", "WriteTo") and
(inp.isParameter(0) and outp.isReceiver())
or
// signature: func (*UDPConn).WriteToUDP(b []byte, addr *UDPAddr) (int, error)
this.hasQualifiedName("net", "UDPConn", "WriteToUDP") and
(inp.isParameter(0) and outp.isReceiver())
or
// signature: func (*UnixConn).ReadFrom(b []byte) (int, Addr, error)
this.hasQualifiedName("net", "UnixConn", "ReadFrom") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*UnixConn).ReadFromUnix(b []byte) (int, *UnixAddr, error)
this.hasQualifiedName("net", "UnixConn", "ReadFromUnix") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*UnixConn).ReadMsgUnix(b []byte, oob []byte) (n int, oobn int, flags int, addr *UnixAddr, err error)
this.hasQualifiedName("net", "UnixConn", "ReadMsgUnix") and
(inp.isReceiver() and outp.isParameter(_))
or
// signature: func (*UnixConn).SyscallConn() (syscall.RawConn, error)
this.hasQualifiedName("net", "UnixConn", "SyscallConn") and
(
inp.isReceiver() and outp.isResult(0)
or
inp.isResult(0) and outp.isReceiver()
)
or
// signature: func (*UnixConn).WriteMsgUnix(b []byte, oob []byte, addr *UnixAddr) (n int, oobn int, err error)
this.hasQualifiedName("net", "UnixConn", "WriteMsgUnix") and
(inp.isParameter([0, 1]) and outp.isReceiver())
or
// signature: func (*UnixConn).WriteTo(b []byte, addr Addr) (int, error)
this.hasQualifiedName("net", "UnixConn", "WriteTo") and
(inp.isParameter(0) and outp.isReceiver())
or
// signature: func (*UnixConn).WriteToUnix(b []byte, addr *UnixAddr) (int, error)
this.hasQualifiedName("net", "UnixConn", "WriteToUnix") and
(inp.isParameter(0) and outp.isReceiver())
or
// signature: func (*UnixListener).File() (f *os.File, err error)
this.hasQualifiedName("net", "UnixListener", "File") and
(
inp.isReceiver() and outp.isResult(0)
or
inp.isResult(0) and outp.isReceiver()
)
or
// signature: func (*UnixListener).SyscallConn() (syscall.RawConn, error)
this.hasQualifiedName("net", "UnixListener", "SyscallConn") and
(
inp.isReceiver() and outp.isResult(0)
or
inp.isResult(0) and outp.isReceiver()
)
or
// signature: func (Conn).Read(b []byte) (n int, err error)
this.implements("net", "Conn", "Read") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (PacketConn).ReadFrom(p []byte) (n int, addr Addr, err error)
this.implements("net", "PacketConn", "ReadFrom") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (Addr).String() string
this.implements("net", "Addr", "String") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (Conn).Write(b []byte) (n int, err error)
this.implements("net", "Conn", "Write") and
(inp.isParameter(0) and outp.isReceiver())
or
// signature: func (PacketConn).WriteTo(p []byte, addr Addr) (n int, err error)
this.implements("net", "PacketConn", "WriteTo") and
(inp.isParameter(0) and outp.isReceiver())
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
}

324
ql/src/semmle/go/frameworks/stdlib/NetHttp.qll Normal file
View File

@@ -0,0 +1,324 @@
/**
* Provides classes modeling security-relevant aspects of the `net/http` package.
*/
import go
/** Provides models of commonly used functions in the `net/http` package. */
module NetHttp {
/** An access to an HTTP request field whose value may be controlled by an untrusted user. */
private class UserControlledRequestField extends UntrustedFlowSource::Range,
DataFlow::FieldReadNode {
UserControlledRequestField() {
exists(string fieldName | this.getField().hasQualifiedName("net/http", "Request", fieldName) |
fieldName = "Body" or
fieldName = "GetBody" or
fieldName = "Form" or
fieldName = "PostForm" or
fieldName = "MultipartForm" or
fieldName = "Header" or
fieldName = "Trailer" or
fieldName = "URL"
)
}
}
private class UserControlledRequestMethod extends UntrustedFlowSource::Range,
DataFlow::MethodCallNode {
UserControlledRequestMethod() {
exists(string methName | this.getTarget().hasQualifiedName("net/http", "Request", methName) |
methName = "Cookie" or
methName = "Cookies" or
methName = "FormFile" or
methName = "FormValue" or
methName = "MultipartReader" or
methName = "PostFormValue" or
methName = "Referer" or
methName = "UserAgent"
)
}
}
/** The declaration of a variable which either is or has a field that implements the http.ResponseWriter type */
private class StdlibResponseWriter extends HTTP::ResponseWriter::Range {
SsaWithFields v;
StdlibResponseWriter() {
this = v.getBaseVariable().getSourceVariable() and
exists(Type t | t.implements("net/http", "ResponseWriter") | v.getType() = t)
}
override DataFlow::Node getANode() { result = v.similar().getAUse().getASuccessor*() }
/** Gets a header object that corresponds to this HTTP response. */
DataFlow::MethodCallNode getAHeaderObject() {
result.getTarget().getName() = "Header" and
this.getANode() = result.getReceiver()
}
}
private class HeaderWriteCall extends HTTP::HeaderWrite::Range, DataFlow::MethodCallNode {
HeaderWriteCall() {
this.getTarget().hasQualifiedName("net/http", "Header", "Add") or
this.getTarget().hasQualifiedName("net/http", "Header", "Set")
}
override DataFlow::Node getName() { result = this.getArgument(0) }
override DataFlow::Node getValue() { result = this.getArgument(1) }
override HTTP::ResponseWriter getResponseWriter() {
// find `v` in
// ```
// header := v.Header()
// header.Add(...)
// ```
result.(StdlibResponseWriter).getAHeaderObject().getASuccessor*() = this.getReceiver()
}
}
private class MapWrite extends HTTP::HeaderWrite::Range, DataFlow::Node {
Write write;
DataFlow::Node index;
DataFlow::Node rhs;
MapWrite() {
this.getType().hasQualifiedName("net/http", "Header") and
write.writesElement(this, index, rhs)
}
override DataFlow::Node getName() { result = index }
override DataFlow::Node getValue() { result = rhs }
override HTTP::ResponseWriter getResponseWriter() {
// find `v` in
// ```
// header := v.Header()
// header[...] = ...
// ```
result.(StdlibResponseWriter).getAHeaderObject().getASuccessor*() = this
}
}
private class ResponseWriteHeaderCall extends HTTP::HeaderWrite::Range, DataFlow::MethodCallNode {
ResponseWriteHeaderCall() {
this.getTarget().implements("net/http", "ResponseWriter", "WriteHeader")
}
override string getHeaderName() { result = "status" }
override predicate definesHeader(string header, string value) {
header = "status" and value = this.getValue().getIntValue().toString()
}
override DataFlow::Node getName() { none() }
override DataFlow::Node getValue() { result = this.getArgument(0) }
override HTTP::ResponseWriter getResponseWriter() { result.getANode() = this.getReceiver() }
}
private class RequestBody extends HTTP::RequestBody::Range, DataFlow::ExprNode {
RequestBody() {
exists(Function newRequest |
newRequest.hasQualifiedName("net/http", "NewRequest") and
this = newRequest.getACall().getArgument(2)
)
or
exists(Field body, Type request |
request.hasQualifiedName("net/http", "Request") and
body = request.getField("Body") and
this = body.getAWrite().getRhs()
)
}
}
private class ResponseBody extends HTTP::ResponseBody::Range, DataFlow::ArgumentNode {
int arg;
ResponseBody() {
exists(DataFlow::CallNode call |
call.getTarget().(Method).implements("net/http", "ResponseWriter", "Write") and
arg = 0
or
(
call.getTarget().hasQualifiedName("fmt", "Fprintf")
or
call.getTarget().hasQualifiedName("io", "WriteString")
) and
call.getArgument(0).getType().hasQualifiedName("net/http", "ResponseWriter") and
arg >= 1
|
this = call.getArgument(arg)
)
}
override HTTP::ResponseWriter getResponseWriter() {
// the response writer is the receiver of this call
result.getANode() = this.getCall().(DataFlow::MethodCallNode).getReceiver()
or
// the response writer is an argument to Fprintf or WriteString
arg >= 1 and
result.getANode() = this.getCall().getArgument(0)
}
}
private class RedirectCall extends HTTP::Redirect::Range, DataFlow::CallNode {
RedirectCall() { this.getTarget().hasQualifiedName("net/http", "Redirect") }
override DataFlow::Node getUrl() { result = this.getArgument(2) }
override HTTP::ResponseWriter getResponseWriter() { result.getANode() = this.getArgument(0) }
}
/** A call to a function in the `net/http` package that performs an HTTP request to a URL. */
private class RequestCall extends HTTP::ClientRequest::Range, DataFlow::CallNode {
RequestCall() {
exists(string functionName |
(
this.getTarget().hasQualifiedName("net/http", functionName)
or
this.getTarget().(Method).hasQualifiedName("net/http", "Client", functionName)
) and
(functionName = "Get" or functionName = "Post" or functionName = "PostForm")
)
}
/** Gets the URL of the request. */
override DataFlow::Node getUrl() { result = this.getArgument(0) }
}
/** A call to the Client.Do function in the `net/http` package. */
private class ClientDo extends HTTP::ClientRequest::Range, DataFlow::MethodCallNode {
ClientDo() { this.getTarget().hasQualifiedName("net/http", "Client", "Do") }
override DataFlow::Node getUrl() {
// A URL passed to `NewRequest`, whose result is passed to this `Do` call
exists(DataFlow::CallNode call | call.getTarget().hasQualifiedName("net/http", "NewRequest") |
this.getArgument(0) = call.getResult(0).getASuccessor*() and
result = call.getArgument(1)
)
or
// A URL passed to `NewRequestWithContext`, whose result is passed to this `Do` call
exists(DataFlow::CallNode call |
call.getTarget().hasQualifiedName("net/http", "NewRequestWithContext")
|
this.getArgument(0) = call.getResult(0).getASuccessor*() and
result = call.getArgument(2)
)
or
// A URL assigned to a request that is passed to this `Do` call
exists(Write w, Field f |
f.hasQualifiedName("net/http", "Request", "URL") and
w.writesField(this.getArgument(0).getAPredecessor*(), f, result)
)
}
}
private class FunctionModels extends TaintTracking::FunctionModel {
FunctionInput inp;
FunctionOutput outp;
FunctionModels() {
// signature: func CanonicalHeaderKey(s string) string
hasQualifiedName("net/http", "CanonicalHeaderKey") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func Error(w ResponseWriter, error string, code int)
hasQualifiedName("net/http", "Error") and
(inp.isParameter(1) and outp.isParameter(0))
or
// signature: func MaxBytesReader(w ResponseWriter, r io.ReadCloser, n int64) io.ReadCloser
hasQualifiedName("net/http", "MaxBytesReader") and
(inp.isParameter(1) and outp.isResult())
or
// signature: func ReadRequest(b *bufio.Reader) (*Request, error)
hasQualifiedName("net/http", "ReadRequest") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func ReadResponse(r *bufio.Reader, req *Request) (*Response, error)
hasQualifiedName("net/http", "ReadResponse") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func SetCookie(w ResponseWriter, cookie *Cookie)
hasQualifiedName("net/http", "SetCookie") and
(inp.isParameter(1) and outp.isParameter(0))
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
private class MethodModels extends TaintTracking::FunctionModel, Method {
FunctionInput inp;
FunctionOutput outp;
MethodModels() {
// signature: func (Header).Add(key string, value string)
this.hasQualifiedName("net/http", "Header", "Add") and
(inp.isParameter(_) and outp.isReceiver())
or
// signature: func (Header).Clone() Header
this.hasQualifiedName("net/http", "Header", "Clone") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (Header).Get(key string) string
this.hasQualifiedName("net/http", "Header", "Get") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (Header).Set(key string, value string)
this.hasQualifiedName("net/http", "Header", "Set") and
(inp.isParameter(_) and outp.isReceiver())
or
// signature: func (Header).Values(key string) []string
this.hasQualifiedName("net/http", "Header", "Values") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (Header).Write(w io.Writer) error
this.hasQualifiedName("net/http", "Header", "Write") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (Header).WriteSubset(w io.Writer, exclude map[string]bool) error
this.hasQualifiedName("net/http", "Header", "WriteSubset") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*Request).AddCookie(c *Cookie)
this.hasQualifiedName("net/http", "Request", "AddCookie") and
(inp.isParameter(0) and outp.isReceiver())
or
// signature: func (*Request).Clone(ctx context.Context) *Request
this.hasQualifiedName("net/http", "Request", "Clone") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (*Request).Write(w io.Writer) error
this.hasQualifiedName("net/http", "Request", "Write") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*Request).WriteProxy(w io.Writer) error
this.hasQualifiedName("net/http", "Request", "WriteProxy") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*Response).Write(w io.Writer) error
this.hasQualifiedName("net/http", "Response", "Write") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*Transport).Clone() *Transport
this.hasQualifiedName("net/http", "Transport", "Clone") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (Hijacker).Hijack() (net.Conn, *bufio.ReadWriter, error)
this.implements("net/http", "Hijacker", "Hijack") and
(inp.isReceiver() and outp.isResult([0, 1]))
or
// signature: func (ResponseWriter).Write([]byte) (int, error)
this.implements("net/http", "ResponseWriter", "Write") and
(inp.isParameter(0) and outp.isReceiver())
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
}

90
ql/src/semmle/go/frameworks/stdlib/NetHttpHttputil.qll Normal file
View File

@@ -0,0 +1,90 @@
/**
* Provides classes modeling security-relevant aspects of the `net/http/httputil` package.
*/
import go
/** Provides models of commonly used functions in the `net/http/httputil` package. */
module NetHttpHttputil {
private class FunctionModels extends TaintTracking::FunctionModel {
FunctionInput inp;
FunctionOutput outp;
FunctionModels() {
// signature: func DumpRequest(req *net/http.Request, body bool) ([]byte, error)
hasQualifiedName("net/http/httputil", "DumpRequest") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func DumpRequestOut(req *net/http.Request, body bool) ([]byte, error)
hasQualifiedName("net/http/httputil", "DumpRequestOut") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func DumpResponse(resp *net/http.Response, body bool) ([]byte, error)
hasQualifiedName("net/http/httputil", "DumpResponse") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func NewChunkedReader(r io.Reader) io.Reader
hasQualifiedName("net/http/httputil", "NewChunkedReader") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func NewChunkedWriter(w io.Writer) io.WriteCloser
hasQualifiedName("net/http/httputil", "NewChunkedWriter") and
(inp.isResult() and outp.isParameter(0))
or
// signature: func NewClientConn(c net.Conn, r *bufio.Reader) *ClientConn
hasQualifiedName("net/http/httputil", "NewClientConn") and
(
inp.isParameter(_) and outp.isResult()
or
inp.isResult() and outp.isParameter(0)
)
or
// signature: func NewProxyClientConn(c net.Conn, r *bufio.Reader) *ClientConn
hasQualifiedName("net/http/httputil", "NewProxyClientConn") and
(
inp.isParameter(_) and outp.isResult()
or
inp.isResult() and outp.isParameter(0)
)
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
private class MethodModels extends TaintTracking::FunctionModel, Method {
FunctionInput inp;
FunctionOutput outp;
MethodModels() {
// signature: func (*ClientConn).Hijack() (c net.Conn, r *bufio.Reader)
this.hasQualifiedName("net/http/httputil", "ClientConn", "Hijack") and
(
inp.isReceiver() and outp.isResult(_)
or
inp.isResult(0) and outp.isReceiver()
)
or
// signature: func (*ServerConn).Hijack() (net.Conn, *bufio.Reader)
this.hasQualifiedName("net/http/httputil", "ServerConn", "Hijack") and
(
inp.isReceiver() and outp.isResult(_)
or
inp.isResult(0) and outp.isReceiver()
)
or
// signature: func (BufferPool).Get() []byte
this.implements("net/http/httputil", "BufferPool", "Get") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (BufferPool).Put([]byte)
this.implements("net/http/httputil", "BufferPool", "Put") and
(inp.isParameter(0) and outp.isReceiver())
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
}

54
ql/src/semmle/go/frameworks/stdlib/NetMail.qll Normal file
View File

@@ -0,0 +1,54 @@
/**
* Provides classes modeling security-relevant aspects of the `net/mail` package.
*/
import go
/** Provides models of commonly used functions in the `net/mail` package. */
module NetMail {
private class FunctionModels extends TaintTracking::FunctionModel {
FunctionInput inp;
FunctionOutput outp;
FunctionModels() {
// signature: func ParseAddress(address string) (*Address, error)
hasQualifiedName("net/mail", "ParseAddress") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func ParseAddressList(list string) ([]*Address, error)
hasQualifiedName("net/mail", "ParseAddressList") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func ReadMessage(r io.Reader) (msg *Message, err error)
hasQualifiedName("net/mail", "ReadMessage") and
(inp.isParameter(0) and outp.isResult(0))
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
private class MethodModels extends TaintTracking::FunctionModel, Method {
FunctionInput inp;
FunctionOutput outp;
MethodModels() {
// signature: func (*AddressParser).Parse(address string) (*Address, error)
this.hasQualifiedName("net/mail", "AddressParser", "Parse") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func (*AddressParser).ParseList(list string) ([]*Address, error)
this.hasQualifiedName("net/mail", "AddressParser", "ParseList") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func (Header).Get(key string) string
this.hasQualifiedName("net/mail", "Header", "Get") and
(inp.isReceiver() and outp.isResult())
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
}

122
ql/src/semmle/go/frameworks/stdlib/NetTextproto.qll Normal file
View File

@@ -0,0 +1,122 @@
/**
* Provides classes modeling security-relevant aspects of the `net/textproto` package.
*/
import go
/** Provides models of commonly used functions in the `net/textproto` package. */
module NetTextproto {
private class FunctionModels extends TaintTracking::FunctionModel {
FunctionInput inp;
FunctionOutput outp;
FunctionModels() {
// signature: func CanonicalMIMEHeaderKey(s string) string
hasQualifiedName("net/textproto", "CanonicalMIMEHeaderKey") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func NewConn(conn io.ReadWriteCloser) *Conn
hasQualifiedName("net/textproto", "NewConn") and
(
inp.isParameter(0) and outp.isResult()
or
inp.isResult() and outp.isParameter(0)
)
or
// signature: func NewReader(r *bufio.Reader) *Reader
hasQualifiedName("net/textproto", "NewReader") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func NewWriter(w *bufio.Writer) *Writer
hasQualifiedName("net/textproto", "NewWriter") and
(inp.isResult() and outp.isParameter(0))
or
// signature: func TrimBytes(b []byte) []byte
hasQualifiedName("net/textproto", "TrimBytes") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func TrimString(s string) string
hasQualifiedName("net/textproto", "TrimString") and
(inp.isParameter(0) and outp.isResult())
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
private class MethodModels extends TaintTracking::FunctionModel, Method {
FunctionInput inp;
FunctionOutput outp;
MethodModels() {
// signature: func (MIMEHeader).Add(key string, value string)
this.hasQualifiedName("net/textproto", "MIMEHeader", "Add") and
(inp.isParameter(_) and outp.isReceiver())
or
// signature: func (MIMEHeader).Get(key string) string
this.hasQualifiedName("net/textproto", "MIMEHeader", "Get") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (MIMEHeader).Set(key string, value string)
this.hasQualifiedName("net/textproto", "MIMEHeader", "Set") and
(inp.isParameter(_) and outp.isReceiver())
or
// signature: func (MIMEHeader).Values(key string) []string
this.hasQualifiedName("net/textproto", "MIMEHeader", "Values") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (*Reader).DotReader() io.Reader
this.hasQualifiedName("net/textproto", "Reader", "DotReader") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (*Reader).ReadCodeLine(expectCode int) (code int, message string, err error)
this.hasQualifiedName("net/textproto", "Reader", "ReadCodeLine") and
(inp.isReceiver() and outp.isResult(1))
or
// signature: func (*Reader).ReadContinuedLine() (string, error)
this.hasQualifiedName("net/textproto", "Reader", "ReadContinuedLine") and
(inp.isReceiver() and outp.isResult(0))
or
// signature: func (*Reader).ReadContinuedLineBytes() ([]byte, error)
this.hasQualifiedName("net/textproto", "Reader", "ReadContinuedLineBytes") and
(inp.isReceiver() and outp.isResult(0))
or
// signature: func (*Reader).ReadDotBytes() ([]byte, error)
this.hasQualifiedName("net/textproto", "Reader", "ReadDotBytes") and
(inp.isReceiver() and outp.isResult(0))
or
// signature: func (*Reader).ReadDotLines() ([]string, error)
this.hasQualifiedName("net/textproto", "Reader", "ReadDotLines") and
(inp.isReceiver() and outp.isResult(0))
or
// signature: func (*Reader).ReadLine() (string, error)
this.hasQualifiedName("net/textproto", "Reader", "ReadLine") and
(inp.isReceiver() and outp.isResult(0))
or
// signature: func (*Reader).ReadLineBytes() ([]byte, error)
this.hasQualifiedName("net/textproto", "Reader", "ReadLineBytes") and
(inp.isReceiver() and outp.isResult(0))
or
// signature: func (*Reader).ReadMIMEHeader() (MIMEHeader, error)
this.hasQualifiedName("net/textproto", "Reader", "ReadMIMEHeader") and
(inp.isReceiver() and outp.isResult(0))
or
// signature: func (*Reader).ReadResponse(expectCode int) (code int, message string, err error)
this.hasQualifiedName("net/textproto", "Reader", "ReadResponse") and
(inp.isReceiver() and outp.isResult(1))
or
// signature: func (*Writer).DotWriter() io.WriteCloser
this.hasQualifiedName("net/textproto", "Writer", "DotWriter") and
(inp.isResult() and outp.isReceiver())
or
// signature: func (*Writer).PrintfLine(format string, args ...interface{}) error
this.hasQualifiedName("net/textproto", "Writer", "PrintfLine") and
(inp.isParameter(_) and outp.isReceiver())
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
}

138
ql/src/semmle/go/frameworks/stdlib/Os.qll Normal file
View File

@@ -0,0 +1,138 @@
/**
* Provides classes modeling security-relevant aspects of the `os` package.
*/
import go
/** Provides models of commonly used functions in the `os` package. */
module Os {
/**
* A call to a function in `os` that accesses the file system.
*/
private class OsFileSystemAccess extends FileSystemAccess::Range, DataFlow::CallNode {
int pathidx;
OsFileSystemAccess() {
exists(string fn | getTarget().hasQualifiedName("os", fn) |
fn = "Chdir" and pathidx = 0
or
fn = "Chmod" and pathidx = 0
or
fn = "Chown" and pathidx = 0
or
fn = "Chtimes" and pathidx = 0
or
fn = "Create" and pathidx = 0
or
fn = "Lchown" and pathidx = 0
or
fn = "Link" and pathidx in [0 .. 1]
or
fn = "Lstat" and pathidx = 0
or
fn = "Mkdir" and pathidx = 0
or
fn = "MkdirAll" and pathidx = 0
or
fn = "NewFile" and pathidx = 1
or
fn = "Open" and pathidx = 0
or
fn = "OpenFile" and pathidx = 0
or
fn = "Readlink" and pathidx = 0
or
fn = "Remove" and pathidx = 0
or
fn = "RemoveAll" and pathidx = 0
or
fn = "Rename" and pathidx in [0 .. 1]
or
fn = "Stat" and pathidx = 0
or
fn = "Symlink" and pathidx in [0 .. 1]
or
fn = "Truncate" and pathidx = 0
)
}
override DataFlow::Node getAPathArgument() { result = getArgument(pathidx) }
}
/** The `os.Exit` function, which ends the process. */
private class Exit extends Function {
Exit() { hasQualifiedName("os", "Exit") }
override predicate mayReturnNormally() { none() }
}
private class FunctionModels extends TaintTracking::FunctionModel {
FunctionInput inp;
FunctionOutput outp;
FunctionModels() {
// signature: func Expand(s string, mapping func(string) string) string
hasQualifiedName("os", "Expand") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func ExpandEnv(s string) string
hasQualifiedName("os", "ExpandEnv") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func NewFile(fd uintptr, name string) *File
hasQualifiedName("os", "NewFile") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func Pipe() (r *File, w *File, err error)
hasQualifiedName("os", "Pipe") and
(inp.isResult(1) and outp.isResult(0))
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
private class MethodModels extends TaintTracking::FunctionModel, Method {
FunctionInput inp;
FunctionOutput outp;
MethodModels() {
// signature: func (*File).Fd() uintptr
this.hasQualifiedName("os", "File", "Fd") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (*File).Read(b []byte) (n int, err error)
this.hasQualifiedName("os", "File", "Read") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*File).ReadAt(b []byte, off int64) (n int, err error)
this.hasQualifiedName("os", "File", "ReadAt") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*File).SyscallConn() (syscall.RawConn, error)
this.hasQualifiedName("os", "File", "SyscallConn") and
(
inp.isReceiver() and outp.isResult(0)
or
inp.isResult(0) and outp.isReceiver()
)
or
// signature: func (*File).Write(b []byte) (n int, err error)
this.hasQualifiedName("os", "File", "Write") and
(inp.isParameter(0) and outp.isReceiver())
or
// signature: func (*File).WriteAt(b []byte, off int64) (n int, err error)
this.hasQualifiedName("os", "File", "WriteAt") and
(inp.isParameter(0) and outp.isReceiver())
or
// signature: func (*File).WriteString(s string) (n int, err error)
this.hasQualifiedName("os", "File", "WriteString") and
(inp.isParameter(0) and outp.isReceiver())
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
}

169
ql/src/semmle/go/frameworks/stdlib/Regexp.qll Normal file
View File

@@ -0,0 +1,169 @@
/**
* Provides classes modeling security-relevant aspects of the `regexp` package.
*/
import go
/** Provides models of commonly used functions in the `regexp` package. */
module Regexp {
private class Pattern extends RegexpPattern::Range, DataFlow::ArgumentNode {
string fnName;
Pattern() {
exists(Function fn | fnName.matches("Match%") or fnName.matches("%Compile%") |
fn.hasQualifiedName("regexp", fnName) and
this = fn.getACall().getArgument(0)
)
}
override DataFlow::Node getAParse() { result = this.getCall() }
override string getPattern() { result = this.asExpr().getStringValue() }
override DataFlow::Node getAUse() {
fnName.matches("MustCompile%") and
result = this.getCall().getASuccessor*()
or
fnName.matches("Compile%") and
result = this.getCall().getResult(0).getASuccessor*()
or
result = this
}
}
private class MatchFunction extends RegexpMatchFunction::Range, Function {
MatchFunction() {
exists(string fn | fn.matches("Match%") | this.hasQualifiedName("regexp", fn))
}
override FunctionInput getRegexpArg() { result.isParameter(0) }
override FunctionInput getValue() { result.isParameter(1) }
override FunctionOutput getResult() { result.isResult(0) }
}
private class MatchMethod extends RegexpMatchFunction::Range, Method {
MatchMethod() {
exists(string fn | fn.matches("Match%") | this.hasQualifiedName("regexp", "Regexp", fn))
}
override FunctionInput getRegexpArg() { result.isReceiver() }
override FunctionInput getValue() { result.isParameter(0) }
override FunctionOutput getResult() { result.isResult() }
}
private class ReplaceFunction extends RegexpReplaceFunction::Range, Method {
ReplaceFunction() {
exists(string fn | fn.matches("ReplaceAll%") | this.hasQualifiedName("regexp", "Regexp", fn))
}
override FunctionInput getRegexpArg() { result.isReceiver() }
override FunctionInput getSource() { result.isParameter(0) }
override FunctionOutput getResult() { result.isResult() }
}
private class FunctionModels extends TaintTracking::FunctionModel {
FunctionInput inp;
FunctionOutput outp;
FunctionModels() {
// signature: func QuoteMeta(s string) string
hasQualifiedName("regexp", "QuoteMeta") and
(inp.isParameter(0) and outp.isResult())
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
private class MethodModels extends TaintTracking::FunctionModel, Method {
FunctionInput inp;
FunctionOutput outp;
MethodModels() {
// signature: func (*Regexp).Expand(dst []byte, template []byte, src []byte, match []int) []byte
this.hasQualifiedName("regexp", "Regexp", "Expand") and
(
inp.isParameter([1, 2]) and
(outp.isParameter(0) or outp.isResult())
)
or
// signature: func (*Regexp).ExpandString(dst []byte, template string, src string, match []int) []byte
this.hasQualifiedName("regexp", "Regexp", "ExpandString") and
(
inp.isParameter([1, 2]) and
(outp.isParameter(0) or outp.isResult())
)
or
// signature: func (*Regexp).Find(b []byte) []byte
this.hasQualifiedName("regexp", "Regexp", "Find") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func (*Regexp).FindAll(b []byte, n int) [][]byte
this.hasQualifiedName("regexp", "Regexp", "FindAll") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func (*Regexp).FindAllString(s string, n int) []string
this.hasQualifiedName("regexp", "Regexp", "FindAllString") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func (*Regexp).FindAllStringSubmatch(s string, n int) [][]string
this.hasQualifiedName("regexp", "Regexp", "FindAllStringSubmatch") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func (*Regexp).FindAllSubmatch(b []byte, n int) [][][]byte
this.hasQualifiedName("regexp", "Regexp", "FindAllSubmatch") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func (*Regexp).FindString(s string) string
this.hasQualifiedName("regexp", "Regexp", "FindString") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func (*Regexp).FindStringSubmatch(s string) []string
this.hasQualifiedName("regexp", "Regexp", "FindStringSubmatch") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func (*Regexp).FindSubmatch(b []byte) [][]byte
this.hasQualifiedName("regexp", "Regexp", "FindSubmatch") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func (*Regexp).ReplaceAll(src []byte, repl []byte) []byte
this.hasQualifiedName("regexp", "Regexp", "ReplaceAll") and
(inp.isParameter(_) and outp.isResult())
or
// signature: func (*Regexp).ReplaceAllFunc(src []byte, repl func([]byte) []byte) []byte
this.hasQualifiedName("regexp", "Regexp", "ReplaceAllFunc") and
(inp.isParameter(_) and outp.isResult())
or
// signature: func (*Regexp).ReplaceAllLiteral(src []byte, repl []byte) []byte
this.hasQualifiedName("regexp", "Regexp", "ReplaceAllLiteral") and
(inp.isParameter(_) and outp.isResult())
or
// signature: func (*Regexp).ReplaceAllLiteralString(src string, repl string) string
this.hasQualifiedName("regexp", "Regexp", "ReplaceAllLiteralString") and
(inp.isParameter(_) and outp.isResult())
or
// signature: func (*Regexp).ReplaceAllString(src string, repl string) string
this.hasQualifiedName("regexp", "Regexp", "ReplaceAllString") and
(inp.isParameter(_) and outp.isResult())
or
// signature: func (*Regexp).ReplaceAllStringFunc(src string, repl func(string) string) string
this.hasQualifiedName("regexp", "Regexp", "ReplaceAllStringFunc") and
(inp.isParameter(_) and outp.isResult())
or
// signature: func (*Regexp).Split(s string, n int) []string
this.hasQualifiedName("regexp", "Regexp", "Split") and
(inp.isParameter(0) and outp.isResult())
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
}

23
ql/src/semmle/go/frameworks/stdlib/Sort.qll Normal file
View File

@@ -0,0 +1,23 @@
/**
* Provides classes modeling security-relevant aspects of the `sort` package.
*/
import go
/** Provides models of commonly used functions in the `sort` package. */
module Sort {
private class FunctionModels extends TaintTracking::FunctionModel {
FunctionInput inp;
FunctionOutput outp;
FunctionModels() {
// signature: func Reverse(data Interface) Interface
hasQualifiedName("sort", "Reverse") and
(inp.isParameter(0) and outp.isResult())
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
}

44
ql/src/semmle/go/frameworks/stdlib/Sync.qll Normal file
View File

@@ -0,0 +1,44 @@
/**
* Provides classes modeling security-relevant aspects of the `sync` package.
*/
import go
/** Provides models of commonly used functions in the `sync` package. */
module Sync {
private class MethodModels extends TaintTracking::FunctionModel, Method {
FunctionInput inp;
FunctionOutput outp;
MethodModels() {
// signature: func (*Map).Load(key interface{}) (value interface{}, ok bool)
this.hasQualifiedName("sync", "Map", "Load") and
(inp.isReceiver() and outp.isResult(0))
or
// signature: func (*Map).LoadOrStore(key interface{}, value interface{}) (actual interface{}, loaded bool)
this.hasQualifiedName("sync", "Map", "LoadOrStore") and
(
inp.isReceiver() and outp.isResult(0)
or
inp.isParameter(_) and
(outp.isReceiver() or outp.isResult(0))
)
or
// signature: func (*Map).Store(key interface{}, value interface{})
this.hasQualifiedName("sync", "Map", "Store") and
(inp.isParameter(_) and outp.isReceiver())
or
// signature: func (*Pool).Get() interface{}
this.hasQualifiedName("sync", "Pool", "Get") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (*Pool).Put(x interface{})
this.hasQualifiedName("sync", "Pool", "Put") and
(inp.isParameter(0) and outp.isReceiver())
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
}

85
ql/src/semmle/go/frameworks/stdlib/SyncAtomic.qll Normal file
View File

@@ -0,0 +1,85 @@
/**
* Provides classes modeling security-relevant aspects of the `sync/atomic` package.
*/
import go
/** Provides models of commonly used functions in the `sync/atomic` package. */
module SyncAtomic {
private class FunctionModels extends TaintTracking::FunctionModel {
FunctionInput inp;
FunctionOutput outp;
FunctionModels() {
// signature: func AddUintptr(addr *uintptr, delta uintptr) (new uintptr)
hasQualifiedName("sync/atomic", "AddUintptr") and
(
inp.isParameter(1) and
(outp.isParameter(0) or outp.isResult())
)
or
// signature: func CompareAndSwapPointer(addr *unsafe.Pointer, old unsafe.Pointer, new unsafe.Pointer) (swapped bool)
hasQualifiedName("sync/atomic", "CompareAndSwapPointer") and
(inp.isParameter(2) and outp.isParameter(0))
or
// signature: func CompareAndSwapUintptr(addr *uintptr, old uintptr, new uintptr) (swapped bool)
hasQualifiedName("sync/atomic", "CompareAndSwapUintptr") and
(inp.isParameter(2) and outp.isParameter(0))
or
// signature: func LoadPointer(addr *unsafe.Pointer) (val unsafe.Pointer)
hasQualifiedName("sync/atomic", "LoadPointer") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func LoadUintptr(addr *uintptr) (val uintptr)
hasQualifiedName("sync/atomic", "LoadUintptr") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func StorePointer(addr *unsafe.Pointer, val unsafe.Pointer)
hasQualifiedName("sync/atomic", "StorePointer") and
(inp.isParameter(1) and outp.isParameter(0))
or
// signature: func StoreUintptr(addr *uintptr, val uintptr)
hasQualifiedName("sync/atomic", "StoreUintptr") and
(inp.isParameter(1) and outp.isParameter(0))
or
// signature: func SwapPointer(addr *unsafe.Pointer, new unsafe.Pointer) (old unsafe.Pointer)
hasQualifiedName("sync/atomic", "SwapPointer") and
(
inp.isParameter(1) and outp.isParameter(0)
or
inp.isParameter(0) and outp.isResult()
)
or
// signature: func SwapUintptr(addr *uintptr, new uintptr) (old uintptr)
hasQualifiedName("sync/atomic", "SwapUintptr") and
(
inp.isParameter(1) and outp.isParameter(0)
or
inp.isParameter(0) and outp.isResult()
)
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
private class MethodModels extends TaintTracking::FunctionModel, Method {
FunctionInput inp;
FunctionOutput outp;
MethodModels() {
// signature: func (*Value).Load() (x interface{})
this.hasQualifiedName("sync/atomic", "Value", "Load") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (*Value).Store(x interface{})
this.hasQualifiedName("sync/atomic", "Value", "Store") and
(inp.isParameter(0) and outp.isReceiver())
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
}

66
ql/src/semmle/go/frameworks/stdlib/Syscall.qll Normal file
View File

@@ -0,0 +1,66 @@
/**
* Provides classes modeling security-relevant aspects of the `syscall` package.
*/
import go
/** Provides models of commonly used functions in the `syscall` package. */
module Syscall {
private class FunctionModels extends TaintTracking::FunctionModel {
FunctionInput inp;
FunctionOutput outp;
FunctionModels() {
// signature: func BytePtrFromString(s string) (*byte, error)
hasQualifiedName("syscall", "BytePtrFromString") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func ByteSliceFromString(s string) ([]byte, error)
hasQualifiedName("syscall", "ByteSliceFromString") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func StringBytePtr(s string) *byte
hasQualifiedName("syscall", "StringBytePtr") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func StringByteSlice(s string) []byte
hasQualifiedName("syscall", "StringByteSlice") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func StringSlicePtr(ss []string) []*byte
hasQualifiedName("syscall", "StringSlicePtr") and
(inp.isParameter(0) and outp.isResult())
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
private class MethodModels extends TaintTracking::FunctionModel, Method {
FunctionInput inp;
FunctionOutput outp;
MethodModels() {
// signature: func (RawConn).Read(f func(fd uintptr) (done bool)) error
this.implements("syscall", "RawConn", "Read") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (Conn).SyscallConn() (RawConn, error)
this.implements("syscall", "Conn", "SyscallConn") and
(
inp.isReceiver() and outp.isResult(0)
or
inp.isResult(0) and outp.isReceiver()
)
or
// signature: func (RawConn).Write(f func(fd uintptr) (done bool)) error
this.implements("syscall", "RawConn", "Write") and
(inp.isParameter(0) and outp.isReceiver())
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
}

88
ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Context.go Normal file
View File

@@ -0,0 +1,88 @@
// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT.
package main
import (
"context"
"time"
)
func TaintStepTest_ContextWithCancel_B0I0O0(sourceCQL interface{}) interface{} {
fromContext656 := sourceCQL.(context.Context)
intoContext414, _ := context.WithCancel(fromContext656)
return intoContext414
}
func TaintStepTest_ContextWithDeadline_B0I0O0(sourceCQL interface{}) interface{} {
fromContext518 := sourceCQL.(context.Context)
intoContext650, _ := context.WithDeadline(fromContext518, time.Time{})
return intoContext650
}
func TaintStepTest_ContextWithTimeout_B0I0O0(sourceCQL interface{}) interface{} {
fromContext784 := sourceCQL.(context.Context)
intoContext957, _ := context.WithTimeout(fromContext784, 0)
return intoContext957
}
func TaintStepTest_ContextWithValue_B0I0O0(sourceCQL interface{}) interface{} {
fromContext520 := sourceCQL.(context.Context)
intoContext443 := context.WithValue(fromContext520, nil, nil)
return intoContext443
}
func TaintStepTest_ContextWithValue_B0I1O0(sourceCQL interface{}) interface{} {
fromInterface127 := sourceCQL.(interface{})
intoContext483 := context.WithValue(nil, fromInterface127, nil)
return intoContext483
}
func TaintStepTest_ContextWithValue_B0I2O0(sourceCQL interface{}) interface{} {
fromInterface989 := sourceCQL.(interface{})
intoContext982 := context.WithValue(nil, nil, fromInterface989)
return intoContext982
}
func TaintStepTest_ContextContextValue_B0I0O0(sourceCQL interface{}) interface{} {
fromContext417 := sourceCQL.(context.Context)
intoInterface584 := fromContext417.Value(nil)
return intoInterface584
}
func RunAllTaints_Context() {
{
source := newSource(0)
out := TaintStepTest_ContextWithCancel_B0I0O0(source)
sink(0, out)
}
{
source := newSource(1)
out := TaintStepTest_ContextWithDeadline_B0I0O0(source)
sink(1, out)
}
{
source := newSource(2)
out := TaintStepTest_ContextWithTimeout_B0I0O0(source)
sink(2, out)
}
{
source := newSource(3)
out := TaintStepTest_ContextWithValue_B0I0O0(source)
sink(3, out)
}
{
source := newSource(4)
out := TaintStepTest_ContextWithValue_B0I1O0(source)
sink(4, out)
}
{
source := newSource(5)
out := TaintStepTest_ContextWithValue_B0I2O0(source)
sink(5, out)
}
{
source := newSource(6)
out := TaintStepTest_ContextContextValue_B0I0O0(source)
sink(6, out)
}
}

704
ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Net.go Normal file
View File

@@ -0,0 +1,704 @@
// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT.
package main
import (
"io"
"net"
"os"
"syscall"
)
func TaintStepTest_NetFileConn_B0I0O0(sourceCQL interface{}) interface{} {
fromFile656 := sourceCQL.(*os.File)
intoConn414, _ := net.FileConn(fromFile656)
return intoConn414
}
func TaintStepTest_NetFileConn_B1I0O0(sourceCQL interface{}) interface{} {
fromConn518 := sourceCQL.(net.Conn)
var intoFile650 *os.File
intermediateCQL, _ := net.FileConn(intoFile650)
link(fromConn518, intermediateCQL)
return intoFile650
}
func TaintStepTest_NetFilePacketConn_B0I0O0(sourceCQL interface{}) interface{} {
fromFile784 := sourceCQL.(*os.File)
intoPacketConn957, _ := net.FilePacketConn(fromFile784)
return intoPacketConn957
}
func TaintStepTest_NetFilePacketConn_B1I0O0(sourceCQL interface{}) interface{} {
fromPacketConn520 := sourceCQL.(net.PacketConn)
var intoFile443 *os.File
intermediateCQL, _ := net.FilePacketConn(intoFile443)
link(fromPacketConn520, intermediateCQL)
return intoFile443
}
func TaintStepTest_NetJoinHostPort_B0I0O0(sourceCQL interface{}) interface{} {
fromString127 := sourceCQL.(string)
intoString483 := net.JoinHostPort(fromString127, "")
return intoString483
}
func TaintStepTest_NetJoinHostPort_B0I1O0(sourceCQL interface{}) interface{} {
fromString989 := sourceCQL.(string)
intoString982 := net.JoinHostPort("", fromString989)
return intoString982
}
func TaintStepTest_NetPipe_B0I0O0(sourceCQL interface{}) interface{} {
fromConn417 := sourceCQL.(net.Conn)
intermediateCQL, intoConn584 := net.Pipe()
link(fromConn417, intermediateCQL)
return intoConn584
}
func TaintStepTest_NetPipe_B1I0O0(sourceCQL interface{}) interface{} {
fromConn991 := sourceCQL.(net.Conn)
intoConn881, intermediateCQL := net.Pipe()
link(fromConn991, intermediateCQL)
return intoConn881
}
func TaintStepTest_NetSplitHostPort_B0I0O0(sourceCQL interface{}) interface{} {
fromString186 := sourceCQL.(string)
intoString284, _, _ := net.SplitHostPort(fromString186)
return intoString284
}
func TaintStepTest_NetSplitHostPort_B0I0O1(sourceCQL interface{}) interface{} {
fromString908 := sourceCQL.(string)
_, intoString137, _ := net.SplitHostPort(fromString908)
return intoString137
}
func TaintStepTest_NetBuffersRead_B0I0O0(sourceCQL interface{}) interface{} {
fromBuffers494 := sourceCQL.(net.Buffers)
var intoByte873 []byte
fromBuffers494.Read(intoByte873)
return intoByte873
}
func TaintStepTest_NetBuffersWriteTo_B0I0O0(sourceCQL interface{}) interface{} {
fromBuffers599 := sourceCQL.(net.Buffers)
var intoWriter409 io.Writer
fromBuffers599.WriteTo(intoWriter409)
return intoWriter409
}
func TaintStepTest_NetIPConnReadFrom_B0I0O0(sourceCQL interface{}) interface{} {
fromIPConn246 := sourceCQL.(net.IPConn)
var intoByte898 []byte
fromIPConn246.ReadFrom(intoByte898)
return intoByte898
}
func TaintStepTest_NetIPConnReadFromIP_B0I0O0(sourceCQL interface{}) interface{} {
fromIPConn598 := sourceCQL.(net.IPConn)
var intoByte631 []byte
fromIPConn598.ReadFromIP(intoByte631)
return intoByte631
}
func TaintStepTest_NetIPConnReadMsgIP_B0I0O0(sourceCQL interface{}) interface{} {
fromIPConn165 := sourceCQL.(net.IPConn)
var intoByte150 []byte
fromIPConn165.ReadMsgIP(intoByte150, nil)
return intoByte150
}
func TaintStepTest_NetIPConnReadMsgIP_B0I0O1(sourceCQL interface{}) interface{} {
fromIPConn340 := sourceCQL.(net.IPConn)
var intoByte471 []byte
fromIPConn340.ReadMsgIP(nil, intoByte471)
return intoByte471
}
func TaintStepTest_NetIPConnSyscallConn_B0I0O0(sourceCQL interface{}) interface{} {
fromIPConn290 := sourceCQL.(net.IPConn)
intoRawConn758, _ := fromIPConn290.SyscallConn()
return intoRawConn758
}
func TaintStepTest_NetIPConnSyscallConn_B1I0O0(sourceCQL interface{}) interface{} {
fromRawConn396 := sourceCQL.(syscall.RawConn)
var intoIPConn707 net.IPConn
intermediateCQL, _ := intoIPConn707.SyscallConn()
link(fromRawConn396, intermediateCQL)
return intoIPConn707
}
func TaintStepTest_NetIPConnWriteMsgIP_B0I0O0(sourceCQL interface{}) interface{} {
fromByte912 := sourceCQL.([]byte)
var intoIPConn718 net.IPConn
intoIPConn718.WriteMsgIP(fromByte912, nil, nil)
return intoIPConn718
}
func TaintStepTest_NetIPConnWriteMsgIP_B0I1O0(sourceCQL interface{}) interface{} {
fromByte972 := sourceCQL.([]byte)
var intoIPConn633 net.IPConn
intoIPConn633.WriteMsgIP(nil, fromByte972, nil)
return intoIPConn633
}
func TaintStepTest_NetIPConnWriteTo_B0I0O0(sourceCQL interface{}) interface{} {
fromByte316 := sourceCQL.([]byte)
var intoIPConn145 net.IPConn
intoIPConn145.WriteTo(fromByte316, nil)
return intoIPConn145
}
func TaintStepTest_NetIPConnWriteToIP_B0I0O0(sourceCQL interface{}) interface{} {
fromByte817 := sourceCQL.([]byte)
var intoIPConn474 net.IPConn
intoIPConn474.WriteToIP(fromByte817, nil)
return intoIPConn474
}
func TaintStepTest_NetTCPConnReadFrom_B0I0O0(sourceCQL interface{}) interface{} {
fromReader832 := sourceCQL.(io.Reader)
var intoTCPConn378 net.TCPConn
intoTCPConn378.ReadFrom(fromReader832)
return intoTCPConn378
}
func TaintStepTest_NetTCPConnSyscallConn_B0I0O0(sourceCQL interface{}) interface{} {
fromTCPConn541 := sourceCQL.(net.TCPConn)
intoRawConn139, _ := fromTCPConn541.SyscallConn()
return intoRawConn139
}
func TaintStepTest_NetTCPConnSyscallConn_B1I0O0(sourceCQL interface{}) interface{} {
fromRawConn814 := sourceCQL.(syscall.RawConn)
var intoTCPConn768 net.TCPConn
intermediateCQL, _ := intoTCPConn768.SyscallConn()
link(fromRawConn814, intermediateCQL)
return intoTCPConn768
}
func TaintStepTest_NetTCPListenerFile_B0I0O0(sourceCQL interface{}) interface{} {
fromTCPListener468 := sourceCQL.(net.TCPListener)
intoFile736, _ := fromTCPListener468.File()
return intoFile736
}
func TaintStepTest_NetTCPListenerFile_B1I0O0(sourceCQL interface{}) interface{} {
fromFile516 := sourceCQL.(*os.File)
var intoTCPListener246 net.TCPListener
intermediateCQL, _ := intoTCPListener246.File()
link(fromFile516, intermediateCQL)
return intoTCPListener246
}
func TaintStepTest_NetTCPListenerSyscallConn_B0I0O0(sourceCQL interface{}) interface{} {
fromTCPListener679 := sourceCQL.(net.TCPListener)
intoRawConn736, _ := fromTCPListener679.SyscallConn()
return intoRawConn736
}
func TaintStepTest_NetTCPListenerSyscallConn_B1I0O0(sourceCQL interface{}) interface{} {
fromRawConn839 := sourceCQL.(syscall.RawConn)
var intoTCPListener273 net.TCPListener
intermediateCQL, _ := intoTCPListener273.SyscallConn()
link(fromRawConn839, intermediateCQL)
return intoTCPListener273
}
func TaintStepTest_NetUDPConnReadFrom_B0I0O0(sourceCQL interface{}) interface{} {
fromUDPConn982 := sourceCQL.(net.UDPConn)
var intoByte458 []byte
fromUDPConn982.ReadFrom(intoByte458)
return intoByte458
}
func TaintStepTest_NetUDPConnReadFromUDP_B0I0O0(sourceCQL interface{}) interface{} {
fromUDPConn506 := sourceCQL.(net.UDPConn)
var intoByte213 []byte
fromUDPConn506.ReadFromUDP(intoByte213)
return intoByte213
}
func TaintStepTest_NetUDPConnReadMsgUDP_B0I0O0(sourceCQL interface{}) interface{} {
fromUDPConn468 := sourceCQL.(net.UDPConn)
var intoByte219 []byte
fromUDPConn468.ReadMsgUDP(intoByte219, nil)
return intoByte219
}
func TaintStepTest_NetUDPConnReadMsgUDP_B0I0O1(sourceCQL interface{}) interface{} {
fromUDPConn265 := sourceCQL.(net.UDPConn)
var intoByte971 []byte
fromUDPConn265.ReadMsgUDP(nil, intoByte971)
return intoByte971
}
func TaintStepTest_NetUDPConnSyscallConn_B0I0O0(sourceCQL interface{}) interface{} {
fromUDPConn320 := sourceCQL.(net.UDPConn)
intoRawConn545, _ := fromUDPConn320.SyscallConn()
return intoRawConn545
}
func TaintStepTest_NetUDPConnSyscallConn_B1I0O0(sourceCQL interface{}) interface{} {
fromRawConn566 := sourceCQL.(syscall.RawConn)
var intoUDPConn497 net.UDPConn
intermediateCQL, _ := intoUDPConn497.SyscallConn()
link(fromRawConn566, intermediateCQL)
return intoUDPConn497
}
func TaintStepTest_NetUDPConnWriteMsgUDP_B0I0O0(sourceCQL interface{}) interface{} {
fromByte274 := sourceCQL.([]byte)
var intoUDPConn783 net.UDPConn
intoUDPConn783.WriteMsgUDP(fromByte274, nil, nil)
return intoUDPConn783
}
func TaintStepTest_NetUDPConnWriteMsgUDP_B0I1O0(sourceCQL interface{}) interface{} {
fromByte905 := sourceCQL.([]byte)
var intoUDPConn389 net.UDPConn
intoUDPConn389.WriteMsgUDP(nil, fromByte905, nil)
return intoUDPConn389
}
func TaintStepTest_NetUDPConnWriteTo_B0I0O0(sourceCQL interface{}) interface{} {
fromByte198 := sourceCQL.([]byte)
var intoUDPConn477 net.UDPConn
intoUDPConn477.WriteTo(fromByte198, nil)
return intoUDPConn477
}
func TaintStepTest_NetUDPConnWriteToUDP_B0I0O0(sourceCQL interface{}) interface{} {
fromByte544 := sourceCQL.([]byte)
var intoUDPConn382 net.UDPConn
intoUDPConn382.WriteToUDP(fromByte544, nil)
return intoUDPConn382
}
func TaintStepTest_NetUnixConnReadFrom_B0I0O0(sourceCQL interface{}) interface{} {
fromUnixConn715 := sourceCQL.(net.UnixConn)
var intoByte179 []byte
fromUnixConn715.ReadFrom(intoByte179)
return intoByte179
}
func TaintStepTest_NetUnixConnReadFromUnix_B0I0O0(sourceCQL interface{}) interface{} {
fromUnixConn366 := sourceCQL.(net.UnixConn)
var intoByte648 []byte
fromUnixConn366.ReadFromUnix(intoByte648)
return intoByte648
}
func TaintStepTest_NetUnixConnReadMsgUnix_B0I0O0(sourceCQL interface{}) interface{} {
fromUnixConn544 := sourceCQL.(net.UnixConn)
var intoByte484 []byte
fromUnixConn544.ReadMsgUnix(intoByte484, nil)
return intoByte484
}
func TaintStepTest_NetUnixConnReadMsgUnix_B0I0O1(sourceCQL interface{}) interface{} {
fromUnixConn824 := sourceCQL.(net.UnixConn)
var intoByte754 []byte
fromUnixConn824.ReadMsgUnix(nil, intoByte754)
return intoByte754
}
func TaintStepTest_NetUnixConnSyscallConn_B0I0O0(sourceCQL interface{}) interface{} {
fromUnixConn680 := sourceCQL.(net.UnixConn)
intoRawConn722, _ := fromUnixConn680.SyscallConn()
return intoRawConn722
}
func TaintStepTest_NetUnixConnSyscallConn_B1I0O0(sourceCQL interface{}) interface{} {
fromRawConn506 := sourceCQL.(syscall.RawConn)
var intoUnixConn121 net.UnixConn
intermediateCQL, _ := intoUnixConn121.SyscallConn()
link(fromRawConn506, intermediateCQL)
return intoUnixConn121
}
func TaintStepTest_NetUnixConnWriteMsgUnix_B0I0O0(sourceCQL interface{}) interface{} {
fromByte293 := sourceCQL.([]byte)
var intoUnixConn151 net.UnixConn
intoUnixConn151.WriteMsgUnix(fromByte293, nil, nil)
return intoUnixConn151
}
func TaintStepTest_NetUnixConnWriteMsgUnix_B0I1O0(sourceCQL interface{}) interface{} {
fromByte849 := sourceCQL.([]byte)
var intoUnixConn322 net.UnixConn
intoUnixConn322.WriteMsgUnix(nil, fromByte849, nil)
return intoUnixConn322
}
func TaintStepTest_NetUnixConnWriteTo_B0I0O0(sourceCQL interface{}) interface{} {
fromByte339 := sourceCQL.([]byte)
var intoUnixConn478 net.UnixConn
intoUnixConn478.WriteTo(fromByte339, nil)
return intoUnixConn478
}
func TaintStepTest_NetUnixConnWriteToUnix_B0I0O0(sourceCQL interface{}) interface{} {
fromByte399 := sourceCQL.([]byte)
var intoUnixConn426 net.UnixConn
intoUnixConn426.WriteToUnix(fromByte399, nil)
return intoUnixConn426
}
func TaintStepTest_NetUnixListenerFile_B0I0O0(sourceCQL interface{}) interface{} {
fromUnixListener628 := sourceCQL.(net.UnixListener)
intoFile197, _ := fromUnixListener628.File()
return intoFile197
}
func TaintStepTest_NetUnixListenerFile_B1I0O0(sourceCQL interface{}) interface{} {
fromFile216 := sourceCQL.(*os.File)
var intoUnixListener742 net.UnixListener
intermediateCQL, _ := intoUnixListener742.File()
link(fromFile216, intermediateCQL)
return intoUnixListener742
}
func TaintStepTest_NetUnixListenerSyscallConn_B0I0O0(sourceCQL interface{}) interface{} {
fromUnixListener906 := sourceCQL.(net.UnixListener)
intoRawConn620, _ := fromUnixListener906.SyscallConn()
return intoRawConn620
}
func TaintStepTest_NetUnixListenerSyscallConn_B1I0O0(sourceCQL interface{}) interface{} {
fromRawConn158 := sourceCQL.(syscall.RawConn)
var intoUnixListener353 net.UnixListener
intermediateCQL, _ := intoUnixListener353.SyscallConn()
link(fromRawConn158, intermediateCQL)
return intoUnixListener353
}
func TaintStepTest_NetConnRead_B0I0O0(sourceCQL interface{}) interface{} {
fromConn625 := sourceCQL.(net.Conn)
var intoByte340 []byte
fromConn625.Read(intoByte340)
return intoByte340
}
func TaintStepTest_NetPacketConnReadFrom_B0I0O0(sourceCQL interface{}) interface{} {
fromPacketConn741 := sourceCQL.(net.PacketConn)
var intoByte199 []byte
fromPacketConn741.ReadFrom(intoByte199)
return intoByte199
}
func TaintStepTest_NetAddrString_B0I0O0(sourceCQL interface{}) interface{} {
fromAddr873 := sourceCQL.(net.Addr)
intoString304 := fromAddr873.String()
return intoString304
}
func TaintStepTest_NetConnWrite_B0I0O0(sourceCQL interface{}) interface{} {
fromByte262 := sourceCQL.([]byte)
var intoConn341 net.Conn
intoConn341.Write(fromByte262)
return intoConn341
}
func TaintStepTest_NetPacketConnWriteTo_B0I0O0(sourceCQL interface{}) interface{} {
fromByte495 := sourceCQL.([]byte)
var intoPacketConn976 net.PacketConn
intoPacketConn976.WriteTo(fromByte495, nil)
return intoPacketConn976
}
func RunAllTaints_Net() {
{
source := newSource(0)
out := TaintStepTest_NetFileConn_B0I0O0(source)
sink(0, out)
}
{
source := newSource(1)
out := TaintStepTest_NetFileConn_B1I0O0(source)
sink(1, out)
}
{
source := newSource(2)
out := TaintStepTest_NetFilePacketConn_B0I0O0(source)
sink(2, out)
}
{
source := newSource(3)
out := TaintStepTest_NetFilePacketConn_B1I0O0(source)
sink(3, out)
}
{
source := newSource(4)
out := TaintStepTest_NetJoinHostPort_B0I0O0(source)
sink(4, out)
}
{
source := newSource(5)
out := TaintStepTest_NetJoinHostPort_B0I1O0(source)
sink(5, out)
}
{
source := newSource(6)
out := TaintStepTest_NetPipe_B0I0O0(source)
sink(6, out)
}
{
source := newSource(7)
out := TaintStepTest_NetPipe_B1I0O0(source)
sink(7, out)
}
{
source := newSource(8)
out := TaintStepTest_NetSplitHostPort_B0I0O0(source)
sink(8, out)
}
{
source := newSource(9)
out := TaintStepTest_NetSplitHostPort_B0I0O1(source)
sink(9, out)
}
{
source := newSource(10)
out := TaintStepTest_NetBuffersRead_B0I0O0(source)
sink(10, out)
}
{
source := newSource(11)
out := TaintStepTest_NetBuffersWriteTo_B0I0O0(source)
sink(11, out)
}
{
source := newSource(12)
out := TaintStepTest_NetIPConnReadFrom_B0I0O0(source)
sink(12, out)
}
{
source := newSource(13)
out := TaintStepTest_NetIPConnReadFromIP_B0I0O0(source)
sink(13, out)
}
{
source := newSource(14)
out := TaintStepTest_NetIPConnReadMsgIP_B0I0O0(source)
sink(14, out)
}
{
source := newSource(15)
out := TaintStepTest_NetIPConnReadMsgIP_B0I0O1(source)
sink(15, out)
}
{
source := newSource(16)
out := TaintStepTest_NetIPConnSyscallConn_B0I0O0(source)
sink(16, out)
}
{
source := newSource(17)
out := TaintStepTest_NetIPConnSyscallConn_B1I0O0(source)
sink(17, out)
}
{
source := newSource(18)
out := TaintStepTest_NetIPConnWriteMsgIP_B0I0O0(source)
sink(18, out)
}
{
source := newSource(19)
out := TaintStepTest_NetIPConnWriteMsgIP_B0I1O0(source)
sink(19, out)
}
{
source := newSource(20)
out := TaintStepTest_NetIPConnWriteTo_B0I0O0(source)
sink(20, out)
}
{
source := newSource(21)
out := TaintStepTest_NetIPConnWriteToIP_B0I0O0(source)
sink(21, out)
}
{
source := newSource(22)
out := TaintStepTest_NetTCPConnReadFrom_B0I0O0(source)
sink(22, out)
}
{
source := newSource(23)
out := TaintStepTest_NetTCPConnSyscallConn_B0I0O0(source)
sink(23, out)
}
{
source := newSource(24)
out := TaintStepTest_NetTCPConnSyscallConn_B1I0O0(source)
sink(24, out)
}
{
source := newSource(25)
out := TaintStepTest_NetTCPListenerFile_B0I0O0(source)
sink(25, out)
}
{
source := newSource(26)
out := TaintStepTest_NetTCPListenerFile_B1I0O0(source)
sink(26, out)
}
{
source := newSource(27)
out := TaintStepTest_NetTCPListenerSyscallConn_B0I0O0(source)
sink(27, out)
}
{
source := newSource(28)
out := TaintStepTest_NetTCPListenerSyscallConn_B1I0O0(source)
sink(28, out)
}
{
source := newSource(29)
out := TaintStepTest_NetUDPConnReadFrom_B0I0O0(source)
sink(29, out)
}
{
source := newSource(30)
out := TaintStepTest_NetUDPConnReadFromUDP_B0I0O0(source)
sink(30, out)
}
{
source := newSource(31)
out := TaintStepTest_NetUDPConnReadMsgUDP_B0I0O0(source)
sink(31, out)
}
{
source := newSource(32)
out := TaintStepTest_NetUDPConnReadMsgUDP_B0I0O1(source)
sink(32, out)
}
{
source := newSource(33)
out := TaintStepTest_NetUDPConnSyscallConn_B0I0O0(source)
sink(33, out)
}
{
source := newSource(34)
out := TaintStepTest_NetUDPConnSyscallConn_B1I0O0(source)
sink(34, out)
}
{
source := newSource(35)
out := TaintStepTest_NetUDPConnWriteMsgUDP_B0I0O0(source)
sink(35, out)
}
{
source := newSource(36)
out := TaintStepTest_NetUDPConnWriteMsgUDP_B0I1O0(source)
sink(36, out)
}
{
source := newSource(37)
out := TaintStepTest_NetUDPConnWriteTo_B0I0O0(source)
sink(37, out)
}
{
source := newSource(38)
out := TaintStepTest_NetUDPConnWriteToUDP_B0I0O0(source)
sink(38, out)
}
{
source := newSource(39)
out := TaintStepTest_NetUnixConnReadFrom_B0I0O0(source)
sink(39, out)
}
{
source := newSource(40)
out := TaintStepTest_NetUnixConnReadFromUnix_B0I0O0(source)
sink(40, out)
}
{
source := newSource(41)
out := TaintStepTest_NetUnixConnReadMsgUnix_B0I0O0(source)
sink(41, out)
}
{
source := newSource(42)
out := TaintStepTest_NetUnixConnReadMsgUnix_B0I0O1(source)
sink(42, out)
}
{
source := newSource(43)
out := TaintStepTest_NetUnixConnSyscallConn_B0I0O0(source)
sink(43, out)
}
{
source := newSource(44)
out := TaintStepTest_NetUnixConnSyscallConn_B1I0O0(source)
sink(44, out)
}
{
source := newSource(45)
out := TaintStepTest_NetUnixConnWriteMsgUnix_B0I0O0(source)
sink(45, out)
}
{
source := newSource(46)
out := TaintStepTest_NetUnixConnWriteMsgUnix_B0I1O0(source)
sink(46, out)
}
{
source := newSource(47)
out := TaintStepTest_NetUnixConnWriteTo_B0I0O0(source)
sink(47, out)
}
{
source := newSource(48)
out := TaintStepTest_NetUnixConnWriteToUnix_B0I0O0(source)
sink(48, out)
}
{
source := newSource(49)
out := TaintStepTest_NetUnixListenerFile_B0I0O0(source)
sink(49, out)
}
{
source := newSource(50)
out := TaintStepTest_NetUnixListenerFile_B1I0O0(source)
sink(50, out)
}
{
source := newSource(51)
out := TaintStepTest_NetUnixListenerSyscallConn_B0I0O0(source)
sink(51, out)
}
{
source := newSource(52)
out := TaintStepTest_NetUnixListenerSyscallConn_B1I0O0(source)
sink(52, out)
}
{
source := newSource(53)
out := TaintStepTest_NetConnRead_B0I0O0(source)
sink(53, out)
}
{
source := newSource(54)
out := TaintStepTest_NetPacketConnReadFrom_B0I0O0(source)
sink(54, out)
}
{
source := newSource(55)
out := TaintStepTest_NetAddrString_B0I0O0(source)
sink(55, out)
}
{
source := newSource(56)
out := TaintStepTest_NetConnWrite_B0I0O0(source)
sink(56, out)
}
{
source := newSource(57)
out := TaintStepTest_NetPacketConnWriteTo_B0I0O0(source)
sink(57, out)
}
}

289
ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/NetHttp.go Normal file
View File

@@ -0,0 +1,289 @@
// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT.
package main
import (
"bufio"
"io"
"net/http"
)
func TaintStepTest_NetHttpCanonicalHeaderKey_B0I0O0(sourceCQL interface{}) interface{} {
fromString656 := sourceCQL.(string)
intoString414 := http.CanonicalHeaderKey(fromString656)
return intoString414
}
func TaintStepTest_NetHttpError_B0I0O0(sourceCQL interface{}) interface{} {
fromString518 := sourceCQL.(string)
var intoResponseWriter650 http.ResponseWriter
http.Error(intoResponseWriter650, fromString518, 0)
return intoResponseWriter650
}
func TaintStepTest_NetHttpMaxBytesReader_B0I0O0(sourceCQL interface{}) interface{} {
fromReadCloser784 := sourceCQL.(io.ReadCloser)
intoReadCloser957 := http.MaxBytesReader(nil, fromReadCloser784, 0)
return intoReadCloser957
}
func TaintStepTest_NetHttpReadRequest_B0I0O0(sourceCQL interface{}) interface{} {
fromReader520 := sourceCQL.(*bufio.Reader)
intoRequest443, _ := http.ReadRequest(fromReader520)
return intoRequest443
}
func TaintStepTest_NetHttpReadResponse_B0I0O0(sourceCQL interface{}) interface{} {
fromReader127 := sourceCQL.(*bufio.Reader)
intoResponse483, _ := http.ReadResponse(fromReader127, nil)
return intoResponse483
}
func TaintStepTest_NetHttpSetCookie_B0I0O0(sourceCQL interface{}) interface{} {
fromCookie989 := sourceCQL.(*http.Cookie)
var intoResponseWriter982 http.ResponseWriter
http.SetCookie(intoResponseWriter982, fromCookie989)
return intoResponseWriter982
}
func TaintStepTest_NetHttpHeaderAdd_B0I0O0(sourceCQL interface{}) interface{} {
fromString417 := sourceCQL.(string)
var intoHeader584 http.Header
intoHeader584.Add(fromString417, "")
return intoHeader584
}
func TaintStepTest_NetHttpHeaderAdd_B0I1O0(sourceCQL interface{}) interface{} {
fromString991 := sourceCQL.(string)
var intoHeader881 http.Header
intoHeader881.Add("", fromString991)
return intoHeader881
}
func TaintStepTest_NetHttpHeaderClone_B0I0O0(sourceCQL interface{}) interface{} {
fromHeader186 := sourceCQL.(http.Header)
intoHeader284 := fromHeader186.Clone()
return intoHeader284
}
func TaintStepTest_NetHttpHeaderGet_B0I0O0(sourceCQL interface{}) interface{} {
fromHeader908 := sourceCQL.(http.Header)
intoString137 := fromHeader908.Get("")
return intoString137
}
func TaintStepTest_NetHttpHeaderSet_B0I0O0(sourceCQL interface{}) interface{} {
fromString494 := sourceCQL.(string)
var intoHeader873 http.Header
intoHeader873.Set(fromString494, "")
return intoHeader873
}
func TaintStepTest_NetHttpHeaderSet_B0I1O0(sourceCQL interface{}) interface{} {
fromString599 := sourceCQL.(string)
var intoHeader409 http.Header
intoHeader409.Set("", fromString599)
return intoHeader409
}
func TaintStepTest_NetHttpHeaderValues_B0I0O0(sourceCQL interface{}) interface{} {
fromHeader246 := sourceCQL.(http.Header)
intoString898 := fromHeader246.Values("")
return intoString898
}
func TaintStepTest_NetHttpHeaderWrite_B0I0O0(sourceCQL interface{}) interface{} {
fromHeader598 := sourceCQL.(http.Header)
var intoWriter631 io.Writer
fromHeader598.Write(intoWriter631)
return intoWriter631
}
func TaintStepTest_NetHttpHeaderWriteSubset_B0I0O0(sourceCQL interface{}) interface{} {
fromHeader165 := sourceCQL.(http.Header)
var intoWriter150 io.Writer
fromHeader165.WriteSubset(intoWriter150, nil)
return intoWriter150
}
func TaintStepTest_NetHttpRequestAddCookie_B0I0O0(sourceCQL interface{}) interface{} {
fromCookie340 := sourceCQL.(*http.Cookie)
var intoRequest471 http.Request
intoRequest471.AddCookie(fromCookie340)
return intoRequest471
}
func TaintStepTest_NetHttpRequestClone_B0I0O0(sourceCQL interface{}) interface{} {
fromRequest290 := sourceCQL.(http.Request)
intoRequest758 := fromRequest290.Clone(nil)
return intoRequest758
}
func TaintStepTest_NetHttpRequestWrite_B0I0O0(sourceCQL interface{}) interface{} {
fromRequest396 := sourceCQL.(http.Request)
var intoWriter707 io.Writer
fromRequest396.Write(intoWriter707)
return intoWriter707
}
func TaintStepTest_NetHttpRequestWriteProxy_B0I0O0(sourceCQL interface{}) interface{} {
fromRequest912 := sourceCQL.(http.Request)
var intoWriter718 io.Writer
fromRequest912.WriteProxy(intoWriter718)
return intoWriter718
}
func TaintStepTest_NetHttpResponseWrite_B0I0O0(sourceCQL interface{}) interface{} {
fromResponse972 := sourceCQL.(http.Response)
var intoWriter633 io.Writer
fromResponse972.Write(intoWriter633)
return intoWriter633
}
func TaintStepTest_NetHttpTransportClone_B0I0O0(sourceCQL interface{}) interface{} {
fromTransport316 := sourceCQL.(http.Transport)
intoTransport145 := fromTransport316.Clone()
return intoTransport145
}
func TaintStepTest_NetHttpHijackerHijack_B0I0O0(sourceCQL interface{}) interface{} {
fromHijacker817 := sourceCQL.(http.Hijacker)
intoConn474, _, _ := fromHijacker817.Hijack()
return intoConn474
}
func TaintStepTest_NetHttpHijackerHijack_B0I0O1(sourceCQL interface{}) interface{} {
fromHijacker832 := sourceCQL.(http.Hijacker)
_, intoReadWriter378, _ := fromHijacker832.Hijack()
return intoReadWriter378
}
func TaintStepTest_NetHttpResponseWriterWrite_B0I0O0(sourceCQL interface{}) interface{} {
fromByte541 := sourceCQL.([]byte)
var intoResponseWriter139 http.ResponseWriter
intoResponseWriter139.Write(fromByte541)
return intoResponseWriter139
}
func RunAllTaints_NetHttp() {
{
source := newSource(0)
out := TaintStepTest_NetHttpCanonicalHeaderKey_B0I0O0(source)
sink(0, out)
}
{
source := newSource(1)
out := TaintStepTest_NetHttpError_B0I0O0(source)
sink(1, out)
}
{
source := newSource(2)
out := TaintStepTest_NetHttpMaxBytesReader_B0I0O0(source)
sink(2, out)
}
{
source := newSource(3)
out := TaintStepTest_NetHttpReadRequest_B0I0O0(source)
sink(3, out)
}
{
source := newSource(4)
out := TaintStepTest_NetHttpReadResponse_B0I0O0(source)
sink(4, out)
}
{
source := newSource(5)
out := TaintStepTest_NetHttpSetCookie_B0I0O0(source)
sink(5, out)
}
{
source := newSource(6)
out := TaintStepTest_NetHttpHeaderAdd_B0I0O0(source)
sink(6, out)
}
{
source := newSource(7)
out := TaintStepTest_NetHttpHeaderAdd_B0I1O0(source)
sink(7, out)
}
{
source := newSource(8)
out := TaintStepTest_NetHttpHeaderClone_B0I0O0(source)
sink(8, out)
}
{
source := newSource(9)
out := TaintStepTest_NetHttpHeaderGet_B0I0O0(source)
sink(9, out)
}
{
source := newSource(10)
out := TaintStepTest_NetHttpHeaderSet_B0I0O0(source)
sink(10, out)
}
{
source := newSource(11)
out := TaintStepTest_NetHttpHeaderSet_B0I1O0(source)
sink(11, out)
}
{
source := newSource(12)
out := TaintStepTest_NetHttpHeaderValues_B0I0O0(source)
sink(12, out)
}
{
source := newSource(13)
out := TaintStepTest_NetHttpHeaderWrite_B0I0O0(source)
sink(13, out)
}
{
source := newSource(14)
out := TaintStepTest_NetHttpHeaderWriteSubset_B0I0O0(source)
sink(14, out)
}
{
source := newSource(15)
out := TaintStepTest_NetHttpRequestAddCookie_B0I0O0(source)
sink(15, out)
}
{
source := newSource(16)
out := TaintStepTest_NetHttpRequestClone_B0I0O0(source)
sink(16, out)
}
{
source := newSource(17)
out := TaintStepTest_NetHttpRequestWrite_B0I0O0(source)
sink(17, out)
}
{
source := newSource(18)
out := TaintStepTest_NetHttpRequestWriteProxy_B0I0O0(source)
sink(18, out)
}
{
source := newSource(19)
out := TaintStepTest_NetHttpResponseWrite_B0I0O0(source)
sink(19, out)
}
{
source := newSource(20)
out := TaintStepTest_NetHttpTransportClone_B0I0O0(source)
sink(20, out)
}
{
source := newSource(21)
out := TaintStepTest_NetHttpHijackerHijack_B0I0O0(source)
sink(21, out)
}
{
source := newSource(22)
out := TaintStepTest_NetHttpHijackerHijack_B0I0O1(source)
sink(22, out)
}
{
source := newSource(23)
out := TaintStepTest_NetHttpResponseWriterWrite_B0I0O0(source)
sink(23, out)
}
}

234
ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/NetHttpHttputil.go Normal file
View File

@@ -0,0 +1,234 @@
// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT.
package main
import (
"bufio"
"io"
"net"
"net/http"
"net/http/httputil"
)
func TaintStepTest_NetHttpHttputilDumpRequest_B0I0O0(sourceCQL interface{}) interface{} {
fromRequest656 := sourceCQL.(*http.Request)
intoByte414, _ := httputil.DumpRequest(fromRequest656, false)
return intoByte414
}
func TaintStepTest_NetHttpHttputilDumpRequestOut_B0I0O0(sourceCQL interface{}) interface{} {
fromRequest518 := sourceCQL.(*http.Request)
intoByte650, _ := httputil.DumpRequestOut(fromRequest518, false)
return intoByte650
}
func TaintStepTest_NetHttpHttputilDumpResponse_B0I0O0(sourceCQL interface{}) interface{} {
fromResponse784 := sourceCQL.(*http.Response)
intoByte957, _ := httputil.DumpResponse(fromResponse784, false)
return intoByte957
}
func TaintStepTest_NetHttpHttputilNewChunkedReader_B0I0O0(sourceCQL interface{}) interface{} {
fromReader520 := sourceCQL.(io.Reader)
intoReader443 := httputil.NewChunkedReader(fromReader520)
return intoReader443
}
func TaintStepTest_NetHttpHttputilNewChunkedWriter_B0I0O0(sourceCQL interface{}) interface{} {
fromWriteCloser127 := sourceCQL.(io.WriteCloser)
var intoWriter483 io.Writer
intermediateCQL := httputil.NewChunkedWriter(intoWriter483)
link(fromWriteCloser127, intermediateCQL)
return intoWriter483
}
func TaintStepTest_NetHttpHttputilNewClientConn_B0I0O0(sourceCQL interface{}) interface{} {
fromConn989 := sourceCQL.(net.Conn)
intoClientConn982 := httputil.NewClientConn(fromConn989, nil)
return intoClientConn982
}
func TaintStepTest_NetHttpHttputilNewClientConn_B0I1O0(sourceCQL interface{}) interface{} {
fromReader417 := sourceCQL.(*bufio.Reader)
intoClientConn584 := httputil.NewClientConn(nil, fromReader417)
return intoClientConn584
}
func TaintStepTest_NetHttpHttputilNewClientConn_B1I0O0(sourceCQL interface{}) interface{} {
fromClientConn991 := sourceCQL.(*httputil.ClientConn)
var intoConn881 net.Conn
intermediateCQL := httputil.NewClientConn(intoConn881, nil)
link(fromClientConn991, intermediateCQL)
return intoConn881
}
func TaintStepTest_NetHttpHttputilNewProxyClientConn_B0I0O0(sourceCQL interface{}) interface{} {
fromConn186 := sourceCQL.(net.Conn)
intoClientConn284 := httputil.NewProxyClientConn(fromConn186, nil)
return intoClientConn284
}
func TaintStepTest_NetHttpHttputilNewProxyClientConn_B0I1O0(sourceCQL interface{}) interface{} {
fromReader908 := sourceCQL.(*bufio.Reader)
intoClientConn137 := httputil.NewProxyClientConn(nil, fromReader908)
return intoClientConn137
}
func TaintStepTest_NetHttpHttputilNewProxyClientConn_B1I0O0(sourceCQL interface{}) interface{} {
fromClientConn494 := sourceCQL.(*httputil.ClientConn)
var intoConn873 net.Conn
intermediateCQL := httputil.NewProxyClientConn(intoConn873, nil)
link(fromClientConn494, intermediateCQL)
return intoConn873
}
func TaintStepTest_NetHttpHttputilClientConnHijack_B0I0O0(sourceCQL interface{}) interface{} {
fromClientConn599 := sourceCQL.(httputil.ClientConn)
intoConn409, _ := fromClientConn599.Hijack()
return intoConn409
}
func TaintStepTest_NetHttpHttputilClientConnHijack_B0I0O1(sourceCQL interface{}) interface{} {
fromClientConn246 := sourceCQL.(httputil.ClientConn)
_, intoReader898 := fromClientConn246.Hijack()
return intoReader898
}
func TaintStepTest_NetHttpHttputilClientConnHijack_B1I0O0(sourceCQL interface{}) interface{} {
fromConn598 := sourceCQL.(net.Conn)
var intoClientConn631 httputil.ClientConn
intermediateCQL, _ := intoClientConn631.Hijack()
link(fromConn598, intermediateCQL)
return intoClientConn631
}
func TaintStepTest_NetHttpHttputilServerConnHijack_B0I0O0(sourceCQL interface{}) interface{} {
fromServerConn165 := sourceCQL.(httputil.ServerConn)
intoConn150, _ := fromServerConn165.Hijack()
return intoConn150
}
func TaintStepTest_NetHttpHttputilServerConnHijack_B0I0O1(sourceCQL interface{}) interface{} {
fromServerConn340 := sourceCQL.(httputil.ServerConn)
_, intoReader471 := fromServerConn340.Hijack()
return intoReader471
}
func TaintStepTest_NetHttpHttputilServerConnHijack_B1I0O0(sourceCQL interface{}) interface{} {
fromConn290 := sourceCQL.(net.Conn)
var intoServerConn758 httputil.ServerConn
intermediateCQL, _ := intoServerConn758.Hijack()
link(fromConn290, intermediateCQL)
return intoServerConn758
}
func TaintStepTest_NetHttpHttputilBufferPoolGet_B0I0O0(sourceCQL interface{}) interface{} {
fromBufferPool396 := sourceCQL.(httputil.BufferPool)
intoByte707 := fromBufferPool396.Get()
return intoByte707
}
func TaintStepTest_NetHttpHttputilBufferPoolPut_B0I0O0(sourceCQL interface{}) interface{} {
fromByte912 := sourceCQL.([]byte)
var intoBufferPool718 httputil.BufferPool
intoBufferPool718.Put(fromByte912)
return intoBufferPool718
}
func RunAllTaints_NetHttpHttputil() {
{
source := newSource(0)
out := TaintStepTest_NetHttpHttputilDumpRequest_B0I0O0(source)
sink(0, out)
}
{
source := newSource(1)
out := TaintStepTest_NetHttpHttputilDumpRequestOut_B0I0O0(source)
sink(1, out)
}
{
source := newSource(2)
out := TaintStepTest_NetHttpHttputilDumpResponse_B0I0O0(source)
sink(2, out)
}
{
source := newSource(3)
out := TaintStepTest_NetHttpHttputilNewChunkedReader_B0I0O0(source)
sink(3, out)
}
{
source := newSource(4)
out := TaintStepTest_NetHttpHttputilNewChunkedWriter_B0I0O0(source)
sink(4, out)
}
{
source := newSource(5)
out := TaintStepTest_NetHttpHttputilNewClientConn_B0I0O0(source)
sink(5, out)
}
{
source := newSource(6)
out := TaintStepTest_NetHttpHttputilNewClientConn_B0I1O0(source)
sink(6, out)
}
{
source := newSource(7)
out := TaintStepTest_NetHttpHttputilNewClientConn_B1I0O0(source)
sink(7, out)
}
{
source := newSource(8)
out := TaintStepTest_NetHttpHttputilNewProxyClientConn_B0I0O0(source)
sink(8, out)
}
{
source := newSource(9)
out := TaintStepTest_NetHttpHttputilNewProxyClientConn_B0I1O0(source)
sink(9, out)
}
{
source := newSource(10)
out := TaintStepTest_NetHttpHttputilNewProxyClientConn_B1I0O0(source)
sink(10, out)
}
{
source := newSource(11)
out := TaintStepTest_NetHttpHttputilClientConnHijack_B0I0O0(source)
sink(11, out)
}
{
source := newSource(12)
out := TaintStepTest_NetHttpHttputilClientConnHijack_B0I0O1(source)
sink(12, out)
}
{
source := newSource(13)
out := TaintStepTest_NetHttpHttputilClientConnHijack_B1I0O0(source)
sink(13, out)
}
{
source := newSource(14)
out := TaintStepTest_NetHttpHttputilServerConnHijack_B0I0O0(source)
sink(14, out)
}
{
source := newSource(15)
out := TaintStepTest_NetHttpHttputilServerConnHijack_B0I0O1(source)
sink(15, out)
}
{
source := newSource(16)
out := TaintStepTest_NetHttpHttputilServerConnHijack_B1I0O0(source)
sink(16, out)
}
{
source := newSource(17)
out := TaintStepTest_NetHttpHttputilBufferPoolGet_B0I0O0(source)
sink(17, out)
}
{
source := newSource(18)
out := TaintStepTest_NetHttpHttputilBufferPoolPut_B0I0O0(source)
sink(18, out)
}
}

79
ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/NetMail.go Normal file
View File

@@ -0,0 +1,79 @@
// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT.
package main
import (
"io"
"net/mail"
)
func TaintStepTest_NetMailParseAddress_B0I0O0(sourceCQL interface{}) interface{} {
fromString656 := sourceCQL.(string)
intoAddress414, _ := mail.ParseAddress(fromString656)
return intoAddress414
}
func TaintStepTest_NetMailParseAddressList_B0I0O0(sourceCQL interface{}) interface{} {
fromString518 := sourceCQL.(string)
intoAddress650, _ := mail.ParseAddressList(fromString518)
return intoAddress650
}
func TaintStepTest_NetMailReadMessage_B0I0O0(sourceCQL interface{}) interface{} {
fromReader784 := sourceCQL.(io.Reader)
intoMessage957, _ := mail.ReadMessage(fromReader784)
return intoMessage957
}
func TaintStepTest_NetMailAddressParserParse_B0I0O0(sourceCQL interface{}) interface{} {
fromString520 := sourceCQL.(string)
var mediumObjCQL mail.AddressParser
intoAddress443, _ := mediumObjCQL.Parse(fromString520)
return intoAddress443
}
func TaintStepTest_NetMailAddressParserParseList_B0I0O0(sourceCQL interface{}) interface{} {
fromString127 := sourceCQL.(string)
var mediumObjCQL mail.AddressParser
intoAddress483, _ := mediumObjCQL.ParseList(fromString127)
return intoAddress483
}
func TaintStepTest_NetMailHeaderGet_B0I0O0(sourceCQL interface{}) interface{} {
fromHeader989 := sourceCQL.(mail.Header)
intoString982 := fromHeader989.Get("")
return intoString982
}
func RunAllTaints_NetMail() {
{
source := newSource(0)
out := TaintStepTest_NetMailParseAddress_B0I0O0(source)
sink(0, out)
}
{
source := newSource(1)
out := TaintStepTest_NetMailParseAddressList_B0I0O0(source)
sink(1, out)
}
{
source := newSource(2)
out := TaintStepTest_NetMailReadMessage_B0I0O0(source)
sink(2, out)
}
{
source := newSource(3)
out := TaintStepTest_NetMailAddressParserParse_B0I0O0(source)
sink(3, out)
}
{
source := newSource(4)
out := TaintStepTest_NetMailAddressParserParseList_B0I0O0(source)
sink(4, out)
}
{
source := newSource(5)
out := TaintStepTest_NetMailHeaderGet_B0I0O0(source)
sink(5, out)
}
}

310
ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/NetTextproto.go Normal file
View File

@@ -0,0 +1,310 @@
// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT.
package main
import (
"bufio"
"io"
"net/textproto"
)
func TaintStepTest_NetTextprotoCanonicalMIMEHeaderKey_B0I0O0(sourceCQL interface{}) interface{} {
fromString656 := sourceCQL.(string)
intoString414 := textproto.CanonicalMIMEHeaderKey(fromString656)
return intoString414
}
func TaintStepTest_NetTextprotoNewConn_B0I0O0(sourceCQL interface{}) interface{} {
fromReadWriteCloser518 := sourceCQL.(io.ReadWriteCloser)
intoConn650 := textproto.NewConn(fromReadWriteCloser518)
return intoConn650
}
func TaintStepTest_NetTextprotoNewConn_B1I0O0(sourceCQL interface{}) interface{} {
fromConn784 := sourceCQL.(*textproto.Conn)
var intoReadWriteCloser957 io.ReadWriteCloser
intermediateCQL := textproto.NewConn(intoReadWriteCloser957)
link(fromConn784, intermediateCQL)
return intoReadWriteCloser957
}
func TaintStepTest_NetTextprotoNewReader_B0I0O0(sourceCQL interface{}) interface{} {
fromReader520 := sourceCQL.(*bufio.Reader)
intoReader443 := textproto.NewReader(fromReader520)
return intoReader443
}
func TaintStepTest_NetTextprotoNewWriter_B0I0O0(sourceCQL interface{}) interface{} {
fromWriter127 := sourceCQL.(*textproto.Writer)
var intoWriter483 *bufio.Writer
intermediateCQL := textproto.NewWriter(intoWriter483)
link(fromWriter127, intermediateCQL)
return intoWriter483
}
func TaintStepTest_NetTextprotoTrimBytes_B0I0O0(sourceCQL interface{}) interface{} {
fromByte989 := sourceCQL.([]byte)
intoByte982 := textproto.TrimBytes(fromByte989)
return intoByte982
}
func TaintStepTest_NetTextprotoTrimString_B0I0O0(sourceCQL interface{}) interface{} {
fromString417 := sourceCQL.(string)
intoString584 := textproto.TrimString(fromString417)
return intoString584
}
func TaintStepTest_NetTextprotoMIMEHeaderAdd_B0I0O0(sourceCQL interface{}) interface{} {
fromString991 := sourceCQL.(string)
var intoMIMEHeader881 textproto.MIMEHeader
intoMIMEHeader881.Add(fromString991, "")
return intoMIMEHeader881
}
func TaintStepTest_NetTextprotoMIMEHeaderAdd_B0I1O0(sourceCQL interface{}) interface{} {
fromString186 := sourceCQL.(string)
var intoMIMEHeader284 textproto.MIMEHeader
intoMIMEHeader284.Add("", fromString186)
return intoMIMEHeader284
}
func TaintStepTest_NetTextprotoMIMEHeaderGet_B0I0O0(sourceCQL interface{}) interface{} {
fromMIMEHeader908 := sourceCQL.(textproto.MIMEHeader)
intoString137 := fromMIMEHeader908.Get("")
return intoString137
}
func TaintStepTest_NetTextprotoMIMEHeaderSet_B0I0O0(sourceCQL interface{}) interface{} {
fromString494 := sourceCQL.(string)
var intoMIMEHeader873 textproto.MIMEHeader
intoMIMEHeader873.Set(fromString494, "")
return intoMIMEHeader873
}
func TaintStepTest_NetTextprotoMIMEHeaderSet_B0I1O0(sourceCQL interface{}) interface{} {
fromString599 := sourceCQL.(string)
var intoMIMEHeader409 textproto.MIMEHeader
intoMIMEHeader409.Set("", fromString599)
return intoMIMEHeader409
}
func TaintStepTest_NetTextprotoMIMEHeaderValues_B0I0O0(sourceCQL interface{}) interface{} {
fromMIMEHeader246 := sourceCQL.(textproto.MIMEHeader)
intoString898 := fromMIMEHeader246.Values("")
return intoString898
}
func TaintStepTest_NetTextprotoReaderDotReader_B0I0O0(sourceCQL interface{}) interface{} {
fromReader598 := sourceCQL.(textproto.Reader)
intoReader631 := fromReader598.DotReader()
return intoReader631
}
func TaintStepTest_NetTextprotoReaderReadCodeLine_B0I0O0(sourceCQL interface{}) interface{} {
fromReader165 := sourceCQL.(textproto.Reader)
_, intoString150, _ := fromReader165.ReadCodeLine(0)
return intoString150
}
func TaintStepTest_NetTextprotoReaderReadContinuedLine_B0I0O0(sourceCQL interface{}) interface{} {
fromReader340 := sourceCQL.(textproto.Reader)
intoString471, _ := fromReader340.ReadContinuedLine()
return intoString471
}
func TaintStepTest_NetTextprotoReaderReadContinuedLineBytes_B0I0O0(sourceCQL interface{}) interface{} {
fromReader290 := sourceCQL.(textproto.Reader)
intoByte758, _ := fromReader290.ReadContinuedLineBytes()
return intoByte758
}
func TaintStepTest_NetTextprotoReaderReadDotBytes_B0I0O0(sourceCQL interface{}) interface{} {
fromReader396 := sourceCQL.(textproto.Reader)
intoByte707, _ := fromReader396.ReadDotBytes()
return intoByte707
}
func TaintStepTest_NetTextprotoReaderReadDotLines_B0I0O0(sourceCQL interface{}) interface{} {
fromReader912 := sourceCQL.(textproto.Reader)
intoString718, _ := fromReader912.ReadDotLines()
return intoString718
}
func TaintStepTest_NetTextprotoReaderReadLine_B0I0O0(sourceCQL interface{}) interface{} {
fromReader972 := sourceCQL.(textproto.Reader)
intoString633, _ := fromReader972.ReadLine()
return intoString633
}
func TaintStepTest_NetTextprotoReaderReadLineBytes_B0I0O0(sourceCQL interface{}) interface{} {
fromReader316 := sourceCQL.(textproto.Reader)
intoByte145, _ := fromReader316.ReadLineBytes()
return intoByte145
}
func TaintStepTest_NetTextprotoReaderReadMIMEHeader_B0I0O0(sourceCQL interface{}) interface{} {
fromReader817 := sourceCQL.(textproto.Reader)
intoMIMEHeader474, _ := fromReader817.ReadMIMEHeader()
return intoMIMEHeader474
}
func TaintStepTest_NetTextprotoReaderReadResponse_B0I0O0(sourceCQL interface{}) interface{} {
fromReader832 := sourceCQL.(textproto.Reader)
_, intoString378, _ := fromReader832.ReadResponse(0)
return intoString378
}
func TaintStepTest_NetTextprotoWriterDotWriter_B0I0O0(sourceCQL interface{}) interface{} {
fromWriteCloser541 := sourceCQL.(io.WriteCloser)
var intoWriter139 textproto.Writer
intermediateCQL := intoWriter139.DotWriter()
link(fromWriteCloser541, intermediateCQL)
return intoWriter139
}
func TaintStepTest_NetTextprotoWriterPrintfLine_B0I0O0(sourceCQL interface{}) interface{} {
fromString814 := sourceCQL.(string)
var intoWriter768 textproto.Writer
intoWriter768.PrintfLine(fromString814, nil)
return intoWriter768
}
func TaintStepTest_NetTextprotoWriterPrintfLine_B0I1O0(sourceCQL interface{}) interface{} {
fromInterface468 := sourceCQL.(interface{})
var intoWriter736 textproto.Writer
intoWriter736.PrintfLine("", fromInterface468)
return intoWriter736
}
func RunAllTaints_NetTextproto() {
{
source := newSource(0)
out := TaintStepTest_NetTextprotoCanonicalMIMEHeaderKey_B0I0O0(source)
sink(0, out)
}
{
source := newSource(1)
out := TaintStepTest_NetTextprotoNewConn_B0I0O0(source)
sink(1, out)
}
{
source := newSource(2)
out := TaintStepTest_NetTextprotoNewConn_B1I0O0(source)
sink(2, out)
}
{
source := newSource(3)
out := TaintStepTest_NetTextprotoNewReader_B0I0O0(source)
sink(3, out)
}
{
source := newSource(4)
out := TaintStepTest_NetTextprotoNewWriter_B0I0O0(source)
sink(4, out)
}
{
source := newSource(5)
out := TaintStepTest_NetTextprotoTrimBytes_B0I0O0(source)
sink(5, out)
}
{
source := newSource(6)
out := TaintStepTest_NetTextprotoTrimString_B0I0O0(source)
sink(6, out)
}
{
source := newSource(7)
out := TaintStepTest_NetTextprotoMIMEHeaderAdd_B0I0O0(source)
sink(7, out)
}
{
source := newSource(8)
out := TaintStepTest_NetTextprotoMIMEHeaderAdd_B0I1O0(source)
sink(8, out)
}
{
source := newSource(9)
out := TaintStepTest_NetTextprotoMIMEHeaderGet_B0I0O0(source)
sink(9, out)
}
{
source := newSource(10)
out := TaintStepTest_NetTextprotoMIMEHeaderSet_B0I0O0(source)
sink(10, out)
}
{
source := newSource(11)
out := TaintStepTest_NetTextprotoMIMEHeaderSet_B0I1O0(source)
sink(11, out)
}
{
source := newSource(12)
out := TaintStepTest_NetTextprotoMIMEHeaderValues_B0I0O0(source)
sink(12, out)
}
{
source := newSource(13)
out := TaintStepTest_NetTextprotoReaderDotReader_B0I0O0(source)
sink(13, out)
}
{
source := newSource(14)
out := TaintStepTest_NetTextprotoReaderReadCodeLine_B0I0O0(source)
sink(14, out)
}
{
source := newSource(15)
out := TaintStepTest_NetTextprotoReaderReadContinuedLine_B0I0O0(source)
sink(15, out)
}
{
source := newSource(16)
out := TaintStepTest_NetTextprotoReaderReadContinuedLineBytes_B0I0O0(source)
sink(16, out)
}
{
source := newSource(17)
out := TaintStepTest_NetTextprotoReaderReadDotBytes_B0I0O0(source)
sink(17, out)
}
{
source := newSource(18)
out := TaintStepTest_NetTextprotoReaderReadDotLines_B0I0O0(source)
sink(18, out)
}
{
source := newSource(19)
out := TaintStepTest_NetTextprotoReaderReadLine_B0I0O0(source)
sink(19, out)
}
{
source := newSource(20)
out := TaintStepTest_NetTextprotoReaderReadLineBytes_B0I0O0(source)
sink(20, out)
}
{
source := newSource(21)
out := TaintStepTest_NetTextprotoReaderReadMIMEHeader_B0I0O0(source)
sink(21, out)
}
{
source := newSource(22)
out := TaintStepTest_NetTextprotoReaderReadResponse_B0I0O0(source)
sink(22, out)
}
{
source := newSource(23)
out := TaintStepTest_NetTextprotoWriterDotWriter_B0I0O0(source)
sink(23, out)
}
{
source := newSource(24)
out := TaintStepTest_NetTextprotoWriterPrintfLine_B0I0O0(source)
sink(24, out)
}
{
source := newSource(25)
out := TaintStepTest_NetTextprotoWriterPrintfLine_B0I1O0(source)
sink(25, out)
}
}

151
ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Os.go Normal file
View File

@@ -0,0 +1,151 @@
// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT.
package main
import (
"os"
"syscall"
)
func TaintStepTest_OsExpand_B0I0O0(sourceCQL interface{}) interface{} {
fromString656 := sourceCQL.(string)
intoString414 := os.Expand(fromString656, nil)
return intoString414
}
func TaintStepTest_OsExpandEnv_B0I0O0(sourceCQL interface{}) interface{} {
fromString518 := sourceCQL.(string)
intoString650 := os.ExpandEnv(fromString518)
return intoString650
}
func TaintStepTest_OsNewFile_B0I0O0(sourceCQL interface{}) interface{} {
fromUintptr784 := sourceCQL.(uintptr)
intoFile957 := os.NewFile(fromUintptr784, "")
return intoFile957
}
func TaintStepTest_OsPipe_B0I0O0(sourceCQL interface{}) interface{} {
fromFile520 := sourceCQL.(*os.File)
intoFile443, intermediateCQL, _ := os.Pipe()
link(fromFile520, intermediateCQL)
return intoFile443
}
func TaintStepTest_OsFileFd_B0I0O0(sourceCQL interface{}) interface{} {
fromFile127 := sourceCQL.(os.File)
intoUintptr483 := fromFile127.Fd()
return intoUintptr483
}
func TaintStepTest_OsFileRead_B0I0O0(sourceCQL interface{}) interface{} {
fromFile989 := sourceCQL.(os.File)
var intoByte982 []byte
fromFile989.Read(intoByte982)
return intoByte982
}
func TaintStepTest_OsFileReadAt_B0I0O0(sourceCQL interface{}) interface{} {
fromFile417 := sourceCQL.(os.File)
var intoByte584 []byte
fromFile417.ReadAt(intoByte584, 0)
return intoByte584
}
func TaintStepTest_OsFileSyscallConn_B0I0O0(sourceCQL interface{}) interface{} {
fromFile991 := sourceCQL.(os.File)
intoRawConn881, _ := fromFile991.SyscallConn()
return intoRawConn881
}
func TaintStepTest_OsFileSyscallConn_B1I0O0(sourceCQL interface{}) interface{} {
fromRawConn186 := sourceCQL.(syscall.RawConn)
var intoFile284 os.File
intermediateCQL, _ := intoFile284.SyscallConn()
link(fromRawConn186, intermediateCQL)
return intoFile284
}
func TaintStepTest_OsFileWrite_B0I0O0(sourceCQL interface{}) interface{} {
fromByte908 := sourceCQL.([]byte)
var intoFile137 os.File
intoFile137.Write(fromByte908)
return intoFile137
}
func TaintStepTest_OsFileWriteAt_B0I0O0(sourceCQL interface{}) interface{} {
fromByte494 := sourceCQL.([]byte)
var intoFile873 os.File
intoFile873.WriteAt(fromByte494, 0)
return intoFile873
}
func TaintStepTest_OsFileWriteString_B0I0O0(sourceCQL interface{}) interface{} {
fromString599 := sourceCQL.(string)
var intoFile409 os.File
intoFile409.WriteString(fromString599)
return intoFile409
}
func RunAllTaints_Os() {
{
source := newSource(0)
out := TaintStepTest_OsExpand_B0I0O0(source)
sink(0, out)
}
{
source := newSource(1)
out := TaintStepTest_OsExpandEnv_B0I0O0(source)
sink(1, out)
}
{
source := newSource(2)
out := TaintStepTest_OsNewFile_B0I0O0(source)
sink(2, out)
}
{
source := newSource(3)
out := TaintStepTest_OsPipe_B0I0O0(source)
sink(3, out)
}
{
source := newSource(4)
out := TaintStepTest_OsFileFd_B0I0O0(source)
sink(4, out)
}
{
source := newSource(5)
out := TaintStepTest_OsFileRead_B0I0O0(source)
sink(5, out)
}
{
source := newSource(6)
out := TaintStepTest_OsFileReadAt_B0I0O0(source)
sink(6, out)
}
{
source := newSource(7)
out := TaintStepTest_OsFileSyscallConn_B0I0O0(source)
sink(7, out)
}
{
source := newSource(8)
out := TaintStepTest_OsFileSyscallConn_B1I0O0(source)
sink(8, out)
}
{
source := newSource(9)
out := TaintStepTest_OsFileWrite_B0I0O0(source)
sink(9, out)
}
{
source := newSource(10)
out := TaintStepTest_OsFileWriteAt_B0I0O0(source)
sink(10, out)
}
{
source := newSource(11)
out := TaintStepTest_OsFileWriteString_B0I0O0(source)
sink(11, out)
}
}

371
ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Regexp.go Normal file
View File

@@ -0,0 +1,371 @@
// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT.
package main
import "regexp"
func TaintStepTest_RegexpQuoteMeta_B0I0O0(sourceCQL interface{}) interface{} {
fromString656 := sourceCQL.(string)
intoString414 := regexp.QuoteMeta(fromString656)
return intoString414
}
func TaintStepTest_RegexpRegexpExpand_B0I0O0(sourceCQL interface{}) interface{} {
fromByte518 := sourceCQL.([]byte)
var intoByte650 []byte
var mediumObjCQL regexp.Regexp
mediumObjCQL.Expand(intoByte650, fromByte518, nil, nil)
return intoByte650
}
func TaintStepTest_RegexpRegexpExpand_B0I0O1(sourceCQL interface{}) interface{} {
fromByte784 := sourceCQL.([]byte)
var mediumObjCQL regexp.Regexp
intoByte957 := mediumObjCQL.Expand(nil, fromByte784, nil, nil)
return intoByte957
}
func TaintStepTest_RegexpRegexpExpand_B0I1O0(sourceCQL interface{}) interface{} {
fromByte520 := sourceCQL.([]byte)
var intoByte443 []byte
var mediumObjCQL regexp.Regexp
mediumObjCQL.Expand(intoByte443, nil, fromByte520, nil)
return intoByte443
}
func TaintStepTest_RegexpRegexpExpand_B0I1O1(sourceCQL interface{}) interface{} {
fromByte127 := sourceCQL.([]byte)
var mediumObjCQL regexp.Regexp
intoByte483 := mediumObjCQL.Expand(nil, nil, fromByte127, nil)
return intoByte483
}
func TaintStepTest_RegexpRegexpExpandString_B0I0O0(sourceCQL interface{}) interface{} {
fromString989 := sourceCQL.(string)
var intoByte982 []byte
var mediumObjCQL regexp.Regexp
mediumObjCQL.ExpandString(intoByte982, fromString989, "", nil)
return intoByte982
}
func TaintStepTest_RegexpRegexpExpandString_B0I0O1(sourceCQL interface{}) interface{} {
fromString417 := sourceCQL.(string)
var mediumObjCQL regexp.Regexp
intoByte584 := mediumObjCQL.ExpandString(nil, fromString417, "", nil)
return intoByte584
}
func TaintStepTest_RegexpRegexpExpandString_B0I1O0(sourceCQL interface{}) interface{} {
fromString991 := sourceCQL.(string)
var intoByte881 []byte
var mediumObjCQL regexp.Regexp
mediumObjCQL.ExpandString(intoByte881, "", fromString991, nil)
return intoByte881
}
func TaintStepTest_RegexpRegexpExpandString_B0I1O1(sourceCQL interface{}) interface{} {
fromString186 := sourceCQL.(string)
var mediumObjCQL regexp.Regexp
intoByte284 := mediumObjCQL.ExpandString(nil, "", fromString186, nil)
return intoByte284
}
func TaintStepTest_RegexpRegexpFind_B0I0O0(sourceCQL interface{}) interface{} {
fromByte908 := sourceCQL.([]byte)
var mediumObjCQL regexp.Regexp
intoByte137 := mediumObjCQL.Find(fromByte908)
return intoByte137
}
func TaintStepTest_RegexpRegexpFindAll_B0I0O0(sourceCQL interface{}) interface{} {
fromByte494 := sourceCQL.([]byte)
var mediumObjCQL regexp.Regexp
intoByte873 := mediumObjCQL.FindAll(fromByte494, 0)
return intoByte873
}
func TaintStepTest_RegexpRegexpFindAllString_B0I0O0(sourceCQL interface{}) interface{} {
fromString599 := sourceCQL.(string)
var mediumObjCQL regexp.Regexp
intoString409 := mediumObjCQL.FindAllString(fromString599, 0)
return intoString409
}
func TaintStepTest_RegexpRegexpFindAllStringSubmatch_B0I0O0(sourceCQL interface{}) interface{} {
fromString246 := sourceCQL.(string)
var mediumObjCQL regexp.Regexp
intoString898 := mediumObjCQL.FindAllStringSubmatch(fromString246, 0)
return intoString898
}
func TaintStepTest_RegexpRegexpFindAllSubmatch_B0I0O0(sourceCQL interface{}) interface{} {
fromByte598 := sourceCQL.([]byte)
var mediumObjCQL regexp.Regexp
intoByte631 := mediumObjCQL.FindAllSubmatch(fromByte598, 0)
return intoByte631
}
func TaintStepTest_RegexpRegexpFindString_B0I0O0(sourceCQL interface{}) interface{} {
fromString165 := sourceCQL.(string)
var mediumObjCQL regexp.Regexp
intoString150 := mediumObjCQL.FindString(fromString165)
return intoString150
}
func TaintStepTest_RegexpRegexpFindStringSubmatch_B0I0O0(sourceCQL interface{}) interface{} {
fromString340 := sourceCQL.(string)
var mediumObjCQL regexp.Regexp
intoString471 := mediumObjCQL.FindStringSubmatch(fromString340)
return intoString471
}
func TaintStepTest_RegexpRegexpFindSubmatch_B0I0O0(sourceCQL interface{}) interface{} {
fromByte290 := sourceCQL.([]byte)
var mediumObjCQL regexp.Regexp
intoByte758 := mediumObjCQL.FindSubmatch(fromByte290)
return intoByte758
}
func TaintStepTest_RegexpRegexpReplaceAll_B0I0O0(sourceCQL interface{}) interface{} {
fromByte396 := sourceCQL.([]byte)
var mediumObjCQL regexp.Regexp
intoByte707 := mediumObjCQL.ReplaceAll(fromByte396, nil)
return intoByte707
}
func TaintStepTest_RegexpRegexpReplaceAll_B0I1O0(sourceCQL interface{}) interface{} {
fromByte912 := sourceCQL.([]byte)
var mediumObjCQL regexp.Regexp
intoByte718 := mediumObjCQL.ReplaceAll(nil, fromByte912)
return intoByte718
}
func TaintStepTest_RegexpRegexpReplaceAllFunc_B0I0O0(sourceCQL interface{}) interface{} {
fromByte972 := sourceCQL.([]byte)
var mediumObjCQL regexp.Regexp
intoByte633 := mediumObjCQL.ReplaceAllFunc(fromByte972, nil)
return intoByte633
}
func TaintStepTest_RegexpRegexpReplaceAllFunc_B0I1O0(sourceCQL interface{}) interface{} {
fromFuncbytebyte316 := sourceCQL.(func([]byte) []byte)
var mediumObjCQL regexp.Regexp
intoByte145 := mediumObjCQL.ReplaceAllFunc(nil, fromFuncbytebyte316)
return intoByte145
}
func TaintStepTest_RegexpRegexpReplaceAllLiteral_B0I0O0(sourceCQL interface{}) interface{} {
fromByte817 := sourceCQL.([]byte)
var mediumObjCQL regexp.Regexp
intoByte474 := mediumObjCQL.ReplaceAllLiteral(fromByte817, nil)
return intoByte474
}
func TaintStepTest_RegexpRegexpReplaceAllLiteral_B0I1O0(sourceCQL interface{}) interface{} {
fromByte832 := sourceCQL.([]byte)
var mediumObjCQL regexp.Regexp
intoByte378 := mediumObjCQL.ReplaceAllLiteral(nil, fromByte832)
return intoByte378
}
func TaintStepTest_RegexpRegexpReplaceAllLiteralString_B0I0O0(sourceCQL interface{}) interface{} {
fromString541 := sourceCQL.(string)
var mediumObjCQL regexp.Regexp
intoString139 := mediumObjCQL.ReplaceAllLiteralString(fromString541, "")
return intoString139
}
func TaintStepTest_RegexpRegexpReplaceAllLiteralString_B0I1O0(sourceCQL interface{}) interface{} {
fromString814 := sourceCQL.(string)
var mediumObjCQL regexp.Regexp
intoString768 := mediumObjCQL.ReplaceAllLiteralString("", fromString814)
return intoString768
}
func TaintStepTest_RegexpRegexpReplaceAllString_B0I0O0(sourceCQL interface{}) interface{} {
fromString468 := sourceCQL.(string)
var mediumObjCQL regexp.Regexp
intoString736 := mediumObjCQL.ReplaceAllString(fromString468, "")
return intoString736
}
func TaintStepTest_RegexpRegexpReplaceAllString_B0I1O0(sourceCQL interface{}) interface{} {
fromString516 := sourceCQL.(string)
var mediumObjCQL regexp.Regexp
intoString246 := mediumObjCQL.ReplaceAllString("", fromString516)
return intoString246
}
func TaintStepTest_RegexpRegexpReplaceAllStringFunc_B0I0O0(sourceCQL interface{}) interface{} {
fromString679 := sourceCQL.(string)
var mediumObjCQL regexp.Regexp
intoString736 := mediumObjCQL.ReplaceAllStringFunc(fromString679, nil)
return intoString736
}
func TaintStepTest_RegexpRegexpReplaceAllStringFunc_B0I1O0(sourceCQL interface{}) interface{} {
fromFuncstringString839 := sourceCQL.(func(string) string)
var mediumObjCQL regexp.Regexp
intoString273 := mediumObjCQL.ReplaceAllStringFunc("", fromFuncstringString839)
return intoString273
}
func TaintStepTest_RegexpRegexpSplit_B0I0O0(sourceCQL interface{}) interface{} {
fromString982 := sourceCQL.(string)
var mediumObjCQL regexp.Regexp
intoString458 := mediumObjCQL.Split(fromString982, 0)
return intoString458
}
func RunAllTaints_Regexp() {
{
source := newSource(0)
out := TaintStepTest_RegexpQuoteMeta_B0I0O0(source)
sink(0, out)
}
{
source := newSource(1)
out := TaintStepTest_RegexpRegexpExpand_B0I0O0(source)
sink(1, out)
}
{
source := newSource(2)
out := TaintStepTest_RegexpRegexpExpand_B0I0O1(source)
sink(2, out)
}
{
source := newSource(3)
out := TaintStepTest_RegexpRegexpExpand_B0I1O0(source)
sink(3, out)
}
{
source := newSource(4)
out := TaintStepTest_RegexpRegexpExpand_B0I1O1(source)
sink(4, out)
}
{
source := newSource(5)
out := TaintStepTest_RegexpRegexpExpandString_B0I0O0(source)
sink(5, out)
}
{
source := newSource(6)
out := TaintStepTest_RegexpRegexpExpandString_B0I0O1(source)
sink(6, out)
}
{
source := newSource(7)
out := TaintStepTest_RegexpRegexpExpandString_B0I1O0(source)
sink(7, out)
}
{
source := newSource(8)
out := TaintStepTest_RegexpRegexpExpandString_B0I1O1(source)
sink(8, out)
}
{
source := newSource(9)
out := TaintStepTest_RegexpRegexpFind_B0I0O0(source)
sink(9, out)
}
{
source := newSource(10)
out := TaintStepTest_RegexpRegexpFindAll_B0I0O0(source)
sink(10, out)
}
{
source := newSource(11)
out := TaintStepTest_RegexpRegexpFindAllString_B0I0O0(source)
sink(11, out)
}
{
source := newSource(12)
out := TaintStepTest_RegexpRegexpFindAllStringSubmatch_B0I0O0(source)
sink(12, out)
}
{
source := newSource(13)
out := TaintStepTest_RegexpRegexpFindAllSubmatch_B0I0O0(source)
sink(13, out)
}
{
source := newSource(14)
out := TaintStepTest_RegexpRegexpFindString_B0I0O0(source)
sink(14, out)
}
{
source := newSource(15)
out := TaintStepTest_RegexpRegexpFindStringSubmatch_B0I0O0(source)
sink(15, out)
}
{
source := newSource(16)
out := TaintStepTest_RegexpRegexpFindSubmatch_B0I0O0(source)
sink(16, out)
}
{
source := newSource(17)
out := TaintStepTest_RegexpRegexpReplaceAll_B0I0O0(source)
sink(17, out)
}
{
source := newSource(18)
out := TaintStepTest_RegexpRegexpReplaceAll_B0I1O0(source)
sink(18, out)
}
{
source := newSource(19)
out := TaintStepTest_RegexpRegexpReplaceAllFunc_B0I0O0(source)
sink(19, out)
}
{
source := newSource(20)
out := TaintStepTest_RegexpRegexpReplaceAllFunc_B0I1O0(source)
sink(20, out)
}
{
source := newSource(21)
out := TaintStepTest_RegexpRegexpReplaceAllLiteral_B0I0O0(source)
sink(21, out)
}
{
source := newSource(22)
out := TaintStepTest_RegexpRegexpReplaceAllLiteral_B0I1O0(source)
sink(22, out)
}
{
source := newSource(23)
out := TaintStepTest_RegexpRegexpReplaceAllLiteralString_B0I0O0(source)
sink(23, out)
}
{
source := newSource(24)
out := TaintStepTest_RegexpRegexpReplaceAllLiteralString_B0I1O0(source)
sink(24, out)
}
{
source := newSource(25)
out := TaintStepTest_RegexpRegexpReplaceAllString_B0I0O0(source)
sink(25, out)
}
{
source := newSource(26)
out := TaintStepTest_RegexpRegexpReplaceAllString_B0I1O0(source)
sink(26, out)
}
{
source := newSource(27)
out := TaintStepTest_RegexpRegexpReplaceAllStringFunc_B0I0O0(source)
sink(27, out)
}
{
source := newSource(28)
out := TaintStepTest_RegexpRegexpReplaceAllStringFunc_B0I1O0(source)
sink(28, out)
}
{
source := newSource(29)
out := TaintStepTest_RegexpRegexpSplit_B0I0O0(source)
sink(29, out)
}
}

19
ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Sort.go Normal file
View File

@@ -0,0 +1,19 @@
// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT.
package main
import "sort"
func TaintStepTest_SortReverse_B0I0O0(sourceCQL interface{}) interface{} {
fromInterface656 := sourceCQL.(sort.Interface)
intoInterface414 := sort.Reverse(fromInterface656)
return intoInterface414
}
func RunAllTaints_Sort() {
{
source := newSource(0)
out := TaintStepTest_SortReverse_B0I0O0(source)
sink(0, out)
}
}

125
ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Sync.go Normal file
View File

@@ -0,0 +1,125 @@
// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT.
package main
import "sync"
func TaintStepTest_SyncMapLoad_B0I0O0(sourceCQL interface{}) interface{} {
fromMap656 := sourceCQL.(sync.Map)
intoInterface414, _ := fromMap656.Load(nil)
return intoInterface414
}
func TaintStepTest_SyncMapLoadOrStore_B0I0O0(sourceCQL interface{}) interface{} {
fromMap518 := sourceCQL.(sync.Map)
intoInterface650, _ := fromMap518.LoadOrStore(nil, nil)
return intoInterface650
}
func TaintStepTest_SyncMapLoadOrStore_B1I0O0(sourceCQL interface{}) interface{} {
fromInterface784 := sourceCQL.(interface{})
var intoMap957 sync.Map
intoMap957.LoadOrStore(fromInterface784, nil)
return intoMap957
}
func TaintStepTest_SyncMapLoadOrStore_B1I0O1(sourceCQL interface{}) interface{} {
fromInterface520 := sourceCQL.(interface{})
var mediumObjCQL sync.Map
intoInterface443, _ := mediumObjCQL.LoadOrStore(fromInterface520, nil)
return intoInterface443
}
func TaintStepTest_SyncMapLoadOrStore_B1I1O0(sourceCQL interface{}) interface{} {
fromInterface127 := sourceCQL.(interface{})
var intoMap483 sync.Map
intoMap483.LoadOrStore(nil, fromInterface127)
return intoMap483
}
func TaintStepTest_SyncMapLoadOrStore_B1I1O1(sourceCQL interface{}) interface{} {
fromInterface989 := sourceCQL.(interface{})
var mediumObjCQL sync.Map
intoInterface982, _ := mediumObjCQL.LoadOrStore(nil, fromInterface989)
return intoInterface982
}
func TaintStepTest_SyncMapStore_B0I0O0(sourceCQL interface{}) interface{} {
fromInterface417 := sourceCQL.(interface{})
var intoMap584 sync.Map
intoMap584.Store(fromInterface417, nil)
return intoMap584
}
func TaintStepTest_SyncMapStore_B0I1O0(sourceCQL interface{}) interface{} {
fromInterface991 := sourceCQL.(interface{})
var intoMap881 sync.Map
intoMap881.Store(nil, fromInterface991)
return intoMap881
}
func TaintStepTest_SyncPoolGet_B0I0O0(sourceCQL interface{}) interface{} {
fromPool186 := sourceCQL.(sync.Pool)
intoInterface284 := fromPool186.Get()
return intoInterface284
}
func TaintStepTest_SyncPoolPut_B0I0O0(sourceCQL interface{}) interface{} {
fromInterface908 := sourceCQL.(interface{})
var intoPool137 sync.Pool
intoPool137.Put(fromInterface908)
return intoPool137
}
func RunAllTaints_Sync() {
{
source := newSource(0)
out := TaintStepTest_SyncMapLoad_B0I0O0(source)
sink(0, out)
}
{
source := newSource(1)
out := TaintStepTest_SyncMapLoadOrStore_B0I0O0(source)
sink(1, out)
}
{
source := newSource(2)
out := TaintStepTest_SyncMapLoadOrStore_B1I0O0(source)
sink(2, out)
}
{
source := newSource(3)
out := TaintStepTest_SyncMapLoadOrStore_B1I0O1(source)
sink(3, out)
}
{
source := newSource(4)
out := TaintStepTest_SyncMapLoadOrStore_B1I1O0(source)
sink(4, out)
}
{
source := newSource(5)
out := TaintStepTest_SyncMapLoadOrStore_B1I1O1(source)
sink(5, out)
}
{
source := newSource(6)
out := TaintStepTest_SyncMapStore_B0I0O0(source)
sink(6, out)
}
{
source := newSource(7)
out := TaintStepTest_SyncMapStore_B0I1O0(source)
sink(7, out)
}
{
source := newSource(8)
out := TaintStepTest_SyncPoolGet_B0I0O0(source)
sink(8, out)
}
{
source := newSource(9)
out := TaintStepTest_SyncPoolPut_B0I0O0(source)
sink(9, out)
}
}

173
ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/SyncAtomic.go Normal file
View File

@@ -0,0 +1,173 @@
// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT.
package main
import (
"sync/atomic"
"unsafe"
)
func TaintStepTest_SyncAtomicAddUintptr_B0I0O0(sourceCQL interface{}) interface{} {
fromUintptr656 := sourceCQL.(uintptr)
var intoUintptr414 *uintptr
atomic.AddUintptr(intoUintptr414, fromUintptr656)
return intoUintptr414
}
func TaintStepTest_SyncAtomicAddUintptr_B0I0O1(sourceCQL interface{}) interface{} {
fromUintptr518 := sourceCQL.(uintptr)
intoUintptr650 := atomic.AddUintptr(nil, fromUintptr518)
return intoUintptr650
}
func TaintStepTest_SyncAtomicCompareAndSwapPointer_B0I0O0(sourceCQL interface{}) interface{} {
fromPointer784 := sourceCQL.(unsafe.Pointer)
var intoPointer957 *unsafe.Pointer
atomic.CompareAndSwapPointer(intoPointer957, nil, fromPointer784)
return intoPointer957
}
func TaintStepTest_SyncAtomicCompareAndSwapUintptr_B0I0O0(sourceCQL interface{}) interface{} {
fromUintptr520 := sourceCQL.(uintptr)
var intoUintptr443 *uintptr
atomic.CompareAndSwapUintptr(intoUintptr443, 0, fromUintptr520)
return intoUintptr443
}
func TaintStepTest_SyncAtomicLoadPointer_B0I0O0(sourceCQL interface{}) interface{} {
fromPointer127 := sourceCQL.(*unsafe.Pointer)
intoPointer483 := atomic.LoadPointer(fromPointer127)
return intoPointer483
}
func TaintStepTest_SyncAtomicLoadUintptr_B0I0O0(sourceCQL interface{}) interface{} {
fromUintptr989 := sourceCQL.(*uintptr)
intoUintptr982 := atomic.LoadUintptr(fromUintptr989)
return intoUintptr982
}
func TaintStepTest_SyncAtomicStorePointer_B0I0O0(sourceCQL interface{}) interface{} {
fromPointer417 := sourceCQL.(unsafe.Pointer)
var intoPointer584 *unsafe.Pointer
atomic.StorePointer(intoPointer584, fromPointer417)
return intoPointer584
}
func TaintStepTest_SyncAtomicStoreUintptr_B0I0O0(sourceCQL interface{}) interface{} {
fromUintptr991 := sourceCQL.(uintptr)
var intoUintptr881 *uintptr
atomic.StoreUintptr(intoUintptr881, fromUintptr991)
return intoUintptr881
}
func TaintStepTest_SyncAtomicSwapPointer_B0I0O0(sourceCQL interface{}) interface{} {
fromPointer186 := sourceCQL.(unsafe.Pointer)
var intoPointer284 *unsafe.Pointer
atomic.SwapPointer(intoPointer284, fromPointer186)
return intoPointer284
}
func TaintStepTest_SyncAtomicSwapPointer_B1I0O0(sourceCQL interface{}) interface{} {
fromPointer908 := sourceCQL.(*unsafe.Pointer)
intoPointer137 := atomic.SwapPointer(fromPointer908, nil)
return intoPointer137
}
func TaintStepTest_SyncAtomicSwapUintptr_B0I0O0(sourceCQL interface{}) interface{} {
fromUintptr494 := sourceCQL.(uintptr)
var intoUintptr873 *uintptr
atomic.SwapUintptr(intoUintptr873, fromUintptr494)
return intoUintptr873
}
func TaintStepTest_SyncAtomicSwapUintptr_B1I0O0(sourceCQL interface{}) interface{} {
fromUintptr599 := sourceCQL.(*uintptr)
intoUintptr409 := atomic.SwapUintptr(fromUintptr599, 0)
return intoUintptr409
}
func TaintStepTest_SyncAtomicValueLoad_B0I0O0(sourceCQL interface{}) interface{} {
fromValue246 := sourceCQL.(atomic.Value)
intoInterface898 := fromValue246.Load()
return intoInterface898
}
func TaintStepTest_SyncAtomicValueStore_B0I0O0(sourceCQL interface{}) interface{} {
fromInterface598 := sourceCQL.(interface{})
var intoValue631 atomic.Value
intoValue631.Store(fromInterface598)
return intoValue631
}
func RunAllTaints_SyncAtomic() {
{
source := newSource(0)
out := TaintStepTest_SyncAtomicAddUintptr_B0I0O0(source)
sink(0, out)
}
{
source := newSource(1)
out := TaintStepTest_SyncAtomicAddUintptr_B0I0O1(source)
sink(1, out)
}
{
source := newSource(2)
out := TaintStepTest_SyncAtomicCompareAndSwapPointer_B0I0O0(source)
sink(2, out)
}
{
source := newSource(3)
out := TaintStepTest_SyncAtomicCompareAndSwapUintptr_B0I0O0(source)
sink(3, out)
}
{
source := newSource(4)
out := TaintStepTest_SyncAtomicLoadPointer_B0I0O0(source)
sink(4, out)
}
{
source := newSource(5)
out := TaintStepTest_SyncAtomicLoadUintptr_B0I0O0(source)
sink(5, out)
}
{
source := newSource(6)
out := TaintStepTest_SyncAtomicStorePointer_B0I0O0(source)
sink(6, out)
}
{
source := newSource(7)
out := TaintStepTest_SyncAtomicStoreUintptr_B0I0O0(source)
sink(7, out)
}
{
source := newSource(8)
out := TaintStepTest_SyncAtomicSwapPointer_B0I0O0(source)
sink(8, out)
}
{
source := newSource(9)
out := TaintStepTest_SyncAtomicSwapPointer_B1I0O0(source)
sink(9, out)
}
{
source := newSource(10)
out := TaintStepTest_SyncAtomicSwapUintptr_B0I0O0(source)
sink(10, out)
}
{
source := newSource(11)
out := TaintStepTest_SyncAtomicSwapUintptr_B1I0O0(source)
sink(11, out)
}
{
source := newSource(12)
out := TaintStepTest_SyncAtomicValueLoad_B0I0O0(source)
sink(12, out)
}
{
source := newSource(13)
out := TaintStepTest_SyncAtomicValueStore_B0I0O0(source)
sink(13, out)
}
}

100
ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Syscall.go Normal file
View File

@@ -0,0 +1,100 @@
// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT.
package main
import "syscall"
func TaintStepTest_SyscallBytePtrFromString_B0I0O0(sourceCQL interface{}) interface{} {
fromString656 := sourceCQL.(string)
intoByte414, _ := syscall.BytePtrFromString(fromString656)
return intoByte414
}
func TaintStepTest_SyscallByteSliceFromString_B0I0O0(sourceCQL interface{}) interface{} {
fromString518 := sourceCQL.(string)
intoByte650, _ := syscall.ByteSliceFromString(fromString518)
return intoByte650
}
func TaintStepTest_SyscallStringBytePtr_B0I0O0(sourceCQL interface{}) interface{} {
fromString784 := sourceCQL.(string)
intoByte957 := syscall.StringBytePtr(fromString784)
return intoByte957
}
func TaintStepTest_SyscallStringByteSlice_B0I0O0(sourceCQL interface{}) interface{} {
fromString520 := sourceCQL.(string)
intoByte443 := syscall.StringByteSlice(fromString520)
return intoByte443
}
func TaintStepTest_SyscallRawConnRead_B0I0O0(sourceCQL interface{}) interface{} {
fromRawConn989 := sourceCQL.(syscall.RawConn)
var intoFuncfdUintptrdoneBool982 func(uintptr) bool
fromRawConn989.Read(intoFuncfdUintptrdoneBool982)
return intoFuncfdUintptrdoneBool982
}
func TaintStepTest_SyscallConnSyscallConn_B0I0O0(sourceCQL interface{}) interface{} {
fromConn417 := sourceCQL.(syscall.Conn)
intoRawConn584, _ := fromConn417.SyscallConn()
return intoRawConn584
}
func TaintStepTest_SyscallConnSyscallConn_B1I0O0(sourceCQL interface{}) interface{} {
fromRawConn991 := sourceCQL.(syscall.RawConn)
var intoConn881 syscall.Conn
intermediateCQL, _ := intoConn881.SyscallConn()
link(fromRawConn991, intermediateCQL)
return intoConn881
}
func TaintStepTest_SyscallRawConnWrite_B0I0O0(sourceCQL interface{}) interface{} {
fromFuncfdUintptrdoneBool186 := sourceCQL.(func(uintptr) bool)
var intoRawConn284 syscall.RawConn
intoRawConn284.Write(fromFuncfdUintptrdoneBool186)
return intoRawConn284
}
func RunAllTaints_Syscall() {
{
source := newSource(0)
out := TaintStepTest_SyscallBytePtrFromString_B0I0O0(source)
sink(0, out)
}
{
source := newSource(1)
out := TaintStepTest_SyscallByteSliceFromString_B0I0O0(source)
sink(1, out)
}
{
source := newSource(2)
out := TaintStepTest_SyscallStringBytePtr_B0I0O0(source)
sink(2, out)
}
{
source := newSource(3)
out := TaintStepTest_SyscallStringByteSlice_B0I0O0(source)
sink(3, out)
}
{
source := newSource(5)
out := TaintStepTest_SyscallRawConnRead_B0I0O0(source)
sink(5, out)
}
{
source := newSource(6)
out := TaintStepTest_SyscallConnSyscallConn_B0I0O0(source)
sink(6, out)
}
{
source := newSource(7)
out := TaintStepTest_SyscallConnSyscallConn_B1I0O0(source)
sink(7, out)
}
{
source := newSource(8)
out := TaintStepTest_SyscallRawConnWrite_B0I0O0(source)
sink(8, out)
}
}

21
ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Syscall_non_win.go Normal file
View File

@@ -0,0 +1,21 @@
// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT.
// +build !windows
package main
import "syscall"
func TaintStepTest_SyscallStringSlicePtr_B0I0O0(sourceCQL interface{}) interface{} {
fromString127 := sourceCQL.([]string)
intoByte483 := syscall.StringSlicePtr(fromString127)
return intoByte483
}
func RunAllTaints_Syscall_Non_Windows() {
{
source := newSource(4)
out := TaintStepTest_SyscallStringSlicePtr_B0I0O0(source)
sink(4, out)
}
}