From 71dbb244f9d7c262d74b780ec38a668a50b1183b Mon Sep 17 00:00:00 2001 From: Slavomir Date: Sat, 12 Sep 2020 12:12:04 +0200 Subject: [PATCH] Move existing `Regexp` module to stdlib --- ql/src/semmle/go/frameworks/Stdlib.qll | 64 ------------------- ql/src/semmle/go/frameworks/stdlib/Regexp.qll | 61 ++++++++++++++++++ 2 files changed, 61 insertions(+), 64 deletions(-) diff --git a/ql/src/semmle/go/frameworks/Stdlib.qll b/ql/src/semmle/go/frameworks/Stdlib.qll index 918f7fbb40e..ada71378491 100644 --- a/ql/src/semmle/go/frameworks/Stdlib.qll +++ b/ql/src/semmle/go/frameworks/Stdlib.qll @@ -606,70 +606,6 @@ module URL { } } -/** Provides models of commonly used APIs in the `regexp` package. */ -module Regexp { - private class Pattern extends RegexpPattern::Range, DataFlow::ArgumentNode { - string fnName; - - Pattern() { - exists(Function fn | fnName.matches("Match%") or fnName.matches("%Compile%") | - fn.hasQualifiedName("regexp", fnName) and - this = fn.getACall().getArgument(0) - ) - } - - override DataFlow::Node getAParse() { result = this.getCall() } - - override string getPattern() { result = this.asExpr().getStringValue() } - - override DataFlow::Node getAUse() { - fnName.matches("MustCompile%") and - result = this.getCall().getASuccessor*() - or - fnName.matches("Compile%") and - result = this.getCall().getResult(0).getASuccessor*() - or - result = this - } - } - - private class MatchFunction extends RegexpMatchFunction::Range, Function { - MatchFunction() { - exists(string fn | fn.matches("Match%") | this.hasQualifiedName("regexp", fn)) - } - - override FunctionInput getRegexpArg() { result.isParameter(0) } - - override FunctionInput getValue() { result.isParameter(1) } - - override FunctionOutput getResult() { result.isResult(0) } - } - - private class MatchMethod extends RegexpMatchFunction::Range, Method { - MatchMethod() { - exists(string fn | fn.matches("Match%") | this.hasQualifiedName("regexp", "Regexp", fn)) - } - - override FunctionInput getRegexpArg() { result.isReceiver() } - - override FunctionInput getValue() { result.isParameter(0) } - - override FunctionOutput getResult() { result.isResult() } - } - - private class ReplaceFunction extends RegexpReplaceFunction::Range, Method { - ReplaceFunction() { - exists(string fn | fn.matches("ReplaceAll%") | this.hasQualifiedName("regexp", "Regexp", fn)) - } - - override FunctionInput getRegexpArg() { result.isReceiver() } - - override FunctionInput getSource() { result.isParameter(0) } - - override FunctionOutput getResult() { result.isResult() } - } -} - /** Provides models of commonly used functions in the `log` package. */ module Log { private class LogCall extends LoggerCall::Range, DataFlow::CallNode { diff --git a/ql/src/semmle/go/frameworks/stdlib/Regexp.qll b/ql/src/semmle/go/frameworks/stdlib/Regexp.qll index 208efbd0334..cb971fba942 100644 --- a/ql/src/semmle/go/frameworks/stdlib/Regexp.qll +++ b/ql/src/semmle/go/frameworks/stdlib/Regexp.qll @@ -6,6 +6,67 @@ import go /** Provides models of commonly used functions in the `regexp` package. */ module Regexp { + private class Pattern extends RegexpPattern::Range, DataFlow::ArgumentNode { + string fnName; + + Pattern() { + exists(Function fn | fnName.matches("Match%") or fnName.matches("%Compile%") | + fn.hasQualifiedName("regexp", fnName) and + this = fn.getACall().getArgument(0) + ) + } + + override DataFlow::Node getAParse() { result = this.getCall() } + + override string getPattern() { result = this.asExpr().getStringValue() } + + override DataFlow::Node getAUse() { + fnName.matches("MustCompile%") and + result = this.getCall().getASuccessor*() + or + fnName.matches("Compile%") and + result = this.getCall().getResult(0).getASuccessor*() + or + result = this + } + } + + private class MatchFunction extends RegexpMatchFunction::Range, Function { + MatchFunction() { + exists(string fn | fn.matches("Match%") | this.hasQualifiedName("regexp", fn)) + } + + override FunctionInput getRegexpArg() { result.isParameter(0) } + + override FunctionInput getValue() { result.isParameter(1) } + + override FunctionOutput getResult() { result.isResult(0) } + } + + private class MatchMethod extends RegexpMatchFunction::Range, Method { + MatchMethod() { + exists(string fn | fn.matches("Match%") | this.hasQualifiedName("regexp", "Regexp", fn)) + } + + override FunctionInput getRegexpArg() { result.isReceiver() } + + override FunctionInput getValue() { result.isParameter(0) } + + override FunctionOutput getResult() { result.isResult() } + } + + private class ReplaceFunction extends RegexpReplaceFunction::Range, Method { + ReplaceFunction() { + exists(string fn | fn.matches("ReplaceAll%") | this.hasQualifiedName("regexp", "Regexp", fn)) + } + + override FunctionInput getRegexpArg() { result.isReceiver() } + + override FunctionInput getSource() { result.isParameter(0) } + + override FunctionOutput getResult() { result.isResult() } + } + private class FunctionModels extends TaintTracking::FunctionModel { FunctionInput inp; FunctionOutput outp;