hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use more flowTo.

Browse Source
This commit is contained in:
Anders Schack-Mulligen
2025-12-03 14:12:08 +01:00
parent dc6d3fe7ba
commit 78e1879c9e
18 changed files with 19 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
go/ql/lib/semmle/go/security/AllocationSizeOverflow.qll
View File

@@ -27,7 +27,7 @@ module AllocationSizeOverflow {
private module FindLargeLensFlow = TaintTracking::Global<FindLargeLensConfig>;
private DataFlow::CallNode getALargeLenCall() {
exists(DataFlow::Node lenArg | FindLargeLensFlow::flow(_, lenArg) |
exists(DataFlow::Node lenArg | FindLargeLensFlow::flowTo(lenArg) |
result.getArgument(0) = lenArg
)
}

2
go/ql/lib/semmle/go/security/ExternalAPIs.qll
View File

@@ -211,7 +211,7 @@ module UntrustedDataToUnknownExternalApiFlow =
/** A node representing untrusted data being passed to an external API. */
class UntrustedExternalApiDataNode extends ExternalApiDataNode {
UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) }
UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flowTo(this) }
/** Gets a source of untrusted data which is passed to this external API data node. */
DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }

2
go/ql/src/Security/CWE-601/OpenUrlRedirect.ql
View File

@@ -21,6 +21,6 @@ where
OpenUrlRedirect::Flow::flowPath(source, sink) and
// this excludes flow from safe parts of request URLs, for example the full URL when the
// doing a redirect from `http://<path>` to `https://<path>`
not SafeUrlFlow::Flow::flow(_, sink.getNode())
not SafeUrlFlow::Flow::flowTo(sink.getNode())
select sink.getNode(), source, sink, "This path to an untrusted URL redirection depends on a $@.",
source.getNode(), "user-provided value"

2
go/ql/src/Security/CWE-918/RequestForgery.ql
View File

@@ -21,6 +21,6 @@ where
RequestForgery::Flow::flowPath(source, sink) and
request = sink.getNode().(RequestForgery::Sink).getARequest() and
// this excludes flow from safe parts of request URLs, for example the full URL
not SafeUrlFlow::Flow::flow(_, sink.getNode())
not SafeUrlFlow::Flow::flowTo(sink.getNode())
select request, source, sink, "The $@ of this request depends on a $@.", sink.getNode(),
sink.getNode().(RequestForgery::Sink).getKind(), source, "user-provided value"