hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 00:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add support for flow through content of global variables

Browse Source
This commit is contained in:
Chris Smowton
2024-06-04 12:11:34 +01:00
parent 197cdab43d
commit 822f6eebfb
2 changed files with 25 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll
View File

@@ -102,10 +102,14 @@ private Field getASparselyUsedChannelTypedField() {
* global or static variable.
*/
predicate jumpStep(Node n1, Node n2) {
exists(ValueEntity v, Write w |
exists(ValueEntity v |
not v instanceof SsaSourceVariable and
not v instanceof Field and
w.writes(v, n1) and
(
any(Write w).writes(v, n1)
or
n1.(DataFlow::PostUpdateNode).getPreUpdateNode() = v.getARead()
) and
n2 = v.getARead()
)
or

38
go/ql/test/library-tests/semmle/go/dataflow/GlobalVariableSideEffects/globalVariable.go
View File

@@ -14,13 +14,13 @@ func main() {
test1()
test2()
sink(globalScalar) // $ hasValueFlow="globalScalar (from source 0)" MISSING: hasValueFlow="globalScalar (from source 10)"
sink(globalArray[0]) // $ MISSING: hasValueFlow="index expression (from source 1)" hasValueFlow="index expression (from source 11)"
sink(globalSlice[0]) // $ MISSING: hasValueFlow="index expression (from source 2)" hasValueFlow="index expression (from source 12)"
sink(globalArray[0]) // $ hasValueFlow="index expression (from source 1)" hasValueFlow="index expression (from source 11)"
sink(globalSlice[0]) // $ hasValueFlow="index expression (from source 2)" hasValueFlow="index expression (from source 12)"
for val := range globalMap1 {
sink(val) // $ MISSING: hasValueFlow="val (from source 3)" hasValueFlow="val (from source 13)"
sink(val) // $ hasValueFlow="val (from source 3)" hasValueFlow="val (from source 13)"
}
for _, val := range globalMap2 {
sink(val) // $ MISSING: hasValueFlow="val (from source 4)" hasValueFlow="val (from source 14)"
sink(val) // $ hasValueFlow="val (from source 4)" hasValueFlow="val (from source 14)"
}
}
@@ -33,29 +33,29 @@ func test1() {
}
func test2() {
taintScalar(&globalScalar, 10)
taintArray(globalArray, 11)
taintSlice(globalSlice, 12)
taintMapKey(globalMap1, 13)
taintMapValue(globalMap2, 14)
taintScalar(&globalScalar)
taintArray(globalArray)
taintSlice(globalSlice)
taintMapKey(globalMap1)
taintMapValue(globalMap2)
}
func taintScalar(x *any, n int) {
*x = source(n)
func taintScalar(x *any) {
*x = source(10)
}
func taintArray(x [1]any, n int) {
x[0] = source(n)
func taintArray(x [1]any) {
x[0] = source(11)
}
func taintSlice(x []any, n int) {
x[0] = source(n)
func taintSlice(x []any) {
x[0] = source(12)
}
func taintMapKey(x map[any]any, n int) {
x[source(n)] = ""
func taintMapKey(x map[any]any) {
x[source(13)] = ""
}
func taintMapValue(x map[any]any, n int) {
x[""] = source(n)
func taintMapValue(x map[any]any) {
x[""] = source(14)
}