Merge pull request #427 from owen-mc/model-kubernetes-secret

Model kubernetes SecretInterface

change-notes/2020-12-09-clear-text-logging-source.md

@@ -0,0 +1,2 @@
+lgtm,codescanning
+* The query "Clear-text logging of sensitive information" has been improved to recognize `SecretInterface` from `k8s.io/client-go/kubernetes/typed/core/v1` as a source of sensitive data, which may lead to more alerts.

ql/src/go.qll

@@ -39,6 +39,7 @@ import semmle.go.frameworks.Gin
 import semmle.go.frameworks.Glog
 import semmle.go.frameworks.GoRestfulHttp
 import semmle.go.frameworks.K8sIoApimachineryPkgRuntime
+import semmle.go.frameworks.K8sIoClientGo
 import semmle.go.frameworks.Logrus
 import semmle.go.frameworks.Macaron
 import semmle.go.frameworks.Mux

ql/src/semmle/go/frameworks/K8sIoClientGo.qll

@@ -0,0 +1,29 @@
+/** Provides models of commonly used functions in the `k8s.io/client-go/kubernetes/typed/core/v1` package. */
+
+import go
+
+/**
+ * Provides models of commonly used functions in the `k8s.io/client-go/kubernetes/typed/core/v1`
+ * package.
+ */
+module K8sIoClientGo {
+  /** Gets the package name. */
+  bindingset[result]
+  string packagePath() { result = package("k8s.io/client-go", "kubernetes/typed/core/v1") }
+
+  /**
+   * A model of `SecretInterface` methods that are sources of secret data.
+   */
+  private class SecretInterfaceSourceMethod extends Method {
+    SecretInterfaceSourceMethod() {
+      this.implements(packagePath(), "SecretInterface", ["Get", "List", "Patch"])
+    }
+  }
+
+  /**
+   * A model of `SecretInterface` as a source of secret data.
+   */
+  class SecretInterfaceSource extends DataFlow::Node {
+    SecretInterfaceSource() { this = any(SecretInterfaceSourceMethod g).getACall().getResult(0) }
+  }
+}

ql/src/semmle/go/security/CleartextLoggingCustomizations.qll

@@ -184,6 +184,10 @@ module CleartextLogging {
     override string describe() { result = "HTTP request headers" }
   }
 
+  private class KubernetesSecretInterfaceSource extends Source, K8sIoClientGo::SecretInterfaceSource {
+    override string describe() { result = "Kubernetes Secret" }
+  }
+
   /**
    * The first element of a split by ' '  or ':', often sanitizing a username/password pair
    * or the "Method value" syntax used in the HTTP Authorization header.

ql/test/library-tests/semmle/go/frameworks/K8sIoClientGo/SecretInterfaceSource.ql

@@ -0,0 +1,17 @@
+import go
+import TestUtilities.InlineExpectationsTest
+
+class K8sIoApimachineryPkgRuntimeTest extends InlineExpectationsTest {
+  K8sIoApimachineryPkgRuntimeTest() { this = "KsIoClientGoTest" }
+
+  override string getARelevantTag() { result = "KsIoClientGo" }
+
+  override predicate hasActualResult(string file, int line, string element, string tag, string value) {
+    exists(K8sIoClientGo::SecretInterfaceSource source |
+      source.hasLocationInfo(file, line, _, _, _) and
+      element = source.toString() and
+      value = "" and
+      tag = "KsIoClientGo"
+    )
+  }
+}

ql/test/library-tests/semmle/go/frameworks/K8sIoClientGo/go.mod

@@ -0,0 +1,16 @@
+module codeql-go-tests/frameworks/K8sIoClientGo
+
+go 1.14
+
+require (
+	github.com/github/depstubber v0.0.0-20201022140002-ee3b8f2acc53 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	golang.org/x/crypto v0.0.0-20201208171446-5f87f3452ae9 // indirect
+	golang.org/x/net v0.0.0-20201207224615-747e23833adb // indirect
+	golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5 // indirect
+	golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 // indirect
+	k8s.io/client-go v0.19.0
+	k8s.io/utils v0.0.0-20201110183641-67b214c5f920 // indirect
+)
+
+replace k8s.io/apimachinery => k8s.io/apimachinery v0.19.0

ql/test/library-tests/semmle/go/frameworks/K8sIoClientGo/main.go

@@ -0,0 +1,83 @@
+package main
+
+import (
+	context "context"
+
+	"k8s.io/client-go/kubernetes/typed/core/v1"
+)
+
+//go:generate depstubber -vendor k8s.io/client-go/kubernetes/typed/core/v1 SecretInterface
+
+func main() {
+	var s mySecretInterface
+	var t core.SecretInterface
+	var ctx context.Context
+	var secret interface{}
+	var opts interface{}
+	var listOpts interface{}
+	var name string
+	var pt interface{}
+	var data []byte
+
+	use(s.Create(ctx, secret, opts))
+	use(t.Create(ctx, secret, opts))
+	use(s.Update(ctx, secret, opts))
+	use(t.Update(ctx, secret, opts))
+	use(s.Delete(ctx, name, opts))
+	use(t.Delete(ctx, name, opts))
+	use(s.DeleteCollection(ctx, opts, listOpts))
+	use(t.DeleteCollection(ctx, opts, listOpts))
+	use(s.Get(ctx, name, opts)) // $KsIoClientGo
+	use(t.Get(ctx, name, opts)) // $KsIoClientGo
+	use(s.List(ctx, opts))      // $KsIoClientGo
+	use(t.List(ctx, opts))      // $KsIoClientGo
+	use(s.Watch(ctx, opts))
+	use(t.Watch(ctx, opts))
+	use(s.Patch(ctx, name, pt, data, opts)) // $KsIoClientGo
+	use(t.Patch(ctx, name, pt, data, opts)) // $KsIoClientGo
+}
+
+func use(arg ...interface{}) {}
+
+type mySecretInterface struct {
+}
+
+// func (m mySecretInterface) Create(ctx context.Context, secret *v1.Secret, opts metav1.CreateOptions) (*v1.Secret, error) {
+func (m mySecretInterface) Create(ctx context.Context, secret interface{}, opts interface{}) (interface{}, error) {
+	return nil, nil
+}
+
+// func (m mySecretInterface) Update(ctx context.Context, secret *v1.Secret, opts metav1.UpdateOptions) (*v1.Secret, error) {
+func (m mySecretInterface) Update(ctx context.Context, secret interface{}, opts interface{}) (interface{}, error) {
+	return nil, nil
+}
+
+// func (m mySecretInterface) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
+func (m mySecretInterface) Delete(ctx context.Context, name string, opts interface{}) error {
+	return nil
+}
+
+// func (m mySecretInterface) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
+func (m mySecretInterface) DeleteCollection(ctx context.Context, opts interface{}, listOpts interface{}) error {
+	return nil
+}
+
+// func (m mySecretInterface) Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.Secret, error) {
+func (m mySecretInterface) Get(ctx context.Context, name string, opts interface{}) (interface{}, error) {
+	return nil, nil
+}
+
+// func (m mySecretInterface) List(ctx context.Context, opts metav1.ListOptions) (*v1.SecretList, error) {
+func (m mySecretInterface) List(ctx context.Context, opts interface{}) (interface{}, error) {
+	return nil, nil
+}
+
+// func (m mySecretInterface) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
+func (m mySecretInterface) Watch(ctx context.Context, opts interface{}) (interface{}, error) {
+	return nil, nil
+}
+
+// func (m mySecretInterface) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.Secret, err error) {
+func (m mySecretInterface) Patch(ctx context.Context, name string, pt interface{}, data []byte, opts interface{}, subresources ...string) (result interface{}, err error) {
+	return nil, nil
+}

ql/test/library-tests/semmle/go/frameworks/K8sIoClientGo/vendor/k8s.io/client-go/kubernetes/typed/core/v1/stub.go

@@ -0,0 +1,23 @@
+// Code generated by depstubber. DO NOT EDIT.
+// This is a simple stub for k8s.io/client-go/kubernetes/typed/core/v1, strictly for use in testing.
+
+// See the LICENSE file for information about the licensing of the original library.
+// Source: k8s.io/client-go/kubernetes/typed/core/v1 (exports: SecretInterface; functions: )
+
+// Package core is a stub of k8s.io/client-go/kubernetes/typed/core/v1, generated by depstubber.
+package core
+
+import (
+	context "context"
+)
+
+type SecretInterface interface {
+	Create(_ context.Context, _ interface{}, _ interface{}) (interface{}, error)
+	Delete(_ context.Context, _ string, _ interface{}) error
+	DeleteCollection(_ context.Context, _ interface{}, _ interface{}) error
+	Get(_ context.Context, _ string, _ interface{}) (interface{}, error)
+	List(_ context.Context, _ interface{}) (interface{}, error)
+	Patch(_ context.Context, _ string, _ interface{}, _ []byte, _ interface{}, _ ...string) (interface{}, error)
+	Update(_ context.Context, _ interface{}, _ interface{}) (interface{}, error)
+	Watch(_ context.Context, _ interface{}) (interface{}, error)
+}

ql/test/library-tests/semmle/go/frameworks/K8sIoClientGo/vendor/modules.txt

@@ -0,0 +1,25 @@
+# github.com/github/depstubber v0.0.0-20201022140002-ee3b8f2acc53
+## explicit
+github.com/github/depstubber
+# github.com/google/gofuzz v1.2.0
+## explicit
+github.com/google/gofuzz
+# golang.org/x/crypto v0.0.0-20201208171446-5f87f3452ae9
+## explicit
+golang.org/x/crypto
+# golang.org/x/net v0.0.0-20201207224615-747e23833adb
+## explicit
+golang.org/x/net
+# golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5
+## explicit
+golang.org/x/oauth2
+# golang.org/x/time v0.0.0-20201208040808-7e3f01d25324
+## explicit
+golang.org/x/time
+# k8s.io/client-go v0.19.0
+## explicit
+k8s.io/client-go
+# k8s.io/utils v0.0.0-20201110183641-67b214c5f920
+## explicit
+k8s.io/utils
+# k8s.io/apimachinery => k8s.io/apimachinery v0.19.0