hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add class for default taint sanitizer guards

Browse Source 
This allows us to specify taint sanitizer guards that apply in
all configurations.
This commit is contained in:
Owen Mansel-Chan
2021-01-18 10:51:59 +00:00
parent 83c26a3594
commit 903ff33b0d
3 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
ql/src/semmle/go/dataflow/internal/TaintTrackingUtil.qll
View File

@@ -187,3 +187,16 @@ abstract class DefaultTaintSanitizer extends DataFlow::Node { }
* but not in local taint.
*/
predicate isDefaultTaintSanitizer(DataFlow::Node node) { node instanceof DefaultTaintSanitizer }
/**
* A sanitizer guard in all global taint flow configurations but not in local taint.
*/
abstract class DefaultTaintSanitizerGuard extends DataFlow::BarrierGuard { }
/**
* Holds if `guard` should be a sanitizer guard in all global taint flow configurations
* but not in local taint.
*/
predicate isDefaultTaintSanitizerGuard(DataFlow::BarrierGuard guard) {
guard instanceof DefaultTaintSanitizerGuard
}

4
ql/src/semmle/go/dataflow/internal/tainttracking1/TaintTrackingImpl.qll
View File

@@ -92,7 +92,9 @@ abstract class Configuration extends DataFlow::Configuration {
/** Holds if taint propagation through nodes guarded by `guard` is prohibited. */
predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }
final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { isSanitizerGuard(guard) }
final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
isSanitizerGuard(guard) or isDefaultTaintSanitizerGuard(guard)
}
/**
* Holds if the additional taint propagation step from `node1` to `node2`

4
ql/src/semmle/go/dataflow/internal/tainttracking2/TaintTrackingImpl.qll
View File

@@ -92,7 +92,9 @@ abstract class Configuration extends DataFlow::Configuration {
/** Holds if taint propagation through nodes guarded by `guard` is prohibited. */
predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { none() }
final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) { isSanitizerGuard(guard) }
final override predicate isBarrierGuard(DataFlow::BarrierGuard guard) {
isSanitizerGuard(guard) or isDefaultTaintSanitizerGuard(guard)
}
/**
* Holds if the additional taint propagation step from `node1` to `node2`