hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move getUnderlyingNode into Protobuf.qll

Browse Source 
This is its only user for now.
This commit is contained in:
Chris Smowton
2020-09-03 16:54:55 +01:00
parent 59f9c6073d
commit 90915284ba
2 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ql/src/semmle/go/dataflow/internal/DataFlowUtil.qll
View File

@@ -600,16 +600,6 @@ class ComponentReadNode extends ReadNode {
Node getBase() { result = instructionNode(insn.getBase()) }
}
/**
* Gets the data-flow node representing the bottom of a stack of zero or more `ComponentReadNode`s.
*
* For example, in the expression a.b[c].d[e], this would return the dataflow node for the read from `a`.
*/
Node getUnderlyingNode(ReadNode read) {
(result = read or result = read.(ComponentReadNode).getBase+()) and
not result instanceof ComponentReadNode
}
/**
* A data-flow node that reads an element of an array, map, slice or string.
*/

14
ql/src/semmle/go/frameworks/Protobuf.qll
View File

@@ -145,16 +145,26 @@ module Protobuf {
exists(Type base | base.getPointerType() instanceof MessageType | result = base.getField(_))
}
/**
* Gets the data-flow node representing the bottom of a stack of zero or more `ComponentReadNode`s.
*
* For example, in the expression a.b[c].d[e], this would return the dataflow node for the read from `a`.
*/
DataFlow::Node getUnderlyingNode(DataFlow::ReadNode read) {
(result = read or result = read.(DataFlow::ComponentReadNode).getBase+()) and
not result instanceof DataFlow::ComponentReadNode
}
/**
* Additional taint step tainting a Message when taint is written to any of its fields and/or elements.
*/
private class WriteMessageFieldStep extends TaintTracking::AdditionalTaintStep {
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
exists(DataFlow::ReadNode base | succ = DataFlow::getUnderlyingNode(base) |
exists(DataFlow::ReadNode base | succ = getUnderlyingNode(base) |
any(DataFlow::Write w).writesField(base, getAMessageField(), pred)
)
or
exists(DataFlow::ReadNode base | succ = DataFlow::getUnderlyingNode(base) |
exists(DataFlow::ReadNode base | succ = getUnderlyingNode(base) |
any(DataFlow::Write w).writesElement(base, _, pred) and
[succ.getType(), succ.getType().getPointerType()] instanceof MessageType
)