From 90915284ba51788f845ce96d6b63dfee2ad502bc Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Thu, 3 Sep 2020 16:54:55 +0100 Subject: [PATCH] Move getUnderlyingNode into Protobuf.qll This is its only user for now. --- .../semmle/go/dataflow/internal/DataFlowUtil.qll | 10 ---------- ql/src/semmle/go/frameworks/Protobuf.qll | 14 ++++++++++++-- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/ql/src/semmle/go/dataflow/internal/DataFlowUtil.qll b/ql/src/semmle/go/dataflow/internal/DataFlowUtil.qll index 1a293c8f261..81caf563fb1 100644 --- a/ql/src/semmle/go/dataflow/internal/DataFlowUtil.qll +++ b/ql/src/semmle/go/dataflow/internal/DataFlowUtil.qll @@ -600,16 +600,6 @@ class ComponentReadNode extends ReadNode { Node getBase() { result = instructionNode(insn.getBase()) } } -/** - * Gets the data-flow node representing the bottom of a stack of zero or more `ComponentReadNode`s. - * - * For example, in the expression a.b[c].d[e], this would return the dataflow node for the read from `a`. - */ -Node getUnderlyingNode(ReadNode read) { - (result = read or result = read.(ComponentReadNode).getBase+()) and - not result instanceof ComponentReadNode -} - /** * A data-flow node that reads an element of an array, map, slice or string. */ diff --git a/ql/src/semmle/go/frameworks/Protobuf.qll b/ql/src/semmle/go/frameworks/Protobuf.qll index fbbce8e4496..af4ec956ec4 100644 --- a/ql/src/semmle/go/frameworks/Protobuf.qll +++ b/ql/src/semmle/go/frameworks/Protobuf.qll @@ -145,16 +145,26 @@ module Protobuf { exists(Type base | base.getPointerType() instanceof MessageType | result = base.getField(_)) } + /** + * Gets the data-flow node representing the bottom of a stack of zero or more `ComponentReadNode`s. + * + * For example, in the expression a.b[c].d[e], this would return the dataflow node for the read from `a`. + */ + DataFlow::Node getUnderlyingNode(DataFlow::ReadNode read) { + (result = read or result = read.(DataFlow::ComponentReadNode).getBase+()) and + not result instanceof DataFlow::ComponentReadNode + } + /** * Additional taint step tainting a Message when taint is written to any of its fields and/or elements. */ private class WriteMessageFieldStep extends TaintTracking::AdditionalTaintStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { - exists(DataFlow::ReadNode base | succ = DataFlow::getUnderlyingNode(base) | + exists(DataFlow::ReadNode base | succ = getUnderlyingNode(base) | any(DataFlow::Write w).writesField(base, getAMessageField(), pred) ) or - exists(DataFlow::ReadNode base | succ = DataFlow::getUnderlyingNode(base) | + exists(DataFlow::ReadNode base | succ = getUnderlyingNode(base) | any(DataFlow::Write w).writesElement(base, _, pred) and [succ.getType(), succ.getType().getPointerType()] instanceof MessageType )