hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 14:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'standard-lib-pt-15' into from-331-to-337

Browse Source
This commit is contained in:
Slavomir
2020-09-20 18:25:29 +02:00
parent 17868dd6b1 ad53583b5e
commit a7dba54001
12 changed files with 2441 additions and 228 deletions
Download Patch File Download Diff File Expand all files Collapse all files

228
ql/src/semmle/go/frameworks/HTTP.qll
View File

@@ -4,234 +4,6 @@
import go
private module StdlibHttp {
/** An access to an HTTP request field whose value may be controlled by an untrusted user. */
private class UserControlledRequestField extends UntrustedFlowSource::Range,
DataFlow::FieldReadNode {
UserControlledRequestField() {
exists(string fieldName | this.getField().hasQualifiedName("net/http", "Request", fieldName) |
fieldName = "Body" or
fieldName = "GetBody" or
fieldName = "Form" or
fieldName = "PostForm" or
fieldName = "MultipartForm" or
fieldName = "Header" or
fieldName = "Trailer" or
fieldName = "URL"
)
}
}
private class UserControlledRequestMethod extends UntrustedFlowSource::Range,
DataFlow::MethodCallNode {
UserControlledRequestMethod() {
exists(string methName | this.getTarget().hasQualifiedName("net/http", "Request", methName) |
methName = "Cookie" or
methName = "Cookies" or
methName = "FormFile" or
methName = "FormValue" or
methName = "MultipartReader" or
methName = "PostFormValue" or
methName = "Referer" or
methName = "UserAgent"
)
}
}
private class HeaderGet extends TaintTracking::FunctionModel, Method {
HeaderGet() { this.hasQualifiedName("net/http", "Header", "Get") }
override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
inp.isReceiver() and outp.isResult()
}
}
private class HeaderValues extends TaintTracking::FunctionModel, Method {
HeaderValues() { this.hasQualifiedName("net/http", "Header", "Values") }
override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
inp.isReceiver() and outp.isResult()
}
}
/** The declaration of a variable which either is or has a field that implements the http.ResponseWriter type */
private class StdlibResponseWriter extends HTTP::ResponseWriter::Range {
SsaWithFields v;
StdlibResponseWriter() {
this = v.getBaseVariable().getSourceVariable() and
exists(Type t | t.implements("net/http", "ResponseWriter") | v.getType() = t)
}
override DataFlow::Node getANode() { result = v.similar().getAUse().getASuccessor*() }
/** Gets a header object that corresponds to this HTTP response. */
DataFlow::MethodCallNode getAHeaderObject() {
result.getTarget().getName() = "Header" and
this.getANode() = result.getReceiver()
}
}
private class HeaderWriteCall extends HTTP::HeaderWrite::Range, DataFlow::MethodCallNode {
HeaderWriteCall() {
this.getTarget().hasQualifiedName("net/http", "Header", "Add") or
this.getTarget().hasQualifiedName("net/http", "Header", "Set")
}
override DataFlow::Node getName() { result = this.getArgument(0) }
override DataFlow::Node getValue() { result = this.getArgument(1) }
override HTTP::ResponseWriter getResponseWriter() {
// find `v` in
// ```
// header := v.Header()
// header.Add(...)
// ```
result.(StdlibResponseWriter).getAHeaderObject().getASuccessor*() = this.getReceiver()
}
}
private class MapWrite extends HTTP::HeaderWrite::Range, DataFlow::Node {
Write write;
DataFlow::Node index;
DataFlow::Node rhs;
MapWrite() {
this.getType().hasQualifiedName("net/http", "Header") and
write.writesElement(this, index, rhs)
}
override DataFlow::Node getName() { result = index }
override DataFlow::Node getValue() { result = rhs }
override HTTP::ResponseWriter getResponseWriter() {
// find `v` in
// ```
// header := v.Header()
// header[...] = ...
// ```
result.(StdlibResponseWriter).getAHeaderObject().getASuccessor*() = this
}
}
private class ResponseWriteHeaderCall extends HTTP::HeaderWrite::Range, DataFlow::MethodCallNode {
ResponseWriteHeaderCall() {
this.getTarget().implements("net/http", "ResponseWriter", "WriteHeader")
}
override string getHeaderName() { result = "status" }
override predicate definesHeader(string header, string value) {
header = "status" and value = this.getValue().getIntValue().toString()
}
override DataFlow::Node getName() { none() }
override DataFlow::Node getValue() { result = this.getArgument(0) }
override HTTP::ResponseWriter getResponseWriter() { result.getANode() = this.getReceiver() }
}
private class RequestBody extends HTTP::RequestBody::Range, DataFlow::ExprNode {
RequestBody() {
exists(Function newRequest |
newRequest.hasQualifiedName("net/http", "NewRequest") and
this = newRequest.getACall().getArgument(2)
)
or
exists(Field body, Type request |
request.hasQualifiedName("net/http", "Request") and
body = request.getField("Body") and
this = body.getAWrite().getRhs()
)
}
}
private class ResponseBody extends HTTP::ResponseBody::Range, DataFlow::ArgumentNode {
int arg;
ResponseBody() {
exists(DataFlow::CallNode call |
call.getTarget().(Method).implements("net/http", "ResponseWriter", "Write") and
arg = 0
or
(
call.getTarget().hasQualifiedName("fmt", "Fprintf")
or
call.getTarget().hasQualifiedName("io", "WriteString")
) and
call.getArgument(0).getType().hasQualifiedName("net/http", "ResponseWriter") and
arg >= 1
|
this = call.getArgument(arg)
)
}
override HTTP::ResponseWriter getResponseWriter() {
// the response writer is the receiver of this call
result.getANode() = this.getCall().(DataFlow::MethodCallNode).getReceiver()
or
// the response writer is an argument to Fprintf or WriteString
arg >= 1 and
result.getANode() = this.getCall().getArgument(0)
}
}
private class RedirectCall extends HTTP::Redirect::Range, DataFlow::CallNode {
RedirectCall() { this.getTarget().hasQualifiedName("net/http", "Redirect") }
override DataFlow::Node getUrl() { result = this.getArgument(2) }
override HTTP::ResponseWriter getResponseWriter() { result.getANode() = this.getArgument(0) }
}
/** A call to a function in the `net/http` package that performs an HTTP request to a URL. */
private class RequestCall extends HTTP::ClientRequest::Range, DataFlow::CallNode {
RequestCall() {
exists(string functionName |
(
this.getTarget().hasQualifiedName("net/http", functionName)
or
this.getTarget().(Method).hasQualifiedName("net/http", "Client", functionName)
) and
(functionName = "Get" or functionName = "Post" or functionName = "PostForm")
)
}
/** Gets the URL of the request. */
override DataFlow::Node getUrl() { result = this.getArgument(0) }
}
/** A call to the Client.Do function in the `net/http` package. */
private class ClientDo extends HTTP::ClientRequest::Range, DataFlow::MethodCallNode {
ClientDo() { this.getTarget().hasQualifiedName("net/http", "Client", "Do") }
override DataFlow::Node getUrl() {
// A URL passed to `NewRequest`, whose result is passed to this `Do` call
exists(DataFlow::CallNode call | call.getTarget().hasQualifiedName("net/http", "NewRequest") |
this.getArgument(0) = call.getResult(0).getASuccessor*() and
result = call.getArgument(1)
)
or
// A URL passed to `NewRequestWithContext`, whose result is passed to this `Do` call
exists(DataFlow::CallNode call |
call.getTarget().hasQualifiedName("net/http", "NewRequestWithContext")
|
this.getArgument(0) = call.getResult(0).getASuccessor*() and
result = call.getArgument(2)
)
or
// A URL assigned to a request that is passed to this `Do` call
exists(Write w, Field f |
f.hasQualifiedName("net/http", "Request", "URL") and
w.writesField(this.getArgument(0).getAPredecessor*(), f, result)
)
}
}
}
/**
* Provides models of the go-restful library (https://github.com/emicklei/go-restful).
*/

5
ql/src/semmle/go/frameworks/Stdlib.qll
View File

@@ -31,6 +31,11 @@ import semmle.go.frameworks.stdlib.Html
import semmle.go.frameworks.stdlib.HtmlTemplate
import semmle.go.frameworks.stdlib.Context
import semmle.go.frameworks.stdlib.Os
import semmle.go.frameworks.stdlib.Net
import semmle.go.frameworks.stdlib.NetHttp
import semmle.go.frameworks.stdlib.NetHttpHttputil
import semmle.go.frameworks.stdlib.NetMail
import semmle.go.frameworks.stdlib.NetTextproto
import semmle.go.frameworks.stdlib.Path
import semmle.go.frameworks.stdlib.PathFilepath
import semmle.go.frameworks.stdlib.Reflect

230
ql/src/semmle/go/frameworks/stdlib/Net.qll Normal file
View File

@@ -0,0 +1,230 @@
/**
* Provides classes modeling security-relevant aspects of the `net` package.
*/
import go
/** Provides models of commonly used functions in the `net` package. */
module Net {
private class FunctionModels extends TaintTracking::FunctionModel {
FunctionInput inp;
FunctionOutput outp;
FunctionModels() {
// signature: func FileConn(f *os.File) (c Conn, err error)
hasQualifiedName("net", "FileConn") and
(
inp.isParameter(0) and outp.isResult(0)
or
inp.isResult(0) and outp.isParameter(0)
)
or
// signature: func FilePacketConn(f *os.File) (c PacketConn, err error)
hasQualifiedName("net", "FilePacketConn") and
(
inp.isParameter(0) and outp.isResult(0)
or
inp.isResult(0) and outp.isParameter(0)
)
or
// signature: func JoinHostPort(host string, port string) string
hasQualifiedName("net", "JoinHostPort") and
(inp.isParameter(_) and outp.isResult())
or
// signature: func Pipe() (Conn, Conn)
hasQualifiedName("net", "Pipe") and
(
inp.isResult(0) and outp.isResult(1)
or
inp.isResult(1) and outp.isResult(0)
)
or
// signature: func SplitHostPort(hostport string) (host string, port string, err error)
hasQualifiedName("net", "SplitHostPort") and
(inp.isParameter(0) and outp.isResult([0, 1]))
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
private class MethodModels extends TaintTracking::FunctionModel, Method {
FunctionInput inp;
FunctionOutput outp;
MethodModels() {
// signature: func (*Buffers).Read(p []byte) (n int, err error)
this.hasQualifiedName("net", "Buffers", "Read") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*Buffers).WriteTo(w io.Writer) (n int64, err error)
this.hasQualifiedName("net", "Buffers", "WriteTo") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*IPConn).ReadFrom(b []byte) (int, Addr, error)
this.hasQualifiedName("net", "IPConn", "ReadFrom") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*IPConn).ReadFromIP(b []byte) (int, *IPAddr, error)
this.hasQualifiedName("net", "IPConn", "ReadFromIP") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*IPConn).ReadMsgIP(b []byte, oob []byte) (n int, oobn int, flags int, addr *IPAddr, err error)
this.hasQualifiedName("net", "IPConn", "ReadMsgIP") and
(inp.isReceiver() and outp.isParameter(_))
or
// signature: func (*IPConn).SyscallConn() (syscall.RawConn, error)
this.hasQualifiedName("net", "IPConn", "SyscallConn") and
(
inp.isReceiver() and outp.isResult(0)
or
inp.isResult(0) and outp.isReceiver()
)
or
// signature: func (*IPConn).WriteMsgIP(b []byte, oob []byte, addr *IPAddr) (n int, oobn int, err error)
this.hasQualifiedName("net", "IPConn", "WriteMsgIP") and
(inp.isParameter([0, 1]) and outp.isReceiver())
or
// signature: func (*IPConn).WriteTo(b []byte, addr Addr) (int, error)
this.hasQualifiedName("net", "IPConn", "WriteTo") and
(inp.isParameter(0) and outp.isReceiver())
or
// signature: func (*IPConn).WriteToIP(b []byte, addr *IPAddr) (int, error)
this.hasQualifiedName("net", "IPConn", "WriteToIP") and
(inp.isParameter(0) and outp.isReceiver())
or
// signature: func (*TCPConn).ReadFrom(r io.Reader) (int64, error)
this.hasQualifiedName("net", "TCPConn", "ReadFrom") and
(inp.isParameter(0) and outp.isReceiver())
or
// signature: func (*TCPConn).SyscallConn() (syscall.RawConn, error)
this.hasQualifiedName("net", "TCPConn", "SyscallConn") and
(
inp.isReceiver() and outp.isResult(0)
or
inp.isResult(0) and outp.isReceiver()
)
or
// signature: func (*TCPListener).File() (f *os.File, err error)
this.hasQualifiedName("net", "TCPListener", "File") and
(
inp.isReceiver() and outp.isResult(0)
or
inp.isResult(0) and outp.isReceiver()
)
or
// signature: func (*TCPListener).SyscallConn() (syscall.RawConn, error)
this.hasQualifiedName("net", "TCPListener", "SyscallConn") and
(
inp.isReceiver() and outp.isResult(0)
or
inp.isResult(0) and outp.isReceiver()
)
or
// signature: func (*UDPConn).ReadFrom(b []byte) (int, Addr, error)
this.hasQualifiedName("net", "UDPConn", "ReadFrom") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*UDPConn).ReadFromUDP(b []byte) (int, *UDPAddr, error)
this.hasQualifiedName("net", "UDPConn", "ReadFromUDP") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*UDPConn).ReadMsgUDP(b []byte, oob []byte) (n int, oobn int, flags int, addr *UDPAddr, err error)
this.hasQualifiedName("net", "UDPConn", "ReadMsgUDP") and
(inp.isReceiver() and outp.isParameter(_))
or
// signature: func (*UDPConn).SyscallConn() (syscall.RawConn, error)
this.hasQualifiedName("net", "UDPConn", "SyscallConn") and
(
inp.isReceiver() and outp.isResult(0)
or
inp.isResult(0) and outp.isReceiver()
)
or
// signature: func (*UDPConn).WriteMsgUDP(b []byte, oob []byte, addr *UDPAddr) (n int, oobn int, err error)
this.hasQualifiedName("net", "UDPConn", "WriteMsgUDP") and
(inp.isParameter([0, 1]) and outp.isReceiver())
or
// signature: func (*UDPConn).WriteTo(b []byte, addr Addr) (int, error)
this.hasQualifiedName("net", "UDPConn", "WriteTo") and
(inp.isParameter(0) and outp.isReceiver())
or
// signature: func (*UDPConn).WriteToUDP(b []byte, addr *UDPAddr) (int, error)
this.hasQualifiedName("net", "UDPConn", "WriteToUDP") and
(inp.isParameter(0) and outp.isReceiver())
or
// signature: func (*UnixConn).ReadFrom(b []byte) (int, Addr, error)
this.hasQualifiedName("net", "UnixConn", "ReadFrom") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*UnixConn).ReadFromUnix(b []byte) (int, *UnixAddr, error)
this.hasQualifiedName("net", "UnixConn", "ReadFromUnix") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*UnixConn).ReadMsgUnix(b []byte, oob []byte) (n int, oobn int, flags int, addr *UnixAddr, err error)
this.hasQualifiedName("net", "UnixConn", "ReadMsgUnix") and
(inp.isReceiver() and outp.isParameter(_))
or
// signature: func (*UnixConn).SyscallConn() (syscall.RawConn, error)
this.hasQualifiedName("net", "UnixConn", "SyscallConn") and
(
inp.isReceiver() and outp.isResult(0)
or
inp.isResult(0) and outp.isReceiver()
)
or
// signature: func (*UnixConn).WriteMsgUnix(b []byte, oob []byte, addr *UnixAddr) (n int, oobn int, err error)
this.hasQualifiedName("net", "UnixConn", "WriteMsgUnix") and
(inp.isParameter([0, 1]) and outp.isReceiver())
or
// signature: func (*UnixConn).WriteTo(b []byte, addr Addr) (int, error)
this.hasQualifiedName("net", "UnixConn", "WriteTo") and
(inp.isParameter(0) and outp.isReceiver())
or
// signature: func (*UnixConn).WriteToUnix(b []byte, addr *UnixAddr) (int, error)
this.hasQualifiedName("net", "UnixConn", "WriteToUnix") and
(inp.isParameter(0) and outp.isReceiver())
or
// signature: func (*UnixListener).File() (f *os.File, err error)
this.hasQualifiedName("net", "UnixListener", "File") and
(
inp.isReceiver() and outp.isResult(0)
or
inp.isResult(0) and outp.isReceiver()
)
or
// signature: func (*UnixListener).SyscallConn() (syscall.RawConn, error)
this.hasQualifiedName("net", "UnixListener", "SyscallConn") and
(
inp.isReceiver() and outp.isResult(0)
or
inp.isResult(0) and outp.isReceiver()
)
or
// signature: func (Conn).Read(b []byte) (n int, err error)
this.implements("net", "Conn", "Read") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (PacketConn).ReadFrom(p []byte) (n int, addr Addr, err error)
this.implements("net", "PacketConn", "ReadFrom") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (Addr).String() string
this.implements("net", "Addr", "String") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (Conn).Write(b []byte) (n int, err error)
this.implements("net", "Conn", "Write") and
(inp.isParameter(0) and outp.isReceiver())
or
// signature: func (PacketConn).WriteTo(p []byte, addr Addr) (n int, err error)
this.implements("net", "PacketConn", "WriteTo") and
(inp.isParameter(0) and outp.isReceiver())
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
}

324
ql/src/semmle/go/frameworks/stdlib/NetHttp.qll Normal file
View File

@@ -0,0 +1,324 @@
/**
* Provides classes modeling security-relevant aspects of the `net/http` package.
*/
import go
/** Provides models of commonly used functions in the `net/http` package. */
module NetHttp {
/** An access to an HTTP request field whose value may be controlled by an untrusted user. */
private class UserControlledRequestField extends UntrustedFlowSource::Range,
DataFlow::FieldReadNode {
UserControlledRequestField() {
exists(string fieldName | this.getField().hasQualifiedName("net/http", "Request", fieldName) |
fieldName = "Body" or
fieldName = "GetBody" or
fieldName = "Form" or
fieldName = "PostForm" or
fieldName = "MultipartForm" or
fieldName = "Header" or
fieldName = "Trailer" or
fieldName = "URL"
)
}
}
private class UserControlledRequestMethod extends UntrustedFlowSource::Range,
DataFlow::MethodCallNode {
UserControlledRequestMethod() {
exists(string methName | this.getTarget().hasQualifiedName("net/http", "Request", methName) |
methName = "Cookie" or
methName = "Cookies" or
methName = "FormFile" or
methName = "FormValue" or
methName = "MultipartReader" or
methName = "PostFormValue" or
methName = "Referer" or
methName = "UserAgent"
)
}
}
/** The declaration of a variable which either is or has a field that implements the http.ResponseWriter type */
private class StdlibResponseWriter extends HTTP::ResponseWriter::Range {
SsaWithFields v;
StdlibResponseWriter() {
this = v.getBaseVariable().getSourceVariable() and
exists(Type t | t.implements("net/http", "ResponseWriter") | v.getType() = t)
}
override DataFlow::Node getANode() { result = v.similar().getAUse().getASuccessor*() }
/** Gets a header object that corresponds to this HTTP response. */
DataFlow::MethodCallNode getAHeaderObject() {
result.getTarget().getName() = "Header" and
this.getANode() = result.getReceiver()
}
}
private class HeaderWriteCall extends HTTP::HeaderWrite::Range, DataFlow::MethodCallNode {
HeaderWriteCall() {
this.getTarget().hasQualifiedName("net/http", "Header", "Add") or
this.getTarget().hasQualifiedName("net/http", "Header", "Set")
}
override DataFlow::Node getName() { result = this.getArgument(0) }
override DataFlow::Node getValue() { result = this.getArgument(1) }
override HTTP::ResponseWriter getResponseWriter() {
// find `v` in
// ```
// header := v.Header()
// header.Add(...)
// ```
result.(StdlibResponseWriter).getAHeaderObject().getASuccessor*() = this.getReceiver()
}
}
private class MapWrite extends HTTP::HeaderWrite::Range, DataFlow::Node {
Write write;
DataFlow::Node index;
DataFlow::Node rhs;
MapWrite() {
this.getType().hasQualifiedName("net/http", "Header") and
write.writesElement(this, index, rhs)
}
override DataFlow::Node getName() { result = index }
override DataFlow::Node getValue() { result = rhs }
override HTTP::ResponseWriter getResponseWriter() {
// find `v` in
// ```
// header := v.Header()
// header[...] = ...
// ```
result.(StdlibResponseWriter).getAHeaderObject().getASuccessor*() = this
}
}
private class ResponseWriteHeaderCall extends HTTP::HeaderWrite::Range, DataFlow::MethodCallNode {
ResponseWriteHeaderCall() {
this.getTarget().implements("net/http", "ResponseWriter", "WriteHeader")
}
override string getHeaderName() { result = "status" }
override predicate definesHeader(string header, string value) {
header = "status" and value = this.getValue().getIntValue().toString()
}
override DataFlow::Node getName() { none() }
override DataFlow::Node getValue() { result = this.getArgument(0) }
override HTTP::ResponseWriter getResponseWriter() { result.getANode() = this.getReceiver() }
}
private class RequestBody extends HTTP::RequestBody::Range, DataFlow::ExprNode {
RequestBody() {
exists(Function newRequest |
newRequest.hasQualifiedName("net/http", "NewRequest") and
this = newRequest.getACall().getArgument(2)
)
or
exists(Field body, Type request |
request.hasQualifiedName("net/http", "Request") and
body = request.getField("Body") and
this = body.getAWrite().getRhs()
)
}
}
private class ResponseBody extends HTTP::ResponseBody::Range, DataFlow::ArgumentNode {
int arg;
ResponseBody() {
exists(DataFlow::CallNode call |
call.getTarget().(Method).implements("net/http", "ResponseWriter", "Write") and
arg = 0
or
(
call.getTarget().hasQualifiedName("fmt", "Fprintf")
or
call.getTarget().hasQualifiedName("io", "WriteString")
) and
call.getArgument(0).getType().hasQualifiedName("net/http", "ResponseWriter") and
arg >= 1
|
this = call.getArgument(arg)
)
}
override HTTP::ResponseWriter getResponseWriter() {
// the response writer is the receiver of this call
result.getANode() = this.getCall().(DataFlow::MethodCallNode).getReceiver()
or
// the response writer is an argument to Fprintf or WriteString
arg >= 1 and
result.getANode() = this.getCall().getArgument(0)
}
}
private class RedirectCall extends HTTP::Redirect::Range, DataFlow::CallNode {
RedirectCall() { this.getTarget().hasQualifiedName("net/http", "Redirect") }
override DataFlow::Node getUrl() { result = this.getArgument(2) }
override HTTP::ResponseWriter getResponseWriter() { result.getANode() = this.getArgument(0) }
}
/** A call to a function in the `net/http` package that performs an HTTP request to a URL. */
private class RequestCall extends HTTP::ClientRequest::Range, DataFlow::CallNode {
RequestCall() {
exists(string functionName |
(
this.getTarget().hasQualifiedName("net/http", functionName)
or
this.getTarget().(Method).hasQualifiedName("net/http", "Client", functionName)
) and
(functionName = "Get" or functionName = "Post" or functionName = "PostForm")
)
}
/** Gets the URL of the request. */
override DataFlow::Node getUrl() { result = this.getArgument(0) }
}
/** A call to the Client.Do function in the `net/http` package. */
private class ClientDo extends HTTP::ClientRequest::Range, DataFlow::MethodCallNode {
ClientDo() { this.getTarget().hasQualifiedName("net/http", "Client", "Do") }
override DataFlow::Node getUrl() {
// A URL passed to `NewRequest`, whose result is passed to this `Do` call
exists(DataFlow::CallNode call | call.getTarget().hasQualifiedName("net/http", "NewRequest") |
this.getArgument(0) = call.getResult(0).getASuccessor*() and
result = call.getArgument(1)
)
or
// A URL passed to `NewRequestWithContext`, whose result is passed to this `Do` call
exists(DataFlow::CallNode call |
call.getTarget().hasQualifiedName("net/http", "NewRequestWithContext")
|
this.getArgument(0) = call.getResult(0).getASuccessor*() and
result = call.getArgument(2)
)
or
// A URL assigned to a request that is passed to this `Do` call
exists(Write w, Field f |
f.hasQualifiedName("net/http", "Request", "URL") and
w.writesField(this.getArgument(0).getAPredecessor*(), f, result)
)
}
}
private class FunctionModels extends TaintTracking::FunctionModel {
FunctionInput inp;
FunctionOutput outp;
FunctionModels() {
// signature: func CanonicalHeaderKey(s string) string
hasQualifiedName("net/http", "CanonicalHeaderKey") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func Error(w ResponseWriter, error string, code int)
hasQualifiedName("net/http", "Error") and
(inp.isParameter(1) and outp.isParameter(0))
or
// signature: func MaxBytesReader(w ResponseWriter, r io.ReadCloser, n int64) io.ReadCloser
hasQualifiedName("net/http", "MaxBytesReader") and
(inp.isParameter(1) and outp.isResult())
or
// signature: func ReadRequest(b *bufio.Reader) (*Request, error)
hasQualifiedName("net/http", "ReadRequest") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func ReadResponse(r *bufio.Reader, req *Request) (*Response, error)
hasQualifiedName("net/http", "ReadResponse") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func SetCookie(w ResponseWriter, cookie *Cookie)
hasQualifiedName("net/http", "SetCookie") and
(inp.isParameter(1) and outp.isParameter(0))
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
private class MethodModels extends TaintTracking::FunctionModel, Method {
FunctionInput inp;
FunctionOutput outp;
MethodModels() {
// signature: func (Header).Add(key string, value string)
this.hasQualifiedName("net/http", "Header", "Add") and
(inp.isParameter(_) and outp.isReceiver())
or
// signature: func (Header).Clone() Header
this.hasQualifiedName("net/http", "Header", "Clone") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (Header).Get(key string) string
this.hasQualifiedName("net/http", "Header", "Get") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (Header).Set(key string, value string)
this.hasQualifiedName("net/http", "Header", "Set") and
(inp.isParameter(_) and outp.isReceiver())
or
// signature: func (Header).Values(key string) []string
this.hasQualifiedName("net/http", "Header", "Values") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (Header).Write(w io.Writer) error
this.hasQualifiedName("net/http", "Header", "Write") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (Header).WriteSubset(w io.Writer, exclude map[string]bool) error
this.hasQualifiedName("net/http", "Header", "WriteSubset") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*Request).AddCookie(c *Cookie)
this.hasQualifiedName("net/http", "Request", "AddCookie") and
(inp.isParameter(0) and outp.isReceiver())
or
// signature: func (*Request).Clone(ctx context.Context) *Request
this.hasQualifiedName("net/http", "Request", "Clone") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (*Request).Write(w io.Writer) error
this.hasQualifiedName("net/http", "Request", "Write") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*Request).WriteProxy(w io.Writer) error
this.hasQualifiedName("net/http", "Request", "WriteProxy") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*Response).Write(w io.Writer) error
this.hasQualifiedName("net/http", "Response", "Write") and
(inp.isReceiver() and outp.isParameter(0))
or
// signature: func (*Transport).Clone() *Transport
this.hasQualifiedName("net/http", "Transport", "Clone") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (Hijacker).Hijack() (net.Conn, *bufio.ReadWriter, error)
this.implements("net/http", "Hijacker", "Hijack") and
(inp.isReceiver() and outp.isResult([0, 1]))
or
// signature: func (ResponseWriter).Write([]byte) (int, error)
this.implements("net/http", "ResponseWriter", "Write") and
(inp.isParameter(0) and outp.isReceiver())
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
}

90
ql/src/semmle/go/frameworks/stdlib/NetHttpHttputil.qll Normal file
View File

@@ -0,0 +1,90 @@
/**
* Provides classes modeling security-relevant aspects of the `net/http/httputil` package.
*/
import go
/** Provides models of commonly used functions in the `net/http/httputil` package. */
module NetHttpHttputil {
private class FunctionModels extends TaintTracking::FunctionModel {
FunctionInput inp;
FunctionOutput outp;
FunctionModels() {
// signature: func DumpRequest(req *net/http.Request, body bool) ([]byte, error)
hasQualifiedName("net/http/httputil", "DumpRequest") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func DumpRequestOut(req *net/http.Request, body bool) ([]byte, error)
hasQualifiedName("net/http/httputil", "DumpRequestOut") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func DumpResponse(resp *net/http.Response, body bool) ([]byte, error)
hasQualifiedName("net/http/httputil", "DumpResponse") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func NewChunkedReader(r io.Reader) io.Reader
hasQualifiedName("net/http/httputil", "NewChunkedReader") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func NewChunkedWriter(w io.Writer) io.WriteCloser
hasQualifiedName("net/http/httputil", "NewChunkedWriter") and
(inp.isResult() and outp.isParameter(0))
or
// signature: func NewClientConn(c net.Conn, r *bufio.Reader) *ClientConn
hasQualifiedName("net/http/httputil", "NewClientConn") and
(
inp.isParameter(_) and outp.isResult()
or
inp.isResult() and outp.isParameter(0)
)
or
// signature: func NewProxyClientConn(c net.Conn, r *bufio.Reader) *ClientConn
hasQualifiedName("net/http/httputil", "NewProxyClientConn") and
(
inp.isParameter(_) and outp.isResult()
or
inp.isResult() and outp.isParameter(0)
)
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
private class MethodModels extends TaintTracking::FunctionModel, Method {
FunctionInput inp;
FunctionOutput outp;
MethodModels() {
// signature: func (*ClientConn).Hijack() (c net.Conn, r *bufio.Reader)
this.hasQualifiedName("net/http/httputil", "ClientConn", "Hijack") and
(
inp.isReceiver() and outp.isResult(_)
or
inp.isResult(0) and outp.isReceiver()
)
or
// signature: func (*ServerConn).Hijack() (net.Conn, *bufio.Reader)
this.hasQualifiedName("net/http/httputil", "ServerConn", "Hijack") and
(
inp.isReceiver() and outp.isResult(_)
or
inp.isResult(0) and outp.isReceiver()
)
or
// signature: func (BufferPool).Get() []byte
this.implements("net/http/httputil", "BufferPool", "Get") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (BufferPool).Put([]byte)
this.implements("net/http/httputil", "BufferPool", "Put") and
(inp.isParameter(0) and outp.isReceiver())
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
}

54
ql/src/semmle/go/frameworks/stdlib/NetMail.qll Normal file
View File

@@ -0,0 +1,54 @@
/**
* Provides classes modeling security-relevant aspects of the `net/mail` package.
*/
import go
/** Provides models of commonly used functions in the `net/mail` package. */
module NetMail {
private class FunctionModels extends TaintTracking::FunctionModel {
FunctionInput inp;
FunctionOutput outp;
FunctionModels() {
// signature: func ParseAddress(address string) (*Address, error)
hasQualifiedName("net/mail", "ParseAddress") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func ParseAddressList(list string) ([]*Address, error)
hasQualifiedName("net/mail", "ParseAddressList") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func ReadMessage(r io.Reader) (msg *Message, err error)
hasQualifiedName("net/mail", "ReadMessage") and
(inp.isParameter(0) and outp.isResult(0))
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
private class MethodModels extends TaintTracking::FunctionModel, Method {
FunctionInput inp;
FunctionOutput outp;
MethodModels() {
// signature: func (*AddressParser).Parse(address string) (*Address, error)
this.hasQualifiedName("net/mail", "AddressParser", "Parse") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func (*AddressParser).ParseList(list string) ([]*Address, error)
this.hasQualifiedName("net/mail", "AddressParser", "ParseList") and
(inp.isParameter(0) and outp.isResult(0))
or
// signature: func (Header).Get(key string) string
this.hasQualifiedName("net/mail", "Header", "Get") and
(inp.isReceiver() and outp.isResult())
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
}

122
ql/src/semmle/go/frameworks/stdlib/NetTextproto.qll Normal file
View File

@@ -0,0 +1,122 @@
/**
* Provides classes modeling security-relevant aspects of the `net/textproto` package.
*/
import go
/** Provides models of commonly used functions in the `net/textproto` package. */
module NetTextproto {
private class FunctionModels extends TaintTracking::FunctionModel {
FunctionInput inp;
FunctionOutput outp;
FunctionModels() {
// signature: func CanonicalMIMEHeaderKey(s string) string
hasQualifiedName("net/textproto", "CanonicalMIMEHeaderKey") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func NewConn(conn io.ReadWriteCloser) *Conn
hasQualifiedName("net/textproto", "NewConn") and
(
inp.isParameter(0) and outp.isResult()
or
inp.isResult() and outp.isParameter(0)
)
or
// signature: func NewReader(r *bufio.Reader) *Reader
hasQualifiedName("net/textproto", "NewReader") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func NewWriter(w *bufio.Writer) *Writer
hasQualifiedName("net/textproto", "NewWriter") and
(inp.isResult() and outp.isParameter(0))
or
// signature: func TrimBytes(b []byte) []byte
hasQualifiedName("net/textproto", "TrimBytes") and
(inp.isParameter(0) and outp.isResult())
or
// signature: func TrimString(s string) string
hasQualifiedName("net/textproto", "TrimString") and
(inp.isParameter(0) and outp.isResult())
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
private class MethodModels extends TaintTracking::FunctionModel, Method {
FunctionInput inp;
FunctionOutput outp;
MethodModels() {
// signature: func (MIMEHeader).Add(key string, value string)
this.hasQualifiedName("net/textproto", "MIMEHeader", "Add") and
(inp.isParameter(_) and outp.isReceiver())
or
// signature: func (MIMEHeader).Get(key string) string
this.hasQualifiedName("net/textproto", "MIMEHeader", "Get") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (MIMEHeader).Set(key string, value string)
this.hasQualifiedName("net/textproto", "MIMEHeader", "Set") and
(inp.isParameter(_) and outp.isReceiver())
or
// signature: func (MIMEHeader).Values(key string) []string
this.hasQualifiedName("net/textproto", "MIMEHeader", "Values") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (*Reader).DotReader() io.Reader
this.hasQualifiedName("net/textproto", "Reader", "DotReader") and
(inp.isReceiver() and outp.isResult())
or
// signature: func (*Reader).ReadCodeLine(expectCode int) (code int, message string, err error)
this.hasQualifiedName("net/textproto", "Reader", "ReadCodeLine") and
(inp.isReceiver() and outp.isResult(1))
or
// signature: func (*Reader).ReadContinuedLine() (string, error)
this.hasQualifiedName("net/textproto", "Reader", "ReadContinuedLine") and
(inp.isReceiver() and outp.isResult(0))
or
// signature: func (*Reader).ReadContinuedLineBytes() ([]byte, error)
this.hasQualifiedName("net/textproto", "Reader", "ReadContinuedLineBytes") and
(inp.isReceiver() and outp.isResult(0))
or
// signature: func (*Reader).ReadDotBytes() ([]byte, error)
this.hasQualifiedName("net/textproto", "Reader", "ReadDotBytes") and
(inp.isReceiver() and outp.isResult(0))
or
// signature: func (*Reader).ReadDotLines() ([]string, error)
this.hasQualifiedName("net/textproto", "Reader", "ReadDotLines") and
(inp.isReceiver() and outp.isResult(0))
or
// signature: func (*Reader).ReadLine() (string, error)
this.hasQualifiedName("net/textproto", "Reader", "ReadLine") and
(inp.isReceiver() and outp.isResult(0))
or
// signature: func (*Reader).ReadLineBytes() ([]byte, error)
this.hasQualifiedName("net/textproto", "Reader", "ReadLineBytes") and
(inp.isReceiver() and outp.isResult(0))
or
// signature: func (*Reader).ReadMIMEHeader() (MIMEHeader, error)
this.hasQualifiedName("net/textproto", "Reader", "ReadMIMEHeader") and
(inp.isReceiver() and outp.isResult(0))
or
// signature: func (*Reader).ReadResponse(expectCode int) (code int, message string, err error)
this.hasQualifiedName("net/textproto", "Reader", "ReadResponse") and
(inp.isReceiver() and outp.isResult(1))
or
// signature: func (*Writer).DotWriter() io.WriteCloser
this.hasQualifiedName("net/textproto", "Writer", "DotWriter") and
(inp.isResult() and outp.isReceiver())
or
// signature: func (*Writer).PrintfLine(format string, args ...interface{}) error
this.hasQualifiedName("net/textproto", "Writer", "PrintfLine") and
(inp.isParameter(_) and outp.isReceiver())
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
input = inp and output = outp
}
}
}

704
ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Net.go Normal file
View File

@@ -0,0 +1,704 @@
// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT.
package main
import (
"io"
"net"
"os"
"syscall"
)
func TaintStepTest_NetFileConn_B0I0O0(sourceCQL interface{}) interface{} {
fromFile656 := sourceCQL.(*os.File)
intoConn414, _ := net.FileConn(fromFile656)
return intoConn414
}
func TaintStepTest_NetFileConn_B1I0O0(sourceCQL interface{}) interface{} {
fromConn518 := sourceCQL.(net.Conn)
var intoFile650 *os.File
intermediateCQL, _ := net.FileConn(intoFile650)
link(fromConn518, intermediateCQL)
return intoFile650
}
func TaintStepTest_NetFilePacketConn_B0I0O0(sourceCQL interface{}) interface{} {
fromFile784 := sourceCQL.(*os.File)
intoPacketConn957, _ := net.FilePacketConn(fromFile784)
return intoPacketConn957
}
func TaintStepTest_NetFilePacketConn_B1I0O0(sourceCQL interface{}) interface{} {
fromPacketConn520 := sourceCQL.(net.PacketConn)
var intoFile443 *os.File
intermediateCQL, _ := net.FilePacketConn(intoFile443)
link(fromPacketConn520, intermediateCQL)
return intoFile443
}
func TaintStepTest_NetJoinHostPort_B0I0O0(sourceCQL interface{}) interface{} {
fromString127 := sourceCQL.(string)
intoString483 := net.JoinHostPort(fromString127, "")
return intoString483
}
func TaintStepTest_NetJoinHostPort_B0I1O0(sourceCQL interface{}) interface{} {
fromString989 := sourceCQL.(string)
intoString982 := net.JoinHostPort("", fromString989)
return intoString982
}
func TaintStepTest_NetPipe_B0I0O0(sourceCQL interface{}) interface{} {
fromConn417 := sourceCQL.(net.Conn)
intermediateCQL, intoConn584 := net.Pipe()
link(fromConn417, intermediateCQL)
return intoConn584
}
func TaintStepTest_NetPipe_B1I0O0(sourceCQL interface{}) interface{} {
fromConn991 := sourceCQL.(net.Conn)
intoConn881, intermediateCQL := net.Pipe()
link(fromConn991, intermediateCQL)
return intoConn881
}
func TaintStepTest_NetSplitHostPort_B0I0O0(sourceCQL interface{}) interface{} {
fromString186 := sourceCQL.(string)
intoString284, _, _ := net.SplitHostPort(fromString186)
return intoString284
}
func TaintStepTest_NetSplitHostPort_B0I0O1(sourceCQL interface{}) interface{} {
fromString908 := sourceCQL.(string)
_, intoString137, _ := net.SplitHostPort(fromString908)
return intoString137
}
func TaintStepTest_NetBuffersRead_B0I0O0(sourceCQL interface{}) interface{} {
fromBuffers494 := sourceCQL.(net.Buffers)
var intoByte873 []byte
fromBuffers494.Read(intoByte873)
return intoByte873
}
func TaintStepTest_NetBuffersWriteTo_B0I0O0(sourceCQL interface{}) interface{} {
fromBuffers599 := sourceCQL.(net.Buffers)
var intoWriter409 io.Writer
fromBuffers599.WriteTo(intoWriter409)
return intoWriter409
}
func TaintStepTest_NetIPConnReadFrom_B0I0O0(sourceCQL interface{}) interface{} {
fromIPConn246 := sourceCQL.(net.IPConn)
var intoByte898 []byte
fromIPConn246.ReadFrom(intoByte898)
return intoByte898
}
func TaintStepTest_NetIPConnReadFromIP_B0I0O0(sourceCQL interface{}) interface{} {
fromIPConn598 := sourceCQL.(net.IPConn)
var intoByte631 []byte
fromIPConn598.ReadFromIP(intoByte631)
return intoByte631
}
func TaintStepTest_NetIPConnReadMsgIP_B0I0O0(sourceCQL interface{}) interface{} {
fromIPConn165 := sourceCQL.(net.IPConn)
var intoByte150 []byte
fromIPConn165.ReadMsgIP(intoByte150, nil)
return intoByte150
}
func TaintStepTest_NetIPConnReadMsgIP_B0I0O1(sourceCQL interface{}) interface{} {
fromIPConn340 := sourceCQL.(net.IPConn)
var intoByte471 []byte
fromIPConn340.ReadMsgIP(nil, intoByte471)
return intoByte471
}
func TaintStepTest_NetIPConnSyscallConn_B0I0O0(sourceCQL interface{}) interface{} {
fromIPConn290 := sourceCQL.(net.IPConn)
intoRawConn758, _ := fromIPConn290.SyscallConn()
return intoRawConn758
}
func TaintStepTest_NetIPConnSyscallConn_B1I0O0(sourceCQL interface{}) interface{} {
fromRawConn396 := sourceCQL.(syscall.RawConn)
var intoIPConn707 net.IPConn
intermediateCQL, _ := intoIPConn707.SyscallConn()
link(fromRawConn396, intermediateCQL)
return intoIPConn707
}
func TaintStepTest_NetIPConnWriteMsgIP_B0I0O0(sourceCQL interface{}) interface{} {
fromByte912 := sourceCQL.([]byte)
var intoIPConn718 net.IPConn
intoIPConn718.WriteMsgIP(fromByte912, nil, nil)
return intoIPConn718
}
func TaintStepTest_NetIPConnWriteMsgIP_B0I1O0(sourceCQL interface{}) interface{} {
fromByte972 := sourceCQL.([]byte)
var intoIPConn633 net.IPConn
intoIPConn633.WriteMsgIP(nil, fromByte972, nil)
return intoIPConn633
}
func TaintStepTest_NetIPConnWriteTo_B0I0O0(sourceCQL interface{}) interface{} {
fromByte316 := sourceCQL.([]byte)
var intoIPConn145 net.IPConn
intoIPConn145.WriteTo(fromByte316, nil)
return intoIPConn145
}
func TaintStepTest_NetIPConnWriteToIP_B0I0O0(sourceCQL interface{}) interface{} {
fromByte817 := sourceCQL.([]byte)
var intoIPConn474 net.IPConn
intoIPConn474.WriteToIP(fromByte817, nil)
return intoIPConn474
}
func TaintStepTest_NetTCPConnReadFrom_B0I0O0(sourceCQL interface{}) interface{} {
fromReader832 := sourceCQL.(io.Reader)
var intoTCPConn378 net.TCPConn
intoTCPConn378.ReadFrom(fromReader832)
return intoTCPConn378
}
func TaintStepTest_NetTCPConnSyscallConn_B0I0O0(sourceCQL interface{}) interface{} {
fromTCPConn541 := sourceCQL.(net.TCPConn)
intoRawConn139, _ := fromTCPConn541.SyscallConn()
return intoRawConn139
}
func TaintStepTest_NetTCPConnSyscallConn_B1I0O0(sourceCQL interface{}) interface{} {
fromRawConn814 := sourceCQL.(syscall.RawConn)
var intoTCPConn768 net.TCPConn
intermediateCQL, _ := intoTCPConn768.SyscallConn()
link(fromRawConn814, intermediateCQL)
return intoTCPConn768
}
func TaintStepTest_NetTCPListenerFile_B0I0O0(sourceCQL interface{}) interface{} {
fromTCPListener468 := sourceCQL.(net.TCPListener)
intoFile736, _ := fromTCPListener468.File()
return intoFile736
}
func TaintStepTest_NetTCPListenerFile_B1I0O0(sourceCQL interface{}) interface{} {
fromFile516 := sourceCQL.(*os.File)
var intoTCPListener246 net.TCPListener
intermediateCQL, _ := intoTCPListener246.File()
link(fromFile516, intermediateCQL)
return intoTCPListener246
}
func TaintStepTest_NetTCPListenerSyscallConn_B0I0O0(sourceCQL interface{}) interface{} {
fromTCPListener679 := sourceCQL.(net.TCPListener)
intoRawConn736, _ := fromTCPListener679.SyscallConn()
return intoRawConn736
}
func TaintStepTest_NetTCPListenerSyscallConn_B1I0O0(sourceCQL interface{}) interface{} {
fromRawConn839 := sourceCQL.(syscall.RawConn)
var intoTCPListener273 net.TCPListener
intermediateCQL, _ := intoTCPListener273.SyscallConn()
link(fromRawConn839, intermediateCQL)
return intoTCPListener273
}
func TaintStepTest_NetUDPConnReadFrom_B0I0O0(sourceCQL interface{}) interface{} {
fromUDPConn982 := sourceCQL.(net.UDPConn)
var intoByte458 []byte
fromUDPConn982.ReadFrom(intoByte458)
return intoByte458
}
func TaintStepTest_NetUDPConnReadFromUDP_B0I0O0(sourceCQL interface{}) interface{} {
fromUDPConn506 := sourceCQL.(net.UDPConn)
var intoByte213 []byte
fromUDPConn506.ReadFromUDP(intoByte213)
return intoByte213
}
func TaintStepTest_NetUDPConnReadMsgUDP_B0I0O0(sourceCQL interface{}) interface{} {
fromUDPConn468 := sourceCQL.(net.UDPConn)
var intoByte219 []byte
fromUDPConn468.ReadMsgUDP(intoByte219, nil)
return intoByte219
}
func TaintStepTest_NetUDPConnReadMsgUDP_B0I0O1(sourceCQL interface{}) interface{} {
fromUDPConn265 := sourceCQL.(net.UDPConn)
var intoByte971 []byte
fromUDPConn265.ReadMsgUDP(nil, intoByte971)
return intoByte971
}
func TaintStepTest_NetUDPConnSyscallConn_B0I0O0(sourceCQL interface{}) interface{} {
fromUDPConn320 := sourceCQL.(net.UDPConn)
intoRawConn545, _ := fromUDPConn320.SyscallConn()
return intoRawConn545
}
func TaintStepTest_NetUDPConnSyscallConn_B1I0O0(sourceCQL interface{}) interface{} {
fromRawConn566 := sourceCQL.(syscall.RawConn)
var intoUDPConn497 net.UDPConn
intermediateCQL, _ := intoUDPConn497.SyscallConn()
link(fromRawConn566, intermediateCQL)
return intoUDPConn497
}
func TaintStepTest_NetUDPConnWriteMsgUDP_B0I0O0(sourceCQL interface{}) interface{} {
fromByte274 := sourceCQL.([]byte)
var intoUDPConn783 net.UDPConn
intoUDPConn783.WriteMsgUDP(fromByte274, nil, nil)
return intoUDPConn783
}
func TaintStepTest_NetUDPConnWriteMsgUDP_B0I1O0(sourceCQL interface{}) interface{} {
fromByte905 := sourceCQL.([]byte)
var intoUDPConn389 net.UDPConn
intoUDPConn389.WriteMsgUDP(nil, fromByte905, nil)
return intoUDPConn389
}
func TaintStepTest_NetUDPConnWriteTo_B0I0O0(sourceCQL interface{}) interface{} {
fromByte198 := sourceCQL.([]byte)
var intoUDPConn477 net.UDPConn
intoUDPConn477.WriteTo(fromByte198, nil)
return intoUDPConn477
}
func TaintStepTest_NetUDPConnWriteToUDP_B0I0O0(sourceCQL interface{}) interface{} {
fromByte544 := sourceCQL.([]byte)
var intoUDPConn382 net.UDPConn
intoUDPConn382.WriteToUDP(fromByte544, nil)
return intoUDPConn382
}
func TaintStepTest_NetUnixConnReadFrom_B0I0O0(sourceCQL interface{}) interface{} {
fromUnixConn715 := sourceCQL.(net.UnixConn)
var intoByte179 []byte
fromUnixConn715.ReadFrom(intoByte179)
return intoByte179
}
func TaintStepTest_NetUnixConnReadFromUnix_B0I0O0(sourceCQL interface{}) interface{} {
fromUnixConn366 := sourceCQL.(net.UnixConn)
var intoByte648 []byte
fromUnixConn366.ReadFromUnix(intoByte648)
return intoByte648
}
func TaintStepTest_NetUnixConnReadMsgUnix_B0I0O0(sourceCQL interface{}) interface{} {
fromUnixConn544 := sourceCQL.(net.UnixConn)
var intoByte484 []byte
fromUnixConn544.ReadMsgUnix(intoByte484, nil)
return intoByte484
}
func TaintStepTest_NetUnixConnReadMsgUnix_B0I0O1(sourceCQL interface{}) interface{} {
fromUnixConn824 := sourceCQL.(net.UnixConn)
var intoByte754 []byte
fromUnixConn824.ReadMsgUnix(nil, intoByte754)
return intoByte754
}
func TaintStepTest_NetUnixConnSyscallConn_B0I0O0(sourceCQL interface{}) interface{} {
fromUnixConn680 := sourceCQL.(net.UnixConn)
intoRawConn722, _ := fromUnixConn680.SyscallConn()
return intoRawConn722
}
func TaintStepTest_NetUnixConnSyscallConn_B1I0O0(sourceCQL interface{}) interface{} {
fromRawConn506 := sourceCQL.(syscall.RawConn)
var intoUnixConn121 net.UnixConn
intermediateCQL, _ := intoUnixConn121.SyscallConn()
link(fromRawConn506, intermediateCQL)
return intoUnixConn121
}
func TaintStepTest_NetUnixConnWriteMsgUnix_B0I0O0(sourceCQL interface{}) interface{} {
fromByte293 := sourceCQL.([]byte)
var intoUnixConn151 net.UnixConn
intoUnixConn151.WriteMsgUnix(fromByte293, nil, nil)
return intoUnixConn151
}
func TaintStepTest_NetUnixConnWriteMsgUnix_B0I1O0(sourceCQL interface{}) interface{} {
fromByte849 := sourceCQL.([]byte)
var intoUnixConn322 net.UnixConn
intoUnixConn322.WriteMsgUnix(nil, fromByte849, nil)
return intoUnixConn322
}
func TaintStepTest_NetUnixConnWriteTo_B0I0O0(sourceCQL interface{}) interface{} {
fromByte339 := sourceCQL.([]byte)
var intoUnixConn478 net.UnixConn
intoUnixConn478.WriteTo(fromByte339, nil)
return intoUnixConn478
}
func TaintStepTest_NetUnixConnWriteToUnix_B0I0O0(sourceCQL interface{}) interface{} {
fromByte399 := sourceCQL.([]byte)
var intoUnixConn426 net.UnixConn
intoUnixConn426.WriteToUnix(fromByte399, nil)
return intoUnixConn426
}
func TaintStepTest_NetUnixListenerFile_B0I0O0(sourceCQL interface{}) interface{} {
fromUnixListener628 := sourceCQL.(net.UnixListener)
intoFile197, _ := fromUnixListener628.File()
return intoFile197
}
func TaintStepTest_NetUnixListenerFile_B1I0O0(sourceCQL interface{}) interface{} {
fromFile216 := sourceCQL.(*os.File)
var intoUnixListener742 net.UnixListener
intermediateCQL, _ := intoUnixListener742.File()
link(fromFile216, intermediateCQL)
return intoUnixListener742
}
func TaintStepTest_NetUnixListenerSyscallConn_B0I0O0(sourceCQL interface{}) interface{} {
fromUnixListener906 := sourceCQL.(net.UnixListener)
intoRawConn620, _ := fromUnixListener906.SyscallConn()
return intoRawConn620
}
func TaintStepTest_NetUnixListenerSyscallConn_B1I0O0(sourceCQL interface{}) interface{} {
fromRawConn158 := sourceCQL.(syscall.RawConn)
var intoUnixListener353 net.UnixListener
intermediateCQL, _ := intoUnixListener353.SyscallConn()
link(fromRawConn158, intermediateCQL)
return intoUnixListener353
}
func TaintStepTest_NetConnRead_B0I0O0(sourceCQL interface{}) interface{} {
fromConn625 := sourceCQL.(net.Conn)
var intoByte340 []byte
fromConn625.Read(intoByte340)
return intoByte340
}
func TaintStepTest_NetPacketConnReadFrom_B0I0O0(sourceCQL interface{}) interface{} {
fromPacketConn741 := sourceCQL.(net.PacketConn)
var intoByte199 []byte
fromPacketConn741.ReadFrom(intoByte199)
return intoByte199
}
func TaintStepTest_NetAddrString_B0I0O0(sourceCQL interface{}) interface{} {
fromAddr873 := sourceCQL.(net.Addr)
intoString304 := fromAddr873.String()
return intoString304
}
func TaintStepTest_NetConnWrite_B0I0O0(sourceCQL interface{}) interface{} {
fromByte262 := sourceCQL.([]byte)
var intoConn341 net.Conn
intoConn341.Write(fromByte262)
return intoConn341
}
func TaintStepTest_NetPacketConnWriteTo_B0I0O0(sourceCQL interface{}) interface{} {
fromByte495 := sourceCQL.([]byte)
var intoPacketConn976 net.PacketConn
intoPacketConn976.WriteTo(fromByte495, nil)
return intoPacketConn976
}
func RunAllTaints_Net() {
{
source := newSource(0)
out := TaintStepTest_NetFileConn_B0I0O0(source)
sink(0, out)
}
{
source := newSource(1)
out := TaintStepTest_NetFileConn_B1I0O0(source)
sink(1, out)
}
{
source := newSource(2)
out := TaintStepTest_NetFilePacketConn_B0I0O0(source)
sink(2, out)
}
{
source := newSource(3)
out := TaintStepTest_NetFilePacketConn_B1I0O0(source)
sink(3, out)
}
{
source := newSource(4)
out := TaintStepTest_NetJoinHostPort_B0I0O0(source)
sink(4, out)
}
{
source := newSource(5)
out := TaintStepTest_NetJoinHostPort_B0I1O0(source)
sink(5, out)
}
{
source := newSource(6)
out := TaintStepTest_NetPipe_B0I0O0(source)
sink(6, out)
}
{
source := newSource(7)
out := TaintStepTest_NetPipe_B1I0O0(source)
sink(7, out)
}
{
source := newSource(8)
out := TaintStepTest_NetSplitHostPort_B0I0O0(source)
sink(8, out)
}
{
source := newSource(9)
out := TaintStepTest_NetSplitHostPort_B0I0O1(source)
sink(9, out)
}
{
source := newSource(10)
out := TaintStepTest_NetBuffersRead_B0I0O0(source)
sink(10, out)
}
{
source := newSource(11)
out := TaintStepTest_NetBuffersWriteTo_B0I0O0(source)
sink(11, out)
}
{
source := newSource(12)
out := TaintStepTest_NetIPConnReadFrom_B0I0O0(source)
sink(12, out)
}
{
source := newSource(13)
out := TaintStepTest_NetIPConnReadFromIP_B0I0O0(source)
sink(13, out)
}
{
source := newSource(14)
out := TaintStepTest_NetIPConnReadMsgIP_B0I0O0(source)
sink(14, out)
}
{
source := newSource(15)
out := TaintStepTest_NetIPConnReadMsgIP_B0I0O1(source)
sink(15, out)
}
{
source := newSource(16)
out := TaintStepTest_NetIPConnSyscallConn_B0I0O0(source)
sink(16, out)
}
{
source := newSource(17)
out := TaintStepTest_NetIPConnSyscallConn_B1I0O0(source)
sink(17, out)
}
{
source := newSource(18)
out := TaintStepTest_NetIPConnWriteMsgIP_B0I0O0(source)
sink(18, out)
}
{
source := newSource(19)
out := TaintStepTest_NetIPConnWriteMsgIP_B0I1O0(source)
sink(19, out)
}
{
source := newSource(20)
out := TaintStepTest_NetIPConnWriteTo_B0I0O0(source)
sink(20, out)
}
{
source := newSource(21)
out := TaintStepTest_NetIPConnWriteToIP_B0I0O0(source)
sink(21, out)
}
{
source := newSource(22)
out := TaintStepTest_NetTCPConnReadFrom_B0I0O0(source)
sink(22, out)
}
{
source := newSource(23)
out := TaintStepTest_NetTCPConnSyscallConn_B0I0O0(source)
sink(23, out)
}
{
source := newSource(24)
out := TaintStepTest_NetTCPConnSyscallConn_B1I0O0(source)
sink(24, out)
}
{
source := newSource(25)
out := TaintStepTest_NetTCPListenerFile_B0I0O0(source)
sink(25, out)
}
{
source := newSource(26)
out := TaintStepTest_NetTCPListenerFile_B1I0O0(source)
sink(26, out)
}
{
source := newSource(27)
out := TaintStepTest_NetTCPListenerSyscallConn_B0I0O0(source)
sink(27, out)
}
{
source := newSource(28)
out := TaintStepTest_NetTCPListenerSyscallConn_B1I0O0(source)
sink(28, out)
}
{
source := newSource(29)
out := TaintStepTest_NetUDPConnReadFrom_B0I0O0(source)
sink(29, out)
}
{
source := newSource(30)
out := TaintStepTest_NetUDPConnReadFromUDP_B0I0O0(source)
sink(30, out)
}
{
source := newSource(31)
out := TaintStepTest_NetUDPConnReadMsgUDP_B0I0O0(source)
sink(31, out)
}
{
source := newSource(32)
out := TaintStepTest_NetUDPConnReadMsgUDP_B0I0O1(source)
sink(32, out)
}
{
source := newSource(33)
out := TaintStepTest_NetUDPConnSyscallConn_B0I0O0(source)
sink(33, out)
}
{
source := newSource(34)
out := TaintStepTest_NetUDPConnSyscallConn_B1I0O0(source)
sink(34, out)
}
{
source := newSource(35)
out := TaintStepTest_NetUDPConnWriteMsgUDP_B0I0O0(source)
sink(35, out)
}
{
source := newSource(36)
out := TaintStepTest_NetUDPConnWriteMsgUDP_B0I1O0(source)
sink(36, out)
}
{
source := newSource(37)
out := TaintStepTest_NetUDPConnWriteTo_B0I0O0(source)
sink(37, out)
}
{
source := newSource(38)
out := TaintStepTest_NetUDPConnWriteToUDP_B0I0O0(source)
sink(38, out)
}
{
source := newSource(39)
out := TaintStepTest_NetUnixConnReadFrom_B0I0O0(source)
sink(39, out)
}
{
source := newSource(40)
out := TaintStepTest_NetUnixConnReadFromUnix_B0I0O0(source)
sink(40, out)
}
{
source := newSource(41)
out := TaintStepTest_NetUnixConnReadMsgUnix_B0I0O0(source)
sink(41, out)
}
{
source := newSource(42)
out := TaintStepTest_NetUnixConnReadMsgUnix_B0I0O1(source)
sink(42, out)
}
{
source := newSource(43)
out := TaintStepTest_NetUnixConnSyscallConn_B0I0O0(source)
sink(43, out)
}
{
source := newSource(44)
out := TaintStepTest_NetUnixConnSyscallConn_B1I0O0(source)
sink(44, out)
}
{
source := newSource(45)
out := TaintStepTest_NetUnixConnWriteMsgUnix_B0I0O0(source)
sink(45, out)
}
{
source := newSource(46)
out := TaintStepTest_NetUnixConnWriteMsgUnix_B0I1O0(source)
sink(46, out)
}
{
source := newSource(47)
out := TaintStepTest_NetUnixConnWriteTo_B0I0O0(source)
sink(47, out)
}
{
source := newSource(48)
out := TaintStepTest_NetUnixConnWriteToUnix_B0I0O0(source)
sink(48, out)
}
{
source := newSource(49)
out := TaintStepTest_NetUnixListenerFile_B0I0O0(source)
sink(49, out)
}
{
source := newSource(50)
out := TaintStepTest_NetUnixListenerFile_B1I0O0(source)
sink(50, out)
}
{
source := newSource(51)
out := TaintStepTest_NetUnixListenerSyscallConn_B0I0O0(source)
sink(51, out)
}
{
source := newSource(52)
out := TaintStepTest_NetUnixListenerSyscallConn_B1I0O0(source)
sink(52, out)
}
{
source := newSource(53)
out := TaintStepTest_NetConnRead_B0I0O0(source)
sink(53, out)
}
{
source := newSource(54)
out := TaintStepTest_NetPacketConnReadFrom_B0I0O0(source)
sink(54, out)
}
{
source := newSource(55)
out := TaintStepTest_NetAddrString_B0I0O0(source)
sink(55, out)
}
{
source := newSource(56)
out := TaintStepTest_NetConnWrite_B0I0O0(source)
sink(56, out)
}
{
source := newSource(57)
out := TaintStepTest_NetPacketConnWriteTo_B0I0O0(source)
sink(57, out)
}
}

289
ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/NetHttp.go Normal file
View File

@@ -0,0 +1,289 @@
// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT.
package main
import (
"bufio"
"io"
"net/http"
)
func TaintStepTest_NetHttpCanonicalHeaderKey_B0I0O0(sourceCQL interface{}) interface{} {
fromString656 := sourceCQL.(string)
intoString414 := http.CanonicalHeaderKey(fromString656)
return intoString414
}
func TaintStepTest_NetHttpError_B0I0O0(sourceCQL interface{}) interface{} {
fromString518 := sourceCQL.(string)
var intoResponseWriter650 http.ResponseWriter
http.Error(intoResponseWriter650, fromString518, 0)
return intoResponseWriter650
}
func TaintStepTest_NetHttpMaxBytesReader_B0I0O0(sourceCQL interface{}) interface{} {
fromReadCloser784 := sourceCQL.(io.ReadCloser)
intoReadCloser957 := http.MaxBytesReader(nil, fromReadCloser784, 0)
return intoReadCloser957
}
func TaintStepTest_NetHttpReadRequest_B0I0O0(sourceCQL interface{}) interface{} {
fromReader520 := sourceCQL.(*bufio.Reader)
intoRequest443, _ := http.ReadRequest(fromReader520)
return intoRequest443
}
func TaintStepTest_NetHttpReadResponse_B0I0O0(sourceCQL interface{}) interface{} {
fromReader127 := sourceCQL.(*bufio.Reader)
intoResponse483, _ := http.ReadResponse(fromReader127, nil)
return intoResponse483
}
func TaintStepTest_NetHttpSetCookie_B0I0O0(sourceCQL interface{}) interface{} {
fromCookie989 := sourceCQL.(*http.Cookie)
var intoResponseWriter982 http.ResponseWriter
http.SetCookie(intoResponseWriter982, fromCookie989)
return intoResponseWriter982
}
func TaintStepTest_NetHttpHeaderAdd_B0I0O0(sourceCQL interface{}) interface{} {
fromString417 := sourceCQL.(string)
var intoHeader584 http.Header
intoHeader584.Add(fromString417, "")
return intoHeader584
}
func TaintStepTest_NetHttpHeaderAdd_B0I1O0(sourceCQL interface{}) interface{} {
fromString991 := sourceCQL.(string)
var intoHeader881 http.Header
intoHeader881.Add("", fromString991)
return intoHeader881
}
func TaintStepTest_NetHttpHeaderClone_B0I0O0(sourceCQL interface{}) interface{} {
fromHeader186 := sourceCQL.(http.Header)
intoHeader284 := fromHeader186.Clone()
return intoHeader284
}
func TaintStepTest_NetHttpHeaderGet_B0I0O0(sourceCQL interface{}) interface{} {
fromHeader908 := sourceCQL.(http.Header)
intoString137 := fromHeader908.Get("")
return intoString137
}
func TaintStepTest_NetHttpHeaderSet_B0I0O0(sourceCQL interface{}) interface{} {
fromString494 := sourceCQL.(string)
var intoHeader873 http.Header
intoHeader873.Set(fromString494, "")
return intoHeader873
}
func TaintStepTest_NetHttpHeaderSet_B0I1O0(sourceCQL interface{}) interface{} {
fromString599 := sourceCQL.(string)
var intoHeader409 http.Header
intoHeader409.Set("", fromString599)
return intoHeader409
}
func TaintStepTest_NetHttpHeaderValues_B0I0O0(sourceCQL interface{}) interface{} {
fromHeader246 := sourceCQL.(http.Header)
intoString898 := fromHeader246.Values("")
return intoString898
}
func TaintStepTest_NetHttpHeaderWrite_B0I0O0(sourceCQL interface{}) interface{} {
fromHeader598 := sourceCQL.(http.Header)
var intoWriter631 io.Writer
fromHeader598.Write(intoWriter631)
return intoWriter631
}
func TaintStepTest_NetHttpHeaderWriteSubset_B0I0O0(sourceCQL interface{}) interface{} {
fromHeader165 := sourceCQL.(http.Header)
var intoWriter150 io.Writer
fromHeader165.WriteSubset(intoWriter150, nil)
return intoWriter150
}
func TaintStepTest_NetHttpRequestAddCookie_B0I0O0(sourceCQL interface{}) interface{} {
fromCookie340 := sourceCQL.(*http.Cookie)
var intoRequest471 http.Request
intoRequest471.AddCookie(fromCookie340)
return intoRequest471
}
func TaintStepTest_NetHttpRequestClone_B0I0O0(sourceCQL interface{}) interface{} {
fromRequest290 := sourceCQL.(http.Request)
intoRequest758 := fromRequest290.Clone(nil)
return intoRequest758
}
func TaintStepTest_NetHttpRequestWrite_B0I0O0(sourceCQL interface{}) interface{} {
fromRequest396 := sourceCQL.(http.Request)
var intoWriter707 io.Writer
fromRequest396.Write(intoWriter707)
return intoWriter707
}
func TaintStepTest_NetHttpRequestWriteProxy_B0I0O0(sourceCQL interface{}) interface{} {
fromRequest912 := sourceCQL.(http.Request)
var intoWriter718 io.Writer
fromRequest912.WriteProxy(intoWriter718)
return intoWriter718
}
func TaintStepTest_NetHttpResponseWrite_B0I0O0(sourceCQL interface{}) interface{} {
fromResponse972 := sourceCQL.(http.Response)
var intoWriter633 io.Writer
fromResponse972.Write(intoWriter633)
return intoWriter633
}
func TaintStepTest_NetHttpTransportClone_B0I0O0(sourceCQL interface{}) interface{} {
fromTransport316 := sourceCQL.(http.Transport)
intoTransport145 := fromTransport316.Clone()
return intoTransport145
}
func TaintStepTest_NetHttpHijackerHijack_B0I0O0(sourceCQL interface{}) interface{} {
fromHijacker817 := sourceCQL.(http.Hijacker)
intoConn474, _, _ := fromHijacker817.Hijack()
return intoConn474
}
func TaintStepTest_NetHttpHijackerHijack_B0I0O1(sourceCQL interface{}) interface{} {
fromHijacker832 := sourceCQL.(http.Hijacker)
_, intoReadWriter378, _ := fromHijacker832.Hijack()
return intoReadWriter378
}
func TaintStepTest_NetHttpResponseWriterWrite_B0I0O0(sourceCQL interface{}) interface{} {
fromByte541 := sourceCQL.([]byte)
var intoResponseWriter139 http.ResponseWriter
intoResponseWriter139.Write(fromByte541)
return intoResponseWriter139
}
func RunAllTaints_NetHttp() {
{
source := newSource(0)
out := TaintStepTest_NetHttpCanonicalHeaderKey_B0I0O0(source)
sink(0, out)
}
{
source := newSource(1)
out := TaintStepTest_NetHttpError_B0I0O0(source)
sink(1, out)
}
{
source := newSource(2)
out := TaintStepTest_NetHttpMaxBytesReader_B0I0O0(source)
sink(2, out)
}
{
source := newSource(3)
out := TaintStepTest_NetHttpReadRequest_B0I0O0(source)
sink(3, out)
}
{
source := newSource(4)
out := TaintStepTest_NetHttpReadResponse_B0I0O0(source)
sink(4, out)
}
{
source := newSource(5)
out := TaintStepTest_NetHttpSetCookie_B0I0O0(source)
sink(5, out)
}
{
source := newSource(6)
out := TaintStepTest_NetHttpHeaderAdd_B0I0O0(source)
sink(6, out)
}
{
source := newSource(7)
out := TaintStepTest_NetHttpHeaderAdd_B0I1O0(source)
sink(7, out)
}
{
source := newSource(8)
out := TaintStepTest_NetHttpHeaderClone_B0I0O0(source)
sink(8, out)
}
{
source := newSource(9)
out := TaintStepTest_NetHttpHeaderGet_B0I0O0(source)
sink(9, out)
}
{
source := newSource(10)
out := TaintStepTest_NetHttpHeaderSet_B0I0O0(source)
sink(10, out)
}
{
source := newSource(11)
out := TaintStepTest_NetHttpHeaderSet_B0I1O0(source)
sink(11, out)
}
{
source := newSource(12)
out := TaintStepTest_NetHttpHeaderValues_B0I0O0(source)
sink(12, out)
}
{
source := newSource(13)
out := TaintStepTest_NetHttpHeaderWrite_B0I0O0(source)
sink(13, out)
}
{
source := newSource(14)
out := TaintStepTest_NetHttpHeaderWriteSubset_B0I0O0(source)
sink(14, out)
}
{
source := newSource(15)
out := TaintStepTest_NetHttpRequestAddCookie_B0I0O0(source)
sink(15, out)
}
{
source := newSource(16)
out := TaintStepTest_NetHttpRequestClone_B0I0O0(source)
sink(16, out)
}
{
source := newSource(17)
out := TaintStepTest_NetHttpRequestWrite_B0I0O0(source)
sink(17, out)
}
{
source := newSource(18)
out := TaintStepTest_NetHttpRequestWriteProxy_B0I0O0(source)
sink(18, out)
}
{
source := newSource(19)
out := TaintStepTest_NetHttpResponseWrite_B0I0O0(source)
sink(19, out)
}
{
source := newSource(20)
out := TaintStepTest_NetHttpTransportClone_B0I0O0(source)
sink(20, out)
}
{
source := newSource(21)
out := TaintStepTest_NetHttpHijackerHijack_B0I0O0(source)
sink(21, out)
}
{
source := newSource(22)
out := TaintStepTest_NetHttpHijackerHijack_B0I0O1(source)
sink(22, out)
}
{
source := newSource(23)
out := TaintStepTest_NetHttpResponseWriterWrite_B0I0O0(source)
sink(23, out)
}
}

234
ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/NetHttpHttputil.go Normal file
View File

@@ -0,0 +1,234 @@
// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT.
package main
import (
"bufio"
"io"
"net"
"net/http"
"net/http/httputil"
)
func TaintStepTest_NetHttpHttputilDumpRequest_B0I0O0(sourceCQL interface{}) interface{} {
fromRequest656 := sourceCQL.(*http.Request)
intoByte414, _ := httputil.DumpRequest(fromRequest656, false)
return intoByte414
}
func TaintStepTest_NetHttpHttputilDumpRequestOut_B0I0O0(sourceCQL interface{}) interface{} {
fromRequest518 := sourceCQL.(*http.Request)
intoByte650, _ := httputil.DumpRequestOut(fromRequest518, false)
return intoByte650
}
func TaintStepTest_NetHttpHttputilDumpResponse_B0I0O0(sourceCQL interface{}) interface{} {
fromResponse784 := sourceCQL.(*http.Response)
intoByte957, _ := httputil.DumpResponse(fromResponse784, false)
return intoByte957
}
func TaintStepTest_NetHttpHttputilNewChunkedReader_B0I0O0(sourceCQL interface{}) interface{} {
fromReader520 := sourceCQL.(io.Reader)
intoReader443 := httputil.NewChunkedReader(fromReader520)
return intoReader443
}
func TaintStepTest_NetHttpHttputilNewChunkedWriter_B0I0O0(sourceCQL interface{}) interface{} {
fromWriteCloser127 := sourceCQL.(io.WriteCloser)
var intoWriter483 io.Writer
intermediateCQL := httputil.NewChunkedWriter(intoWriter483)
link(fromWriteCloser127, intermediateCQL)
return intoWriter483
}
func TaintStepTest_NetHttpHttputilNewClientConn_B0I0O0(sourceCQL interface{}) interface{} {
fromConn989 := sourceCQL.(net.Conn)
intoClientConn982 := httputil.NewClientConn(fromConn989, nil)
return intoClientConn982
}
func TaintStepTest_NetHttpHttputilNewClientConn_B0I1O0(sourceCQL interface{}) interface{} {
fromReader417 := sourceCQL.(*bufio.Reader)
intoClientConn584 := httputil.NewClientConn(nil, fromReader417)
return intoClientConn584
}
func TaintStepTest_NetHttpHttputilNewClientConn_B1I0O0(sourceCQL interface{}) interface{} {
fromClientConn991 := sourceCQL.(*httputil.ClientConn)
var intoConn881 net.Conn
intermediateCQL := httputil.NewClientConn(intoConn881, nil)
link(fromClientConn991, intermediateCQL)
return intoConn881
}
func TaintStepTest_NetHttpHttputilNewProxyClientConn_B0I0O0(sourceCQL interface{}) interface{} {
fromConn186 := sourceCQL.(net.Conn)
intoClientConn284 := httputil.NewProxyClientConn(fromConn186, nil)
return intoClientConn284
}
func TaintStepTest_NetHttpHttputilNewProxyClientConn_B0I1O0(sourceCQL interface{}) interface{} {
fromReader908 := sourceCQL.(*bufio.Reader)
intoClientConn137 := httputil.NewProxyClientConn(nil, fromReader908)
return intoClientConn137
}
func TaintStepTest_NetHttpHttputilNewProxyClientConn_B1I0O0(sourceCQL interface{}) interface{} {
fromClientConn494 := sourceCQL.(*httputil.ClientConn)
var intoConn873 net.Conn
intermediateCQL := httputil.NewProxyClientConn(intoConn873, nil)
link(fromClientConn494, intermediateCQL)
return intoConn873
}
func TaintStepTest_NetHttpHttputilClientConnHijack_B0I0O0(sourceCQL interface{}) interface{} {
fromClientConn599 := sourceCQL.(httputil.ClientConn)
intoConn409, _ := fromClientConn599.Hijack()
return intoConn409
}
func TaintStepTest_NetHttpHttputilClientConnHijack_B0I0O1(sourceCQL interface{}) interface{} {
fromClientConn246 := sourceCQL.(httputil.ClientConn)
_, intoReader898 := fromClientConn246.Hijack()
return intoReader898
}
func TaintStepTest_NetHttpHttputilClientConnHijack_B1I0O0(sourceCQL interface{}) interface{} {
fromConn598 := sourceCQL.(net.Conn)
var intoClientConn631 httputil.ClientConn
intermediateCQL, _ := intoClientConn631.Hijack()
link(fromConn598, intermediateCQL)
return intoClientConn631
}
func TaintStepTest_NetHttpHttputilServerConnHijack_B0I0O0(sourceCQL interface{}) interface{} {
fromServerConn165 := sourceCQL.(httputil.ServerConn)
intoConn150, _ := fromServerConn165.Hijack()
return intoConn150
}
func TaintStepTest_NetHttpHttputilServerConnHijack_B0I0O1(sourceCQL interface{}) interface{} {
fromServerConn340 := sourceCQL.(httputil.ServerConn)
_, intoReader471 := fromServerConn340.Hijack()
return intoReader471
}
func TaintStepTest_NetHttpHttputilServerConnHijack_B1I0O0(sourceCQL interface{}) interface{} {
fromConn290 := sourceCQL.(net.Conn)
var intoServerConn758 httputil.ServerConn
intermediateCQL, _ := intoServerConn758.Hijack()
link(fromConn290, intermediateCQL)
return intoServerConn758
}
func TaintStepTest_NetHttpHttputilBufferPoolGet_B0I0O0(sourceCQL interface{}) interface{} {
fromBufferPool396 := sourceCQL.(httputil.BufferPool)
intoByte707 := fromBufferPool396.Get()
return intoByte707
}
func TaintStepTest_NetHttpHttputilBufferPoolPut_B0I0O0(sourceCQL interface{}) interface{} {
fromByte912 := sourceCQL.([]byte)
var intoBufferPool718 httputil.BufferPool
intoBufferPool718.Put(fromByte912)
return intoBufferPool718
}
func RunAllTaints_NetHttpHttputil() {
{
source := newSource(0)
out := TaintStepTest_NetHttpHttputilDumpRequest_B0I0O0(source)
sink(0, out)
}
{
source := newSource(1)
out := TaintStepTest_NetHttpHttputilDumpRequestOut_B0I0O0(source)
sink(1, out)
}
{
source := newSource(2)
out := TaintStepTest_NetHttpHttputilDumpResponse_B0I0O0(source)
sink(2, out)
}
{
source := newSource(3)
out := TaintStepTest_NetHttpHttputilNewChunkedReader_B0I0O0(source)
sink(3, out)
}
{
source := newSource(4)
out := TaintStepTest_NetHttpHttputilNewChunkedWriter_B0I0O0(source)
sink(4, out)
}
{
source := newSource(5)
out := TaintStepTest_NetHttpHttputilNewClientConn_B0I0O0(source)
sink(5, out)
}
{
source := newSource(6)
out := TaintStepTest_NetHttpHttputilNewClientConn_B0I1O0(source)
sink(6, out)
}
{
source := newSource(7)
out := TaintStepTest_NetHttpHttputilNewClientConn_B1I0O0(source)
sink(7, out)
}
{
source := newSource(8)
out := TaintStepTest_NetHttpHttputilNewProxyClientConn_B0I0O0(source)
sink(8, out)
}
{
source := newSource(9)
out := TaintStepTest_NetHttpHttputilNewProxyClientConn_B0I1O0(source)
sink(9, out)
}
{
source := newSource(10)
out := TaintStepTest_NetHttpHttputilNewProxyClientConn_B1I0O0(source)
sink(10, out)
}
{
source := newSource(11)
out := TaintStepTest_NetHttpHttputilClientConnHijack_B0I0O0(source)
sink(11, out)
}
{
source := newSource(12)
out := TaintStepTest_NetHttpHttputilClientConnHijack_B0I0O1(source)
sink(12, out)
}
{
source := newSource(13)
out := TaintStepTest_NetHttpHttputilClientConnHijack_B1I0O0(source)
sink(13, out)
}
{
source := newSource(14)
out := TaintStepTest_NetHttpHttputilServerConnHijack_B0I0O0(source)
sink(14, out)
}
{
source := newSource(15)
out := TaintStepTest_NetHttpHttputilServerConnHijack_B0I0O1(source)
sink(15, out)
}
{
source := newSource(16)
out := TaintStepTest_NetHttpHttputilServerConnHijack_B1I0O0(source)
sink(16, out)
}
{
source := newSource(17)
out := TaintStepTest_NetHttpHttputilBufferPoolGet_B0I0O0(source)
sink(17, out)
}
{
source := newSource(18)
out := TaintStepTest_NetHttpHttputilBufferPoolPut_B0I0O0(source)
sink(18, out)
}
}

79
ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/NetMail.go Normal file
View File

@@ -0,0 +1,79 @@
// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT.
package main
import (
"io"
"net/mail"
)
func TaintStepTest_NetMailParseAddress_B0I0O0(sourceCQL interface{}) interface{} {
fromString656 := sourceCQL.(string)
intoAddress414, _ := mail.ParseAddress(fromString656)
return intoAddress414
}
func TaintStepTest_NetMailParseAddressList_B0I0O0(sourceCQL interface{}) interface{} {
fromString518 := sourceCQL.(string)
intoAddress650, _ := mail.ParseAddressList(fromString518)
return intoAddress650
}
func TaintStepTest_NetMailReadMessage_B0I0O0(sourceCQL interface{}) interface{} {
fromReader784 := sourceCQL.(io.Reader)
intoMessage957, _ := mail.ReadMessage(fromReader784)
return intoMessage957
}
func TaintStepTest_NetMailAddressParserParse_B0I0O0(sourceCQL interface{}) interface{} {
fromString520 := sourceCQL.(string)
var mediumObjCQL mail.AddressParser
intoAddress443, _ := mediumObjCQL.Parse(fromString520)
return intoAddress443
}
func TaintStepTest_NetMailAddressParserParseList_B0I0O0(sourceCQL interface{}) interface{} {
fromString127 := sourceCQL.(string)
var mediumObjCQL mail.AddressParser
intoAddress483, _ := mediumObjCQL.ParseList(fromString127)
return intoAddress483
}
func TaintStepTest_NetMailHeaderGet_B0I0O0(sourceCQL interface{}) interface{} {
fromHeader989 := sourceCQL.(mail.Header)
intoString982 := fromHeader989.Get("")
return intoString982
}
func RunAllTaints_NetMail() {
{
source := newSource(0)
out := TaintStepTest_NetMailParseAddress_B0I0O0(source)
sink(0, out)
}
{
source := newSource(1)
out := TaintStepTest_NetMailParseAddressList_B0I0O0(source)
sink(1, out)
}
{
source := newSource(2)
out := TaintStepTest_NetMailReadMessage_B0I0O0(source)
sink(2, out)
}
{
source := newSource(3)
out := TaintStepTest_NetMailAddressParserParse_B0I0O0(source)
sink(3, out)
}
{
source := newSource(4)
out := TaintStepTest_NetMailAddressParserParseList_B0I0O0(source)
sink(4, out)
}
{
source := newSource(5)
out := TaintStepTest_NetMailHeaderGet_B0I0O0(source)
sink(5, out)
}
}

310
ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/NetTextproto.go Normal file
View File

@@ -0,0 +1,310 @@
// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT.
package main
import (
"bufio"
"io"
"net/textproto"
)
func TaintStepTest_NetTextprotoCanonicalMIMEHeaderKey_B0I0O0(sourceCQL interface{}) interface{} {
fromString656 := sourceCQL.(string)
intoString414 := textproto.CanonicalMIMEHeaderKey(fromString656)
return intoString414
}
func TaintStepTest_NetTextprotoNewConn_B0I0O0(sourceCQL interface{}) interface{} {
fromReadWriteCloser518 := sourceCQL.(io.ReadWriteCloser)
intoConn650 := textproto.NewConn(fromReadWriteCloser518)
return intoConn650
}
func TaintStepTest_NetTextprotoNewConn_B1I0O0(sourceCQL interface{}) interface{} {
fromConn784 := sourceCQL.(*textproto.Conn)
var intoReadWriteCloser957 io.ReadWriteCloser
intermediateCQL := textproto.NewConn(intoReadWriteCloser957)
link(fromConn784, intermediateCQL)
return intoReadWriteCloser957
}
func TaintStepTest_NetTextprotoNewReader_B0I0O0(sourceCQL interface{}) interface{} {
fromReader520 := sourceCQL.(*bufio.Reader)
intoReader443 := textproto.NewReader(fromReader520)
return intoReader443
}
func TaintStepTest_NetTextprotoNewWriter_B0I0O0(sourceCQL interface{}) interface{} {
fromWriter127 := sourceCQL.(*textproto.Writer)
var intoWriter483 *bufio.Writer
intermediateCQL := textproto.NewWriter(intoWriter483)
link(fromWriter127, intermediateCQL)
return intoWriter483
}
func TaintStepTest_NetTextprotoTrimBytes_B0I0O0(sourceCQL interface{}) interface{} {
fromByte989 := sourceCQL.([]byte)
intoByte982 := textproto.TrimBytes(fromByte989)
return intoByte982
}
func TaintStepTest_NetTextprotoTrimString_B0I0O0(sourceCQL interface{}) interface{} {
fromString417 := sourceCQL.(string)
intoString584 := textproto.TrimString(fromString417)
return intoString584
}
func TaintStepTest_NetTextprotoMIMEHeaderAdd_B0I0O0(sourceCQL interface{}) interface{} {
fromString991 := sourceCQL.(string)
var intoMIMEHeader881 textproto.MIMEHeader
intoMIMEHeader881.Add(fromString991, "")
return intoMIMEHeader881
}
func TaintStepTest_NetTextprotoMIMEHeaderAdd_B0I1O0(sourceCQL interface{}) interface{} {
fromString186 := sourceCQL.(string)
var intoMIMEHeader284 textproto.MIMEHeader
intoMIMEHeader284.Add("", fromString186)
return intoMIMEHeader284
}
func TaintStepTest_NetTextprotoMIMEHeaderGet_B0I0O0(sourceCQL interface{}) interface{} {
fromMIMEHeader908 := sourceCQL.(textproto.MIMEHeader)
intoString137 := fromMIMEHeader908.Get("")
return intoString137
}
func TaintStepTest_NetTextprotoMIMEHeaderSet_B0I0O0(sourceCQL interface{}) interface{} {
fromString494 := sourceCQL.(string)
var intoMIMEHeader873 textproto.MIMEHeader
intoMIMEHeader873.Set(fromString494, "")
return intoMIMEHeader873
}
func TaintStepTest_NetTextprotoMIMEHeaderSet_B0I1O0(sourceCQL interface{}) interface{} {
fromString599 := sourceCQL.(string)
var intoMIMEHeader409 textproto.MIMEHeader
intoMIMEHeader409.Set("", fromString599)
return intoMIMEHeader409
}
func TaintStepTest_NetTextprotoMIMEHeaderValues_B0I0O0(sourceCQL interface{}) interface{} {
fromMIMEHeader246 := sourceCQL.(textproto.MIMEHeader)
intoString898 := fromMIMEHeader246.Values("")
return intoString898
}
func TaintStepTest_NetTextprotoReaderDotReader_B0I0O0(sourceCQL interface{}) interface{} {
fromReader598 := sourceCQL.(textproto.Reader)
intoReader631 := fromReader598.DotReader()
return intoReader631
}
func TaintStepTest_NetTextprotoReaderReadCodeLine_B0I0O0(sourceCQL interface{}) interface{} {
fromReader165 := sourceCQL.(textproto.Reader)
_, intoString150, _ := fromReader165.ReadCodeLine(0)
return intoString150
}
func TaintStepTest_NetTextprotoReaderReadContinuedLine_B0I0O0(sourceCQL interface{}) interface{} {
fromReader340 := sourceCQL.(textproto.Reader)
intoString471, _ := fromReader340.ReadContinuedLine()
return intoString471
}
func TaintStepTest_NetTextprotoReaderReadContinuedLineBytes_B0I0O0(sourceCQL interface{}) interface{} {
fromReader290 := sourceCQL.(textproto.Reader)
intoByte758, _ := fromReader290.ReadContinuedLineBytes()
return intoByte758
}
func TaintStepTest_NetTextprotoReaderReadDotBytes_B0I0O0(sourceCQL interface{}) interface{} {
fromReader396 := sourceCQL.(textproto.Reader)
intoByte707, _ := fromReader396.ReadDotBytes()
return intoByte707
}
func TaintStepTest_NetTextprotoReaderReadDotLines_B0I0O0(sourceCQL interface{}) interface{} {
fromReader912 := sourceCQL.(textproto.Reader)
intoString718, _ := fromReader912.ReadDotLines()
return intoString718
}
func TaintStepTest_NetTextprotoReaderReadLine_B0I0O0(sourceCQL interface{}) interface{} {
fromReader972 := sourceCQL.(textproto.Reader)
intoString633, _ := fromReader972.ReadLine()
return intoString633
}
func TaintStepTest_NetTextprotoReaderReadLineBytes_B0I0O0(sourceCQL interface{}) interface{} {
fromReader316 := sourceCQL.(textproto.Reader)
intoByte145, _ := fromReader316.ReadLineBytes()
return intoByte145
}
func TaintStepTest_NetTextprotoReaderReadMIMEHeader_B0I0O0(sourceCQL interface{}) interface{} {
fromReader817 := sourceCQL.(textproto.Reader)
intoMIMEHeader474, _ := fromReader817.ReadMIMEHeader()
return intoMIMEHeader474
}
func TaintStepTest_NetTextprotoReaderReadResponse_B0I0O0(sourceCQL interface{}) interface{} {
fromReader832 := sourceCQL.(textproto.Reader)
_, intoString378, _ := fromReader832.ReadResponse(0)
return intoString378
}
func TaintStepTest_NetTextprotoWriterDotWriter_B0I0O0(sourceCQL interface{}) interface{} {
fromWriteCloser541 := sourceCQL.(io.WriteCloser)
var intoWriter139 textproto.Writer
intermediateCQL := intoWriter139.DotWriter()
link(fromWriteCloser541, intermediateCQL)
return intoWriter139
}
func TaintStepTest_NetTextprotoWriterPrintfLine_B0I0O0(sourceCQL interface{}) interface{} {
fromString814 := sourceCQL.(string)
var intoWriter768 textproto.Writer
intoWriter768.PrintfLine(fromString814, nil)
return intoWriter768
}
func TaintStepTest_NetTextprotoWriterPrintfLine_B0I1O0(sourceCQL interface{}) interface{} {
fromInterface468 := sourceCQL.(interface{})
var intoWriter736 textproto.Writer
intoWriter736.PrintfLine("", fromInterface468)
return intoWriter736
}
func RunAllTaints_NetTextproto() {
{
source := newSource(0)
out := TaintStepTest_NetTextprotoCanonicalMIMEHeaderKey_B0I0O0(source)
sink(0, out)
}
{
source := newSource(1)
out := TaintStepTest_NetTextprotoNewConn_B0I0O0(source)
sink(1, out)
}
{
source := newSource(2)
out := TaintStepTest_NetTextprotoNewConn_B1I0O0(source)
sink(2, out)
}
{
source := newSource(3)
out := TaintStepTest_NetTextprotoNewReader_B0I0O0(source)
sink(3, out)
}
{
source := newSource(4)
out := TaintStepTest_NetTextprotoNewWriter_B0I0O0(source)
sink(4, out)
}
{
source := newSource(5)
out := TaintStepTest_NetTextprotoTrimBytes_B0I0O0(source)
sink(5, out)
}
{
source := newSource(6)
out := TaintStepTest_NetTextprotoTrimString_B0I0O0(source)
sink(6, out)
}
{
source := newSource(7)
out := TaintStepTest_NetTextprotoMIMEHeaderAdd_B0I0O0(source)
sink(7, out)
}
{
source := newSource(8)
out := TaintStepTest_NetTextprotoMIMEHeaderAdd_B0I1O0(source)
sink(8, out)
}
{
source := newSource(9)
out := TaintStepTest_NetTextprotoMIMEHeaderGet_B0I0O0(source)
sink(9, out)
}
{
source := newSource(10)
out := TaintStepTest_NetTextprotoMIMEHeaderSet_B0I0O0(source)
sink(10, out)
}
{
source := newSource(11)
out := TaintStepTest_NetTextprotoMIMEHeaderSet_B0I1O0(source)
sink(11, out)
}
{
source := newSource(12)
out := TaintStepTest_NetTextprotoMIMEHeaderValues_B0I0O0(source)
sink(12, out)
}
{
source := newSource(13)
out := TaintStepTest_NetTextprotoReaderDotReader_B0I0O0(source)
sink(13, out)
}
{
source := newSource(14)
out := TaintStepTest_NetTextprotoReaderReadCodeLine_B0I0O0(source)
sink(14, out)
}
{
source := newSource(15)
out := TaintStepTest_NetTextprotoReaderReadContinuedLine_B0I0O0(source)
sink(15, out)
}
{
source := newSource(16)
out := TaintStepTest_NetTextprotoReaderReadContinuedLineBytes_B0I0O0(source)
sink(16, out)
}
{
source := newSource(17)
out := TaintStepTest_NetTextprotoReaderReadDotBytes_B0I0O0(source)
sink(17, out)
}
{
source := newSource(18)
out := TaintStepTest_NetTextprotoReaderReadDotLines_B0I0O0(source)
sink(18, out)
}
{
source := newSource(19)
out := TaintStepTest_NetTextprotoReaderReadLine_B0I0O0(source)
sink(19, out)
}
{
source := newSource(20)
out := TaintStepTest_NetTextprotoReaderReadLineBytes_B0I0O0(source)
sink(20, out)
}
{
source := newSource(21)
out := TaintStepTest_NetTextprotoReaderReadMIMEHeader_B0I0O0(source)
sink(21, out)
}
{
source := newSource(22)
out := TaintStepTest_NetTextprotoReaderReadResponse_B0I0O0(source)
sink(22, out)
}
{
source := newSource(23)
out := TaintStepTest_NetTextprotoWriterDotWriter_B0I0O0(source)
sink(23, out)
}
{
source := newSource(24)
out := TaintStepTest_NetTextprotoWriterPrintfLine_B0I0O0(source)
sink(24, out)
}
{
source := newSource(25)
out := TaintStepTest_NetTextprotoWriterPrintfLine_B0I1O0(source)
sink(25, out)
}
}