From a90f609c536d40eb302302c8c44a7093339933ab Mon Sep 17 00:00:00 2001 From: Slavomir Date: Sat, 23 Jan 2021 10:36:53 +0100 Subject: [PATCH] Manually add packagePath() predicate --- ql/src/semmle/go/frameworks/CleverGo.qll | 26 ++++++++++++++---------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/ql/src/semmle/go/frameworks/CleverGo.qll b/ql/src/semmle/go/frameworks/CleverGo.qll index 5b8fb516199..3ffa0db4cf6 100644 --- a/ql/src/semmle/go/frameworks/CleverGo.qll +++ b/ql/src/semmle/go/frameworks/CleverGo.qll @@ -8,6 +8,12 @@ import go * Provides classes for working with concepts from the [`clevergo.tech/clevergo@v0.5.2`](https://pkg.go.dev/clevergo.tech/clevergo@v0.5.2) package. */ private module CleverGo { + /** Gets the package path. */ + bindingset[result] + string packagePath() { + result = package(["clevergo.tech/clevergo", "github.com/clevergo/clevergo"], "") + } + /** * Provides models of untrusted flow sources. */ @@ -16,7 +22,7 @@ private module CleverGo { // Methods on types of package: clevergo.tech/clevergo@v0.5.2 exists(string receiverName, string methodName, Method mtd, FunctionOutput outp | this = outp.getExitNode(mtd.getACall()) and - mtd.hasQualifiedName(package("clevergo.tech/clevergo", ""), receiverName, methodName) + mtd.hasQualifiedName(packagePath(), receiverName, methodName) | receiverName = "Context" and ( @@ -66,7 +72,7 @@ private module CleverGo { this = outp.getExitNode(mtd.getACall()) | // Interface: Decoder - mtd.implements(package("clevergo.tech/clevergo", ""), "Decoder", methodName) and + mtd.implements(packagePath(), "Decoder", methodName) and ( // Method: func (Decoder).Decode(req *net/http.Request, v interface{}) error methodName = "Decode" and @@ -77,18 +83,16 @@ private module CleverGo { // Structs of package: clevergo.tech/clevergo@v0.5.2 exists(DataFlow::Field fld | // Struct: Context - fld.hasQualifiedName(package("clevergo.tech/clevergo", ""), "Context", "Params") + fld.hasQualifiedName(packagePath(), "Context", "Params") or // Struct: Param - fld.hasQualifiedName(package("clevergo.tech/clevergo", ""), "Param", ["Key", "Value"]) + fld.hasQualifiedName(packagePath(), "Param", ["Key", "Value"]) | this = fld.getARead() ) or // Types of package: clevergo.tech/clevergo@v0.5.2 - exists(ValueEntity v | - v.getType().hasQualifiedName(package("clevergo.tech/clevergo", ""), "Params") - | + exists(ValueEntity v | v.getType().hasQualifiedName(packagePath(), "Params") | this = v.getARead() ) } @@ -103,7 +107,7 @@ private module CleverGo { // Taint-tracking models for package: clevergo.tech/clevergo@v0.5.2 ( // Function: func CleanPath(p string) string - this.hasQualifiedName(package("clevergo.tech/clevergo", ""), "CleanPath") and + this.hasQualifiedName(packagePath(), "CleanPath") and inp.isParameter(0) and out.isResult() ) @@ -124,19 +128,19 @@ private module CleverGo { ( // Receiver: Application // Method: func (*Application).RouteURL(name string, args ...string) (*net/url.URL, error) - this.hasQualifiedName(package("clevergo.tech/clevergo", ""), "Application", "RouteURL") and + this.hasQualifiedName(packagePath(), "Application", "RouteURL") and inp.isParameter(_) and out.isResult(0) or // Receiver: Decoder // Method: func (Decoder).Decode(req *net/http.Request, v interface{}) error - this.implements(package("clevergo.tech/clevergo", ""), "Decoder", "Decode") and + this.implements(packagePath(), "Decoder", "Decode") and inp.isParameter(0) and out.isParameter(1) or // Receiver: Renderer // Method: func (Renderer).Render(w io.Writer, name string, data interface{}, c *Context) error - this.implements(package("clevergo.tech/clevergo", ""), "Renderer", "Render") and + this.implements(packagePath(), "Renderer", "Render") and inp.isParameter(2) and out.isParameter(0) )