hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch main into rc/3.6

Browse Source
This commit is contained in:
Edoardo Pirovano
2022-06-21 11:15:25 +01:00
parent d7d409f125 091299668a
commit ad02b85efa
1296 changed files with 64800 additions and 9671 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
go/codeql-tools/tracing-config.lua
View File

@@ -1,7 +1,7 @@
function RegisterExtractorPack()
local goExtractor = GetPlatformToolsDirectory() .. 'go-extractor'
local patterns = {
CreatePatternMatcher({'^go-autobuilder$'}, MatchCompilerName, nil,
CreatePatternMatcher({'^go%-autobuilder$'}, MatchCompilerName, nil,
{trace = false}),
CreatePatternMatcher({'^go$'}, MatchCompilerName, goExtractor, {
prepend = {'--mimic', '${compiler}'},
@@ -12,7 +12,7 @@ function RegisterExtractorPack()
if OperatingSystem == 'windows' then
goExtractor = goExtractor .. 'go-extractor.exe'
patterns = {
CreatePatternMatcher({'^go-autobuilder%.exe$'}, MatchCompilerName,
CreatePatternMatcher({'^go%-autobuilder%.exe$'}, MatchCompilerName,
nil, {trace = false}),
CreatePatternMatcher({'^go%.exe$'}, MatchCompilerName, goExtractor,
{

2
go/extractor/cli/go-autobuilder/go-autobuilder.go
View File

@@ -291,7 +291,7 @@ func main() {
}
// Go 1.16 and later won't automatically attempt to update go.mod / go.sum during package loading, so try to update them here:
if depMode == GoGetWithModules && semver.Compare(getEnvGoSemVer(), "1.16") >= 0 {
if modMode != ModVendor && depMode == GoGetWithModules && semver.Compare(getEnvGoSemVer(), "1.16") >= 0 {
// stat go.mod and go.sum
beforeGoModFileInfo, beforeGoModErr := os.Stat("go.mod")
if beforeGoModErr != nil {

2
go/ql/lib/semmle/go/Errors.qll
View File

@@ -26,7 +26,7 @@ class Error extends @error {
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [LGTM locations](https://lgtm.com/help/ql/locations).
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn

2
go/ql/lib/semmle/go/Files.qll
View File

@@ -33,7 +33,7 @@ abstract class Container extends @container {
/**
* Gets a URL representing the location of this container.
*
* For more information see https://lgtm.com/help/ql/locations#providing-urls.
* For more information see https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/#providing-urls.
*/
abstract string getURL();

6
go/ql/lib/semmle/go/Locations.qll
View File

@@ -6,7 +6,7 @@ import go
* A location as given by a file, a start line, a start column,
* an end line, and an end column.
*
* For more information about locations see [LGTM locations](https://lgtm.com/help/ql/locations).
* For more information about locations see [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
class Location extends @location {
/** Gets the file for this location. */
@@ -40,7 +40,7 @@ class Location extends @location {
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [LGTM locations](https://lgtm.com/help/ql/locations).
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
@@ -68,7 +68,7 @@ class Locatable extends @locatable {
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [LGTM locations](https://lgtm.com/help/ql/locations).
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn

4
go/ql/lib/semmle/go/Scopes.qll
View File

@@ -130,7 +130,7 @@ class Entity extends @object {
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [LGTM locations](https://lgtm.com/help/ql/locations).
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
@@ -632,7 +632,7 @@ class Callable extends TCallable {
* The location spans column `sc` of line `sl` to
* column `ec` of line `el` in file `fp`.
* For more information, see
* [Locations](https://help.semmle.com/QL/learn-ql/ql/locations.html).
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(string fp, int sl, int sc, int el, int ec) {
this.asFunction().hasLocationInfo(fp, sl, sc, el, ec) or

2
go/ql/lib/semmle/go/dataflow/internal/DataFlowUtil.qll
View File

@@ -158,7 +158,7 @@ class Content extends TContent {
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://help.semmle.com/QL/learn-ql/ql/locations.html).
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
path = "" and sl = 0 and sc = 0 and el = 0 and ec = 0

16
go/ql/src/experimental/CWE-285/PamAuthBad.go Normal file
View File

@@ -0,0 +1,16 @@
func bad() error {
t, err := pam.StartFunc("", "username", func(s pam.Style, msg string) (string, error) {
switch s {
case pam.PromptEchoOff:
return string(pass), nil
}
return "", fmt.Errorf("unsupported message style")
})
if err != nil {
return nil, err
}
if err := t.Authenticate(0); err != nil {
return nil, fmt.Errorf("Authenticate: %w", err)
}
}

52
go/ql/src/experimental/CWE-285/PamAuthBypass.qhelp Normal file
View File

@@ -0,0 +1,52 @@
<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
<qhelp>
<overview>
<p>
Using only a call to
<code>pam.Authenticate</code>
to check the validity of a login can lead to authorization bypass vulnerabilities.
</p>
<p>
A <code>pam.Authenticate</code> call
only verifies the credentials of a user. It does not check if a user has an
appropriate authorization to actually login. This means a user with an expired
login or a password can still access the system.
</p>
</overview>
<recommendation>
<p>
A call to
<code>pam.Authenticate</code>
should be followed by a call to
<code>pam.AcctMgmt</code>
to check if a user is allowed to login.
</p>
</recommendation>
<example>
<p>
In the following example, the code only checks the credentials of a user. Hence,
in this case, a user with expired credentials can still login. This can be
verified by creating a new user account, expiring it with
<code>chage -E0 `username` </code>
and then trying to log in.
</p>
<sample src="PamAuthBad.go" />
<p>
This can be avoided by calling
<code>pam.AcctMgmt</code>
call to verify access as has been done in the snippet shown below.
</p>
<sample src="PamAuthGood.go" />
</example>
<references>
<li>
Man-Page:
<a href="https://man7.org/linux/man-pages/man3/pam_acct_mgmt.3.html">pam_acct_mgmt</a>
</li>
</references>
</qhelp>

65
go/ql/src/experimental/CWE-285/PamAuthBypass.ql Normal file
View File

@@ -0,0 +1,65 @@
/**
* @name PAM authorization bypass due to incorrect usage
* @description Not using `pam.AcctMgmt` after `pam.Authenticate` to check the validity of a login can lead to authorization bypass.
* @kind problem
* @problem.severity warning
* @id go/unreachable-statement
* @tags maintainability
* correctness
* external/cwe/cwe-561
* external/cwe/cwe-285
* @precision very-high
*/
import go
predicate isInTestFile(Expr r) {
r.getFile().getAbsolutePath().matches("%test%") and
not r.getFile().getAbsolutePath().matches("%/ql/test/%")
}
class PamAuthenticate extends Method {
PamAuthenticate() {
this.hasQualifiedName("github.com/msteinert/pam", "Transaction", "Authenticate")
}
}
class PamAcctMgmt extends Method {
PamAcctMgmt() { this.hasQualifiedName("github.com/msteinert/pam", "Transaction", "AcctMgmt") }
}
class PamStartFunc extends Function {
PamStartFunc() { this.hasQualifiedName("github.com/msteinert/pam", ["StartFunc", "Start"]) }
}
class PamStartToAcctMgmtConfig extends TaintTracking::Configuration {
PamStartToAcctMgmtConfig() { this = "PAM auth bypass (Start to AcctMgmt)" }
override predicate isSource(DataFlow::Node source) {
exists(PamStartFunc p | p.getACall().getResult(0) = source)
}
override predicate isSink(DataFlow::Node sink) {
exists(PamAcctMgmt p | p.getACall().getReceiver() = sink)
}
}
class PamStartToAuthenticateConfig extends TaintTracking::Configuration {
PamStartToAuthenticateConfig() { this = "PAM auth bypass (Start to Authenticate)" }
override predicate isSource(DataFlow::Node source) {
exists(PamStartFunc p | p.getACall().getResult(0) = source)
}
override predicate isSink(DataFlow::Node sink) {
exists(PamAuthenticate p | p.getACall().getReceiver() = sink)
}
}
from
PamStartToAcctMgmtConfig acctMgmtConfig, PamStartToAuthenticateConfig authConfig,
DataFlow::Node source, DataFlow::Node sink
where
not isInTestFile(source.asExpr()) and
(authConfig.hasFlow(source, sink) and not acctMgmtConfig.hasFlow(source, _))
select source, "This Pam transaction may not be secure."

19
go/ql/src/experimental/CWE-285/PamAuthGood.go Normal file
View File

@@ -0,0 +1,19 @@
func good() error {
t, err := pam.StartFunc("", "username", func(s pam.Style, msg string) (string, error) {
switch s {
case pam.PromptEchoOff:
return string(pass), nil
}
return "", fmt.Errorf("unsupported message style")
})
if err != nil {
return nil, err
}
if err := t.Authenticate(0); err != nil {
return nil, fmt.Errorf("Authenticate: %w", err)
}
if err := t.AcctMgmt(0); err != nil {
return nil, fmt.Errorf("AcctMgmt: %w", err)
}
}

50
go/ql/src/experimental/CWE-321/HardcodedKeys.qhelp Normal file
View File

@@ -0,0 +1,50 @@
<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
<qhelp>
<overview>
<p>
A JSON Web Token (JWT) is used for authenticating and managing users in an application.
</p>
<p>
Using a hard-coded secret key for signing JWT tokens in open source projects
can leave the application using the token vulnerable to authentication bypasses.
</p>
<p>
A JWT token is safe for enforcing authentication and access control as long as it can't be forged by a malicious actor. However, when a project exposes this secret publicly, these seemingly unforgeable tokens can now be easily forged.
Since the authentication as well as access control is typically enforced through these JWT tokens, an attacker armed with the secret can create a valid authentication token for any user and may even gain access to other privileged parts of the application.
</p>
</overview>
<recommendation>
<p>
Generating a cryptograhically secure secret key during application initialization and using this generated key for future JWT signing requests can prevent this vulnerability.
</p>
</recommendation>
<example>
<p>
The following code uses a hard-coded string as a secret for signing the tokens. In this case, an attacker can very easily forge a token by using the hard-coded secret.
</p>
<sample src="HardcodedKeysBad.go" />
</example>
<example>
<p>
In the following case, the application uses a programatically generated string as a secret for signing the tokens. In this case, since the secret can't be predicted, the code is secure. A function like `GenerateCryptoString` can be run to generate a secure secret key at the time of application installation/initialization. This generated key can then be used for all future signing requests.
</p>
<sample src="HardcodedKeysGood.go" />
</example>
<references>
<li>
CVE-2022-0664:
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-0664">Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1. </a>
</li>
</references>
</qhelp>

18
go/ql/src/experimental/CWE-321/HardcodedKeys.ql Normal file
View File

@@ -0,0 +1,18 @@
/**
* @name Use of a hardcoded key for signing JWT
* @description Using a fixed hardcoded key for signing JWT's can allow an attacker to compromise security.
* @kind path-problem
* @problem.severity error
* @id go/hardcoded-key
* @tags security
* external/cwe/cwe-321
*/
import go
import HardcodedKeysLib
import DataFlow::PathGraph
from HardcodedKeys::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
where cfg.hasFlowPath(source, sink)
select sink.getNode(), source, sink, "$@ is used to sign a JWT token.", source.getNode(),
"Hardcoded String"

9
go/ql/src/experimental/CWE-321/HardcodedKeysBad.go Normal file
View File

@@ -0,0 +1,9 @@
mySigningKey := []byte("AllYourBase")
claims := &jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Unix(1516239022, 0)),
Issuer: "test",
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
ss, err := token.SignedString(mySigningKey)

23
go/ql/src/experimental/CWE-321/HardcodedKeysGood.go Normal file
View File

@@ -0,0 +1,23 @@
func GenerateCryptoString(n int) (string, error) {
const chars = "123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-"
ret := make([]byte, n)
for i := range ret {
num, err := crand.Int(crand.Reader, big.NewInt(int64(len(chars))))
if err != nil {
return "", err
}
ret[i] = chars[num.Int64()]
}
return string(ret), nil
}
mySigningKey := GenerateCryptoString(64)
claims := &jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Unix(1516239022, 0)),
Issuer: "test",
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
ss, err := token.SignedString(mySigningKey)

323
go/ql/src/experimental/CWE-321/HardcodedKeysLib.qll Normal file
View File

@@ -0,0 +1,323 @@
/**
* Provides default sources, sinks and sanitizers for reasoning about
* JWT token signing vulnerabilities as well as extension points
* for adding your own.
*/
import go
import StringOps
import DataFlow::PathGraph
/**
* Provides default sources, sinks and sanitizers for reasoning about
* JWT token signing vulnerabilities as well as extension points
* for adding your own.
*/
module HardcodedKeys {
/**
* A data flow source for JWT token signing vulnerabilities.
*/
abstract class Source extends DataFlow::Node { }
/**
* A data flow sink for JWT token signing vulnerabilities.
*/
abstract class Sink extends DataFlow::Node { }
/**
* A sanitizer for JWT token signing vulnerabilities.
*/
abstract class Sanitizer extends DataFlow::Node { }
/**
* A sanitizer guard for JWT token signing vulnerabilities.
*/
abstract class SanitizerGuard extends DataFlow::BarrierGuard { }
private predicate isTestCode(Expr e) {
e.getFile().getAbsolutePath().toLowerCase().matches("%test%") and
not e.getFile().getAbsolutePath().toLowerCase().matches("%ql/test%")
}
private predicate isDemoCode(Expr e) {
e.getFile().getAbsolutePath().toLowerCase().matches(["%mock%", "%demo%", "%example%"])
}
/**
* A hardcoded string literal as a source for JWT token signing vulnerabilities.
*/
private class HardcodedStringSource extends Source {
HardcodedStringSource() {
this.asExpr() instanceof StringLit and
not (isTestCode(this.asExpr()) or isDemoCode(this.asExpr()))
}
}
/**
* An expression used to sign JWT tokens as a sink for JWT token signing vulnerabilities.
*/
private class GolangJwtSign extends Sink {
GolangJwtSign() {
exists(string pkg |
pkg =
[
"github.com/golang-jwt/jwt/v4", "github.com/dgrijalva/jwt-go",
"github.com/form3tech-oss/jwt-go", "github.com/ory/fosite/token/jwt"
]
|
exists(DataFlow::MethodCallNode m |
// Models the `SignedString` method
// `func (t *Token) SignedString(key interface{}) (string, error)`
m.getTarget().hasQualifiedName(pkg, "Token", "SignedString") and
this = m.getArgument(0)
or
// Model the `Sign` method of the `SigningMethod` interface
// type SigningMethod interface {
// Verify(signingString, signature string, key interface{}) error
// Sign(signingString string, key interface{}) (string, error)
// Alg() string
// }
m.getTarget().hasQualifiedName(pkg, "SigningMethod", "Sign") and
this = m.getArgument(1)
)
)
}
}
private class GinJwtSign extends Sink {
GinJwtSign() {
exists(Field f |
// https://pkg.go.dev/github.com/appleboy/gin-jwt/v2#GinJWTMiddleware
f.hasQualifiedName("github.com/appleboy/gin-jwt/v2", "GinJWTMiddleware", "Key") and
f.getAWrite().getRhs() = this
)
}
}
private class SquareJoseKey extends Sink {
SquareJoseKey() {
exists(Field f, string pkg |
// type Recipient struct {
// Algorithm KeyAlgorithm
// Key interface{}
// KeyID string
// PBES2Count int
// PBES2Salt []byte
// }
// type SigningKey struct {
// Algorithm SignatureAlgorithm
// Key interface{}
// }
f.hasQualifiedName(pkg, ["Recipient", "SigningKey"], "Key") and
f.getAWrite().getRhs() = this
|
pkg = ["github.com/square/go-jose/v3", "gopkg.in/square/go-jose.v2"]
)
}
}
private class CrystalHqJwtSigner extends Sink {
CrystalHqJwtSigner() {
exists(DataFlow::CallNode m |
// `func NewSignerHS(alg Algorithm, key []byte) (Signer, error)`
m.getTarget().hasQualifiedName("github.com/cristalhq/jwt/v3", "NewSignerHS")
|
this = m.getArgument(1)
)
}
}
private class GoKitJwt extends Sink {
GoKitJwt() {
exists(DataFlow::CallNode m |
// `func NewSigner(kid string, key []byte, method jwt.SigningMethod, claims jwt.Claims) endpoint.Middleware`
m.getTarget().hasQualifiedName("github.com/go-kit/kit/auth/jwt", "NewSigner")
|
this = m.getArgument(1)
)
}
}
private class LestrratJwk extends Sink {
LestrratJwk() {
exists(DataFlow::CallNode m, string pkg |
pkg.matches([
"github.com/lestrrat-go/jwx", "github.com/lestrrat/go-jwx/jwk",
"github.com/lestrrat-go/jwx%/jwk"
]) and
// `func New(key interface{}) (Key, error)`
m.getTarget().hasQualifiedName(pkg, "New")
|
this = m.getArgument(0)
)
}
}
/**
* Sanitizes any other use of an operand to a comparison, on the assumption that this may filter
* out special constant values -- for example, in context `if key != "invalid_key" { ... }`,
* if `"invalid_key"` is indeed the only dangerous key then guarded uses of `key` are likely
* to be safe.
*
* TODO: Before promoting this query look at replacing this with something more principled.
*/
private class CompareExprSanitizer extends Sanitizer {
CompareExprSanitizer() {
exists(ComparisonExpr c |
c.getAnOperand().getGlobalValueNumber() = this.asExpr().getGlobalValueNumber() and
not this.asExpr() instanceof Literal
)
}
}
/**
* Marks anything returned with an error as a sanitized.
*
* Typically this means contexts like `return "", errors.New("Oh no")`,
* where we can be reasonably confident downstream users won't mistake
* that empty string for a usable key.
*/
private class ReturnedAlongsideErrorSanitizer extends Sanitizer {
ReturnedAlongsideErrorSanitizer() {
exists(ReturnStmt r, DataFlow::CallNode c |
c.getTarget().hasQualifiedName("errors", "New") and
r.getNumChild() > 1 and
r.getAChild() = c.getAResult().getASuccessor*().asExpr() and
r.getAChild() = this.asExpr()
)
}
}
/**
* Marks anything returned alongside an error-value that is known
* to be non-nil by virtue of a guarding check as harmless.
*
* For example, `if err != nil { return "", err }` is unlikely to be
* contributing a dangerous hardcoded key.
*/
private class ReturnedAlongsideErrorSanitizerGuard extends Sanitizer {
ReturnedAlongsideErrorSanitizerGuard() {
exists(ControlFlow::ConditionGuardNode guard, SsaWithFields errorVar, ReturnStmt r |
guard.ensuresNeq(errorVar.getAUse(), Builtin::nil().getARead()) and
guard.dominates(this.getBasicBlock()) and
r.getExpr(1) = errorVar.getAUse().asExpr() and
this.asExpr() = r.getExpr(0)
)
}
}
/** Mark any formatting string call as a sanitizer */
private class FormattingSanitizer extends Sanitizer {
FormattingSanitizer() { exists(Formatting::StringFormatCall s | s.getAResult() = this) }
}
private string getRandIntFunctionName() {
result =
[
"ExpFloat64", "Float32", "Float64", "Int", "Int31", "Int31n", "Int63", "Int63n", "Intn",
"NormFloat64", "Uint32", "Uint64"
]
}
private DataFlow::CallNode getARandIntCall() {
result.getTarget().hasQualifiedName("math/rand", getRandIntFunctionName()) or
result.getTarget().(Method).hasQualifiedName("math/rand", "Rand", getRandIntFunctionName()) or
result.getTarget().hasQualifiedName("crypto/rand", "Int")
}
private DataFlow::CallNode getARandReadCall() {
result.getTarget().hasQualifiedName("crypto/rand", "Read")
}
/**
* Mark any taint arising from a read on a tainted slice with a random index as a
* sanitizer for all instances of the taint
*/
private class RandSliceSanitizer extends Sanitizer {
RandSliceSanitizer() {
exists(DataFlow::Node randomValue, DataFlow::Node index |
// Sanitize flows like this:
// func GenerateCryptoString(n int) (string, error) {
// const chars = "123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-"
// ret := make([]byte, n)
// for i := range ret {
// num, err := crand.Int(crand.Reader, big.NewInt(int64(len(chars))))
// if err != nil {
// return "", err
// }
// ret[i] = chars[num.Int64()]
// }
// return string(ret), nil
// }
randomValue = getARandIntCall().getAResult()
or
// Sanitize flows like :
// func GenerateRandomString(size int) string {
// var bytes = make([]byte, size)
// rand.Read(bytes)
// for i, x := range bytes {
// bytes[i] = characters[x%byte(len(characters))]
// }
// return string(bytes)
// }
randomValue =
any(DataFlow::PostUpdateNode pun |
pun.getPreUpdateNode() = getARandReadCall().getArgument(0)
)
|
TaintTracking::localTaint(randomValue, index) and
this.(DataFlow::ElementReadNode).reads(_, index)
)
}
}
/**
* Models flow from a call to `Int64` if the receiver is tainted
*/
private class BigIntFlow extends TaintTracking::FunctionModel {
BigIntFlow() { this.(Method).hasQualifiedName("math/big", "Int", "Int64") }
override predicate hasTaintFlow(DataFlow::FunctionInput inp, DataFlow::FunctionOutput outp) {
inp.isReceiver() and
outp.isResult(0)
}
}
/*
* Models taint flow through a binary operation such as a
* modulo `%` operation or an addition `+` operation
*/
private class BinExpAdditionalTaintStep extends TaintTracking::AdditionalTaintStep {
// This is required to model the sanitizers for the `HardcodedKeys` query.
// This is required to correctly detect a sanitizer such as the one shown below.
// func GenerateRandomString(size int) string {
// var bytes = make([]byte, size)
// rand.Read(bytes)
// for i, x := range bytes {
// bytes[i] = characters[x%byte(len(characters))]
// }
// return string(bytes)
// }
override predicate step(DataFlow::Node prev, DataFlow::Node succ) {
exists(BinaryExpr b | b.getAnOperand() = prev.asExpr() | succ.asExpr() = b)
}
}
/**
* A configuration depicting taint flow for studying JWT token signing vulnerabilities.
*/
class Configuration extends TaintTracking::Configuration {
Configuration() { this = "Hard-coded JWT Signing Key" }
override predicate isSource(DataFlow::Node source) { source instanceof Source }
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
override predicate isSanitizer(DataFlow::Node sanitizer) { sanitizer instanceof Sanitizer }
override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) {
guard instanceof SanitizerGuard
}
}
}

70
go/ql/test/TestUtilities/InlineExpectationsTest.qll
View File

@@ -93,7 +93,7 @@
private import InlineExpectationsTestPrivate
/**
* Base class for tests with inline expectations. The test extends this class to provide the actual
* The base class for tests with inline expectations. The test extends this class to provide the actual
* results of the query, which are then compared with the expected results in comments to produce a
* list of failure messages that point out where the actual results differ from the expected
* results.
@@ -121,11 +121,17 @@ abstract class InlineExpectationsTest extends string {
* - `value` - The value of the result, which will be matched against the value associated with
* `tag` in any expected result comment on that line.
*/
abstract predicate hasActualResult(string file, int line, string element, string tag, string value);
abstract predicate hasActualResult(Location location, string element, string tag, string value);
predicate hasActualResult(Location location, string element, string tag, string value) {
this.hasActualResult(location.getFile().getAbsolutePath(), location.getStartLine(), element,
tag, value)
/**
* Holds if there is an optional result on the specified location.
*
* This is similar to `hasActualResult`, but returns results that do not require a matching annotation.
* A failure will still arise if there is an annotation that does not match any results, but not vice versa.
* Override this predicate to specify optional results.
*/
predicate hasOptionalResult(Location location, string element, string tag, string value) {
none()
}
final predicate hasFailureMessage(FailureLocatable element, string message) {
@@ -139,13 +145,14 @@ abstract class InlineExpectationsTest extends string {
)
or
not exists(ValidExpectation expectation | expectation.matchesActualResult(actualResult)) and
message = "Unexpected result: " + actualResult.getExpectationText()
message = "Unexpected result: " + actualResult.getExpectationText() and
not actualResult.isOptional()
)
)
or
exists(ValidExpectation expectation |
not exists(ActualResult actualResult | expectation.matchesActualResult(actualResult)) and
expectation.getTag() = this.getARelevantTag() and
expectation.getTag() = getARelevantTag() and
element = expectation and
(
expectation instanceof GoodExpectation and
@@ -174,7 +181,7 @@ private string expectationCommentPattern() { result = "\\s*\\$((?:[^/]|/[^/])*)(
/**
* The possible columns in an expectation comment. The `TDefaultColumn` branch represents the first
* column in a comment. This column is not precedeeded by a name. `TNamedColumn(name)` represents a
* column containing expected results preceeded by the string `name:`.
* column containing expected results preceded by the string `name:`.
*/
private newtype TColumn =
TDefaultColumn() or
@@ -232,12 +239,24 @@ private string getColumnString(TColumn column) {
/**
* RegEx pattern to match a single expected result, not including the leading `$`. It consists of one or
* more comma-separated tags containing only letters, digits, `-` and `_` (note that the first character
* must not be a digit), optionally followed by `=` and the expected value.
* more comma-separated tags optionally followed by `=` and the expected value.
*
* Tags must be only letters, digits, `-` and `_` (note that the first character
* must not be a digit), but can contain anything enclosed in a single set of
* square brackets.
*
* Examples:
* - `tag`
* - `tag=value`
* - `tag,tag2=value`
* - `tag[foo bar]=value`
*
* Not allowed:
* - `tag[[[foo bar]`
*/
private string expectationPattern() {
exists(string tag, string tags, string value |
tag = "[A-Za-z-_][A-Za-z-_0-9]*" and
tag = "[A-Za-z-_](?:[A-Za-z-_0-9]|\\[[^\\]\\]]*\\])*" and
tags = "((?:" + tag + ")(?:\\s*,\\s*" + tag + ")*)" and
// In Python, we allow both `"` and `'` for strings, as well as the prefixes `bru`.
// For example, `b"foo"`.
@@ -248,9 +267,13 @@ private string expectationPattern() {
private newtype TFailureLocatable =
TActualResult(
InlineExpectationsTest test, Location location, string element, string tag, string value
InlineExpectationsTest test, Location location, string element, string tag, string value,
boolean optional
) {
test.hasActualResult(location, element, tag, value)
test.hasActualResult(location, element, tag, value) and
optional = false
or
test.hasOptionalResult(location, element, tag, value) and optional = true
} or
TValidExpectation(ExpectationComment comment, string tag, string value, string knownFailure) {
exists(TColumn column, string tags |
@@ -269,7 +292,7 @@ class FailureLocatable extends TFailureLocatable {
Location getLocation() { none() }
final string getExpectationText() { result = this.getTag() + "=" + this.getValue() }
final string getExpectationText() { result = getTag() + "=" + getValue() }
string getTag() { none() }
@@ -282,8 +305,9 @@ class ActualResult extends FailureLocatable, TActualResult {
string element;
string tag;
string value;
boolean optional;
ActualResult() { this = TActualResult(test, location, element, tag, value) }
ActualResult() { this = TActualResult(test, location, element, tag, value, optional) }
override string toString() { result = element }
@@ -294,6 +318,8 @@ class ActualResult extends FailureLocatable, TActualResult {
override string getTag() { result = tag }
override string getValue() { result = value }
predicate isOptional() { optional = true }
}
abstract private class Expectation extends FailureLocatable {
@@ -318,24 +344,24 @@ private class ValidExpectation extends Expectation, TValidExpectation {
string getKnownFailure() { result = knownFailure }
predicate matchesActualResult(ActualResult actualResult) {
this.getLocation().getStartLine() = actualResult.getLocation().getStartLine() and
this.getLocation().getFile() = actualResult.getLocation().getFile() and
this.getTag() = actualResult.getTag() and
this.getValue() = actualResult.getValue()
getLocation().getStartLine() = actualResult.getLocation().getStartLine() and
getLocation().getFile() = actualResult.getLocation().getFile() and
getTag() = actualResult.getTag() and
getValue() = actualResult.getValue()
}
}
/* Note: These next three classes correspond to all the possible values of type `TColumn`. */
class GoodExpectation extends ValidExpectation {
GoodExpectation() { this.getKnownFailure() = "" }
GoodExpectation() { getKnownFailure() = "" }
}
class FalsePositiveExpectation extends ValidExpectation {
FalsePositiveExpectation() { this.getKnownFailure() = "SPURIOUS" }
FalsePositiveExpectation() { getKnownFailure() = "SPURIOUS" }
}
class FalseNegativeExpectation extends ValidExpectation {
FalseNegativeExpectation() { this.getKnownFailure() = "MISSING" }
FalseNegativeExpectation() { getKnownFailure() = "MISSING" }
}
class InvalidExpectation extends Expectation, TInvalidExpectation {

8
go/ql/test/TestUtilities/InlineFlowTest.qll
View File

@@ -76,10 +76,11 @@ class InlineFlowTest extends InlineExpectationsTest {
override string getARelevantTag() { result = ["hasValueFlow", "hasTaintFlow"] }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "hasValueFlow" and
exists(DataFlow::Node src, DataFlow::Node sink | getValueFlowConfig().hasFlow(src, sink) |
sink.hasLocationInfo(file, line, _, _, _) and
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = sink.toString() and
value = "\"" + sink.toString() + "\""
)
@@ -88,7 +89,8 @@ class InlineFlowTest extends InlineExpectationsTest {
exists(DataFlow::Node src, DataFlow::Node sink |
getTaintFlowConfig().hasFlow(src, sink) and not getValueFlowConfig().hasFlow(src, sink)
|
sink.hasLocationInfo(file, line, _, _, _) and
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = sink.toString() and
value = "\"" + sink.toString() + "\""
)

1
go/ql/test/experimental/CWE-285/PamAuthBypass.expected Normal file
View File

@@ -0,0 +1 @@
| main.go:10:2:12:3 | ... := ...[0] | This Pam transaction may not be secure. |

1
go/ql/test/experimental/CWE-285/PamAuthBypass.qlref Normal file
View File

@@ -0,0 +1 @@
experimental/CWE-285/PamAuthBypass.ql

5
go/ql/test/experimental/CWE-285/go.mod Normal file
View File

@@ -0,0 +1,5 @@
module main
go 1.18
require github.com/msteinert/pam v1.0.0

28
go/ql/test/experimental/CWE-285/main.go Normal file
View File

@@ -0,0 +1,28 @@
package main
//go:generate depstubber -vendor github.com/msteinert/pam Style,Transaction StartFunc
import (
"github.com/msteinert/pam"
)
func bad() error {
t, _ := pam.StartFunc("", "", func(s pam.Style, msg string) (string, error) {
return "", nil
})
return t.Authenticate(0)
}
func good() error {
t, err := pam.StartFunc("", "", func(s pam.Style, msg string) (string, error) {
return "", nil
})
err = t.Authenticate(0)
if err != nil {
return err
}
return t.AcctMgmt(0)
}
func main() {}

68
go/ql/test/experimental/CWE-285/vendor/github.com/msteinert/pam/stub.go generated vendored Normal file
View File

@@ -0,0 +1,68 @@
// Code generated by depstubber. DO NOT EDIT.
// This is a simple stub for github.com/msteinert/pam, strictly for use in testing.
// See the LICENSE file for information about the licensing of the original library.
// Source: github.com/msteinert/pam (exports: Style,Transaction; functions: StartFunc)
// Package pam is a stub of github.com/msteinert/pam, generated by depstubber.
package pam
type Flags int
type Item int
func StartFunc(_ string, _ string, _ func(Style, string) (string, error)) (*Transaction, error) {
return nil, nil
}
type Style int
type Transaction struct{}
func (_ *Transaction) AcctMgmt(_ Flags) error {
return nil
}
func (_ *Transaction) Authenticate(_ Flags) error {
return nil
}
func (_ *Transaction) ChangeAuthTok(_ Flags) error {
return nil
}
func (_ *Transaction) CloseSession(_ Flags) error {
return nil
}
func (_ *Transaction) Error() string {
return ""
}
func (_ *Transaction) GetEnv(_ string) string {
return ""
}
func (_ *Transaction) GetEnvList() (map[string]string, error) {
return nil, nil
}
func (_ *Transaction) GetItem(_ Item) (string, error) {
return "", nil
}
func (_ *Transaction) OpenSession(_ Flags) error {
return nil
}
func (_ *Transaction) PutEnv(_ string) error {
return nil
}
func (_ *Transaction) SetCred(_ Flags) error {
return nil
}
func (_ *Transaction) SetItem(_ Item, _ string) error {
return nil
}

3
go/ql/test/experimental/CWE-285/vendor/modules.txt vendored Normal file
View File

@@ -0,0 +1,3 @@
# github.com/msteinert/pam v1.0.0
## explicit
github.com/msteinert/pam

74
go/ql/test/experimental/CWE-321/HardcodedKeys.expected Normal file
View File

@@ -0,0 +1,74 @@
edges
| HardcodedKeysBad.go:11:18:11:38 | type conversion : string | HardcodedKeysBad.go:19:28:19:39 | mySigningKey |
| HardcodedKeysBad.go:11:25:11:37 | "AllYourBase" : string | HardcodedKeysBad.go:11:18:11:38 | type conversion : string |
| main.go:25:18:25:31 | type conversion : string | main.go:34:28:34:39 | mySigningKey |
| main.go:25:25:25:30 | "key1" : string | main.go:25:18:25:31 | type conversion : string |
| main.go:42:23:42:28 | "key2" : string | main.go:42:16:42:29 | type conversion |
| main.go:60:9:60:22 | type conversion : string | main.go:61:44:61:46 | key |
| main.go:60:16:60:21 | `key3` : string | main.go:60:9:60:22 | type conversion : string |
| main.go:65:9:65:22 | type conversion : string | main.go:66:66:66:68 | key |
| main.go:65:16:65:21 | "key4" : string | main.go:65:9:65:22 | type conversion : string |
| main.go:69:10:69:23 | type conversion : string | main.go:74:15:74:18 | key2 |
| main.go:69:17:69:22 | "key5" : string | main.go:69:10:69:23 | type conversion : string |
| main.go:80:9:80:22 | type conversion : string | main.go:84:41:84:43 | key |
| main.go:80:16:80:21 | "key6" : string | main.go:80:9:80:22 | type conversion : string |
| main.go:89:10:89:23 | type conversion : string | main.go:91:66:91:69 | key2 |
| main.go:89:17:89:22 | "key7" : string | main.go:89:10:89:23 | type conversion : string |
| main.go:97:9:97:22 | type conversion : string | main.go:102:30:102:32 | key |
| main.go:97:16:97:21 | "key8" : string | main.go:97:9:97:22 | type conversion : string |
| main.go:106:15:106:28 | type conversion : string | main.go:107:16:107:24 | sharedKey |
| main.go:106:22:106:27 | "key9" : string | main.go:106:15:106:28 | type conversion : string |
| main.go:110:23:110:37 | type conversion : string | main.go:113:16:113:30 | sharedKeyglobal |
| main.go:110:30:110:36 | "key10" : string | main.go:110:23:110:37 | type conversion : string |
| sanitizer.go:17:9:17:21 | type conversion : string | sanitizer.go:18:44:18:46 | key |
| sanitizer.go:17:16:17:20 | `key` : string | sanitizer.go:17:9:17:21 | type conversion : string |
nodes
| HardcodedKeysBad.go:11:18:11:38 | type conversion : string | semmle.label | type conversion : string |
| HardcodedKeysBad.go:11:25:11:37 | "AllYourBase" : string | semmle.label | "AllYourBase" : string |
| HardcodedKeysBad.go:19:28:19:39 | mySigningKey | semmle.label | mySigningKey |
| main.go:25:18:25:31 | type conversion : string | semmle.label | type conversion : string |
| main.go:25:25:25:30 | "key1" : string | semmle.label | "key1" : string |
| main.go:34:28:34:39 | mySigningKey | semmle.label | mySigningKey |
| main.go:42:16:42:29 | type conversion | semmle.label | type conversion |
| main.go:42:23:42:28 | "key2" : string | semmle.label | "key2" : string |
| main.go:60:9:60:22 | type conversion : string | semmle.label | type conversion : string |
| main.go:60:16:60:21 | `key3` : string | semmle.label | `key3` : string |
| main.go:61:44:61:46 | key | semmle.label | key |
| main.go:65:9:65:22 | type conversion : string | semmle.label | type conversion : string |
| main.go:65:16:65:21 | "key4" : string | semmle.label | "key4" : string |
| main.go:66:66:66:68 | key | semmle.label | key |
| main.go:69:10:69:23 | type conversion : string | semmle.label | type conversion : string |
| main.go:69:17:69:22 | "key5" : string | semmle.label | "key5" : string |
| main.go:74:15:74:18 | key2 | semmle.label | key2 |
| main.go:80:9:80:22 | type conversion : string | semmle.label | type conversion : string |
| main.go:80:16:80:21 | "key6" : string | semmle.label | "key6" : string |
| main.go:84:41:84:43 | key | semmle.label | key |
| main.go:89:10:89:23 | type conversion : string | semmle.label | type conversion : string |
| main.go:89:17:89:22 | "key7" : string | semmle.label | "key7" : string |
| main.go:91:66:91:69 | key2 | semmle.label | key2 |
| main.go:97:9:97:22 | type conversion : string | semmle.label | type conversion : string |
| main.go:97:16:97:21 | "key8" : string | semmle.label | "key8" : string |
| main.go:102:30:102:32 | key | semmle.label | key |
| main.go:106:15:106:28 | type conversion : string | semmle.label | type conversion : string |
| main.go:106:22:106:27 | "key9" : string | semmle.label | "key9" : string |
| main.go:107:16:107:24 | sharedKey | semmle.label | sharedKey |
| main.go:110:23:110:37 | type conversion : string | semmle.label | type conversion : string |
| main.go:110:30:110:36 | "key10" : string | semmle.label | "key10" : string |
| main.go:113:16:113:30 | sharedKeyglobal | semmle.label | sharedKeyglobal |
| sanitizer.go:17:9:17:21 | type conversion : string | semmle.label | type conversion : string |
| sanitizer.go:17:16:17:20 | `key` : string | semmle.label | `key` : string |
| sanitizer.go:18:44:18:46 | key | semmle.label | key |
subpaths
#select
| HardcodedKeysBad.go:19:28:19:39 | mySigningKey | HardcodedKeysBad.go:11:25:11:37 | "AllYourBase" : string | HardcodedKeysBad.go:19:28:19:39 | mySigningKey | $@ is used to sign a JWT token. | HardcodedKeysBad.go:11:25:11:37 | "AllYourBase" | Hardcoded String |
| main.go:34:28:34:39 | mySigningKey | main.go:25:25:25:30 | "key1" : string | main.go:34:28:34:39 | mySigningKey | $@ is used to sign a JWT token. | main.go:25:25:25:30 | "key1" | Hardcoded String |
| main.go:42:16:42:29 | type conversion | main.go:42:23:42:28 | "key2" : string | main.go:42:16:42:29 | type conversion | $@ is used to sign a JWT token. | main.go:42:23:42:28 | "key2" | Hardcoded String |
| main.go:61:44:61:46 | key | main.go:60:16:60:21 | `key3` : string | main.go:61:44:61:46 | key | $@ is used to sign a JWT token. | main.go:60:16:60:21 | `key3` | Hardcoded String |
| main.go:66:66:66:68 | key | main.go:65:16:65:21 | "key4" : string | main.go:66:66:66:68 | key | $@ is used to sign a JWT token. | main.go:65:16:65:21 | "key4" | Hardcoded String |
| main.go:74:15:74:18 | key2 | main.go:69:17:69:22 | "key5" : string | main.go:74:15:74:18 | key2 | $@ is used to sign a JWT token. | main.go:69:17:69:22 | "key5" | Hardcoded String |
| main.go:84:41:84:43 | key | main.go:80:16:80:21 | "key6" : string | main.go:84:41:84:43 | key | $@ is used to sign a JWT token. | main.go:80:16:80:21 | "key6" | Hardcoded String |
| main.go:91:66:91:69 | key2 | main.go:89:17:89:22 | "key7" : string | main.go:91:66:91:69 | key2 | $@ is used to sign a JWT token. | main.go:89:17:89:22 | "key7" | Hardcoded String |
| main.go:102:30:102:32 | key | main.go:97:16:97:21 | "key8" : string | main.go:102:30:102:32 | key | $@ is used to sign a JWT token. | main.go:97:16:97:21 | "key8" | Hardcoded String |
| main.go:107:16:107:24 | sharedKey | main.go:106:22:106:27 | "key9" : string | main.go:107:16:107:24 | sharedKey | $@ is used to sign a JWT token. | main.go:106:22:106:27 | "key9" | Hardcoded String |
| main.go:113:16:113:30 | sharedKeyglobal | main.go:110:30:110:36 | "key10" : string | main.go:113:16:113:30 | sharedKeyglobal | $@ is used to sign a JWT token. | main.go:110:30:110:36 | "key10" | Hardcoded String |
| sanitizer.go:18:44:18:46 | key | sanitizer.go:17:16:17:20 | `key` : string | sanitizer.go:18:44:18:46 | key | $@ is used to sign a JWT token. | sanitizer.go:17:16:17:20 | `key` | Hardcoded String |

1
go/ql/test/experimental/CWE-321/HardcodedKeys.qlref Normal file
View File

@@ -0,0 +1 @@
experimental/CWE-321/HardcodedKeys.ql

20
go/ql/test/experimental/CWE-321/HardcodedKeysBad.go Normal file
View File

@@ -0,0 +1,20 @@
package main
import (
"time"
jwt "github.com/golang-jwt/jwt/v4"
)
func bad() (interface{}, error) {
mySigningKey := []byte("AllYourBase")
claims := &jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Unix(1516239022, 0)),
Issuer: "test",
}
token := jwt.NewWithClaims(nil, claims)
return token.SignedString(mySigningKey)
}

38
go/ql/test/experimental/CWE-321/HardcodedKeysGood.go Normal file
View File

@@ -0,0 +1,38 @@
package main
import (
crand "crypto/rand"
"fmt"
"math/big"
"time"
jwt "github.com/golang-jwt/jwt/v4"
)
func GenerateCryptoString(n int) (string, error) {
const chars = "123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-"
ret := make([]byte, n)
for i := range ret {
num, err := crand.Int(crand.Reader, big.NewInt(int64(len(chars))))
if err != nil {
return "", err
}
ret[i] = chars[num.Int64()]
}
return string(ret), nil
}
func good() (interface{}, error) {
mySigningKey, err := GenerateCryptoString(64)
if mySigningKey == "" {
_ = fmt.Errorf("Error : %s", err)
}
claims := &jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Unix(1516239022, 0)),
Issuer: "test",
}
token := jwt.NewWithClaims(nil, claims)
return token.SignedString(mySigningKey)
}

41
go/ql/test/experimental/CWE-321/go.mod Normal file
View File

@@ -0,0 +1,41 @@
module main
go 1.18
require (
github.com/appleboy/gin-jwt/v2 v2.8.0
github.com/cristalhq/jwt/v3 v3.1.0
github.com/go-kit/kit v0.12.0
github.com/golang-jwt/jwt/v4 v4.4.1
github.com/lestrrat/go-jwx v0.9.1
github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693
gopkg.in/square/go-jose.v2 v2.6.0
)
require (
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/gin-contrib/sse v0.1.0 // indirect
github.com/gin-gonic/gin v1.7.7 // indirect
github.com/go-kit/log v0.2.0 // indirect
github.com/go-logfmt/logfmt v0.5.1 // indirect
github.com/go-playground/locales v0.13.0 // indirect
github.com/go-playground/universal-translator v0.17.0 // indirect
github.com/go-playground/validator/v10 v10.4.1 // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/leodido/go-urn v1.2.0 // indirect
github.com/lestrrat/go-pdebug v0.0.0-20180220043741-569c97477ae8 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/ugorji/go/codec v1.1.7 // indirect
golang.org/x/crypto v0.0.0-20210915214749-c084706c2272 // indirect
golang.org/x/net v0.0.0-20210917221730-978cfadd31cf // indirect
golang.org/x/sys v0.0.0-20210917161153-d61c044b1678 // indirect
golang.org/x/text v0.3.7 // indirect
google.golang.org/genproto v0.0.0-20210917145530-b395a37504d4 // indirect
google.golang.org/grpc v1.40.0 // indirect
google.golang.org/protobuf v1.27.1 // indirect
gopkg.in/yaml.v2 v2.2.8 // indirect
)

118
go/ql/test/experimental/CWE-321/main.go Normal file
View File

@@ -0,0 +1,118 @@
package main
//go:generate depstubber -vendor github.com/appleboy/gin-jwt/v2 GinJWTMiddleware New
//go:generate depstubber -vendor github.com/golang-jwt/jwt/v4 MapClaims,RegisteredClaims,SigningMethodRSA,SigningMethodHMAC,Token NewNumericDate,NewWithClaims
//go:generate depstubber -vendor github.com/gin-gonic/gin Context New
//go:generate depstubber -vendor github.com/go-kit/kit/auth/jwt "" NewSigner
//go:generate depstubber -vendor github.com/lestrrat/go-jwx/jwk "" New
//go:generate depstubber -vendor github.com/square/go-jose/v3 Recipient NewEncrypter,NewSigner
//go:generate depstubber -vendor gopkg.in/square/go-jose.v2 Recipient NewEncrypter,NewSigner
//go:generate depstubber -vendor github.com/cristalhq/jwt/v3 Signer NewSignerHS,HS256
import (
"time"
jwt "github.com/appleboy/gin-jwt/v2"
cristal "github.com/cristalhq/jwt/v3"
gokit "github.com/go-kit/kit/auth/jwt"
gjwt "github.com/golang-jwt/jwt/v4"
le "github.com/lestrrat/go-jwx/jwk"
jose_v3 "github.com/square/go-jose/v3"
jose_v2 "gopkg.in/square/go-jose.v2"
)
func gjwtt() (interface{}, error) {
mySigningKey := []byte("key1")
// Create the Claims
claims := &gjwt.RegisteredClaims{
ExpiresAt: gjwt.NewNumericDate(time.Unix(1516239022, 0)),
Issuer: "test",
}
token := gjwt.NewWithClaims(nil, claims)
return token.SignedString(mySigningKey) // BAD
}
func gin_jwt() (interface{}, error) {
var identityKey = "id"
// authMiddleware, err :=
return jwt.New(&jwt.GinJWTMiddleware{
Realm: "test zone",
Key: []byte("key2"), // BAD
Timeout: time.Hour,
MaxRefresh: time.Hour,
IdentityKey: identityKey,
PayloadFunc: func(data interface{}) jwt.MapClaims {
return nil
},
IdentityHandler: nil,
Authenticator: nil,
Authorizator: nil,
Unauthorized: nil,
TokenLookup: "header: Authorization, query: token, cookie: jwt",
TokenHeadName: "Bearer",
TimeFunc: time.Now,
})
}
func cristalhq() (interface{}, error) {
key := []byte(`key3`)
return cristal.NewSignerHS(cristal.HS256, key) // BAD
}
func josev3() (interface{}, error) {
key := []byte("key4")
return jose_v3.NewSigner(jose_v3.SigningKey{Algorithm: "", Key: key}, nil) // BAD
}
func josev3_2() (interface{}, error) {
key2 := []byte("key5")
return jose_v3.NewEncrypter(
"",
jose_v3.Recipient{
Algorithm: "",
Key: key2, // BAD
},
nil)
}
func josev2() (interface{}, error) {
key := []byte("key6")
return jose_v2.NewEncrypter(
"",
jose_v2.Recipient{Algorithm: "", Key: key}, // BAD
nil,
)
}
func jose_v2_2() (interface{}, error) {
key2 := []byte("key7")
return jose_v2.NewSigner(jose_v2.SigningKey{Algorithm: "", Key: key2}, nil) // BAD
}
func go_kit() interface{} {
var (
kid = "kid"
key = []byte("key8")
mapClaims = gjwt.MapClaims{"user": "go-kit"}
)
return gokit.NewSigner(kid, key, nil, mapClaims) // BAD
}
func lejwt() (interface{}, error) {
sharedKey := []byte("key9")
return le.New(sharedKey) // BAD
}
var sharedKeyglobal = []byte("key10")
func lejwt2() (interface{}, error) {
return le.New(sharedKeyglobal) // BAD
}
func main() {
return
}

114
go/ql/test/experimental/CWE-321/sanitizer.go Normal file
View File

@@ -0,0 +1,114 @@
package main
//go:generate depstubber -vendor github.com/cristalhq/jwt/v3 Signer NewSignerHS,HS256
import (
crand "crypto/rand"
"errors"
"fmt"
"math/big"
"math/rand"
"time"
cristal "github.com/cristalhq/jwt/v3"
)
func check_ok() (interface{}, error) {
key := []byte(`key`)
return cristal.NewSignerHS(cristal.HS256, key) // BAD
}
func GenerateRandomString(size int) string {
const characters = `0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz`
var bytes = make([]byte, size)
crand.Read(bytes)
for i, x := range bytes {
bytes[i] = characters[x%byte(len(characters))]
}
return string(bytes)
}
func GenerateCryptoString2(n int) (string, error) {
const chars = "123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-"
ret := make([]byte, n)
for i := range ret {
num, err := crand.Int(crand.Reader, big.NewInt(int64(len(chars))))
if err != nil {
return "", err
}
ret[i] = chars[num.Int64()]
}
return string(ret), nil
}
func GenerateRandomString3(size int) string {
const characters = `0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz`
var bytes = make([]byte, size)
crand.Read(bytes)
for i, x := range bytes {
bytes[i] = characters[x]
}
return string(bytes)
}
func RandAuthToken() string {
buf := make([]byte, 32)
_, err := crand.Read(buf)
if err != nil {
return RandString(64)
}
return fmt.Sprintf("%x", buf)
}
func RandString(length int64) string {
sources := []byte("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
var result []byte
r := rand.New(rand.NewSource(time.Now().UnixNano()))
sourceLength := len(sources)
var i int64 = 0
for ; i < length; i++ {
result = append(result, sources[r.Intn(sourceLength)])
}
return string(result)
}
func randIntSanitizerModulo_test() (interface{}, error) {
key := GenerateRandomString(32)
return cristal.NewSignerHS(cristal.HS256, []byte(key)) // GOOD
}
func randIntSanitizer_test() (interface{}, error) {
key2, _ := GenerateCryptoString2(32)
return cristal.NewSignerHS(cristal.HS256, []byte(key2)) // GOOD
}
func formattingSanitizer_test() (interface{}, error) {
key3 := RandAuthToken()
return cristal.NewSignerHS(cristal.HS256, []byte(key3)) // GOOD
}
func genKey() (string, error) {
k := "asd"
e := errors.New("no key")
return k, e
}
func emptyErrorSanitizer_test() (interface{}, error) {
key4, _ := genKey()
return cristal.NewSignerHS(cristal.HS256, []byte(key4)) // GOOD
}
func compareSanitizerTest() (interface{}, error) {
key5 := ""
if key5 != "" {
return cristal.NewSignerHS(cristal.HS256, []byte(key5)) // GOOD
}
return "", nil
}
func randReadSanitizer_test() (interface{}, error) {
key6 := GenerateRandomString3(32)
return cristal.NewSignerHS(cristal.HS256, []byte(key6)) // GOOD
}

93
go/ql/test/experimental/CWE-321/vendor/github.com/appleboy/gin-jwt/v2/stub.go generated vendored Normal file
View File

@@ -0,0 +1,93 @@
// Code generated by depstubber. DO NOT EDIT.
// This is a simple stub for github.com/appleboy/gin-jwt/v2, strictly for use in testing.
// See the LICENSE file for information about the licensing of the original library.
// Source: github.com/appleboy/gin-jwt/v2 (exports: GinJWTMiddleware; functions: New)
// Package gin is a stub of github.com/appleboy/gin-jwt/v2, generated by depstubber.
package gin
import (
http "net/http"
time "time"
)
type GinJWTMiddleware struct {
Realm string
SigningAlgorithm string
Key []byte
KeyFunc func(interface{}) (interface{}, error)
Timeout time.Duration
MaxRefresh time.Duration
Authenticator func(interface{}) (interface{}, error)
Authorizator func(interface{}, interface{}) bool
PayloadFunc func(interface{}) MapClaims
Unauthorized func(interface{}, int, string)
LoginResponse func(interface{}, int, string, time.Time)
LogoutResponse func(interface{}, int)
RefreshResponse func(interface{}, int, string, time.Time)
IdentityHandler func(interface{}) interface{}
IdentityKey string
TokenLookup string
TokenHeadName string
TimeFunc func() time.Time
HTTPStatusMessageFunc func(error, interface{}) string
PrivKeyFile string
PrivKeyBytes []byte
PubKeyFile string
PrivateKeyPassphrase string
PubKeyBytes []byte
SendCookie bool
CookieMaxAge time.Duration
SecureCookie bool
CookieHTTPOnly bool
CookieDomain string
SendAuthorization bool
DisabledAbort bool
CookieName string
CookieSameSite http.SameSite
}
func (_ *GinJWTMiddleware) CheckIfTokenExpire(_ interface{}) (interface{}, error) {
return nil, nil
}
func (_ *GinJWTMiddleware) GetClaimsFromJWT(_ interface{}) (MapClaims, error) {
return nil, nil
}
func (_ *GinJWTMiddleware) LoginHandler(_ interface{}) {}
func (_ *GinJWTMiddleware) LogoutHandler(_ interface{}) {}
func (_ *GinJWTMiddleware) MiddlewareFunc() interface{} {
return nil
}
func (_ *GinJWTMiddleware) MiddlewareInit() error {
return nil
}
func (_ *GinJWTMiddleware) ParseToken(_ interface{}) (interface{}, error) {
return nil, nil
}
func (_ *GinJWTMiddleware) ParseTokenString(_ string) (interface{}, error) {
return nil, nil
}
func (_ *GinJWTMiddleware) RefreshHandler(_ interface{}) {}
func (_ *GinJWTMiddleware) RefreshToken(_ interface{}) (string, time.Time, error) {
return "", time.Time{}, nil
}
func (_ *GinJWTMiddleware) TokenGenerator(_ interface{}) (string, time.Time, error) {
return "", time.Time{}, nil
}
type MapClaims map[string]interface{}
func New(_ *GinJWTMiddleware) (*GinJWTMiddleware, error) {
return nil, nil
}

26
go/ql/test/experimental/CWE-321/vendor/github.com/cristalhq/jwt/v3/stub.go generated vendored Normal file
View File

@@ -0,0 +1,26 @@
// Code generated by depstubber. DO NOT EDIT.
// This is a simple stub for github.com/cristalhq/jwt/v3, strictly for use in testing.
// See the LICENSE file for information about the licensing of the original library.
// Source: github.com/cristalhq/jwt/v3 (exports: Signer; functions: NewSignerHS,HS256)
// Package jwt is a stub of github.com/cristalhq/jwt/v3, generated by depstubber.
package jwt
type Algorithm string
func (_ Algorithm) String() string {
return ""
}
var HS256 Algorithm = ""
func NewSignerHS(_ Algorithm, _ []byte) (Signer, error) {
return nil, nil
}
type Signer interface {
Algorithm() Algorithm
Sign(_ []byte) ([]byte, error)
SignSize() int
}

681
go/ql/test/experimental/CWE-321/vendor/github.com/gin-gonic/gin/stub.go generated vendored Normal file
View File

@@ -0,0 +1,681 @@
// Code generated by depstubber. DO NOT EDIT.
// This is a simple stub for github.com/gin-gonic/gin, strictly for use in testing.
// See the LICENSE file for information about the licensing of the original library.
// Source: github.com/gin-gonic/gin (exports: Context; functions: New)
// Package gin is a stub of github.com/gin-gonic/gin, generated by depstubber.
package gin
import (
bufio "bufio"
template "html/template"
io "io"
multipart "mime/multipart"
net "net"
http "net/http"
time "time"
)
type Context struct {
Request *http.Request
Writer ResponseWriter
Params Params
Keys map[string]interface{}
Errors interface{}
Accepted []string
}
func (_ *Context) Abort() {}
func (_ *Context) AbortWithError(_ int, _ error) *Error {
return nil
}
func (_ *Context) AbortWithStatus(_ int) {}
func (_ *Context) AbortWithStatusJSON(_ int, _ interface{}) {}
func (_ *Context) AsciiJSON(_ int, _ interface{}) {}
func (_ *Context) Bind(_ interface{}) error {
return nil
}
func (_ *Context) BindHeader(_ interface{}) error {
return nil
}
func (_ *Context) BindJSON(_ interface{}) error {
return nil
}
func (_ *Context) BindQuery(_ interface{}) error {
return nil
}
func (_ *Context) BindUri(_ interface{}) error {
return nil
}
func (_ *Context) BindWith(_ interface{}, _ interface{}) error {
return nil
}
func (_ *Context) BindXML(_ interface{}) error {
return nil
}
func (_ *Context) BindYAML(_ interface{}) error {
return nil
}
func (_ *Context) ClientIP() string {
return ""
}
func (_ *Context) ContentType() string {
return ""
}
func (_ *Context) Cookie(_ string) (string, error) {
return "", nil
}
func (_ *Context) Copy() *Context {
return nil
}
func (_ *Context) Data(_ int, _ string, _ []byte) {}
func (_ *Context) DataFromReader(_ int, _ int64, _ string, _ io.Reader, _ map[string]string) {}
func (_ *Context) Deadline() (time.Time, bool) {
return time.Time{}, false
}
func (_ *Context) DefaultPostForm(_ string, _ string) string {
return ""
}
func (_ *Context) DefaultQuery(_ string, _ string) string {
return ""
}
func (_ *Context) Done() <-chan struct{} {
return nil
}
func (_ *Context) Err() error {
return nil
}
func (_ *Context) Error(_ error) *Error {
return nil
}
func (_ *Context) File(_ string) {}
func (_ *Context) FileAttachment(_ string, _ string) {}
func (_ *Context) FileFromFS(_ string, _ http.FileSystem) {}
func (_ *Context) FormFile(_ string) (*multipart.FileHeader, error) {
return nil, nil
}
func (_ *Context) FullPath() string {
return ""
}
func (_ *Context) Get(_ string) (interface{}, bool) {
return nil, false
}
func (_ *Context) GetBool(_ string) bool {
return false
}
func (_ *Context) GetDuration(_ string) time.Duration {
return 0
}
func (_ *Context) GetFloat64(_ string) float64 {
return 0
}
func (_ *Context) GetHeader(_ string) string {
return ""
}
func (_ *Context) GetInt(_ string) int {
return 0
}
func (_ *Context) GetInt64(_ string) int64 {
return 0
}
func (_ *Context) GetPostForm(_ string) (string, bool) {
return "", false
}
func (_ *Context) GetPostFormArray(_ string) ([]string, bool) {
return nil, false
}
func (_ *Context) GetPostFormMap(_ string) (map[string]string, bool) {
return nil, false
}
func (_ *Context) GetQuery(_ string) (string, bool) {
return "", false
}
func (_ *Context) GetQueryArray(_ string) ([]string, bool) {
return nil, false
}
func (_ *Context) GetQueryMap(_ string) (map[string]string, bool) {
return nil, false
}
func (_ *Context) GetRawData() ([]byte, error) {
return nil, nil
}
func (_ *Context) GetString(_ string) string {
return ""
}
func (_ *Context) GetStringMap(_ string) map[string]interface{} {
return nil
}
func (_ *Context) GetStringMapString(_ string) map[string]string {
return nil
}
func (_ *Context) GetStringMapStringSlice(_ string) map[string][]string {
return nil
}
func (_ *Context) GetStringSlice(_ string) []string {
return nil
}
func (_ *Context) GetTime(_ string) time.Time {
return time.Time{}
}
func (_ *Context) GetUint(_ string) uint {
return 0
}
func (_ *Context) GetUint64(_ string) uint64 {
return 0
}
func (_ *Context) HTML(_ int, _ string, _ interface{}) {}
func (_ *Context) Handler() HandlerFunc {
return nil
}
func (_ *Context) HandlerName() string {
return ""
}
func (_ *Context) HandlerNames() []string {
return nil
}
func (_ *Context) Header(_ string, _ string) {}
func (_ *Context) IndentedJSON(_ int, _ interface{}) {}
func (_ *Context) IsAborted() bool {
return false
}
func (_ *Context) IsWebsocket() bool {
return false
}
func (_ *Context) JSON(_ int, _ interface{}) {}
func (_ *Context) JSONP(_ int, _ interface{}) {}
func (_ *Context) MultipartForm() (*multipart.Form, error) {
return nil, nil
}
func (_ *Context) MustBindWith(_ interface{}, _ interface{}) error {
return nil
}
func (_ *Context) MustGet(_ string) interface{} {
return nil
}
func (_ *Context) Negotiate(_ int, _ Negotiate) {}
func (_ *Context) NegotiateFormat(_ ...string) string {
return ""
}
func (_ *Context) Next() {}
func (_ *Context) Param(_ string) string {
return ""
}
func (_ *Context) PostForm(_ string) string {
return ""
}
func (_ *Context) PostFormArray(_ string) []string {
return nil
}
func (_ *Context) PostFormMap(_ string) map[string]string {
return nil
}
func (_ *Context) ProtoBuf(_ int, _ interface{}) {}
func (_ *Context) PureJSON(_ int, _ interface{}) {}
func (_ *Context) Query(_ string) string {
return ""
}
func (_ *Context) QueryArray(_ string) []string {
return nil
}
func (_ *Context) QueryMap(_ string) map[string]string {
return nil
}
func (_ *Context) Redirect(_ int, _ string) {}
func (_ *Context) RemoteIP() (net.IP, bool) {
return nil, false
}
func (_ *Context) Render(_ int, _ interface{}) {}
func (_ *Context) SSEvent(_ string, _ interface{}) {}
func (_ *Context) SaveUploadedFile(_ *multipart.FileHeader, _ string) error {
return nil
}
func (_ *Context) SecureJSON(_ int, _ interface{}) {}
func (_ *Context) Set(_ string, _ interface{}) {}
func (_ *Context) SetAccepted(_ ...string) {}
func (_ *Context) SetCookie(_ string, _ string, _ int, _ string, _ string, _ bool, _ bool) {}
func (_ *Context) SetSameSite(_ http.SameSite) {}
func (_ *Context) ShouldBind(_ interface{}) error {
return nil
}
func (_ *Context) ShouldBindBodyWith(_ interface{}, _ interface{}) error {
return nil
}
func (_ *Context) ShouldBindHeader(_ interface{}) error {
return nil
}
func (_ *Context) ShouldBindJSON(_ interface{}) error {
return nil
}
func (_ *Context) ShouldBindQuery(_ interface{}) error {
return nil
}
func (_ *Context) ShouldBindUri(_ interface{}) error {
return nil
}
func (_ *Context) ShouldBindWith(_ interface{}, _ interface{}) error {
return nil
}
func (_ *Context) ShouldBindXML(_ interface{}) error {
return nil
}
func (_ *Context) ShouldBindYAML(_ interface{}) error {
return nil
}
func (_ *Context) Status(_ int) {}
func (_ *Context) Stream(_ func(io.Writer) bool) bool {
return false
}
func (_ *Context) String(_ int, _ string, _ ...interface{}) {}
func (_ *Context) Value(_ interface{}) interface{} {
return nil
}
func (_ *Context) XML(_ int, _ interface{}) {}
func (_ *Context) YAML(_ int, _ interface{}) {}
type Engine struct {
RouterGroup RouterGroup
RedirectTrailingSlash bool
RedirectFixedPath bool
HandleMethodNotAllowed bool
ForwardedByClientIP bool
AppEngine bool
UseRawPath bool
UnescapePathValues bool
RemoveExtraSlash bool
RemoteIPHeaders []string
TrustedPlatform string
MaxMultipartMemory int64
HTMLRender interface{}
FuncMap template.FuncMap
}
func (_ *Engine) Any(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *Engine) BasePath() string {
return ""
}
func (_ *Engine) DELETE(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *Engine) Delims(_ string, _ string) *Engine {
return nil
}
func (_ *Engine) GET(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *Engine) Group(_ string, _ ...HandlerFunc) *RouterGroup {
return nil
}
func (_ *Engine) HEAD(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *Engine) Handle(_ string, _ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *Engine) HandleContext(_ *Context) {}
func (_ *Engine) LoadHTMLFiles(_ ...string) {}
func (_ *Engine) LoadHTMLGlob(_ string) {}
func (_ *Engine) NoMethod(_ ...HandlerFunc) {}
func (_ *Engine) NoRoute(_ ...HandlerFunc) {}
func (_ *Engine) OPTIONS(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *Engine) PATCH(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *Engine) POST(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *Engine) PUT(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *Engine) Routes() RoutesInfo {
return nil
}
func (_ *Engine) Run(_ ...string) error {
return nil
}
func (_ *Engine) RunFd(_ int) error {
return nil
}
func (_ *Engine) RunListener(_ net.Listener) error {
return nil
}
func (_ *Engine) RunTLS(_ string, _ string, _ string) error {
return nil
}
func (_ *Engine) RunUnix(_ string) error {
return nil
}
func (_ *Engine) SecureJsonPrefix(_ string) *Engine {
return nil
}
func (_ *Engine) ServeHTTP(_ http.ResponseWriter, _ *http.Request) {}
func (_ *Engine) SetFuncMap(_ template.FuncMap) {}
func (_ *Engine) SetHTMLTemplate(_ *template.Template) {}
func (_ *Engine) SetTrustedProxies(_ []string) error {
return nil
}
func (_ *Engine) Static(_ string, _ string) IRoutes {
return nil
}
func (_ *Engine) StaticFS(_ string, _ http.FileSystem) IRoutes {
return nil
}
func (_ *Engine) StaticFile(_ string, _ string) IRoutes {
return nil
}
func (_ *Engine) Use(_ ...HandlerFunc) IRoutes {
return nil
}
type Error struct {
Err error
Type ErrorType
Meta interface{}
}
func (_ Error) Error() string {
return ""
}
func (_ *Error) IsType(_ ErrorType) bool {
return false
}
func (_ *Error) JSON() interface{} {
return nil
}
func (_ *Error) MarshalJSON() ([]byte, error) {
return nil, nil
}
func (_ *Error) SetMeta(_ interface{}) *Error {
return nil
}
func (_ *Error) SetType(_ ErrorType) *Error {
return nil
}
func (_ *Error) Unwrap() error {
return nil
}
type ErrorType uint64
type HandlerFunc func(*Context)
type HandlersChain []HandlerFunc
func (_ HandlersChain) Last() HandlerFunc {
return nil
}
type IRoutes interface {
Any(_ string, _ ...HandlerFunc) IRoutes
DELETE(_ string, _ ...HandlerFunc) IRoutes
GET(_ string, _ ...HandlerFunc) IRoutes
HEAD(_ string, _ ...HandlerFunc) IRoutes
Handle(_ string, _ string, _ ...HandlerFunc) IRoutes
OPTIONS(_ string, _ ...HandlerFunc) IRoutes
PATCH(_ string, _ ...HandlerFunc) IRoutes
POST(_ string, _ ...HandlerFunc) IRoutes
PUT(_ string, _ ...HandlerFunc) IRoutes
Static(_ string, _ string) IRoutes
StaticFS(_ string, _ http.FileSystem) IRoutes
StaticFile(_ string, _ string) IRoutes
Use(_ ...HandlerFunc) IRoutes
}
type Negotiate struct {
Offered []string
HTMLName string
HTMLData interface{}
JSONData interface{}
XMLData interface{}
YAMLData interface{}
Data interface{}
}
func New() *Engine {
return nil
}
type Param struct {
Key string
Value string
}
type Params []Param
func (_ Params) ByName(_ string) string {
return ""
}
func (_ Params) Get(_ string) (string, bool) {
return "", false
}
type ResponseWriter interface {
CloseNotify() <-chan bool
Flush()
Header() http.Header
Hijack() (net.Conn, *bufio.ReadWriter, error)
Pusher() http.Pusher
Size() int
Status() int
Write(_ []byte) (int, error)
WriteHeader(_ int)
WriteHeaderNow()
WriteString(_ string) (int, error)
Written() bool
}
type RouteInfo struct {
Method string
Path string
Handler string
HandlerFunc HandlerFunc
}
type RouterGroup struct {
Handlers HandlersChain
}
func (_ *RouterGroup) Any(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *RouterGroup) BasePath() string {
return ""
}
func (_ *RouterGroup) DELETE(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *RouterGroup) GET(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *RouterGroup) Group(_ string, _ ...HandlerFunc) *RouterGroup {
return nil
}
func (_ *RouterGroup) HEAD(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *RouterGroup) Handle(_ string, _ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *RouterGroup) OPTIONS(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *RouterGroup) PATCH(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *RouterGroup) POST(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *RouterGroup) PUT(_ string, _ ...HandlerFunc) IRoutes {
return nil
}
func (_ *RouterGroup) Static(_ string, _ string) IRoutes {
return nil
}
func (_ *RouterGroup) StaticFS(_ string, _ http.FileSystem) IRoutes {
return nil
}
func (_ *RouterGroup) StaticFile(_ string, _ string) IRoutes {
return nil
}
func (_ *RouterGroup) Use(_ ...HandlerFunc) IRoutes {
return nil
}
type RoutesInfo []RouteInfo

12
go/ql/test/experimental/CWE-321/vendor/github.com/go-kit/kit/auth/jwt/stub.go generated vendored Normal file
View File

@@ -0,0 +1,12 @@
// Code generated by depstubber. DO NOT EDIT.
// This is a simple stub for github.com/go-kit/kit/auth/jwt, strictly for use in testing.
// See the LICENSE file for information about the licensing of the original library.
// Source: github.com/go-kit/kit/auth/jwt (exports: ; functions: NewSigner)
// Package jwt is a stub of github.com/go-kit/kit/auth/jwt, generated by depstubber.
package jwt
func NewSigner(_ string, _ []byte, _ interface{}, _ interface{}) interface{} {
return nil
}

328
go/ql/test/experimental/CWE-321/vendor/github.com/golang-jwt/jwt/v4/stub.go generated vendored Normal file
View File

@@ -0,0 +1,328 @@
// Code generated by depstubber. DO NOT EDIT.
// This is a simple stub for github.com/golang-jwt/jwt/v4, strictly for use in testing.
// See the LICENSE file for information about the licensing of the original library.
// Source: github.com/golang-jwt/jwt/v4 (exports: MapClaims,RegisteredClaims,SigningMethodRSA,SigningMethodHMAC,Token; functions: NewNumericDate,NewWithClaims)
// Package jwt is a stub of github.com/golang-jwt/jwt/v4, generated by depstubber.
package jwt
import (
crypto "crypto"
time "time"
)
type ClaimStrings []string
func (_ ClaimStrings) MarshalJSON() ([]byte, error) {
return nil, nil
}
func (_ *ClaimStrings) UnmarshalJSON(_ []byte) error {
return nil
}
type Claims interface {
Valid() error
}
type MapClaims map[string]interface{}
func (_ MapClaims) Valid() error {
return nil
}
func (_ MapClaims) VerifyAudience(_ string, _ bool) bool {
return false
}
func (_ MapClaims) VerifyExpiresAt(_ int64, _ bool) bool {
return false
}
func (_ MapClaims) VerifyIssuedAt(_ int64, _ bool) bool {
return false
}
func (_ MapClaims) VerifyIssuer(_ string, _ bool) bool {
return false
}
func (_ MapClaims) VerifyNotBefore(_ int64, _ bool) bool {
return false
}
func NewNumericDate(_ time.Time) *NumericDate {
return nil
}
func NewWithClaims(_ SigningMethod, _ Claims) *Token {
return nil
}
type NumericDate struct {
Time time.Time
}
func (_ NumericDate) Add(_ time.Duration) time.Time {
return time.Time{}
}
func (_ NumericDate) AddDate(_ int, _ int, _ int) time.Time {
return time.Time{}
}
func (_ NumericDate) After(_ time.Time) bool {
return false
}
func (_ NumericDate) AppendFormat(_ []byte, _ string) []byte {
return nil
}
func (_ NumericDate) Before(_ time.Time) bool {
return false
}
func (_ NumericDate) Clock() (int, int, int) {
return 0, 0, 0
}
func (_ NumericDate) Date() (int, time.Month, int) {
return 0, 0, 0
}
func (_ NumericDate) Day() int {
return 0
}
func (_ NumericDate) Equal(_ time.Time) bool {
return false
}
func (_ NumericDate) Format(_ string) string {
return ""
}
func (_ NumericDate) GoString() string {
return ""
}
func (_ NumericDate) GobEncode() ([]byte, error) {
return nil, nil
}
func (_ NumericDate) Hour() int {
return 0
}
func (_ NumericDate) ISOWeek() (int, int) {
return 0, 0
}
func (_ NumericDate) In(_ *time.Location) time.Time {
return time.Time{}
}
func (_ NumericDate) IsDST() bool {
return false
}
func (_ NumericDate) IsZero() bool {
return false
}
func (_ NumericDate) Local() time.Time {
return time.Time{}
}
func (_ NumericDate) Location() *time.Location {
return nil
}
func (_ NumericDate) MarshalBinary() ([]byte, error) {
return nil, nil
}
func (_ NumericDate) MarshalJSON() ([]byte, error) {
return nil, nil
}
func (_ NumericDate) MarshalText() ([]byte, error) {
return nil, nil
}
func (_ NumericDate) Minute() int {
return 0
}
func (_ NumericDate) Month() time.Month {
return 0
}
func (_ NumericDate) Nanosecond() int {
return 0
}
func (_ NumericDate) Round(_ time.Duration) time.Time {
return time.Time{}
}
func (_ NumericDate) Second() int {
return 0
}
func (_ NumericDate) String() string {
return ""
}
func (_ NumericDate) Sub(_ time.Time) time.Duration {
return 0
}
func (_ NumericDate) Truncate(_ time.Duration) time.Time {
return time.Time{}
}
func (_ NumericDate) UTC() time.Time {
return time.Time{}
}
func (_ NumericDate) Unix() int64 {
return 0
}
func (_ NumericDate) UnixMicro() int64 {
return 0
}
func (_ NumericDate) UnixMilli() int64 {
return 0
}
func (_ NumericDate) UnixNano() int64 {
return 0
}
func (_ NumericDate) Weekday() time.Weekday {
return 0
}
func (_ NumericDate) Year() int {
return 0
}
func (_ NumericDate) YearDay() int {
return 0
}
func (_ NumericDate) Zone() (string, int) {
return "", 0
}
func (_ *NumericDate) GobDecode(_ []byte) error {
return nil
}
func (_ *NumericDate) UnmarshalBinary(_ []byte) error {
return nil
}
func (_ *NumericDate) UnmarshalJSON(_ []byte) error {
return nil
}
func (_ *NumericDate) UnmarshalText(_ []byte) error {
return nil
}
type RegisteredClaims struct {
Issuer string
Subject string
Audience ClaimStrings
ExpiresAt *NumericDate
NotBefore *NumericDate
IssuedAt *NumericDate
ID string
}
func (_ RegisteredClaims) Valid() error {
return nil
}
func (_ *RegisteredClaims) VerifyAudience(_ string, _ bool) bool {
return false
}
func (_ *RegisteredClaims) VerifyExpiresAt(_ time.Time, _ bool) bool {
return false
}
func (_ *RegisteredClaims) VerifyIssuedAt(_ time.Time, _ bool) bool {
return false
}
func (_ *RegisteredClaims) VerifyIssuer(_ string, _ bool) bool {
return false
}
func (_ *RegisteredClaims) VerifyNotBefore(_ time.Time, _ bool) bool {
return false
}
type SigningMethod interface {
Alg() string
Sign(_ string, _ interface{}) (string, error)
Verify(_ string, _ string, _ interface{}) error
}
type SigningMethodHMAC struct {
Name string
Hash crypto.Hash
}
func (_ *SigningMethodHMAC) Alg() string {
return ""
}
func (_ *SigningMethodHMAC) Sign(_ string, _ interface{}) (string, error) {
return "", nil
}
func (_ *SigningMethodHMAC) Verify(_ string, _ string, _ interface{}) error {
return nil
}
type SigningMethodRSA struct {
Name string
Hash crypto.Hash
}
func (_ *SigningMethodRSA) Alg() string {
return ""
}
func (_ *SigningMethodRSA) Sign(_ string, _ interface{}) (string, error) {
return "", nil
}
func (_ *SigningMethodRSA) Verify(_ string, _ string, _ interface{}) error {
return nil
}
type Token struct {
Raw string
Method SigningMethod
Header map[string]interface{}
Claims Claims
Signature string
Valid bool
}
func (_ *Token) SignedString(_ interface{}) (string, error) {
return "", nil
}
func (_ *Token) SigningString() (string, error) {
return "", nil
}

39
go/ql/test/experimental/CWE-321/vendor/github.com/lestrrat/go-jwx/jwk/stub.go generated vendored Normal file
View File

@@ -0,0 +1,39 @@
// Code generated by depstubber. DO NOT EDIT.
// This is a simple stub for github.com/lestrrat/go-jwx/jwk, strictly for use in testing.
// See the LICENSE file for information about the licensing of the original library.
// Source: github.com/lestrrat/go-jwx/jwk (exports: ; functions: New)
// Package jwk is a stub of github.com/lestrrat/go-jwx/jwk, generated by depstubber.
package jwk
import (
crypto "crypto"
x509 "crypto/x509"
)
type Key interface {
Algorithm() string
ExtractMap(_ map[string]interface{}) error
Get(_ string) (interface{}, bool)
KeyID() string
KeyOps() []KeyOperation
KeyType() interface{}
KeyUsage() string
Materialize() (interface{}, error)
PopulateMap(_ map[string]interface{}) error
Remove(_ string)
Set(_ string, _ interface{}) error
Thumbprint(_ crypto.Hash) ([]byte, error)
Walk(_ func(string, interface{}) error) error
X509CertChain() []*x509.Certificate
X509CertThumbprint() string
X509CertThumbprintS256() string
X509URL() string
}
type KeyOperation string
func New(_ interface{}) (Key, error) {
return nil, nil
}

219
go/ql/test/experimental/CWE-321/vendor/github.com/square/go-jose/v3/stub.go generated vendored Normal file
View File

@@ -0,0 +1,219 @@
// Code generated by depstubber. DO NOT EDIT.
// This is a simple stub for github.com/square/go-jose/v3, strictly for use in testing.
// See the LICENSE file for information about the licensing of the original library.
// Source: github.com/square/go-jose/v3 (exports: Recipient; functions: NewEncrypter,NewSigner)
// Package go_pkg is a stub of github.com/square/go-jose/v3, generated by depstubber.
package go_pkg
import (
crypto "crypto"
x509 "crypto/x509"
url "net/url"
)
type CompressionAlgorithm string
type ContentEncryption string
type ContentType string
type Encrypter interface {
Encrypt(_ []byte) (*JSONWebEncryption, error)
EncryptWithAuthData(_ []byte, _ []byte) (*JSONWebEncryption, error)
Options() EncrypterOptions
}
type EncrypterOptions struct {
Compression CompressionAlgorithm
ExtraHeaders map[HeaderKey]interface{}
}
func (_ *EncrypterOptions) WithContentType(_ ContentType) *EncrypterOptions {
return nil
}
func (_ *EncrypterOptions) WithHeader(_ HeaderKey, _ interface{}) *EncrypterOptions {
return nil
}
func (_ *EncrypterOptions) WithType(_ ContentType) *EncrypterOptions {
return nil
}
type Header struct {
KeyID string
JSONWebKey *JSONWebKey
Algorithm string
Nonce string
ExtraHeaders map[HeaderKey]interface{}
}
func (_ Header) Certificates(_ x509.VerifyOptions) ([][]*x509.Certificate, error) {
return nil, nil
}
type HeaderKey string
type JSONWebEncryption struct {
Header Header
}
func (_ JSONWebEncryption) CompactSerialize() (string, error) {
return "", nil
}
func (_ JSONWebEncryption) Decrypt(_ interface{}) ([]byte, error) {
return nil, nil
}
func (_ JSONWebEncryption) DecryptMulti(_ interface{}) (int, Header, []byte, error) {
return 0, Header{}, nil, nil
}
func (_ JSONWebEncryption) FullSerialize() string {
return ""
}
func (_ JSONWebEncryption) GetAuthData() []byte {
return nil
}
type JSONWebKey struct {
Key interface{}
KeyID string
Algorithm string
Use string
Certificates []*x509.Certificate
CertificatesURL *url.URL
CertificateThumbprintSHA1 []byte
CertificateThumbprintSHA256 []byte
}
func (_ JSONWebKey) MarshalJSON() ([]byte, error) {
return nil, nil
}
func (_ *JSONWebKey) IsPublic() bool {
return false
}
func (_ *JSONWebKey) Public() JSONWebKey {
return JSONWebKey{}
}
func (_ *JSONWebKey) Thumbprint(_ crypto.Hash) ([]byte, error) {
return nil, nil
}
func (_ *JSONWebKey) UnmarshalJSON(_ []byte) error {
return nil
}
func (_ *JSONWebKey) Valid() bool {
return false
}
type JSONWebSignature struct {
Signatures []Signature
}
func (_ JSONWebSignature) CompactSerialize() (string, error) {
return "", nil
}
func (_ JSONWebSignature) DetachedCompactSerialize() (string, error) {
return "", nil
}
func (_ JSONWebSignature) DetachedVerify(_ []byte, _ interface{}) error {
return nil
}
func (_ JSONWebSignature) DetachedVerifyMulti(_ []byte, _ interface{}) (int, Signature, error) {
return 0, Signature{}, nil
}
func (_ JSONWebSignature) FullSerialize() string {
return ""
}
func (_ JSONWebSignature) UnsafePayloadWithoutVerification() []byte {
return nil
}
func (_ JSONWebSignature) Verify(_ interface{}) ([]byte, error) {
return nil, nil
}
func (_ JSONWebSignature) VerifyMulti(_ interface{}) (int, Signature, []byte, error) {
return 0, Signature{}, nil, nil
}
type KeyAlgorithm string
func NewEncrypter(_ ContentEncryption, _ Recipient, _ *EncrypterOptions) (Encrypter, error) {
return nil, nil
}
func NewSigner(_ SigningKey, _ *SignerOptions) (Signer, error) {
return nil, nil
}
type NonceSource interface {
Nonce() (string, error)
}
type Recipient struct {
Algorithm KeyAlgorithm
Key interface{}
KeyID string
PBES2Count int
PBES2Salt []byte
}
type Signature struct {
Header Header
Protected Header
Unprotected Header
Signature []byte
}
type SignatureAlgorithm string
type Signer interface {
Options() SignerOptions
Sign(_ []byte) (*JSONWebSignature, error)
}
type SignerOptions struct {
NonceSource NonceSource
EmbedJWK bool
ExtraHeaders map[HeaderKey]interface{}
}
func (_ *SignerOptions) WithBase64(_ bool) *SignerOptions {
return nil
}
func (_ *SignerOptions) WithContentType(_ ContentType) *SignerOptions {
return nil
}
func (_ *SignerOptions) WithCritical(_ ...string) *SignerOptions {
return nil
}
func (_ *SignerOptions) WithHeader(_ HeaderKey, _ interface{}) *SignerOptions {
return nil
}
func (_ *SignerOptions) WithType(_ ContentType) *SignerOptions {
return nil
}
type SigningKey struct {
Algorithm SignatureAlgorithm
Key interface{}
}

219
go/ql/test/experimental/CWE-321/vendor/gopkg.in/square/go-jose.v2/stub.go generated vendored Normal file
View File

@@ -0,0 +1,219 @@
// Code generated by depstubber. DO NOT EDIT.
// This is a simple stub for gopkg.in/square/go-jose.v2, strictly for use in testing.
// See the LICENSE file for information about the licensing of the original library.
// Source: gopkg.in/square/go-jose.v2 (exports: Recipient; functions: NewEncrypter,NewSigner)
// Package go_pkg is a stub of gopkg.in/square/go-jose.v2, generated by depstubber.
package go_pkg
import (
crypto "crypto"
x509 "crypto/x509"
url "net/url"
)
type CompressionAlgorithm string
type ContentEncryption string
type ContentType string
type Encrypter interface {
Encrypt(_ []byte) (*JSONWebEncryption, error)
EncryptWithAuthData(_ []byte, _ []byte) (*JSONWebEncryption, error)
Options() EncrypterOptions
}
type EncrypterOptions struct {
Compression CompressionAlgorithm
ExtraHeaders map[HeaderKey]interface{}
}
func (_ *EncrypterOptions) WithContentType(_ ContentType) *EncrypterOptions {
return nil
}
func (_ *EncrypterOptions) WithHeader(_ HeaderKey, _ interface{}) *EncrypterOptions {
return nil
}
func (_ *EncrypterOptions) WithType(_ ContentType) *EncrypterOptions {
return nil
}
type Header struct {
KeyID string
JSONWebKey *JSONWebKey
Algorithm string
Nonce string
ExtraHeaders map[HeaderKey]interface{}
}
func (_ Header) Certificates(_ x509.VerifyOptions) ([][]*x509.Certificate, error) {
return nil, nil
}
type HeaderKey string
type JSONWebEncryption struct {
Header Header
}
func (_ JSONWebEncryption) CompactSerialize() (string, error) {
return "", nil
}
func (_ JSONWebEncryption) Decrypt(_ interface{}) ([]byte, error) {
return nil, nil
}
func (_ JSONWebEncryption) DecryptMulti(_ interface{}) (int, Header, []byte, error) {
return 0, Header{}, nil, nil
}
func (_ JSONWebEncryption) FullSerialize() string {
return ""
}
func (_ JSONWebEncryption) GetAuthData() []byte {
return nil
}
type JSONWebKey struct {
Key interface{}
KeyID string
Algorithm string
Use string
Certificates []*x509.Certificate
CertificatesURL *url.URL
CertificateThumbprintSHA1 []byte
CertificateThumbprintSHA256 []byte
}
func (_ JSONWebKey) MarshalJSON() ([]byte, error) {
return nil, nil
}
func (_ *JSONWebKey) IsPublic() bool {
return false
}
func (_ *JSONWebKey) Public() JSONWebKey {
return JSONWebKey{}
}
func (_ *JSONWebKey) Thumbprint(_ crypto.Hash) ([]byte, error) {
return nil, nil
}
func (_ *JSONWebKey) UnmarshalJSON(_ []byte) error {
return nil
}
func (_ *JSONWebKey) Valid() bool {
return false
}
type JSONWebSignature struct {
Signatures []Signature
}
func (_ JSONWebSignature) CompactSerialize() (string, error) {
return "", nil
}
func (_ JSONWebSignature) DetachedCompactSerialize() (string, error) {
return "", nil
}
func (_ JSONWebSignature) DetachedVerify(_ []byte, _ interface{}) error {
return nil
}
func (_ JSONWebSignature) DetachedVerifyMulti(_ []byte, _ interface{}) (int, Signature, error) {
return 0, Signature{}, nil
}
func (_ JSONWebSignature) FullSerialize() string {
return ""
}
func (_ JSONWebSignature) UnsafePayloadWithoutVerification() []byte {
return nil
}
func (_ JSONWebSignature) Verify(_ interface{}) ([]byte, error) {
return nil, nil
}
func (_ JSONWebSignature) VerifyMulti(_ interface{}) (int, Signature, []byte, error) {
return 0, Signature{}, nil, nil
}
type KeyAlgorithm string
func NewEncrypter(_ ContentEncryption, _ Recipient, _ *EncrypterOptions) (Encrypter, error) {
return nil, nil
}
func NewSigner(_ SigningKey, _ *SignerOptions) (Signer, error) {
return nil, nil
}
type NonceSource interface {
Nonce() (string, error)
}
type Recipient struct {
Algorithm KeyAlgorithm
Key interface{}
KeyID string
PBES2Count int
PBES2Salt []byte
}
type Signature struct {
Header Header
Protected Header
Unprotected Header
Signature []byte
}
type SignatureAlgorithm string
type Signer interface {
Options() SignerOptions
Sign(_ []byte) (*JSONWebSignature, error)
}
type SignerOptions struct {
NonceSource NonceSource
EmbedJWK bool
ExtraHeaders map[HeaderKey]interface{}
}
func (_ *SignerOptions) WithBase64(_ bool) *SignerOptions {
return nil
}
func (_ *SignerOptions) WithContentType(_ ContentType) *SignerOptions {
return nil
}
func (_ *SignerOptions) WithCritical(_ ...string) *SignerOptions {
return nil
}
func (_ *SignerOptions) WithHeader(_ HeaderKey, _ interface{}) *SignerOptions {
return nil
}
func (_ *SignerOptions) WithType(_ ContentType) *SignerOptions {
return nil
}
type SigningKey struct {
Algorithm SignatureAlgorithm
Key interface{}
}

96
go/ql/test/experimental/CWE-321/vendor/modules.txt vendored Normal file
View File

@@ -0,0 +1,96 @@
# github.com/appleboy/gin-jwt/v2 v2.8.0
## explicit
github.com/appleboy/gin-jwt/v2
# github.com/cristalhq/jwt/v3 v3.1.0
## explicit
github.com/cristalhq/jwt/v3
# github.com/gin-gonic/gin v1.7.7
## explicit
github.com/gin-gonic/gin
# github.com/go-kit/kit v0.12.0
## explicit
github.com/go-kit/kit
# github.com/golang-jwt/jwt/v4 v4.4.1
## explicit
github.com/golang-jwt/jwt/v4
# github.com/lestrrat/go-jwx v0.9.1
## explicit
github.com/lestrrat/go-jwx
# github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693
## explicit
github.com/square/go-jose/v3
# gopkg.in/square/go-jose.v2 v2.6.0
## explicit
gopkg.in/square/go-jose.v2
# github.com/davecgh/go-spew v1.1.1
## explicit
github.com/davecgh/go-spew
# github.com/gin-contrib/sse v0.1.0
## explicit
github.com/gin-contrib/sse
# github.com/go-kit/log v0.2.0
## explicit
github.com/go-kit/log
# github.com/go-logfmt/logfmt v0.5.1
## explicit
github.com/go-logfmt/logfmt
# github.com/go-playground/locales v0.13.0
## explicit
github.com/go-playground/locales
# github.com/go-playground/universal-translator v0.17.0
## explicit
github.com/go-playground/universal-translator
# github.com/go-playground/validator/v10 v10.4.1
## explicit
github.com/go-playground/validator/v10
# github.com/golang/protobuf v1.5.2
## explicit
github.com/golang/protobuf
# github.com/json-iterator/go v1.1.12
## explicit
github.com/json-iterator/go
# github.com/leodido/go-urn v1.2.0
## explicit
github.com/leodido/go-urn
# github.com/lestrrat/go-pdebug v0.0.0-20180220043741-569c97477ae8
## explicit
github.com/lestrrat/go-pdebug
# github.com/mattn/go-isatty v0.0.14
## explicit
github.com/mattn/go-isatty
# github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
## explicit
github.com/modern-go/concurrent
# github.com/modern-go/reflect2 v1.0.2
## explicit
github.com/modern-go/reflect2
# github.com/pkg/errors v0.9.1
## explicit
github.com/pkg/errors
# github.com/ugorji/go/codec v1.1.7
## explicit
github.com/ugorji/go/codec
# golang.org/x/crypto v0.0.0-20210915214749-c084706c2272
## explicit
golang.org/x/crypto
# golang.org/x/net v0.0.0-20210917221730-978cfadd31cf
## explicit
golang.org/x/net
# golang.org/x/sys v0.0.0-20210917161153-d61c044b1678
## explicit
golang.org/x/sys
# golang.org/x/text v0.3.7
## explicit
golang.org/x/text
# google.golang.org/genproto v0.0.0-20210917145530-b395a37504d4
## explicit
google.golang.org/genproto
# google.golang.org/grpc v1.40.0
## explicit
google.golang.org/grpc
# google.golang.org/protobuf v1.27.1
## explicit
google.golang.org/protobuf
# gopkg.in/yaml.v2 v2.2.8
## explicit
gopkg.in/yaml.v2

11
go/ql/test/experimental/frameworks/CleverGo/HeaderWrite.ql
View File

@@ -9,10 +9,11 @@ class HttpHeaderWriteTest extends InlineExpectationsTest {
result = ["headerKeyNode", "headerValNode", "headerKey", "headerVal"]
}
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
// Dynamic key-value header:
exists(HTTP::HeaderWrite hw |
hw.hasLocationInfo(file, line, _, _, _) and
hw.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
(
element = hw.getName().toString() and
value = hw.getName().toString() and
@@ -26,7 +27,8 @@ class HttpHeaderWriteTest extends InlineExpectationsTest {
or
// Static key, dynamic value header:
exists(HTTP::HeaderWrite hw |
hw.hasLocationInfo(file, line, _, _, _) and
hw.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
(
element = hw.getHeaderName().toString() and
value = hw.getHeaderName() and
@@ -40,7 +42,8 @@ class HttpHeaderWriteTest extends InlineExpectationsTest {
or
// Static key, static value header:
exists(HTTP::HeaderWrite hw |
hw.hasLocationInfo(file, line, _, _, _) and
hw.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
(
element = hw.getHeaderName().toString() and
value = hw.getHeaderName() and

5
go/ql/test/experimental/frameworks/CleverGo/HttpRedirect.ql
View File

@@ -7,10 +7,11 @@ class HttpRedirectTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "redirectUrl" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "redirectUrl" and
exists(HTTP::Redirect rd |
rd.hasLocationInfo(file, line, _, _, _) and
rd.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = rd.getUrl().toString() and
value = rd.getUrl().toString()
)

5
go/ql/test/experimental/frameworks/CleverGo/HttpResponseBody.ql
View File

@@ -7,9 +7,10 @@ class HttpResponseBodyTest extends InlineExpectationsTest {
override string getARelevantTag() { result = ["contentType", "responseBody"] }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(HTTP::ResponseBody rd |
rd.hasLocationInfo(file, line, _, _, _) and
rd.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
(
element = rd.getAContentType().toString() and
value = rd.getAContentType().toString() and

5
go/ql/test/experimental/frameworks/CleverGo/TaintTracking.ql
View File

@@ -19,12 +19,13 @@ class TaintTrackingTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "taintSink" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "taintSink" and
exists(DataFlow::Node sink | any(Configuration c).hasFlow(_, sink) |
element = sink.toString() and
value = "" and
sink.hasLocationInfo(file, line, _, _, _)
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
)
}
}

5
go/ql/test/experimental/frameworks/CleverGo/UntrustedSources.ql
View File

@@ -7,7 +7,7 @@ class UntrustedFlowSourceTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "untrustedFlowSource" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "untrustedFlowSource" and
exists(DataFlow::CallNode sinkCall, DataFlow::ArgumentNode arg |
sinkCall.getCalleeName() = "sink" and
@@ -16,7 +16,8 @@ class UntrustedFlowSourceTest extends InlineExpectationsTest {
|
element = arg.toString() and
value = "" and
arg.hasLocationInfo(file, line, _, _, _)
arg.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
)
}
}

11
go/ql/test/experimental/frameworks/Fiber/HeaderWrite.ql
View File

@@ -9,10 +9,11 @@ class HttpHeaderWriteTest extends InlineExpectationsTest {
result = ["headerKeyNode", "headerValNode", "headerKey", "headerVal"]
}
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
// Dynamic key-value header:
exists(HTTP::HeaderWrite hw |
hw.hasLocationInfo(file, line, _, _, _) and
hw.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
(
element = hw.getName().toString() and
value = hw.getName().toString() and
@@ -26,7 +27,8 @@ class HttpHeaderWriteTest extends InlineExpectationsTest {
or
// Static key, dynamic value header:
exists(HTTP::HeaderWrite hw |
hw.hasLocationInfo(file, line, _, _, _) and
hw.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
(
element = hw.getHeaderName().toString() and
value = hw.getHeaderName() and
@@ -40,7 +42,8 @@ class HttpHeaderWriteTest extends InlineExpectationsTest {
or
// Static key, static value header:
exists(HTTP::HeaderWrite hw |
hw.hasLocationInfo(file, line, _, _, _) and
hw.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
(
element = hw.getHeaderName().toString() and
value = hw.getHeaderName() and

5
go/ql/test/experimental/frameworks/Fiber/Redirect.ql
View File

@@ -7,10 +7,11 @@ class HttpRedirectTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "redirectUrl" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "redirectUrl" and
exists(HTTP::Redirect rd |
rd.hasLocationInfo(file, line, _, _, _) and
rd.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = rd.getUrl().toString() and
value = rd.getUrl().toString()
)

5
go/ql/test/experimental/frameworks/Fiber/ResponseBody.ql
View File

@@ -7,9 +7,10 @@ class HttpResponseBodyTest extends InlineExpectationsTest {
override string getARelevantTag() { result = ["contentType", "responseBody"] }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(HTTP::ResponseBody rd |
rd.hasLocationInfo(file, line, _, _, _) and
rd.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
(
element = rd.getAContentType().toString() and
value = rd.getAContentType().toString() and

5
go/ql/test/experimental/frameworks/Fiber/TaintTracking.ql
View File

@@ -19,12 +19,13 @@ class TaintTrackingTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "taintSink" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "taintSink" and
exists(DataFlow::Node sink | any(Configuration c).hasFlow(_, sink) |
element = sink.toString() and
value = "" and
sink.hasLocationInfo(file, line, _, _, _)
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
)
}
}

5
go/ql/test/experimental/frameworks/Fiber/UntrustedFlowSources.ql
View File

@@ -7,7 +7,7 @@ class UntrustedFlowSourceTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "untrustedFlowSource" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "untrustedFlowSource" and
exists(DataFlow::CallNode sinkCall, DataFlow::ArgumentNode arg |
sinkCall.getCalleeName() = "sink" and
@@ -16,7 +16,8 @@ class UntrustedFlowSourceTest extends InlineExpectationsTest {
|
element = arg.toString() and
value = "" and
arg.hasLocationInfo(file, line, _, _, _)
arg.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
)
}
}

5
go/ql/test/library-tests/semmle/go/Function/isVariadic.ql
View File

@@ -6,10 +6,11 @@ class FunctionIsVariadicTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "isVariadic" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(CallExpr ce |
ce.getTarget().isVariadic() and
ce.hasLocationInfo(file, line, _, _, _) and
ce.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = ce.toString() and
value = "" and
tag = "isVariadic"

5
go/ql/test/library-tests/semmle/go/Types/ImplementsComparable.ql
View File

@@ -6,14 +6,15 @@ class ImplementsComparableTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "implementsComparable" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
// file = "interface.go" and
tag = "implementsComparable" and
exists(TypeSpec ts |
ts.getName().matches("testComparable%") and
ts.getATypeParameterDecl().getTypeConstraint().implementsComparable()
|
ts.hasLocationInfo(file, line, _, _, _) and
ts.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = ts.getName() and
value = ""
)

5
go/ql/test/library-tests/semmle/go/Types/SignatureType_isVariadic.ql
View File

@@ -6,10 +6,11 @@ class SignatureTypeIsVariadicTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "isVariadic" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(FuncDef fd |
fd.isVariadic() and
fd.hasLocationInfo(file, line, _, _, _) and
fd.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = fd.toString() and
value = "" and
tag = "isVariadic"

5
go/ql/test/library-tests/semmle/go/concepts/HTTP/Handler.ql
View File

@@ -6,12 +6,13 @@ class HttpHandler extends InlineExpectationsTest {
override string getARelevantTag() { result = "handler" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "handler" and
exists(HTTP::RequestHandler h, DataFlow::Node check |
element = h.toString() and value = check.toString()
|
h.hasLocationInfo(file, line, _, _, _) and
h.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
h.guardedBy(check)
)
}

5
go/ql/test/library-tests/semmle/go/concepts/LoggerCall/LoggerCall.ql
View File

@@ -6,9 +6,10 @@ class LoggerTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "logger" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(LoggerCall log |
log.hasLocationInfo(file, line, _, _, _) and
log.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = log.toString() and
value = log.getAMessageComponent().toString() and
tag = "logger"

10
go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowVarArgs/Flows.ql
View File

@@ -34,12 +34,13 @@ class DataFlowTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "dataflow" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "dataflow" and
exists(DataFlow::Node sink | any(DataConfiguration c).hasFlow(_, sink) |
element = sink.toString() and
value = "" and
sink.hasLocationInfo(file, line, _, _, _)
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
)
}
}
@@ -61,12 +62,13 @@ class TaintFlowTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "taintflow" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "taintflow" and
exists(DataFlow::Node sink | any(TaintConfiguration c).hasFlow(_, sink) |
element = sink.toString() and
value = "" and
sink.hasLocationInfo(file, line, _, _, _)
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
)
}
}

5
go/ql/test/library-tests/semmle/go/dataflow/GuardingFunctions/test.ql
View File

@@ -28,12 +28,13 @@ class DataFlowTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "dataflow" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "dataflow" and
exists(DataFlow::Node sink | any(TestConfig c).hasFlow(_, sink) |
element = sink.toString() and
value = sink.toString() and
sink.hasLocationInfo(file, line, _, _, _)
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
)
}
}

5
go/ql/test/library-tests/semmle/go/dataflow/ListOfConstantsSanitizerGuards/test.ql
View File

@@ -18,12 +18,13 @@ class DataFlowTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "dataflow" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "dataflow" and
exists(DataFlow::Node sink | any(TestConfig c).hasFlow(_, sink) |
element = sink.toString() and
value = sink.toString() and
sink.hasLocationInfo(file, line, _, _, _)
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
)
}
}

5
go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/DataFlowConfig.ql
View File

@@ -26,10 +26,11 @@ class PromotedFieldsTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "promotedfields" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(TestConfig config, DataFlow::PathNode source, DataFlow::PathNode sink |
config.hasFlowPath(source, sink) and
sink.hasLocationInfo(file, line, _, _, _) and
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = sink.toString() and
value = "" and
tag = "promotedfields"

5
go/ql/test/library-tests/semmle/go/dataflow/PromotedMethods/DataFlowConfig.ql
View File

@@ -26,11 +26,12 @@ class PromotedMethodsTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "promotedmethods" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(TestConfig config, DataFlow::Node source, DataFlow::Node sink |
config.hasFlow(source, sink)
|
sink.hasLocationInfo(file, line, _, _, _) and
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = sink.toString() and
value = source.getEnclosingCallable().getName() and
tag = "promotedmethods"

5
go/ql/test/library-tests/semmle/go/dataflow/TypeAssertions/DataFlow.ql
View File

@@ -18,12 +18,13 @@ class DataFlowTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "dataflow" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "dataflow" and
exists(DataFlow::Node sink | any(Configuration c).hasFlow(_, sink) |
element = sink.toString() and
value = sink.toString() and
sink.hasLocationInfo(file, line, _, _, _)
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
)
}
}

10
go/ql/test/library-tests/semmle/go/dataflow/VarArgs/Flows.ql
View File

@@ -18,12 +18,13 @@ class DataFlowTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "dataflow" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "dataflow" and
exists(DataFlow::Node sink | any(DataConfiguration c).hasFlow(_, sink) |
element = sink.toString() and
value = "" and
sink.hasLocationInfo(file, line, _, _, _)
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
)
}
}
@@ -45,12 +46,13 @@ class TaintFlowTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "taintflow" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "taintflow" and
exists(DataFlow::Node sink | any(TaintConfiguration c).hasFlow(_, sink) |
element = sink.toString() and
value = "" and
sink.hasLocationInfo(file, line, _, _, _)
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
)
}
}

10
go/ql/test/library-tests/semmle/go/dataflow/VarArgsWithFunctionModels/Flows.ql
View File

@@ -50,12 +50,13 @@ class DataFlowTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "dataflow" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "dataflow" and
exists(DataFlow::Node sink | any(DataConfiguration c).hasFlow(_, sink) |
element = sink.toString() and
value = "" and
sink.hasLocationInfo(file, line, _, _, _)
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
)
}
}
@@ -79,12 +80,13 @@ class TaintFlowTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "taintflow" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "taintflow" and
exists(DataFlow::Node sink | any(TaintConfiguration c).hasFlow(_, sink) |
element = sink.toString() and
value = "" and
sink.hasLocationInfo(file, line, _, _, _)
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
)
}
}

5
go/ql/test/library-tests/semmle/go/frameworks/CouchbaseV1/test.ql
View File

@@ -7,12 +7,13 @@ class SqlInjectionTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "sqlinjection" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "sqlinjection" and
exists(DataFlow::Node sink | any(SqlInjection::Configuration c).hasFlow(_, sink) |
element = sink.toString() and
value = sink.toString() and
sink.hasLocationInfo(file, line, _, _, _)
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
)
}
}

15
go/ql/test/library-tests/semmle/go/frameworks/ElazarlGoproxy/test.ql
View File

@@ -6,11 +6,12 @@ class UntrustedFlowSourceTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "untrustedflowsource" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "untrustedflowsource" and
value = element and
exists(UntrustedFlowSource src | value = "\"" + src.toString() + "\"" |
src.hasLocationInfo(file, line, _, _, _)
src.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
)
}
}
@@ -20,12 +21,13 @@ class HeaderWriteTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "headerwrite" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "headerwrite" and
exists(HTTP::HeaderWrite hw, string name, string val | element = hw.toString() |
hw.definesHeader(name, val) and
value = name + ":" + val and
hw.hasLocationInfo(file, line, _, _, _)
hw.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
)
}
}
@@ -35,9 +37,10 @@ class LoggerTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "logger" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(LoggerCall log |
log.hasLocationInfo(file, line, _, _, _) and
log.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = log.toString() and
value = log.getAMessageComponent().toString() and
tag = "logger"

5
go/ql/test/library-tests/semmle/go/frameworks/EvanphxJsonPatch/TaintFlows.ql
View File

@@ -21,12 +21,13 @@ class TaintFlowTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "taintflow" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "taintflow" and
exists(DataFlow::Node sink | any(Configuration c).hasFlow(_, sink) |
element = sink.toString() and
value = "" and
sink.hasLocationInfo(file, line, _, _, _)
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
)
}
}

6
go/ql/test/library-tests/semmle/go/frameworks/GoKit/untrustedflowsource.ql
View File

@@ -7,9 +7,11 @@ class UntrustedFlowSourceTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "source" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(UntrustedFlowSource source |
source.hasLocationInfo(file, line, _, _, _) and
source
.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = source.toString() and
value = "\"" + source.toString() + "\"" and
tag = "source"

5
go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/TaintFlowsInline.ql
View File

@@ -26,10 +26,11 @@ class K8sIoApiCoreV1Test extends InlineExpectationsTest {
override string getARelevantTag() { result = "KsIoApiCoreV" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(TestConfig config, DataFlow::PathNode source, DataFlow::PathNode sink |
config.hasFlowPath(source, sink) and
sink.hasLocationInfo(file, line, _, _, _) and
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = sink.toString() and
value = "" and
tag = "KsIoApiCoreV"

5
go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/TaintFlowsInline.ql
View File

@@ -26,10 +26,11 @@ class K8sIoApimachineryPkgRuntimeTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "KsIoApimachineryPkgRuntime" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(TestConfig config, DataFlow::PathNode source, DataFlow::PathNode sink |
config.hasFlowPath(source, sink) and
sink.hasLocationInfo(file, line, _, _, _) and
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = sink.toString() and
value = "" and
tag = "KsIoApimachineryPkgRuntime"

6
go/ql/test/library-tests/semmle/go/frameworks/K8sIoClientGo/SecretInterfaceSource.ql
View File

@@ -6,9 +6,11 @@ class K8sIoApimachineryPkgRuntimeTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "KsIoClientGo" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(K8sIoClientGo::SecretInterfaceSource source |
source.hasLocationInfo(file, line, _, _, _) and
source
.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = source.toString() and
value = "" and
tag = "KsIoClientGo"

5
go/ql/test/library-tests/semmle/go/frameworks/NoSQL/Query.ql
View File

@@ -6,9 +6,10 @@ class NoSQLQueryTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "nosqlquery" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(NoSQL::Query q |
q.hasLocationInfo(file, line, _, _, _) and
q.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = q.toString() and
value = q.toString() and
tag = "nosqlquery"

10
go/ql/test/library-tests/semmle/go/frameworks/Revel/test.ql
View File

@@ -20,12 +20,13 @@ class MissingDataFlowTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "noflow" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "noflow" and
value = "" and
exists(Sink sink |
not any(TestConfig c).hasFlow(_, sink) and
sink.hasLocationInfo(file, line, _, _, _) and
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = sink.toString()
)
}
@@ -36,10 +37,11 @@ class HttpResponseBodyTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "responsebody" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "responsebody" and
exists(HTTP::ResponseBody rb |
rb.hasLocationInfo(file, line, _, _, _) and
rb.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = rb.toString() and
value = "'" + rb.toString() + "'"
)

10
go/ql/test/library-tests/semmle/go/frameworks/SQL/QueryString.ql
View File

@@ -6,10 +6,11 @@ class SQLTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "query" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "query" and
exists(SQL::Query q, SQL::QueryString qs, string qsFile, int qsLine | qs = q.getAQueryString() |
q.hasLocationInfo(file, line, _, _, _) and
q.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
qs.hasLocationInfo(qsFile, qsLine, _, _, _) and
element = q.toString() and
value = qs.toString()
@@ -22,11 +23,12 @@ class QueryString extends InlineExpectationsTest {
override string getARelevantTag() { result = "querystring" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "querystring" and
element = "" and
exists(SQL::QueryString qs | not exists(SQL::Query q | qs = q.getAQueryString()) |
qs.hasLocationInfo(file, line, _, _, _) and
qs.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
value = qs.toString()
)
}

5
go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/test.ql
View File

@@ -6,9 +6,10 @@ class FileSystemAccessTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "fsaccess" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(FileSystemAccess f |
f.hasLocationInfo(file, line, _, _, _) and
f.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = f.toString() and
value = f.getAPathArgument().toString() and
tag = "fsaccess"

15
go/ql/test/library-tests/semmle/go/frameworks/Yaml/tests.ql
View File

@@ -6,10 +6,11 @@ class TaintFunctionModelTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "ttfnmodelstep" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "ttfnmodelstep" and
exists(TaintTracking::FunctionModel model, DataFlow::CallNode call | call = model.getACall() |
call.hasLocationInfo(file, line, _, _, _) and
call.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = call.toString() and
value = "\"" + model.getAnInputNode(call) + " -> " + model.getAnOutputNode(call) + "\""
)
@@ -21,10 +22,11 @@ class MarshalerTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "marshaler" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "marshaler" and
exists(MarshalingFunction m, DataFlow::CallNode call | call = m.getACall() |
call.hasLocationInfo(file, line, _, _, _) and
call.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = call.toString() and
value =
"\"" + m.getFormat() + ": " + m.getAnInput().getNode(call) + " -> " +
@@ -38,10 +40,11 @@ class UnmarshalerTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "unmarshaler" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "unmarshaler" and
exists(UnmarshalingFunction m, DataFlow::CallNode call | call = m.getACall() |
call.hasLocationInfo(file, line, _, _, _) and
call.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = call.toString() and
value =
"\"" + m.getFormat() + ": " + m.getAnInput().getNode(call) + " -> " +

5
go/ql/test/library-tests/semmle/go/frameworks/Zap/TaintFlows.ql
View File

@@ -18,12 +18,13 @@ class ZapTest extends InlineExpectationsTest {
override string getARelevantTag() { result = "zap" }
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "zap" and
exists(DataFlow::Node sink | any(TestConfig c).hasFlow(_, sink) |
element = sink.toString() and
value = "\"" + sink.toString() + "\"" and
sink.hasLocationInfo(file, line, _, _, _)
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
)
}
}