hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove duplication of UnsafeFieldReadSanitizer

Browse Source
This commit is contained in:
Owen Mansel-Chan
2025-09-30 12:04:39 +01:00
parent 2cd1d2fd2f
commit b5fda88bd3
3 changed files with 15 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll
View File

@@ -121,21 +121,6 @@ module OpenUrlRedirect {
/** A sink for an open redirect, considered as a sink for safe URL flow. */
private class SafeUrlSink extends SafeUrlFlow::Sink instanceof OpenUrlRedirect::Sink { }
/**
* A read of a field considered unsafe to redirect to, considered as a sanitizer for a safe
* URL.
*/
private class UnsafeFieldReadSanitizer extends SafeUrlFlow::SanitizerEdge {
UnsafeFieldReadSanitizer() {
exists(DataFlow::FieldReadNode frn, string name |
name = ["User", "RawQuery", "Fragment"] and
frn.getField().hasQualifiedName("net/url", "URL")
|
this = frn.getBase()
)
}
}
/**
* Reinstate the usual field propagation rules for fields, which the OpenURLRedirect
* query usually excludes, for fields of `Params` other than `Params.Fixed`.

15
go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll
View File

@@ -118,18 +118,3 @@ module RequestForgery {
/** A sink for request forgery, considered as a sink for safe URL flow. */
private class SafeUrlSink extends SafeUrlFlow::Sink instanceof RequestForgery::Sink { }
/**
* A read of a field considered unsafe for request forgery, considered as a sanitizer for a safe
* URL.
*/
private class UnsafeFieldReadSanitizer extends SafeUrlFlow::SanitizerEdge {
UnsafeFieldReadSanitizer() {
exists(DataFlow::FieldReadNode frn, string name |
(name = "RawQuery" or name = "Fragment" or name = "User") and
frn.getField().hasQualifiedName("net/url", "URL")
|
this = frn.getBase()
)
}
}

15
go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll
View File

@@ -40,4 +40,19 @@ module SafeUrlFlow {
private class StringSlicingEdge extends SanitizerEdge {
StringSlicingEdge() { this = any(DataFlow::SliceNode sn) }
}
/**
* A read of a field considered unsafe to redirect to, considered as a sanitizer for a safe
* URL.
*/
private class UnsafeFieldReadSanitizer extends SanitizerEdge {
UnsafeFieldReadSanitizer() {
exists(DataFlow::FieldReadNode frn, string name |
name = ["Fragment", "RawQuery", "User"] and
frn.getField().hasQualifiedName("net/url", "URL")
|
this = frn.getBase()
)
}
}
}