hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make RemoteFlowAsSource private

Browse Source 
`UntrustedFlowAsSource` should have been private. Since we are deprecating them anyway
we may as well make the replacement private (and make it use `instanceof`). The deprecation
comments have been updated.
This commit is contained in:
Owen Mansel-Chan
2024-04-18 12:31:38 +01:00
parent a49b43fdf6
commit b6f6bdc6f4
11 changed files with 20 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
go/ql/lib/change-notes/2024-04-18-untrustedflowsource-renamed-remoteflowsource.md Normal file
View File

4
go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll
View File

@@ -30,12 +30,12 @@ module CommandInjection {
abstract class Sanitizer extends DataFlow::Node { }
/**
* DEPRECATED: Use `RemoteFlowAsSource` instead.
* DEPRECATED: Use `RemoteFlowSource` or `Source` instead.
*/
deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
/** A source of untrusted data, considered as a taint source for command injection. */
class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
/** A command name, considered as a taint sink for command injection. */
class CommandNameAsSink extends Sink {

4
go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll
View File

@@ -26,12 +26,12 @@ module LogInjection {
abstract class Sanitizer extends DataFlow::Node { }
/**
* DEPRECATED: Use `RemoteFlowAsSource` instead.
* DEPRECATED: Use `RemoteFlowSource` or `Source` instead.
*/
deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
/** A source of untrusted data, considered as a taint source for log injection. */
class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
/** An argument to a logging mechanism. */
class LoggerSink extends Sink {

4
go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll
View File

@@ -43,14 +43,14 @@ module OpenUrlRedirect {
}
/**
* DEPRECATED: Use `RemoteFlowAsSource` instead.
* DEPRECATED: Use `RemoteFlowSource` or `Source` instead.
*/
deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
/**
* A source of third-party user input, considered as a flow source for URL redirects.
*/
class RemoteFlowAsSource extends Source, RemoteFlowSource {
private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource {
RemoteFlowAsSource() {
// exclude some fields and methods of URLs that are generally not attacker-controllable for
// open redirect exploits

4
go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll
View File

@@ -35,14 +35,14 @@ module ReflectedXss {
}
/**
* DEPRECATED: Use `RemoteFlowAsSource` instead.
* DEPRECATED: Use `RemoteFlowSource` or `Source` instead.
*/
deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
/**
* A third-party controllable input, considered as a flow source for reflected XSS.
*/
class RemoteFlowAsSource extends Source, RemoteFlowSource { }
private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
/** An arbitrary XSS sink, considered as a flow sink for stored XSS. */
private class AnySink extends Sink instanceof SharedXss::Sink { }

4
go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll
View File

@@ -33,14 +33,14 @@ module RequestForgery {
abstract class SanitizerEdge extends DataFlow::Node { }
/**
* DEPRECATED: Use `RemoteFlowAsSource` instead.
* DEPRECATED: Use `RemoteFlowSource` or `Source` instead.
*/
deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
/**
* A third-party controllable input, considered as a flow source for request forgery.
*/
class RemoteFlowAsSource extends Source, RemoteFlowSource { }
private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
/**
* The URL of an HTTP request, viewed as a sink for request forgery.

4
go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll
View File

@@ -26,12 +26,12 @@ module SqlInjection {
abstract class Sanitizer extends DataFlow::Node { }
/**
* DEPRECATED: Use `RemoteFlowAsSource` instead.
* DEPRECATED: Use `RemoteFlowSource` or `Source` instead.
*/
deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
/** A source of untrusted data, considered as a taint source for SQL injection. */
class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
/** An SQL string, considered as a taint sink for SQL injection. */
class SqlQueryAsSink extends Sink instanceof SQL::QueryString { }

4
go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll
View File

@@ -45,12 +45,12 @@ module TaintedPath {
}
/**
* DEPRECATED: Use `RemoteFlowAsSource` instead.
* DEPRECATED: Use `RemoteFlowSource` or `Source` instead.
*/
deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
/** A source of untrusted data, considered as a taint source for path traversal. */
class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
/** A path expression, considered as a taint sink for path traversal. */
class PathAsSink extends Sink {

4
go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll
View File

@@ -25,12 +25,12 @@ module XPathInjection {
abstract class Sanitizer extends DataFlow::ExprNode { }
/**
* DEPRECATED: Use `RemoteFlowAsSource` instead.
* DEPRECATED: Use `RemoteFlowSource` or `Source` instead.
*/
deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
/** A source of untrusted data, used in an XPath expression. */
class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
/** An XPath expression string, considered as a taint sink for XPath injection. */
class XPathExpressionStringAsSink extends Sink instanceof XPath::XPathExpressionString { }

4
go/ql/src/Security/CWE-640/EmailInjectionCustomizations.qll
View File

@@ -17,12 +17,12 @@ module EmailInjection {
abstract class Sink extends DataFlow::Node { }
/**
* DEPRECATED: Use `RemoteFlowSourceAsSource` instead.
* DEPRECATED: Use `RemoteFlowSource` or `Source` instead.
*/
deprecated class UntrustedFlowSourceAsSource = RemoteFlowSourceAsSource;
/** A source of untrusted data, considered as a taint source for email injection. */
class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }
private class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { }
/**
* A data-flow node that becomes part of an email considered as a taint sink for email injection.

4
go/ql/src/experimental/CWE-918/SSRF.qll
View File

@@ -88,14 +88,14 @@ module ServerSideRequestForgery {
abstract class SanitizerEdge extends DataFlow::Node { }
/**
* DEPRECATED: Use `RemoteFlowAsSource` instead.
* DEPRECATED: Use `RemoteFlowSource` or `Source` instead.
*/
deprecated class UntrustedFlowAsSource = RemoteFlowAsSource;
/**
* An user controlled input, considered as a flow source for request forgery.
*/
class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
/**
* The URL of an HTTP request, viewed as a sink for request forgery.