use CallNode.getSyntacticArgument

2025-12-17 01:03:14 +01:00 · 2023-04-13 07:22:17 +01:00
parent 2d3fed9c07
commit bc0f9030e3
21 changed files with 38 additions and 37 deletions
--- a/go/ql/lib/semmle/go/StringOps.qll
+++ b/go/ql/lib/semmle/go/StringOps.qll
@@ -219,7 +219,7 @@ module StringOps {
       * replaced.
       */
      DataFlow::Node getAReplacedArgument() {
-        exists(int n | n % 2 = 0 and result = this.getArgument(n))
+        exists(int n | n % 2 = 0 and result = this.getSyntacticArgument(n))
      }
    }

--- a/go/ql/lib/semmle/go/frameworks/Beego.qll
+++ b/go/ql/lib/semmle/go/frameworks/Beego.qll
@@ -253,7 +253,7 @@ module Beego {
      this.getTarget().hasQualifiedName([packagePath(), logsPackagePath()], getALogFunctionName())
    }

-    override DataFlow::Node getAMessageComponent() { result = this.getAnArgument() }
+    override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
  }

  private class BeegoLoggerMethods extends LoggerCall::Range, DataFlow::MethodCallNode {
@@ -261,13 +261,13 @@ module Beego {
      this.getTarget().hasQualifiedName(logsPackagePath(), "BeeLogger", getALogFunctionName())
    }

-    override DataFlow::Node getAMessageComponent() { result = this.getAnArgument() }
+    override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
  }

  private class UtilLoggers extends LoggerCall::Range, DataFlow::CallNode {
    UtilLoggers() { this.getTarget().hasQualifiedName(utilsPackagePath(), "Display") }

-    override DataFlow::Node getAMessageComponent() { result = this.getAnArgument() }
+    override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
  }

  private class HtmlQuoteSanitizer extends SharedXss::Sanitizer {
--- a/go/ql/lib/semmle/go/frameworks/BeegoOrm.qll
+++ b/go/ql/lib/semmle/go/frameworks/BeegoOrm.qll
@@ -33,7 +33,7 @@ module BeegoOrm {
    // Note this class doesn't do any escaping, unlike the true ORM part of the package
    QueryBuilderSink() {
      exists(Method impl | impl.implements(packagePath(), "QueryBuilder", _) |
-        this = impl.getACall().getAnArgument()
+        this = impl.getACall().getASyntacticArgument()
      ) and
      this.getType().getUnderlyingType() instanceof StringType
    }
--- a/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll
+++ b/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll
@@ -90,7 +90,7 @@ module ElazarlGoproxy {
        onreqcall.getTarget().hasQualifiedName(packagePath(), "ProxyHttpServer", "OnRequest")
      |
        handlerReg.getReceiver() = onreqcall.getASuccessor*() and
-        check = onreqcall.getArgument(0)
+        check = onreqcall.getSyntacticArgument(0)
      )
    }
  }
@@ -119,6 +119,6 @@ module ElazarlGoproxy {
  private class ProxyLog extends LoggerCall::Range, DataFlow::MethodCallNode {
    ProxyLog() { this.getTarget() instanceof ProxyLogFunction }

-    override DataFlow::Node getAMessageComponent() { result = this.getAnArgument() }
+    override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
  }
 }
--- a/go/ql/lib/semmle/go/frameworks/Email.qll
+++ b/go/ql/lib/semmle/go/frameworks/Email.qll
@@ -56,13 +56,13 @@ module EmailData {
      // func NewV3MailInit(from *Email, subject string, to *Email, content ...*Content) *SGMailV3
      exists(Function newv3MailInit |
        newv3MailInit.hasQualifiedName(sendgridMail(), "NewV3MailInit") and
-        this = newv3MailInit.getACall().getArgument(any(int i | i = 1 or i >= 3))
+        this = newv3MailInit.getACall().getSyntacticArgument(any(int i | i = 1 or i >= 3))
      )
      or
      // func (s *SGMailV3) AddContent(c ...*Content) *SGMailV3
      exists(Method addContent |
        addContent.hasQualifiedName(sendgridMail(), "SGMailV3", "AddContent") and
-        this = addContent.getACall().getAnArgument()
+        this = addContent.getACall().getASyntacticArgument()
      )
    }
  }
--- a/go/ql/lib/semmle/go/frameworks/Glog.qll
+++ b/go/ql/lib/semmle/go/frameworks/Glog.qll
@@ -49,7 +49,7 @@ module Glog {
    GlogCall() { this = callee.getACall() }

    override DataFlow::Node getAMessageComponent() {
-      result = this.getArgument(any(int i | i >= callee.getFirstPrintedArg()))
+      result = this.getSyntacticArgument(any(int i | i >= callee.getFirstPrintedArg()))
    }
  }
 }
--- a/go/ql/lib/semmle/go/frameworks/Logrus.qll
+++ b/go/ql/lib/semmle/go/frameworks/Logrus.qll
@@ -31,7 +31,7 @@ module Logrus {
  private class LogCall extends LoggerCall::Range, DataFlow::CallNode {
    LogCall() { this = any(LogFunction f).getACall() }

-    override DataFlow::Node getAMessageComponent() { result = this.getAnArgument() }
+    override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
  }

  private class StringFormatters extends StringOps::Formatting::Range instanceof LogFunction {
--- a/go/ql/lib/semmle/go/frameworks/Revel.qll
+++ b/go/ql/lib/semmle/go/frameworks/Revel.qll
@@ -124,7 +124,7 @@ module Revel {
        or
        methodName = "RenderText" and
        contentType = "text/plain" and
-        this = methodCall.getAnArgument()
+        this = methodCall.getSyntacticArgument(_)
      )
    }

@@ -201,7 +201,7 @@ module Revel {
        )
        or
        // a revel controller.Render(arg) will set controller.ViewArgs["arg"] = arg
-        exists(Variable arg | arg.getARead() = render.(ControllerRender).getAnArgument() |
+        exists(Variable arg | arg.getARead() = render.(ControllerRender).getASyntacticArgument() |
          var.getBaseVariable() = arg and
          var.getQualifiedName() = read.getFieldName()
        )
--- a/go/ql/lib/semmle/go/frameworks/SQL.qll
+++ b/go/ql/lib/semmle/go/frameworks/SQL.qll
@@ -225,7 +225,7 @@ module SQL {
    GormSink() {
      exists(Method meth, string package, string name |
        meth.hasQualifiedName(package, "DB", name) and
-        this = meth.getACall().getArgument(0) and
+        this = meth.getACall().getSyntacticArgument(0) and
        package = Gorm::packagePath() and
        name in [
            "Where", "Raw", "Order", "Not", "Or", "Select", "Table", "Group", "Having", "Joins",
@@ -272,7 +272,7 @@ module Xorm {
    XormSink() {
      exists(Method meth, string type, string name, int n |
        meth.hasQualifiedName(Xorm::packagePath(), type, name) and
-        this = meth.getACall().getArgument(n) and
+        this = meth.getACall().getSyntacticArgument(n) and
        type = ["Engine", "Session"]
      |
        name =
--- a/go/ql/lib/semmle/go/frameworks/Spew.qll
+++ b/go/ql/lib/semmle/go/frameworks/Spew.qll
@@ -41,7 +41,7 @@ module Spew {
    SpewCall() { this = target.getACall() }

    override DataFlow::Node getAMessageComponent() {
-      result = this.getArgument(any(int i | i >= target.getFirstPrintedArg()))
+      result = this.getSyntacticArgument(any(int i | i >= target.getFirstPrintedArg()))
    }
  }

--- a/go/ql/lib/semmle/go/frameworks/SystemCommandExecutors.qll
+++ b/go/ql/lib/semmle/go/frameworks/SystemCommandExecutors.qll
@@ -14,11 +14,12 @@ private class ShellOrSudoExecution extends SystemCommandExecution::Range, DataFl

  ShellOrSudoExecution() {
    this instanceof SystemCommandExecution and
-    shellCommand = this.getAnArgument().getAPredecessor*() and
-    not hasSafeSubcommand(shellCommand.getStringValue(), this.getAnArgument().getStringValue())
+    shellCommand = this.getASyntacticArgument().getAPredecessor*() and
+    not hasSafeSubcommand(shellCommand.getStringValue(),
+      this.getASyntacticArgument().getStringValue())
  }

-  override DataFlow::Node getCommandName() { result = this.getAnArgument() }
+  override DataFlow::Node getCommandName() { result = this.getASyntacticArgument() }

  override predicate doubleDashIsSanitizing() {
    shellCommand.getStringValue().matches("%" + ["git", "rsync"])
@@ -49,7 +50,7 @@ private class SystemCommandExecutors extends SystemCommandExecution::Range, Data
    )
  }

-  override DataFlow::Node getCommandName() { result = this.getArgument(cmdArg) }
+  override DataFlow::Node getCommandName() { result = this.getSyntacticArgument(cmdArg) }
 }

 /**
@@ -76,7 +77,7 @@ private class GoShCommandExecution extends SystemCommandExecution::Range, DataFl
    )
  }

-  override DataFlow::Node getCommandName() { result = this.getArgument(0) }
+  override DataFlow::Node getCommandName() { result = this.getSyntacticArgument(0) }
 }

 /**
@@ -102,7 +103,7 @@ module CryptoSsh {
      )
    }

-    override DataFlow::Node getCommandName() { result = this.getArgument(0) }
+    override DataFlow::Node getCommandName() { result = this.getSyntacticArgument(0) }
  }
 }

--- a/go/ql/lib/semmle/go/frameworks/Zap.qll
+++ b/go/ql/lib/semmle/go/frameworks/Zap.qll
@@ -45,7 +45,7 @@ module Zap {
  private class ZapCall extends LoggerCall::Range, DataFlow::MethodCallNode {
    ZapCall() { this = any(ZapFunction f).getACall() }

-    override DataFlow::Node getAMessageComponent() { result = this.getAnArgument() }
+    override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
  }

  // These are expressed using TaintTracking::FunctionModel because varargs functions don't work with Models-as-Data sumamries yet.
--- a/go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll
+++ b/go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll
@@ -30,7 +30,7 @@ module Fmt {
  private class PrintCall extends LoggerCall::Range, DataFlow::CallNode {
    PrintCall() { this.getTarget() instanceof Printer }

-    override DataFlow::Node getAMessageComponent() { result = this.getAnArgument() }
+    override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
  }

  /** The `Fprint` function or one of its variants. */
--- a/go/ql/lib/semmle/go/frameworks/stdlib/Log.qll
+++ b/go/ql/lib/semmle/go/frameworks/stdlib/Log.qll
@@ -27,7 +27,7 @@ module Log {
  private class LogCall extends LoggerCall::Range, DataFlow::CallNode {
    LogCall() { this = any(LogFunction f).getACall() }

-    override DataFlow::Node getAMessageComponent() { result = this.getAnArgument() }
+    override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
  }

  /** A fatal log function, which calls `os.Exit`. */
--- a/go/ql/lib/semmle/go/security/CommandInjection.qll
+++ b/go/ql/lib/semmle/go/security/CommandInjection.qll
@@ -47,7 +47,7 @@ module CommandInjection {
      exists(DataFlow::CallNode c |
        this = c and
        (c = Builtin::append().getACall() or c = any(SystemCommandExecution sce)) and
-        c.getArgument(doubleDashIndex).getStringValue() = "--"
+        c.getSyntacticArgument(doubleDashIndex).getStringValue() = "--"
      )
      or
      // array/slice literal containing a "--"
@@ -63,7 +63,7 @@ module CommandInjection {
          alreadyHasDoubleDash.getType() instanceof SliceType
        ) and
        this = userCall and
-        DataFlow::localFlow(alreadyHasDoubleDash, userCall.getArgument(doubleDashIndex))
+        DataFlow::localFlow(alreadyHasDoubleDash, userCall.getSyntacticArgument(doubleDashIndex))
      )
    }

@@ -71,7 +71,7 @@ module CommandInjection {
      exists(int sanitizedIndex |
        sanitizedIndex > doubleDashIndex and
        (
-          result = this.(DataFlow::CallNode).getArgument(sanitizedIndex) or
+          result = this.(DataFlow::CallNode).getSyntacticArgument(sanitizedIndex) or
          result = DataFlow::exprNode(this.asExpr().(ArrayOrSliceLit).getElement(sanitizedIndex))
        )
      )
--- a/go/ql/lib/semmle/go/security/Xss.qll
+++ b/go/ql/lib/semmle/go/security/Xss.qll
@@ -73,12 +73,12 @@ module SharedXss {
      exists(body.getAContentTypeNode())
      or
      exists(DataFlow::CallNode call | call.getTarget().hasQualifiedName("fmt", "Fprintf") |
-        body = call.getAnArgument() and
+        body = call.getASyntacticArgument() and
        // checks that the format value does not start with (ignoring whitespace as defined by
        // https://mimesniff.spec.whatwg.org/#whitespace-byte):
        //  - '<', which could lead to an HTML content type being detected, or
        //  - '%', which could be a format string.
-        call.getArgument(1).getStringValue().regexpMatch("(?s)[\\t\\n\\x0c\\r ]*+[^<%].*")
+        call.getSyntacticArgument(1).getStringValue().regexpMatch("(?s)[\\t\\n\\x0c\\r ]*+[^<%].*")
      )
      or
      exists(DataFlow::Node pred | body = pred.getASuccessor*() |
--- a/go/ql/src/Security/CWE-352/ConstantOauth2State.ql
+++ b/go/ql/src/Security/CWE-352/ConstantOauth2State.ql
@@ -109,7 +109,7 @@ class PrivateUrlFlowsToAuthCodeUrlCall extends DataFlow::Configuration {
    exists(DataFlow::CallNode cn |
      cn.getACalleeIncludingExternals().asFunction() instanceof Fmt::AppenderOrSprinter
    |
-      pred = cn.getAnArgument() and succ = cn.getResult()
+      pred = cn.getASyntacticArgument() and succ = cn.getResult()
    )
  }

--- a/go/ql/src/Security/CWE-601/BadRedirectCheck.ql
+++ b/go/ql/src/Security/CWE-601/BadRedirectCheck.ql
@@ -121,7 +121,7 @@ class Configuration extends TaintTracking::Configuration {
    )
    or
    exists(DataFlow::CallNode call, int i | call.getTarget().hasQualifiedName("path", "Join") |
-      i > 0 and node = call.getArgument(i)
+      i > 0 and node = call.getSyntacticArgument(i)
    )
  }

--- a/go/ql/src/experimental/frameworks/CleverGo.qll
+++ b/go/ql/src/experimental/frameworks/CleverGo.qll
@@ -278,7 +278,7 @@ private module CleverGo {
          or
          // signature: func (*Context) Stringf(code int, format string, a ...interface{}) error
          methodName = "Stringf" and
-          bodyNode = bodySetterCall.getArgument([1, any(int i | i >= 2)]) and
+          bodyNode = bodySetterCall.getSyntacticArgument([1, any(int i | i >= 2)]) and
          contentTypeString = "text/plain"
          or
          // signature: func (*Context) XML(code int, data interface{}) error
--- a/go/ql/src/experimental/frameworks/Fiber.qll
+++ b/go/ql/src/experimental/frameworks/Fiber.qll
@@ -183,7 +183,7 @@ private module Fiber {
          // signature: func (*Ctx) Append(field string, values ...string)
          methodName = "Append" and
          headerNameNode = headerSetterCall.getArgument(0) and
-          headerValueNode = headerSetterCall.getArgument(any(int i | i >= 1))
+          headerValueNode = headerSetterCall.getSyntacticArgument(any(int i | i >= 1))
          or
          // signature: func (*Ctx) Set(key string, val string)
          methodName = "Set" and
@@ -270,7 +270,7 @@ private module Fiber {
          or
          // signature: func (*Ctx) Send(bodies ...interface{})
          methodName = "Send" and
-          bodyNode = bodySetterCall.getArgument(_)
+          bodyNode = bodySetterCall.getSyntacticArgument(_)
          or
          // signature: func (*Ctx) SendBytes(body []byte)
          methodName = "SendBytes" and
@@ -286,7 +286,7 @@ private module Fiber {
          or
          // signature: func (*Ctx) Write(bodies ...interface{})
          methodName = "Write" and
-          bodyNode = bodySetterCall.getArgument(_)
+          bodyNode = bodySetterCall.getSyntacticArgument(_)
        )
      )
    )
--- a/go/ql/test/library-tests/semmle/go/frameworks/SQL/Gorm/gorm.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/Gorm/gorm.ql
@@ -1,5 +1,5 @@
 import go

 from SQL::QueryString qs, Method meth, string a, string b, string c
-where meth.hasQualifiedName(a, b, c) and qs = meth.getACall().getArgument(0)
+where meth.hasQualifiedName(a, b, c) and qs = meth.getACall().getSyntacticArgument(0)
 select qs, a, b, c