hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #31 from max-schaefer/string-break-source

Browse Source 
Sharpen the sources for `StringBreak`.
This commit is contained in:
Sauyon Lee
2020-02-21 09:35:58 -08:00
committed by GitHub
parent e9447a0e16 285f392a12
commit bfbd08c51d
3 changed files with 19 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ql/src/semmle/go/security/StringBreakCustomizations.qll
View File

@@ -49,7 +49,8 @@ module StringBreak {
class JsonMarshalAsSource extends Source {
JsonMarshalAsSource() {
exists(Function jsonMarshal | jsonMarshal.hasQualifiedName("encoding/json", "Marshal") |
this = jsonMarshal.getACall()
// we are only interested in the first result (the second result is an error)
this = DataFlow::extractTupleElement(jsonMarshal.getACall(), 0)
)
}
}

6
ql/test/query-tests/Security/CWE-089/StringBreak.expected
View File

@@ -1,7 +1,7 @@
edges
| StringBreak.go:10:20:10:40 | call to Marshal : tuple type | StringBreak.go:14:47:14:57 | versionJSON |
| StringBreak.go:10:2:10:40 | ... := ...[0] : slice type | StringBreak.go:14:47:14:57 | versionJSON |
nodes
| StringBreak.go:10:20:10:40 | call to Marshal : tuple type | semmle.label | call to Marshal : tuple type |
| StringBreak.go:10:2:10:40 | ... := ...[0] : slice type | semmle.label | ... := ...[0] : slice type |
| StringBreak.go:14:47:14:57 | versionJSON | semmle.label | versionJSON |
#select
| StringBreak.go:14:47:14:57 | versionJSON | StringBreak.go:10:20:10:40 | call to Marshal : tuple type | StringBreak.go:14:47:14:57 | versionJSON | If this $@ contains a single quote, it could break out of the enclosing quotes. | StringBreak.go:10:20:10:40 | call to Marshal | JSON value |
| StringBreak.go:14:47:14:57 | versionJSON | StringBreak.go:10:2:10:40 | ... := ...[0] : slice type | StringBreak.go:14:47:14:57 | versionJSON | If this $@ contains a single quote, it could break out of the enclosing quotes. | StringBreak.go:10:2:10:40 | ... := ...[0] | JSON value |

14
ql/test/query-tests/Security/CWE-089/tst.go Normal file
View File

@@ -0,0 +1,14 @@
package main
import (
"encoding/json"
"fmt"
)
func marshal(version interface{}) string {
versionJSON, err := json.Marshal(version)
if err != nil {
return fmt.Sprintf("error: '%v'", err) // OK
}
return versionJSON
}