hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Convert Fasthttp::Args::RemoteFlowSource to MaD

Browse Source
This commit is contained in:
Owen Mansel-Chan
2024-06-23 14:08:51 +01:00
parent 5a00b5ec96
commit c3169d258f
2 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
go/ql/lib/ext/github.com.valyala.fasthttp.model.yml
View File

@@ -13,6 +13,12 @@ extensions:
pack: codeql/go-all
extensible: sourceModel
data:
- ["github.com/valyala/fasthttp", "Args", True, "Peek", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/valyala/fasthttp", "Args", True, "PeekBytes", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/valyala/fasthttp", "Args", True, "PeekMulti", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/valyala/fasthttp", "Args", True, "PeekMultiBytes", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/valyala/fasthttp", "Args", True, "QueryString", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/valyala/fasthttp", "Args", True, "String", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/valyala/fasthttp", "URI", True, "FullURI", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/valyala/fasthttp", "URI", True, "LastPathSegment", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/valyala/fasthttp", "URI", True, "Path", "", "", "ReturnValue[0]", "remote", "manual"]

10
go/ql/lib/semmle/go/frameworks/Fasthttp.qll
View File

@@ -279,20 +279,24 @@ module Fasthttp {
}
/**
* DEPRECATED
*
* Provide modeling for fasthttp.Args Type.
*/
module Args {
deprecated module Args {
/**
* DEPRECATED: Use `RemoteFlowSource` instead.
* DEPRECATED: Use `RemoteFlowSource::Range` instead.
*/
deprecated class UntrustedFlowSource = RemoteFlowSource;
/**
* DEPRECATED: Use `RemoteFlowSource::Range` instead.
*
* The methods as Remote user controllable source which are part of the incoming URL Parameters.
*
* When support for lambdas has been implemented we should model "VisitAll".
*/
class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
deprecated class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
RemoteFlowSource() {
exists(Method m |
m.hasQualifiedName(packagePath(), "Args",