Apply suggestions from code review

Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
2026-04-20 06:24:03 +02:00 · 2023-02-03 16:19:48 +01:00
parent a0cf8e786c
commit c7637a7e1f
2 changed files with 12 additions and 10 deletions
--- a/go/ql/lib/semmle/go/frameworks/Twirp.qll
+++ b/go/ql/lib/semmle/go/frameworks/Twirp.qll
@@ -22,6 +22,7 @@ module Twirp {

  /**
   * A *.twirp.go file generated by Twirp.
+   *
   * This file contains all the types representing protobuf services and should have a companion *.pb.go file.
   */
  class ServicesGeneratedFile extends File {
@@ -66,7 +67,7 @@ module Twirp {
    override string getName() { result = namedType.getName() }

    /**
-     * Returns the named type on top of this interface type
+     * Gets the named type on top of this interface type.
     */
    NamedType getNamedType() { result = namedType }
  }
@@ -87,7 +88,7 @@ module Twirp {
  }

  /**
-   * A Twirp server
+   * A Twirp server.
   */
  class ServiceServerType extends NamedType {
    ServiceServerType() {
@@ -101,13 +102,13 @@ module Twirp {
  }

  /**
-   * A Twirp function to construct a Client
+   * A Twirp function to construct a Client.
   */
  class ClientConstructor extends Function {
    ClientConstructor() {
      exists(ServiceClientType c |
        this.getName().toLowerCase() = "new" + c.getName().toLowerCase() and
-        this.getParameter(0).getType() instanceof StringType and
+        this.getParameterType(0) instanceof StringType and
        this.getParameterType(1).getName() = "HTTPClient" and
        this.getDeclaration().getLocation().getFile() instanceof ServicesGeneratedFile
      )
@@ -115,8 +116,9 @@ module Twirp {
  }

  /**
-   * A Twirp function to construct a Server
-   * Its first argument should be an implementation of the service interface
+   * A Twirp function to construct a Server.
+   *
+   * Its first argument should be an implementation of the service interface.
   */
  class ServerConstructor extends Function {
    ServerConstructor() {
@@ -129,7 +131,7 @@ module Twirp {
  }

  /**
-   * An SSRF sink for the Client constructor
+   * An SSRF sink for the Client constructor.
   */
  class ClientRequestUrlAsSink extends RequestForgery::Sink {
    ClientRequestUrlAsSink() {
@@ -145,7 +147,7 @@ module Twirp {
  }

  /**
-   * A service handler
+   * A service handler.
   */
  class ServiceHandler extends Method {
    ServiceHandler() {
--- a/go/ql/test/library-tests/semmle/go/frameworks/Twirp/server/main.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Twirp/server/main.go
@@ -2,9 +2,9 @@ package main

 import (
 	"context"
-  "strconv"
 	"fmt"
 	"net/http"
+	"strconv"
 	"time"

 	"github.com/pwntester/go-twirp-rpc-example/rpc/notes"
@@ -27,7 +27,7 @@ func (s *notesService) CreateNote(ctx context.Context, params *notes.CreateNoteP
 		CreatedAt: time.Now().UnixMilli(),
 	}

-	notes.NewNotesServiceProtobufClient(params.Text, &http.Client{}) // test: ssrfSink, ssrf
+	notes.NewNotesServiceProtobufClient(params.Text, &http.Client{})                               // test: ssrfSink, ssrf
 	notes.NewNotesServiceProtobufClient(strconv.FormatInt(int64(s.CurrentId), 10), &http.Client{}) // test: ssrfSink, !ssrf

 	s.Notes = append(s.Notes, note)