Remove taint-tracking on single bytes and runes

2026-01-30 23:02:56 +01:00 · 2020-09-04 12:25:25 +02:00
parent 6d3e6ded26
commit cf29f9dede
4 changed files with 49 additions and 151 deletions
--- a/ql/src/semmle/go/frameworks/stdlib/Strconv.qll
+++ b/ql/src/semmle/go/frameworks/stdlib/Strconv.qll
@@ -56,18 +56,6 @@ module Strconv {
      hasQualifiedName("strconv", "Quote") and
      (inp.isParameter(0) and outp.isResult())
      or
-      // signature: func QuoteRune(r rune) string
-      hasQualifiedName("strconv", "QuoteRune") and
-      (inp.isParameter(0) and outp.isResult())
-      or
-      // signature: func QuoteRuneToASCII(r rune) string
-      hasQualifiedName("strconv", "QuoteRuneToASCII") and
-      (inp.isParameter(0) and outp.isResult())
-      or
-      // signature: func QuoteRuneToGraphic(r rune) string
-      hasQualifiedName("strconv", "QuoteRuneToGraphic") and
-      (inp.isParameter(0) and outp.isResult())
-      or
      // signature: func QuoteToASCII(s string) string
      hasQualifiedName("strconv", "QuoteToASCII") and
      (inp.isParameter(0) and outp.isResult())
@@ -82,7 +70,7 @@ module Strconv {
      or
      // signature: func UnquoteChar(s string, quote byte) (value rune, multibyte bool, tail string, err error)
      hasQualifiedName("strconv", "UnquoteChar") and
-      (inp.isParameter(0) and outp.isResult([0, 2]))
+      (inp.isParameter(0) and outp.isResult(2))
    }

    override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
--- a/ql/src/semmle/go/frameworks/stdlib/Strings.qll
+++ b/ql/src/semmle/go/frameworks/stdlib/Strings.qll
@@ -150,10 +150,6 @@ module Strings {
      this.hasQualifiedName("strings", "Builder", "Write") and
      (inp.isParameter(0) and outp.isReceiver())
      or
-      // signature: func (*Builder).WriteByte(c byte) error
-      this.hasQualifiedName("strings", "Builder", "WriteByte") and
-      (inp.isParameter(0) and outp.isReceiver())
-      or
      // signature: func (*Builder).WriteString(s string) (int, error)
      this.hasQualifiedName("strings", "Builder", "WriteString") and
      (inp.isParameter(0) and outp.isReceiver())
@@ -166,14 +162,6 @@ module Strings {
      this.hasQualifiedName("strings", "Reader", "ReadAt") and
      (inp.isReceiver() and outp.isParameter(0))
      or
-      // signature: func (*Reader).ReadByte() (byte, error)
-      this.hasQualifiedName("strings", "Reader", "ReadByte") and
-      (inp.isReceiver() and outp.isResult(0))
-      or
-      // signature: func (*Reader).ReadRune() (ch rune, size int, err error)
-      this.hasQualifiedName("strings", "Reader", "ReadRune") and
-      (inp.isReceiver() and outp.isResult(0))
-      or
      // signature: func (*Reader).Reset(s string)
      this.hasQualifiedName("strings", "Reader", "Reset") and
      (inp.isParameter(0) and outp.isReceiver())
--- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Strconv.go
+++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Strconv.go
@@ -46,52 +46,28 @@ func TaintStepTest_StrconvQuote_B0I0O0(sourceCQL interface{}) interface{} {
 	return intoString584
 }

-func TaintStepTest_StrconvQuoteRune_B0I0O0(sourceCQL interface{}) interface{} {
-	fromRune991 := sourceCQL.(rune)
-	intoString881 := strconv.QuoteRune(fromRune991)
+func TaintStepTest_StrconvQuoteToASCII_B0I0O0(sourceCQL interface{}) interface{} {
+	fromString991 := sourceCQL.(string)
+	intoString881 := strconv.QuoteToASCII(fromString991)
 	return intoString881
 }

-func TaintStepTest_StrconvQuoteRuneToASCII_B0I0O0(sourceCQL interface{}) interface{} {
-	fromRune186 := sourceCQL.(rune)
-	intoString284 := strconv.QuoteRuneToASCII(fromRune186)
+func TaintStepTest_StrconvQuoteToGraphic_B0I0O0(sourceCQL interface{}) interface{} {
+	fromString186 := sourceCQL.(string)
+	intoString284 := strconv.QuoteToGraphic(fromString186)
 	return intoString284
 }

-func TaintStepTest_StrconvQuoteRuneToGraphic_B0I0O0(sourceCQL interface{}) interface{} {
-	fromRune908 := sourceCQL.(rune)
-	intoString137 := strconv.QuoteRuneToGraphic(fromRune908)
+func TaintStepTest_StrconvUnquote_B0I0O0(sourceCQL interface{}) interface{} {
+	fromString908 := sourceCQL.(string)
+	intoString137, _ := strconv.Unquote(fromString908)
 	return intoString137
 }

-func TaintStepTest_StrconvQuoteToASCII_B0I0O0(sourceCQL interface{}) interface{} {
-	fromString494 := sourceCQL.(string)
-	intoString873 := strconv.QuoteToASCII(fromString494)
-	return intoString873
-}
-
-func TaintStepTest_StrconvQuoteToGraphic_B0I0O0(sourceCQL interface{}) interface{} {
-	fromString599 := sourceCQL.(string)
-	intoString409 := strconv.QuoteToGraphic(fromString599)
-	return intoString409
-}
-
-func TaintStepTest_StrconvUnquote_B0I0O0(sourceCQL interface{}) interface{} {
-	fromString246 := sourceCQL.(string)
-	intoString898, _ := strconv.Unquote(fromString246)
-	return intoString898
-}
-
 func TaintStepTest_StrconvUnquoteChar_B0I0O0(sourceCQL interface{}) interface{} {
-	fromString598 := sourceCQL.(string)
-	intoRune631, _, _, _ := strconv.UnquoteChar(fromString598, 0)
-	return intoRune631
-}
-
-func TaintStepTest_StrconvUnquoteChar_B0I0O1(sourceCQL interface{}) interface{} {
-	fromString165 := sourceCQL.(string)
-	_, _, intoString150, _ := strconv.UnquoteChar(fromString165, 0)
-	return intoString150
+	fromString494 := sourceCQL.(string)
+	_, _, intoString873, _ := strconv.UnquoteChar(fromString494, 0)
+	return intoString873
 }

 func RunAllTaints_Strconv() {
@@ -132,42 +108,22 @@ func RunAllTaints_Strconv() {
 	}
 	{
 		source := newSource(7)
-		out := TaintStepTest_StrconvQuoteRune_B0I0O0(source)
+		out := TaintStepTest_StrconvQuoteToASCII_B0I0O0(source)
 		sink(7, out)
 	}
 	{
 		source := newSource(8)
-		out := TaintStepTest_StrconvQuoteRuneToASCII_B0I0O0(source)
+		out := TaintStepTest_StrconvQuoteToGraphic_B0I0O0(source)
 		sink(8, out)
 	}
 	{
 		source := newSource(9)
-		out := TaintStepTest_StrconvQuoteRuneToGraphic_B0I0O0(source)
+		out := TaintStepTest_StrconvUnquote_B0I0O0(source)
 		sink(9, out)
 	}
 	{
 		source := newSource(10)
-		out := TaintStepTest_StrconvQuoteToASCII_B0I0O0(source)
+		out := TaintStepTest_StrconvUnquoteChar_B0I0O0(source)
 		sink(10, out)
 	}
-	{
-		source := newSource(11)
-		out := TaintStepTest_StrconvQuoteToGraphic_B0I0O0(source)
-		sink(11, out)
-	}
-	{
-		source := newSource(12)
-		out := TaintStepTest_StrconvUnquote_B0I0O0(source)
-		sink(12, out)
-	}
-	{
-		source := newSource(13)
-		out := TaintStepTest_StrconvUnquoteChar_B0I0O0(source)
-		sink(13, out)
-	}
-	{
-		source := newSource(14)
-		out := TaintStepTest_StrconvUnquoteChar_B0I0O1(source)
-		sink(14, out)
-	}
 }
--- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Strings.go
+++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Strings.go
@@ -224,73 +224,54 @@ func TaintStepTest_StringsBuilderWrite_B0I0O0(sourceCQL interface{}) interface{}
 	return intoBuilder783
 }

-func TaintStepTest_StringsBuilderWriteByte_B0I0O0(sourceCQL interface{}) interface{} {
-	fromByte905 := sourceCQL.(byte)
+func TaintStepTest_StringsBuilderWriteString_B0I0O0(sourceCQL interface{}) interface{} {
+	fromString905 := sourceCQL.(string)
 	var intoBuilder389 strings.Builder
-	intoBuilder389.WriteByte(fromByte905)
+	intoBuilder389.WriteString(fromString905)
 	return intoBuilder389
 }

-func TaintStepTest_StringsBuilderWriteString_B0I0O0(sourceCQL interface{}) interface{} {
-	fromString198 := sourceCQL.(string)
-	var intoBuilder477 strings.Builder
-	intoBuilder477.WriteString(fromString198)
-	return intoBuilder477
-}
-
 func TaintStepTest_StringsReaderRead_B0I0O0(sourceCQL interface{}) interface{} {
-	fromReader544 := sourceCQL.(strings.Reader)
-	var intoByte382 []byte
-	fromReader544.Read(intoByte382)
-	return intoByte382
+	fromReader198 := sourceCQL.(strings.Reader)
+	var intoByte477 []byte
+	fromReader198.Read(intoByte477)
+	return intoByte477
 }

 func TaintStepTest_StringsReaderReadAt_B0I0O0(sourceCQL interface{}) interface{} {
-	fromReader715 := sourceCQL.(strings.Reader)
-	var intoByte179 []byte
-	fromReader715.ReadAt(intoByte179, 0)
-	return intoByte179
-}
-
-func TaintStepTest_StringsReaderReadByte_B0I0O0(sourceCQL interface{}) interface{} {
-	fromReader366 := sourceCQL.(strings.Reader)
-	intoByte648, _ := fromReader366.ReadByte()
-	return intoByte648
-}
-
-func TaintStepTest_StringsReaderReadRune_B0I0O0(sourceCQL interface{}) interface{} {
 	fromReader544 := sourceCQL.(strings.Reader)
-	intoRune484, _, _ := fromReader544.ReadRune()
-	return intoRune484
+	var intoByte382 []byte
+	fromReader544.ReadAt(intoByte382, 0)
+	return intoByte382
 }

 func TaintStepTest_StringsReaderReset_B0I0O0(sourceCQL interface{}) interface{} {
-	fromString824 := sourceCQL.(string)
-	var intoReader754 strings.Reader
-	intoReader754.Reset(fromString824)
-	return intoReader754
+	fromString715 := sourceCQL.(string)
+	var intoReader179 strings.Reader
+	intoReader179.Reset(fromString715)
+	return intoReader179
 }

 func TaintStepTest_StringsReaderWriteTo_B0I0O0(sourceCQL interface{}) interface{} {
-	fromReader680 := sourceCQL.(strings.Reader)
-	var intoWriter722 io.Writer
-	fromReader680.WriteTo(intoWriter722)
-	return intoWriter722
+	fromReader366 := sourceCQL.(strings.Reader)
+	var intoWriter648 io.Writer
+	fromReader366.WriteTo(intoWriter648)
+	return intoWriter648
 }

 func TaintStepTest_StringsReplacerReplace_B0I0O0(sourceCQL interface{}) interface{} {
-	fromString506 := sourceCQL.(string)
+	fromString544 := sourceCQL.(string)
 	var mediumObjCQL strings.Replacer
-	intoString121 := mediumObjCQL.Replace(fromString506)
-	return intoString121
+	intoString484 := mediumObjCQL.Replace(fromString544)
+	return intoString484
 }

 func TaintStepTest_StringsReplacerWriteString_B0I0O0(sourceCQL interface{}) interface{} {
-	fromString293 := sourceCQL.(string)
-	var intoWriter151 io.Writer
+	fromString824 := sourceCQL.(string)
+	var intoWriter754 io.Writer
 	var mediumObjCQL strings.Replacer
-	mediumObjCQL.WriteString(intoWriter151, fromString293)
-	return intoWriter151
+	mediumObjCQL.WriteString(intoWriter754, fromString824)
+	return intoWriter754
 }

 func RunAllTaints_Strings() {
@@ -476,52 +457,37 @@ func RunAllTaints_Strings() {
 	}
 	{
 		source := newSource(36)
-		out := TaintStepTest_StringsBuilderWriteByte_B0I0O0(source)
+		out := TaintStepTest_StringsBuilderWriteString_B0I0O0(source)
 		sink(36, out)
 	}
 	{
 		source := newSource(37)
-		out := TaintStepTest_StringsBuilderWriteString_B0I0O0(source)
+		out := TaintStepTest_StringsReaderRead_B0I0O0(source)
 		sink(37, out)
 	}
 	{
 		source := newSource(38)
-		out := TaintStepTest_StringsReaderRead_B0I0O0(source)
+		out := TaintStepTest_StringsReaderReadAt_B0I0O0(source)
 		sink(38, out)
 	}
 	{
 		source := newSource(39)
-		out := TaintStepTest_StringsReaderReadAt_B0I0O0(source)
+		out := TaintStepTest_StringsReaderReset_B0I0O0(source)
 		sink(39, out)
 	}
 	{
 		source := newSource(40)
-		out := TaintStepTest_StringsReaderReadByte_B0I0O0(source)
+		out := TaintStepTest_StringsReaderWriteTo_B0I0O0(source)
 		sink(40, out)
 	}
 	{
 		source := newSource(41)
-		out := TaintStepTest_StringsReaderReadRune_B0I0O0(source)
+		out := TaintStepTest_StringsReplacerReplace_B0I0O0(source)
 		sink(41, out)
 	}
 	{
 		source := newSource(42)
-		out := TaintStepTest_StringsReaderReset_B0I0O0(source)
+		out := TaintStepTest_StringsReplacerWriteString_B0I0O0(source)
 		sink(42, out)
 	}
-	{
-		source := newSource(43)
-		out := TaintStepTest_StringsReaderWriteTo_B0I0O0(source)
-		sink(43, out)
-	}
-	{
-		source := newSource(44)
-		out := TaintStepTest_StringsReplacerReplace_B0I0O0(source)
-		sink(44, out)
-	}
-	{
-		source := newSource(45)
-		out := TaintStepTest_StringsReplacerWriteString_B0I0O0(source)
-		sink(45, out)
-	}
 }