hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-30 12:18:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #21370 from github/owen-mc/go/overlay-annotations

Browse Source 
Go: Add overlay annotations from script
This commit is contained in:
Owen Mansel-Chan
2026-03-13 16:46:01 +00:00
committed by GitHub
parent 7d6e08ecf1 b8b841cfba
commit d52e9bc18c
148 changed files with 300 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/add-overlay-annotations.py
View File

@@ -199,6 +199,7 @@ def annotate_as_appropriate(filename, lines):
# as overlay[local?]. It is not clear that these heuristics are exactly what we want,
# but they seem to work well enough for now (as determined by speed and accuracy numbers).
if (filename.endswith("Test.qll") or
re.search(r"go/ql/lib/semmle/go/security/[^/]+[.]qll$", filename.replace(os.sep, "/")) or
((filename.endswith("Query.qll") or filename.endswith("Config.qll")) and
any("implements DataFlow::ConfigSig" in line for line in lines))):
return None

2
go/ql/lib/Customizations.qll
View File

@@ -8,5 +8,7 @@
* `FileSystemAccess`, or the `Source` and `Sink` classes associated with the security queries
* to model frameworks that are not covered by the standard library.
*/
overlay[local?]
module;
import go

2
go/ql/lib/go.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with Go programs.
*/
overlay[local?]
module;
import Customizations
import semmle.go.Architectures

2
go/ql/lib/ideContextual.qll
View File

@@ -2,6 +2,8 @@
* Provides classes and predicates related to contextual queries
* in the code viewer.
*/
overlay[local?]
module;
import go
private import codeql.util.FileSystem

2
go/ql/lib/semmle/go/AST.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with AST nodes.
*/
overlay[local]
module;
import go

2
go/ql/lib/semmle/go/Architectures.qll
View File

@@ -1,4 +1,6 @@
/** Provides classes for working with architectures. */
overlay[local]
module;
import go

2
go/ql/lib/semmle/go/Comments.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with code comments.
*/
overlay[local]
module;
import go

2
go/ql/lib/semmle/go/Concepts.qll
View File

@@ -3,6 +3,8 @@
* access or system command execution, for which individual framework libraries
* provide concrete subclasses.
*/
overlay[local?]
module;
import go
import semmle.go.dataflow.FunctionInputsAndOutputs

2
go/ql/lib/semmle/go/Decls.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with declarations.
*/
overlay[local]
module;
import go

2
go/ql/lib/semmle/go/DiagnosticsReporting.qll
View File

@@ -1,4 +1,6 @@
/** Provides classes for working with errors and warnings recorded during extraction. */
overlay[local]
module;
import go

2
go/ql/lib/semmle/go/Errors.qll
View File

@@ -1,4 +1,6 @@
/** Provides classes for working with Go frontend errors recorded during extraction. */
overlay[local]
module;
import go

2
go/ql/lib/semmle/go/Expr.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with expressions.
*/
overlay[local]
module;
import go

2
go/ql/lib/semmle/go/Files.qll
View File

@@ -1,4 +1,6 @@
/** Provides classes for working with files and folders. */
overlay[local]
module;
import go
private import codeql.util.FileSystem

2
go/ql/lib/semmle/go/GoMod.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with go.mod files.
*/
overlay[local]
module;
import go

2
go/ql/lib/semmle/go/HTML.qll
View File

@@ -1,4 +1,6 @@
/** Provides classes for working with HTML documents. */
overlay[local]
module;
import go

2
go/ql/lib/semmle/go/Locations.qll
View File

@@ -1,4 +1,6 @@
/** Provides classes for working with locations and program elements that have locations. */
overlay[local]
module;
import go
private import semmle.go.Overlay

2
go/ql/lib/semmle/go/Packages.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with packages.
*/
overlay[local]
module;
import go

2
go/ql/lib/semmle/go/PrintAst.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides queries to pretty-print a Go AST as a graph.
*/
overlay[local]
module;
import go

2
go/ql/lib/semmle/go/Scopes.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with scopes and declared objects.
*/
overlay[local]
module;
import go

2
go/ql/lib/semmle/go/Stmt.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with statements.
*/
overlay[local]
module;
import go

2
go/ql/lib/semmle/go/StringOps.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides predicates and classes for working with string operations.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/Types.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with Go types.
*/
overlay[local]
module;
import go

2
go/ql/lib/semmle/go/Util.qll
View File

@@ -1,4 +1,6 @@
/** This module provides general utility classes and predicates. */
overlay[local]
module;
/**
* A Boolean value.

2
go/ql/lib/semmle/go/VariableWithFields.qll
View File

@@ -1,4 +1,6 @@
/** Provides the `VariableWithFields` class, for working with variables with a chain of field or element accesses chained to it. */
overlay[local]
module;
import go

2
go/ql/lib/semmle/go/concepts/GeneratedFile.qll
View File

@@ -1,4 +1,6 @@
/** Provides a class for generated files. */
overlay[local]
module;
import go

2
go/ql/lib/semmle/go/concepts/HTTP.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with HTTP-related concepts such as requests and responses.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/controlflow/BasicBlocks.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with basic blocks.
*/
overlay[local]
module;
import go
private import ControlFlowGraphImpl

3
go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with a CFG-based program representation.
*/
overlay[local]
module;
import go
private import ControlFlowGraphImpl
@@ -62,6 +64,7 @@ module ControlFlow {
BasicBlock getBasicBlock() { result.getANode() = this }
/** Holds if this node dominates `dominee` in the control-flow graph. */
overlay[caller?]
pragma[inline]
predicate dominatesNode(ControlFlow::Node dominee) {
exists(ReachableBasicBlock thisbb, ReachableBasicBlock dbb, int i, int j |

2
go/ql/lib/semmle/go/controlflow/ControlFlowGraphImpl.qll
View File

@@ -3,6 +3,8 @@
*
* Provides predicates for building intra-procedural CFGs.
*/
overlay[local]
module;
import go

2
go/ql/lib/semmle/go/controlflow/IR.qll
View File

@@ -9,6 +9,8 @@
* Each instruction is also a control-flow node, but there are control-flow nodes that are not
* instructions (synthetic entry and exit nodes, as well as no-op skip nodes).
*/
overlay[local]
module;
import go
private import semmle.go.controlflow.ControlFlowGraphImpl

2
go/ql/lib/semmle/go/dataflow/DataFlow.qll
View File

@@ -14,6 +14,8 @@
* (intraprocedural) data flow, invoke `DataFlow::localFlow` or
* `DataFlow::LocalFlowStep` with arguments of type `DataFlow::Node`.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/dataflow/ExternalFlow.qll
View File

@@ -84,6 +84,8 @@
* "taint" indicates a default additional taint step and "value" indicates a
* globally applicable value-preserving step.
*/
overlay[local?]
module;
private import go
private import internal.ExternalFlowExtensions::Extensions as Extensions

2
go/ql/lib/semmle/go/dataflow/FlowSummary.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes and predicates for defining flow summaries.
*/
overlay[local?]
module;
import go
private import internal.FlowSummaryImpl as Impl

2
go/ql/lib/semmle/go/dataflow/FunctionInputsAndOutputs.qll
View File

@@ -2,6 +2,8 @@
* Provides QL classes for indicating data flow through a function parameter, return value,
* or receiver.
*/
overlay[local]
module;
import go
private import semmle.go.dataflow.internal.DataFlowPrivate

2
go/ql/lib/semmle/go/dataflow/GlobalValueNumbering.qll
View File

@@ -29,6 +29,8 @@
* common reason for this is that the analysis cannot prove that there
* are no side-effects that might cause the computed value to change.
*/
overlay[local]
module;
/*
* Note to developers: the correctness of this module depends on the

2
go/ql/lib/semmle/go/dataflow/Properties.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides a class for representing and reasoning about properties of data-flow nodes.
*/
overlay[local]
module;
import go

2
go/ql/lib/semmle/go/dataflow/SSA.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with static single assignment form (SSA).
*/
overlay[local]
module;
import go
private import SsaImpl

2
go/ql/lib/semmle/go/dataflow/SsaImpl.qll
View File

@@ -3,6 +3,8 @@
*
* Provides predicates for constructing an SSA representation for functions.
*/
overlay[local]
module;
import go

2
go/ql/lib/semmle/go/dataflow/TaintTracking.qll
View File

@@ -2,6 +2,8 @@
* Provides classes for performing local (intra-procedural) and
* global (inter-procedural) taint-tracking analyses.
*/
overlay[local?]
module;
import semmle.go.dataflow.DataFlow

2
go/ql/lib/semmle/go/dataflow/barrierguardutil/RedirectCheckBarrierGuard.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides an implementation of a commonly used barrier guard for sanitizing untrusted URLs.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/dataflow/barrierguardutil/RegexpCheck.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides an implementation of a commonly used barrier guard for sanitizing untrusted URLs.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/dataflow/barrierguardutil/UrlCheck.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides an implementation of a commonly used barrier guard for sanitizing untrusted URLs.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll
View File

@@ -1,4 +1,6 @@
/** Contains predicates for dealing with container flow. */
overlay[local?]
module;
import go
private import DataFlowNodes

5
go/ql/lib/semmle/go/dataflow/internal/DataFlowDispatch.qll
View File

@@ -1,3 +1,6 @@
overlay[local?]
module;
private import go
private import DataFlowPrivate
@@ -119,6 +122,7 @@ class ArgumentPosition extends int {
}
/** Holds if arguments at position `apos` match parameters at position `ppos`. */
overlay[caller?]
pragma[inline]
predicate parameterMatch(ParameterPosition ppos, ArgumentPosition apos) { ppos = apos }
@@ -130,6 +134,7 @@ private predicate isInterfaceMethod(Method c) {
* Holds if `call` is passing `arg` to param `p` in any circumstance except passing
* a receiver parameter to a concrete method.
*/
overlay[caller?]
pragma[inline]
predicate golangSpecificParamArgFilter(
DataFlowCall call, DataFlow::ParameterNode p, DataFlow::ArgumentNode arg

3
go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl.qll
View File

@@ -1,3 +1,6 @@
overlay[local?]
module;
private import DataFlowImplSpecific
private import codeql.dataflow.internal.DataFlowImpl
private import semmle.go.Locations

3
go/ql/lib/semmle/go/dataflow/internal/DataFlowImplCommon.qll
View File

@@ -1,3 +1,6 @@
overlay[local?]
module;
private import DataFlowImplSpecific
private import codeql.dataflow.internal.DataFlowImplCommon
private import semmle.go.Locations

2
go/ql/lib/semmle/go/dataflow/internal/DataFlowImplConsistency.qll
View File

@@ -2,6 +2,8 @@
* Provides consistency queries for checking invariants in the language-specific
* data-flow classes and predicates.
*/
overlay[local?]
module;
private import go
private import DataFlowImplSpecific as Impl

2
go/ql/lib/semmle/go/dataflow/internal/DataFlowImplSpecific.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides Go-specific definitions for use in the data flow library.
*/
overlay[local?]
module;
private import codeql.dataflow.DataFlow
private import semmle.go.Locations

3
go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll
View File

@@ -1,3 +1,6 @@
overlay[local]
module;
private import go
private import semmle.go.dataflow.FunctionInputsAndOutputs
private import semmle.go.dataflow.FlowSummary

4
go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll
View File

@@ -1,3 +1,6 @@
overlay[local?]
module;
private import go
private import DataFlowUtil
private import DataFlowImplCommon
@@ -478,5 +481,6 @@ predicate allowParameterReturnInSelf(ParameterNode p) {
class ContentApprox = Unit;
/** Gets an approximated value for content `c`. */
overlay[caller?]
pragma[inline]
ContentApprox getContentApprox(Content c) { any() }

3
go/ql/lib/semmle/go/dataflow/internal/DataFlowUtil.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides Go-specific definitions for use in the data flow library.
*/
overlay[local?]
module;
private import go
private import semmle.go.dataflow.FunctionInputsAndOutputs
@@ -147,6 +149,7 @@ predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo, string model) {
* Holds if data flows from `source` to `sink` in zero or more local
* (intra-procedural) steps.
*/
overlay[caller?]
pragma[inline]
predicate localFlow(Node source, Node sink) { localFlowStep*(source, sink) }

2
go/ql/lib/semmle/go/dataflow/internal/ExternalFlowExtensions.qll
View File

@@ -1,6 +1,8 @@
/**
* This module provides extensible predicates for defining MaD models.
*/
overlay[local?]
module;
private import codeql.mad.static.ModelsAsData as SharedMaD

2
go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes and predicates for defining flow summaries.
*/
overlay[local?]
module;
private import go
private import codeql.dataflow.internal.FlowSummaryImpl

2
go/ql/lib/semmle/go/dataflow/internal/TaintTrackingImplSpecific.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides Go-specific definitions for use in the taint tracking library.
*/
overlay[local?]
module;
private import codeql.dataflow.TaintTracking
private import DataFlowImplSpecific

4
go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides Go-specific definitions for use in the taint-tracking library.
*/
overlay[local?]
module;
private import go
private import FlowSummaryImpl as FlowSummaryImpl
@@ -11,6 +13,7 @@ private import DataFlowPrivate as DataFlowPrivate
* Holds if taint can flow from `src` to `sink` in zero or more
* local (intra-procedural) steps.
*/
overlay[caller?]
pragma[inline]
predicate localTaint(DataFlow::Node src, DataFlow::Node sink) { localTaintStep*(src, sink) }
@@ -18,6 +21,7 @@ predicate localTaint(DataFlow::Node src, DataFlow::Node sink) { localTaintStep*(
* Holds if taint can flow from `src` to `sink` in zero or more
* local (intra-procedural) steps.
*/
overlay[caller?]
pragma[inline]
predicate localExprTaint(Expr src, Expr sink) {
localTaint(DataFlow::exprNode(src), DataFlow::exprNode(sink))

2
go/ql/lib/semmle/go/dependencies/Dependencies.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for modeling go.mod dependencies.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/dependencies/SemVer.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for dealing with semantic versions, for dependency versions.
*/
overlay[local?]
module;
import semmle.go.dependencies.Dependencies

2
go/ql/lib/semmle/go/frameworks/Afero.qll
View File

@@ -2,6 +2,8 @@
* Provides classes for working with sinks and taint propagators
* from the `github.com/spf13/afero` package.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/AwsLambda.qll
View File

@@ -2,6 +2,8 @@
* Provides classes for working with remote flow sources, sinks and taint propagators
* from the `github.com/aws/aws-lambda-go/lambda` package.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/Beego.qll
View File

@@ -2,6 +2,8 @@
* Provides classes for working with remote flow sources, sinks and taint propagators
* from the `github.com/beego/beego` package.
*/
overlay[local?]
module;
import go
import semmle.go.security.Xss

2
go/ql/lib/semmle/go/frameworks/BeegoOrm.qll
View File

@@ -2,6 +2,8 @@
* Provides classes for working with remote flow sources, sinks and taint propagators
* from the `github.com/astaxie/beego/orm` subpackage.
*/
overlay[local?]
module;
import go
private import semmle.go.security.StoredXssCustomizations

2
go/ql/lib/semmle/go/frameworks/Bun.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes modeling security-relevant aspects of the `Bun` package.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/Couchbase.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides models of commonly used functions in the official Couchbase Go SDK library.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/CryptoLibraries.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for modeling cryptographic libraries.
*/
overlay[local?]
module;
import go
import semmle.go.Concepts::Cryptography

2
go/ql/lib/semmle/go/frameworks/Echo.qll
View File

@@ -2,6 +2,8 @@
* Provides classes for working with remote flow sources, taint propagators, and HTTP sinks
* from the `github.com/labstack/echo` package.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with concepts relating to the [github.com/elazarl/goproxy](https://pkg.go.dev/github.com/elazarl/goproxy) package.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/Email.qll
View File

@@ -1,4 +1,6 @@
/** Provides classes for working with email-related APIs. */
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/Encoding.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes modeling taint propagation through marshalling and encoding functions.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/Fasthttp.qll
View File

@@ -2,6 +2,8 @@
* Provides classes for working with remote flow sources, sinks and taint propagators
* from the `github.com/valyala/fasthttp` package.
*/
overlay[local?]
module;
import go
private import semmle.go.security.RequestForgeryCustomizations

2
go/ql/lib/semmle/go/frameworks/Gin.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for modeling the `github.com/gin-gonic/gin` package.
*/
overlay[local?]
module;
import go
import semmle.go.concepts.HTTP

2
go/ql/lib/semmle/go/frameworks/GinCors.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for modeling the `github.com/gin-contrib/cors` package.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/Glog.qll
View File

@@ -2,6 +2,8 @@
* Provides models of commonly used functions in the `github.com/golang/glog` and `k8s.io/klog`
* packages.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/GoJose.qll
View File

@@ -2,6 +2,8 @@
* Provides classes for working with the `gopkg.in/square/go-jose` and `github.com/go-jose/go-jose`
* packages.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/GoKit.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with concepts relating to the [github.com/go-kit/kit](https://pkg.go.dev/github.com/go-kit/kit) package.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/GoMicro.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides models of the [Go Micro library](https://github.com/go-micro/go-micro).
*/
overlay[local?]
module;
import go
private import semmle.go.security.RequestForgeryCustomizations

2
go/ql/lib/semmle/go/frameworks/Gorqlite.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes modeling security-relevant aspects of the `gorqlite` package.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/Gqlgen.qll
View File

@@ -1,4 +1,6 @@
/** Provides models of commonly used functions and types in the gqlgen packages. */
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/Jwt.qll
View File

@@ -2,6 +2,8 @@
* Provides classes and predicates for working with the `github.com/golang-jwt/jwt` and
* `github.com/dgrijalva/jwt-go` packages.
*/
overlay[local?]
module;
import go
private import semmle.go.security.MissingJwtSignatureCheckCustomizations::MissingJwtSignatureCheck

2
go/ql/lib/semmle/go/frameworks/K8sIoApiCoreV1.qll
View File

@@ -1,4 +1,6 @@
/** Provides models of commonly used functions in the `k8s.io/api/core/v1` package. */
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/K8sIoApimachineryPkgRuntime.qll
View File

@@ -1,4 +1,6 @@
/** Provides models of commonly used functions in the `k8s.io/apimachinery/pkg/runtime` package. */
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/K8sIoClientGo.qll
View File

@@ -1,4 +1,6 @@
/** Provides models of commonly used functions in the `k8s.io/client-go/kubernetes/typed/core/v1` package. */
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/Logrus.qll
View File

@@ -1,4 +1,6 @@
/** Provides models of commonly used functions in the `github.com/sirupsen/logrus` package. */
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/Macaron.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with concepts relating to the Macaron web framework
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/Mux.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with concepts in the Mux HTTP middleware library.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/NoSQL.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with NoSQL-related concepts such as queries.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/Protobuf.qll
View File

@@ -1,4 +1,6 @@
/** Provides models of commonly used functions and types in the protobuf packages. */
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/Revel.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with remote flow sources from the `github.com/revel/revel` package.
*/
overlay[local?]
module;
import go
private import semmle.go.security.OpenUrlRedirectCustomizations

2
go/ql/lib/semmle/go/frameworks/RsCors.qll
View File

@@ -1,4 +1,6 @@
/** Provides classes for modeling the `github.com/rs/cors` package. */
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/SQL.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with SQL-related concepts such as queries.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/Spew.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides models of commonly used functions in the `github.com/davecgh/go-spew/spew` package.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/Squirrel.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes modeling security-relevant aspects of the `squirrel` ORM package.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/Stdlib.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes modeling security-relevant aspects of the standard libraries.
*/
overlay[local?]
module;
import go
import semmle.go.frameworks.stdlib.ArchiveTar

2
go/ql/lib/semmle/go/frameworks/SystemCommandExecutors.qll
View File

@@ -2,6 +2,8 @@
* Provides concrete classes for data-flow nodes that execute an
* operating system command, for instance by spawning a new process.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/Testing.qll
View File

@@ -1,4 +1,6 @@
/** Provides classes for working with tests. */
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/Twirp.qll
View File

@@ -1,4 +1,6 @@
/** Provides models of commonly used functions and types in the twirp packages. */
overlay[local?]
module;
import go
private import semmle.go.security.RequestForgeryCustomizations

2
go/ql/lib/semmle/go/frameworks/WebSocket.qll
View File

@@ -1,4 +1,6 @@
/** Provides classes for working with WebSocket-related APIs. */
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/XNetHtml.qll
View File

@@ -6,6 +6,8 @@
* that were already untrusted. We do not yet model adding a child `Node` to a tree then calling `Render`
* yielding an untrustworthy string.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/XPath.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with XPath-related concepts such as XPath expressions.
*/
overlay[local?]
module;
import go
import semmle.go.dataflow.ExternalFlow

2
go/ql/lib/semmle/go/frameworks/Yaml.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides classes for working with the [gopkg.in/yaml](https://pkg.go.dev/gopkg.in/yaml.v3) package.
*/
overlay[local?]
module;
import go

2
go/ql/lib/semmle/go/frameworks/Zap.qll
View File

@@ -1,6 +1,8 @@
/**
* Provides models of commonly used functions in the `go.uber.org/zap` package.
*/
overlay[local?]
module;
import go

Some files were not shown because too many files have changed in this diff Show More