[DIFF-INFORMED] Go: RequestForgery, SafeUrlFlow

https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-918/RequestForgery.ql#L21 https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-601/OpenUrlRedirect.ql#L24
2025-12-16 16:53:25 +01:00 · 2025-07-16 11:33:38 +02:00
parent 8c8625d912
commit d6ef585110
2 changed files with 12 additions and 0 deletions
--- a/go/ql/lib/semmle/go/security/RequestForgery.qll
+++ b/go/ql/lib/semmle/go/security/RequestForgery.qll
@@ -31,6 +31,14 @@ module RequestForgery {
        w.writesField(v.getAUse(), f, pred) and succ = v.getAUse()
      )
    }
+
+    predicate observeDiffInformedIncrementalMode() { any() }
+
+    Location getASelectedSinkLocation(DataFlow::Node sink) {
+      result = sink.getLocation()
+      or
+      result = sink.(Sink).getARequest().getLocation()
+    }
  }

  /** Tracks taint flow from untrusted data to request forgery attack vectors. */
--- a/go/ql/lib/semmle/go/security/SafeUrlFlow.qll
+++ b/go/ql/lib/semmle/go/security/SafeUrlFlow.qll
@@ -36,6 +36,10 @@ module SafeUrlFlow {
      or
      node instanceof SanitizerEdge
    }
+
+    predicate observeDiffInformedIncrementalMode() {
+      none() // only used as secondary configuration
+    }
  }

  /** Tracks taint flow for reasoning about safe URLs. */