hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rename UntrustedFlowAsSource to RemoteFlowAsSource

Browse Source
This commit is contained in:
Owen Mansel-Chan
2024-04-18 10:03:26 +01:00
parent a4df20da85
commit d967b2baa3
11 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
go/ql/lib/semmle/go/security/CommandInjectionCustomizations.qll
View File

@@ -30,7 +30,7 @@ module CommandInjection {
abstract class Sanitizer extends DataFlow::Node { }
/** A source of untrusted data, considered as a taint source for command injection. */
class UntrustedFlowAsSource extends Source instanceof RemoteFlowSource { }
class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
/** A command name, considered as a taint sink for command injection. */
class CommandNameAsSink extends Sink {

2
go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll
View File

@@ -26,7 +26,7 @@ module LogInjection {
abstract class Sanitizer extends DataFlow::Node { }
/** A source of untrusted data, considered as a taint source for log injection. */
class UntrustedFlowAsSource extends Source instanceof RemoteFlowSource { }
class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
/** An argument to a logging mechanism. */
class LoggerSink extends Sink {

4
go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll
View File

@@ -45,8 +45,8 @@ module OpenUrlRedirect {
/**
* A source of third-party user input, considered as a flow source for URL redirects.
*/
class UntrustedFlowAsSource extends Source, RemoteFlowSource {
UntrustedFlowAsSource() {
class RemoteFlowAsSource extends Source, RemoteFlowSource {
RemoteFlowAsSource() {
// exclude some fields and methods of URLs that are generally not attacker-controllable for
// open redirect exploits
not this instanceof Http::Redirect::UnexploitableSource

2
go/ql/lib/semmle/go/security/ReflectedXssCustomizations.qll
View File

@@ -37,7 +37,7 @@ module ReflectedXss {
/**
* A third-party controllable input, considered as a flow source for reflected XSS.
*/
class UntrustedFlowAsSource extends Source, RemoteFlowSource { }
class RemoteFlowAsSource extends Source, RemoteFlowSource { }
/** An arbitrary XSS sink, considered as a flow sink for stored XSS. */
private class AnySink extends Sink instanceof SharedXss::Sink { }

2
go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll
View File

@@ -35,7 +35,7 @@ module RequestForgery {
/**
* A third-party controllable input, considered as a flow source for request forgery.
*/
class UntrustedFlowAsSource extends Source, RemoteFlowSource { }
class RemoteFlowAsSource extends Source, RemoteFlowSource { }
/**
* The URL of an HTTP request, viewed as a sink for request forgery.

2
go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll
View File

@@ -26,7 +26,7 @@ module SqlInjection {
abstract class Sanitizer extends DataFlow::Node { }
/** A source of untrusted data, considered as a taint source for SQL injection. */
class UntrustedFlowAsSource extends Source instanceof RemoteFlowSource { }
class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
/** An SQL string, considered as a taint sink for SQL injection. */
class SqlQueryAsSink extends Sink instanceof SQL::QueryString { }

2
go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll
View File

@@ -45,7 +45,7 @@ module TaintedPath {
}
/** A source of untrusted data, considered as a taint source for path traversal. */
class UntrustedFlowAsSource extends Source instanceof RemoteFlowSource { }
class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
/** A path expression, considered as a taint sink for path traversal. */
class PathAsSink extends Sink {

2
go/ql/lib/semmle/go/security/UncontrolledAllocationSizeCustomizations.qll
View File

@@ -21,7 +21,7 @@ module UncontrolledAllocationSize {
abstract class Sanitizer extends DataFlow::Node { }
/** A source of untrusted data, considered as a taint source for uncontrolled size allocation vulnerabilities. */
private class UntrustedFlowAsSource extends Source instanceof RemoteFlowSource { }
private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
/** The size argument of a memory allocation function. */
private class AllocationSizeAsSink extends Sink instanceof AllocationSizeOverflow::AllocationSize {

2
go/ql/lib/semmle/go/security/XPathInjectionCustomizations.qll
View File

@@ -25,7 +25,7 @@ module XPathInjection {
abstract class Sanitizer extends DataFlow::ExprNode { }
/** A source of untrusted data, used in an XPath expression. */
class UntrustedFlowAsSource extends Source instanceof RemoteFlowSource { }
class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
/** An XPath expression string, considered as a taint sink for XPath injection. */
class XPathExpressionStringAsSink extends Sink instanceof XPath::XPathExpressionString { }

2
go/ql/src/experimental/CWE-74/DsnInjection.ql
View File

@@ -14,7 +14,7 @@ import DsnInjectionCustomizations
import DsnInjectionFlow::PathGraph
/** An untrusted flow source taken as a source for the `DsnInjection` taint-flow configuration. */
private class UntrustedFlowAsSource extends Source instanceof RemoteFlowSource { }
private class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
from DsnInjectionFlow::PathNode source, DsnInjectionFlow::PathNode sink
where DsnInjectionFlow::flowPath(source, sink)

2
go/ql/src/experimental/CWE-918/SSRF.qll
View File

@@ -90,7 +90,7 @@ module ServerSideRequestForgery {
/**
* An user controlled input, considered as a flow source for request forgery.
*/
class UntrustedFlowAsSource extends Source instanceof RemoteFlowSource { }
class RemoteFlowAsSource extends Source instanceof RemoteFlowSource { }
/**
* The URL of an HTTP request, viewed as a sink for request forgery.