Add taint-tracking for container/ring package

ql/src/semmle/go/frameworks/Stdlib.qll

@@ -14,6 +14,7 @@ import semmle.go.frameworks.stdlib.CompressLzw
 import semmle.go.frameworks.stdlib.CompressZlib
 import semmle.go.frameworks.stdlib.ContainerHeap
 import semmle.go.frameworks.stdlib.ContainerList
+import semmle.go.frameworks.stdlib.ContainerRing
 import semmle.go.frameworks.stdlib.Mime
 import semmle.go.frameworks.stdlib.MimeMultipart
 import semmle.go.frameworks.stdlib.MimeQuotedprintable

ql/src/semmle/go/frameworks/stdlib/ContainerRing.qll

@@ -0,0 +1,39 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `container/ring` package.
+ */
+
+import go
+
+/** Provides models of commonly used functions in the `container/ring` package. */
+module ContainerRing {
+  private class MethodModels extends TaintTracking::FunctionModel, Method {
+    FunctionInput inp;
+    FunctionOutput outp;
+
+    MethodModels() {
+      // signature: func (*Ring).Link(s *Ring) *Ring
+      this.hasQualifiedName("container/ring", "Ring", "Link") and
+      (inp.isParameter(0) and outp.isResult())
+      or
+      // signature: func (*Ring).Move(n int) *Ring
+      this.hasQualifiedName("container/ring", "Ring", "Move") and
+      (inp.isReceiver() and outp.isResult())
+      or
+      // signature: func (*Ring).Next() *Ring
+      this.hasQualifiedName("container/ring", "Ring", "Next") and
+      (inp.isReceiver() and outp.isResult())
+      or
+      // signature: func (*Ring).Prev() *Ring
+      this.hasQualifiedName("container/ring", "Ring", "Prev") and
+      (inp.isReceiver() and outp.isResult())
+      or
+      // signature: func (*Ring).Unlink(n int) *Ring
+      this.hasQualifiedName("container/ring", "Ring", "Unlink") and
+      (inp.isReceiver() and outp.isResult())
+    }
+
+    override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
+      input = inp and output = outp
+    }
+  }
+}

ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ContainerRing.go

@@ -0,0 +1,64 @@
+// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT.
+
+package main
+
+import "container/ring"
+
+func TaintStepTest_ContainerRingRingLink_B0I0O0(sourceCQL interface{}) interface{} {
+	fromRing656 := sourceCQL.(*ring.Ring)
+	var mediumObjCQL ring.Ring
+	intoRing414 := mediumObjCQL.Link(fromRing656)
+	return intoRing414
+}
+
+func TaintStepTest_ContainerRingRingMove_B0I0O0(sourceCQL interface{}) interface{} {
+	fromRing518 := sourceCQL.(ring.Ring)
+	intoRing650 := fromRing518.Move(0)
+	return intoRing650
+}
+
+func TaintStepTest_ContainerRingRingNext_B0I0O0(sourceCQL interface{}) interface{} {
+	fromRing784 := sourceCQL.(ring.Ring)
+	intoRing957 := fromRing784.Next()
+	return intoRing957
+}
+
+func TaintStepTest_ContainerRingRingPrev_B0I0O0(sourceCQL interface{}) interface{} {
+	fromRing520 := sourceCQL.(ring.Ring)
+	intoRing443 := fromRing520.Prev()
+	return intoRing443
+}
+
+func TaintStepTest_ContainerRingRingUnlink_B0I0O0(sourceCQL interface{}) interface{} {
+	fromRing127 := sourceCQL.(ring.Ring)
+	intoRing483 := fromRing127.Unlink(0)
+	return intoRing483
+}
+
+func RunAllTaints_ContainerRing() {
+	{
+		source := newSource(0)
+		out := TaintStepTest_ContainerRingRingLink_B0I0O0(source)
+		sink(0, out)
+	}
+	{
+		source := newSource(1)
+		out := TaintStepTest_ContainerRingRingMove_B0I0O0(source)
+		sink(1, out)
+	}
+	{
+		source := newSource(2)
+		out := TaintStepTest_ContainerRingRingNext_B0I0O0(source)
+		sink(2, out)
+	}
+	{
+		source := newSource(3)
+		out := TaintStepTest_ContainerRingRingPrev_B0I0O0(source)
+		sink(3, out)
+	}
+	{
+		source := newSource(4)
+		out := TaintStepTest_ContainerRingRingUnlink_B0I0O0(source)
+		sink(4, out)
+	}
+}