hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

update tests

Browse Source
This commit is contained in:
amammad
2023-10-11 19:27:57 +02:00
parent 5232d28617
commit defe964f3a
4 changed files with 141 additions and 185 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
go/ql/lib/semmle/go/frameworks/Fasthttp.qll
View File

@@ -131,7 +131,7 @@ module Fasthttp {
* So if we called a method like `URIInstance.SetHost(pred)` then the URIInstance is succ.
*/
class UriAdditionalStep extends AdditionalStep {
UriAdditionalStep() { this = "URI additioanl steps" }
UriAdditionalStep() { this = "URI additional steps" }
override predicate hasTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(DataFlow::MethodCallNode m, DataFlow::Variable frn |
@@ -367,7 +367,7 @@ module Fasthttp {
* for SetURI the argument type is fasthttp.URI which is already modeled, look at URI module.
*/
class RequestAdditionalStep extends AdditionalStep {
RequestAdditionalStep() { this = "Request additioanl steps" }
RequestAdditionalStep() { this = "Request additional steps" }
override predicate hasTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
exists(DataFlow::MethodCallNode m, DataFlow::Variable frn |

54
go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/UntrustedRemoteFlowSource.expected
View File

@@ -1,54 +0,0 @@
| fasthttp.go:103:15:103:53 | call to Peek |
| fasthttp.go:120:23:120:31 | dstWriter |
| fasthttp.go:121:3:121:24 | call to Header |
| fasthttp.go:122:3:122:31 | call to TrailerHeader |
| fasthttp.go:124:3:124:28 | call to RequestURI |
| fasthttp.go:125:3:125:22 | call to Host |
| fasthttp.go:126:3:126:27 | call to UserAgent |
| fasthttp.go:127:3:127:33 | call to ContentEncoding |
| fasthttp.go:128:3:128:29 | call to ContentType |
| fasthttp.go:129:3:129:33 | call to Cookie |
| fasthttp.go:130:3:130:46 | call to CookieBytes |
| fasthttp.go:131:3:131:39 | call to MultipartFormBoundary |
| fasthttp.go:132:3:132:35 | call to Peek |
| fasthttp.go:133:3:133:38 | call to PeekAll |
| fasthttp.go:134:3:134:48 | call to PeekBytes |
| fasthttp.go:135:3:135:26 | call to PeekKeys |
| fasthttp.go:136:3:136:33 | call to PeekTrailerKeys |
| fasthttp.go:137:3:137:25 | call to Referer |
| fasthttp.go:138:3:138:28 | call to RawHeaders |
| fasthttp.go:141:3:141:25 | call to Path |
| fasthttp.go:142:3:142:33 | call to PathOriginal |
| fasthttp.go:145:3:145:28 | call to FullURI |
| fasthttp.go:146:3:146:36 | call to LastPathSegment |
| fasthttp.go:147:3:147:32 | call to QueryString |
| fasthttp.go:148:3:148:27 | call to String |
| fasthttp.go:149:28:149:36 | dstWriter |
| fasthttp.go:154:3:154:43 | call to Peek |
| fasthttp.go:155:3:155:56 | call to PeekBytes |
| fasthttp.go:156:3:156:48 | call to PeekMulti |
| fasthttp.go:157:3:157:61 | call to PeekMultiBytes |
| fasthttp.go:158:3:158:44 | call to QueryString |
| fasthttp.go:159:3:159:39 | call to String |
| fasthttp.go:160:40:160:48 | dstWriter |
| fasthttp.go:164:3:164:19 | call to Path |
| fasthttp.go:168:3:168:22 | call to Referer |
| fasthttp.go:169:3:169:23 | call to PostBody |
| fasthttp.go:170:3:170:32 | call to RequestBodyStream |
| fasthttp.go:171:3:171:25 | call to RequestURI |
| fasthttp.go:172:3:172:24 | call to UserAgent |
| fasthttp.go:173:3:173:19 | call to Host |
| fasthttp.go:175:3:175:27 | call to Host |
| fasthttp.go:176:3:176:27 | call to Body |
| fasthttp.go:177:3:177:33 | call to RequestURI |
| fasthttp.go:178:3:178:33 | call to BodyGunzip |
| fasthttp.go:179:3:179:34 | call to BodyInflate |
| fasthttp.go:180:3:180:35 | call to BodyUnbrotli |
| fasthttp.go:181:3:181:33 | call to BodyStream |
| fasthttp.go:182:34:182:42 | dstWriter |
| fasthttp.go:183:30:183:38 | dstWriter |
| fasthttp.go:184:3:184:39 | call to BodyUncompressed |
| fasthttp.go:185:31:185:39 | dstReader |
| fasthttp.go:186:36:186:44 | dstReader |
| fasthttp.go:187:45:187:53 | dstReader |
| fasthttp.go:188:39:188:47 | dstReader |

17
go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/UntrustedRemoteFlowSource.ql
View File

@@ -1,3 +1,18 @@
import go
import TestUtilities.InlineExpectationsTest
select any(UntrustedFlowSource s)
module FasthttpTest implements TestSig {
string getARelevantTag() { result = "UntrustedFlowSource" }
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(UntrustedFlowSource q |
q.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = q.toString() and
value = q.toString() and
tag = "UntrustedFlowSource"
)
}
}
import MakeTest<FasthttpTest>

251
go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/fasthttp.go
View File

@@ -3,37 +3,34 @@ package main
//go:generate depstubber -vendor "github.com/valyala/fasthttp" Args,Client,Cookie,FS,HostClient,LBClient,PathRewriteFunc,Request,RequestCtx,RequestHandler,RequestHeader,Response,ResponseHeader,Server,TCPDialer,URI,LBClient,PipelineClient AcquireURI,Serve,DialDualStack,Dial,DialTimeout,DialDualStackTimeout,Get,GetDeadline,GetTimeout,Post,Do,DoRedirects,AppendHTMLEscapeBytes,AppendHTMLEscape,AppendQuotedArg,ServeFileBytesUncompressed,ServeFileBytes,ServeFileUncompressed,ServeFile,SaveMultipartFile,DoTimeout,DoDeadline
import (
"bufio"
"github.com/valyala/fasthttp"
"log"
"net"
"time"
"github.com/valyala/fasthttp"
)
func fasthttpClient() {
// #SSRF
response, err := fasthttp.DialDualStack("127.0.0.1:8909")
response, err = fasthttp.Dial("google.com:80")
response, err = fasthttp.DialTimeout("google.com:80", 5)
response, err = fasthttp.DialDualStackTimeout("google.com:80", 5)
log.Println(err)
response, _ := fasthttp.DialDualStack("127.0.0.1:8909")
response, _ = fasthttp.Dial("google.com:80")
response, _ = fasthttp.DialTimeout("google.com:80", 5)
response, _ = fasthttp.DialDualStackTimeout("google.com:80", 5)
resByte := make([]byte, 1000)
_, err = response.Read(resByte)
log.Println(resByte)
_, _ = response.Read(resByte)
// #SSRF
res := &fasthttp.Response{}
req := &fasthttp.Request{}
uri := fasthttp.AcquireURI()
uri2 := fasthttp.AcquireURI()
fasthttp.Get(resByte, "http://127.0.0.1:8909")
fasthttp.GetDeadline(resByte, "http://127.0.0.1:8909", time.Time{})
fasthttp.GetTimeout(resByte, "http://127.0.0.1:8909", 5)
fasthttp.Post(resByte, "http://127.0.0.1:8909", nil)
log.Println(string(resByte))
fasthttp.Do(req, res) // $ req=req
fasthttp.DoRedirects(req, res, 2) // $ req=req
fasthttp.DoDeadline(req, res, time.Time{}) // $ req=req
fasthttp.DoTimeout(req, res, 5) // $ req=req
fasthttp.Get(resByte, "http://127.0.0.1:8909") // $ SSRF="http://127.0.0.1:8909"
fasthttp.GetDeadline(resByte, "http://127.0.0.1:8909", time.Time{}) // $ SSRF="http://127.0.0.1:8909"
fasthttp.GetTimeout(resByte, "http://127.0.0.1:8909", 5) // $ SSRF="http://127.0.0.1:8909"
fasthttp.Post(resByte, "http://127.0.0.1:8909", nil) // $ SSRF="http://127.0.0.1:8909"
fasthttp.Do(req, res) // $ req=req
fasthttp.DoRedirects(req, res, 2) // $ req=req
fasthttp.DoDeadline(req, res, time.Time{}) // $ req=req
fasthttp.DoTimeout(req, res, 5) // $ req=req
// additional steps
uri.SetHost("UserControlled.com:80") // $ URI=uri
@@ -45,21 +42,21 @@ func fasthttpClient() {
req.SetHost("UserControlled.com:80") // $ req=req
req.SetHostBytes([]byte("UserControlled.com:80")) // $ req=req
req.SetRequestURI("https://UserControlled.com") // $ req=req// $ req=req
req.SetRequestURI("https://UserControlled.com") // $ req=req
req.SetRequestURIBytes([]byte("https://UserControlled.com")) // $ req=req
req.SetURI(uri) // $ req=req URI=uri
hostClient := &fasthttp.HostClient{
Addr: "localhost:8080",
}
hostClient.Get(resByte, "http://127.0.0.1:8909")
hostClient.GetDeadline(resByte, "http://127.0.0.1:8909", time.Time{})
hostClient.GetTimeout(resByte, "http://127.0.0.1:8909", 5)
hostClient.Post(resByte, "http://127.0.0.1:8909", nil)
hostClient.Do(req, res) // $ req=req
hostClient.DoDeadline(req, res, time.Time{}) // $ req=req
hostClient.DoRedirects(req, res, 2) // $ req=req
hostClient.DoTimeout(req, res, 5) // $ req=req
hostClient.Get(resByte, "http://127.0.0.1:8909") // $ SSRF="http://127.0.0.1:8909"
hostClient.GetDeadline(resByte, "http://127.0.0.1:8909", time.Time{}) // $ SSRF="http://127.0.0.1:8909"
hostClient.GetTimeout(resByte, "http://127.0.0.1:8909", 5) // $ SSRF="http://127.0.0.1:8909"
hostClient.Post(resByte, "http://127.0.0.1:8909", nil) // $ SSRF="http://127.0.0.1:8909"
hostClient.Do(req, res) // $ req=req
hostClient.DoDeadline(req, res, time.Time{}) // $ req=req
hostClient.DoRedirects(req, res, 2) // $ req=req
hostClient.DoTimeout(req, res, 5) // $ req=req
var lbclient fasthttp.LBClient
lbclient.Clients = append(lbclient.Clients, hostClient)
@@ -68,25 +65,25 @@ func fasthttpClient() {
lbclient.DoTimeout(req, res, 5) // $ req=req
client := fasthttp.Client{}
client.Get(resByte, "http://127.0.0.1:8909")
client.GetDeadline(resByte, "http://127.0.0.1:8909", time.Time{})
client.GetTimeout(resByte, "http://127.0.0.1:8909", 5)
client.Post(resByte, "http://127.0.0.1:8909", nil)
client.Do(req, res) // $ req=req
client.DoDeadline(req, res, time.Time{}) // $ req=req
client.DoRedirects(req, res, 2) // $ req=req
client.DoTimeout(req, res, 5) // $ req=req
client.Get(resByte, "http://127.0.0.1:8909") // $ SSRF="http://127.0.0.1:8909"
client.GetDeadline(resByte, "http://127.0.0.1:8909", time.Time{}) // $ SSRF="http://127.0.0.1:8909"
client.GetTimeout(resByte, "http://127.0.0.1:8909", 5) // $ SSRF="http://127.0.0.1:8909"
client.Post(resByte, "http://127.0.0.1:8909", nil) // $ SSRF="http://127.0.0.1:8909"
client.Do(req, res) // $ req=req SSRF=req
client.DoDeadline(req, res, time.Time{}) // $ req=req SSRF=req
client.DoRedirects(req, res, 2) // $ req=req SSRF=req
client.DoTimeout(req, res, 5) // $ req=req SSRF=req
pipelineClient := fasthttp.PipelineClient{}
pipelineClient.Do(req, res) // $ req=req
pipelineClient.DoDeadline(req, res, time.Time{}) // $ req=req
pipelineClient.DoTimeout(req, res, 5) // $ req=req
pipelineClient.Do(req, res) // $ req=req SSRF=req
pipelineClient.DoDeadline(req, res, time.Time{}) // $ req=req SSRF=req
pipelineClient.DoTimeout(req, res, 5) // $ req=req SSRF=req
tcpDialer := fasthttp.TCPDialer{}
tcpDialer.Dial("127.0.0.1:8909")
tcpDialer.DialTimeout("127.0.0.1:8909", 5)
tcpDialer.DialDualStack("127.0.0.1:8909")
tcpDialer.DialDualStackTimeout("127.0.0.1:8909", 5)
tcpDialer.Dial("127.0.0.1:8909") // $ SSRF="127.0.0.1:8909"
tcpDialer.DialTimeout("127.0.0.1:8909", 5) // $ SSRF="127.0.0.1:8909"
tcpDialer.DialDualStack("127.0.0.1:8909") // $ SSRF="127.0.0.1:8909"
tcpDialer.DialDualStackTimeout("127.0.0.1:8909", 5) // $ SSRF="127.0.0.1:8909"
}
func main() {
@@ -95,69 +92,66 @@ func main() {
}
func fasthttpServer() {
ln, err := net.Listen("tcp4", "127.0.0.1:8080")
if err != nil {
log.Fatalf("error in net.Listen: %v", err)
}
ln, _ := net.Listen("tcp4", "127.0.0.1:8080")
requestHandler := func(requestCtx *fasthttp.RequestCtx) {
filePath := requestCtx.QueryArgs().Peek("filePath")
filePath := requestCtx.QueryArgs().Peek("filePath") // $ UntrustedFlowSource='call to Peek'
// File System Access
_ = requestCtx.Response.SendFile(string(filePath))
requestCtx.SendFile(string(filePath))
requestCtx.SendFileBytes(filePath)
_ = requestCtx.Response.SendFile(string(filePath)) // $ FileSystemAccess=string(filePath)
requestCtx.SendFile(string(filePath)) // $ FileSystemAccess=string(filePath)
requestCtx.SendFileBytes(filePath) // $ FileSystemAccess=filePath
fileHeader, _ := requestCtx.FormFile("file")
_ = fasthttp.SaveMultipartFile(fileHeader, string(filePath))
fasthttp.ServeFile(requestCtx, string(filePath))
fasthttp.ServeFileUncompressed(requestCtx, string(filePath))
fasthttp.ServeFileBytes(requestCtx, filePath)
fasthttp.ServeFileBytesUncompressed(requestCtx, filePath)
_ = fasthttp.SaveMultipartFile(fileHeader, string(filePath)) // $ FileSystemAccess=string(filePath)
fasthttp.ServeFile(requestCtx, string(filePath)) // $ FileSystemAccess=string(filePath)
fasthttp.ServeFileUncompressed(requestCtx, string(filePath)) // $ FileSystemAccess=string(filePath)
fasthttp.ServeFileBytes(requestCtx, filePath) // $ FileSystemAccess=filePath
fasthttp.ServeFileBytesUncompressed(requestCtx, filePath) // $ FileSystemAccess=filePath
dstWriter := &bufio.Writer{}
dstReader := &bufio.Reader{}
// user controlled methods as source
requestHeader := &fasthttp.RequestHeader{}
requestCtx.Request.Header.CopyTo(requestHeader)
requestHeader.Write(dstWriter)
requestHeader.Header()
requestHeader.TrailerHeader()
requestHeader.String()
requestHeader.RequestURI()
requestHeader.Host()
requestHeader.UserAgent()
requestHeader.ContentEncoding()
requestHeader.ContentType()
requestHeader.Cookie("ACookie")
requestHeader.CookieBytes([]byte("ACookie"))
requestHeader.MultipartFormBoundary()
requestHeader.Peek("AHeaderName")
requestHeader.PeekAll("AHeaderName")
requestHeader.PeekBytes([]byte("AHeaderName"))
requestHeader.PeekKeys()
requestHeader.PeekTrailerKeys()
requestHeader.Referer()
requestHeader.RawHeaders()
requestCtx.Request.Header.CopyTo(requestHeader) // $ UntrustedFlowSource=requestHeader
requestHeader.Write(dstWriter) // $ UntrustedFlowSource=dstWriter
requestHeader.Header() // $ UntrustedFlowSource=Header
requestHeader.TrailerHeader() // $ UntrustedFlowSource=TrailerHeader
requestHeader.String() // $ UntrustedFlowSource=String
requestHeader.RequestURI() // $ UntrustedFlowSource=RequestURI
requestHeader.Host() // $ UntrustedFlowSource=Host
requestHeader.UserAgent() // $ UntrustedFlowSource=UserAgent
requestHeader.ContentEncoding() // $ UntrustedFlowSource=ContentEncoding
requestHeader.ContentType() // $ UntrustedFlowSource=ContentType
requestHeader.Cookie("ACookie") // $ UntrustedFlowSource=Cookie
requestHeader.CookieBytes([]byte("ACookie")) // $ UntrustedFlowSource=CookieBytes
requestHeader.MultipartFormBoundary() // $ UntrustedFlowSource=MultipartFormBoundary
requestHeader.Peek("AHeaderName") // $ UntrustedFlowSource=Peek
requestHeader.PeekAll("AHeaderName") // $ UntrustedFlowSource=PeekAll
requestHeader.PeekBytes([]byte("AHeaderName")) // $ UntrustedFlowSource=PeekBytes
requestHeader.PeekKeys() // $ UntrustedFlowSource=PeekKeys
requestHeader.PeekTrailerKeys() // $ UntrustedFlowSource=PeekTrailerKeys
requestHeader.Referer() // $ UntrustedFlowSource=Referer
requestHeader.RawHeaders() // $ UntrustedFlowSource=RawHeaders
// multipart.Form is already implemented
// requestCtx.MultipartForm()
requestCtx.URI().Path()
requestCtx.URI().PathOriginal()
requestCtx.URI().Path() // $ UntrustedFlowSource=newArgs
requestCtx.URI().PathOriginal() // $ UntrustedFlowSource=newArgs
newURI := &fasthttp.URI{}
requestCtx.URI().CopyTo(newURI)
requestCtx.URI().FullURI()
requestCtx.URI().LastPathSegment()
requestCtx.URI().QueryString()
requestCtx.URI().String()
requestCtx.URI().WriteTo(dstWriter)
requestCtx.URI().CopyTo(newURI) // $ UntrustedFlowSource=CopyTo
requestCtx.URI().FullURI() // $ UntrustedFlowSource=FullURI
requestCtx.URI().LastPathSegment() // $ UntrustedFlowSource=LastPathSegment
requestCtx.URI().QueryString() // $ UntrustedFlowSource=QueryString
requestCtx.URI().String() // $ UntrustedFlowSource=String
requestCtx.URI().WriteTo(dstWriter) // $ UntrustedFlowSource=WriteTo
newArgs := &fasthttp.Args{}
//or requestCtx.PostArgs()
requestCtx.URI().QueryArgs().CopyTo(newArgs)
requestCtx.URI().QueryArgs().Peek("arg1")
requestCtx.URI().QueryArgs().PeekBytes([]byte("arg1"))
requestCtx.URI().QueryArgs().PeekMulti("arg1")
requestCtx.URI().QueryArgs().PeekMultiBytes([]byte("arg1"))
requestCtx.URI().QueryArgs().QueryString()
requestCtx.URI().QueryArgs().String()
requestCtx.URI().QueryArgs().WriteTo(dstWriter)
requestCtx.URI().QueryArgs().CopyTo(newArgs) // $ UntrustedFlowSource=newArgs
requestCtx.URI().QueryArgs().Peek("arg1") // $ UntrustedFlowSource=Peek
requestCtx.URI().QueryArgs().PeekBytes([]byte("arg1")) // $ UntrustedFlowSource=PeekBytes
requestCtx.URI().QueryArgs().PeekMulti("arg1") // $ UntrustedFlowSource=PeekMulti
requestCtx.URI().QueryArgs().PeekMultiBytes([]byte("arg1")) // $ UntrustedFlowSource=PeekMultiBytes
requestCtx.URI().QueryArgs().QueryString() // $ UntrustedFlowSource=QueryString
requestCtx.URI().QueryArgs().String() // $ UntrustedFlowSource=String
requestCtx.URI().QueryArgs().WriteTo(dstWriter) // $ UntrustedFlowSource=dstWriter
// not sure what is the best way to write query for following
//requestCtx.URI().QueryArgs().VisitAll(type func(,))
@@ -165,60 +159,61 @@ func fasthttpServer() {
// multipart.Form is already implemented
// requestCtx.FormFile("FileName")
// requestCtx.FormValue("ValueName")
requestCtx.Referer()
requestCtx.PostBody()
requestCtx.RequestBodyStream()
requestCtx.RequestURI()
requestCtx.UserAgent()
requestCtx.Host()
requestCtx.Referer() // $ UntrustedFlowSource=Referer
requestCtx.PostBody() // $ UntrustedFlowSource=PostBody
requestCtx.RequestBodyStream() // $ UntrustedFlowSource=RequestBodyStream
requestCtx.RequestURI() // $ UntrustedFlowSource=RequestURI
requestCtx.UserAgent() // $ UntrustedFlowSource=UserAgent
requestCtx.Host() // $ UntrustedFlowSource=Host
requestCtx.Request.Host()
requestCtx.Request.Body()
requestCtx.Request.RequestURI()
requestCtx.Request.BodyGunzip()
requestCtx.Request.BodyInflate()
requestCtx.Request.BodyUnbrotli()
requestCtx.Request.BodyStream()
requestCtx.Request.BodyWriteTo(dstWriter)
requestCtx.Request.WriteTo(dstWriter)
requestCtx.Request.BodyUncompressed()
requestCtx.Request.ReadBody(dstReader, 100, 1000)
requestCtx.Request.ReadLimitBody(dstReader, 100)
requestCtx.Request.ContinueReadBodyStream(dstReader, 100, true)
requestCtx.Request.ContinueReadBody(dstReader, 100)
requestCtx.Request.Host() // $ UntrustedFlowSource=Host
requestCtx.Request.Body() // $ UntrustedFlowSource=Body
requestCtx.Request.RequestURI() // $ UntrustedFlowSource=RequestURI
requestCtx.Request.BodyGunzip() // $ UntrustedFlowSource=BodyGunzip
requestCtx.Request.BodyInflate() // $ UntrustedFlowSource=BodyInflate
requestCtx.Request.BodyUnbrotli() // $ UntrustedFlowSource=BodyUnbrotli
requestCtx.Request.BodyStream() // $ UntrustedFlowSource=BodyStream
requestCtx.Request.BodyWriteTo(dstWriter) // $ UntrustedFlowSource=dstWriter
requestCtx.Request.WriteTo(dstWriter) // $ UntrustedFlowSource=dstWriter
requestCtx.Request.BodyUncompressed() // $ UntrustedFlowSource=BodyUncompressed
requestCtx.Request.ReadBody(dstReader, 100, 1000) // $ UntrustedFlowSource=dstReader
requestCtx.Request.ReadLimitBody(dstReader, 100) // $ UntrustedFlowSource=dstReader
requestCtx.Request.ContinueReadBodyStream(dstReader, 100, true) // $ UntrustedFlowSource=dstReader
requestCtx.Request.ContinueReadBody(dstReader, 100) // $ UntrustedFlowSource=dstReader
// not sure what is the best way to write query for following
//requestCtx.Request.Header.VisitAllCookie()
// Response methods
// Xss Sinks Related method
requestCtx.Response.AppendBody([]byte("user Controlled"))
requestCtx.Response.AppendBodyString("user Controlled")
requestCtx.Response.AppendBody([]byte("user Controlled")) // $ XSS=[]byte("user Controlled")
requestCtx.Response.AppendBodyString("user Controlled") // $ XSS="user Controlled"
rspWriter := requestCtx.Response.BodyWriter()
rspWriter.Write([]byte("XSS"))
requestCtx.Response.SetBody([]byte("user Controlled"))
requestCtx.Response.SetBodyString("user Controlled")
requestCtx.Response.SetBodyRaw([]byte("user Controlled"))
requestCtx.Response.SetBodyStream(dstReader, 100)
rspWriter.Write([]byte("XSS")) // $ XSS=[]byte("XSS")
requestCtx.Response.SetBody([]byte("user Controlled")) // $ XSS=[]byte("XSS")
requestCtx.Response.SetBodyString("user Controlled") // $ XSS=[]byte("XSS")
requestCtx.Response.SetBodyRaw([]byte("user Controlled")) // $ XSS=[]byte("XSS")
requestCtx.Response.SetBodyStream(dstReader, 100) // $ XSS=[]byte("XSS")
// mostly related to header writers
requestCtx.Response.Header.Set("Content-Type", "")
requestCtx.Response.Header.Add("Content-Type", "")
requestCtx.Response.Header.SetContentTypeBytes([]byte(""))
requestCtx.Response.Header.SetContentType("")
requestCtx.Success("", []byte("body"))
requestCtx.SuccessString("", "body")
requestCtx.Success("", []byte("body")) // $ XSS=[]byte("body")
requestCtx.SuccessString("", "body") // $ XSS="body"
requestCtx.SetContentType("")
requestCtx.SetContentTypeBytes([]byte(""))
// sanitizers
requestCtx.Response.AppendBody(fasthttp.AppendQuotedArg([]byte(""), []byte("<>\"':()&"))) // %3C%3E%22%27%3A%28%29%26
requestCtx.Response.AppendBody(fasthttp.AppendHTMLEscape([]byte(""), "<>\"':()&")) // &lt;&gt;&#34;&#39;:()&amp;
requestCtx.Response.AppendBody(fasthttp.AppendHTMLEscapeBytes([]byte(""), []byte("<>\"':()&"))) // &lt;&gt;&#34;&#39;:()&amp;
requestCtx.Response.AppendBody(fasthttp.AppendQuotedArg([]byte(""), []byte("<>\"':()&"))) // $ Sanitizer=AppendBody
// %3C%3E%22%27%3A%28%29%26
requestCtx.Response.AppendBody(fasthttp.AppendHTMLEscape([]byte(""), "<>\"':()&")) // $ Sanitizer=AppendBody
// &lt;&gt;&#34;&#39;:()&amp;
requestCtx.Response.AppendBody(fasthttp.AppendHTMLEscapeBytes([]byte(""), []byte("<>\"':()&"))) // $ Sanitizer=AppendBody
// &lt;&gt;&#34;&#39;:()&amp;
// open redirect Sinks
requestCtx.Redirect("https://userControlled.com", 301)
requestCtx.RedirectBytes([]byte("https://userControlled.com"), 301)
}
if err := fasthttp.Serve(ln, requestHandler); err != nil {
log.Fatalf("error in Serve: %v", err)
requestCtx.Redirect("https://userControlled.com", 301) // $ OpenRedirect="https://userControlled.com"
requestCtx.RedirectBytes([]byte("https://userControlled.com"), 301) // $ OpenRedirect=[]byte("https://userControlled.com")
}
fasthttp.Serve(ln, requestHandler)
}