Fix proto.Clone method

This is top-level, not a member.
2026-01-30 14:52:57 +01:00 · 2020-07-31 16:23:50 +01:00
parent e76c07d77b
commit df0238a352
3 changed files with 6 additions and 5 deletions
--- a/ql/src/semmle/go/frameworks/Protobuf.qll
+++ b/ql/src/semmle/go/frameworks/Protobuf.qll
@@ -55,7 +55,7 @@ module Protobuf {
    MergeFunction() { this.hasQualifiedName("github.com/golang/protobuf/proto", "Merge") }

    override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
-      inp.isParameter(_) and outp.isParameter(0)
+      inp.isParameter(1) and outp.isParameter(0)
    }
  }

@@ -67,10 +67,10 @@ module Protobuf {
  }

  /** The `Clone` method of a protobuf `Message` type. */
-  private class MessageCloneMethod extends DataFlow::FunctionModel, Method {
-    MessageCloneMethod() { this = any(MessageType msg).getMethod("Clone") }
+  private class MessageCloneFunction extends TaintTracking::FunctionModel {
+    MessageCloneFunction() { this.hasQualifiedName("github.com/golang/protobuf/proto", "Clone") }

-    override predicate hasDataFlow(FunctionInput inp, FunctionOutput outp) {
+    override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
      inp.isParameter(0) and outp.isResult()
    }
  }
--- a/ql/test/library-tests/semmle/go/frameworks/Protobuf/FunctionModel.expected
+++ b/ql/test/library-tests/semmle/go/frameworks/Protobuf/FunctionModel.expected
@@ -3,10 +3,10 @@
 | proto.go:32:35:32:46 | reflectedXSS | proto.go:32:2:32:47 | ... := ...[0] |
 | proto.go:38:24:38:33 | serialized | proto.go:37:2:37:13 | definition of deserialized |
 | testDeprecatedApi.go:24:33:24:37 | query | testDeprecatedApi.go:24:2:24:38 | ... := ...[0] |
+| testDeprecatedApi.go:33:28:33:32 | query | testDeprecatedApi.go:33:16:33:33 | call to Clone |
 | testDeprecatedApi.go:35:33:35:42 | queryClone | testDeprecatedApi.go:35:2:35:43 | ... := ...[0] |
 | testDeprecatedApi.go:43:18:43:36 | untrustedSerialized | testDeprecatedApi.go:42:2:42:6 | definition of query |
 | testDeprecatedApi.go:51:18:51:36 | untrustedSerialized | testDeprecatedApi.go:50:2:50:6 | definition of query |
 | testDeprecatedApi.go:53:13:53:17 | query | testDeprecatedApi.go:53:13:53:34 | call to GetDescription |
-| testDeprecatedApi.go:61:14:61:19 | query2 | testDeprecatedApi.go:60:2:60:7 | definition of query2 |
 | testDeprecatedApi.go:61:22:61:27 | query1 | testDeprecatedApi.go:60:2:60:7 | definition of query2 |
 | testDeprecatedApi.go:63:33:63:38 | query2 | testDeprecatedApi.go:63:2:63:39 | ... := ...[0] |
--- a/ql/test/library-tests/semmle/go/frameworks/Protobuf/TaintFlows.expected
+++ b/ql/test/library-tests/semmle/go/frameworks/Protobuf/TaintFlows.expected
@@ -1,4 +1,5 @@
 | testDeprecatedApi.go:22:22:22:41 | call to getUntrustedString : string | testDeprecatedApi.go:26:12:26:21 | serialized |
+| testDeprecatedApi.go:31:22:31:41 | call to getUntrustedString : string | testDeprecatedApi.go:37:12:37:21 | serialized |
 | testDeprecatedApi.go:41:25:41:43 | call to getUntrustedBytes : slice type | testDeprecatedApi.go:45:13:45:29 | selection of Description |
 | testDeprecatedApi.go:49:25:49:43 | call to getUntrustedBytes : slice type | testDeprecatedApi.go:53:13:53:34 | call to GetDescription |
 | testDeprecatedApi.go:58:23:58:42 | call to getUntrustedString : string | testDeprecatedApi.go:65:12:65:21 | serialized |