From dfbad0edb9698059cf7db35768d322b0506bb7e5 Mon Sep 17 00:00:00 2001 From: Slavomir Date: Tue, 5 Jan 2021 23:46:18 +0100 Subject: [PATCH] Regenerate code implementing the code review feedback --- ql/src/semmle/go/frameworks/CleverGo.qll | 74 +++++----- .../TaintTracking/Model-TaintTracking.go | 48 +++++-- .../frameworks/CleverGo/TaintTracking/Test.ql | 4 +- .../vendor/clevergo.tech/clevergo/stub.go | 128 +++++++++++++++++- .../Model-UntrustedSources.go | 52 ++++--- .../CleverGo/UntrustedSources/Test.ql | 4 +- .../vendor/clevergo.tech/clevergo/stub.go | 6 +- 7 files changed, 244 insertions(+), 72 deletions(-) diff --git a/ql/src/semmle/go/frameworks/CleverGo.qll b/ql/src/semmle/go/frameworks/CleverGo.qll index 43a4dea272a..f9c2f2bac48 100644 --- a/ql/src/semmle/go/frameworks/CleverGo.qll +++ b/ql/src/semmle/go/frameworks/CleverGo.qll @@ -1,17 +1,13 @@ /** - * TODO: Doc about this file. + * Provides classes for working with concepts from [`clevergo.tech/clevergo@v0.5.2`](https://pkg.go.dev/clevergo.tech/clevergo@v0.5.2) package. */ import go /** - * TODO: Doc about this module. + * Provides classes for working with concepts from [`clevergo.tech/clevergo@v0.5.2`](https://pkg.go.dev/clevergo.tech/clevergo@v0.5.2) package. */ private module CleverGo { - /** Gets the package path. */ - bindingset[result] - string packagePath() { result = ["clevergo.tech/clevergo", "github.com/clevergo/clevergo"] } - /** * Provides models of untrusted flow sources. */ @@ -22,7 +18,7 @@ private module CleverGo { this = outp.getExitNode(mtd.getACall()) | // Receiver: Context - mtd.hasQualifiedName(packagePath(), "Context", methodName) and + mtd.hasQualifiedName(package("clevergo.tech/clevergo", ""), "Context", methodName) and ( // Method: func (*Context).BasicAuth() (username string, password string, ok bool) methodName = "BasicAuth" and @@ -58,7 +54,7 @@ private module CleverGo { ) or // Receiver: Params - mtd.hasQualifiedName(packagePath(), "Params", methodName) and + mtd.hasQualifiedName(package("clevergo.tech/clevergo", ""), "Params", methodName) and ( // Method: func (Params).String(name string) string methodName = "String" and @@ -66,23 +62,35 @@ private module CleverGo { ) ) or + // Interfaces of package: clevergo.tech/clevergo@v0.5.2 + exists(string methodName, Method mtd, FunctionOutput outp | + this = outp.getExitNode(mtd.getACall()) + | + // Interface: Decoder + mtd.implements(package("clevergo.tech/clevergo", ""), "Decoder", methodName) and + ( + // Method: func (Decoder).Decode(req *net/http.Request, v interface{}) error + methodName = "Decode" and + outp.isParameter(1) + ) + ) + or // Structs of package: clevergo.tech/clevergo@v0.5.2 exists(DataFlow::Field fld | // Struct: Context - fld.hasQualifiedName(packagePath(), "Context", "Params") + fld.hasQualifiedName(package("clevergo.tech/clevergo", ""), "Context", "Params") or // Struct: Param - fld.hasQualifiedName(packagePath(), "Param", ["Key", "Value"]) + fld.hasQualifiedName(package("clevergo.tech/clevergo", ""), "Param", ["Key", "Value"]) | this = fld.getARead() ) or // Types of package: clevergo.tech/clevergo@v0.5.2 - exists(DataFlow::ReadNode read, ValueEntity v | - v.getType().hasQualifiedName(packagePath(), "Params") + exists(ValueEntity v | + v.getType().hasQualifiedName(package("clevergo.tech/clevergo", ""), "Params") | - read.reads(v) and - this = read + this = v.getARead() ) } } @@ -95,12 +103,10 @@ private module CleverGo { TaintTrackingFunctionModels() { // Taint-tracking models for package: clevergo.tech/clevergo@v0.5.2 ( - // signature: func CleanPath(p string) string - hasQualifiedName(packagePath(), "CleanPath") and - ( - inp.isParameter(0) and - out.isResult() - ) + // Function: func CleanPath(p string) string + this.hasQualifiedName(package("clevergo.tech/clevergo", ""), "CleanPath") and + inp.isParameter(0) and + out.isResult() ) } @@ -117,19 +123,23 @@ private module CleverGo { TaintTrackingMethodModels() { // Taint-tracking models for package: clevergo.tech/clevergo@v0.5.2 ( - // signature: func (Decoder).Decode(req *net/http.Request, v interface{}) error - implements(packagePath(), "Decoder", "Decode") and - ( - inp.isParameter(0) and - out.isParameter(1) - ) + // Receiver: Application + // Method: func (*Application).RouteURL(name string, args ...string) (*net/url.URL, error) + this.hasQualifiedName(package("clevergo.tech/clevergo", ""), "Application", "RouteURL") and + inp.isParameter(_) and + out.isResult(0) or - // signature: func (Renderer).Render(w io.Writer, name string, data interface{}, c *Context) error - implements(packagePath(), "Renderer", "Render") and - ( - inp.isParameter(2) and - out.isParameter(0) - ) + // Receiver: Decoder + // Method: func (Decoder).Decode(req *net/http.Request, v interface{}) error + this.implements(package("clevergo.tech/clevergo", ""), "Decoder", "Decode") and + inp.isParameter(0) and + out.isParameter(1) + or + // Receiver: Renderer + // Method: func (Renderer).Render(w io.Writer, name string, data interface{}, c *Context) error + this.implements(package("clevergo.tech/clevergo", ""), "Renderer", "Render") and + inp.isParameter(2) and + out.isParameter(0) ) } diff --git a/ql/test/library-tests/semmle/go/frameworks/CleverGo/TaintTracking/Model-TaintTracking.go b/ql/test/library-tests/semmle/go/frameworks/CleverGo/TaintTracking/Model-TaintTracking.go index 86c851cafc2..c6194f6928c 100644 --- a/ql/test/library-tests/semmle/go/frameworks/CleverGo/TaintTracking/Model-TaintTracking.go +++ b/ql/test/library-tests/semmle/go/frameworks/CleverGo/TaintTracking/Model-TaintTracking.go @@ -1,5 +1,7 @@ // Code generated by https://github.com/gagliardetto. DO NOT EDIT. +//go:generate depstubber -vendor clevergo.tech/clevergo Application,Context,Decoder,Renderer CleanPath +//go:generate depstubber -write_module_txt package main import ( @@ -23,9 +25,30 @@ func ClevergoTechClevergov052() { { // func CleanPath(p string) string { - fromString599 := source().(string) - intoString409 := clevergo.CleanPath(fromString599) - sink(intoString409) // $SinkingSource + fromString246 := source().(string) + intoString898 := clevergo.CleanPath(fromString246) + sink(intoString898) // $taintSink + } + } + // Taint-tracking through method calls. + { + // Taint-tracking through method calls on clevergo.tech/clevergo.Application. + { + // func (*Application).RouteURL(name string, args ...string) (*net/url.URL, error) + { + { + fromString598 := source().(string) + var mediumObjCQL clevergo.Application + intoURL631, _ := mediumObjCQL.RouteURL(fromString598, "") + sink(intoURL631) // $taintSink + } + { + fromString165 := source().(string) + var mediumObjCQL clevergo.Application + intoURL150, _ := mediumObjCQL.RouteURL("", fromString165) + sink(intoURL150) // $taintSink + } + } } } // Taint-tracking through interface method calls. @@ -34,26 +57,23 @@ func ClevergoTechClevergov052() { { // func (Decoder).Decode(req *net/http.Request, v interface{}) error { - fromRequest246 := source().(*http.Request) - var intoInterface898 interface{} + fromRequest340 := source().(*http.Request) + var intoInterface471 interface{} var mediumObjCQL clevergo.Decoder - mediumObjCQL.Decode(fromRequest246, intoInterface898) - sink(intoInterface898) // $SinkingSource + mediumObjCQL.Decode(fromRequest340, intoInterface471) + sink(intoInterface471) // $taintSink } } // Taint-tracking through method calls on clevergo.tech/clevergo.Renderer interface. { // func (Renderer).Render(w io.Writer, name string, data interface{}, c *Context) error { - fromInterface598 := source().(interface{}) - var intoWriter631 io.Writer + fromInterface290 := source().(interface{}) + var intoWriter758 io.Writer var mediumObjCQL clevergo.Renderer - mediumObjCQL.Render(intoWriter631, "", fromInterface598, nil) - sink(intoWriter631) // $SinkingSource + mediumObjCQL.Render(intoWriter758, "", fromInterface290, nil) + sink(intoWriter758) // $taintSink } } } } - -//go:generate depstubber -vendor clevergo.tech/clevergo Context,Decoder,Renderer CleanPath -//go:generate depstubber -write_module_txt diff --git a/ql/test/library-tests/semmle/go/frameworks/CleverGo/TaintTracking/Test.ql b/ql/test/library-tests/semmle/go/frameworks/CleverGo/TaintTracking/Test.ql index ea0c2123702..e99e38367a0 100644 --- a/ql/test/library-tests/semmle/go/frameworks/CleverGo/TaintTracking/Test.ql +++ b/ql/test/library-tests/semmle/go/frameworks/CleverGo/TaintTracking/Test.ql @@ -16,10 +16,10 @@ class Configuration extends TaintTracking::Configuration { class TaintTrackingTest extends InlineExpectationsTest { TaintTrackingTest() { this = "TaintTrackingTest" } - override string getARelevantTag() { result = "SinkingSource" } + override string getARelevantTag() { result = "taintSink" } override predicate hasActualResult(string file, int line, string element, string tag, string value) { - tag = "SinkingSource" and + tag = "taintSink" and exists(DataFlow::Node sink | any(Configuration c).hasFlow(_, sink) | element = sink.toString() and value = "" and diff --git a/ql/test/library-tests/semmle/go/frameworks/CleverGo/TaintTracking/vendor/clevergo.tech/clevergo/stub.go b/ql/test/library-tests/semmle/go/frameworks/CleverGo/TaintTracking/vendor/clevergo.tech/clevergo/stub.go index a06f3f222eb..295979cc87e 100644 --- a/ql/test/library-tests/semmle/go/frameworks/CleverGo/TaintTracking/vendor/clevergo.tech/clevergo/stub.go +++ b/ql/test/library-tests/semmle/go/frameworks/CleverGo/TaintTracking/vendor/clevergo.tech/clevergo/stub.go @@ -2,7 +2,7 @@ // This is a simple stub for clevergo.tech/clevergo, strictly for use in testing. // See the LICENSE file for information about the licensing of the original library. -// Source: clevergo.tech/clevergo (exports: Context,Decoder,Renderer; functions: CleanPath) +// Source: clevergo.tech/clevergo (exports: Application,Context,Decoder,Renderer; functions: CleanPath) // Package clevergo is a stub of clevergo.tech/clevergo, generated by depstubber. package clevergo @@ -10,11 +10,86 @@ package clevergo import ( context "context" io "io" + net "net" http "net/http" url "net/url" + os "os" time "time" ) +type Application struct { + Server *http.Server + ShutdownTimeout time.Duration + ShutdownSignals []os.Signal + RedirectTrailingSlash bool + RedirectFixedPath bool + HandleMethodNotAllowed bool + HandleOPTIONS bool + GlobalOPTIONS http.Handler + NotFound http.Handler + MethodNotAllowed http.Handler + UseRawPath bool + Renderer Renderer + Decoder Decoder + Logger interface{} +} + +func (_ *Application) Any(_ string, _ Handle, _ ...RouteOption) {} + +func (_ *Application) Delete(_ string, _ Handle, _ ...RouteOption) {} + +func (_ *Application) Get(_ string, _ Handle, _ ...RouteOption) {} + +func (_ *Application) Group(_ string, _ ...RouteGroupOption) Router { + return nil +} + +func (_ *Application) Handle(_ string, _ string, _ Handle, _ ...RouteOption) {} + +func (_ *Application) Handler(_ string, _ string, _ http.Handler, _ ...RouteOption) {} + +func (_ *Application) HandlerFunc(_ string, _ string, _ http.HandlerFunc, _ ...RouteOption) {} + +func (_ *Application) Head(_ string, _ Handle, _ ...RouteOption) {} + +func (_ *Application) Lookup(_ string, _ string) (*Route, Params, bool) { + return nil, nil, false +} + +func (_ *Application) Options(_ string, _ Handle, _ ...RouteOption) {} + +func (_ *Application) Patch(_ string, _ Handle, _ ...RouteOption) {} + +func (_ *Application) Post(_ string, _ Handle, _ ...RouteOption) {} + +func (_ *Application) Put(_ string, _ Handle, _ ...RouteOption) {} + +func (_ *Application) RouteURL(_ string, _ ...string) (*url.URL, error) { + return nil, nil +} + +func (_ *Application) Run(_ string) error { + return nil +} + +func (_ *Application) RunTLS(_ string, _ string, _ string) error { + return nil +} + +func (_ *Application) RunUnix(_ string) error { + return nil +} + +func (_ *Application) Serve(_ net.Listener) error { + return nil +} + +func (_ *Application) ServeFiles(_ string, _ http.FileSystem, _ ...RouteOption) {} + +func (_ *Application) ServeHTTP(_ http.ResponseWriter, _ *http.Request) {} + +func (_ *Application) Use(_ ...MiddlewareFunc) {} + func CleanPath(_ string) string { return "" } @@ -240,6 +315,10 @@ type Decoder interface { Decode(_ *http.Request, _ interface{}) error } +type Handle func(*Context) error + +type MiddlewareFunc func(Handle) Handle + type Param struct { Key string Value string @@ -280,3 +359,50 @@ type Route struct{} func (_ *Route) URL(_ ...string) (*url.URL, error) { return nil, nil } + +type RouteGroup struct{} + +func (_ *RouteGroup) Any(_ string, _ Handle, _ ...RouteOption) {} + +func (_ *RouteGroup) Delete(_ string, _ Handle, _ ...RouteOption) {} + +func (_ *RouteGroup) Get(_ string, _ Handle, _ ...RouteOption) {} + +func (_ *RouteGroup) Group(_ string, _ ...RouteGroupOption) Router { + return nil +} + +func (_ *RouteGroup) Handle(_ string, _ string, _ Handle, _ ...RouteOption) {} + +func (_ *RouteGroup) Handler(_ string, _ string, _ http.Handler, _ ...RouteOption) {} + +func (_ *RouteGroup) HandlerFunc(_ string, _ string, _ http.HandlerFunc, _ ...RouteOption) {} + +func (_ *RouteGroup) Head(_ string, _ Handle, _ ...RouteOption) {} + +func (_ *RouteGroup) Options(_ string, _ Handle, _ ...RouteOption) {} + +func (_ *RouteGroup) Patch(_ string, _ Handle, _ ...RouteOption) {} + +func (_ *RouteGroup) Post(_ string, _ Handle, _ ...RouteOption) {} + +func (_ *RouteGroup) Put(_ string, _ Handle, _ ...RouteOption) {} + +type RouteGroupOption func(*RouteGroup) + +type RouteOption func(*Route) + +type Router interface { + Any(_ string, _ Handle, _ ...RouteOption) + Delete(_ string, _ Handle, _ ...RouteOption) + Get(_ string, _ Handle, _ ...RouteOption) + Group(_ string, _ ...RouteGroupOption) Router + Handle(_ string, _ string, _ Handle, _ ...RouteOption) + Handler(_ string, _ string, _ http.Handler, _ ...RouteOption) + HandlerFunc(_ string, _ string, _ http.HandlerFunc, _ ...RouteOption) + Head(_ string, _ Handle, _ ...RouteOption) + Options(_ string, _ Handle, _ ...RouteOption) + Patch(_ string, _ Handle, _ ...RouteOption) + Post(_ string, _ Handle, _ ...RouteOption) + Put(_ string, _ Handle, _ ...RouteOption) +} diff --git a/ql/test/library-tests/semmle/go/frameworks/CleverGo/UntrustedSources/Model-UntrustedSources.go b/ql/test/library-tests/semmle/go/frameworks/CleverGo/UntrustedSources/Model-UntrustedSources.go index 999b599a5f1..b25ec75b220 100644 --- a/ql/test/library-tests/semmle/go/frameworks/CleverGo/UntrustedSources/Model-UntrustedSources.go +++ b/ql/test/library-tests/semmle/go/frameworks/CleverGo/UntrustedSources/Model-UntrustedSources.go @@ -1,5 +1,7 @@ // Code generated by https://github.com/gagliardetto. DO NOT EDIT. +//go:generate depstubber -vendor clevergo.tech/clevergo Context,Decoder,Param,Params +//go:generate depstubber -write_module_txt package main import "clevergo.tech/clevergo" @@ -18,8 +20,8 @@ func ClevergoTechClevergov052() { var receiverContext656 clevergo.Context resultUsername414, resultPassword518, _ := receiverContext656.BasicAuth() sink( - resultUsername414, // $SinkingUntrustedFlowSource - resultPassword518, // $SinkingUntrustedFlowSource + resultUsername414, // $untrustedFlowSource + resultPassword518, // $untrustedFlowSource ) } // func (*Context).Decode(v interface{}) (err error) @@ -27,43 +29,43 @@ func ClevergoTechClevergov052() { var receiverContext650 clevergo.Context var paramV784 interface{} receiverContext650.Decode(paramV784) - sink(paramV784) // $SinkingUntrustedFlowSource + sink(paramV784) // $untrustedFlowSource } // func (*Context).DefaultQuery(key string, defaultVlue string) string { var receiverContext957 clevergo.Context result520 := receiverContext957.DefaultQuery("", "") - sink(result520) // $SinkingUntrustedFlowSource + sink(result520) // $untrustedFlowSource } // func (*Context).FormValue(key string) string { var receiverContext443 clevergo.Context result127 := receiverContext443.FormValue("") - sink(result127) // $SinkingUntrustedFlowSource + sink(result127) // $untrustedFlowSource } // func (*Context).GetHeader(name string) string { var receiverContext483 clevergo.Context result989 := receiverContext483.GetHeader("") - sink(result989) // $SinkingUntrustedFlowSource + sink(result989) // $untrustedFlowSource } // func (*Context).PostFormValue(key string) string { var receiverContext982 clevergo.Context result417 := receiverContext982.PostFormValue("") - sink(result417) // $SinkingUntrustedFlowSource + sink(result417) // $untrustedFlowSource } // func (*Context).QueryParam(key string) string { var receiverContext584 clevergo.Context result991 := receiverContext584.QueryParam("") - sink(result991) // $SinkingUntrustedFlowSource + sink(result991) // $untrustedFlowSource } // func (*Context).QueryString() string { var receiverContext881 clevergo.Context result186 := receiverContext881.QueryString() - sink(result186) // $SinkingUntrustedFlowSource + sink(result186) // $untrustedFlowSource } } // Untrusted flow sources from method calls on clevergo.tech/clevergo.Params. @@ -72,7 +74,20 @@ func ClevergoTechClevergov052() { { var receiverParams284 clevergo.Params result908 := receiverParams284.String("") - sink(result908) // $SinkingUntrustedFlowSource + sink(result908) // $untrustedFlowSource + } + } + } + // Untrusted flow sources from interface method calls. + { + // Untrusted flow sources from method calls on clevergo.tech/clevergo.Decoder interface. + { + // func (Decoder).Decode(req *net/http.Request, v interface{}) error + { + var receiverDecoder137 clevergo.Decoder + var paramV494 interface{} + receiverDecoder137.Decode(nil, paramV494) + sink(paramV494) // $untrustedFlowSource } } } @@ -80,26 +95,23 @@ func ClevergoTechClevergov052() { { // Untrusted flow sources from clevergo.tech/clevergo.Context struct fields. { - structContext137 := new(clevergo.Context) - sink(structContext137.Params) // $SinkingUntrustedFlowSource + structContext873 := new(clevergo.Context) + sink(structContext873.Params) // $untrustedFlowSource } // Untrusted flow sources from clevergo.tech/clevergo.Param struct fields. { - structParam494 := new(clevergo.Param) + structParam599 := new(clevergo.Param) sink( - structParam494.Value, // $SinkingUntrustedFlowSource - structParam494.Key, // $SinkingUntrustedFlowSource + structParam599.Key, // $untrustedFlowSource + structParam599.Value, // $untrustedFlowSource ) } } // Untrusted flow sources from types. { { - var typeParams873 clevergo.Params - sink(typeParams873) // $SinkingUntrustedFlowSource + var typeParams409 clevergo.Params + sink(typeParams409) // $untrustedFlowSource } } } - -//go:generate depstubber -vendor clevergo.tech/clevergo Context,Param,Params -//go:generate depstubber -write_module_txt diff --git a/ql/test/library-tests/semmle/go/frameworks/CleverGo/UntrustedSources/Test.ql b/ql/test/library-tests/semmle/go/frameworks/CleverGo/UntrustedSources/Test.ql index 9d8babb5138..6f82143766b 100644 --- a/ql/test/library-tests/semmle/go/frameworks/CleverGo/UntrustedSources/Test.ql +++ b/ql/test/library-tests/semmle/go/frameworks/CleverGo/UntrustedSources/Test.ql @@ -4,10 +4,10 @@ import TestUtilities.InlineExpectationsTest class UntrustedFlowSourceTest extends InlineExpectationsTest { UntrustedFlowSourceTest() { this = "UntrustedFlowSourceTest" } - override string getARelevantTag() { result = "SinkingUntrustedFlowSource" } + override string getARelevantTag() { result = "untrustedFlowSource" } override predicate hasActualResult(string file, int line, string element, string tag, string value) { - tag = "SinkingUntrustedFlowSource" and + tag = "untrustedFlowSource" and exists(DataFlow::CallNode sinkCall, DataFlow::ArgumentNode arg | sinkCall.getCalleeName() = "sink" and arg = sinkCall.getAnArgument() and diff --git a/ql/test/library-tests/semmle/go/frameworks/CleverGo/UntrustedSources/vendor/clevergo.tech/clevergo/stub.go b/ql/test/library-tests/semmle/go/frameworks/CleverGo/UntrustedSources/vendor/clevergo.tech/clevergo/stub.go index 07a9452ea20..3aa3a0e211d 100644 --- a/ql/test/library-tests/semmle/go/frameworks/CleverGo/UntrustedSources/vendor/clevergo.tech/clevergo/stub.go +++ b/ql/test/library-tests/semmle/go/frameworks/CleverGo/UntrustedSources/vendor/clevergo.tech/clevergo/stub.go @@ -2,7 +2,7 @@ // This is a simple stub for clevergo.tech/clevergo, strictly for use in testing. // See the LICENSE file for information about the licensing of the original library. -// Source: clevergo.tech/clevergo (exports: Context,Param,Params; functions: ) +// Source: clevergo.tech/clevergo (exports: Context,Decoder,Param,Params; functions: ) // Package clevergo is a stub of clevergo.tech/clevergo, generated by depstubber. package clevergo @@ -232,6 +232,10 @@ func (_ *Context) XMLBlob(_ int, _ []byte) error { return nil } +type Decoder interface { + Decode(_ *http.Request, _ interface{}) error +} + type Param struct { Key string Value string