hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Exclude local function pointers

Browse Source
This commit is contained in:
Owen Mansel-Chan
2020-11-16 20:46:45 +00:00
parent 05fe388ba3
commit e7697963d3
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ql/src/semmle/go/security/ExternalAPIs.qll
View File

@@ -69,6 +69,16 @@ predicate isACommonSink(DataFlow::Node n) {
n instanceof CleartextLogging::Sink
}
/** Holds if `callNode` is a local function pointer. */
private predicate isProbableLocalFunctionPointer(DataFlow::CallNode callNode) {
// Not a method call
not callNode instanceof DataFlow::MethodCallNode and
// Does not have a declared target function
not exists(callNode.getTarget()) and
// Does not appear to be in a package
not callNode.getCall().getCalleeExpr().(QualifiedName).getBase() instanceof PackageName
}
/** A node representing data being passed to an external API. */
class ExternalAPIDataNode extends DataFlow::Node {
DataFlow::CallNode call;
@@ -91,6 +101,8 @@ class ExternalAPIDataNode extends DataFlow::Node {
) and
// Not defined in the code that is being analysed
not exists(call.getACallee().getBody()) and
// Not a function pointer, unless it's declared in a package
not isProbableLocalFunctionPointer(call) and
// Not defined in a test file
not call.getFile() instanceof TestFile and
// Not already modeled as a taint step