mirror of
https://github.com/github/codeql.git
synced 2026-06-05 13:37:06 +02:00
Compare commits
4 Commits
idrissrio/
...
yoff/pytho
| Author | SHA1 | Date | |
|---|---|---|---|
|
0b473e3763 | ||
|
|
a13dfaa44f | ||
|
|
ac5fa629ef | ||
|
|
5fb75ac987 |
@@ -11,6 +11,10 @@
|
|||||||
"java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll",
|
"java/ql/lib/semmle/code/java/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll",
|
||||||
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll"
|
"csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/SignAnalysisCommon.qll"
|
||||||
],
|
],
|
||||||
|
"Bound Java/C#": [
|
||||||
|
"java/ql/lib/semmle/code/java/dataflow/Bound.qll",
|
||||||
|
"csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll"
|
||||||
|
],
|
||||||
"ModulusAnalysis Java/C#": [
|
"ModulusAnalysis Java/C#": [
|
||||||
"java/ql/lib/semmle/code/java/dataflow/ModulusAnalysis.qll",
|
"java/ql/lib/semmle/code/java/dataflow/ModulusAnalysis.qll",
|
||||||
"csharp/ql/lib/semmle/code/csharp/dataflow/ModulusAnalysis.qll"
|
"csharp/ql/lib/semmle/code/csharp/dataflow/ModulusAnalysis.qll"
|
||||||
|
|||||||
@@ -61,13 +61,12 @@ private predicate discardElement(@element e) {
|
|||||||
// particular, been deleted), or the overlay has redefined the TRAP
|
// particular, been deleted), or the overlay has redefined the TRAP
|
||||||
// file or tag it is in, or the overlay runner has re-extracted the same
|
// file or tag it is in, or the overlay runner has re-extracted the same
|
||||||
// source file (e.g. because a header it includes has changed).
|
// source file (e.g. because a header it includes has changed).
|
||||||
not exists(@trap_or_tag t |
|
forall(@trap_or_tag t, string sourceFile |
|
||||||
locallyInTrapOrTag(false, e, t) and
|
locallyInTrapOrTag(false, e, t) and
|
||||||
not locallyReachableTrapOrTag(true, _, t) and
|
locallyReachableTrapOrTag(false, sourceFile, t)
|
||||||
exists(string sourceFile |
|
|
|
||||||
locallyReachableTrapOrTag(false, sourceFile, t) and
|
overlayChangedFiles(sourceFile) or
|
||||||
not overlayChangedFiles(sourceFile) and
|
locallyReachableTrapOrTag(true, _, t) or
|
||||||
not locallyReachableTrapOrTag(true, sourceFile, _)
|
locallyReachableTrapOrTag(true, sourceFile, _)
|
||||||
)
|
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -9,7 +9,6 @@ dependencies:
|
|||||||
codeql/controlflow: ${workspace}
|
codeql/controlflow: ${workspace}
|
||||||
codeql/dataflow: ${workspace}
|
codeql/dataflow: ${workspace}
|
||||||
codeql/mad: ${workspace}
|
codeql/mad: ${workspace}
|
||||||
codeql/rangeanalysis: ${workspace}
|
|
||||||
codeql/ssa: ${workspace}
|
codeql/ssa: ${workspace}
|
||||||
codeql/threat-models: ${workspace}
|
codeql/threat-models: ${workspace}
|
||||||
codeql/tutorial: ${workspace}
|
codeql/tutorial: ${workspace}
|
||||||
|
|||||||
@@ -4,31 +4,67 @@
|
|||||||
overlay[local?]
|
overlay[local?]
|
||||||
module;
|
module;
|
||||||
|
|
||||||
private import csharp as CS
|
private import internal.rangeanalysis.BoundSpecific
|
||||||
private import semmle.code.csharp.dataflow.SSA::Ssa
|
|
||||||
private import semmle.code.csharp.dataflow.internal.rangeanalysis.ConstantUtils as CU
|
|
||||||
private import semmle.code.csharp.dataflow.internal.rangeanalysis.RangeUtils as RU
|
|
||||||
private import semmle.code.csharp.dataflow.internal.rangeanalysis.SsaUtils as SU
|
|
||||||
private import codeql.rangeanalysis.Bound as SharedBound
|
|
||||||
|
|
||||||
/** Provides C#-specific definitions for bounds. */
|
private newtype TBound =
|
||||||
private module BoundDefs implements SharedBound::BoundDefinitions<CS::Location> {
|
TBoundZero() or
|
||||||
class Type = CS::Type;
|
TBoundSsa(SsaVariable v) { v.getSourceVariable().getType() instanceof IntegralType } or
|
||||||
|
TBoundExpr(Expr e) {
|
||||||
|
interestingExprBound(e) and
|
||||||
|
not exists(SsaVariable v | e = v.getAUse())
|
||||||
|
}
|
||||||
|
|
||||||
class SsaVariable = SU::SsaVariable;
|
/**
|
||||||
|
* A bound that may be inferred for an expression plus/minus an integer delta.
|
||||||
|
*/
|
||||||
|
abstract class Bound extends TBound {
|
||||||
|
/** Gets a textual representation of this bound. */
|
||||||
|
abstract string toString();
|
||||||
|
|
||||||
class SsaSourceVariable = SourceVariable;
|
/** Gets an expression that equals this bound plus `delta`. */
|
||||||
|
abstract Expr getExpr(int delta);
|
||||||
|
|
||||||
class Expr = CS::ControlFlowNodes::ExprNode;
|
/** Gets an expression that equals this bound. */
|
||||||
|
Expr getExpr() { result = this.getExpr(0) }
|
||||||
|
|
||||||
class IntegralType = CS::IntegralType;
|
/** Gets the location of this bound. */
|
||||||
|
abstract Location getLocation();
|
||||||
class ConstantIntegerExpr = CU::ConstantIntegerExpr;
|
|
||||||
|
|
||||||
/** Holds if `e` is a bound expression and it is not an SSA variable read. */
|
|
||||||
predicate interestingExprBound(Expr e) { CU::systemArrayLengthAccess(e.getExpr()) }
|
|
||||||
}
|
}
|
||||||
|
|
||||||
module BoundImpl = SharedBound::Bound<CS::Location, BoundDefs>;
|
/**
|
||||||
|
* The bound that corresponds to the integer 0. This is used to represent all
|
||||||
|
* integer bounds as bounds are always accompanied by an added integer delta.
|
||||||
|
*/
|
||||||
|
class ZeroBound extends Bound, TBoundZero {
|
||||||
|
override string toString() { result = "0" }
|
||||||
|
|
||||||
import BoundImpl
|
override Expr getExpr(int delta) { result.(ConstantIntegerExpr).getIntValue() = delta }
|
||||||
|
|
||||||
|
override Location getLocation() { result.hasLocationInfo("", 0, 0, 0, 0) }
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A bound corresponding to the value of an SSA variable.
|
||||||
|
*/
|
||||||
|
class SsaBound extends Bound, TBoundSsa {
|
||||||
|
/** Gets the SSA variable that equals this bound. */
|
||||||
|
SsaVariable getSsa() { this = TBoundSsa(result) }
|
||||||
|
|
||||||
|
override string toString() { result = this.getSsa().toString() }
|
||||||
|
|
||||||
|
override Expr getExpr(int delta) { result = this.getSsa().getAUse() and delta = 0 }
|
||||||
|
|
||||||
|
override Location getLocation() { result = this.getSsa().getLocation() }
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A bound that corresponds to the value of a specific expression that might be
|
||||||
|
* interesting, but isn't otherwise represented by the value of an SSA variable.
|
||||||
|
*/
|
||||||
|
class ExprBound extends Bound, TBoundExpr {
|
||||||
|
override string toString() { result = this.getExpr().toString() }
|
||||||
|
|
||||||
|
override Expr getExpr(int delta) { this = TBoundExpr(result) and delta = 0 }
|
||||||
|
|
||||||
|
override Location getLocation() { result = this.getExpr().getLocation() }
|
||||||
|
}
|
||||||
|
|||||||
@@ -0,0 +1,22 @@
|
|||||||
|
/**
|
||||||
|
* Provides C#-specific definitions for bounds.
|
||||||
|
*/
|
||||||
|
|
||||||
|
private import csharp as CS
|
||||||
|
private import semmle.code.csharp.dataflow.SSA::Ssa as Ssa
|
||||||
|
private import semmle.code.csharp.dataflow.internal.rangeanalysis.ConstantUtils as CU
|
||||||
|
private import semmle.code.csharp.dataflow.internal.rangeanalysis.RangeUtils as RU
|
||||||
|
private import semmle.code.csharp.dataflow.internal.rangeanalysis.SsaUtils as SU
|
||||||
|
|
||||||
|
class SsaVariable = SU::SsaVariable;
|
||||||
|
|
||||||
|
class Expr = CS::ControlFlowNodes::ExprNode;
|
||||||
|
|
||||||
|
class Location = CS::Location;
|
||||||
|
|
||||||
|
class IntegralType = CS::IntegralType;
|
||||||
|
|
||||||
|
class ConstantIntegerExpr = CU::ConstantIntegerExpr;
|
||||||
|
|
||||||
|
/** Holds if `e` is a bound expression and it is not an SSA variable read. */
|
||||||
|
predicate interestingExprBound(Expr e) { CU::systemArrayLengthAccess(e.getExpr()) }
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: minorAnalysis
|
|
||||||
---
|
|
||||||
* More logging functions are now recognized as not returning or panicking.
|
|
||||||
@@ -413,13 +413,17 @@ private class ExternalLoggerCall extends LoggerCall::Range, DataFlow::CallNode {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private class HeuristicLoggerFunction extends Method {
|
/**
|
||||||
string logFunctionPrefix;
|
* A call to an interface that looks like a logger. It is common to use a
|
||||||
|
* locally-defined interface for logging to make it easy to changing logging
|
||||||
HeuristicLoggerFunction() {
|
* library.
|
||||||
exists(string tp, string name |
|
*/
|
||||||
this.hasQualifiedName(_, tp, name) and
|
private class HeuristicLoggerCall extends LoggerCall::Range, DataFlow::CallNode {
|
||||||
this.getReceiverBaseType().getUnderlyingType() instanceof InterfaceType
|
HeuristicLoggerCall() {
|
||||||
|
exists(Method m, string tp, string logFunctionPrefix, string name |
|
||||||
|
m = this.getTarget() and
|
||||||
|
m.hasQualifiedName(_, tp, name) and
|
||||||
|
m.getReceiverBaseType().getUnderlyingType() instanceof InterfaceType
|
||||||
|
|
|
|
||||||
tp.regexpMatch(".*[lL]ogger") and
|
tp.regexpMatch(".*[lL]ogger") and
|
||||||
logFunctionPrefix =
|
logFunctionPrefix =
|
||||||
@@ -431,19 +435,6 @@ private class HeuristicLoggerFunction extends Method {
|
|||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
override predicate mayReturnNormally() { logFunctionPrefix != "Fatal" }
|
|
||||||
|
|
||||||
override predicate mustPanic() { logFunctionPrefix = "Panic" }
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* A call to an interface that looks like a logger. It is common to use a
|
|
||||||
* locally-defined interface for logging to make it easy to change logging
|
|
||||||
* library.
|
|
||||||
*/
|
|
||||||
private class HeuristicLoggerCall extends LoggerCall::Range, DataFlow::CallNode {
|
|
||||||
HeuristicLoggerCall() { this.getTarget() instanceof HeuristicLoggerFunction }
|
|
||||||
|
|
||||||
override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
|
override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -12,37 +12,17 @@ import go
|
|||||||
* forks.
|
* forks.
|
||||||
*/
|
*/
|
||||||
module Glog {
|
module Glog {
|
||||||
/** Gets a package name for `glog` or `klog` (which is a fork). */
|
|
||||||
string packagePath() {
|
|
||||||
result =
|
|
||||||
package([
|
|
||||||
"github.com/golang/glog", "gopkg.in/glog", "k8s.io/klog", "github.com/barakmich/glog"
|
|
||||||
], "")
|
|
||||||
}
|
|
||||||
|
|
||||||
private class GlogFunction extends Function {
|
private class GlogFunction extends Function {
|
||||||
int firstPrintedArg;
|
int firstPrintedArg;
|
||||||
string format;
|
|
||||||
string level;
|
|
||||||
|
|
||||||
GlogFunction() {
|
GlogFunction() {
|
||||||
exists(string pkg, string context, int nContextArgs, string depth, int nDepthArgs, string fn |
|
exists(string pkg, string fn, string level |
|
||||||
pkg = packagePath() and
|
pkg = package(["github.com/golang/glog", "gopkg.in/glog", "k8s.io/klog"], "") and
|
||||||
level = ["Error", "Exit", "Fatal", "Info", "Warning"] and
|
level = ["Error", "Exit", "Fatal", "Info", "Warning"] and
|
||||||
(
|
(
|
||||||
context = "" and nContextArgs = 0
|
fn = level + ["", "f", "ln"] and firstPrintedArg = 0
|
||||||
or
|
or
|
||||||
context = "Context" and nContextArgs = 1
|
fn = level + "Depth" and firstPrintedArg = 1
|
||||||
) and
|
|
||||||
(
|
|
||||||
depth = "" and nDepthArgs = 0
|
|
||||||
or
|
|
||||||
depth = "Depth" and nDepthArgs = 1
|
|
||||||
) and
|
|
||||||
format = ["", "f", "ln"] and
|
|
||||||
(
|
|
||||||
fn = level + context + depth + format and
|
|
||||||
firstPrintedArg = nContextArgs + nDepthArgs
|
|
||||||
)
|
)
|
||||||
|
|
|
|
||||||
this.hasQualifiedName(pkg, fn)
|
this.hasQualifiedName(pkg, fn)
|
||||||
@@ -55,15 +35,10 @@ module Glog {
|
|||||||
* Gets the index of the first argument that may be output, including a format string if one is present.
|
* Gets the index of the first argument that may be output, including a format string if one is present.
|
||||||
*/
|
*/
|
||||||
int getFirstPrintedArg() { result = firstPrintedArg }
|
int getFirstPrintedArg() { result = firstPrintedArg }
|
||||||
|
|
||||||
/** Holds if this function takes a format string. */
|
|
||||||
predicate formatter() { format = "f" }
|
|
||||||
|
|
||||||
override predicate mayReturnNormally() { level != "Fatal" and level != "Exit" }
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private class StringFormatter extends StringOps::Formatting::Range instanceof GlogFunction {
|
private class StringFormatter extends StringOps::Formatting::Range instanceof GlogFunction {
|
||||||
StringFormatter() { this.formatter() }
|
StringFormatter() { this.getName().matches("%f") }
|
||||||
|
|
||||||
override int getFormatStringIndex() { result = super.getFirstPrintedArg() }
|
override int getFormatStringIndex() { result = super.getFirstPrintedArg() }
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -28,12 +28,6 @@ module Logrus {
|
|||||||
this.(Method).hasQualifiedName(packagePath(), ["Entry", "Logger"], name)
|
this.(Method).hasQualifiedName(packagePath(), ["Entry", "Logger"], name)
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
override predicate mayReturnNormally() {
|
|
||||||
not exists(string level, string suffix | level = ["Fatal", "Panic"] |
|
|
||||||
this.getName() = level + suffix
|
|
||||||
)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private class StringFormatters extends StringOps::Formatting::Range instanceof LogFunction {
|
private class StringFormatters extends StringOps::Formatting::Range instanceof LogFunction {
|
||||||
|
|||||||
@@ -47,7 +47,7 @@ module Zap {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/** A Zap logging function which always panics. */
|
/** A Zap logging function which always panics. */
|
||||||
private class FatalLogMethod extends ZapFunction {
|
private class FatalLogMethod extends Method {
|
||||||
FatalLogMethod() {
|
FatalLogMethod() {
|
||||||
this.hasQualifiedName(packagePath(), "Logger", "Fatal")
|
this.hasQualifiedName(packagePath(), "Logger", "Fatal")
|
||||||
or
|
or
|
||||||
@@ -58,7 +58,7 @@ module Zap {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/** A Zap logging function which always panics. */
|
/** A Zap logging function which always panics. */
|
||||||
private class MustPanicLogMethod extends ZapFunction {
|
private class MustPanicLogMethod extends Method {
|
||||||
MustPanicLogMethod() {
|
MustPanicLogMethod() {
|
||||||
this.hasQualifiedName(packagePath(), "Logger", "Panic")
|
this.hasQualifiedName(packagePath(), "Logger", "Panic")
|
||||||
or
|
or
|
||||||
|
|||||||
@@ -29,37 +29,18 @@ module Log {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private class LogFormatter extends StringOps::Formatting::Range instanceof LogFunction {
|
private class LogFormatter extends StringOps::Formatting::Range instanceof LogFunction {
|
||||||
LogFormatter() { this.getName() = ["Fatalf", "Panicf", "Printf", "Panic", "Panicf", "Panicln"] }
|
LogFormatter() { this.getName() = ["Fatalf", "Panicf", "Printf"] }
|
||||||
|
|
||||||
override int getFormatStringIndex() { result = 0 }
|
override int getFormatStringIndex() { result = 0 }
|
||||||
}
|
}
|
||||||
|
|
||||||
/** A fatal log function, which calls `os.Exit`. */
|
/** A fatal log function, which calls `os.Exit`. */
|
||||||
private class FatalLogFunction extends Function {
|
private class FatalLogFunction extends Function {
|
||||||
FatalLogFunction() {
|
FatalLogFunction() { this.hasQualifiedName("log", ["Fatal", "Fatalf", "Fatalln"]) }
|
||||||
exists(string fn | fn = ["Fatal", "Fatalf", "Fatalln"] |
|
|
||||||
this.hasQualifiedName("log", fn)
|
|
||||||
or
|
|
||||||
this.(Method).hasQualifiedName("log", "Logger", fn)
|
|
||||||
)
|
|
||||||
}
|
|
||||||
|
|
||||||
override predicate mayReturnNormally() { none() }
|
override predicate mayReturnNormally() { none() }
|
||||||
}
|
}
|
||||||
|
|
||||||
/** A log function which must panic. */
|
|
||||||
private class PanicLogFunction extends Function {
|
|
||||||
PanicLogFunction() {
|
|
||||||
exists(string fn | fn = ["Panic", "Panicf", "Panicln"] |
|
|
||||||
this.hasQualifiedName("log", fn)
|
|
||||||
or
|
|
||||||
this.(Method).hasQualifiedName("log", "Logger", fn)
|
|
||||||
)
|
|
||||||
}
|
|
||||||
|
|
||||||
override predicate mustPanic() { any() }
|
|
||||||
}
|
|
||||||
|
|
||||||
// These models are not implemented using Models-as-Data because they represent reverse flow.
|
// These models are not implemented using Models-as-Data because they represent reverse flow.
|
||||||
private class FunctionModels extends TaintTracking::FunctionModel {
|
private class FunctionModels extends TaintTracking::FunctionModel {
|
||||||
FunctionInput inp;
|
FunctionInput inp;
|
||||||
@@ -82,6 +63,30 @@ module Log {
|
|||||||
FunctionOutput outp;
|
FunctionOutput outp;
|
||||||
|
|
||||||
MethodModels() {
|
MethodModels() {
|
||||||
|
// signature: func (*Logger) Fatal(v ...interface{})
|
||||||
|
this.hasQualifiedName("log", "Logger", "Fatal") and
|
||||||
|
(inp.isParameter(_) and outp.isReceiver())
|
||||||
|
or
|
||||||
|
// signature: func (*Logger) Fatalf(format string, v ...interface{})
|
||||||
|
this.hasQualifiedName("log", "Logger", "Fatalf") and
|
||||||
|
(inp.isParameter(_) and outp.isReceiver())
|
||||||
|
or
|
||||||
|
// signature: func (*Logger) Fatalln(v ...interface{})
|
||||||
|
this.hasQualifiedName("log", "Logger", "Fatalln") and
|
||||||
|
(inp.isParameter(_) and outp.isReceiver())
|
||||||
|
or
|
||||||
|
// signature: func (*Logger) Panic(v ...interface{})
|
||||||
|
this.hasQualifiedName("log", "Logger", "Panic") and
|
||||||
|
(inp.isParameter(_) and outp.isReceiver())
|
||||||
|
or
|
||||||
|
// signature: func (*Logger) Panicf(format string, v ...interface{})
|
||||||
|
this.hasQualifiedName("log", "Logger", "Panicf") and
|
||||||
|
(inp.isParameter(_) and outp.isReceiver())
|
||||||
|
or
|
||||||
|
// signature: func (*Logger) Panicln(v ...interface{})
|
||||||
|
this.hasQualifiedName("log", "Logger", "Panicln") and
|
||||||
|
(inp.isParameter(_) and outp.isReceiver())
|
||||||
|
or
|
||||||
// signature: func (*Logger) Print(v ...interface{})
|
// signature: func (*Logger) Print(v ...interface{})
|
||||||
this.hasQualifiedName("log", "Logger", "Print") and
|
this.hasQualifiedName("log", "Logger", "Print") and
|
||||||
(inp.isParameter(_) and outp.isReceiver())
|
(inp.isParameter(_) and outp.isReceiver())
|
||||||
|
|||||||
@@ -1,181 +1,54 @@
|
|||||||
//go:generate depstubber -vendor github.com/golang/glog Level,Verbose Error,ErrorContext,ErrorContextDepth,ErrorContextDepthf,ErrorContextf,ErrorDepth,ErrorDepthf,Errorf,Errorln,Exit,ExitContext,ExitContextDepth,ExitContextDepthf,ExitContextf,ExitDepth,ExitDepthf,Exitf,Exitln,Fatal,FatalContext,FatalContextDepth,FatalContextDepthf,FatalContextf,FatalDepth,FatalDepthf,Fatalf,Fatalln,Info,InfoContext,InfoContextDepth,InfoContextDepthf,InfoContextf,InfoDepth,InfoDepthf,Infof,Infoln,V,VDepth,Warning,WarningContext,WarningContextDepth,WarningContextDepthf,WarningContextf,WarningDepth,WarningDepthf,Warningf,Warningln
|
//go:generate depstubber -vendor github.com/golang/glog "" Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,Warning,WarningDepth,Warningf,Warningln
|
||||||
//go:generate depstubber -vendor k8s.io/klog Level,Verbose Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,V,Warning,WarningDepth,Warningf,Warningln
|
//go:generate depstubber -vendor k8s.io/klog "" Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,Warning,WarningDepth,Warningf,Warningln
|
||||||
|
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
|
||||||
|
|
||||||
"github.com/golang/glog"
|
"github.com/golang/glog"
|
||||||
"k8s.io/klog"
|
"k8s.io/klog"
|
||||||
)
|
)
|
||||||
|
|
||||||
func glogTest(selector int) {
|
func glogTest() {
|
||||||
ctx := context.Background()
|
glog.Error(text) // $ logger=text
|
||||||
|
glog.ErrorDepth(0, text) // $ logger=text
|
||||||
glog.Error(text) // $ logger=text
|
glog.Errorf(fmt, text) // $ logger=fmt logger=text
|
||||||
glog.ErrorContext(ctx, text) // $ logger=text
|
glog.Errorln(text) // $ logger=text
|
||||||
glog.ErrorContextDepth(ctx, 0, text) // $ logger=text
|
glog.Exit(text) // $ logger=text
|
||||||
glog.ErrorContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text
|
glog.ExitDepth(0, text) // $ logger=text
|
||||||
glog.ErrorContextf(ctx, fmt, text) // $ logger=fmt logger=text
|
glog.Exitf(fmt, text) // $ logger=fmt logger=text
|
||||||
glog.ErrorDepth(0, text) // $ logger=text
|
glog.Exitln(text) // $ logger=text
|
||||||
glog.ErrorDepthf(0, fmt, text) // $ logger=fmt logger=text
|
glog.Fatal(text) // $ logger=text
|
||||||
glog.Errorf(fmt, text) // $ logger=fmt logger=text
|
glog.FatalDepth(0, text) // $ logger=text
|
||||||
glog.Errorln(text) // $ logger=text
|
glog.Fatalf(fmt, text) // $ logger=fmt logger=text
|
||||||
if selector == 1 {
|
glog.Fatalln(text) // $ logger=text
|
||||||
glog.Exit(text) // $ logger=text
|
glog.Info(text) // $ logger=text
|
||||||
}
|
glog.InfoDepth(0, text) // $ logger=text
|
||||||
if selector == 2 {
|
glog.Infof(fmt, text) // $ logger=fmt logger=text
|
||||||
glog.ExitContext(ctx, text) // $ logger=text
|
glog.Infoln(text) // $ logger=text
|
||||||
}
|
glog.Warning(text) // $ logger=text
|
||||||
if selector == 3 {
|
glog.WarningDepth(0, text) // $ logger=text
|
||||||
glog.ExitContextDepth(ctx, 0, text) // $ logger=text
|
glog.Warningf(fmt, text) // $ logger=fmt logger=text
|
||||||
}
|
glog.Warningln(text) // $ logger=text
|
||||||
if selector == 4 {
|
|
||||||
glog.ExitContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text
|
|
||||||
}
|
|
||||||
if selector == 5 {
|
|
||||||
glog.ExitContextf(ctx, fmt, text) // $ logger=fmt logger=text
|
|
||||||
}
|
|
||||||
if selector == 6 {
|
|
||||||
glog.ExitDepth(0, text) // $ logger=text
|
|
||||||
}
|
|
||||||
if selector == 7 {
|
|
||||||
glog.ExitDepthf(0, fmt, text) // $ logger=fmt logger=text
|
|
||||||
}
|
|
||||||
if selector == 8 {
|
|
||||||
glog.Exitf(fmt, text) // $ logger=fmt logger=text
|
|
||||||
}
|
|
||||||
if selector == 9 {
|
|
||||||
glog.Exitln(text) // $ logger=text
|
|
||||||
}
|
|
||||||
if selector == 10 {
|
|
||||||
glog.Fatal(text) // $ logger=text
|
|
||||||
}
|
|
||||||
if selector == 11 {
|
|
||||||
glog.FatalContext(ctx, text) // $ logger=text
|
|
||||||
}
|
|
||||||
if selector == 12 {
|
|
||||||
glog.FatalContextDepth(ctx, 0, text) // $ logger=text
|
|
||||||
}
|
|
||||||
if selector == 13 {
|
|
||||||
glog.FatalContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text
|
|
||||||
}
|
|
||||||
if selector == 14 {
|
|
||||||
glog.FatalContextf(ctx, fmt, text) // $ logger=fmt logger=text
|
|
||||||
}
|
|
||||||
if selector == 15 {
|
|
||||||
glog.FatalDepth(0, text) // $ logger=text
|
|
||||||
}
|
|
||||||
if selector == 16 {
|
|
||||||
glog.FatalDepthf(0, fmt, text) // $ logger=fmt logger=text
|
|
||||||
}
|
|
||||||
if selector == 17 {
|
|
||||||
glog.Fatalf(fmt, text) // $ logger=fmt logger=text
|
|
||||||
}
|
|
||||||
if selector == 18 {
|
|
||||||
glog.Fatalln(text) // $ logger=text
|
|
||||||
}
|
|
||||||
glog.Info(text) // $ logger=text
|
|
||||||
glog.InfoContext(ctx, text) // $ logger=text
|
|
||||||
glog.InfoContextDepth(ctx, 0, text) // $ logger=text
|
|
||||||
glog.InfoContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text
|
|
||||||
glog.InfoContextf(ctx, fmt, text) // $ logger=fmt logger=text
|
|
||||||
glog.InfoDepth(0, text) // $ logger=text
|
|
||||||
glog.InfoDepthf(0, fmt, text) // $ logger=fmt logger=text
|
|
||||||
glog.Infof(fmt, text) // $ logger=fmt logger=text
|
|
||||||
glog.Infoln(text) // $ logger=text
|
|
||||||
glog.Warning(text) // $ logger=text
|
|
||||||
glog.WarningContext(ctx, text) // $ logger=text
|
|
||||||
glog.WarningContextDepth(ctx, 0, text) // $ logger=text
|
|
||||||
glog.WarningContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text
|
|
||||||
glog.WarningContextf(ctx, fmt, text) // $ logger=fmt logger=text
|
|
||||||
glog.WarningDepth(0, text) // $ logger=text
|
|
||||||
glog.WarningDepthf(0, fmt, text) // $ logger=fmt logger=text
|
|
||||||
glog.Warningf(fmt, text) // $ logger=fmt logger=text
|
|
||||||
glog.Warningln(text) // $ logger=text
|
|
||||||
|
|
||||||
glog.V(0).Info(text) // $ logger=text
|
|
||||||
glog.V(0).InfoContext(ctx, text) // $ logger=text
|
|
||||||
glog.V(0).InfoContextDepth(ctx, 0, text) // $ logger=text
|
|
||||||
glog.V(0).InfoContextDepthf(ctx, 0, fmt, text) // $ logger=fmt logger=text
|
|
||||||
glog.V(0).InfoContextf(ctx, fmt, text) // $ logger=fmt logger=text
|
|
||||||
glog.V(0).InfoDepth(0, text) // $ logger=text
|
|
||||||
glog.V(0).InfoDepthf(0, fmt, text) // $ logger=fmt logger=text
|
|
||||||
glog.V(0).Infof(fmt, text) // $ logger=fmt logger=text
|
|
||||||
glog.V(0).Infoln(text) // $ logger=text
|
|
||||||
glog.VDepth(0, 0).Info(text) // $ logger=text
|
|
||||||
|
|
||||||
// components corresponding to the format specifier "%T" are not considered vulnerable
|
// components corresponding to the format specifier "%T" are not considered vulnerable
|
||||||
glog.ErrorContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
glog.Errorf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
||||||
glog.ErrorContextf(ctx, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
glog.Exitf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
||||||
glog.ErrorDepthf(0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
glog.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
||||||
glog.Errorf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
glog.Infof("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
||||||
if selector == 19 {
|
glog.Warningf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
||||||
glog.ExitContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
}
|
|
||||||
if selector == 20 {
|
|
||||||
glog.ExitContextf(ctx, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
}
|
|
||||||
if selector == 21 {
|
|
||||||
glog.ExitDepthf(0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
}
|
|
||||||
if selector == 22 {
|
|
||||||
glog.Exitf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
}
|
|
||||||
if selector == 23 {
|
|
||||||
glog.FatalContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
}
|
|
||||||
if selector == 24 {
|
|
||||||
glog.FatalContextf(ctx, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
}
|
|
||||||
if selector == 25 {
|
|
||||||
glog.FatalDepthf(0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
}
|
|
||||||
if selector == 26 {
|
|
||||||
glog.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
}
|
|
||||||
glog.InfoContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
glog.InfoContextf(ctx, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
glog.InfoDepthf(0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
glog.Infof("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
glog.WarningContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
glog.WarningContextf(ctx, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
glog.WarningDepthf(0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
glog.Warningf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
glog.V(0).InfoContextDepthf(ctx, 0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
glog.V(0).InfoContextf(ctx, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
glog.V(0).InfoDepthf(0, "%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
glog.V(0).Infof("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
|
|
||||||
klog.Error(text) // $ logger=text
|
klog.Error(text) // $ logger=text
|
||||||
klog.ErrorDepth(0, text) // $ logger=text
|
klog.ErrorDepth(0, text) // $ logger=text
|
||||||
klog.Errorf(fmt, text) // $ logger=fmt logger=text
|
klog.Errorf(fmt, text) // $ logger=fmt logger=text
|
||||||
klog.Errorln(text) // $ logger=text
|
klog.Errorln(text) // $ logger=text
|
||||||
if selector == 27 {
|
klog.Exit(text) // $ logger=text
|
||||||
klog.Exit(text) // $ logger=text
|
klog.ExitDepth(0, text) // $ logger=text
|
||||||
}
|
klog.Exitf(fmt, text) // $ logger=fmt logger=text
|
||||||
if selector == 28 {
|
klog.Exitln(text) // $ logger=text
|
||||||
klog.ExitDepth(0, text) // $ logger=text
|
klog.Fatal(text) // $ logger=text
|
||||||
}
|
klog.FatalDepth(0, text) // $ logger=text
|
||||||
if selector == 29 {
|
klog.Fatalf(fmt, text) // $ logger=fmt logger=text
|
||||||
klog.Exitf(fmt, text) // $ logger=fmt logger=text
|
klog.Fatalln(text) // $ logger=text
|
||||||
}
|
|
||||||
if selector == 30 {
|
|
||||||
klog.Exitln(text) // $ logger=text
|
|
||||||
}
|
|
||||||
if selector == 31 {
|
|
||||||
klog.Fatal(text) // $ logger=text
|
|
||||||
}
|
|
||||||
if selector == 32 {
|
|
||||||
klog.FatalDepth(0, text) // $ logger=text
|
|
||||||
}
|
|
||||||
if selector == 33 {
|
|
||||||
klog.Fatalf(fmt, text) // $ logger=fmt logger=text
|
|
||||||
}
|
|
||||||
if selector == 34 {
|
|
||||||
klog.Fatalln(text) // $ logger=text
|
|
||||||
}
|
|
||||||
klog.Info(text) // $ logger=text
|
klog.Info(text) // $ logger=text
|
||||||
klog.InfoDepth(0, text) // $ logger=text
|
klog.InfoDepth(0, text) // $ logger=text
|
||||||
klog.Infof(fmt, text) // $ logger=fmt logger=text
|
klog.Infof(fmt, text) // $ logger=fmt logger=text
|
||||||
@@ -184,19 +57,11 @@ func glogTest(selector int) {
|
|||||||
klog.WarningDepth(0, text) // $ logger=text
|
klog.WarningDepth(0, text) // $ logger=text
|
||||||
klog.Warningf(fmt, text) // $ logger=fmt logger=text
|
klog.Warningf(fmt, text) // $ logger=fmt logger=text
|
||||||
klog.Warningln(text) // $ logger=text
|
klog.Warningln(text) // $ logger=text
|
||||||
klog.V(0).Info(text) // $ logger=text
|
|
||||||
klog.V(0).Infof(fmt, text) // $ logger=fmt logger=text
|
|
||||||
klog.V(0).Infoln(text) // $ logger=text
|
|
||||||
|
|
||||||
// components corresponding to the format specifier "%T" are not considered vulnerable
|
// components corresponding to the format specifier "%T" are not considered vulnerable
|
||||||
klog.Errorf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
klog.Errorf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
||||||
if selector == 35 {
|
klog.Exitf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
||||||
klog.Exitf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
klog.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
||||||
}
|
klog.Infof("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
||||||
if selector == 36 {
|
klog.Warningf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
||||||
klog.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
}
|
|
||||||
klog.Infof("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
klog.Warningf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
klog.V(0).Infof("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -3,7 +3,7 @@ module codeql-go-tests/concepts/loggercall
|
|||||||
go 1.15
|
go 1.15
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/golang/glog v1.2.5
|
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
|
||||||
github.com/sirupsen/logrus v1.7.0
|
github.com/sirupsen/logrus v1.7.0
|
||||||
k8s.io/klog v1.0.0
|
k8s.io/klog v1.0.0
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -6,6 +6,5 @@ const text = "test"
|
|||||||
var v []byte
|
var v []byte
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
glogTest(len(v))
|
|
||||||
stdlib()
|
stdlib()
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -2,125 +2,47 @@
|
|||||||
// This is a simple stub for github.com/golang/glog, strictly for use in testing.
|
// This is a simple stub for github.com/golang/glog, strictly for use in testing.
|
||||||
|
|
||||||
// See the LICENSE file for information about the licensing of the original library.
|
// See the LICENSE file for information about the licensing of the original library.
|
||||||
// Source: github.com/golang/glog (exports: Level,Verbose; functions: Error,ErrorContext,ErrorContextDepth,ErrorContextDepthf,ErrorContextf,ErrorDepth,ErrorDepthf,Errorf,Errorln,Exit,ExitContext,ExitContextDepth,ExitContextDepthf,ExitContextf,ExitDepth,ExitDepthf,Exitf,Exitln,Fatal,FatalContext,FatalContextDepth,FatalContextDepthf,FatalContextf,FatalDepth,FatalDepthf,Fatalf,Fatalln,Info,InfoContext,InfoContextDepth,InfoContextDepthf,InfoContextf,InfoDepth,InfoDepthf,Infof,Infoln,V,VDepth,Warning,WarningContext,WarningContextDepth,WarningContextDepthf,WarningContextf,WarningDepth,WarningDepthf,Warningf,Warningln)
|
// Source: github.com/golang/glog (exports: ; functions: Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,Warning,WarningDepth,Warningf,Warningln)
|
||||||
|
|
||||||
// Package glog is a stub of github.com/golang/glog, generated by depstubber.
|
// Package glog is a stub of github.com/golang/glog, generated by depstubber.
|
||||||
package glog
|
package glog
|
||||||
|
|
||||||
import "context"
|
|
||||||
|
|
||||||
type Level int32
|
|
||||||
|
|
||||||
type Verbose bool
|
|
||||||
|
|
||||||
func Error(_ ...interface{}) {}
|
func Error(_ ...interface{}) {}
|
||||||
|
|
||||||
func ErrorContext(_ context.Context, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func ErrorContextDepth(_ context.Context, _ int, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func ErrorContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func ErrorContextf(_ context.Context, _ string, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func ErrorDepth(_ int, _ ...interface{}) {}
|
func ErrorDepth(_ int, _ ...interface{}) {}
|
||||||
|
|
||||||
func ErrorDepthf(_ int, _ string, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func Errorf(_ string, _ ...interface{}) {}
|
func Errorf(_ string, _ ...interface{}) {}
|
||||||
|
|
||||||
func Errorln(_ ...interface{}) {}
|
func Errorln(_ ...interface{}) {}
|
||||||
|
|
||||||
func Exit(_ ...interface{}) {}
|
func Exit(_ ...interface{}) {}
|
||||||
|
|
||||||
func ExitContext(_ context.Context, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func ExitContextDepth(_ context.Context, _ int, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func ExitContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func ExitContextf(_ context.Context, _ string, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func ExitDepth(_ int, _ ...interface{}) {}
|
func ExitDepth(_ int, _ ...interface{}) {}
|
||||||
|
|
||||||
func ExitDepthf(_ int, _ string, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func Exitf(_ string, _ ...interface{}) {}
|
func Exitf(_ string, _ ...interface{}) {}
|
||||||
|
|
||||||
func Exitln(_ ...interface{}) {}
|
func Exitln(_ ...interface{}) {}
|
||||||
|
|
||||||
func Fatal(_ ...interface{}) {}
|
func Fatal(_ ...interface{}) {}
|
||||||
|
|
||||||
func FatalContext(_ context.Context, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func FatalContextDepth(_ context.Context, _ int, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func FatalContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func FatalContextf(_ context.Context, _ string, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func FatalDepth(_ int, _ ...interface{}) {}
|
func FatalDepth(_ int, _ ...interface{}) {}
|
||||||
|
|
||||||
func FatalDepthf(_ int, _ string, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func Fatalf(_ string, _ ...interface{}) {}
|
func Fatalf(_ string, _ ...interface{}) {}
|
||||||
|
|
||||||
func Fatalln(_ ...interface{}) {}
|
func Fatalln(_ ...interface{}) {}
|
||||||
|
|
||||||
func Info(_ ...interface{}) {}
|
func Info(_ ...interface{}) {}
|
||||||
|
|
||||||
func InfoContext(_ context.Context, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func InfoContextDepth(_ context.Context, _ int, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func InfoContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func InfoContextf(_ context.Context, _ string, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func InfoDepth(_ int, _ ...interface{}) {}
|
func InfoDepth(_ int, _ ...interface{}) {}
|
||||||
|
|
||||||
func InfoDepthf(_ int, _ string, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func Infof(_ string, _ ...interface{}) {}
|
func Infof(_ string, _ ...interface{}) {}
|
||||||
|
|
||||||
func Infoln(_ ...interface{}) {}
|
func Infoln(_ ...interface{}) {}
|
||||||
|
|
||||||
func V(_ Level) Verbose { return false }
|
|
||||||
|
|
||||||
func VDepth(_ int, _ Level) Verbose { return false }
|
|
||||||
|
|
||||||
func Warning(_ ...interface{}) {}
|
func Warning(_ ...interface{}) {}
|
||||||
|
|
||||||
func WarningContext(_ context.Context, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func WarningContextDepth(_ context.Context, _ int, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func WarningContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func WarningContextf(_ context.Context, _ string, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func WarningDepth(_ int, _ ...interface{}) {}
|
func WarningDepth(_ int, _ ...interface{}) {}
|
||||||
|
|
||||||
func WarningDepthf(_ int, _ string, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func Warningf(_ string, _ ...interface{}) {}
|
func Warningf(_ string, _ ...interface{}) {}
|
||||||
|
|
||||||
func Warningln(_ ...interface{}) {}
|
func Warningln(_ ...interface{}) {}
|
||||||
|
|
||||||
func (_ Verbose) Info(_ ...interface{}) {}
|
|
||||||
|
|
||||||
func (_ Verbose) InfoContext(_ context.Context, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func (_ Verbose) InfoContextDepth(_ context.Context, _ int, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func (_ Verbose) InfoContextDepthf(_ context.Context, _ int, _ string, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func (_ Verbose) InfoContextf(_ context.Context, _ string, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func (_ Verbose) InfoDepth(_ int, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func (_ Verbose) InfoDepthf(_ int, _ string, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func (_ Verbose) Infof(_ string, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func (_ Verbose) Infoln(_ ...interface{}) {}
|
|
||||||
|
|||||||
14
go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go
generated
vendored
14
go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go
generated
vendored
@@ -2,15 +2,11 @@
|
|||||||
// This is a simple stub for k8s.io/klog, strictly for use in testing.
|
// This is a simple stub for k8s.io/klog, strictly for use in testing.
|
||||||
|
|
||||||
// See the LICENSE file for information about the licensing of the original library.
|
// See the LICENSE file for information about the licensing of the original library.
|
||||||
// Source: k8s.io/klog (exports: Level,Verbose; functions: Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,V,Warning,WarningDepth,Warningf,Warningln)
|
// Source: k8s.io/klog (exports: ; functions: Error,ErrorDepth,Errorf,Errorln,Exit,ExitDepth,Exitf,Exitln,Fatal,FatalDepth,Fatalf,Fatalln,Info,InfoDepth,Infof,Infoln,Warning,WarningDepth,Warningf,Warningln)
|
||||||
|
|
||||||
// Package klog is a stub of k8s.io/klog, generated by depstubber.
|
// Package klog is a stub of k8s.io/klog, generated by depstubber.
|
||||||
package klog
|
package klog
|
||||||
|
|
||||||
type Level int32
|
|
||||||
|
|
||||||
type Verbose bool
|
|
||||||
|
|
||||||
func Error(_ ...interface{}) {}
|
func Error(_ ...interface{}) {}
|
||||||
|
|
||||||
func ErrorDepth(_ int, _ ...interface{}) {}
|
func ErrorDepth(_ int, _ ...interface{}) {}
|
||||||
@@ -43,8 +39,6 @@ func Infof(_ string, _ ...interface{}) {}
|
|||||||
|
|
||||||
func Infoln(_ ...interface{}) {}
|
func Infoln(_ ...interface{}) {}
|
||||||
|
|
||||||
func V(_ Level) Verbose { return false }
|
|
||||||
|
|
||||||
func Warning(_ ...interface{}) {}
|
func Warning(_ ...interface{}) {}
|
||||||
|
|
||||||
func WarningDepth(_ int, _ ...interface{}) {}
|
func WarningDepth(_ int, _ ...interface{}) {}
|
||||||
@@ -52,9 +46,3 @@ func WarningDepth(_ int, _ ...interface{}) {}
|
|||||||
func Warningf(_ string, _ ...interface{}) {}
|
func Warningf(_ string, _ ...interface{}) {}
|
||||||
|
|
||||||
func Warningln(_ ...interface{}) {}
|
func Warningln(_ ...interface{}) {}
|
||||||
|
|
||||||
func (_ Verbose) Info(_ ...interface{}) {}
|
|
||||||
|
|
||||||
func (_ Verbose) Infof(_ string, _ ...interface{}) {}
|
|
||||||
|
|
||||||
func (_ Verbose) Infoln(_ ...interface{}) {}
|
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
# github.com/golang/glog v1.2.5
|
# github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
|
||||||
## explicit
|
## explicit
|
||||||
github.com/golang/glog
|
github.com/golang/glog
|
||||||
# github.com/sirupsen/logrus v1.7.0
|
# github.com/sirupsen/logrus v1.7.0
|
||||||
|
|||||||
@@ -1,21 +1,11 @@
|
|||||||
| file://:0:0:0:0 | Exit | os.Exit |
|
| file://:0:0:0:0 | Exit | package os |
|
||||||
| file://:0:0:0:0 | Fatal | log.Fatal |
|
| file://:0:0:0:0 | Fatal | package log |
|
||||||
| file://:0:0:0:0 | Fatal | log.Logger.Fatal |
|
| file://:0:0:0:0 | Fatalf | package log |
|
||||||
| file://:0:0:0:0 | Fatalf | log.Fatalf |
|
| file://:0:0:0:0 | Fatalln | package log |
|
||||||
| file://:0:0:0:0 | Fatalf | log.Logger.Fatalf |
|
| noretfunctions.go:8:6:8:12 | isNoRet | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
|
||||||
| file://:0:0:0:0 | Fatalln | log.Fatalln |
|
| noretfunctions.go:20:6:20:22 | noRetUsesLogFatal | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
|
||||||
| file://:0:0:0:0 | Fatalln | log.Logger.Fatalln |
|
| noretfunctions.go:24:6:24:23 | noRetUsesLogFatalf | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
|
||||||
| file://:0:0:0:0 | Panic | log.Logger.Panic |
|
| stmts7.go:10:6:10:15 | canRecover | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
|
||||||
| file://:0:0:0:0 | Panic | log.Panic |
|
| stmts.go:10:6:10:10 | test5 | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
|
||||||
| file://:0:0:0:0 | Panicf | log.Logger.Panicf |
|
| stmts.go:46:6:46:10 | test6 | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
|
||||||
| file://:0:0:0:0 | Panicf | log.Panicf |
|
| stmts.go:112:6:112:10 | test9 | package github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph |
|
||||||
| file://:0:0:0:0 | Panicln | log.Logger.Panicln |
|
|
||||||
| file://:0:0:0:0 | Panicln | log.Panicln |
|
|
||||||
| file://:0:0:0:0 | panic | panic |
|
|
||||||
| noretfunctions.go:8:6:8:12 | isNoRet | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.isNoRet |
|
|
||||||
| noretfunctions.go:20:6:20:22 | noRetUsesLogFatal | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.noRetUsesLogFatal |
|
|
||||||
| noretfunctions.go:24:6:24:23 | noRetUsesLogFatalf | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.noRetUsesLogFatalf |
|
|
||||||
| stmts7.go:10:6:10:15 | canRecover | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.canRecover |
|
|
||||||
| stmts.go:10:6:10:10 | test5 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.test5 |
|
|
||||||
| stmts.go:46:6:46:10 | test6 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.test6 |
|
|
||||||
| stmts.go:112:6:112:10 | test9 | github.com/github/codeql-go/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph.test9 |
|
|
||||||
|
|||||||
@@ -2,4 +2,4 @@ import go
|
|||||||
|
|
||||||
from Function f
|
from Function f
|
||||||
where not f.mayReturnNormally()
|
where not f.mayReturnNormally()
|
||||||
select f, f.getQualifiedName()
|
select f, f.getPackage()
|
||||||
|
|||||||
@@ -9,9 +9,9 @@ import semmle.go.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
|
|||||||
import utils.test.InlineFlowTest
|
import utils.test.InlineFlowTest
|
||||||
|
|
||||||
module Config implements DataFlow::ConfigSig {
|
module Config implements DataFlow::ConfigSig {
|
||||||
predicate isSource(DataFlow::Node source) { sourceNode(source, "qltest") }
|
predicate isSource(DataFlow::Node src) { sourceNode(src, "qltest") }
|
||||||
|
|
||||||
predicate isSink(DataFlow::Node sink) { sinkNode(sink, "qltest") }
|
predicate isSink(DataFlow::Node src) { sinkNode(src, "qltest") }
|
||||||
}
|
}
|
||||||
|
|
||||||
import ValueFlowTest<Config>
|
import ValueFlowTest<Config>
|
||||||
|
|||||||
@@ -1,2 +0,0 @@
|
|||||||
reverseRead
|
|
||||||
| main.go:23:3:23:5 | out | Origin of readStep is missing a PostUpdateNode. |
|
|
||||||
@@ -4,7 +4,7 @@ func source() string {
|
|||||||
return "untrusted data"
|
return "untrusted data"
|
||||||
}
|
}
|
||||||
|
|
||||||
func sink(any) {
|
func sink(string) {
|
||||||
}
|
}
|
||||||
|
|
||||||
type A struct {
|
type A struct {
|
||||||
@@ -19,10 +19,6 @@ func functionWithVarArgsParameter(s ...string) string {
|
|||||||
return s[1]
|
return s[1]
|
||||||
}
|
}
|
||||||
|
|
||||||
func functionWithVarArgsOutParameter(in string, out ...*string) {
|
|
||||||
*out[0] = in
|
|
||||||
}
|
|
||||||
|
|
||||||
func functionWithSliceOfStructsParameter(s []A) string {
|
func functionWithSliceOfStructsParameter(s []A) string {
|
||||||
return s[1].f
|
return s[1].f
|
||||||
}
|
}
|
||||||
@@ -42,12 +38,6 @@ func main() {
|
|||||||
sink(functionWithVarArgsParameter(sSlice...)) // $ hasValueFlow="call to functionWithVarArgsParameter"
|
sink(functionWithVarArgsParameter(sSlice...)) // $ hasValueFlow="call to functionWithVarArgsParameter"
|
||||||
sink(functionWithVarArgsParameter(s0, s1)) // $ hasValueFlow="call to functionWithVarArgsParameter"
|
sink(functionWithVarArgsParameter(s0, s1)) // $ hasValueFlow="call to functionWithVarArgsParameter"
|
||||||
|
|
||||||
var out1 *string
|
|
||||||
var out2 *string
|
|
||||||
functionWithVarArgsOutParameter(source(), out1, out2)
|
|
||||||
sink(out1) // $ MISSING: hasValueFlow="out1"
|
|
||||||
sink(out2) // $ MISSING: hasValueFlow="out2"
|
|
||||||
|
|
||||||
sliceOfStructs := []A{{f: source()}}
|
sliceOfStructs := []A{{f: source()}}
|
||||||
sink(sliceOfStructs[0].f) // $ hasValueFlow="selection of f"
|
sink(sliceOfStructs[0].f) // $ hasValueFlow="selection of f"
|
||||||
|
|
||||||
|
|||||||
@@ -1,2 +0,0 @@
|
|||||||
invalidModelRow
|
|
||||||
testFailures
|
|
||||||
@@ -1,21 +0,0 @@
|
|||||||
extensions:
|
|
||||||
- addsTo:
|
|
||||||
pack: codeql/go-all
|
|
||||||
extensible: summaryModel
|
|
||||||
data:
|
|
||||||
- ["github.com/nonexistent/test", "", False, "FunctionWithParameter", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
|
|
||||||
- ["github.com/nonexistent/test", "", False, "FunctionWithSliceParameter", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
|
|
||||||
- ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsParameter", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
|
|
||||||
- ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsOutParameter", "", "", "Argument[0]", "Argument[1].ArrayElement", "value", "manual"]
|
|
||||||
- ["github.com/nonexistent/test", "", False, "FunctionWithSliceOfStructsParameter", "", "", "Argument[0].ArrayElement.Field[github.com/nonexistent/test.A.Field]", "ReturnValue", "value", "manual"]
|
|
||||||
- ["github.com/nonexistent/test", "", False, "FunctionWithVarArgsOfStructsParameter", "", "", "Argument[0].ArrayElement.Field[github.com/nonexistent/test.A.Field]", "ReturnValue", "value", "manual"]
|
|
||||||
- addsTo:
|
|
||||||
pack: codeql/go-all
|
|
||||||
extensible: sourceModel
|
|
||||||
data:
|
|
||||||
- ["github.com/nonexistent/test", "", False, "VariadicSource", "", "", "Argument[0]", "qltest", "manual"]
|
|
||||||
- addsTo:
|
|
||||||
pack: codeql/go-all
|
|
||||||
extensible: sinkModel
|
|
||||||
data:
|
|
||||||
- ["github.com/nonexistent/test", "", False, "VariadicSink", "", "", "Argument[0]", "qltest", "manual"]
|
|
||||||
@@ -1,22 +0,0 @@
|
|||||||
import go
|
|
||||||
import semmle.go.dataflow.ExternalFlow
|
|
||||||
import ModelValidation
|
|
||||||
import utils.test.InlineFlowTest
|
|
||||||
|
|
||||||
module Config implements DataFlow::ConfigSig {
|
|
||||||
predicate isSource(DataFlow::Node source) {
|
|
||||||
sourceNode(source, "qltest")
|
|
||||||
or
|
|
||||||
exists(Function fn | fn.hasQualifiedName(_, ["source", "taint"]) |
|
|
||||||
source = fn.getACall().getResult()
|
|
||||||
)
|
|
||||||
}
|
|
||||||
|
|
||||||
predicate isSink(DataFlow::Node sink) {
|
|
||||||
sinkNode(sink, "qltest")
|
|
||||||
or
|
|
||||||
exists(Function fn | fn.hasQualifiedName(_, "sink") | sink = fn.getACall().getAnArgument())
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
import FlowTest<Config, Config>
|
|
||||||
@@ -1,5 +0,0 @@
|
|||||||
module semmle.go.Packages
|
|
||||||
|
|
||||||
go 1.25
|
|
||||||
|
|
||||||
require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000
|
|
||||||
@@ -1,56 +0,0 @@
|
|||||||
package main
|
|
||||||
|
|
||||||
import (
|
|
||||||
"github.com/nonexistent/test"
|
|
||||||
)
|
|
||||||
|
|
||||||
func source() string {
|
|
||||||
return "untrusted data"
|
|
||||||
}
|
|
||||||
|
|
||||||
func sink(any) {
|
|
||||||
}
|
|
||||||
|
|
||||||
func main() {
|
|
||||||
s := source()
|
|
||||||
sink(test.FunctionWithParameter(s)) // $ hasValueFlow="call to FunctionWithParameter"
|
|
||||||
|
|
||||||
stringSlice := []string{source()}
|
|
||||||
sink(stringSlice[0]) // $ hasValueFlow="index expression"
|
|
||||||
|
|
||||||
s0 := ""
|
|
||||||
s1 := source()
|
|
||||||
sSlice := []string{s0, s1}
|
|
||||||
sink(test.FunctionWithParameter(sSlice[1])) // $ hasValueFlow="call to FunctionWithParameter"
|
|
||||||
sink(test.FunctionWithSliceParameter(sSlice)) // $ hasValueFlow="call to FunctionWithSliceParameter"
|
|
||||||
sink(test.FunctionWithVarArgsParameter(sSlice...)) // $ hasValueFlow="call to FunctionWithVarArgsParameter"
|
|
||||||
sink(test.FunctionWithVarArgsParameter(s0, s1)) // $ hasValueFlow="call to FunctionWithVarArgsParameter"
|
|
||||||
|
|
||||||
var out1 *string
|
|
||||||
var out2 *string
|
|
||||||
test.FunctionWithVarArgsOutParameter(source(), out1, out2)
|
|
||||||
sink(out1) // $ MISSING: hasValueFlow="out1"
|
|
||||||
sink(out2) // $ MISSING: hasValueFlow="out2"
|
|
||||||
|
|
||||||
sliceOfStructs := []test.A{{Field: source()}}
|
|
||||||
sink(sliceOfStructs[0].Field) // $ hasValueFlow="selection of Field"
|
|
||||||
|
|
||||||
a0 := test.A{Field: ""}
|
|
||||||
a1 := test.A{Field: source()}
|
|
||||||
aSlice := []test.A{a0, a1}
|
|
||||||
sink(test.FunctionWithSliceOfStructsParameter(aSlice)) // $ hasValueFlow="call to FunctionWithSliceOfStructsParameter"
|
|
||||||
sink(test.FunctionWithVarArgsOfStructsParameter(aSlice...)) // $ hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
|
|
||||||
sink(test.FunctionWithVarArgsOfStructsParameter(a0, a1)) // $ hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
|
|
||||||
|
|
||||||
var variadicSource string
|
|
||||||
test.VariadicSource(&variadicSource)
|
|
||||||
sink(variadicSource) // $ MISSING: hasTaintFlow="variadicSource"
|
|
||||||
sink(&variadicSource) // $ MISSING: hasTaintFlow="&..."
|
|
||||||
|
|
||||||
var variadicSourcePtr *string
|
|
||||||
test.VariadicSource(variadicSourcePtr)
|
|
||||||
sink(variadicSourcePtr) // $ MISSING: hasTaintFlow="variadicSourcePtr"
|
|
||||||
sink(*variadicSourcePtr) // $ MISSING: hasTaintFlow="star expression"
|
|
||||||
|
|
||||||
test.VariadicSink(source()) // $ hasTaintFlow="[]type{args}"
|
|
||||||
}
|
|
||||||
@@ -1,32 +0,0 @@
|
|||||||
package test
|
|
||||||
|
|
||||||
type A struct {
|
|
||||||
Field string
|
|
||||||
}
|
|
||||||
|
|
||||||
func FunctionWithParameter(s string) string {
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
|
|
||||||
func FunctionWithSliceParameter(s []string) string {
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
|
|
||||||
func FunctionWithVarArgsParameter(s ...string) string {
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
|
|
||||||
func FunctionWithVarArgsOutParameter(in string, out ...*string) {
|
|
||||||
}
|
|
||||||
|
|
||||||
func FunctionWithSliceOfStructsParameter(s []A) string {
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
|
|
||||||
func FunctionWithVarArgsOfStructsParameter(s ...A) string {
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
|
|
||||||
func VariadicSource(s ...*string) {}
|
|
||||||
|
|
||||||
func VariadicSink(s ...string) {}
|
|
||||||
@@ -1,3 +0,0 @@
|
|||||||
# github.com/nonexistent/test v0.0.0-20200203000000-0000000000000
|
|
||||||
## explicit
|
|
||||||
github.com/nonexistent/test
|
|
||||||
@@ -20,9 +20,6 @@ class SummaryModelTest extends DataFlow::FunctionModel {
|
|||||||
this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithVarArgsParameter") and
|
this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithVarArgsParameter") and
|
||||||
(inp.isParameter(_) and outp.isResult())
|
(inp.isParameter(_) and outp.isResult())
|
||||||
or
|
or
|
||||||
this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithVarArgsOutParameter") and
|
|
||||||
(inp.isParameter(0) and outp.isParameter(any(int i | i >= 1)))
|
|
||||||
or
|
|
||||||
this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithSliceOfStructsParameter") and
|
this.hasQualifiedName("github.com/nonexistent/test", "FunctionWithSliceOfStructsParameter") and
|
||||||
(inp.isParameter(0) and outp.isResult())
|
(inp.isParameter(0) and outp.isResult())
|
||||||
or
|
or
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
module semmle.go.Packages
|
module semmle.go.Packages
|
||||||
|
|
||||||
go 1.25
|
go 1.17
|
||||||
|
|
||||||
require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000
|
require github.com/nonexistent/test v0.0.0-20200203000000-0000000000000
|
||||||
|
|||||||
@@ -8,7 +8,7 @@ func source() string {
|
|||||||
return "untrusted data"
|
return "untrusted data"
|
||||||
}
|
}
|
||||||
|
|
||||||
func sink(any) {
|
func sink(string) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
@@ -21,17 +21,10 @@ func main() {
|
|||||||
s0 := ""
|
s0 := ""
|
||||||
s1 := source()
|
s1 := source()
|
||||||
sSlice := []string{s0, s1}
|
sSlice := []string{s0, s1}
|
||||||
sink(test.FunctionWithParameter(sSlice[1])) // $ hasValueFlow="call to FunctionWithParameter"
|
sink(test.FunctionWithParameter(sSlice[1])) // $ hasValueFlow="call to FunctionWithParameter"
|
||||||
sink(test.FunctionWithSliceParameter(sSlice)) // $ hasTaintFlow="call to FunctionWithSliceParameter" MISSING: hasValueFlow="call to FunctionWithSliceParameter"
|
sink(test.FunctionWithSliceParameter(sSlice)) // $ hasTaintFlow="call to FunctionWithSliceParameter" MISSING: hasValueFlow="call to FunctionWithSliceParameter"
|
||||||
sink(test.FunctionWithVarArgsParameter(sSlice...)) // $ hasTaintFlow="call to FunctionWithVarArgsParameter" MISSING: hasValueFlow="call to FunctionWithVarArgsParameter"
|
sink(test.FunctionWithVarArgsParameter(sSlice...)) // $ hasTaintFlow="call to FunctionWithVarArgsParameter" MISSING: hasValueFlow="call to FunctionWithVarArgsParameter"
|
||||||
randomFunctionWithMoreThanOneParameter(1, 2, 3, 4, 5) // This is needed to make the next line pass, because we need to have seen a call to a function with at least 2 parameters for ParameterInput to exist with index 1.
|
sink(test.FunctionWithVarArgsParameter(s0, s1)) // $ MISSING: hasValueFlow="call to FunctionWithVarArgsParameter"
|
||||||
sink(test.FunctionWithVarArgsParameter(s0, s1)) // $ hasValueFlow="call to FunctionWithVarArgsParameter"
|
|
||||||
|
|
||||||
var out1 *string
|
|
||||||
var out2 *string
|
|
||||||
test.FunctionWithVarArgsOutParameter(source(), out1, out2)
|
|
||||||
sink(out1) // $ hasValueFlow="out1"
|
|
||||||
sink(out2) // $ hasValueFlow="out2"
|
|
||||||
|
|
||||||
sliceOfStructs := []test.A{{Field: source()}}
|
sliceOfStructs := []test.A{{Field: source()}}
|
||||||
sink(sliceOfStructs[0].Field) // $ hasValueFlow="selection of Field"
|
sink(sliceOfStructs[0].Field) // $ hasValueFlow="selection of Field"
|
||||||
@@ -44,6 +37,3 @@ func main() {
|
|||||||
sink(test.FunctionWithVarArgsOfStructsParameter(aSlice...)) // $ MISSING: hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
|
sink(test.FunctionWithVarArgsOfStructsParameter(aSlice...)) // $ MISSING: hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
|
||||||
sink(test.FunctionWithVarArgsOfStructsParameter(a0, a1)) // $ MISSING: hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
|
sink(test.FunctionWithVarArgsOfStructsParameter(a0, a1)) // $ MISSING: hasValueFlow="call to FunctionWithVarArgsOfStructsParameter"
|
||||||
}
|
}
|
||||||
|
|
||||||
func randomFunctionWithMoreThanOneParameter(i1, i2, i3, i4, i5 int) {
|
|
||||||
}
|
|
||||||
|
|||||||
Binary file not shown.
@@ -16,9 +16,6 @@ func FunctionWithVarArgsParameter(s ...string) string {
|
|||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
|
||||||
func FunctionWithVarArgsOutParameter(in string, out ...*string) {
|
|
||||||
}
|
|
||||||
|
|
||||||
func FunctionWithSliceOfStructsParameter(s []A) string {
|
func FunctionWithSliceOfStructsParameter(s []A) string {
|
||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -15,6 +15,62 @@ func TaintStepTest_LogNew_B0I0O0(sourceCQL interface{}) interface{} {
|
|||||||
return intoWriter414
|
return intoWriter414
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TaintStepTest_LogLoggerFatal_B0I0O0(sourceCQL interface{}) interface{} {
|
||||||
|
fromInterface518 := sourceCQL.(interface{})
|
||||||
|
var intoLogger650 log.Logger
|
||||||
|
intoLogger650.Fatal(fromInterface518)
|
||||||
|
return intoLogger650
|
||||||
|
}
|
||||||
|
|
||||||
|
func TaintStepTest_LogLoggerFatalf_B0I0O0(sourceCQL interface{}) interface{} {
|
||||||
|
fromString784 := sourceCQL.(string)
|
||||||
|
var intoLogger957 log.Logger
|
||||||
|
intoLogger957.Fatalf(fromString784, nil)
|
||||||
|
return intoLogger957
|
||||||
|
}
|
||||||
|
|
||||||
|
func TaintStepTest_LogLoggerFatalf_B0I1O0(sourceCQL interface{}) interface{} {
|
||||||
|
fromInterface520 := sourceCQL.(interface{})
|
||||||
|
var intoLogger443 log.Logger
|
||||||
|
intoLogger443.Fatalf("", fromInterface520)
|
||||||
|
return intoLogger443
|
||||||
|
}
|
||||||
|
|
||||||
|
func TaintStepTest_LogLoggerFatalln_B0I0O0(sourceCQL interface{}) interface{} {
|
||||||
|
fromInterface127 := sourceCQL.(interface{})
|
||||||
|
var intoLogger483 log.Logger
|
||||||
|
intoLogger483.Fatalln(fromInterface127)
|
||||||
|
return intoLogger483
|
||||||
|
}
|
||||||
|
|
||||||
|
func TaintStepTest_LogLoggerPanic_B0I0O0(sourceCQL interface{}) interface{} {
|
||||||
|
fromInterface989 := sourceCQL.(interface{})
|
||||||
|
var intoLogger982 log.Logger
|
||||||
|
intoLogger982.Panic(fromInterface989)
|
||||||
|
return intoLogger982
|
||||||
|
}
|
||||||
|
|
||||||
|
func TaintStepTest_LogLoggerPanicf_B0I0O0(sourceCQL interface{}) interface{} {
|
||||||
|
fromString417 := sourceCQL.(string)
|
||||||
|
var intoLogger584 log.Logger
|
||||||
|
intoLogger584.Panicf(fromString417, nil)
|
||||||
|
return intoLogger584
|
||||||
|
}
|
||||||
|
|
||||||
|
func TaintStepTest_LogLoggerPanicf_B0I1O0(sourceCQL interface{}) interface{} {
|
||||||
|
fromInterface991 := sourceCQL.(interface{})
|
||||||
|
var intoLogger881 log.Logger
|
||||||
|
intoLogger881.Panicf("", fromInterface991)
|
||||||
|
return intoLogger881
|
||||||
|
}
|
||||||
|
|
||||||
|
func TaintStepTest_LogLoggerPanicln_B0I0O0(sourceCQL interface{}) interface{} {
|
||||||
|
fromInterface186 := sourceCQL.(interface{})
|
||||||
|
var intoLogger284 log.Logger
|
||||||
|
intoLogger284.Panicln(fromInterface186)
|
||||||
|
return intoLogger284
|
||||||
|
}
|
||||||
|
|
||||||
func TaintStepTest_LogLoggerPrint_B0I0O0(sourceCQL interface{}) interface{} {
|
func TaintStepTest_LogLoggerPrint_B0I0O0(sourceCQL interface{}) interface{} {
|
||||||
fromInterface908 := sourceCQL.(interface{})
|
fromInterface908 := sourceCQL.(interface{})
|
||||||
var intoLogger137 log.Logger
|
var intoLogger137 log.Logger
|
||||||
@@ -69,6 +125,46 @@ func RunAllTaints_Log() {
|
|||||||
out := TaintStepTest_LogNew_B0I0O0(source)
|
out := TaintStepTest_LogNew_B0I0O0(source)
|
||||||
sink(0, out)
|
sink(0, out)
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
source := newSource(1)
|
||||||
|
out := TaintStepTest_LogLoggerFatal_B0I0O0(source)
|
||||||
|
sink(1, out)
|
||||||
|
}
|
||||||
|
{
|
||||||
|
source := newSource(2)
|
||||||
|
out := TaintStepTest_LogLoggerFatalf_B0I0O0(source)
|
||||||
|
sink(2, out)
|
||||||
|
}
|
||||||
|
{
|
||||||
|
source := newSource(3)
|
||||||
|
out := TaintStepTest_LogLoggerFatalf_B0I1O0(source)
|
||||||
|
sink(3, out)
|
||||||
|
}
|
||||||
|
{
|
||||||
|
source := newSource(4)
|
||||||
|
out := TaintStepTest_LogLoggerFatalln_B0I0O0(source)
|
||||||
|
sink(4, out)
|
||||||
|
}
|
||||||
|
{
|
||||||
|
source := newSource(5)
|
||||||
|
out := TaintStepTest_LogLoggerPanic_B0I0O0(source)
|
||||||
|
sink(5, out)
|
||||||
|
}
|
||||||
|
{
|
||||||
|
source := newSource(6)
|
||||||
|
out := TaintStepTest_LogLoggerPanicf_B0I0O0(source)
|
||||||
|
sink(6, out)
|
||||||
|
}
|
||||||
|
{
|
||||||
|
source := newSource(7)
|
||||||
|
out := TaintStepTest_LogLoggerPanicf_B0I1O0(source)
|
||||||
|
sink(7, out)
|
||||||
|
}
|
||||||
|
{
|
||||||
|
source := newSource(8)
|
||||||
|
out := TaintStepTest_LogLoggerPanicln_B0I0O0(source)
|
||||||
|
sink(8, out)
|
||||||
|
}
|
||||||
{
|
{
|
||||||
source := newSource(9)
|
source := newSource(9)
|
||||||
out := TaintStepTest_LogLoggerPrint_B0I0O0(source)
|
out := TaintStepTest_LogLoggerPrint_B0I0O0(source)
|
||||||
|
|||||||
@@ -3,9 +3,9 @@ reverseRead
|
|||||||
| LogInjection.go:33:14:33:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
| LogInjection.go:33:14:33:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
| LogInjection.go:34:18:34:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
| LogInjection.go:34:18:34:20 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
| LogInjection.go:35:14:35:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
| LogInjection.go:35:14:35:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
| LogInjection.go:551:14:551:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
| LogInjection.go:447:14:447:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
| LogInjection.go:559:14:559:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
| LogInjection.go:455:14:455:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
| LogInjection.go:567:14:567:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
| LogInjection.go:463:14:463:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
| LogInjection.go:602:14:602:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
| LogInjection.go:498:14:498:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
| LogInjection.go:603:14:603:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
| LogInjection.go:499:14:499:16 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
| LogInjection.go:828:12:828:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
| LogInjection.go:724:12:724:14 | implicit dereference | Origin of readStep is missing a PostUpdateNode. |
|
||||||
|
|||||||
@@ -49,22 +49,22 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
|
|||||||
log.Printf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
|
log.Printf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
|
||||||
log.Println("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
|
log.Println("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
|
||||||
|
|
||||||
if testFlag == "1" {
|
if testFlag == "true" {
|
||||||
log.Fatal("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
|
log.Fatal("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
|
||||||
}
|
}
|
||||||
if testFlag == "2" {
|
if testFlag == "true" {
|
||||||
log.Fatalf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
|
log.Fatalf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
|
||||||
}
|
}
|
||||||
if testFlag == "3" {
|
if testFlag == "true" {
|
||||||
log.Fatalln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
|
log.Fatalln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
|
||||||
}
|
}
|
||||||
if testFlag == "4" {
|
if testFlag == "true" {
|
||||||
log.Panic("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
|
log.Panic("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
|
||||||
}
|
}
|
||||||
if testFlag == "5" {
|
if testFlag == "true" {
|
||||||
log.Panicf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
|
log.Panicf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
|
||||||
}
|
}
|
||||||
if testFlag == "6" {
|
if testFlag == "true" {
|
||||||
log.Panicln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
|
log.Panicln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -72,24 +72,12 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
|
|||||||
logger.Print("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
|
logger.Print("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
|
||||||
logger.Printf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
|
logger.Printf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
|
||||||
logger.Println("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
|
logger.Println("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
|
||||||
if testFlag == "7" {
|
logger.Fatal("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
|
||||||
logger.Fatal("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
|
logger.Fatalf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
|
||||||
}
|
logger.Fatalln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
|
||||||
if testFlag == "8" {
|
logger.Panic("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
|
||||||
logger.Fatalf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
|
logger.Panicf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
|
||||||
}
|
logger.Panicln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
|
||||||
if testFlag == "9" {
|
|
||||||
logger.Fatalln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
|
|
||||||
}
|
|
||||||
if testFlag == "10" {
|
|
||||||
logger.Panic("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
|
|
||||||
}
|
|
||||||
if testFlag == "11" {
|
|
||||||
logger.Panicf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
|
|
||||||
}
|
|
||||||
if testFlag == "12" {
|
|
||||||
logger.Panicln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
// k8s.io/klog
|
// k8s.io/klog
|
||||||
{
|
{
|
||||||
@@ -103,24 +91,12 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
|
|||||||
klog.Error(username) // $ hasTaintFlow="username"
|
klog.Error(username) // $ hasTaintFlow="username"
|
||||||
klog.Errorf(username) // $ hasTaintFlow="username"
|
klog.Errorf(username) // $ hasTaintFlow="username"
|
||||||
klog.Errorln(username) // $ hasTaintFlow="username"
|
klog.Errorln(username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "77" {
|
klog.Fatal(username) // $ hasTaintFlow="username"
|
||||||
klog.Fatal(username) // $ hasTaintFlow="username"
|
klog.Fatalf(username) // $ hasTaintFlow="username"
|
||||||
}
|
klog.Fatalln(username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "78" {
|
klog.Exit(username) // $ hasTaintFlow="username"
|
||||||
klog.Fatalf(username) // $ hasTaintFlow="username"
|
klog.Exitf(username) // $ hasTaintFlow="username"
|
||||||
}
|
klog.Exitln(username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "79" {
|
|
||||||
klog.Fatalln(username) // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
if testFlag == "80" {
|
|
||||||
klog.Exit(username) // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
if testFlag == "81" {
|
|
||||||
klog.Exitf(username) // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
if testFlag == "82" {
|
|
||||||
klog.Exitln(username) // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
// astaxie/beego
|
// astaxie/beego
|
||||||
{
|
{
|
||||||
@@ -185,30 +161,14 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
|
|||||||
glog.ErrorDepth(0, username) // $ hasTaintFlow="username"
|
glog.ErrorDepth(0, username) // $ hasTaintFlow="username"
|
||||||
glog.Errorf(username) // $ hasTaintFlow="username"
|
glog.Errorf(username) // $ hasTaintFlow="username"
|
||||||
glog.Errorln(username) // $ hasTaintFlow="username"
|
glog.Errorln(username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "83" {
|
glog.Fatal(username) // $ hasTaintFlow="username"
|
||||||
glog.Fatal(username) // $ hasTaintFlow="username"
|
glog.FatalDepth(0, username) // $ hasTaintFlow="username"
|
||||||
}
|
glog.Fatalf(username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "84" {
|
glog.Fatalln(username) // $ hasTaintFlow="username"
|
||||||
glog.FatalDepth(0, username) // $ hasTaintFlow="username"
|
glog.Exit(username) // $ hasTaintFlow="username"
|
||||||
}
|
glog.ExitDepth(0, username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "85" {
|
glog.Exitf(username) // $ hasTaintFlow="username"
|
||||||
glog.Fatalf(username) // $ hasTaintFlow="username"
|
glog.Exitln(username) // $ hasTaintFlow="username"
|
||||||
}
|
|
||||||
if testFlag == "86" {
|
|
||||||
glog.Fatalln(username) // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
if testFlag == "87" {
|
|
||||||
glog.Exit(username) // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
if testFlag == "88" {
|
|
||||||
glog.ExitDepth(0, username) // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
if testFlag == "89" {
|
|
||||||
glog.Exitf(username) // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
if testFlag == "90" {
|
|
||||||
glog.Exitln(username) // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
// sirupsen/logrus
|
// sirupsen/logrus
|
||||||
@@ -219,42 +179,26 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
|
|||||||
logger := logrus.New()
|
logger := logrus.New()
|
||||||
entry := logrus.NewEntry(logger)
|
entry := logrus.NewEntry(logger)
|
||||||
|
|
||||||
logrus.Debug(username) // $ hasTaintFlow="username"
|
logrus.Debug(username) // $ hasTaintFlow="username"
|
||||||
logrus.Debugf(username, "") // $ hasTaintFlow="username"
|
logrus.Debugf(username, "") // $ hasTaintFlow="username"
|
||||||
logrus.Debugf("", username) // $ hasTaintFlow="username"
|
logrus.Debugf("", username) // $ hasTaintFlow="username"
|
||||||
logrus.Debugln(username) // $ hasTaintFlow="username"
|
logrus.Debugln(username) // $ hasTaintFlow="username"
|
||||||
logrus.Error(username) // $ hasTaintFlow="username"
|
logrus.Error(username) // $ hasTaintFlow="username"
|
||||||
logrus.Errorf(username, "") // $ hasTaintFlow="username"
|
logrus.Errorf(username, "") // $ hasTaintFlow="username"
|
||||||
logrus.Errorf("", username) // $ hasTaintFlow="username"
|
logrus.Errorf("", username) // $ hasTaintFlow="username"
|
||||||
logrus.Errorln(username) // $ hasTaintFlow="username"
|
logrus.Errorln(username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "13" {
|
logrus.Fatal(username) // $ hasTaintFlow="username"
|
||||||
logrus.Fatal(username) // $ hasTaintFlow="username"
|
logrus.Fatalf(username, "") // $ hasTaintFlow="username"
|
||||||
}
|
logrus.Fatalf("", username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "14" {
|
logrus.Fatalln(username) // $ hasTaintFlow="username"
|
||||||
logrus.Fatalf(username, "") // $ hasTaintFlow="username"
|
logrus.Info(username) // $ hasTaintFlow="username"
|
||||||
}
|
logrus.Infof(username, "") // $ hasTaintFlow="username"
|
||||||
if testFlag == "15" {
|
logrus.Infof("", username) // $ hasTaintFlow="username"
|
||||||
logrus.Fatalf("", username) // $ hasTaintFlow="username"
|
logrus.Infoln(username) // $ hasTaintFlow="username"
|
||||||
}
|
logrus.Panic(username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "16" {
|
logrus.Panicf(username, "") // $ hasTaintFlow="username"
|
||||||
logrus.Fatalln(username) // $ hasTaintFlow="username"
|
logrus.Panicf("", username) // $ hasTaintFlow="username"
|
||||||
}
|
logrus.Panicln(username) // $ hasTaintFlow="username"
|
||||||
logrus.Info(username) // $ hasTaintFlow="username"
|
|
||||||
logrus.Infof(username, "") // $ hasTaintFlow="username"
|
|
||||||
logrus.Infof("", username) // $ hasTaintFlow="username"
|
|
||||||
logrus.Infoln(username) // $ hasTaintFlow="username"
|
|
||||||
if testFlag == "17" {
|
|
||||||
logrus.Panic(username) // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
if testFlag == "18" {
|
|
||||||
logrus.Panicf(username, "") // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
if testFlag == "19" {
|
|
||||||
logrus.Panicf("", username) // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
if testFlag == "20" {
|
|
||||||
logrus.Panicln(username) // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
logrus.Print(username) // $ hasTaintFlow="username"
|
logrus.Print(username) // $ hasTaintFlow="username"
|
||||||
logrus.Printf(username, "") // $ hasTaintFlow="username"
|
logrus.Printf(username, "") // $ hasTaintFlow="username"
|
||||||
logrus.Printf("", username) // $ hasTaintFlow="username"
|
logrus.Printf("", username) // $ hasTaintFlow="username"
|
||||||
@@ -276,46 +220,30 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
|
|||||||
logrus.WithField("", username) // $ hasTaintFlow="username"
|
logrus.WithField("", username) // $ hasTaintFlow="username"
|
||||||
logrus.WithFields(fields) // $ hasTaintFlow="fields"
|
logrus.WithFields(fields) // $ hasTaintFlow="fields"
|
||||||
|
|
||||||
entry.Debug(username) // $ hasTaintFlow="username"
|
entry.Debug(username) // $ hasTaintFlow="username"
|
||||||
entry.Debugf(username, "") // $ hasTaintFlow="username"
|
entry.Debugf(username, "") // $ hasTaintFlow="username"
|
||||||
entry.Debugf("", username) // $ hasTaintFlow="username"
|
entry.Debugf("", username) // $ hasTaintFlow="username"
|
||||||
entry.Debugln(username) // $ hasTaintFlow="username"
|
entry.Debugln(username) // $ hasTaintFlow="username"
|
||||||
entry.Error(username) // $ hasTaintFlow="username"
|
entry.Error(username) // $ hasTaintFlow="username"
|
||||||
entry.Errorf(username, "") // $ hasTaintFlow="username"
|
entry.Errorf(username, "") // $ hasTaintFlow="username"
|
||||||
entry.Errorf("", username) // $ hasTaintFlow="username"
|
entry.Errorf("", username) // $ hasTaintFlow="username"
|
||||||
entry.Errorln(username) // $ hasTaintFlow="username"
|
entry.Errorln(username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "21" {
|
entry.Fatal(username) // $ hasTaintFlow="username"
|
||||||
entry.Fatal(username) // $ hasTaintFlow="username"
|
entry.Fatalf(username, "") // $ hasTaintFlow="username"
|
||||||
}
|
entry.Fatalf("", username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "22" {
|
entry.Fatalln(username) // $ hasTaintFlow="username"
|
||||||
entry.Fatalf(username, "") // $ hasTaintFlow="username"
|
entry.Info(username) // $ hasTaintFlow="username"
|
||||||
}
|
entry.Infof(username, "") // $ hasTaintFlow="username"
|
||||||
if testFlag == "23" {
|
entry.Infof("", username) // $ hasTaintFlow="username"
|
||||||
entry.Fatalf("", username) // $ hasTaintFlow="username"
|
entry.Infoln(username) // $ hasTaintFlow="username"
|
||||||
}
|
entry.Log(0, username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "24" {
|
entry.Logf(0, username, "") // $ hasTaintFlow="username"
|
||||||
entry.Fatalln(username) // $ hasTaintFlow="username"
|
entry.Logf(0, "", username) // $ hasTaintFlow="username"
|
||||||
}
|
entry.Logln(0, username) // $ hasTaintFlow="username"
|
||||||
entry.Info(username) // $ hasTaintFlow="username"
|
entry.Panic(username) // $ hasTaintFlow="username"
|
||||||
entry.Infof(username, "") // $ hasTaintFlow="username"
|
entry.Panicf(username, "") // $ hasTaintFlow="username"
|
||||||
entry.Infof("", username) // $ hasTaintFlow="username"
|
entry.Panicf("", username) // $ hasTaintFlow="username"
|
||||||
entry.Infoln(username) // $ hasTaintFlow="username"
|
entry.Panicln(username) // $ hasTaintFlow="username"
|
||||||
entry.Log(0, username) // $ hasTaintFlow="username"
|
|
||||||
entry.Logf(0, username, "") // $ hasTaintFlow="username"
|
|
||||||
entry.Logf(0, "", username) // $ hasTaintFlow="username"
|
|
||||||
entry.Logln(0, username) // $ hasTaintFlow="username"
|
|
||||||
if testFlag == "25" {
|
|
||||||
entry.Panic(username) // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
if testFlag == "26" {
|
|
||||||
entry.Panicf(username, "") // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
if testFlag == "27" {
|
|
||||||
entry.Panicf("", username) // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
if testFlag == "28" {
|
|
||||||
entry.Panicln(username) // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
entry.Print(username) // $ hasTaintFlow="username"
|
entry.Print(username) // $ hasTaintFlow="username"
|
||||||
entry.Printf(username, "") // $ hasTaintFlow="username"
|
entry.Printf(username, "") // $ hasTaintFlow="username"
|
||||||
entry.Printf("", username) // $ hasTaintFlow="username"
|
entry.Printf("", username) // $ hasTaintFlow="username"
|
||||||
@@ -337,46 +265,30 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
|
|||||||
entry.WithField("", username) // $ hasTaintFlow="username"
|
entry.WithField("", username) // $ hasTaintFlow="username"
|
||||||
entry.WithFields(fields) // $ hasTaintFlow="fields"
|
entry.WithFields(fields) // $ hasTaintFlow="fields"
|
||||||
|
|
||||||
logger.Debug(username) // $ hasTaintFlow="username"
|
logger.Debug(username) // $ hasTaintFlow="username"
|
||||||
logger.Debugf(username, "") // $ hasTaintFlow="username"
|
logger.Debugf(username, "") // $ hasTaintFlow="username"
|
||||||
logger.Debugf("", username) // $ hasTaintFlow="username"
|
logger.Debugf("", username) // $ hasTaintFlow="username"
|
||||||
logger.Debugln(username) // $ hasTaintFlow="username"
|
logger.Debugln(username) // $ hasTaintFlow="username"
|
||||||
logger.Error(username) // $ hasTaintFlow="username"
|
logger.Error(username) // $ hasTaintFlow="username"
|
||||||
logger.Errorf(username, "") // $ hasTaintFlow="username"
|
logger.Errorf(username, "") // $ hasTaintFlow="username"
|
||||||
logger.Errorf("", username) // $ hasTaintFlow="username"
|
logger.Errorf("", username) // $ hasTaintFlow="username"
|
||||||
logger.Errorln(username) // $ hasTaintFlow="username"
|
logger.Errorln(username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "29" {
|
logger.Fatal(username) // $ hasTaintFlow="username"
|
||||||
logger.Fatal(username) // $ hasTaintFlow="username"
|
logger.Fatalf(username, "") // $ hasTaintFlow="username"
|
||||||
}
|
logger.Fatalf("", username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "30" {
|
logger.Fatalln(username) // $ hasTaintFlow="username"
|
||||||
logger.Fatalf(username, "") // $ hasTaintFlow="username"
|
logger.Info(username) // $ hasTaintFlow="username"
|
||||||
}
|
logger.Infof(username, "") // $ hasTaintFlow="username"
|
||||||
if testFlag == "31" {
|
logger.Infof("", username) // $ hasTaintFlow="username"
|
||||||
logger.Fatalf("", username) // $ hasTaintFlow="username"
|
logger.Infoln(username) // $ hasTaintFlow="username"
|
||||||
}
|
logger.Log(0, username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "32" {
|
logger.Logf(0, username, "") // $ hasTaintFlow="username"
|
||||||
logger.Fatalln(username) // $ hasTaintFlow="username"
|
logger.Logf(0, "", username) // $ hasTaintFlow="username"
|
||||||
}
|
logger.Logln(0, username) // $ hasTaintFlow="username"
|
||||||
logger.Info(username) // $ hasTaintFlow="username"
|
logger.Panic(username) // $ hasTaintFlow="username"
|
||||||
logger.Infof(username, "") // $ hasTaintFlow="username"
|
logger.Panicf(username, "") // $ hasTaintFlow="username"
|
||||||
logger.Infof("", username) // $ hasTaintFlow="username"
|
logger.Panicf("", username) // $ hasTaintFlow="username"
|
||||||
logger.Infoln(username) // $ hasTaintFlow="username"
|
logger.Panicln(username) // $ hasTaintFlow="username"
|
||||||
logger.Log(0, username) // $ hasTaintFlow="username"
|
|
||||||
logger.Logf(0, username, "") // $ hasTaintFlow="username"
|
|
||||||
logger.Logf(0, "", username) // $ hasTaintFlow="username"
|
|
||||||
logger.Logln(0, username) // $ hasTaintFlow="username"
|
|
||||||
if testFlag == "33" {
|
|
||||||
logger.Panic(username) // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
if testFlag == "34" {
|
|
||||||
logger.Panicf(username, "") // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
if testFlag == "35" {
|
|
||||||
logger.Panicf("", username) // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
if testFlag == "36" {
|
|
||||||
logger.Panicln(username) // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
logger.Print(username) // $ hasTaintFlow="username"
|
logger.Print(username) // $ hasTaintFlow="username"
|
||||||
logger.Printf(username, "") // $ hasTaintFlow="username"
|
logger.Printf(username, "") // $ hasTaintFlow="username"
|
||||||
logger.Printf("", username) // $ hasTaintFlow="username"
|
logger.Printf("", username) // $ hasTaintFlow="username"
|
||||||
@@ -399,42 +311,26 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
|
|||||||
logger.WithFields(fields) // $ hasTaintFlow="fields"
|
logger.WithFields(fields) // $ hasTaintFlow="fields"
|
||||||
|
|
||||||
var fieldlogger logrus.FieldLogger = entry
|
var fieldlogger logrus.FieldLogger = entry
|
||||||
fieldlogger.Debug(username) // $ hasTaintFlow="username"
|
fieldlogger.Debug(username) // $ hasTaintFlow="username"
|
||||||
fieldlogger.Debugf(username, "") // $ hasTaintFlow="username"
|
fieldlogger.Debugf(username, "") // $ hasTaintFlow="username"
|
||||||
fieldlogger.Debugf("", username) // $ hasTaintFlow="username"
|
fieldlogger.Debugf("", username) // $ hasTaintFlow="username"
|
||||||
fieldlogger.Debugln(username) // $ hasTaintFlow="username"
|
fieldlogger.Debugln(username) // $ hasTaintFlow="username"
|
||||||
fieldlogger.Error(username) // $ hasTaintFlow="username"
|
fieldlogger.Error(username) // $ hasTaintFlow="username"
|
||||||
fieldlogger.Errorf(username, "") // $ hasTaintFlow="username"
|
fieldlogger.Errorf(username, "") // $ hasTaintFlow="username"
|
||||||
fieldlogger.Errorf("", username) // $ hasTaintFlow="username"
|
fieldlogger.Errorf("", username) // $ hasTaintFlow="username"
|
||||||
fieldlogger.Errorln(username) // $ hasTaintFlow="username"
|
fieldlogger.Errorln(username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "37" {
|
fieldlogger.Fatal(username) // $ hasTaintFlow="username"
|
||||||
fieldlogger.Fatal(username) // $ hasTaintFlow="username"
|
fieldlogger.Fatalf(username, "") // $ hasTaintFlow="username"
|
||||||
}
|
fieldlogger.Fatalf("", username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "38" {
|
fieldlogger.Fatalln(username) // $ hasTaintFlow="username"
|
||||||
fieldlogger.Fatalf(username, "") // $ hasTaintFlow="username"
|
fieldlogger.Info(username) // $ hasTaintFlow="username"
|
||||||
}
|
fieldlogger.Infof(username, "") // $ hasTaintFlow="username"
|
||||||
if testFlag == "39" {
|
fieldlogger.Infof("", username) // $ hasTaintFlow="username"
|
||||||
fieldlogger.Fatalf("", username) // $ hasTaintFlow="username"
|
fieldlogger.Infoln(username) // $ hasTaintFlow="username"
|
||||||
}
|
fieldlogger.Panic(username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "40" {
|
fieldlogger.Panicf(username, "") // $ hasTaintFlow="username"
|
||||||
fieldlogger.Fatalln(username) // $ hasTaintFlow="username"
|
fieldlogger.Panicf("", username) // $ hasTaintFlow="username"
|
||||||
}
|
fieldlogger.Panicln(username) // $ hasTaintFlow="username"
|
||||||
fieldlogger.Info(username) // $ hasTaintFlow="username"
|
|
||||||
fieldlogger.Infof(username, "") // $ hasTaintFlow="username"
|
|
||||||
fieldlogger.Infof("", username) // $ hasTaintFlow="username"
|
|
||||||
fieldlogger.Infoln(username) // $ hasTaintFlow="username"
|
|
||||||
if testFlag == "41" {
|
|
||||||
fieldlogger.Panic(username) // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
if testFlag == "42" {
|
|
||||||
fieldlogger.Panicf(username, "") // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
if testFlag == "43" {
|
|
||||||
fieldlogger.Panicf("", username) // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
if testFlag == "44" {
|
|
||||||
fieldlogger.Panicln(username) // $ hasTaintFlow="username"
|
|
||||||
}
|
|
||||||
fieldlogger.Print(username) // $ hasTaintFlow="username"
|
fieldlogger.Print(username) // $ hasTaintFlow="username"
|
||||||
fieldlogger.Printf(username, "") // $ hasTaintFlow="username"
|
fieldlogger.Printf(username, "") // $ hasTaintFlow="username"
|
||||||
fieldlogger.Printf("", username) // $ hasTaintFlow="username"
|
fieldlogger.Printf("", username) // $ hasTaintFlow="username"
|
||||||
@@ -470,11 +366,11 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
|
|||||||
logger.DPanic(username) // $ hasTaintFlow="username"
|
logger.DPanic(username) // $ hasTaintFlow="username"
|
||||||
logger.Debug(username) // $ hasTaintFlow="username"
|
logger.Debug(username) // $ hasTaintFlow="username"
|
||||||
logger.Error(username) // $ hasTaintFlow="username"
|
logger.Error(username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "45" {
|
if testFlag == " true" {
|
||||||
logger.Fatal(username) // $ hasTaintFlow="username"
|
logger.Fatal(username) // $ hasTaintFlow="username"
|
||||||
}
|
}
|
||||||
logger.Info(username) // $ hasTaintFlow="username"
|
logger.Info(username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "46" {
|
if testFlag == " true" {
|
||||||
logger.Panic(username) // $ hasTaintFlow="username"
|
logger.Panic(username) // $ hasTaintFlow="username"
|
||||||
}
|
}
|
||||||
logger.Warn(username) // $ hasTaintFlow="username"
|
logger.Warn(username) // $ hasTaintFlow="username"
|
||||||
@@ -486,33 +382,33 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
|
|||||||
sLogger.DPanic(username) // $ hasTaintFlow="username"
|
sLogger.DPanic(username) // $ hasTaintFlow="username"
|
||||||
sLogger.Debug(username) // $ hasTaintFlow="username"
|
sLogger.Debug(username) // $ hasTaintFlow="username"
|
||||||
sLogger.Error(username) // $ hasTaintFlow="username"
|
sLogger.Error(username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "47" {
|
if testFlag == " true" {
|
||||||
sLogger.Fatal(username) // $ hasTaintFlow="username"
|
sLogger.Fatal(username) // $ hasTaintFlow="username"
|
||||||
}
|
}
|
||||||
sLogger.Info(username) // $ hasTaintFlow="username"
|
sLogger.Info(username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "48" {
|
if testFlag == " true" {
|
||||||
sLogger.Panic(username) // $ hasTaintFlow="username"
|
sLogger.Panic(username) // $ hasTaintFlow="username"
|
||||||
}
|
}
|
||||||
sLogger.Warn(username) // $ hasTaintFlow="username"
|
sLogger.Warn(username) // $ hasTaintFlow="username"
|
||||||
sLogger.DPanicf(username) // $ hasTaintFlow="username"
|
sLogger.DPanicf(username) // $ hasTaintFlow="username"
|
||||||
sLogger.Debugf(username) // $ hasTaintFlow="username"
|
sLogger.Debugf(username) // $ hasTaintFlow="username"
|
||||||
sLogger.Errorf(username) // $ hasTaintFlow="username"
|
sLogger.Errorf(username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "49" {
|
if testFlag == " true" {
|
||||||
sLogger.Fatalf(username) // $ hasTaintFlow="username"
|
sLogger.Fatalf(username) // $ hasTaintFlow="username"
|
||||||
}
|
}
|
||||||
sLogger.Infof(username) // $ hasTaintFlow="username"
|
sLogger.Infof(username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "50" {
|
if testFlag == " true" {
|
||||||
sLogger.Panicf(username) // $ hasTaintFlow="username"
|
sLogger.Panicf(username) // $ hasTaintFlow="username"
|
||||||
}
|
}
|
||||||
sLogger.Warnf(username) // $ hasTaintFlow="username"
|
sLogger.Warnf(username) // $ hasTaintFlow="username"
|
||||||
sLogger.DPanicw(username) // $ hasTaintFlow="username"
|
sLogger.DPanicw(username) // $ hasTaintFlow="username"
|
||||||
sLogger.Debugw(username) // $ hasTaintFlow="username"
|
sLogger.Debugw(username) // $ hasTaintFlow="username"
|
||||||
sLogger.Errorw(username) // $ hasTaintFlow="username"
|
sLogger.Errorw(username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "51" {
|
if testFlag == " true" {
|
||||||
sLogger.Fatalw(username) // $ hasTaintFlow="username"
|
sLogger.Fatalw(username) // $ hasTaintFlow="username"
|
||||||
}
|
}
|
||||||
sLogger.Infow(username) // $ hasTaintFlow="username"
|
sLogger.Infow(username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "52" {
|
if testFlag == " true" {
|
||||||
sLogger.Panicw(username) // $ hasTaintFlow="username"
|
sLogger.Panicw(username) // $ hasTaintFlow="username"
|
||||||
}
|
}
|
||||||
sLogger.Warnw(username) // $ hasTaintFlow="username"
|
sLogger.Warnw(username) // $ hasTaintFlow="username"
|
||||||
@@ -619,10 +515,10 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
|
|||||||
verbose.Infof("user %q logged in.\n", username)
|
verbose.Infof("user %q logged in.\n", username)
|
||||||
klog.Infof("user %q logged in.\n", username)
|
klog.Infof("user %q logged in.\n", username)
|
||||||
klog.Errorf("user %q logged in.\n", username)
|
klog.Errorf("user %q logged in.\n", username)
|
||||||
if testFlag == "53" {
|
if testFlag == " true" {
|
||||||
klog.Fatalf("user %q logged in.\n", username)
|
klog.Fatalf("user %q logged in.\n", username)
|
||||||
}
|
}
|
||||||
if testFlag == "54" {
|
if testFlag == " true" {
|
||||||
klog.Exitf("user %q logged in.\n", username)
|
klog.Exitf("user %q logged in.\n", username)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -638,10 +534,10 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
|
|||||||
|
|
||||||
glog.Infof("user %q logged in.\n", username)
|
glog.Infof("user %q logged in.\n", username)
|
||||||
glog.Errorf("user %q logged in.\n", username)
|
glog.Errorf("user %q logged in.\n", username)
|
||||||
if testFlag == "55" {
|
if testFlag == " true" {
|
||||||
glog.Fatalf("user %q logged in.\n", username)
|
glog.Fatalf("user %q logged in.\n", username)
|
||||||
}
|
}
|
||||||
if testFlag == "56" {
|
if testFlag == " true" {
|
||||||
glog.Exitf("user %q logged in.\n", username)
|
glog.Exitf("user %q logged in.\n", username)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -649,11 +545,11 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
|
|||||||
{
|
{
|
||||||
logrus.Debugf("user %q logged in.\n", username)
|
logrus.Debugf("user %q logged in.\n", username)
|
||||||
logrus.Errorf("user %q logged in.\n", username)
|
logrus.Errorf("user %q logged in.\n", username)
|
||||||
if testFlag == "57" {
|
if testFlag == " true" {
|
||||||
logrus.Fatalf("user %q logged in.\n", username)
|
logrus.Fatalf("user %q logged in.\n", username)
|
||||||
}
|
}
|
||||||
logrus.Infof("user %q logged in.\n", username)
|
logrus.Infof("user %q logged in.\n", username)
|
||||||
if testFlag == "58" {
|
if testFlag == " true" {
|
||||||
logrus.Panicf("user %q logged in.\n", username)
|
logrus.Panicf("user %q logged in.\n", username)
|
||||||
}
|
}
|
||||||
logrus.Printf("user %q logged in.\n", username)
|
logrus.Printf("user %q logged in.\n", username)
|
||||||
@@ -665,12 +561,12 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
|
|||||||
entry := logrus.WithFields(fields)
|
entry := logrus.WithFields(fields)
|
||||||
entry.Debugf("user %q logged in.\n", username)
|
entry.Debugf("user %q logged in.\n", username)
|
||||||
entry.Errorf("user %q logged in.\n", username)
|
entry.Errorf("user %q logged in.\n", username)
|
||||||
if testFlag == "59" {
|
if testFlag == " true" {
|
||||||
entry.Fatalf("user %q logged in.\n", username)
|
entry.Fatalf("user %q logged in.\n", username)
|
||||||
}
|
}
|
||||||
entry.Infof("user %q logged in.\n", username)
|
entry.Infof("user %q logged in.\n", username)
|
||||||
entry.Logf(0, "user %q logged in.\n", username)
|
entry.Logf(0, "user %q logged in.\n", username)
|
||||||
if testFlag == "60" {
|
if testFlag == " true" {
|
||||||
entry.Panicf("user %q logged in.\n", username)
|
entry.Panicf("user %q logged in.\n", username)
|
||||||
}
|
}
|
||||||
entry.Printf("user %q logged in.\n", username)
|
entry.Printf("user %q logged in.\n", username)
|
||||||
@@ -681,12 +577,12 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
|
|||||||
logger := entry.Logger
|
logger := entry.Logger
|
||||||
logger.Debugf("user %q logged in.\n", username)
|
logger.Debugf("user %q logged in.\n", username)
|
||||||
logger.Errorf("user %q logged in.\n", username)
|
logger.Errorf("user %q logged in.\n", username)
|
||||||
if testFlag == "61" {
|
if testFlag == " true" {
|
||||||
logger.Fatalf("user %q logged in.\n", username)
|
logger.Fatalf("user %q logged in.\n", username)
|
||||||
}
|
}
|
||||||
logger.Infof("user %q logged in.\n", username)
|
logger.Infof("user %q logged in.\n", username)
|
||||||
logger.Logf(0, "user %q logged in.\n", username)
|
logger.Logf(0, "user %q logged in.\n", username)
|
||||||
if testFlag == "62" {
|
if testFlag == " true" {
|
||||||
logger.Panicf("user %q logged in.\n", username)
|
logger.Panicf("user %q logged in.\n", username)
|
||||||
}
|
}
|
||||||
logger.Printf("user %q logged in.\n", username)
|
logger.Printf("user %q logged in.\n", username)
|
||||||
@@ -707,11 +603,11 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
|
|||||||
sLogger.DPanicf("user %q logged in.\n", username)
|
sLogger.DPanicf("user %q logged in.\n", username)
|
||||||
sLogger.Debugf("user %q logged in.\n", username)
|
sLogger.Debugf("user %q logged in.\n", username)
|
||||||
sLogger.Errorf("user %q logged in.\n", username)
|
sLogger.Errorf("user %q logged in.\n", username)
|
||||||
if testFlag == "63" {
|
if testFlag == " true" {
|
||||||
sLogger.Fatalf("user %q logged in.\n", username)
|
sLogger.Fatalf("user %q logged in.\n", username)
|
||||||
}
|
}
|
||||||
sLogger.Infof("user %q logged in.\n", username)
|
sLogger.Infof("user %q logged in.\n", username)
|
||||||
if testFlag == "64" {
|
if testFlag == " true" {
|
||||||
sLogger.Panicf("user %q logged in.\n", username)
|
sLogger.Panicf("user %q logged in.\n", username)
|
||||||
}
|
}
|
||||||
sLogger.Warnf("user %q logged in.\n", username)
|
sLogger.Warnf("user %q logged in.\n", username)
|
||||||
@@ -724,10 +620,10 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
|
|||||||
verbose.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
verbose.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
klog.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
klog.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
klog.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
klog.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "65" {
|
if testFlag == " true" {
|
||||||
klog.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
klog.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
}
|
}
|
||||||
if testFlag == "66" {
|
if testFlag == " true" {
|
||||||
klog.Exitf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
klog.Exitf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -743,10 +639,10 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
|
|||||||
|
|
||||||
glog.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
glog.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
glog.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
glog.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "67" {
|
if testFlag == " true" {
|
||||||
glog.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
glog.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
}
|
}
|
||||||
if testFlag == "68" {
|
if testFlag == " true" {
|
||||||
glog.Exitf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
glog.Exitf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -754,11 +650,11 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
|
|||||||
{
|
{
|
||||||
logrus.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
logrus.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
logrus.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
logrus.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "69" {
|
if testFlag == " true" {
|
||||||
logrus.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
logrus.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
}
|
}
|
||||||
logrus.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
logrus.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "70" {
|
if testFlag == " true" {
|
||||||
logrus.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
logrus.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
}
|
}
|
||||||
logrus.Printf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
logrus.Printf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
@@ -770,12 +666,12 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
|
|||||||
entry := logrus.WithFields(fields)
|
entry := logrus.WithFields(fields)
|
||||||
entry.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
entry.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
entry.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
entry.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "71" {
|
if testFlag == " true" {
|
||||||
entry.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
entry.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
}
|
}
|
||||||
entry.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
entry.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
entry.Logf(0, "user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
entry.Logf(0, "user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "72" {
|
if testFlag == " true" {
|
||||||
entry.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
entry.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
}
|
}
|
||||||
entry.Printf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
entry.Printf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
@@ -786,12 +682,12 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
|
|||||||
logger := entry.Logger
|
logger := entry.Logger
|
||||||
logger.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
logger.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
logger.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
logger.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "73" {
|
if testFlag == " true" {
|
||||||
logger.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
logger.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
}
|
}
|
||||||
logger.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
logger.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
logger.Logf(0, "user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
logger.Logf(0, "user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "74" {
|
if testFlag == " true" {
|
||||||
logger.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
logger.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
}
|
}
|
||||||
logger.Printf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
logger.Printf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
@@ -812,11 +708,11 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
|
|||||||
sLogger.DPanicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
sLogger.DPanicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
sLogger.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
sLogger.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
sLogger.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
sLogger.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "75" {
|
if testFlag == " true" {
|
||||||
sLogger.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
sLogger.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
}
|
}
|
||||||
sLogger.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
sLogger.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
if testFlag == "76" {
|
if testFlag == " true" {
|
||||||
sLogger.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
sLogger.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
}
|
}
|
||||||
sLogger.Warnf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
sLogger.Warnf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
|
||||||
|
|||||||
@@ -37,22 +37,22 @@
|
|||||||
| passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | $@ flows to a logging call. | passwords.go:26:14:26:23 | selection of password | Sensitive data returned by an access to password |
|
| passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | $@ flows to a logging call. | passwords.go:26:14:26:23 | selection of password | Sensitive data returned by an access to password |
|
||||||
| passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | $@ flows to a logging call. | passwords.go:27:14:27:26 | call to getPassword | Sensitive data returned by a call to getPassword |
|
| passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | $@ flows to a logging call. | passwords.go:27:14:27:26 | call to getPassword | Sensitive data returned by a call to getPassword |
|
||||||
| passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | $@ flows to a logging call. | passwords.go:28:14:28:28 | call to getPassword | Sensitive data returned by a call to getPassword |
|
| passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | $@ flows to a logging call. | passwords.go:28:14:28:28 | call to getPassword | Sensitive data returned by a call to getPassword |
|
||||||
| passwords.go:33:13:33:20 | password | passwords.go:21:2:21:9 | definition of password | passwords.go:33:13:33:20 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
| passwords.go:32:12:32:19 | password | passwords.go:21:2:21:9 | definition of password | passwords.go:32:12:32:19 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
||||||
| passwords.go:36:14:36:35 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:36:14:36:35 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
| passwords.go:34:14:34:35 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:34:14:34:35 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
||||||
| passwords.go:41:14:41:17 | obj1 | passwords.go:39:13:39:13 | x | passwords.go:41:14:41:17 | obj1 | $@ flows to a logging call. | passwords.go:39:13:39:13 | x | Sensitive data returned by an access to password |
|
| passwords.go:39:14:39:17 | obj1 | passwords.go:37:13:37:13 | x | passwords.go:39:14:39:17 | obj1 | $@ flows to a logging call. | passwords.go:37:13:37:13 | x | Sensitive data returned by an access to password |
|
||||||
| passwords.go:46:14:46:17 | obj2 | passwords.go:21:2:21:9 | definition of password | passwords.go:46:14:46:17 | obj2 | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
| passwords.go:44:14:44:17 | obj2 | passwords.go:21:2:21:9 | definition of password | passwords.go:44:14:44:17 | obj2 | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
||||||
| passwords.go:53:14:53:27 | fixed_password | passwords.go:52:2:52:15 | definition of fixed_password | passwords.go:53:14:53:27 | fixed_password | $@ flows to a logging call. | passwords.go:52:2:52:15 | definition of fixed_password | Sensitive data returned by an access to fixed_password |
|
| passwords.go:51:14:51:27 | fixed_password | passwords.go:50:2:50:15 | definition of fixed_password | passwords.go:51:14:51:27 | fixed_password | $@ flows to a logging call. | passwords.go:50:2:50:15 | definition of fixed_password | Sensitive data returned by an access to fixed_password |
|
||||||
| passwords.go:91:14:91:26 | utilityObject | passwords.go:89:16:89:36 | call to make | passwords.go:91:14:91:26 | utilityObject | $@ flows to a logging call. | passwords.go:89:16:89:36 | call to make | Sensitive data returned by an access to passwordSet |
|
| passwords.go:89:14:89:26 | utilityObject | passwords.go:87:16:87:36 | call to make | passwords.go:89:14:89:26 | utilityObject | $@ flows to a logging call. | passwords.go:87:16:87:36 | call to make | Sensitive data returned by an access to passwordSet |
|
||||||
| passwords.go:94:23:94:28 | secret | passwords.go:21:2:21:9 | definition of password | passwords.go:94:23:94:28 | secret | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
| passwords.go:92:23:92:28 | secret | passwords.go:21:2:21:9 | definition of password | passwords.go:92:23:92:28 | secret | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
||||||
| passwords.go:104:15:104:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:104:15:104:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
| passwords.go:102:15:102:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:102:15:102:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
||||||
| passwords.go:110:16:110:41 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:110:16:110:41 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
| passwords.go:108:16:108:41 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:108:16:108:41 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
||||||
| passwords.go:115:15:115:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:115:15:115:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
| passwords.go:113:15:113:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:113:15:113:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
||||||
| passwords.go:119:14:119:45 | ...+... | passwords.go:118:6:118:14 | definition of password1 | passwords.go:119:14:119:45 | ...+... | $@ flows to a logging call. | passwords.go:118:6:118:14 | definition of password1 | Sensitive data returned by an access to password1 |
|
| passwords.go:117:14:117:45 | ...+... | passwords.go:116:6:116:14 | definition of password1 | passwords.go:117:14:117:45 | ...+... | $@ flows to a logging call. | passwords.go:116:6:116:14 | definition of password1 | Sensitive data returned by an access to password1 |
|
||||||
| passwords.go:129:14:129:19 | config | passwords.go:21:2:21:9 | definition of password | passwords.go:129:14:129:19 | config | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
| passwords.go:127:14:127:19 | config | passwords.go:21:2:21:9 | definition of password | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
||||||
| passwords.go:129:14:129:19 | config | passwords.go:123:13:123:14 | x3 | passwords.go:129:14:129:19 | config | $@ flows to a logging call. | passwords.go:123:13:123:14 | x3 | Sensitive data returned by an access to password |
|
| passwords.go:127:14:127:19 | config | passwords.go:121:13:121:14 | x3 | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:121:13:121:14 | x3 | Sensitive data returned by an access to password |
|
||||||
| passwords.go:129:14:129:19 | config | passwords.go:126:13:126:25 | call to getPassword | passwords.go:129:14:129:19 | config | $@ flows to a logging call. | passwords.go:126:13:126:25 | call to getPassword | Sensitive data returned by a call to getPassword |
|
| passwords.go:127:14:127:19 | config | passwords.go:124:13:124:25 | call to getPassword | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:124:13:124:25 | call to getPassword | Sensitive data returned by a call to getPassword |
|
||||||
| passwords.go:130:14:130:21 | selection of x | passwords.go:21:2:21:9 | definition of password | passwords.go:130:14:130:21 | selection of x | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
| passwords.go:128:14:128:21 | selection of x | passwords.go:21:2:21:9 | definition of password | passwords.go:128:14:128:21 | selection of x | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password |
|
||||||
| passwords.go:131:14:131:21 | selection of y | passwords.go:126:13:126:25 | call to getPassword | passwords.go:131:14:131:21 | selection of y | $@ flows to a logging call. | passwords.go:126:13:126:25 | call to getPassword | Sensitive data returned by a call to getPassword |
|
| passwords.go:129:14:129:21 | selection of y | passwords.go:124:13:124:25 | call to getPassword | passwords.go:129:14:129:21 | selection of y | $@ flows to a logging call. | passwords.go:124:13:124:25 | call to getPassword | Sensitive data returned by a call to getPassword |
|
||||||
| protobuf.go:14:14:14:35 | call to GetDescription | protobuf.go:9:2:9:9 | definition of password | protobuf.go:14:14:14:35 | call to GetDescription | $@ flows to a logging call. | protobuf.go:9:2:9:9 | definition of password | Sensitive data returned by an access to password |
|
| protobuf.go:14:14:14:35 | call to GetDescription | protobuf.go:9:2:9:9 | definition of password | protobuf.go:14:14:14:35 | call to GetDescription | $@ flows to a logging call. | protobuf.go:9:2:9:9 | definition of password | Sensitive data returned by an access to password |
|
||||||
edges
|
edges
|
||||||
| klog.go:21:3:26:3 | range statement[1] | klog.go:22:27:22:33 | headers | provenance | |
|
| klog.go:21:3:26:3 | range statement[1] | klog.go:22:27:22:33 | headers | provenance | |
|
||||||
@@ -82,15 +82,95 @@ edges
|
|||||||
| main.go:53:11:53:18 | password | main.go:54:12:54:19 | password | provenance | |
|
| main.go:53:11:53:18 | password | main.go:54:12:54:19 | password | provenance | |
|
||||||
| main.go:53:11:53:18 | password | main.go:54:12:54:19 | password | provenance | |
|
| main.go:53:11:53:18 | password | main.go:54:12:54:19 | password | provenance | |
|
||||||
| main.go:54:12:54:19 | password | main.go:56:11:56:18 | password | provenance | |
|
| main.go:54:12:54:19 | password | main.go:56:11:56:18 | password | provenance | |
|
||||||
|
| main.go:54:12:54:19 | password | main.go:56:11:56:18 | password | provenance | |
|
||||||
| main.go:54:12:54:19 | password | main.go:59:18:59:25 | password | provenance | |
|
| main.go:54:12:54:19 | password | main.go:59:18:59:25 | password | provenance | |
|
||||||
|
| main.go:54:12:54:19 | password | main.go:59:18:59:25 | password | provenance | |
|
||||||
|
| main.go:54:12:54:19 | password | main.go:62:12:62:19 | password | provenance | |
|
||||||
| main.go:54:12:54:19 | password | main.go:62:12:62:19 | password | provenance | Sink:MaD:7 |
|
| main.go:54:12:54:19 | password | main.go:62:12:62:19 | password | provenance | Sink:MaD:7 |
|
||||||
| main.go:54:12:54:19 | password | main.go:65:13:65:20 | password | provenance | |
|
| main.go:54:12:54:19 | password | main.go:65:13:65:20 | password | provenance | |
|
||||||
|
| main.go:54:12:54:19 | password | main.go:65:13:65:20 | password | provenance | |
|
||||||
|
| main.go:54:12:54:19 | password | main.go:68:11:68:18 | password | provenance | |
|
||||||
| main.go:54:12:54:19 | password | main.go:68:11:68:18 | password | provenance | |
|
| main.go:54:12:54:19 | password | main.go:68:11:68:18 | password | provenance | |
|
||||||
| main.go:54:12:54:19 | password | main.go:71:18:71:25 | password | provenance | |
|
| main.go:54:12:54:19 | password | main.go:71:18:71:25 | password | provenance | |
|
||||||
|
| main.go:54:12:54:19 | password | main.go:71:18:71:25 | password | provenance | |
|
||||||
|
| main.go:54:12:54:19 | password | main.go:74:12:74:19 | password | provenance | |
|
||||||
| main.go:54:12:54:19 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
|
| main.go:54:12:54:19 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
|
||||||
| main.go:54:12:54:19 | password | main.go:77:13:77:20 | password | provenance | |
|
| main.go:54:12:54:19 | password | main.go:77:13:77:20 | password | provenance | |
|
||||||
|
| main.go:54:12:54:19 | password | main.go:77:13:77:20 | password | provenance | |
|
||||||
| main.go:54:12:54:19 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
|
| main.go:54:12:54:19 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
|
||||||
| main.go:54:12:54:19 | password | main.go:80:17:80:24 | password | provenance | |
|
| main.go:54:12:54:19 | password | main.go:80:17:80:24 | password | provenance | |
|
||||||
|
| main.go:56:11:56:18 | password | main.go:59:18:59:25 | password | provenance | |
|
||||||
|
| main.go:56:11:56:18 | password | main.go:59:18:59:25 | password | provenance | |
|
||||||
|
| main.go:56:11:56:18 | password | main.go:62:12:62:19 | password | provenance | |
|
||||||
|
| main.go:56:11:56:18 | password | main.go:62:12:62:19 | password | provenance | Sink:MaD:7 |
|
||||||
|
| main.go:56:11:56:18 | password | main.go:65:13:65:20 | password | provenance | |
|
||||||
|
| main.go:56:11:56:18 | password | main.go:65:13:65:20 | password | provenance | |
|
||||||
|
| main.go:56:11:56:18 | password | main.go:68:11:68:18 | password | provenance | |
|
||||||
|
| main.go:56:11:56:18 | password | main.go:68:11:68:18 | password | provenance | |
|
||||||
|
| main.go:56:11:56:18 | password | main.go:71:18:71:25 | password | provenance | |
|
||||||
|
| main.go:56:11:56:18 | password | main.go:71:18:71:25 | password | provenance | |
|
||||||
|
| main.go:56:11:56:18 | password | main.go:74:12:74:19 | password | provenance | |
|
||||||
|
| main.go:56:11:56:18 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
|
||||||
|
| main.go:56:11:56:18 | password | main.go:77:13:77:20 | password | provenance | |
|
||||||
|
| main.go:56:11:56:18 | password | main.go:77:13:77:20 | password | provenance | |
|
||||||
|
| main.go:56:11:56:18 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
|
||||||
|
| main.go:56:11:56:18 | password | main.go:80:17:80:24 | password | provenance | |
|
||||||
|
| main.go:59:18:59:25 | password | main.go:62:12:62:19 | password | provenance | |
|
||||||
|
| main.go:59:18:59:25 | password | main.go:62:12:62:19 | password | provenance | Sink:MaD:7 |
|
||||||
|
| main.go:59:18:59:25 | password | main.go:65:13:65:20 | password | provenance | |
|
||||||
|
| main.go:59:18:59:25 | password | main.go:65:13:65:20 | password | provenance | |
|
||||||
|
| main.go:59:18:59:25 | password | main.go:68:11:68:18 | password | provenance | |
|
||||||
|
| main.go:59:18:59:25 | password | main.go:68:11:68:18 | password | provenance | |
|
||||||
|
| main.go:59:18:59:25 | password | main.go:71:18:71:25 | password | provenance | |
|
||||||
|
| main.go:59:18:59:25 | password | main.go:71:18:71:25 | password | provenance | |
|
||||||
|
| main.go:59:18:59:25 | password | main.go:74:12:74:19 | password | provenance | |
|
||||||
|
| main.go:59:18:59:25 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
|
||||||
|
| main.go:59:18:59:25 | password | main.go:77:13:77:20 | password | provenance | |
|
||||||
|
| main.go:59:18:59:25 | password | main.go:77:13:77:20 | password | provenance | |
|
||||||
|
| main.go:59:18:59:25 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
|
||||||
|
| main.go:59:18:59:25 | password | main.go:80:17:80:24 | password | provenance | |
|
||||||
|
| main.go:62:12:62:19 | password | main.go:65:13:65:20 | password | provenance | |
|
||||||
|
| main.go:62:12:62:19 | password | main.go:65:13:65:20 | password | provenance | |
|
||||||
|
| main.go:62:12:62:19 | password | main.go:68:11:68:18 | password | provenance | |
|
||||||
|
| main.go:62:12:62:19 | password | main.go:68:11:68:18 | password | provenance | |
|
||||||
|
| main.go:62:12:62:19 | password | main.go:71:18:71:25 | password | provenance | |
|
||||||
|
| main.go:62:12:62:19 | password | main.go:71:18:71:25 | password | provenance | |
|
||||||
|
| main.go:62:12:62:19 | password | main.go:74:12:74:19 | password | provenance | |
|
||||||
|
| main.go:62:12:62:19 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
|
||||||
|
| main.go:62:12:62:19 | password | main.go:77:13:77:20 | password | provenance | |
|
||||||
|
| main.go:62:12:62:19 | password | main.go:77:13:77:20 | password | provenance | |
|
||||||
|
| main.go:62:12:62:19 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
|
||||||
|
| main.go:62:12:62:19 | password | main.go:80:17:80:24 | password | provenance | |
|
||||||
|
| main.go:65:13:65:20 | password | main.go:68:11:68:18 | password | provenance | |
|
||||||
|
| main.go:65:13:65:20 | password | main.go:68:11:68:18 | password | provenance | |
|
||||||
|
| main.go:65:13:65:20 | password | main.go:71:18:71:25 | password | provenance | |
|
||||||
|
| main.go:65:13:65:20 | password | main.go:71:18:71:25 | password | provenance | |
|
||||||
|
| main.go:65:13:65:20 | password | main.go:74:12:74:19 | password | provenance | |
|
||||||
|
| main.go:65:13:65:20 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
|
||||||
|
| main.go:65:13:65:20 | password | main.go:77:13:77:20 | password | provenance | |
|
||||||
|
| main.go:65:13:65:20 | password | main.go:77:13:77:20 | password | provenance | |
|
||||||
|
| main.go:65:13:65:20 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
|
||||||
|
| main.go:65:13:65:20 | password | main.go:80:17:80:24 | password | provenance | |
|
||||||
|
| main.go:68:11:68:18 | password | main.go:71:18:71:25 | password | provenance | |
|
||||||
|
| main.go:68:11:68:18 | password | main.go:71:18:71:25 | password | provenance | |
|
||||||
|
| main.go:68:11:68:18 | password | main.go:74:12:74:19 | password | provenance | |
|
||||||
|
| main.go:68:11:68:18 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
|
||||||
|
| main.go:68:11:68:18 | password | main.go:77:13:77:20 | password | provenance | |
|
||||||
|
| main.go:68:11:68:18 | password | main.go:77:13:77:20 | password | provenance | |
|
||||||
|
| main.go:68:11:68:18 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
|
||||||
|
| main.go:68:11:68:18 | password | main.go:80:17:80:24 | password | provenance | |
|
||||||
|
| main.go:71:18:71:25 | password | main.go:74:12:74:19 | password | provenance | |
|
||||||
|
| main.go:71:18:71:25 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 |
|
||||||
|
| main.go:71:18:71:25 | password | main.go:77:13:77:20 | password | provenance | |
|
||||||
|
| main.go:71:18:71:25 | password | main.go:77:13:77:20 | password | provenance | |
|
||||||
|
| main.go:71:18:71:25 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
|
||||||
|
| main.go:71:18:71:25 | password | main.go:80:17:80:24 | password | provenance | |
|
||||||
|
| main.go:74:12:74:19 | password | main.go:77:13:77:20 | password | provenance | |
|
||||||
|
| main.go:74:12:74:19 | password | main.go:77:13:77:20 | password | provenance | |
|
||||||
|
| main.go:74:12:74:19 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
|
||||||
|
| main.go:74:12:74:19 | password | main.go:80:17:80:24 | password | provenance | |
|
||||||
|
| main.go:77:13:77:20 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 |
|
||||||
|
| main.go:77:13:77:20 | password | main.go:80:17:80:24 | password | provenance | |
|
||||||
| main.go:80:17:80:24 | password | main.go:82:12:82:19 | password | provenance | |
|
| main.go:80:17:80:24 | password | main.go:82:12:82:19 | password | provenance | |
|
||||||
| main.go:80:17:80:24 | password | main.go:83:17:83:24 | password | provenance | |
|
| main.go:80:17:80:24 | password | main.go:83:17:83:24 | password | provenance | |
|
||||||
| main.go:80:17:80:24 | password | main.go:86:19:86:26 | password | provenance | |
|
| main.go:80:17:80:24 | password | main.go:86:19:86:26 | password | provenance | |
|
||||||
@@ -102,46 +182,46 @@ edges
|
|||||||
| passwords.go:8:12:8:12 | definition of x | passwords.go:9:14:9:14 | x | provenance | |
|
| passwords.go:8:12:8:12 | definition of x | passwords.go:9:14:9:14 | x | provenance | |
|
||||||
| passwords.go:21:2:21:9 | definition of password | passwords.go:25:14:25:21 | password | provenance | |
|
| passwords.go:21:2:21:9 | definition of password | passwords.go:25:14:25:21 | password | provenance | |
|
||||||
| passwords.go:21:2:21:9 | definition of password | passwords.go:30:8:30:15 | password | provenance | |
|
| passwords.go:21:2:21:9 | definition of password | passwords.go:30:8:30:15 | password | provenance | |
|
||||||
| passwords.go:21:2:21:9 | definition of password | passwords.go:33:13:33:20 | password | provenance | |
|
| passwords.go:21:2:21:9 | definition of password | passwords.go:32:12:32:19 | password | provenance | |
|
||||||
| passwords.go:21:2:21:9 | definition of password | passwords.go:36:28:36:35 | password | provenance | |
|
| passwords.go:21:2:21:9 | definition of password | passwords.go:34:28:34:35 | password | provenance | |
|
||||||
| passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | definition of x | provenance | |
|
| passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | definition of x | provenance | |
|
||||||
| passwords.go:36:28:36:35 | password | passwords.go:36:14:36:35 | ...+... | provenance | Config |
|
| passwords.go:34:28:34:35 | password | passwords.go:34:14:34:35 | ...+... | provenance | Config |
|
||||||
| passwords.go:36:28:36:35 | password | passwords.go:44:6:44:13 | password | provenance | |
|
| passwords.go:34:28:34:35 | password | passwords.go:42:6:42:13 | password | provenance | |
|
||||||
| passwords.go:38:10:40:2 | struct literal | passwords.go:41:14:41:17 | obj1 | provenance | |
|
| passwords.go:36:10:38:2 | struct literal | passwords.go:39:14:39:17 | obj1 | provenance | |
|
||||||
| passwords.go:39:13:39:13 | x | passwords.go:38:10:40:2 | struct literal | provenance | Config |
|
| passwords.go:37:13:37:13 | x | passwords.go:36:10:38:2 | struct literal | provenance | Config |
|
||||||
| passwords.go:43:10:45:2 | struct literal | passwords.go:46:14:46:17 | obj2 | provenance | |
|
| passwords.go:41:10:43:2 | struct literal | passwords.go:44:14:44:17 | obj2 | provenance | |
|
||||||
| passwords.go:44:6:44:13 | password | passwords.go:43:10:45:2 | struct literal | provenance | Config |
|
| passwords.go:42:6:42:13 | password | passwords.go:41:10:43:2 | struct literal | provenance | Config |
|
||||||
| passwords.go:44:6:44:13 | password | passwords.go:50:11:50:18 | password | provenance | |
|
| passwords.go:42:6:42:13 | password | passwords.go:48:11:48:18 | password | provenance | |
|
||||||
| passwords.go:50:11:50:18 | password | passwords.go:94:23:94:28 | secret | provenance | |
|
| passwords.go:48:11:48:18 | password | passwords.go:92:23:92:28 | secret | provenance | |
|
||||||
| passwords.go:50:11:50:18 | password | passwords.go:104:33:104:40 | password | provenance | |
|
| passwords.go:48:11:48:18 | password | passwords.go:102:33:102:40 | password | provenance | |
|
||||||
| passwords.go:50:11:50:18 | password | passwords.go:110:34:110:41 | password | provenance | |
|
| passwords.go:48:11:48:18 | password | passwords.go:108:34:108:41 | password | provenance | |
|
||||||
| passwords.go:50:11:50:18 | password | passwords.go:115:33:115:40 | password | provenance | |
|
| passwords.go:48:11:48:18 | password | passwords.go:113:33:113:40 | password | provenance | |
|
||||||
| passwords.go:50:11:50:18 | password | passwords.go:125:13:125:20 | password | provenance | |
|
| passwords.go:48:11:48:18 | password | passwords.go:123:13:123:20 | password | provenance | |
|
||||||
| passwords.go:52:2:52:15 | definition of fixed_password | passwords.go:53:14:53:27 | fixed_password | provenance | |
|
| passwords.go:50:2:50:15 | definition of fixed_password | passwords.go:51:14:51:27 | fixed_password | provenance | |
|
||||||
| passwords.go:88:19:90:2 | struct literal | passwords.go:91:14:91:26 | utilityObject | provenance | |
|
| passwords.go:86:19:88:2 | struct literal | passwords.go:89:14:89:26 | utilityObject | provenance | |
|
||||||
| passwords.go:89:16:89:36 | call to make | passwords.go:88:19:90:2 | struct literal | provenance | Config |
|
| passwords.go:87:16:87:36 | call to make | passwords.go:86:19:88:2 | struct literal | provenance | Config |
|
||||||
| passwords.go:104:33:104:40 | password | passwords.go:104:15:104:40 | ...+... | provenance | Config |
|
| passwords.go:102:33:102:40 | password | passwords.go:102:15:102:40 | ...+... | provenance | Config |
|
||||||
| passwords.go:104:33:104:40 | password | passwords.go:110:34:110:41 | password | provenance | |
|
| passwords.go:102:33:102:40 | password | passwords.go:108:34:108:41 | password | provenance | |
|
||||||
| passwords.go:104:33:104:40 | password | passwords.go:115:33:115:40 | password | provenance | |
|
| passwords.go:102:33:102:40 | password | passwords.go:113:33:113:40 | password | provenance | |
|
||||||
| passwords.go:104:33:104:40 | password | passwords.go:125:13:125:20 | password | provenance | |
|
| passwords.go:102:33:102:40 | password | passwords.go:123:13:123:20 | password | provenance | |
|
||||||
| passwords.go:110:34:110:41 | password | passwords.go:110:16:110:41 | ...+... | provenance | Config |
|
| passwords.go:108:34:108:41 | password | passwords.go:108:16:108:41 | ...+... | provenance | Config |
|
||||||
| passwords.go:110:34:110:41 | password | passwords.go:115:33:115:40 | password | provenance | |
|
| passwords.go:108:34:108:41 | password | passwords.go:113:33:113:40 | password | provenance | |
|
||||||
| passwords.go:110:34:110:41 | password | passwords.go:125:13:125:20 | password | provenance | |
|
| passwords.go:108:34:108:41 | password | passwords.go:123:13:123:20 | password | provenance | |
|
||||||
| passwords.go:115:33:115:40 | password | passwords.go:115:15:115:40 | ...+... | provenance | Config |
|
| passwords.go:113:33:113:40 | password | passwords.go:113:15:113:40 | ...+... | provenance | Config |
|
||||||
| passwords.go:115:33:115:40 | password | passwords.go:125:13:125:20 | password | provenance | |
|
| passwords.go:113:33:113:40 | password | passwords.go:123:13:123:20 | password | provenance | |
|
||||||
| passwords.go:118:6:118:14 | definition of password1 | passwords.go:119:28:119:36 | password1 | provenance | |
|
| passwords.go:116:6:116:14 | definition of password1 | passwords.go:117:28:117:36 | password1 | provenance | |
|
||||||
| passwords.go:119:28:119:36 | password1 | passwords.go:119:28:119:45 | call to String | provenance | Config |
|
| passwords.go:117:28:117:36 | password1 | passwords.go:117:28:117:45 | call to String | provenance | Config |
|
||||||
| passwords.go:119:28:119:45 | call to String | passwords.go:119:14:119:45 | ...+... | provenance | Config |
|
| passwords.go:117:28:117:45 | call to String | passwords.go:117:14:117:45 | ...+... | provenance | Config |
|
||||||
| passwords.go:122:12:127:2 | struct literal | passwords.go:129:14:129:19 | config | provenance | |
|
| passwords.go:120:12:125:2 | struct literal | passwords.go:127:14:127:19 | config | provenance | |
|
||||||
| passwords.go:122:12:127:2 | struct literal [x] | passwords.go:130:14:130:19 | config [x] | provenance | |
|
| passwords.go:120:12:125:2 | struct literal [x] | passwords.go:128:14:128:19 | config [x] | provenance | |
|
||||||
| passwords.go:122:12:127:2 | struct literal [y] | passwords.go:131:14:131:19 | config [y] | provenance | |
|
| passwords.go:120:12:125:2 | struct literal [y] | passwords.go:129:14:129:19 | config [y] | provenance | |
|
||||||
| passwords.go:123:13:123:14 | x3 | passwords.go:122:12:127:2 | struct literal | provenance | Config |
|
| passwords.go:121:13:121:14 | x3 | passwords.go:120:12:125:2 | struct literal | provenance | Config |
|
||||||
| passwords.go:125:13:125:20 | password | passwords.go:122:12:127:2 | struct literal | provenance | Config |
|
| passwords.go:123:13:123:20 | password | passwords.go:120:12:125:2 | struct literal | provenance | Config |
|
||||||
| passwords.go:125:13:125:20 | password | passwords.go:122:12:127:2 | struct literal [x] | provenance | |
|
| passwords.go:123:13:123:20 | password | passwords.go:120:12:125:2 | struct literal [x] | provenance | |
|
||||||
| passwords.go:126:13:126:25 | call to getPassword | passwords.go:122:12:127:2 | struct literal | provenance | Config |
|
| passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal | provenance | Config |
|
||||||
| passwords.go:126:13:126:25 | call to getPassword | passwords.go:122:12:127:2 | struct literal [y] | provenance | |
|
| passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal [y] | provenance | |
|
||||||
| passwords.go:130:14:130:19 | config [x] | passwords.go:130:14:130:21 | selection of x | provenance | |
|
| passwords.go:128:14:128:19 | config [x] | passwords.go:128:14:128:21 | selection of x | provenance | |
|
||||||
| passwords.go:131:14:131:19 | config [y] | passwords.go:131:14:131:21 | selection of y | provenance | |
|
| passwords.go:129:14:129:19 | config [y] | passwords.go:129:14:129:21 | selection of y | provenance | |
|
||||||
| protobuf.go:9:2:9:9 | definition of password | protobuf.go:12:22:12:29 | password | provenance | |
|
| protobuf.go:9:2:9:9 | definition of password | protobuf.go:12:22:12:29 | password | provenance | |
|
||||||
| protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | provenance | |
|
| protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | provenance | |
|
||||||
| protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | protobuf.go:14:14:14:18 | query [pointer, Description] | provenance | |
|
| protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | protobuf.go:14:14:14:18 | query [pointer, Description] | provenance | |
|
||||||
@@ -194,12 +274,20 @@ nodes
|
|||||||
| main.go:54:12:54:19 | password | semmle.label | password |
|
| main.go:54:12:54:19 | password | semmle.label | password |
|
||||||
| main.go:54:12:54:19 | password | semmle.label | password |
|
| main.go:54:12:54:19 | password | semmle.label | password |
|
||||||
| main.go:56:11:56:18 | password | semmle.label | password |
|
| main.go:56:11:56:18 | password | semmle.label | password |
|
||||||
|
| main.go:56:11:56:18 | password | semmle.label | password |
|
||||||
|
| main.go:59:18:59:25 | password | semmle.label | password |
|
||||||
| main.go:59:18:59:25 | password | semmle.label | password |
|
| main.go:59:18:59:25 | password | semmle.label | password |
|
||||||
| main.go:62:12:62:19 | password | semmle.label | password |
|
| main.go:62:12:62:19 | password | semmle.label | password |
|
||||||
|
| main.go:62:12:62:19 | password | semmle.label | password |
|
||||||
|
| main.go:65:13:65:20 | password | semmle.label | password |
|
||||||
| main.go:65:13:65:20 | password | semmle.label | password |
|
| main.go:65:13:65:20 | password | semmle.label | password |
|
||||||
| main.go:68:11:68:18 | password | semmle.label | password |
|
| main.go:68:11:68:18 | password | semmle.label | password |
|
||||||
|
| main.go:68:11:68:18 | password | semmle.label | password |
|
||||||
|
| main.go:71:18:71:25 | password | semmle.label | password |
|
||||||
| main.go:71:18:71:25 | password | semmle.label | password |
|
| main.go:71:18:71:25 | password | semmle.label | password |
|
||||||
| main.go:74:12:74:19 | password | semmle.label | password |
|
| main.go:74:12:74:19 | password | semmle.label | password |
|
||||||
|
| main.go:74:12:74:19 | password | semmle.label | password |
|
||||||
|
| main.go:77:13:77:20 | password | semmle.label | password |
|
||||||
| main.go:77:13:77:20 | password | semmle.label | password |
|
| main.go:77:13:77:20 | password | semmle.label | password |
|
||||||
| main.go:79:14:79:21 | password | semmle.label | password |
|
| main.go:79:14:79:21 | password | semmle.label | password |
|
||||||
| main.go:80:17:80:24 | password | semmle.label | password |
|
| main.go:80:17:80:24 | password | semmle.label | password |
|
||||||
@@ -220,43 +308,43 @@ nodes
|
|||||||
| passwords.go:27:14:27:26 | call to getPassword | semmle.label | call to getPassword |
|
| passwords.go:27:14:27:26 | call to getPassword | semmle.label | call to getPassword |
|
||||||
| passwords.go:28:14:28:28 | call to getPassword | semmle.label | call to getPassword |
|
| passwords.go:28:14:28:28 | call to getPassword | semmle.label | call to getPassword |
|
||||||
| passwords.go:30:8:30:15 | password | semmle.label | password |
|
| passwords.go:30:8:30:15 | password | semmle.label | password |
|
||||||
| passwords.go:33:13:33:20 | password | semmle.label | password |
|
| passwords.go:32:12:32:19 | password | semmle.label | password |
|
||||||
| passwords.go:36:14:36:35 | ...+... | semmle.label | ...+... |
|
| passwords.go:34:14:34:35 | ...+... | semmle.label | ...+... |
|
||||||
| passwords.go:36:28:36:35 | password | semmle.label | password |
|
| passwords.go:34:28:34:35 | password | semmle.label | password |
|
||||||
| passwords.go:38:10:40:2 | struct literal | semmle.label | struct literal |
|
| passwords.go:36:10:38:2 | struct literal | semmle.label | struct literal |
|
||||||
| passwords.go:39:13:39:13 | x | semmle.label | x |
|
| passwords.go:37:13:37:13 | x | semmle.label | x |
|
||||||
| passwords.go:41:14:41:17 | obj1 | semmle.label | obj1 |
|
| passwords.go:39:14:39:17 | obj1 | semmle.label | obj1 |
|
||||||
| passwords.go:43:10:45:2 | struct literal | semmle.label | struct literal |
|
| passwords.go:41:10:43:2 | struct literal | semmle.label | struct literal |
|
||||||
| passwords.go:44:6:44:13 | password | semmle.label | password |
|
| passwords.go:42:6:42:13 | password | semmle.label | password |
|
||||||
| passwords.go:46:14:46:17 | obj2 | semmle.label | obj2 |
|
| passwords.go:44:14:44:17 | obj2 | semmle.label | obj2 |
|
||||||
| passwords.go:50:11:50:18 | password | semmle.label | password |
|
| passwords.go:48:11:48:18 | password | semmle.label | password |
|
||||||
| passwords.go:52:2:52:15 | definition of fixed_password | semmle.label | definition of fixed_password |
|
| passwords.go:50:2:50:15 | definition of fixed_password | semmle.label | definition of fixed_password |
|
||||||
| passwords.go:53:14:53:27 | fixed_password | semmle.label | fixed_password |
|
| passwords.go:51:14:51:27 | fixed_password | semmle.label | fixed_password |
|
||||||
| passwords.go:88:19:90:2 | struct literal | semmle.label | struct literal |
|
| passwords.go:86:19:88:2 | struct literal | semmle.label | struct literal |
|
||||||
| passwords.go:89:16:89:36 | call to make | semmle.label | call to make |
|
| passwords.go:87:16:87:36 | call to make | semmle.label | call to make |
|
||||||
| passwords.go:91:14:91:26 | utilityObject | semmle.label | utilityObject |
|
| passwords.go:89:14:89:26 | utilityObject | semmle.label | utilityObject |
|
||||||
| passwords.go:94:23:94:28 | secret | semmle.label | secret |
|
| passwords.go:92:23:92:28 | secret | semmle.label | secret |
|
||||||
| passwords.go:104:15:104:40 | ...+... | semmle.label | ...+... |
|
| passwords.go:102:15:102:40 | ...+... | semmle.label | ...+... |
|
||||||
| passwords.go:104:33:104:40 | password | semmle.label | password |
|
| passwords.go:102:33:102:40 | password | semmle.label | password |
|
||||||
| passwords.go:110:16:110:41 | ...+... | semmle.label | ...+... |
|
| passwords.go:108:16:108:41 | ...+... | semmle.label | ...+... |
|
||||||
| passwords.go:110:34:110:41 | password | semmle.label | password |
|
| passwords.go:108:34:108:41 | password | semmle.label | password |
|
||||||
| passwords.go:115:15:115:40 | ...+... | semmle.label | ...+... |
|
| passwords.go:113:15:113:40 | ...+... | semmle.label | ...+... |
|
||||||
| passwords.go:115:33:115:40 | password | semmle.label | password |
|
| passwords.go:113:33:113:40 | password | semmle.label | password |
|
||||||
| passwords.go:118:6:118:14 | definition of password1 | semmle.label | definition of password1 |
|
| passwords.go:116:6:116:14 | definition of password1 | semmle.label | definition of password1 |
|
||||||
| passwords.go:119:14:119:45 | ...+... | semmle.label | ...+... |
|
| passwords.go:117:14:117:45 | ...+... | semmle.label | ...+... |
|
||||||
| passwords.go:119:28:119:36 | password1 | semmle.label | password1 |
|
| passwords.go:117:28:117:36 | password1 | semmle.label | password1 |
|
||||||
| passwords.go:119:28:119:45 | call to String | semmle.label | call to String |
|
| passwords.go:117:28:117:45 | call to String | semmle.label | call to String |
|
||||||
| passwords.go:122:12:127:2 | struct literal | semmle.label | struct literal |
|
| passwords.go:120:12:125:2 | struct literal | semmle.label | struct literal |
|
||||||
| passwords.go:122:12:127:2 | struct literal [x] | semmle.label | struct literal [x] |
|
| passwords.go:120:12:125:2 | struct literal [x] | semmle.label | struct literal [x] |
|
||||||
| passwords.go:122:12:127:2 | struct literal [y] | semmle.label | struct literal [y] |
|
| passwords.go:120:12:125:2 | struct literal [y] | semmle.label | struct literal [y] |
|
||||||
| passwords.go:123:13:123:14 | x3 | semmle.label | x3 |
|
| passwords.go:121:13:121:14 | x3 | semmle.label | x3 |
|
||||||
| passwords.go:125:13:125:20 | password | semmle.label | password |
|
| passwords.go:123:13:123:20 | password | semmle.label | password |
|
||||||
| passwords.go:126:13:126:25 | call to getPassword | semmle.label | call to getPassword |
|
| passwords.go:124:13:124:25 | call to getPassword | semmle.label | call to getPassword |
|
||||||
| passwords.go:129:14:129:19 | config | semmle.label | config |
|
| passwords.go:127:14:127:19 | config | semmle.label | config |
|
||||||
| passwords.go:130:14:130:19 | config [x] | semmle.label | config [x] |
|
| passwords.go:128:14:128:19 | config [x] | semmle.label | config [x] |
|
||||||
| passwords.go:130:14:130:21 | selection of x | semmle.label | selection of x |
|
| passwords.go:128:14:128:21 | selection of x | semmle.label | selection of x |
|
||||||
| passwords.go:131:14:131:19 | config [y] | semmle.label | config [y] |
|
| passwords.go:129:14:129:19 | config [y] | semmle.label | config [y] |
|
||||||
| passwords.go:131:14:131:21 | selection of y | semmle.label | selection of y |
|
| passwords.go:129:14:129:21 | selection of y | semmle.label | selection of y |
|
||||||
| protobuf.go:9:2:9:9 | definition of password | semmle.label | definition of password |
|
| protobuf.go:9:2:9:9 | definition of password | semmle.label | definition of password |
|
||||||
| protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | semmle.label | implicit dereference [postupdate] [Description] |
|
| protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | semmle.label | implicit dereference [postupdate] [Description] |
|
||||||
| protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | semmle.label | query [postupdate] [pointer, Description] |
|
| protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | semmle.label | query [postupdate] [pointer, Description] |
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ func redact(kind, value string) string {
|
|||||||
return value
|
return value
|
||||||
}
|
}
|
||||||
|
|
||||||
func test(selector int) {
|
func test() {
|
||||||
name := "user"
|
name := "user"
|
||||||
password := "P@ssw0rd" // $ Source
|
password := "P@ssw0rd" // $ Source
|
||||||
x := "horsebatterystapleincorrect"
|
x := "horsebatterystapleincorrect"
|
||||||
@@ -29,9 +29,7 @@ func test(selector int) {
|
|||||||
|
|
||||||
myLog(password)
|
myLog(password)
|
||||||
|
|
||||||
if selector == 1 {
|
log.Panic(password) // $ Alert
|
||||||
log.Panic(password) // $ Alert
|
|
||||||
}
|
|
||||||
|
|
||||||
log.Println(name + ", " + password) // $ Alert
|
log.Println(name + ", " + password) // $ Alert
|
||||||
|
|
||||||
|
|||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: minorAnalysis
|
|
||||||
---
|
|
||||||
* Improved modeling of Apache HttpClient `execute` method sinks for `java/ssrf` and `java/non-https-url`.
|
|
||||||
@@ -11,7 +11,7 @@ extensions:
|
|||||||
- ["org.apache.http.client.methods", "HttpPost", False, "HttpPost", "", "", "Argument[0]", "request-forgery", "manual"]
|
- ["org.apache.http.client.methods", "HttpPost", False, "HttpPost", "", "", "Argument[0]", "request-forgery", "manual"]
|
||||||
- ["org.apache.http.client.methods", "HttpPut", False, "HttpPut", "", "", "Argument[0]", "request-forgery", "manual"]
|
- ["org.apache.http.client.methods", "HttpPut", False, "HttpPut", "", "", "Argument[0]", "request-forgery", "manual"]
|
||||||
- ["org.apache.http.client.methods", "HttpRequestBase", True, "setURI", "", "", "Argument[0]", "request-forgery", "manual"]
|
- ["org.apache.http.client.methods", "HttpRequestBase", True, "setURI", "", "", "Argument[0]", "request-forgery", "manual"]
|
||||||
- ["org.apache.http.client.methods", "HttpRequestWrapper", True, "setURI", "(URI)", "", "Argument[0]", "request-forgery", "ai-manual"]
|
- ["org.apache.http.client.methods", "HttpRequestWrapper", True, "setURI", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"]
|
||||||
- ["org.apache.http.client.methods", "HttpTrace", False, "HttpTrace", "", "", "Argument[0]", "request-forgery", "manual"]
|
- ["org.apache.http.client.methods", "HttpTrace", False, "HttpTrace", "", "", "Argument[0]", "request-forgery", "manual"]
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", False, "delete", "", "", "Argument[0]", "request-forgery", "manual"]
|
- ["org.apache.http.client.methods", "RequestBuilder", False, "delete", "", "", "Argument[0]", "request-forgery", "manual"]
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", False, "get", "", "", "Argument[0]", "request-forgery", "manual"]
|
- ["org.apache.http.client.methods", "RequestBuilder", False, "get", "", "", "Argument[0]", "request-forgery", "manual"]
|
||||||
@@ -22,29 +22,3 @@ extensions:
|
|||||||
- ["org.apache.http.client.methods", "RequestBuilder", False, "put", "", "", "Argument[0]", "request-forgery", "manual"]
|
- ["org.apache.http.client.methods", "RequestBuilder", False, "put", "", "", "Argument[0]", "request-forgery", "manual"]
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", False, "setUri", "", "", "Argument[0]", "request-forgery", "manual"]
|
- ["org.apache.http.client.methods", "RequestBuilder", False, "setUri", "", "", "Argument[0]", "request-forgery", "manual"]
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", False, "trace", "", "", "Argument[0]", "request-forgery", "manual"]
|
- ["org.apache.http.client.methods", "RequestBuilder", False, "trace", "", "", "Argument[0]", "request-forgery", "manual"]
|
||||||
- addsTo:
|
|
||||||
pack: codeql/java-all
|
|
||||||
extensible: summaryModel
|
|
||||||
data:
|
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", True, "build", "()", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"]
|
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", True, "delete", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
|
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", True, "delete", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
|
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", True, "get", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
|
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", True, "get", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
|
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", True, "getUri", "()", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"]
|
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", True, "head", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
|
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", True, "head", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
|
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", True, "options", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
|
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", True, "options", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
|
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", True, "patch", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
|
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", True, "patch", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
|
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", True, "post", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
|
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", True, "post", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
|
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", True, "put", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
|
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", True, "put", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
|
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", True, "setUri", "(String)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"]
|
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", True, "setUri", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
|
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", True, "setUri", "(URI)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"]
|
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", True, "setUri", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
|
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", True, "trace", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
|
|
||||||
- ["org.apache.http.client.methods", "RequestBuilder", True, "trace", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
|
|
||||||
|
|||||||
@@ -3,11 +3,6 @@ extensions:
|
|||||||
pack: codeql/java-all
|
pack: codeql/java-all
|
||||||
extensible: sinkModel
|
extensible: sinkModel
|
||||||
data:
|
data:
|
||||||
- ["org.apache.http.client", "HttpClient", True, "execute", "(HttpHost,HttpRequest)", "", "Argument[0]", "request-forgery", "ai-manual"]
|
|
||||||
- ["org.apache.http.client", "HttpClient", True, "execute", "(HttpHost,HttpRequest,HttpContext)", "", "Argument[0]", "request-forgery", "ai-manual"]
|
|
||||||
- ["org.apache.http.client", "HttpClient", True, "execute", "(HttpHost,HttpRequest,ResponseHandler)", "", "Argument[0]", "request-forgery", "ai-manual"]
|
|
||||||
- ["org.apache.http.client", "HttpClient", True, "execute", "(HttpHost,HttpRequest,ResponseHandler,HttpContext)", "", "Argument[0]", "request-forgery", "ai-manual"]
|
|
||||||
- ["org.apache.http.client", "HttpClient", True, "execute", "(HttpUriRequest)", "", "Argument[0]", "request-forgery", "ai-manual"]
|
|
||||||
- ["org.apache.http.client", "HttpClient", True, "execute", "(HttpUriRequest,HttpContext)", "", "Argument[0]", "request-forgery", "ai-manual"]
|
- ["org.apache.http.client", "HttpClient", True, "execute", "(HttpUriRequest,HttpContext)", "", "Argument[0]", "request-forgery", "ai-manual"]
|
||||||
- ["org.apache.http.client", "HttpClient", True, "execute", "(HttpUriRequest,ResponseHandler)", "", "Argument[0]", "request-forgery", "ai-manual"]
|
|
||||||
- ["org.apache.http.client", "HttpClient", True, "execute", "(HttpUriRequest,ResponseHandler,HttpContext)", "", "Argument[0]", "request-forgery", "ai-manual"]
|
- ["org.apache.http.client", "HttpClient", True, "execute", "(HttpUriRequest,ResponseHandler,HttpContext)", "", "Argument[0]", "request-forgery", "ai-manual"]
|
||||||
|
- ["org.apache.http.client", "HttpClient", True, "execute", "(HttpUriRequest)", "", "Argument[0]", "request-forgery", "ai-manual"]
|
||||||
|
|||||||
@@ -4,33 +4,67 @@
|
|||||||
overlay[local?]
|
overlay[local?]
|
||||||
module;
|
module;
|
||||||
|
|
||||||
private import java as J
|
private import internal.rangeanalysis.BoundSpecific
|
||||||
private import semmle.code.java.dataflow.SSA
|
|
||||||
private import semmle.code.java.dataflow.RangeUtils as RU
|
|
||||||
private import codeql.rangeanalysis.Bound as SharedBound
|
|
||||||
|
|
||||||
private module BoundDefs implements SharedBound::BoundDefinitions<J::Location> {
|
private newtype TBound =
|
||||||
class SsaVariable extends Ssa::SsaDefinition {
|
TBoundZero() or
|
||||||
/** Gets a use of this variable. */
|
TBoundSsa(SsaVariable v) { v.getSourceVariable().getType() instanceof IntegralType } or
|
||||||
Expr getAUse() { result = super.getARead() }
|
TBoundExpr(Expr e) {
|
||||||
|
interestingExprBound(e) and
|
||||||
|
not exists(SsaVariable v | e = v.getAUse())
|
||||||
}
|
}
|
||||||
|
|
||||||
class SsaSourceVariable = Ssa::SourceVariable;
|
/**
|
||||||
|
* A bound that may be inferred for an expression plus/minus an integer delta.
|
||||||
|
*/
|
||||||
|
abstract class Bound extends TBound {
|
||||||
|
/** Gets a textual representation of this bound. */
|
||||||
|
abstract string toString();
|
||||||
|
|
||||||
class Type = J::Type;
|
/** Gets an expression that equals this bound plus `delta`. */
|
||||||
|
abstract Expr getExpr(int delta);
|
||||||
|
|
||||||
class Expr = J::Expr;
|
/** Gets an expression that equals this bound. */
|
||||||
|
Expr getExpr() { result = this.getExpr(0) }
|
||||||
|
|
||||||
class IntegralType = J::IntegralType;
|
/** Gets the location of this bound. */
|
||||||
|
abstract Location getLocation();
|
||||||
class ConstantIntegerExpr = RU::ConstantIntegerExpr;
|
|
||||||
|
|
||||||
/** Holds if `e` is a bound expression and it is not an SSA variable read. */
|
|
||||||
predicate interestingExprBound(Expr e) {
|
|
||||||
e.(J::FieldRead).getField() instanceof J::ArrayLengthField
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
module BoundImpl = SharedBound::Bound<J::Location, BoundDefs>;
|
/**
|
||||||
|
* The bound that corresponds to the integer 0. This is used to represent all
|
||||||
|
* integer bounds as bounds are always accompanied by an added integer delta.
|
||||||
|
*/
|
||||||
|
class ZeroBound extends Bound, TBoundZero {
|
||||||
|
override string toString() { result = "0" }
|
||||||
|
|
||||||
import BoundImpl
|
override Expr getExpr(int delta) { result.(ConstantIntegerExpr).getIntValue() = delta }
|
||||||
|
|
||||||
|
override Location getLocation() { result.hasLocationInfo("", 0, 0, 0, 0) }
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A bound corresponding to the value of an SSA variable.
|
||||||
|
*/
|
||||||
|
class SsaBound extends Bound, TBoundSsa {
|
||||||
|
/** Gets the SSA variable that equals this bound. */
|
||||||
|
SsaVariable getSsa() { this = TBoundSsa(result) }
|
||||||
|
|
||||||
|
override string toString() { result = this.getSsa().toString() }
|
||||||
|
|
||||||
|
override Expr getExpr(int delta) { result = this.getSsa().getAUse() and delta = 0 }
|
||||||
|
|
||||||
|
override Location getLocation() { result = this.getSsa().getLocation() }
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A bound that corresponds to the value of a specific expression that might be
|
||||||
|
* interesting, but isn't otherwise represented by the value of an SSA variable.
|
||||||
|
*/
|
||||||
|
class ExprBound extends Bound, TBoundExpr {
|
||||||
|
override string toString() { result = this.getExpr().toString() }
|
||||||
|
|
||||||
|
override Expr getExpr(int delta) { this = TBoundExpr(result) and delta = 0 }
|
||||||
|
|
||||||
|
override Location getLocation() { result = this.getExpr().getLocation() }
|
||||||
|
}
|
||||||
|
|||||||
@@ -0,0 +1,27 @@
|
|||||||
|
/**
|
||||||
|
* Provides Java-specific definitions for bounds.
|
||||||
|
*/
|
||||||
|
overlay[local?]
|
||||||
|
module;
|
||||||
|
|
||||||
|
private import java as J
|
||||||
|
private import semmle.code.java.dataflow.SSA as Ssa
|
||||||
|
private import semmle.code.java.dataflow.RangeUtils as RU
|
||||||
|
|
||||||
|
class SsaVariable extends Ssa::SsaDefinition {
|
||||||
|
/** Gets a use of this variable. */
|
||||||
|
Expr getAUse() { result = super.getARead() }
|
||||||
|
}
|
||||||
|
|
||||||
|
class Expr = J::Expr;
|
||||||
|
|
||||||
|
class Location = J::Location;
|
||||||
|
|
||||||
|
class IntegralType = J::IntegralType;
|
||||||
|
|
||||||
|
class ConstantIntegerExpr = RU::ConstantIntegerExpr;
|
||||||
|
|
||||||
|
/** Holds if `e` is a bound expression and it is not an SSA variable read. */
|
||||||
|
predicate interestingExprBound(Expr e) {
|
||||||
|
e.(J::FieldRead).getField() instanceof J::ArrayLengthField
|
||||||
|
}
|
||||||
@@ -1,45 +0,0 @@
|
|||||||
import java.io.IOException;
|
|
||||||
|
|
||||||
import org.apache.http.HttpHost;
|
|
||||||
import org.apache.http.HttpRequest;
|
|
||||||
import org.apache.http.client.HttpClient;
|
|
||||||
import org.apache.http.client.ResponseHandler;
|
|
||||||
import org.apache.http.client.methods.HttpUriRequest;
|
|
||||||
import org.apache.http.client.methods.RequestBuilder;
|
|
||||||
import org.apache.http.impl.client.HttpClients;
|
|
||||||
import org.apache.http.message.BasicHttpRequest;
|
|
||||||
import org.apache.http.protocol.HttpContext;
|
|
||||||
import javax.servlet.ServletException;
|
|
||||||
import javax.servlet.http.HttpServlet;
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
|
||||||
|
|
||||||
public class ApacheHttpClientExecuteSSRF extends HttpServlet {
|
|
||||||
|
|
||||||
protected void doGet(HttpServletRequest request, HttpServletResponse response)
|
|
||||||
throws ServletException, IOException {
|
|
||||||
try {
|
|
||||||
|
|
||||||
String source = request.getParameter("host"); // $ Source
|
|
||||||
|
|
||||||
HttpHost host = new HttpHost(source);
|
|
||||||
HttpRequest req = new BasicHttpRequest("GET", "/");
|
|
||||||
HttpUriRequest uriReq = RequestBuilder.get(source).build(); // $ Alert
|
|
||||||
HttpContext context = null;
|
|
||||||
HttpClient client = HttpClients.createDefault();
|
|
||||||
ResponseHandler<Object> handler = null;
|
|
||||||
|
|
||||||
client.execute(host, req); // $ Alert
|
|
||||||
client.execute(host, req, context); // $ Alert
|
|
||||||
client.execute(host, req, handler); // $ Alert
|
|
||||||
client.execute(host, req, handler, context); // $ Alert
|
|
||||||
client.execute(uriReq); // $ Alert
|
|
||||||
client.execute(uriReq, context); // $ Alert
|
|
||||||
client.execute(uriReq, handler); // $ Alert
|
|
||||||
client.execute(uriReq, handler, context); // $ Alert
|
|
||||||
|
|
||||||
} catch (Exception e) {
|
|
||||||
// TODO: handle exception
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
File diff suppressed because it is too large
Load Diff
@@ -1 +1 @@
|
|||||||
//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/javax-validation-constraints:${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/apache-http-client-4.4.13:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/apache-http-5:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jaxws-api-2.0:${testdir}/../../../stubs/apache-cxf
|
//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/javax-validation-constraints:${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/apache-http-5:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jaxws-api-2.0:${testdir}/../../../stubs/apache-cxf
|
||||||
|
|||||||
@@ -1,23 +0,0 @@
|
|||||||
// Generated automatically from org.apache.http.client.HttpClient for testing purposes
|
|
||||||
|
|
||||||
package org.apache.http.client;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import org.apache.http.HttpHost;
|
|
||||||
import org.apache.http.HttpRequest;
|
|
||||||
import org.apache.http.HttpResponse;
|
|
||||||
import org.apache.http.client.methods.HttpUriRequest;
|
|
||||||
import org.apache.http.protocol.HttpContext;
|
|
||||||
|
|
||||||
public interface HttpClient {
|
|
||||||
HttpResponse execute(HttpHost target, HttpRequest request) throws IOException;
|
|
||||||
HttpResponse execute(HttpHost target, HttpRequest request, HttpContext context) throws IOException;
|
|
||||||
<T> T execute(HttpHost target, HttpRequest request, ResponseHandler<? extends T> responseHandler) throws IOException;
|
|
||||||
<T> T execute(HttpHost target, HttpRequest request, ResponseHandler<? extends T> responseHandler, HttpContext context)
|
|
||||||
throws IOException;
|
|
||||||
HttpResponse execute(HttpUriRequest request) throws IOException;
|
|
||||||
HttpResponse execute(HttpUriRequest request, HttpContext context) throws IOException;
|
|
||||||
<T> T execute(HttpUriRequest request, ResponseHandler<? extends T> responseHandler) throws IOException;
|
|
||||||
<T> T execute(HttpUriRequest request, ResponseHandler<? extends T> responseHandler, HttpContext context)
|
|
||||||
throws IOException;
|
|
||||||
}
|
|
||||||
@@ -1,9 +0,0 @@
|
|||||||
// Generated automatically from org.apache.http.client.ResponseHandler for testing purposes
|
|
||||||
|
|
||||||
package org.apache.http.client;
|
|
||||||
|
|
||||||
import org.apache.http.HttpResponse;
|
|
||||||
|
|
||||||
public interface ResponseHandler<T> {
|
|
||||||
T handleResponse(HttpResponse response);
|
|
||||||
}
|
|
||||||
@@ -1,7 +0,0 @@
|
|||||||
package org.apache.http.impl.client;
|
|
||||||
|
|
||||||
import org.apache.http.client.HttpClient;
|
|
||||||
|
|
||||||
public abstract class CloseableHttpClient implements HttpClient {
|
|
||||||
|
|
||||||
}
|
|
||||||
@@ -1,10 +0,0 @@
|
|||||||
// Generated automatically from org.apache.http.client.HttpClient for testing purposes
|
|
||||||
|
|
||||||
package org.apache.http.impl.client;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
|
||||||
|
|
||||||
public final class HttpClients {
|
|
||||||
public static CloseableHttpClient createDefault() { return null; }
|
|
||||||
}
|
|
||||||
@@ -21,19 +21,13 @@ file_coverage_languages:
|
|||||||
scc_languages:
|
scc_languages:
|
||||||
- TypeScript
|
- TypeScript
|
||||||
- TypeScript Typings
|
- TypeScript Typings
|
||||||
- name: vue
|
|
||||||
display_name: Vue.js component
|
|
||||||
scc_languages:
|
|
||||||
- Vue
|
|
||||||
github_api_languages:
|
github_api_languages:
|
||||||
- JavaScript
|
- JavaScript
|
||||||
- TypeScript
|
- TypeScript
|
||||||
- Vue
|
|
||||||
scc_languages:
|
scc_languages:
|
||||||
- JavaScript
|
- JavaScript
|
||||||
- TypeScript
|
- TypeScript
|
||||||
- TypeScript Typings
|
- TypeScript Typings
|
||||||
- Vue
|
|
||||||
file_types:
|
file_types:
|
||||||
- name: javascript
|
- name: javascript
|
||||||
display_name: JavaScript
|
display_name: JavaScript
|
||||||
|
|||||||
@@ -213,9 +213,11 @@ class ExprWithPointsTo extends Expr {
|
|||||||
* Gets what this expression might "refer-to" in the given `context`.
|
* Gets what this expression might "refer-to" in the given `context`.
|
||||||
*/
|
*/
|
||||||
predicate refersTo(Context context, Object obj, ClassObject cls, AstNode origin) {
|
predicate refersTo(Context context, Object obj, ClassObject cls, AstNode origin) {
|
||||||
this.getAFlowNode()
|
exists(ControlFlowNode this_, ControlFlowNode origin_ |
|
||||||
.(ControlFlowNodeWithPointsTo)
|
this_.getNode() = this and origin_.getNode() = origin
|
||||||
.refersTo(context, obj, cls, origin.getAFlowNode())
|
|
|
||||||
|
this_.(ControlFlowNodeWithPointsTo).refersTo(context, obj, cls, origin_)
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -226,7 +228,11 @@ class ExprWithPointsTo extends Expr {
|
|||||||
*/
|
*/
|
||||||
pragma[nomagic]
|
pragma[nomagic]
|
||||||
predicate refersTo(Object obj, AstNode origin) {
|
predicate refersTo(Object obj, AstNode origin) {
|
||||||
this.getAFlowNode().(ControlFlowNodeWithPointsTo).refersTo(obj, origin.getAFlowNode())
|
exists(ControlFlowNode this_, ControlFlowNode origin_ |
|
||||||
|
this_.getNode() = this and origin_.getNode() = origin
|
||||||
|
|
|
||||||
|
this_.(ControlFlowNodeWithPointsTo).refersTo(obj, origin_)
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -240,16 +246,22 @@ class ExprWithPointsTo extends Expr {
|
|||||||
* in the given `context`.
|
* in the given `context`.
|
||||||
*/
|
*/
|
||||||
predicate pointsTo(Context context, Value value, AstNode origin) {
|
predicate pointsTo(Context context, Value value, AstNode origin) {
|
||||||
this.getAFlowNode()
|
exists(ControlFlowNode this_, ControlFlowNode origin_ |
|
||||||
.(ControlFlowNodeWithPointsTo)
|
this_.getNode() = this and origin_.getNode() = origin
|
||||||
.pointsTo(context, value, origin.getAFlowNode())
|
|
|
||||||
|
this_.(ControlFlowNodeWithPointsTo).pointsTo(context, value, origin_)
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds if this expression might "point-to" to `value` which is from `origin`.
|
* Holds if this expression might "point-to" to `value` which is from `origin`.
|
||||||
*/
|
*/
|
||||||
predicate pointsTo(Value value, AstNode origin) {
|
predicate pointsTo(Value value, AstNode origin) {
|
||||||
this.getAFlowNode().(ControlFlowNodeWithPointsTo).pointsTo(value, origin.getAFlowNode())
|
exists(ControlFlowNode this_, ControlFlowNode origin_ |
|
||||||
|
this_.getNode() = this and origin_.getNode() = origin
|
||||||
|
|
|
||||||
|
this_.(ControlFlowNodeWithPointsTo).pointsTo(value, origin_)
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -475,7 +487,10 @@ class FunctionMetricsWithPointsTo extends FunctionMetrics {
|
|||||||
not non_coupling_method(result) and
|
not non_coupling_method(result) and
|
||||||
exists(Call call | call.getScope() = this |
|
exists(Call call | call.getScope() = this |
|
||||||
exists(FunctionObject callee | callee.getFunction() = result |
|
exists(FunctionObject callee | callee.getFunction() = result |
|
||||||
call.getAFlowNode().getFunction().(ControlFlowNodeWithPointsTo).refersTo(callee)
|
exists(CallNode call_ |
|
||||||
|
call_.getNode() = call and
|
||||||
|
call_.getFunction().(ControlFlowNodeWithPointsTo).refersTo(callee)
|
||||||
|
)
|
||||||
)
|
)
|
||||||
or
|
or
|
||||||
exists(Attribute a | call.getFunc() = a |
|
exists(Attribute a | call.getFunc() = a |
|
||||||
|
|||||||
@@ -64,7 +64,7 @@ private predicate jump_to_defn(ControlFlowNode use, Definition defn) {
|
|||||||
private predicate preferred_jump_to_defn(Expr use, Definition def) {
|
private predicate preferred_jump_to_defn(Expr use, Definition def) {
|
||||||
not use instanceof ClassExpr and
|
not use instanceof ClassExpr and
|
||||||
not use instanceof FunctionExpr and
|
not use instanceof FunctionExpr and
|
||||||
jump_to_defn(use.getAFlowNode(), def)
|
exists(ControlFlowNode useNode | useNode.getNode() = use | jump_to_defn(useNode, def))
|
||||||
}
|
}
|
||||||
|
|
||||||
private predicate unique_jump_to_defn(Expr use, Definition def) {
|
private predicate unique_jump_to_defn(Expr use, Definition def) {
|
||||||
@@ -452,7 +452,7 @@ private predicate self_parameter_jump_to_defn_attribute(
|
|||||||
* This exists primarily for testing use `getPreferredDefinition()` instead.
|
* This exists primarily for testing use `getPreferredDefinition()` instead.
|
||||||
*/
|
*/
|
||||||
Definition getADefinition(Expr use) {
|
Definition getADefinition(Expr use) {
|
||||||
jump_to_defn(use.getAFlowNode(), result) and
|
exists(ControlFlowNode useNode | useNode.getNode() = use | jump_to_defn(useNode, result)) and
|
||||||
not use instanceof Call and
|
not use instanceof Call and
|
||||||
not use.isArtificial() and
|
not use.isArtificial() and
|
||||||
// Not the use itself
|
// Not the use itself
|
||||||
|
|||||||
@@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
category: deprecated
|
||||||
|
---
|
||||||
|
* The `AstNode.getAFlowNode()` predicate has been deprecated. Use `ControlFlowNode.getNode()` from the other direction instead: replace `e.getAFlowNode() = n` with `n.getNode() = e`. This is a preparatory step towards migrating the dataflow library off the legacy CFG; it has no semantic effect.
|
||||||
|
|
||||||
@@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
category: minorAnalysis
|
||||||
|
---
|
||||||
|
* Simplified the internal predicates that detect `@staticmethod`, `@classmethod` and `@property` decorators to match the decorator's AST `Name` directly, rather than going through the CFG and requiring the name to resolve globally. Code that shadows these three builtin decorators at the module-scope will now be classified by the decorator name alone; in practice, shadowing these names is extremely rare and the call-graph results are unchanged.
|
||||||
@@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
category: deprecated
|
||||||
|
---
|
||||||
|
* The `Function.getAReturnValueFlowNode()` predicate has been deprecated. Bind a `Return` node explicitly instead — `exists(Return ret | ret.getScope() = f and n.getNode() = ret.getValue())`. This is a preparatory step towards migrating the dataflow library off the legacy CFG; it has no semantic effect.
|
||||||
@@ -16,21 +16,26 @@ abstract class AstNode extends AstNode_ {
|
|||||||
/** Gets the scope that this node occurs in */
|
/** Gets the scope that this node occurs in */
|
||||||
abstract Scope getScope();
|
abstract Scope getScope();
|
||||||
|
|
||||||
/**
|
|
||||||
* Gets a flow node corresponding directly to this node.
|
|
||||||
* NOTE: For some statements and other purely syntactic elements,
|
|
||||||
* there may not be a `ControlFlowNode`
|
|
||||||
*/
|
|
||||||
cached
|
|
||||||
ControlFlowNode getAFlowNode() {
|
|
||||||
Stages::AST::ref() and
|
|
||||||
py_flow_bb_node(result, this, _, _)
|
|
||||||
}
|
|
||||||
|
|
||||||
/** Gets the location for this AST node */
|
/** Gets the location for this AST node */
|
||||||
cached
|
cached
|
||||||
Location getLocation() { none() }
|
Location getLocation() { none() }
|
||||||
|
|
||||||
|
/**
|
||||||
|
* DEPRECATED: use `ControlFlowNode.getNode()` from the other direction instead;
|
||||||
|
* that is, replace `e.getAFlowNode() = n` with `n.getNode() = e`. This API is
|
||||||
|
* being removed to untangle the AST and CFG hierarchies in preparation for
|
||||||
|
* migrating the dataflow library off the legacy CFG.
|
||||||
|
*
|
||||||
|
* Gets a flow node corresponding directly to this node.
|
||||||
|
* NOTE: For some statements and other purely syntactic elements,
|
||||||
|
* there may not be a `ControlFlowNode`.
|
||||||
|
*/
|
||||||
|
cached
|
||||||
|
deprecated ControlFlowNode getAFlowNode() {
|
||||||
|
Stages::AST::ref() and
|
||||||
|
py_flow_bb_node(result, this, _, _)
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Whether this syntactic element is artificial, that is it is generated
|
* Whether this syntactic element is artificial, that is it is generated
|
||||||
* by the compiler and is not present in the source
|
* by the compiler and is not present in the source
|
||||||
|
|||||||
@@ -28,7 +28,9 @@ class Expr extends Expr_, AstNode {
|
|||||||
/** Whether this expression may have a side effect (as determined purely from its syntax) */
|
/** Whether this expression may have a side effect (as determined purely from its syntax) */
|
||||||
predicate hasSideEffects() {
|
predicate hasSideEffects() {
|
||||||
/* If an exception raised by this expression handled, count that as a side effect */
|
/* If an exception raised by this expression handled, count that as a side effect */
|
||||||
this.getAFlowNode().getASuccessor().getNode() instanceof ExceptStmt
|
exists(ControlFlowNode n | n.getNode() = this |
|
||||||
|
n.getASuccessor().getNode() instanceof ExceptStmt
|
||||||
|
)
|
||||||
or
|
or
|
||||||
this.getASubExpression().hasSideEffects()
|
this.getASubExpression().hasSideEffects()
|
||||||
}
|
}
|
||||||
@@ -68,8 +70,6 @@ class Attribute extends Attribute_ {
|
|||||||
/* syntax: Expr.name */
|
/* syntax: Expr.name */
|
||||||
override Expr getASubExpression() { result = this.getObject() }
|
override Expr getASubExpression() { result = this.getObject() }
|
||||||
|
|
||||||
override AttrNode getAFlowNode() { result = super.getAFlowNode() }
|
|
||||||
|
|
||||||
/** Gets the name of this attribute. That is the `name` in `obj.name` */
|
/** Gets the name of this attribute. That is the `name` in `obj.name` */
|
||||||
string getName() { result = Attribute_.super.getAttr() }
|
string getName() { result = Attribute_.super.getAttr() }
|
||||||
|
|
||||||
@@ -96,8 +96,6 @@ class Subscript extends Subscript_ {
|
|||||||
}
|
}
|
||||||
|
|
||||||
Expr getObject() { result = Subscript_.super.getValue() }
|
Expr getObject() { result = Subscript_.super.getValue() }
|
||||||
|
|
||||||
override SubscriptNode getAFlowNode() { result = super.getAFlowNode() }
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/** A call expression, such as `func(...)` */
|
/** A call expression, such as `func(...)` */
|
||||||
@@ -113,8 +111,6 @@ class Call extends Call_ {
|
|||||||
|
|
||||||
override string toString() { result = this.getFunc().toString() + "()" }
|
override string toString() { result = this.getFunc().toString() + "()" }
|
||||||
|
|
||||||
override CallNode getAFlowNode() { result = super.getAFlowNode() }
|
|
||||||
|
|
||||||
/** Gets a tuple (*) argument of this call. */
|
/** Gets a tuple (*) argument of this call. */
|
||||||
Expr getStarargs() { result = this.getAPositionalArg().(Starred).getValue() }
|
Expr getStarargs() { result = this.getAPositionalArg().(Starred).getValue() }
|
||||||
|
|
||||||
@@ -200,8 +196,6 @@ class IfExp extends IfExp_ {
|
|||||||
override Expr getASubExpression() {
|
override Expr getASubExpression() {
|
||||||
result = this.getTest() or result = this.getBody() or result = this.getOrelse()
|
result = this.getTest() or result = this.getBody() or result = this.getOrelse()
|
||||||
}
|
}
|
||||||
|
|
||||||
override IfExprNode getAFlowNode() { result = super.getAFlowNode() }
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/** A starred expression, such as the `*rest` in the assignment `first, *rest = seq` */
|
/** A starred expression, such as the `*rest` in the assignment `first, *rest = seq` */
|
||||||
@@ -410,8 +404,6 @@ class PlaceHolder extends PlaceHolder_ {
|
|||||||
override Expr getASubExpression() { none() }
|
override Expr getASubExpression() { none() }
|
||||||
|
|
||||||
override string toString() { result = "$" + this.getId() }
|
override string toString() { result = "$" + this.getId() }
|
||||||
|
|
||||||
override NameNode getAFlowNode() { result = super.getAFlowNode() }
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/** A tuple expression such as `( 1, 3, 5, 7, 9 )` */
|
/** A tuple expression such as `( 1, 3, 5, 7, 9 )` */
|
||||||
@@ -478,8 +470,6 @@ class Name extends Name_ {
|
|||||||
|
|
||||||
override string toString() { result = this.getId() }
|
override string toString() { result = this.getId() }
|
||||||
|
|
||||||
override NameNode getAFlowNode() { result = super.getAFlowNode() }
|
|
||||||
|
|
||||||
override predicate isArtificial() {
|
override predicate isArtificial() {
|
||||||
/* Artificial variable names in comprehensions all start with "." */
|
/* Artificial variable names in comprehensions all start with "." */
|
||||||
this.getId().charAt(0) = "."
|
this.getId().charAt(0) = "."
|
||||||
@@ -585,8 +575,6 @@ abstract class NameConstant extends Name, ImmutableLiteral {
|
|||||||
|
|
||||||
override predicate isConstant() { any() }
|
override predicate isConstant() { any() }
|
||||||
|
|
||||||
override NameConstantNode getAFlowNode() { result = Name.super.getAFlowNode() }
|
|
||||||
|
|
||||||
override predicate isArtificial() { none() }
|
override predicate isArtificial() { none() }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -555,27 +555,27 @@ class DefinitionNode extends ControlFlowNode {
|
|||||||
cached
|
cached
|
||||||
DefinitionNode() {
|
DefinitionNode() {
|
||||||
Stages::AST::ref() and
|
Stages::AST::ref() and
|
||||||
exists(Assign a | a.getATarget().getAFlowNode() = this)
|
exists(Assign a | this.getNode() = a.getATarget())
|
||||||
or
|
or
|
||||||
exists(AssignExpr a | a.getTarget().getAFlowNode() = this)
|
exists(AssignExpr a | this.getNode() = a.getTarget())
|
||||||
or
|
or
|
||||||
exists(AnnAssign a | a.getTarget().getAFlowNode() = this and exists(a.getValue()))
|
exists(AnnAssign a | this.getNode() = a.getTarget() and exists(a.getValue()))
|
||||||
or
|
or
|
||||||
exists(Alias a | a.getAsname().getAFlowNode() = this)
|
exists(Alias a | this.getNode() = a.getAsname())
|
||||||
or
|
or
|
||||||
augstore(_, this)
|
augstore(_, this)
|
||||||
or
|
or
|
||||||
// `x, y = 1, 2` where LHS is a combination of list or tuples
|
// `x, y = 1, 2` where LHS is a combination of list or tuples
|
||||||
exists(Assign a | list_or_tuple_nested_element(a.getATarget()).getAFlowNode() = this)
|
exists(Assign a | this.getNode() = list_or_tuple_nested_element(a.getATarget()))
|
||||||
or
|
or
|
||||||
exists(For for | for.getTarget().getAFlowNode() = this)
|
exists(For for | this.getNode() = for.getTarget())
|
||||||
or
|
or
|
||||||
exists(Parameter param | this = param.asName().getAFlowNode() and exists(param.getDefault()))
|
exists(Parameter param | this.getNode() = param.asName() and exists(param.getDefault()))
|
||||||
}
|
}
|
||||||
|
|
||||||
/** flow node corresponding to the value assigned for the definition corresponding to this flow node */
|
/** flow node corresponding to the value assigned for the definition corresponding to this flow node */
|
||||||
ControlFlowNode getValue() {
|
ControlFlowNode getValue() {
|
||||||
result = assigned_value(this.getNode()).getAFlowNode() and
|
result.getNode() = assigned_value(this.getNode()) and
|
||||||
(
|
(
|
||||||
result.getBasicBlock().dominates(this.getBasicBlock())
|
result.getBasicBlock().dominates(this.getBasicBlock())
|
||||||
or
|
or
|
||||||
@@ -584,7 +584,7 @@ class DefinitionNode extends ControlFlowNode {
|
|||||||
// since the default value for a parameter is evaluated in the same basic block as
|
// since the default value for a parameter is evaluated in the same basic block as
|
||||||
// the function definition, but the parameter belongs to the basic block of the function,
|
// the function definition, but the parameter belongs to the basic block of the function,
|
||||||
// there is no dominance relationship between the two.
|
// there is no dominance relationship between the two.
|
||||||
exists(Parameter param | this = param.asName().getAFlowNode())
|
exists(Parameter param | this.getNode() = param.asName())
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -901,7 +901,7 @@ class ExceptFlowNode extends ControlFlowNode {
|
|||||||
exists(ExceptStmt ex |
|
exists(ExceptStmt ex |
|
||||||
this.getBasicBlock().dominates(result.getBasicBlock()) and
|
this.getBasicBlock().dominates(result.getBasicBlock()) and
|
||||||
ex = this.getNode() and
|
ex = this.getNode() and
|
||||||
result = ex.getType().getAFlowNode()
|
result.getNode() = ex.getType()
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -913,7 +913,7 @@ class ExceptFlowNode extends ControlFlowNode {
|
|||||||
exists(ExceptStmt ex |
|
exists(ExceptStmt ex |
|
||||||
this.getBasicBlock().dominates(result.getBasicBlock()) and
|
this.getBasicBlock().dominates(result.getBasicBlock()) and
|
||||||
ex = this.getNode() and
|
ex = this.getNode() and
|
||||||
result = ex.getName().getAFlowNode()
|
result.getNode() = ex.getName()
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -928,7 +928,7 @@ class ExceptGroupFlowNode extends ControlFlowNode {
|
|||||||
*/
|
*/
|
||||||
ControlFlowNode getType() {
|
ControlFlowNode getType() {
|
||||||
this.getBasicBlock().dominates(result.getBasicBlock()) and
|
this.getBasicBlock().dominates(result.getBasicBlock()) and
|
||||||
result = this.getNode().(ExceptGroupStmt).getType().getAFlowNode()
|
result.getNode() = this.getNode().(ExceptGroupStmt).getType()
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -937,7 +937,7 @@ class ExceptGroupFlowNode extends ControlFlowNode {
|
|||||||
*/
|
*/
|
||||||
ControlFlowNode getName() {
|
ControlFlowNode getName() {
|
||||||
this.getBasicBlock().dominates(result.getBasicBlock()) and
|
this.getBasicBlock().dominates(result.getBasicBlock()) and
|
||||||
result = this.getNode().(ExceptGroupStmt).getName().getAFlowNode()
|
result.getNode() = this.getNode().(ExceptGroupStmt).getName()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -153,8 +153,16 @@ class Function extends Function_, Scope, AstNode {
|
|||||||
|
|
||||||
override predicate contains(AstNode inner) { Scope.super.contains(inner) }
|
override predicate contains(AstNode inner) { Scope.super.contains(inner) }
|
||||||
|
|
||||||
/** Gets a control flow node for a return value of this function */
|
/**
|
||||||
ControlFlowNode getAReturnValueFlowNode() {
|
* DEPRECATED: bind a `Return` node explicitly instead, e.g.
|
||||||
|
* `exists(Return ret | ret.getScope() = this and n.getNode() = ret.getValue())`.
|
||||||
|
* This API is being phased out together with `AstNode.getAFlowNode()` to
|
||||||
|
* untangle the AST and CFG hierarchies in preparation for migrating the
|
||||||
|
* dataflow library off the legacy CFG.
|
||||||
|
*
|
||||||
|
* Gets a control flow node for a return value of this function.
|
||||||
|
*/
|
||||||
|
deprecated ControlFlowNode getAReturnValueFlowNode() {
|
||||||
exists(Return ret |
|
exists(Return ret |
|
||||||
ret.getScope() = this and
|
ret.getScope() = this and
|
||||||
ret.getValue() = result.getNode()
|
ret.getValue() = result.getNode()
|
||||||
|
|||||||
@@ -162,8 +162,6 @@ class ImportMember extends ImportMember_ {
|
|||||||
string getImportedModuleName() {
|
string getImportedModuleName() {
|
||||||
result = this.getModule().(ImportExpr).getImportedModuleName() + "." + this.getName()
|
result = this.getModule().(ImportExpr).getImportedModuleName() + "." + this.getName()
|
||||||
}
|
}
|
||||||
|
|
||||||
override ImportMemberNode getAFlowNode() { result = super.getAFlowNode() }
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/** An import statement */
|
/** An import statement */
|
||||||
|
|||||||
@@ -46,20 +46,23 @@ class SelfAttributeRead extends SelfAttribute {
|
|||||||
}
|
}
|
||||||
|
|
||||||
predicate guardedByHasattr() {
|
predicate guardedByHasattr() {
|
||||||
exists(Variable var, ControlFlowNode n |
|
exists(Variable var, ControlFlowNode n, ControlFlowNode this_, ControlFlowNode obj_ |
|
||||||
var.getAUse() = this.getObject().getAFlowNode() and
|
this_.getNode() = this and obj_.getNode() = this.getObject()
|
||||||
|
|
|
||||||
|
var.getAUse() = obj_ and
|
||||||
hasattr(n, var.getAUse(), this.getName()) and
|
hasattr(n, var.getAUse(), this.getName()) and
|
||||||
n.strictlyDominates(this.getAFlowNode())
|
n.strictlyDominates(this_)
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
pragma[noinline]
|
pragma[noinline]
|
||||||
predicate locallyDefined() {
|
predicate locallyDefined() {
|
||||||
exists(SelfAttributeStore store |
|
exists(SelfAttributeStore store, ControlFlowNode store_, ControlFlowNode this_ |
|
||||||
this.getName() = store.getName() and
|
store_.getNode() = store and this_.getNode() = this
|
||||||
this.getScope() = store.getScope()
|
|
||||||
|
|
|
|
||||||
store.getAFlowNode().strictlyDominates(this.getAFlowNode())
|
this.getName() = store.getName() and
|
||||||
|
this.getScope() = store.getScope() and
|
||||||
|
store_.strictlyDominates(this_)
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -5,24 +5,30 @@ private import semmle.python.dataflow.new.DataFlow
|
|||||||
|
|
||||||
private predicate constCompare(DataFlow::GuardNode g, ControlFlowNode node, boolean branch) {
|
private predicate constCompare(DataFlow::GuardNode g, ControlFlowNode node, boolean branch) {
|
||||||
exists(CompareNode cn | cn = g |
|
exists(CompareNode cn | cn = g |
|
||||||
exists(ImmutableLiteral const, Cmpop op |
|
exists(ImmutableLiteral const, Cmpop op, ControlFlowNode c |
|
||||||
op = any(Eq eq) and branch = true
|
c.getNode() = const and
|
||||||
or
|
(
|
||||||
op = any(NotEq ne) and branch = false
|
op = any(Eq eq) and branch = true
|
||||||
|
or
|
||||||
|
op = any(NotEq ne) and branch = false
|
||||||
|
)
|
||||||
|
|
|
|
||||||
cn.operands(const.getAFlowNode(), op, node)
|
cn.operands(c, op, node)
|
||||||
or
|
or
|
||||||
cn.operands(node, op, const.getAFlowNode())
|
cn.operands(node, op, c)
|
||||||
)
|
)
|
||||||
or
|
or
|
||||||
exists(NameConstant const, Cmpop op |
|
exists(NameConstant const, Cmpop op, ControlFlowNode c |
|
||||||
op = any(Is is_) and branch = true
|
c.getNode() = const and
|
||||||
or
|
(
|
||||||
op = any(IsNot isn) and branch = false
|
op = any(Is is_) and branch = true
|
||||||
|
or
|
||||||
|
op = any(IsNot isn) and branch = false
|
||||||
|
)
|
||||||
|
|
|
|
||||||
cn.operands(const.getAFlowNode(), op, node)
|
cn.operands(c, op, node)
|
||||||
or
|
or
|
||||||
cn.operands(node, op, const.getAFlowNode())
|
cn.operands(node, op, c)
|
||||||
)
|
)
|
||||||
or
|
or
|
||||||
exists(IterableNode const_iterable, Cmpop op |
|
exists(IterableNode const_iterable, Cmpop op |
|
||||||
|
|||||||
@@ -228,7 +228,7 @@ private class ClassDefinitionAsAttrWrite extends AttrWrite, CfgNode {
|
|||||||
|
|
||||||
override Node getValue() { result.asCfgNode() = node.getValue() }
|
override Node getValue() { result.asCfgNode() = node.getValue() }
|
||||||
|
|
||||||
override Node getObject() { result.asCfgNode() = cls.getAFlowNode() }
|
override Node getObject() { result.asCfgNode().getNode() = cls }
|
||||||
|
|
||||||
override ExprNode getAttributeNameExpr() { none() }
|
override ExprNode getAttributeNameExpr() { none() }
|
||||||
|
|
||||||
|
|||||||
@@ -256,9 +256,12 @@ predicate parameterMatch(ParameterPosition ppos, ArgumentPosition apos) {
|
|||||||
*/
|
*/
|
||||||
overlay[local]
|
overlay[local]
|
||||||
predicate isStaticmethod(Function func) {
|
predicate isStaticmethod(Function func) {
|
||||||
exists(NameNode id | id.getId() = "staticmethod" and id.isGlobal() |
|
// The decorator is *syntactically* a `Name` "staticmethod" — we don't
|
||||||
func.getADecorator() = id.getNode()
|
// care which variable it resolves to. `staticmethod` is a builtin and
|
||||||
)
|
// is almost never shadowed in a module-level scope; even if a class
|
||||||
|
// redefines `staticmethod` in its body, the class body has not started
|
||||||
|
// executing yet at the decorator position, so Python uses the builtin.
|
||||||
|
func.getADecorator().(Name).getId() = "staticmethod"
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -268,9 +271,9 @@ predicate isStaticmethod(Function func) {
|
|||||||
*/
|
*/
|
||||||
overlay[local]
|
overlay[local]
|
||||||
predicate isClassmethod(Function func) {
|
predicate isClassmethod(Function func) {
|
||||||
exists(NameNode id | id.getId() = "classmethod" and id.isGlobal() |
|
// See `isStaticmethod` for the rationale for matching on the AST `Name`
|
||||||
func.getADecorator() = id.getNode()
|
// rather than going via the CFG and `isGlobal()`.
|
||||||
)
|
func.getADecorator().(Name).getId() = "classmethod"
|
||||||
or
|
or
|
||||||
exists(Class cls |
|
exists(Class cls |
|
||||||
cls.getAMethod() = func and
|
cls.getAMethod() = func and
|
||||||
@@ -285,9 +288,8 @@ predicate isClassmethod(Function func) {
|
|||||||
/** Holds if the function `func` has a `property` decorator. */
|
/** Holds if the function `func` has a `property` decorator. */
|
||||||
overlay[local]
|
overlay[local]
|
||||||
predicate hasPropertyDecorator(Function func) {
|
predicate hasPropertyDecorator(Function func) {
|
||||||
exists(NameNode id | id.getId() = "property" and id.isGlobal() |
|
// See `isStaticmethod` for the rationale for matching on the AST `Name`.
|
||||||
func.getADecorator() = id.getNode()
|
func.getADecorator().(Name).getId() = "property"
|
||||||
)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -1911,8 +1913,8 @@ abstract class ReturnNode extends Node {
|
|||||||
class ExtractedReturnNode extends ReturnNode, CfgNode {
|
class ExtractedReturnNode extends ReturnNode, CfgNode {
|
||||||
// See `TaintTrackingImplementation::returnFlowStep`
|
// See `TaintTrackingImplementation::returnFlowStep`
|
||||||
ExtractedReturnNode() {
|
ExtractedReturnNode() {
|
||||||
node = any(Return ret).getValue().getAFlowNode() or
|
node.getNode() = any(Return ret).getValue() or
|
||||||
node = any(Yield yield).getAFlowNode()
|
node.getNode() = any(Yield yield)
|
||||||
}
|
}
|
||||||
|
|
||||||
override ReturnKind getKind() { any() }
|
override ReturnKind getKind() { any() }
|
||||||
@@ -1930,7 +1932,7 @@ class ExtractedReturnNode extends ReturnNode, CfgNode {
|
|||||||
class YieldNodeInContextManagerFunction extends ReturnNode, CfgNode {
|
class YieldNodeInContextManagerFunction extends ReturnNode, CfgNode {
|
||||||
YieldNodeInContextManagerFunction() {
|
YieldNodeInContextManagerFunction() {
|
||||||
hasContextmanagerDecorator(node.getScope()) and
|
hasContextmanagerDecorator(node.getScope()) and
|
||||||
node = any(Yield yield).getValue().getAFlowNode()
|
node.getNode() = any(Yield yield).getValue()
|
||||||
}
|
}
|
||||||
|
|
||||||
override ReturnKind getKind() { any() }
|
override ReturnKind getKind() { any() }
|
||||||
|
|||||||
@@ -185,8 +185,8 @@ private predicate synthDictSplatArgumentNodeStoreStep(
|
|||||||
*/
|
*/
|
||||||
predicate yieldStoreStep(Node nodeFrom, Content c, Node nodeTo) {
|
predicate yieldStoreStep(Node nodeFrom, Content c, Node nodeTo) {
|
||||||
exists(Yield yield |
|
exists(Yield yield |
|
||||||
nodeTo.asCfgNode() = yield.getAFlowNode() and
|
nodeTo.asCfgNode().getNode() = yield and
|
||||||
nodeFrom.asCfgNode() = yield.getValue().getAFlowNode() and
|
nodeFrom.asCfgNode().getNode() = yield.getValue() and
|
||||||
// TODO: Consider if this will also need to transfer dictionary content
|
// TODO: Consider if this will also need to transfer dictionary content
|
||||||
// once dictionary comprehensions are supported.
|
// once dictionary comprehensions are supported.
|
||||||
c instanceof ListElementContent
|
c instanceof ListElementContent
|
||||||
|
|||||||
@@ -485,7 +485,7 @@ class ModuleVariableNode extends Node, TModuleVariableNode {
|
|||||||
|
|
||||||
/** Gets a node that reads this variable, excluding reads that happen through `from ... import *`. */
|
/** Gets a node that reads this variable, excluding reads that happen through `from ... import *`. */
|
||||||
Node getALocalRead() {
|
Node getALocalRead() {
|
||||||
result.asCfgNode() = var.getALoad().getAFlowNode() and
|
result.asCfgNode().getNode() = var.getALoad() and
|
||||||
not result.getScope() = mod
|
not result.getScope() = mod
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -9,7 +9,19 @@ private import semmle.python.dataflow.new.DataFlow
|
|||||||
private import semmle.python.dataflow.new.internal.ImportStar
|
private import semmle.python.dataflow.new.internal.ImportStar
|
||||||
private import semmle.python.dataflow.new.TypeTracking
|
private import semmle.python.dataflow.new.TypeTracking
|
||||||
private import semmle.python.dataflow.new.internal.DataFlowPrivate
|
private import semmle.python.dataflow.new.internal.DataFlowPrivate
|
||||||
private import semmle.python.essa.SsaDefinitions
|
|
||||||
|
/**
|
||||||
|
* Holds if `init` is a package's `__init__.py` and `var` is a global variable in
|
||||||
|
* `init` whose name matches a submodule of the package.
|
||||||
|
*
|
||||||
|
* Inlined from `SsaSource::init_module_submodule_defn` to avoid pulling
|
||||||
|
* `semmle.python.essa.SsaDefinitions` into the new dataflow stack.
|
||||||
|
*/
|
||||||
|
private predicate initModuleSubmoduleDefn(GlobalVariable var, Module init) {
|
||||||
|
init.isPackageInit() and
|
||||||
|
exists(init.getPackage().getSubModule(var.getId())) and
|
||||||
|
var.getScope() = init
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Python modules and the way imports are resolved are... complicated. Here's a crash course in how
|
* Python modules and the way imports are resolved are... complicated. Here's a crash course in how
|
||||||
@@ -326,7 +338,7 @@ module ImportResolution {
|
|||||||
// imported yet.
|
// imported yet.
|
||||||
exists(string submodule, Module package, EssaVariable var |
|
exists(string submodule, Module package, EssaVariable var |
|
||||||
submodule = var.getName() and
|
submodule = var.getName() and
|
||||||
SsaSource::init_module_submodule_defn(var.getSourceVariable(), package.getEntryNode()) and
|
initModuleSubmoduleDefn(var.getSourceVariable(), package) and
|
||||||
m = getModuleFromName(package.getPackageName() + "." + submodule) and
|
m = getModuleFromName(package.getPackageName() + "." + submodule) and
|
||||||
result.asCfgNode() = var.getDefinition().(EssaNodeDefinition).getDefiningNode()
|
result.asCfgNode() = var.getDefinition().(EssaNodeDefinition).getDefiningNode()
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -94,8 +94,10 @@ private module SummaryTypeTrackerInput implements SummaryTypeTracker::Input {
|
|||||||
Node returnOf(Node callable, SummaryComponent return) {
|
Node returnOf(Node callable, SummaryComponent return) {
|
||||||
return = FlowSummaryImpl::Private::SummaryComponent::return() and
|
return = FlowSummaryImpl::Private::SummaryComponent::return() and
|
||||||
// `result` should be the return value of a callable expression (lambda or function) referenced by `callable`
|
// `result` should be the return value of a callable expression (lambda or function) referenced by `callable`
|
||||||
result.asCfgNode() =
|
exists(Return ret |
|
||||||
callable.getALocalSource().asExpr().(CallableExpr).getInnerScope().getAReturnValueFlowNode()
|
ret.getScope() = callable.getALocalSource().asExpr().(CallableExpr).getInnerScope() and
|
||||||
|
result.asCfgNode().getNode() = ret.getValue()
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Relating callables to nodes
|
// Relating callables to nodes
|
||||||
|
|||||||
@@ -61,7 +61,7 @@ private module CaptureInput implements Shared::InputSig<Location, Cfg::BasicBloc
|
|||||||
class VariableWrite extends ControlFlowNode {
|
class VariableWrite extends ControlFlowNode {
|
||||||
CapturedVariable v;
|
CapturedVariable v;
|
||||||
|
|
||||||
VariableWrite() { this = v.getAStore().getAFlowNode().(DefinitionNode).getValue() }
|
VariableWrite() { exists(DefinitionNode d | d.getNode() = v.getAStore() | this = d.getValue()) }
|
||||||
|
|
||||||
CapturedVariable getVariable() { result = v }
|
CapturedVariable getVariable() { result = v }
|
||||||
|
|
||||||
@@ -71,7 +71,7 @@ private module CaptureInput implements Shared::InputSig<Location, Cfg::BasicBloc
|
|||||||
class VariableRead extends Expr {
|
class VariableRead extends Expr {
|
||||||
CapturedVariable v;
|
CapturedVariable v;
|
||||||
|
|
||||||
VariableRead() { this = v.getALoad().getAFlowNode() }
|
VariableRead() { this.getNode() = v.getALoad() }
|
||||||
|
|
||||||
CapturedVariable getVariable() { result = v }
|
CapturedVariable getVariable() { result = v }
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -448,8 +448,7 @@ class TaintTrackingImplementation extends string instanceof TaintTracking::Confi
|
|||||||
context = TNoParam() and
|
context = TNoParam() and
|
||||||
src = TTaintTrackingNode_(retval, TNoParam(), path, kind, this) and
|
src = TTaintTrackingNode_(retval, TNoParam(), path, kind, this) and
|
||||||
node.asCfgNode() = call and
|
node.asCfgNode() = call and
|
||||||
retval.asCfgNode() =
|
retval.asCfgNode().getNode() = any(Return ret | ret.getScope() = pyfunc.getScope()).getValue()
|
||||||
any(Return ret | ret.getScope() = pyfunc.getScope()).getValue().getAFlowNode()
|
|
||||||
) and
|
) and
|
||||||
edgeLabel = "return"
|
edgeLabel = "return"
|
||||||
}
|
}
|
||||||
@@ -471,8 +470,7 @@ class TaintTrackingImplementation extends string instanceof TaintTracking::Confi
|
|||||||
this.callContexts(call, src, pyfunc, context, callee) and
|
this.callContexts(call, src, pyfunc, context, callee) and
|
||||||
retnode = TTaintTrackingNode_(retval, callee, path, kind, this) and
|
retnode = TTaintTrackingNode_(retval, callee, path, kind, this) and
|
||||||
node.asCfgNode() = call and
|
node.asCfgNode() = call and
|
||||||
retval.asCfgNode() =
|
retval.asCfgNode().getNode() = any(Return ret | ret.getScope() = pyfunc.getScope()).getValue()
|
||||||
any(Return ret | ret.getScope() = pyfunc.getScope()).getValue().getAFlowNode()
|
|
||||||
) and
|
) and
|
||||||
edgeLabel = "call"
|
edgeLabel = "call"
|
||||||
}
|
}
|
||||||
@@ -716,8 +714,10 @@ private class EssaTaintTracking extends string instanceof TaintTracking::Configu
|
|||||||
src = TTaintTrackingNode_(srcnode, context, path, srckind, this) and
|
src = TTaintTrackingNode_(srcnode, context, path, srckind, this) and
|
||||||
path.noAttribute()
|
path.noAttribute()
|
||||||
|
|
|
|
||||||
assign.getValue().getAFlowNode() = srcnode.asCfgNode() and
|
srcnode.asCfgNode().getNode() = assign.getValue() and
|
||||||
depth = iterable_unpacking_descent(assign.getATarget().getAFlowNode(), defn.getDefiningNode()) and
|
exists(SequenceNode left_parent | left_parent.getNode() = assign.getATarget() |
|
||||||
|
depth = iterable_unpacking_descent(left_parent, defn.getDefiningNode())
|
||||||
|
) and
|
||||||
kind = taint_at_depth(srckind, depth)
|
kind = taint_at_depth(srckind, depth)
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
@@ -964,7 +964,7 @@ private TaintKind taint_at_depth(SequenceKind parent_kind, int depth) {
|
|||||||
* - with `left_defn` = `*y`, `left_parent` = `((x, *y), ...)`, result = 1
|
* - with `left_defn` = `*y`, `left_parent` = `((x, *y), ...)`, result = 1
|
||||||
*/
|
*/
|
||||||
int iterable_unpacking_descent(SequenceNode left_parent, ControlFlowNode left_defn) {
|
int iterable_unpacking_descent(SequenceNode left_parent, ControlFlowNode left_defn) {
|
||||||
exists(Assign a | a.getATarget().getASubExpression*().getAFlowNode() = left_parent) and
|
exists(Assign a | left_parent.getNode() = a.getATarget().getASubExpression*()) and
|
||||||
left_parent.getAnElement() = left_defn and
|
left_parent.getAnElement() = left_defn and
|
||||||
// Handle `a, *b = some_iterable`
|
// Handle `a, *b = some_iterable`
|
||||||
if left_defn instanceof StarredNode then result = 0 else result = 1
|
if left_defn instanceof StarredNode then result = 0 else result = 1
|
||||||
|
|||||||
@@ -56,7 +56,7 @@ module SsaSource {
|
|||||||
predicate with_definition(Variable v, ControlFlowNode defn) {
|
predicate with_definition(Variable v, ControlFlowNode defn) {
|
||||||
exists(With with, Name var |
|
exists(With with, Name var |
|
||||||
with.getOptionalVars() = var and
|
with.getOptionalVars() = var and
|
||||||
var.getAFlowNode() = defn
|
defn.getNode() = var
|
||||||
|
|
|
|
||||||
var = v.getAStore()
|
var = v.getAStore()
|
||||||
)
|
)
|
||||||
@@ -67,7 +67,7 @@ module SsaSource {
|
|||||||
predicate pattern_capture_definition(Variable v, ControlFlowNode defn) {
|
predicate pattern_capture_definition(Variable v, ControlFlowNode defn) {
|
||||||
exists(MatchCapturePattern capture, Name var |
|
exists(MatchCapturePattern capture, Name var |
|
||||||
capture.getVariable() = var and
|
capture.getVariable() = var and
|
||||||
var.getAFlowNode() = defn
|
defn.getNode() = var
|
||||||
|
|
|
|
||||||
var = v.getAStore()
|
var = v.getAStore()
|
||||||
)
|
)
|
||||||
@@ -78,7 +78,7 @@ module SsaSource {
|
|||||||
predicate pattern_alias_definition(Variable v, ControlFlowNode defn) {
|
predicate pattern_alias_definition(Variable v, ControlFlowNode defn) {
|
||||||
exists(MatchAsPattern pattern, Name var |
|
exists(MatchAsPattern pattern, Name var |
|
||||||
pattern.getAlias() = var and
|
pattern.getAlias() = var and
|
||||||
var.getAFlowNode() = defn
|
defn.getNode() = var
|
||||||
|
|
|
|
||||||
var = v.getAStore()
|
var = v.getAStore()
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -59,7 +59,7 @@ module Bottle {
|
|||||||
|
|
||||||
override Parameter getARoutedParameter() { none() }
|
override Parameter getARoutedParameter() { none() }
|
||||||
|
|
||||||
override Function getARequestHandler() { result.getADecorator().getAFlowNode() = node }
|
override Function getARequestHandler() { node.getNode() = result.getADecorator() }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -73,7 +73,10 @@ module Bottle {
|
|||||||
/** A response returned by a view callable. */
|
/** A response returned by a view callable. */
|
||||||
class BottleReturnResponse extends Http::Server::HttpResponse::Range {
|
class BottleReturnResponse extends Http::Server::HttpResponse::Range {
|
||||||
BottleReturnResponse() {
|
BottleReturnResponse() {
|
||||||
this.asCfgNode() = any(View::ViewCallable vc).getAReturnValueFlowNode()
|
exists(Return ret |
|
||||||
|
ret.getScope() = any(View::ViewCallable vc) and
|
||||||
|
this.asCfgNode().getNode() = ret.getValue()
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
override DataFlow::Node getBody() { result = this }
|
override DataFlow::Node getBody() { result = this }
|
||||||
|
|||||||
@@ -2872,7 +2872,10 @@ module PrivateDjango {
|
|||||||
DataFlow::CfgNode
|
DataFlow::CfgNode
|
||||||
{
|
{
|
||||||
DjangoRedirectViewGetRedirectUrlReturn() {
|
DjangoRedirectViewGetRedirectUrlReturn() {
|
||||||
node = any(GetRedirectUrlFunction f).getAReturnValueFlowNode()
|
exists(Return ret |
|
||||||
|
ret.getScope() = any(GetRedirectUrlFunction f) and
|
||||||
|
node.getNode() = ret.getValue()
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
override DataFlow::Node getRedirectLocation() { result = this }
|
override DataFlow::Node getRedirectLocation() { result = this }
|
||||||
|
|||||||
@@ -129,7 +129,7 @@ module FastApi {
|
|||||||
result in [this.getArg(0), this.getArgByName("path")]
|
result in [this.getArg(0), this.getArgByName("path")]
|
||||||
}
|
}
|
||||||
|
|
||||||
override Function getARequestHandler() { result.getADecorator().getAFlowNode() = node }
|
override Function getARequestHandler() { node.getNode() = result.getADecorator() }
|
||||||
|
|
||||||
override string getFramework() { result = "FastAPI" }
|
override string getFramework() { result = "FastAPI" }
|
||||||
|
|
||||||
@@ -309,7 +309,10 @@ module FastApi {
|
|||||||
FastApiRouteSetup routeSetup;
|
FastApiRouteSetup routeSetup;
|
||||||
|
|
||||||
FastApiRequestHandlerReturn() {
|
FastApiRequestHandlerReturn() {
|
||||||
node = routeSetup.getARequestHandler().getAReturnValueFlowNode()
|
exists(Return ret |
|
||||||
|
ret.getScope() = routeSetup.getARequestHandler() and
|
||||||
|
node.getNode() = ret.getValue()
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
override DataFlow::Node getBody() { result = this }
|
override DataFlow::Node getBody() { result = this }
|
||||||
|
|||||||
@@ -371,7 +371,7 @@ module Flask {
|
|||||||
result in [this.getArg(0), this.getArgByName("rule")]
|
result in [this.getArg(0), this.getArgByName("rule")]
|
||||||
}
|
}
|
||||||
|
|
||||||
override Function getARequestHandler() { result.getADecorator().getAFlowNode() = node }
|
override Function getARequestHandler() { node.getNode() = result.getADecorator() }
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -536,7 +536,7 @@ module Flask {
|
|||||||
FlaskRouteHandlerReturn() {
|
FlaskRouteHandlerReturn() {
|
||||||
exists(Function routeHandler |
|
exists(Function routeHandler |
|
||||||
routeHandler = any(FlaskRouteSetup rs).getARequestHandler() and
|
routeHandler = any(FlaskRouteSetup rs).getARequestHandler() and
|
||||||
node = routeHandler.getAReturnValueFlowNode() and
|
exists(Return ret | ret.getScope() = routeHandler and node.getNode() = ret.getValue()) and
|
||||||
not this instanceof Flask::Response::InstanceSource
|
not this instanceof Flask::Response::InstanceSource
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -38,7 +38,7 @@ private module FlaskAdmin {
|
|||||||
result in [this.getArg(0), this.getArgByName("url")]
|
result in [this.getArg(0), this.getArgByName("url")]
|
||||||
}
|
}
|
||||||
|
|
||||||
override Function getARequestHandler() { result.getADecorator().getAFlowNode() = node }
|
override Function getARequestHandler() { node.getNode() = result.getADecorator() }
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -71,7 +71,7 @@ private module FlaskAdmin {
|
|||||||
|
|
||||||
override Function getARequestHandler() {
|
override Function getARequestHandler() {
|
||||||
exists(Flask::FlaskViewClass cls |
|
exists(Flask::FlaskViewClass cls |
|
||||||
cls.getADecorator().getAFlowNode() = node and
|
node.getNode() = cls.getADecorator() and
|
||||||
result = cls.getARequestHandler()
|
result = cls.getARequestHandler()
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -166,7 +166,10 @@ module Pyramid {
|
|||||||
/** A response returned by a view callable. */
|
/** A response returned by a view callable. */
|
||||||
private class PyramidReturnResponse extends Http::Server::HttpResponse::Range {
|
private class PyramidReturnResponse extends Http::Server::HttpResponse::Range {
|
||||||
PyramidReturnResponse() {
|
PyramidReturnResponse() {
|
||||||
this.asCfgNode() = any(View::ViewCallable vc).getAReturnValueFlowNode() and
|
exists(Return ret |
|
||||||
|
ret.getScope() = any(View::ViewCallable vc) and
|
||||||
|
this.asCfgNode().getNode() = ret.getValue()
|
||||||
|
) and
|
||||||
not this = instance()
|
not this = instance()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -2254,8 +2254,9 @@ module StdlibPrivate {
|
|||||||
DataFlow::CfgNode
|
DataFlow::CfgNode
|
||||||
{
|
{
|
||||||
WsgirefSimpleServerApplicationReturn() {
|
WsgirefSimpleServerApplicationReturn() {
|
||||||
exists(WsgirefSimpleServerApplication requestHandler |
|
exists(WsgirefSimpleServerApplication requestHandler, Return ret |
|
||||||
node = requestHandler.getAReturnValueFlowNode()
|
ret.getScope() = requestHandler and
|
||||||
|
node.getNode() = ret.getValue()
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -182,7 +182,10 @@ private module Twisted {
|
|||||||
DataFlow::CfgNode
|
DataFlow::CfgNode
|
||||||
{
|
{
|
||||||
TwistedResourceRenderMethodReturn() {
|
TwistedResourceRenderMethodReturn() {
|
||||||
this.asCfgNode() = any(TwistedResourceRenderMethod meth).getAReturnValueFlowNode()
|
exists(Return ret |
|
||||||
|
ret.getScope() = any(TwistedResourceRenderMethod meth) and
|
||||||
|
this.asCfgNode().getNode() = ret.getValue()
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
override DataFlow::Node getBody() { result = this }
|
override DataFlow::Node getBody() { result = this }
|
||||||
|
|||||||
@@ -77,7 +77,7 @@ module Stages {
|
|||||||
or
|
or
|
||||||
exists(any(AstExtended::AstNode n).getParentNode())
|
exists(any(AstExtended::AstNode n).getParentNode())
|
||||||
or
|
or
|
||||||
exists(any(AstExtended::AstNode n).getAFlowNode())
|
exists(PyFlow::ControlFlowNode cfg, AstExtended::AstNode n | cfg.getNode() = n)
|
||||||
or
|
or
|
||||||
exists(any(PyFlow::BasicBlock b).getImmediateDominator())
|
exists(any(PyFlow::BasicBlock b).getImmediateDominator())
|
||||||
or
|
or
|
||||||
|
|||||||
@@ -56,8 +56,9 @@ abstract class CallableObjectInternal extends ObjectInternal {
|
|||||||
/** A Python function. */
|
/** A Python function. */
|
||||||
class PythonFunctionObjectInternal extends CallableObjectInternal, TPythonFunctionObject {
|
class PythonFunctionObjectInternal extends CallableObjectInternal, TPythonFunctionObject {
|
||||||
override Function getScope() {
|
override Function getScope() {
|
||||||
exists(CallableExpr expr |
|
exists(CallableExpr expr, ControlFlowNode exprCfg |
|
||||||
this = TPythonFunctionObject(expr.getAFlowNode()) and
|
exprCfg.getNode() = expr and
|
||||||
|
this = TPythonFunctionObject(exprCfg) and
|
||||||
result = expr.getInnerScope()
|
result = expr.getInnerScope()
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
@@ -80,11 +81,12 @@ class PythonFunctionObjectInternal extends CallableObjectInternal, TPythonFuncti
|
|||||||
|
|
||||||
pragma[nomagic]
|
pragma[nomagic]
|
||||||
override predicate callResult(PointsToContext callee, ObjectInternal obj, CfgOrigin origin) {
|
override predicate callResult(PointsToContext callee, ObjectInternal obj, CfgOrigin origin) {
|
||||||
exists(Function func, ControlFlowNode rval, ControlFlowNode forigin |
|
exists(Function func, Return ret, ControlFlowNode rval, ControlFlowNode forigin |
|
||||||
func = this.getScope() and
|
func = this.getScope() and
|
||||||
callee.appliesToScope(func)
|
callee.appliesToScope(func)
|
||||||
|
|
|
|
||||||
rval = func.getAReturnValueFlowNode() and
|
ret.getScope() = func and
|
||||||
|
rval.getNode() = ret.getValue() and
|
||||||
PointsToInternal::pointsTo(rval, callee, obj, forigin) and
|
PointsToInternal::pointsTo(rval, callee, obj, forigin) and
|
||||||
origin = CfgOrigin::fromCfgNode(forigin)
|
origin = CfgOrigin::fromCfgNode(forigin)
|
||||||
)
|
)
|
||||||
@@ -160,10 +162,11 @@ class PythonFunctionObjectInternal extends CallableObjectInternal, TPythonFuncti
|
|||||||
}
|
}
|
||||||
|
|
||||||
private BasicBlock blockReturningNone(Function func) {
|
private BasicBlock blockReturningNone(Function func) {
|
||||||
exists(Return ret |
|
exists(Return ret, ControlFlowNode ret_ |
|
||||||
not exists(ret.getValue()) and
|
not exists(ret.getValue()) and
|
||||||
ret.getScope() = func and
|
ret.getScope() = func and
|
||||||
result = ret.getAFlowNode().getBasicBlock()
|
ret_.getNode() = ret and
|
||||||
|
result = ret_.getBasicBlock()
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -113,8 +113,9 @@ abstract class ClassObjectInternal extends ObjectInternal {
|
|||||||
class PythonClassObjectInternal extends ClassObjectInternal, TPythonClassObject {
|
class PythonClassObjectInternal extends ClassObjectInternal, TPythonClassObject {
|
||||||
/** Gets the scope for this Python class */
|
/** Gets the scope for this Python class */
|
||||||
Class getScope() {
|
Class getScope() {
|
||||||
exists(ClassExpr expr |
|
exists(ClassExpr expr, ControlFlowNode exprCfg |
|
||||||
this = TPythonClassObject(expr.getAFlowNode()) and
|
exprCfg.getNode() = expr and
|
||||||
|
this = TPythonClassObject(exprCfg) and
|
||||||
result = expr.getInnerScope()
|
result = expr.getInnerScope()
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -745,7 +745,12 @@ class PythonFunctionValue extends FunctionValue {
|
|||||||
override int maxParameters() { result = this.getScope().getMaxPositionalArguments() }
|
override int maxParameters() { result = this.getScope().getMaxPositionalArguments() }
|
||||||
|
|
||||||
/** Gets a control flow node corresponding to a return statement in this function */
|
/** Gets a control flow node corresponding to a return statement in this function */
|
||||||
ControlFlowNode getAReturnedNode() { result = this.getScope().getAReturnValueFlowNode() }
|
ControlFlowNode getAReturnedNode() {
|
||||||
|
exists(Return ret |
|
||||||
|
ret.getScope() = this.getScope() and
|
||||||
|
result.getNode() = ret.getValue()
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
override ClassValue getARaisedType() { scope_raises(result, this.getScope()) }
|
override ClassValue getARaisedType() { scope_raises(result, this.getScope()) }
|
||||||
|
|
||||||
|
|||||||
@@ -387,7 +387,7 @@ private PythonClassObjectInternal abcMetaClassObject() {
|
|||||||
private predicate neither_class_nor_static_method(Function f) {
|
private predicate neither_class_nor_static_method(Function f) {
|
||||||
not exists(f.getADecorator())
|
not exists(f.getADecorator())
|
||||||
or
|
or
|
||||||
exists(ControlFlowNode deco | deco = f.getADecorator().getAFlowNode() |
|
exists(ControlFlowNode deco | deco.getNode() = f.getADecorator() |
|
||||||
exists(ObjectInternal o | PointsToInternal::pointsTo(deco, _, o, _) |
|
exists(ObjectInternal o | PointsToInternal::pointsTo(deco, _, o, _) |
|
||||||
o != ObjectInternal::staticMethod() and
|
o != ObjectInternal::staticMethod() and
|
||||||
o != ObjectInternal::classMethod()
|
o != ObjectInternal::classMethod()
|
||||||
|
|||||||
@@ -711,7 +711,7 @@ private module InterModulePointsTo {
|
|||||||
ControlFlowNode f, PointsToContext context, ObjectInternal value, ControlFlowNode origin
|
ControlFlowNode f, PointsToContext context, ObjectInternal value, ControlFlowNode origin
|
||||||
) {
|
) {
|
||||||
exists(string name, ImportExpr i |
|
exists(string name, ImportExpr i |
|
||||||
i.getAFlowNode() = f and
|
f.getNode() = i and
|
||||||
i.getImportedModuleName() = name and
|
i.getImportedModuleName() = name and
|
||||||
PointsToInternal::module_imported_as(value, name) and
|
PointsToInternal::module_imported_as(value, name) and
|
||||||
origin = f and
|
origin = f and
|
||||||
@@ -2118,8 +2118,9 @@ module Types {
|
|||||||
result.getBuiltin() = cls.getBuiltin().getBaseClass() and n = 0
|
result.getBuiltin() = cls.getBuiltin().getBaseClass() and n = 0
|
||||||
or
|
or
|
||||||
exists(Class pycls | pycls = cls.(PythonClassObjectInternal).getScope() |
|
exists(Class pycls | pycls = cls.(PythonClassObjectInternal).getScope() |
|
||||||
exists(ObjectInternal base |
|
exists(ObjectInternal base, ControlFlowNode baseNode |
|
||||||
PointsToInternal::pointsTo(pycls.getBase(n).getAFlowNode(), _, base, _)
|
baseNode.getNode() = pycls.getBase(n) and
|
||||||
|
PointsToInternal::pointsTo(baseNode, _, base, _)
|
||||||
|
|
|
|
||||||
result = base and base != ObjectInternal::unknown()
|
result = base and base != ObjectInternal::unknown()
|
||||||
or
|
or
|
||||||
@@ -2223,7 +2224,10 @@ module Types {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private ControlFlowNode decorator_call_callee(PythonClassObjectInternal cls) {
|
private ControlFlowNode decorator_call_callee(PythonClassObjectInternal cls) {
|
||||||
result = cls.getScope().getADecorator().getAFlowNode().(CallNode).getFunction()
|
exists(CallNode deco |
|
||||||
|
deco.getNode() = cls.getScope().getADecorator() and
|
||||||
|
result = deco.getFunction()
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean has_six_add_metaclass(PythonClassObjectInternal cls) {
|
private boolean has_six_add_metaclass(PythonClassObjectInternal cls) {
|
||||||
@@ -2262,7 +2266,7 @@ module Types {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private EssaVariable metaclass_var(Class cls) {
|
private EssaVariable metaclass_var(Class cls) {
|
||||||
result.getASourceUse() = cls.getMetaClass().getAFlowNode()
|
result.getASourceUse().getNode() = cls.getMetaClass()
|
||||||
or
|
or
|
||||||
major_version() = 2 and
|
major_version() = 2 and
|
||||||
not exists(cls.getMetaClass()) and
|
not exists(cls.getMetaClass()) and
|
||||||
|
|||||||
@@ -181,7 +181,7 @@ class ClassObject extends Object {
|
|||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
ControlFlowNode declaredMetaClass() { result = this.getPyClass().getMetaClass().getAFlowNode() }
|
ControlFlowNode declaredMetaClass() { result.getNode() = this.getPyClass().getMetaClass() }
|
||||||
|
|
||||||
/** Has type inference failed to compute the full class hierarchy for this class for the reason given. */
|
/** Has type inference failed to compute the full class hierarchy for this class for the reason given. */
|
||||||
predicate failedInference(string reason) { Types::failedInference(this.theClass(), reason) }
|
predicate failedInference(string reason) { Types::failedInference(this.theClass(), reason) }
|
||||||
@@ -195,8 +195,9 @@ class ClassObject extends Object {
|
|||||||
* It is guaranteed that getProbableSingletonInstance() returns at most one Object for each ClassObject.
|
* It is guaranteed that getProbableSingletonInstance() returns at most one Object for each ClassObject.
|
||||||
*/
|
*/
|
||||||
Object getProbableSingletonInstance() {
|
Object getProbableSingletonInstance() {
|
||||||
exists(ControlFlowNodeWithPointsTo use, Expr origin |
|
exists(ControlFlowNodeWithPointsTo use, Expr origin, ControlFlowNode origin_ |
|
||||||
use.refersTo(result, this, origin.getAFlowNode())
|
origin_.getNode() = origin and
|
||||||
|
use.refersTo(result, this, origin_)
|
||||||
|
|
|
|
||||||
this.hasStaticallyUniqueInstance() and
|
this.hasStaticallyUniqueInstance() and
|
||||||
/* Ensure that original expression will be executed only one. */
|
/* Ensure that original expression will be executed only one. */
|
||||||
|
|||||||
@@ -427,7 +427,7 @@ class ExceptFlowNodeWithPointsTo extends ExceptFlowNode {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private ControlFlowNodeWithPointsTo element_from_tuple_objectapi(Object tuple) {
|
private ControlFlowNodeWithPointsTo element_from_tuple_objectapi(Object tuple) {
|
||||||
exists(Tuple t | t = tuple.getOrigin() and result = t.getAnElt().getAFlowNode())
|
exists(Tuple t | t = tuple.getOrigin() and result.getNode() = t.getAnElt())
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -36,8 +36,8 @@ class RangeIterationVariableFact extends PointsToExtension {
|
|||||||
RangeIterationVariableFact() {
|
RangeIterationVariableFact() {
|
||||||
exists(For f, ControlFlowNode iterable |
|
exists(For f, ControlFlowNode iterable |
|
||||||
iterable.getBasicBlock().dominates(this.(ControlFlowNode).getBasicBlock()) and
|
iterable.getBasicBlock().dominates(this.(ControlFlowNode).getBasicBlock()) and
|
||||||
f.getIter().getAFlowNode() = iterable and
|
iterable.getNode() = f.getIter() and
|
||||||
f.getTarget().getAFlowNode() = this and
|
this.(ControlFlowNode).getNode() = f.getTarget() and
|
||||||
exists(ObjectInternal range |
|
exists(ObjectInternal range |
|
||||||
PointsTo::pointsTo(iterable, _, range, _) and
|
PointsTo::pointsTo(iterable, _, range, _) and
|
||||||
range.getClass() = ObjectInternal::builtin("range")
|
range.getClass() = ObjectInternal::builtin("range")
|
||||||
|
|||||||
@@ -137,7 +137,10 @@ class PyFunctionObject extends FunctionObject {
|
|||||||
|
|
||||||
/** Gets a control flow node corresponding to the value of a return statement */
|
/** Gets a control flow node corresponding to the value of a return statement */
|
||||||
ControlFlowNodeWithPointsTo getAReturnedNode() {
|
ControlFlowNodeWithPointsTo getAReturnedNode() {
|
||||||
result = this.getFunction().getAReturnValueFlowNode()
|
exists(Return ret |
|
||||||
|
ret.getScope() = this.getFunction() and
|
||||||
|
result.getNode() = ret.getValue()
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
override string descriptiveString() {
|
override string descriptiveString() {
|
||||||
@@ -170,7 +173,7 @@ class PyFunctionObject extends FunctionObject {
|
|||||||
predicate unconditionallyReturnsParameter(int n) {
|
predicate unconditionallyReturnsParameter(int n) {
|
||||||
exists(SsaVariable pvar |
|
exists(SsaVariable pvar |
|
||||||
exists(Parameter p | p = this.getFunction().getArg(n) |
|
exists(Parameter p | p = this.getFunction().getArg(n) |
|
||||||
p.asName().getAFlowNode() = pvar.getDefinition()
|
pvar.getDefinition().getNode() = p.asName()
|
||||||
) and
|
) and
|
||||||
exists(NameNode rval |
|
exists(NameNode rval |
|
||||||
rval = pvar.getAUse() and
|
rval = pvar.getAUse() and
|
||||||
|
|||||||
@@ -337,7 +337,7 @@ class TupleObject extends SequenceObject {
|
|||||||
or
|
or
|
||||||
this instanceof TupleNode
|
this instanceof TupleNode
|
||||||
or
|
or
|
||||||
exists(Function func | func.getVararg().getAFlowNode() = this)
|
exists(Function func | this.(ControlFlowNode).getNode() = func.getVararg())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -352,7 +352,9 @@ module TupleObject {
|
|||||||
}
|
}
|
||||||
|
|
||||||
class NonEmptyTupleObject extends TupleObject {
|
class NonEmptyTupleObject extends TupleObject {
|
||||||
NonEmptyTupleObject() { exists(Function func | func.getVararg().getAFlowNode() = this) }
|
NonEmptyTupleObject() {
|
||||||
|
exists(Function func | this.(ControlFlowNode).getNode() = func.getVararg())
|
||||||
|
}
|
||||||
|
|
||||||
override boolean booleanValue() { result = true }
|
override boolean booleanValue() { result = true }
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -48,9 +48,11 @@ class CheckClass extends ClassObject {
|
|||||||
self_dict = sub.getObject()
|
self_dict = sub.getObject()
|
||||||
or
|
or
|
||||||
/* Indirect assignment via temporary variable */
|
/* Indirect assignment via temporary variable */
|
||||||
exists(SsaVariable v |
|
exists(SsaVariable v, ControlFlowNode subObjCfg, ControlFlowNode selfDictCfg |
|
||||||
v.getAUse() = sub.getObject().getAFlowNode() and
|
subObjCfg.getNode() = sub.getObject() and selfDictCfg.getNode() = self_dict
|
||||||
v.getDefinition().(DefinitionNode).getValue() = self_dict.getAFlowNode()
|
|
|
||||||
|
v.getAUse() = subObjCfg and
|
||||||
|
v.getDefinition().(DefinitionNode).getValue() = selfDictCfg
|
||||||
)
|
)
|
||||||
) and
|
) and
|
||||||
a.getATarget() = sub and
|
a.getATarget() = sub and
|
||||||
@@ -62,9 +64,10 @@ class CheckClass extends ClassObject {
|
|||||||
|
|
||||||
pragma[nomagic]
|
pragma[nomagic]
|
||||||
private predicate monkeyPatched(string name) {
|
private predicate monkeyPatched(string name) {
|
||||||
exists(Attribute a |
|
exists(Attribute a, ControlFlowNode objCfg |
|
||||||
|
objCfg.getNode() = a.getObject() and
|
||||||
a.getCtx() instanceof Store and
|
a.getCtx() instanceof Store and
|
||||||
PointsTo::points_to(a.getObject().getAFlowNode(), _, this, _, _) and
|
PointsTo::points_to(objCfg, _, this, _, _) and
|
||||||
a.getName() = name
|
a.getName() = name
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
@@ -84,9 +87,9 @@ class CheckClass extends ClassObject {
|
|||||||
}
|
}
|
||||||
|
|
||||||
predicate interestingUndefined(SelfAttributeRead a) {
|
predicate interestingUndefined(SelfAttributeRead a) {
|
||||||
exists(string name | name = a.getName() |
|
exists(string name, ControlFlowNode aCfg | name = a.getName() and aCfg.getNode() = a |
|
||||||
this.interestingContext(a, name) and
|
this.interestingContext(a, name) and
|
||||||
not this.definedInBlock(a.getAFlowNode().getBasicBlock(), name)
|
not this.definedInBlock(aCfg.getBasicBlock(), name)
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -109,8 +112,9 @@ class CheckClass extends ClassObject {
|
|||||||
|
|
||||||
pragma[nomagic]
|
pragma[nomagic]
|
||||||
private predicate definitionInBlock(BasicBlock b, string name) {
|
private predicate definitionInBlock(BasicBlock b, string name) {
|
||||||
exists(SelfAttributeStore sa |
|
exists(SelfAttributeStore sa, ControlFlowNode saCfg |
|
||||||
sa.getAFlowNode().getBasicBlock() = b and
|
saCfg.getNode() = sa and
|
||||||
|
saCfg.getBasicBlock() = b and
|
||||||
sa.getName() = name and
|
sa.getName() = name and
|
||||||
sa.getClass() = this.getPyClass()
|
sa.getClass() = this.getPyClass()
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -15,7 +15,9 @@
|
|||||||
import python
|
import python
|
||||||
import semmle.python.ApiGraphs
|
import semmle.python.ApiGraphs
|
||||||
|
|
||||||
predicate doesnt_reraise(ExceptStmt ex) { ex.getAFlowNode().getBasicBlock().reachesExit() }
|
predicate doesnt_reraise(ExceptStmt ex) {
|
||||||
|
exists(ControlFlowNode exCfg | exCfg.getNode() = ex | exCfg.getBasicBlock().reachesExit())
|
||||||
|
}
|
||||||
|
|
||||||
predicate catches_base_exception(ExceptStmt ex) {
|
predicate catches_base_exception(ExceptStmt ex) {
|
||||||
ex.getType() = API::builtin("BaseException").getAValueReachableFromSource().asExpr()
|
ex.getType() = API::builtin("BaseException").getAValueReachableFromSource().asExpr()
|
||||||
|
|||||||
@@ -116,7 +116,7 @@ FunctionValue get_function_or_initializer(Value func_or_cls) {
|
|||||||
predicate illegally_named_parameter_objectapi(Call call, Object func, string name) {
|
predicate illegally_named_parameter_objectapi(Call call, Object func, string name) {
|
||||||
not func.isC() and
|
not func.isC() and
|
||||||
name = call.getANamedArgumentName() and
|
name = call.getANamedArgumentName() and
|
||||||
call.getAFlowNode() = get_a_call_objectapi(func) and
|
exists(ControlFlowNode callCfg | callCfg.getNode() = call | callCfg = get_a_call_objectapi(func)) and
|
||||||
not get_function_or_initializer_objectapi(func).isLegalArgumentName(name)
|
not get_function_or_initializer_objectapi(func).isLegalArgumentName(name)
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -124,7 +124,7 @@ predicate illegally_named_parameter_objectapi(Call call, Object func, string nam
|
|||||||
predicate illegally_named_parameter(Call call, Value func, string name) {
|
predicate illegally_named_parameter(Call call, Value func, string name) {
|
||||||
not func.isBuiltin() and
|
not func.isBuiltin() and
|
||||||
name = call.getANamedArgumentName() and
|
name = call.getANamedArgumentName() and
|
||||||
call.getAFlowNode() = get_a_call(func) and
|
exists(ControlFlowNode callCfg | callCfg.getNode() = call | callCfg = get_a_call(func)) and
|
||||||
not get_function_or_initializer(func).isLegalArgumentName(name)
|
not get_function_or_initializer(func).isLegalArgumentName(name)
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -146,7 +146,9 @@ predicate too_few_args_objectapi(Call call, Object callable, int limit) {
|
|||||||
call = func.getAMethodCall().getNode() and limit = func.minParameters() - 1
|
call = func.getAMethodCall().getNode() and limit = func.minParameters() - 1
|
||||||
or
|
or
|
||||||
callable instanceof ClassObject and
|
callable instanceof ClassObject and
|
||||||
call.getAFlowNode() = get_a_call_objectapi(callable) and
|
exists(ControlFlowNode callCfg | callCfg.getNode() = call |
|
||||||
|
callCfg = get_a_call_objectapi(callable)
|
||||||
|
) and
|
||||||
limit = func.minParameters() - 1
|
limit = func.minParameters() - 1
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
@@ -172,7 +174,7 @@ predicate too_few_args(Call call, Value callable, int limit) {
|
|||||||
call = func.getAMethodCall().getNode() and limit = func.minParameters() - 1
|
call = func.getAMethodCall().getNode() and limit = func.minParameters() - 1
|
||||||
or
|
or
|
||||||
callable instanceof ClassValue and
|
callable instanceof ClassValue and
|
||||||
call.getAFlowNode() = get_a_call(callable) and
|
exists(ControlFlowNode callCfg | callCfg.getNode() = call | callCfg = get_a_call(callable)) and
|
||||||
limit = func.minParameters() - 1
|
limit = func.minParameters() - 1
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
@@ -191,7 +193,9 @@ predicate too_many_args_objectapi(Call call, Object callable, int limit) {
|
|||||||
call = func.getAMethodCall().getNode() and limit = func.maxParameters() - 1
|
call = func.getAMethodCall().getNode() and limit = func.maxParameters() - 1
|
||||||
or
|
or
|
||||||
callable instanceof ClassObject and
|
callable instanceof ClassObject and
|
||||||
call.getAFlowNode() = get_a_call_objectapi(callable) and
|
exists(ControlFlowNode callCfg | callCfg.getNode() = call |
|
||||||
|
callCfg = get_a_call_objectapi(callable)
|
||||||
|
) and
|
||||||
limit = func.maxParameters() - 1
|
limit = func.maxParameters() - 1
|
||||||
) and
|
) and
|
||||||
positional_arg_count_for_call_objectapi(call, callable) > limit
|
positional_arg_count_for_call_objectapi(call, callable) > limit
|
||||||
@@ -211,7 +215,7 @@ predicate too_many_args(Call call, Value callable, int limit) {
|
|||||||
call = func.getAMethodCall().getNode() and limit = func.maxParameters() - 1
|
call = func.getAMethodCall().getNode() and limit = func.maxParameters() - 1
|
||||||
or
|
or
|
||||||
callable instanceof ClassValue and
|
callable instanceof ClassValue and
|
||||||
call.getAFlowNode() = get_a_call(callable) and
|
exists(ControlFlowNode callCfg | callCfg.getNode() = call | callCfg = get_a_call(callable)) and
|
||||||
limit = func.maxParameters() - 1
|
limit = func.maxParameters() - 1
|
||||||
) and
|
) and
|
||||||
positional_arg_count_for_call(call, callable) > limit
|
positional_arg_count_for_call(call, callable) > limit
|
||||||
|
|||||||
@@ -36,11 +36,15 @@ where
|
|||||||
exists(string s | dict_key(d, k1, s) and dict_key(d, k2, s) and k1 != k2) and
|
exists(string s | dict_key(d, k1, s) and dict_key(d, k2, s) and k1 != k2) and
|
||||||
(
|
(
|
||||||
exists(BasicBlock b, int i1, int i2 |
|
exists(BasicBlock b, int i1, int i2 |
|
||||||
k1.getAFlowNode() = b.getNode(i1) and
|
b.getNode(i1).getNode() = k1 and
|
||||||
k2.getAFlowNode() = b.getNode(i2) and
|
b.getNode(i2).getNode() = k2 and
|
||||||
i1 < i2
|
i1 < i2
|
||||||
)
|
)
|
||||||
or
|
or
|
||||||
k1.getAFlowNode().getBasicBlock().strictlyDominates(k2.getAFlowNode().getBasicBlock())
|
exists(ControlFlowNode k1Cfg, ControlFlowNode k2Cfg |
|
||||||
|
k1Cfg.getNode() = k1 and k2Cfg.getNode() = k2
|
||||||
|
|
|
||||||
|
k1Cfg.getBasicBlock().strictlyDominates(k2Cfg.getBasicBlock())
|
||||||
|
)
|
||||||
)
|
)
|
||||||
select k1, "Dictionary key " + repr(k1) + " is subsequently $@.", k2, "overwritten"
|
select k1, "Dictionary key " + repr(k1) + " is subsequently $@.", k2, "overwritten"
|
||||||
|
|||||||
@@ -98,16 +98,18 @@ private predicate brace_pair(PossibleAdvancedFormatString fmt, int start, int en
|
|||||||
}
|
}
|
||||||
|
|
||||||
private predicate advanced_format_call(Call format_expr, PossibleAdvancedFormatString fmt, int args) {
|
private predicate advanced_format_call(Call format_expr, PossibleAdvancedFormatString fmt, int args) {
|
||||||
exists(CallNode call | call = format_expr.getAFlowNode() |
|
exists(CallNode call, ControlFlowNode fmtCfg |
|
||||||
|
call.getNode() = format_expr and fmtCfg.getNode() = fmt
|
||||||
|
|
|
||||||
call.getFunction().(ControlFlowNodeWithPointsTo).pointsTo(Value::named("format")) and
|
call.getFunction().(ControlFlowNodeWithPointsTo).pointsTo(Value::named("format")) and
|
||||||
call.getArg(0).(ControlFlowNodeWithPointsTo).pointsTo(_, fmt.getAFlowNode()) and
|
call.getArg(0).(ControlFlowNodeWithPointsTo).pointsTo(_, fmtCfg) and
|
||||||
args = count(format_expr.getAnArg()) - 1
|
args = count(format_expr.getAnArg()) - 1
|
||||||
or
|
or
|
||||||
call.getFunction()
|
call.getFunction()
|
||||||
.(AttrNode)
|
.(AttrNode)
|
||||||
.getObject("format")
|
.getObject("format")
|
||||||
.(ControlFlowNodeWithPointsTo)
|
.(ControlFlowNodeWithPointsTo)
|
||||||
.pointsTo(_, fmt.getAFlowNode()) and
|
.pointsTo(_, fmtCfg) and
|
||||||
args = count(format_expr.getAnArg())
|
args = count(format_expr.getAnArg())
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -15,7 +15,7 @@ import python
|
|||||||
|
|
||||||
/** Holds if the comparison `comp` uses `is` or `is not` (represented as `op`) to compare its `left` and `right` arguments. */
|
/** Holds if the comparison `comp` uses `is` or `is not` (represented as `op`) to compare its `left` and `right` arguments. */
|
||||||
predicate comparison_using_is(Compare comp, ControlFlowNode left, Cmpop op, ControlFlowNode right) {
|
predicate comparison_using_is(Compare comp, ControlFlowNode left, Cmpop op, ControlFlowNode right) {
|
||||||
exists(CompareNode fcomp | fcomp = comp.getAFlowNode() |
|
exists(CompareNode fcomp | fcomp.getNode() = comp |
|
||||||
fcomp.operands(left, op, right) and
|
fcomp.operands(left, op, right) and
|
||||||
(op instanceof Is or op instanceof IsNot)
|
(op instanceof Is or op instanceof IsNot)
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ private import LegacyPointsTo
|
|||||||
|
|
||||||
/** Holds if the comparison `comp` uses `is` or `is not` (represented as `op`) to compare its `left` and `right` arguments. */
|
/** Holds if the comparison `comp` uses `is` or `is not` (represented as `op`) to compare its `left` and `right` arguments. */
|
||||||
predicate comparison_using_is(Compare comp, ControlFlowNode left, Cmpop op, ControlFlowNode right) {
|
predicate comparison_using_is(Compare comp, ControlFlowNode left, Cmpop op, ControlFlowNode right) {
|
||||||
exists(CompareNode fcomp | fcomp = comp.getAFlowNode() |
|
exists(CompareNode fcomp | fcomp.getNode() = comp |
|
||||||
fcomp.operands(left, op, right) and
|
fcomp.operands(left, op, right) and
|
||||||
(op instanceof Is or op instanceof IsNot)
|
(op instanceof Is or op instanceof IsNot)
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -19,7 +19,7 @@ where
|
|||||||
// Only relevant for Python 2, as all later versions implement true division
|
// Only relevant for Python 2, as all later versions implement true division
|
||||||
major_version() = 2 and
|
major_version() = 2 and
|
||||||
exists(BinaryExprNode bin, Value lval, Value rval |
|
exists(BinaryExprNode bin, Value lval, Value rval |
|
||||||
bin = div.getAFlowNode() and
|
bin.getNode() = div and
|
||||||
bin.getNode().getOp() instanceof Div and
|
bin.getNode().getOp() instanceof Div and
|
||||||
bin.getLeft().(ControlFlowNodeWithPointsTo).pointsTo(lval, left) and
|
bin.getLeft().(ControlFlowNodeWithPointsTo).pointsTo(lval, left) and
|
||||||
lval.getClass() = ClassValue::int_() and
|
lval.getClass() = ClassValue::int_() and
|
||||||
|
|||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user