mirror of
https://github.com/github/codeql.git
synced 2025-12-21 19:26:31 +01:00
0c6c135967
This query already treats structs differently to usual: it includes field -> whole struct taint steps, but explicitly excludes struct -> field steps. This means that a logging framework sinking an entire struct with a tainted field yields an alert, but we don't get FPs caused by writing field `x` but then reading field `y`. However, protobuf messages have a special treatment, with taint usually associated with the whole struct and getter methods propagating that taint out. Suppressing these getter method steps specifically for the cleartext-logging query mirrors its treatment of structs in general and avoids this sort of field-mismatch FP. On the downside we will miss same-field propagation like `m.field = password; Log(m.GetField())` if we don't have source code for the implementation of `m`. However this is hopefully unusual since the typical use of protobufs is to serialize and deserialize, rather than using the struct as a general-purpose datastructure.
26 lines
359 B
Protocol Buffer
26 lines
359 B
Protocol Buffer
syntax = "proto3";
|
|
option go_package = "protos/query";
|
|
|
|
message Query {
|
|
string description = 1;
|
|
string id = 2;
|
|
|
|
enum Severity {
|
|
ERROR = 0;
|
|
WARNING = 1;
|
|
}
|
|
|
|
message Alert {
|
|
string msg = 1;
|
|
int64 loc = 2;
|
|
}
|
|
|
|
repeated Alert alerts = 4;
|
|
|
|
map<int32, string> keyValuePairs = 5;
|
|
}
|
|
|
|
message QuerySuite {
|
|
repeated Query queries = 1;
|
|
}
|