mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
22 lines
789 B
Plaintext
22 lines
789 B
Plaintext
/**
|
|
* @name Untrusted data passed to external API
|
|
* @description Data provided remotely is used in this external API without sanitization, which could be a security risk.
|
|
* @id go/untrusted-data-to-external-api
|
|
* @kind path-problem
|
|
* @precision low
|
|
* @problem.severity error
|
|
* @security-severity 7.8
|
|
* @tags security
|
|
* external/cwe/cwe-020
|
|
*/
|
|
|
|
import go
|
|
import semmle.go.security.ExternalAPIs
|
|
import UntrustedDataToExternalApiFlow::PathGraph
|
|
|
|
from UntrustedDataToExternalApiFlow::PathNode source, UntrustedDataToExternalApiFlow::PathNode sink
|
|
where UntrustedDataToExternalApiFlow::flowPath(source, sink)
|
|
select sink, source, sink,
|
|
"Call to " + sink.getNode().(ExternalApiDataNode).getFunctionDescription() +
|
|
" with untrusted data from $@.", source, source.toString()
|