hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
f0f5fc7eac40fc5dc0ce35a3fe7cc5e320921f4f
codeql/go/ql/test/experimental/CWE-918/SSRF.expected
Owen Mansel-Chan f0f5fc7eac Improve SSRF additional flow step
2025-10-01 16:18:00 +01:00

143 lines
14 KiB
Plaintext
Raw Blame History

#select
| builtin.go:23:12:23:63 | call to Get | builtin.go:20:12:20:34 | call to FormValue | builtin.go:23:21:23:62 | ...+... | The URL of this request depends on a user-provided value. |
| builtin.go:89:12:89:53 | call to Dial | builtin.go:84:21:84:31 | call to Referer | builtin.go:89:27:89:40 | untrustedInput | The URL of this request depends on a user-provided value. |
| builtin.go:103:13:103:40 | call to DialConfig | builtin.go:98:21:98:31 | call to Referer | builtin.go:102:36:102:49 | untrustedInput | The URL of this request depends on a user-provided value. |
| builtin.go:115:3:115:39 | call to Dial | builtin.go:112:21:112:31 | call to Referer | builtin.go:115:15:115:28 | untrustedInput | The URL of this request depends on a user-provided value. |
| builtin.go:133:3:133:62 | call to DialContext | builtin.go:130:21:130:31 | call to Referer | builtin.go:133:38:133:51 | untrustedInput | The URL of this request depends on a user-provided value. |
| builtin.go:156:12:156:33 | call to Get | builtin.go:151:16:151:36 | call to FormValue | builtin.go:156:21:156:32 | call to String | The URL of this request depends on a user-provided value. |
| new-tests.go:31:2:31:58 | call to Get | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:31:11:31:57 | call to Sprintf | The URL of this request depends on a user-provided value. |
| new-tests.go:32:2:32:58 | call to Get | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:32:11:32:57 | call to Sprintf | The URL of this request depends on a user-provided value. |
| new-tests.go:35:3:35:59 | call to Get | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:35:12:35:58 | call to Sprintf | The URL of this request depends on a user-provided value. |
| new-tests.go:47:2:47:47 | call to Get | new-tests.go:39:18:39:30 | call to Param | new-tests.go:47:11:47:46 | ...+... | The URL of this request depends on a user-provided value. |
| new-tests.go:50:2:50:47 | call to Get | new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... | The URL of this request depends on a user-provided value. |
| new-tests.go:68:2:68:58 | call to Get | new-tests.go:62:31:62:38 | selection of Body | new-tests.go:68:11:68:57 | call to Sprintf | The URL of this request depends on a user-provided value. |
| new-tests.go:69:2:69:58 | call to Get | new-tests.go:62:31:62:38 | selection of Body | new-tests.go:69:11:69:57 | call to Sprintf | The URL of this request depends on a user-provided value. |
| new-tests.go:74:3:74:59 | call to Get | new-tests.go:62:31:62:38 | selection of Body | new-tests.go:74:12:74:58 | call to Sprintf | The URL of this request depends on a user-provided value. |
| new-tests.go:79:2:79:47 | call to Get | new-tests.go:78:18:78:24 | selection of URL | new-tests.go:79:11:79:46 | ...+... | The URL of this request depends on a user-provided value. |
| new-tests.go:82:2:82:47 | call to Get | new-tests.go:81:37:81:43 | selection of URL | new-tests.go:82:11:82:46 | ...+... | The URL of this request depends on a user-provided value. |
| new-tests.go:88:2:88:47 | call to Get | new-tests.go:86:10:86:20 | call to Vars | new-tests.go:88:11:88:46 | ...+... | The URL of this request depends on a user-provided value. |
| new-tests.go:96:2:96:47 | call to Get | new-tests.go:95:18:95:45 | call to URLParam | new-tests.go:96:11:96:46 | ...+... | The URL of this request depends on a user-provided value. |
edges
| builtin.go:20:12:20:34 | call to FormValue | builtin.go:23:21:23:62 | ...+... | provenance | Src:MaD:7 |
| builtin.go:84:21:84:31 | call to Referer | builtin.go:89:27:89:40 | untrustedInput | provenance | Src:MaD:8 |
| builtin.go:98:21:98:31 | call to Referer | builtin.go:102:36:102:49 | untrustedInput | provenance | Src:MaD:8 |
| builtin.go:112:21:112:31 | call to Referer | builtin.go:115:15:115:28 | untrustedInput | provenance | Src:MaD:8 |
| builtin.go:130:21:130:31 | call to Referer | builtin.go:133:38:133:51 | untrustedInput | provenance | Src:MaD:8 |
| builtin.go:151:16:151:36 | call to FormValue | builtin.go:154:13:154:22 | unsafehost | provenance | Src:MaD:7 |
| builtin.go:154:2:154:4 | implicit dereference [postupdate] | builtin.go:154:2:154:4 | url [postupdate] | provenance | |
| builtin.go:154:2:154:4 | url [postupdate] | builtin.go:156:21:156:23 | url | provenance | |
| builtin.go:154:13:154:22 | unsafehost | builtin.go:154:2:154:4 | implicit dereference [postupdate] | provenance | Config |
| builtin.go:154:13:154:22 | unsafehost | builtin.go:154:2:154:4 | url [postupdate] | provenance | Config |
| builtin.go:156:21:156:23 | url | builtin.go:156:21:156:32 | call to String | provenance | MaD:12 |
| new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:31:48:31:56 | selection of word | provenance | Src:MaD:3 |
| new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:32:48:32:56 | selection of safe | provenance | Src:MaD:3 |
| new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:35:49:35:57 | selection of word | provenance | Src:MaD:3 |
| new-tests.go:31:11:31:57 | []type{args} [array] | new-tests.go:31:11:31:57 | call to Sprintf | provenance | MaD:11 |
| new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | []type{args} [array] | provenance | |
| new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | call to Sprintf | provenance | FunctionModel |
| new-tests.go:32:11:32:57 | []type{args} [array] | new-tests.go:32:11:32:57 | call to Sprintf | provenance | MaD:11 |
| new-tests.go:32:48:32:56 | selection of safe | new-tests.go:32:11:32:57 | []type{args} [array] | provenance | |
| new-tests.go:32:48:32:56 | selection of safe | new-tests.go:32:11:32:57 | call to Sprintf | provenance | FunctionModel |
| new-tests.go:35:12:35:58 | []type{args} [array] | new-tests.go:35:12:35:58 | call to Sprintf | provenance | MaD:11 |
| new-tests.go:35:49:35:57 | selection of word | new-tests.go:35:12:35:58 | []type{args} [array] | provenance | |
| new-tests.go:35:49:35:57 | selection of word | new-tests.go:35:12:35:58 | call to Sprintf | provenance | FunctionModel |
| new-tests.go:39:18:39:30 | call to Param | new-tests.go:47:11:47:46 | ...+... | provenance | Src:MaD:1 |
| new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... | provenance | Src:MaD:2 |
| new-tests.go:62:2:62:39 | ... := ...[0] | new-tests.go:63:17:63:23 | reqBody | provenance | |
| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] | provenance | Src:MaD:6 MaD:13 |
| new-tests.go:63:17:63:23 | reqBody | new-tests.go:63:26:63:30 | &... [postupdate] | provenance | MaD:10 |
| new-tests.go:63:26:63:30 | &... [postupdate] | new-tests.go:68:48:68:56 | selection of word | provenance | |
| new-tests.go:63:26:63:30 | &... [postupdate] | new-tests.go:69:48:69:56 | selection of safe | provenance | |
| new-tests.go:63:26:63:30 | &... [postupdate] | new-tests.go:74:49:74:57 | selection of word | provenance | |
| new-tests.go:68:11:68:57 | []type{args} [array] | new-tests.go:68:11:68:57 | call to Sprintf | provenance | MaD:11 |
| new-tests.go:68:48:68:56 | selection of word | new-tests.go:68:11:68:57 | []type{args} [array] | provenance | |
| new-tests.go:68:48:68:56 | selection of word | new-tests.go:68:11:68:57 | call to Sprintf | provenance | FunctionModel |
| new-tests.go:69:11:69:57 | []type{args} [array] | new-tests.go:69:11:69:57 | call to Sprintf | provenance | MaD:11 |
| new-tests.go:69:48:69:56 | selection of safe | new-tests.go:69:11:69:57 | []type{args} [array] | provenance | |
| new-tests.go:69:48:69:56 | selection of safe | new-tests.go:69:11:69:57 | call to Sprintf | provenance | FunctionModel |
| new-tests.go:74:12:74:58 | []type{args} [array] | new-tests.go:74:12:74:58 | call to Sprintf | provenance | MaD:11 |
| new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | []type{args} [array] | provenance | |
| new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | call to Sprintf | provenance | FunctionModel |
| new-tests.go:78:18:78:24 | selection of URL | new-tests.go:78:18:78:32 | call to Query | provenance | Src:MaD:9 MaD:14 |
| new-tests.go:78:18:78:32 | call to Query | new-tests.go:78:18:78:46 | call to Get | provenance | MaD:15 |
| new-tests.go:78:18:78:46 | call to Get | new-tests.go:79:11:79:46 | ...+... | provenance | |
| new-tests.go:81:18:81:67 | call to TrimPrefix | new-tests.go:82:11:82:46 | ...+... | provenance | |
| new-tests.go:81:37:81:43 | selection of URL | new-tests.go:81:37:81:48 | selection of Path | provenance | Src:MaD:9 |
| new-tests.go:81:37:81:48 | selection of Path | new-tests.go:81:18:81:67 | call to TrimPrefix | provenance | MaD:16 |
| new-tests.go:86:10:86:20 | call to Vars | new-tests.go:88:11:88:46 | ...+... | provenance | Src:MaD:5 |
| new-tests.go:95:18:95:45 | call to URLParam | new-tests.go:96:11:96:46 | ...+... | provenance | Src:MaD:4 |
models
| 1 | Source: github.com/gin-gonic/gin; Context; true; Param; ; ; ReturnValue; remote; manual |
| 2 | Source: github.com/gin-gonic/gin; Context; true; Query; ; ; ReturnValue; remote; manual |
| 3 | Source: github.com/gin-gonic/gin; Context; true; ShouldBindJSON; ; ; Argument[0]; remote; manual |
| 4 | Source: github.com/go-chi/chi; ; false; URLParam; ; ; ReturnValue; remote; manual |
| 5 | Source: github.com/gorilla/mux; ; false; Vars; ; ; ReturnValue; remote; manual |
| 6 | Source: net/http; Request; true; Body; ; ; ; remote; manual |
| 7 | Source: net/http; Request; true; FormValue; ; ; ReturnValue; remote; manual |
| 8 | Source: net/http; Request; true; Referer; ; ; ReturnValue; remote; manual |
| 9 | Source: net/http; Request; true; URL; ; ; ; remote; manual |
| 10 | Summary: encoding/json; ; false; Unmarshal; ; ; Argument[0]; Argument[1]; taint; manual |
| 11 | Summary: fmt; ; false; Sprintf; ; ; Argument[1].ArrayElement; ReturnValue; taint; manual |
| 12 | Summary: fmt; Stringer; true; String; ; ; Argument[receiver]; ReturnValue; taint; manual |
| 13 | Summary: io/ioutil; ; false; ReadAll; ; ; Argument[0]; ReturnValue[0]; taint; manual |
| 14 | Summary: net/url; URL; true; Query; ; ; Argument[receiver]; ReturnValue; taint; manual |
| 15 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
| 16 | Summary: strings; ; false; TrimPrefix; ; ; Argument[0]; ReturnValue; taint; manual |
nodes
| builtin.go:20:12:20:34 | call to FormValue | semmle.label | call to FormValue |
| builtin.go:23:21:23:62 | ...+... | semmle.label | ...+... |
| builtin.go:84:21:84:31 | call to Referer | semmle.label | call to Referer |
| builtin.go:89:27:89:40 | untrustedInput | semmle.label | untrustedInput |
| builtin.go:98:21:98:31 | call to Referer | semmle.label | call to Referer |
| builtin.go:102:36:102:49 | untrustedInput | semmle.label | untrustedInput |
| builtin.go:112:21:112:31 | call to Referer | semmle.label | call to Referer |
| builtin.go:115:15:115:28 | untrustedInput | semmle.label | untrustedInput |
| builtin.go:130:21:130:31 | call to Referer | semmle.label | call to Referer |
| builtin.go:133:38:133:51 | untrustedInput | semmle.label | untrustedInput |
| builtin.go:151:16:151:36 | call to FormValue | semmle.label | call to FormValue |
| builtin.go:154:2:154:4 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
| builtin.go:154:2:154:4 | url [postupdate] | semmle.label | url [postupdate] |
| builtin.go:154:13:154:22 | unsafehost | semmle.label | unsafehost |
| builtin.go:156:21:156:23 | url | semmle.label | url |
| builtin.go:156:21:156:32 | call to String | semmle.label | call to String |
| new-tests.go:26:26:26:30 | &... [postupdate] | semmle.label | &... [postupdate] |
| new-tests.go:31:11:31:57 | []type{args} [array] | semmle.label | []type{args} [array] |
| new-tests.go:31:11:31:57 | call to Sprintf | semmle.label | call to Sprintf |
| new-tests.go:31:48:31:56 | selection of word | semmle.label | selection of word |
| new-tests.go:32:11:32:57 | []type{args} [array] | semmle.label | []type{args} [array] |
| new-tests.go:32:11:32:57 | call to Sprintf | semmle.label | call to Sprintf |
| new-tests.go:32:48:32:56 | selection of safe | semmle.label | selection of safe |
| new-tests.go:35:12:35:58 | []type{args} [array] | semmle.label | []type{args} [array] |
| new-tests.go:35:12:35:58 | call to Sprintf | semmle.label | call to Sprintf |
| new-tests.go:35:49:35:57 | selection of word | semmle.label | selection of word |
| new-tests.go:39:18:39:30 | call to Param | semmle.label | call to Param |
| new-tests.go:47:11:47:46 | ...+... | semmle.label | ...+... |
| new-tests.go:49:18:49:30 | call to Query | semmle.label | call to Query |
| new-tests.go:50:11:50:46 | ...+... | semmle.label | ...+... |
| new-tests.go:62:2:62:39 | ... := ...[0] | semmle.label | ... := ...[0] |
| new-tests.go:62:31:62:38 | selection of Body | semmle.label | selection of Body |
| new-tests.go:63:17:63:23 | reqBody | semmle.label | reqBody |
| new-tests.go:63:26:63:30 | &... [postupdate] | semmle.label | &... [postupdate] |
| new-tests.go:68:11:68:57 | []type{args} [array] | semmle.label | []type{args} [array] |
| new-tests.go:68:11:68:57 | call to Sprintf | semmle.label | call to Sprintf |
| new-tests.go:68:48:68:56 | selection of word | semmle.label | selection of word |
| new-tests.go:69:11:69:57 | []type{args} [array] | semmle.label | []type{args} [array] |
| new-tests.go:69:11:69:57 | call to Sprintf | semmle.label | call to Sprintf |
| new-tests.go:69:48:69:56 | selection of safe | semmle.label | selection of safe |
| new-tests.go:74:12:74:58 | []type{args} [array] | semmle.label | []type{args} [array] |
| new-tests.go:74:12:74:58 | call to Sprintf | semmle.label | call to Sprintf |
| new-tests.go:74:49:74:57 | selection of word | semmle.label | selection of word |
| new-tests.go:78:18:78:24 | selection of URL | semmle.label | selection of URL |
| new-tests.go:78:18:78:32 | call to Query | semmle.label | call to Query |
| new-tests.go:78:18:78:46 | call to Get | semmle.label | call to Get |
| new-tests.go:79:11:79:46 | ...+... | semmle.label | ...+... |
| new-tests.go:81:18:81:67 | call to TrimPrefix | semmle.label | call to TrimPrefix |
| new-tests.go:81:37:81:43 | selection of URL | semmle.label | selection of URL |
| new-tests.go:81:37:81:48 | selection of Path | semmle.label | selection of Path |
| new-tests.go:82:11:82:46 | ...+... | semmle.label | ...+... |
| new-tests.go:86:10:86:20 | call to Vars | semmle.label | call to Vars |
| new-tests.go:88:11:88:46 | ...+... | semmle.label | ...+... |
| new-tests.go:95:18:95:45 | call to URLParam | semmle.label | call to URLParam |
| new-tests.go:96:11:96:46 | ...+... | semmle.label | ...+... |
subpaths
Reference in New Issue View Git Blame Copy Permalink