From 19287fb5ff3762b05f57fb49a977b38f8b68c10f Mon Sep 17 00:00:00 2001 From: Slavomir Date: Wed, 8 Jul 2020 12:23:27 +0300 Subject: [PATCH 1/7] Add taint-tracking for archive/tar and archive/zip --- ql/src/semmle/go/frameworks/Stdlib.qll | 1 + .../stdlib/ArchiveTarTaintTracking.qll | 63 +++ .../stdlib/ArchiveZipTaintTracking.qll | 86 +++++ .../semmle/go/frameworks/stdlib/ImportAll.qll | 7 + .../ArchiveTarTaintTracking.go | 210 ++++++++++ .../ArchiveZipTaintTracking.go | 364 ++++++++++++++++++ .../StdlibTaintFlow/StdlibTaintFlow.expected | 0 .../StdlibTaintFlow/StdlibTaintFlow.ql | 38 ++ .../go/frameworks/StdlibTaintFlow/main.go | 10 + 9 files changed, 779 insertions(+) create mode 100644 ql/src/semmle/go/frameworks/stdlib/ArchiveTarTaintTracking.qll create mode 100644 ql/src/semmle/go/frameworks/stdlib/ArchiveZipTaintTracking.qll create mode 100644 ql/src/semmle/go/frameworks/stdlib/ImportAll.qll create mode 100644 ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveTarTaintTracking.go create mode 100644 ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveZipTaintTracking.go create mode 100644 ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected create mode 100644 ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.ql create mode 100644 ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/main.go diff --git a/ql/src/semmle/go/frameworks/Stdlib.qll b/ql/src/semmle/go/frameworks/Stdlib.qll index 8c4ef5b9..92e41cb3 100644 --- a/ql/src/semmle/go/frameworks/Stdlib.qll +++ b/ql/src/semmle/go/frameworks/Stdlib.qll @@ -3,6 +3,7 @@ */ import go +import semmle.go.frameworks.stdlib.ImportAll /** A `String()` method. */ class StringMethod extends TaintTracking::FunctionModel, Method { diff --git a/ql/src/semmle/go/frameworks/stdlib/ArchiveTarTaintTracking.qll b/ql/src/semmle/go/frameworks/stdlib/ArchiveTarTaintTracking.qll new file mode 100644 index 00000000..4f020290 --- /dev/null +++ b/ql/src/semmle/go/frameworks/stdlib/ArchiveTarTaintTracking.qll @@ -0,0 +1,63 @@ +/** + * Provides classes modeling security-relevant aspects of the standard libraries. + */ + +import go + +/** Provides models of commonly used functions in the `archive/tar` package. */ +module ArchiveTarTaintTracking { + private class FunctionTaintTracking extends TaintTracking::FunctionModel { + FunctionInput inp; + FunctionOutput outp; + + FunctionTaintTracking() { + // signature: func FileInfoHeader(fi os.FileInfo, link string) (*Header, error) + hasQualifiedName("archive/tar", "FileInfoHeader") and + (inp.isParameter(0) and outp.isResult(0)) + or + // signature: func NewReader(r io.Reader) *Reader + hasQualifiedName("archive/tar", "NewReader") and + (inp.isParameter(0) and outp.isResult()) + or + // signature: func NewWriter(w io.Writer) *Writer + hasQualifiedName("archive/tar", "NewWriter") and + (inp.isResult() and outp.isParameter(0)) + } + + override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { + input = inp and output = outp + } + } + + private class MethodAndInterfaceTaintTracking extends TaintTracking::FunctionModel, Method { + FunctionInput inp; + FunctionOutput outp; + + MethodAndInterfaceTaintTracking() { + // Methods: + // signature: func (*Header).FileInfo() os.FileInfo + this.(Method).hasQualifiedName("archive/tar", "Header", "FileInfo") and + (inp.isReceiver() and outp.isResult()) + or + // signature: func (*Reader).Next() (*Header, error) + this.(Method).hasQualifiedName("archive/tar", "Reader", "Next") and + (inp.isReceiver() and outp.isResult(0)) + or + // signature: func (*Reader).Read(b []byte) (int, error) + this.(Method).hasQualifiedName("archive/tar", "Reader", "Read") and + (inp.isReceiver() and outp.isParameter(0)) + or + // signature: func (*Writer).Write(b []byte) (int, error) + this.(Method).hasQualifiedName("archive/tar", "Writer", "Write") and + (inp.isParameter(0) and outp.isReceiver()) + or + // signature: func (*Writer).WriteHeader(hdr *Header) error + this.(Method).hasQualifiedName("archive/tar", "Writer", "WriteHeader") and + (inp.isParameter(0) and outp.isReceiver()) + } + + override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { + input = inp and output = outp + } + } +} diff --git a/ql/src/semmle/go/frameworks/stdlib/ArchiveZipTaintTracking.qll b/ql/src/semmle/go/frameworks/stdlib/ArchiveZipTaintTracking.qll new file mode 100644 index 00000000..9ef1b1a0 --- /dev/null +++ b/ql/src/semmle/go/frameworks/stdlib/ArchiveZipTaintTracking.qll @@ -0,0 +1,86 @@ +/** + * Provides classes modeling security-relevant aspects of the standard libraries. + */ + +import go + +/** Provides models of commonly used functions in the `archive/zip` package. */ +module ArchiveZipTaintTracking { + private class FunctionTaintTracking extends TaintTracking::FunctionModel { + FunctionInput inp; + FunctionOutput outp; + + FunctionTaintTracking() { + // signature: func FileInfoHeader(fi os.FileInfo) (*FileHeader, error) + hasQualifiedName("archive/zip", "FileInfoHeader") and + (inp.isParameter(0) and outp.isResult(0)) + or + // signature: func NewReader(r io.ReaderAt, size int64) (*Reader, error) + hasQualifiedName("archive/zip", "NewReader") and + (inp.isParameter(0) and outp.isResult(0)) + or + // signature: func NewWriter(w io.Writer) *Writer + hasQualifiedName("archive/zip", "NewWriter") and + (inp.isResult() and outp.isParameter(0)) + or + // signature: func OpenReader(name string) (*ReadCloser, error) + hasQualifiedName("archive/zip", "OpenReader") and + (inp.isParameter(0) and outp.isResult(0)) + } + + override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { + input = inp and output = outp + } + } + + private class MethodAndInterfaceTaintTracking extends TaintTracking::FunctionModel, Method { + FunctionInput inp; + FunctionOutput outp; + + MethodAndInterfaceTaintTracking() { + // Methods: + // signature: func (*File).Open() (io.ReadCloser, error) + this.(Method).hasQualifiedName("archive/zip", "File", "Open") and + (inp.isReceiver() and outp.isResult(0)) + or + // signature: func (*FileHeader).FileInfo() os.FileInfo + this.(Method).hasQualifiedName("archive/zip", "FileHeader", "FileInfo") and + (inp.isReceiver() and outp.isResult()) + or + // signature: func (*FileHeader).Mode() (mode os.FileMode) + this.(Method).hasQualifiedName("archive/zip", "FileHeader", "Mode") and + (inp.isReceiver() and outp.isResult()) + or + // signature: func (*FileHeader).SetMode(mode os.FileMode) + this.(Method).hasQualifiedName("archive/zip", "FileHeader", "SetMode") and + (inp.isParameter(0) and outp.isReceiver()) + or + // signature: func (*Reader).RegisterDecompressor(method uint16, dcomp Decompressor) + this.(Method).hasQualifiedName("archive/zip", "Reader", "RegisterDecompressor") and + (inp.isParameter(1) and outp.isReceiver()) + or + // signature: func (*Writer).Create(name string) (io.Writer, error) + this.(Method).hasQualifiedName("archive/zip", "Writer", "Create") and + (inp.isResult(0) and outp.isReceiver()) + or + // signature: func (*Writer).CreateHeader(fh *FileHeader) (io.Writer, error) + this.(Method).hasQualifiedName("archive/zip", "Writer", "CreateHeader") and + ( + (inp.isParameter(0) or inp.isResult(0)) and + outp.isReceiver() + ) + or + // signature: func (*Writer).RegisterCompressor(method uint16, comp Compressor) + this.(Method).hasQualifiedName("archive/zip", "Writer", "RegisterCompressor") and + (inp.isParameter(1) and outp.isReceiver()) + or + // signature: func (*Writer).SetComment(comment string) error + this.(Method).hasQualifiedName("archive/zip", "Writer", "SetComment") and + (inp.isParameter(0) and outp.isReceiver()) + } + + override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { + input = inp and output = outp + } + } +} diff --git a/ql/src/semmle/go/frameworks/stdlib/ImportAll.qll b/ql/src/semmle/go/frameworks/stdlib/ImportAll.qll new file mode 100644 index 00000000..0021de83 --- /dev/null +++ b/ql/src/semmle/go/frameworks/stdlib/ImportAll.qll @@ -0,0 +1,7 @@ +/** + * Provides imports of all the standard libraries. + */ + +import go +import semmle.go.frameworks.stdlib.ArchiveTarTaintTracking +import semmle.go.frameworks.stdlib.ArchiveZipTaintTracking diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveTarTaintTracking.go b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveTarTaintTracking.go new file mode 100644 index 00000000..fa1ac89c --- /dev/null +++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveTarTaintTracking.go @@ -0,0 +1,210 @@ +// WARNING: This file was automatically generated. DO NOT EDIT. + +package main + +import ( + "archive/tar" + "io" + "os" +) + +func TaintStepTest_ArchiveTarFileInfoHeader_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromFileInfo656` into `intoHeader414`. + + // Assume that `sourceCQL` has the underlying type of `fromFileInfo656`: + fromFileInfo656 := sourceCQL.(os.FileInfo) + + // Call the function that transfers the taint + // from the parameter `fromFileInfo656` to result `intoHeader414` + // (`intoHeader414` is now tainted). + intoHeader414, _ := tar.FileInfoHeader(fromFileInfo656, "") + + // Return the tainted `intoHeader414`: + return intoHeader414 +} + +func TaintStepTest_ArchiveTarNewReader_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromReader518` into `intoReader650`. + + // Assume that `sourceCQL` has the underlying type of `fromReader518`: + fromReader518 := sourceCQL.(io.Reader) + + // Call the function that transfers the taint + // from the parameter `fromReader518` to result `intoReader650` + // (`intoReader650` is now tainted). + intoReader650 := tar.NewReader(fromReader518) + + // Return the tainted `intoReader650`: + return intoReader650 +} + +func TaintStepTest_ArchiveTarNewWriter_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromWriter784` into `intoWriter957`. + + // Assume that `sourceCQL` has the underlying type of `fromWriter784`: + fromWriter784 := sourceCQL.(*tar.Writer) + + // Declare `intoWriter957` variable: + var intoWriter957 io.Writer + + // Call the function that will transfer the taint + // from the result `intermediateCQL` to parameter `intoWriter957`: + intermediateCQL := tar.NewWriter(intoWriter957) + + // Extra step (`fromWriter784` taints `intermediateCQL`, which taints `intoWriter957`: + link(fromWriter784, intermediateCQL) + + // Return the tainted `intoWriter957`: + return intoWriter957 +} + +func TaintStepTest_ArchiveTarHeaderFileInfo_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromHeader520` into `intoFileInfo443`. + + // Assume that `sourceCQL` has the underlying type of `fromHeader520`: + fromHeader520 := sourceCQL.(tar.Header) + + // Call the method that transfers the taint + // from the receiver `fromHeader520` to the result `intoFileInfo443` + // (`intoFileInfo443` is now tainted). + intoFileInfo443 := fromHeader520.FileInfo() + + // Return the tainted `intoFileInfo443`: + return intoFileInfo443 +} + +func TaintStepTest_ArchiveTarReaderNext_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromReader127` into `intoHeader483`. + + // Assume that `sourceCQL` has the underlying type of `fromReader127`: + fromReader127 := sourceCQL.(tar.Reader) + + // Call the method that transfers the taint + // from the receiver `fromReader127` to the result `intoHeader483` + // (`intoHeader483` is now tainted). + intoHeader483, _ := fromReader127.Next() + + // Return the tainted `intoHeader483`: + return intoHeader483 +} + +func TaintStepTest_ArchiveTarReaderRead_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromReader989` into `intoByte982`. + + // Assume that `sourceCQL` has the underlying type of `fromReader989`: + fromReader989 := sourceCQL.(tar.Reader) + + // Declare `intoByte982` variable: + var intoByte982 []byte + + // Call the method that transfers the taint + // from the receiver `fromReader989` to the argument `intoByte982` + // (`intoByte982` is now tainted). + fromReader989.Read(intoByte982) + + // Return the tainted `intoByte982`: + return intoByte982 +} + +func TaintStepTest_ArchiveTarWriterWrite_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromByte417` into `intoWriter584`. + + // Assume that `sourceCQL` has the underlying type of `fromByte417`: + fromByte417 := sourceCQL.([]byte) + + // Declare `intoWriter584` variable: + var intoWriter584 tar.Writer + + // Call the method that transfers the taint + // from the parameter `fromByte417` to the receiver `intoWriter584` + // (`intoWriter584` is now tainted). + intoWriter584.Write(fromByte417) + + // Return the tainted `intoWriter584`: + return intoWriter584 +} + +func TaintStepTest_ArchiveTarWriterWriteHeader_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromHeader991` into `intoWriter881`. + + // Assume that `sourceCQL` has the underlying type of `fromHeader991`: + fromHeader991 := sourceCQL.(*tar.Header) + + // Declare `intoWriter881` variable: + var intoWriter881 tar.Writer + + // Call the method that transfers the taint + // from the parameter `fromHeader991` to the receiver `intoWriter881` + // (`intoWriter881` is now tainted). + intoWriter881.WriteHeader(fromHeader991) + + // Return the tainted `intoWriter881`: + return intoWriter881 +} + +func RunAllTaints_ArchiveTar() { + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveTarFileInfoHeader_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveTarNewReader_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveTarNewWriter_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveTarHeaderFileInfo_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveTarReaderNext_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveTarReaderRead_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveTarWriterWrite_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveTarWriterWriteHeader_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } +} diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveZipTaintTracking.go b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveZipTaintTracking.go new file mode 100644 index 00000000..00655690 --- /dev/null +++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveZipTaintTracking.go @@ -0,0 +1,364 @@ +// WARNING: This file was automatically generated. DO NOT EDIT. + +package main + +import ( + "archive/zip" + "io" + "os" +) + +func TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromFileInfo656` into `intoFileHeader414`. + + // Assume that `sourceCQL` has the underlying type of `fromFileInfo656`: + fromFileInfo656 := sourceCQL.(os.FileInfo) + + // Call the function that transfers the taint + // from the parameter `fromFileInfo656` to result `intoFileHeader414` + // (`intoFileHeader414` is now tainted). + intoFileHeader414, _ := zip.FileInfoHeader(fromFileInfo656) + + // Return the tainted `intoFileHeader414`: + return intoFileHeader414 +} + +func TaintStepTest_ArchiveZipNewReader_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromReaderAt518` into `intoReader650`. + + // Assume that `sourceCQL` has the underlying type of `fromReaderAt518`: + fromReaderAt518 := sourceCQL.(io.ReaderAt) + + // Call the function that transfers the taint + // from the parameter `fromReaderAt518` to result `intoReader650` + // (`intoReader650` is now tainted). + intoReader650, _ := zip.NewReader(fromReaderAt518, 0) + + // Return the tainted `intoReader650`: + return intoReader650 +} + +func TaintStepTest_ArchiveZipNewWriter_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromWriter784` into `intoWriter957`. + + // Assume that `sourceCQL` has the underlying type of `fromWriter784`: + fromWriter784 := sourceCQL.(*zip.Writer) + + // Declare `intoWriter957` variable: + var intoWriter957 io.Writer + + // Call the function that will transfer the taint + // from the result `intermediateCQL` to parameter `intoWriter957`: + intermediateCQL := zip.NewWriter(intoWriter957) + + // Extra step (`fromWriter784` taints `intermediateCQL`, which taints `intoWriter957`: + link(fromWriter784, intermediateCQL) + + // Return the tainted `intoWriter957`: + return intoWriter957 +} + +func TaintStepTest_ArchiveZipOpenReader_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromString520` into `intoReadCloser443`. + + // Assume that `sourceCQL` has the underlying type of `fromString520`: + fromString520 := sourceCQL.(string) + + // Call the function that transfers the taint + // from the parameter `fromString520` to result `intoReadCloser443` + // (`intoReadCloser443` is now tainted). + intoReadCloser443, _ := zip.OpenReader(fromString520) + + // Return the tainted `intoReadCloser443`: + return intoReadCloser443 +} + +func TaintStepTest_ArchiveZipFileOpen_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromFile127` into `intoReadCloser483`. + + // Assume that `sourceCQL` has the underlying type of `fromFile127`: + fromFile127 := sourceCQL.(zip.File) + + // Call the method that transfers the taint + // from the receiver `fromFile127` to the result `intoReadCloser483` + // (`intoReadCloser483` is now tainted). + intoReadCloser483, _ := fromFile127.Open() + + // Return the tainted `intoReadCloser483`: + return intoReadCloser483 +} + +func TaintStepTest_ArchiveZipFileHeaderFileInfo_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromFileHeader989` into `intoFileInfo982`. + + // Assume that `sourceCQL` has the underlying type of `fromFileHeader989`: + fromFileHeader989 := sourceCQL.(zip.FileHeader) + + // Call the method that transfers the taint + // from the receiver `fromFileHeader989` to the result `intoFileInfo982` + // (`intoFileInfo982` is now tainted). + intoFileInfo982 := fromFileHeader989.FileInfo() + + // Return the tainted `intoFileInfo982`: + return intoFileInfo982 +} + +func TaintStepTest_ArchiveZipFileHeaderMode_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromFileHeader417` into `intoFileMode584`. + + // Assume that `sourceCQL` has the underlying type of `fromFileHeader417`: + fromFileHeader417 := sourceCQL.(zip.FileHeader) + + // Call the method that transfers the taint + // from the receiver `fromFileHeader417` to the result `intoFileMode584` + // (`intoFileMode584` is now tainted). + intoFileMode584 := fromFileHeader417.Mode() + + // Return the tainted `intoFileMode584`: + return intoFileMode584 +} + +func TaintStepTest_ArchiveZipFileHeaderSetMode_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromFileMode991` into `intoFileHeader881`. + + // Assume that `sourceCQL` has the underlying type of `fromFileMode991`: + fromFileMode991 := sourceCQL.(os.FileMode) + + // Declare `intoFileHeader881` variable: + var intoFileHeader881 zip.FileHeader + + // Call the method that transfers the taint + // from the parameter `fromFileMode991` to the receiver `intoFileHeader881` + // (`intoFileHeader881` is now tainted). + intoFileHeader881.SetMode(fromFileMode991) + + // Return the tainted `intoFileHeader881`: + return intoFileHeader881 +} + +func TaintStepTest_ArchiveZipReaderRegisterDecompressor_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromDecompressor186` into `intoReader284`. + + // Assume that `sourceCQL` has the underlying type of `fromDecompressor186`: + fromDecompressor186 := sourceCQL.(zip.Decompressor) + + // Declare `intoReader284` variable: + var intoReader284 zip.Reader + + // Call the method that transfers the taint + // from the parameter `fromDecompressor186` to the receiver `intoReader284` + // (`intoReader284` is now tainted). + intoReader284.RegisterDecompressor(0, fromDecompressor186) + + // Return the tainted `intoReader284`: + return intoReader284 +} + +func TaintStepTest_ArchiveZipWriterCreate_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromWriter908` into `intoWriter137`. + + // Assume that `sourceCQL` has the underlying type of `fromWriter908`: + fromWriter908 := sourceCQL.(io.Writer) + + // Declare `intoWriter137` variable: + var intoWriter137 zip.Writer + + // Call the method that will transfer the taint + // from the result `intermediateCQL` to receiver `intoWriter137`: + intermediateCQL, _ := intoWriter137.Create("") + + // Extra step (`fromWriter908` taints `intermediateCQL`, which taints `intoWriter137`: + link(fromWriter908, intermediateCQL) + + // Return the tainted `intoWriter137`: + return intoWriter137 +} + +func TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromFileHeader494` into `intoWriter873`. + + // Assume that `sourceCQL` has the underlying type of `fromFileHeader494`: + fromFileHeader494 := sourceCQL.(*zip.FileHeader) + + // Declare `intoWriter873` variable: + var intoWriter873 zip.Writer + + // Call the method that transfers the taint + // from the parameter `fromFileHeader494` to the receiver `intoWriter873` + // (`intoWriter873` is now tainted). + intoWriter873.CreateHeader(fromFileHeader494) + + // Return the tainted `intoWriter873`: + return intoWriter873 +} + +func TaintStepTest_ArchiveZipWriterCreateHeader_B0I1O0(sourceCQL interface{}) interface{} { + // The flow is from `fromWriter599` into `intoWriter409`. + + // Assume that `sourceCQL` has the underlying type of `fromWriter599`: + fromWriter599 := sourceCQL.(io.Writer) + + // Declare `intoWriter409` variable: + var intoWriter409 zip.Writer + + // Call the method that will transfer the taint + // from the result `intermediateCQL` to receiver `intoWriter409`: + intermediateCQL, _ := intoWriter409.CreateHeader(nil) + + // Extra step (`fromWriter599` taints `intermediateCQL`, which taints `intoWriter409`: + link(fromWriter599, intermediateCQL) + + // Return the tainted `intoWriter409`: + return intoWriter409 +} + +func TaintStepTest_ArchiveZipWriterRegisterCompressor_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromCompressor246` into `intoWriter898`. + + // Assume that `sourceCQL` has the underlying type of `fromCompressor246`: + fromCompressor246 := sourceCQL.(zip.Compressor) + + // Declare `intoWriter898` variable: + var intoWriter898 zip.Writer + + // Call the method that transfers the taint + // from the parameter `fromCompressor246` to the receiver `intoWriter898` + // (`intoWriter898` is now tainted). + intoWriter898.RegisterCompressor(0, fromCompressor246) + + // Return the tainted `intoWriter898`: + return intoWriter898 +} + +func TaintStepTest_ArchiveZipWriterSetComment_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromString598` into `intoWriter631`. + + // Assume that `sourceCQL` has the underlying type of `fromString598`: + fromString598 := sourceCQL.(string) + + // Declare `intoWriter631` variable: + var intoWriter631 zip.Writer + + // Call the method that transfers the taint + // from the parameter `fromString598` to the receiver `intoWriter631` + // (`intoWriter631` is now tainted). + intoWriter631.SetComment(fromString598) + + // Return the tainted `intoWriter631`: + return intoWriter631 +} + +func RunAllTaints_ArchiveZip() { + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveZipNewReader_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveZipNewWriter_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveZipOpenReader_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveZipFileOpen_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveZipFileHeaderFileInfo_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveZipFileHeaderMode_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveZipFileHeaderSetMode_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveZipReaderRegisterDecompressor_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveZipWriterCreate_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveZipWriterCreateHeader_B0I1O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveZipWriterRegisterCompressor_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveZipWriterSetComment_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } +} diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected new file mode 100644 index 00000000..e69de29b diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.ql b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.ql new file mode 100644 index 00000000..b3f33bce --- /dev/null +++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.ql @@ -0,0 +1,38 @@ +/** + * @kind path-problem + */ + +import go +import DataFlow::PathGraph + +class Source extends DataFlow::ExprNode { + Source() { + exists(Function fn | fn.hasQualifiedName(_, "newSource") | this = fn.getACall().getResult()) + } +} + +class Sink extends DataFlow::ExprNode { + Sink() { + exists(Function fn | fn.hasQualifiedName(_, "sink") | this = fn.getACall().getArgument(0)) + } +} + +class Link extends TaintTracking::FunctionModel { + Link() { hasQualifiedName(_, "link") } + + override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) { + inp.isParameter(0) and outp.isParameter(1) + } +} + +class FlowConf extends TaintTracking::Configuration { + FlowConf() { this = "FlowConf" } + + override predicate isSource(DataFlow::Node source) { source instanceof Source } + + override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } +} + +from FlowConf cfg, DataFlow::PathNode source, DataFlow::PathNode sink +where cfg.hasFlowPath(source, sink) +select sink.getNode(), source, sink, "Flow from $@.", source.getNode(), "source" diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/main.go b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/main.go new file mode 100644 index 00000000..197f9809 --- /dev/null +++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/main.go @@ -0,0 +1,10 @@ +package main + +func main() {} +func sink(v interface{}) {} + +func link(from interface{}, into interface{}) {} + +func newSource() interface{} { + return nil +} From 5b632286905daba70a1afbdc08a6b8ffa77b2f16 Mon Sep 17 00:00:00 2001 From: Slavomir Date: Wed, 8 Jul 2020 13:13:31 +0300 Subject: [PATCH 2/7] Add StdlibTaintFlow.expected --- .../StdlibTaintFlow/StdlibTaintFlow.expected | 179 ++++++++++++++++++ 1 file changed, 179 insertions(+) diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected index e69de29b..6142bec1 100644 --- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected +++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected @@ -0,0 +1,179 @@ +edges +| ArchiveTarTaintTracking.go:148:13:148:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:150:56:150:61 | source : interface type | +| ArchiveTarTaintTracking.go:150:10:150:62 | call to TaintStepTest_ArchiveTarFileInfoHeader_B0I0O0 : pointer type | ArchiveTarTaintTracking.go:152:8:152:10 | out | +| ArchiveTarTaintTracking.go:150:56:150:61 | source : interface type | ArchiveTarTaintTracking.go:150:10:150:62 | call to TaintStepTest_ArchiveTarFileInfoHeader_B0I0O0 : pointer type | +| ArchiveTarTaintTracking.go:156:13:156:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:158:51:158:56 | source : interface type | +| ArchiveTarTaintTracking.go:158:10:158:57 | call to TaintStepTest_ArchiveTarNewReader_B0I0O0 : pointer type | ArchiveTarTaintTracking.go:160:8:160:10 | out | +| ArchiveTarTaintTracking.go:158:51:158:56 | source : interface type | ArchiveTarTaintTracking.go:158:10:158:57 | call to TaintStepTest_ArchiveTarNewReader_B0I0O0 : pointer type | +| ArchiveTarTaintTracking.go:164:13:164:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:166:51:166:56 | source : interface type | +| ArchiveTarTaintTracking.go:166:10:166:57 | call to TaintStepTest_ArchiveTarNewWriter_B0I0O0 : Writer | ArchiveTarTaintTracking.go:168:8:168:10 | out | +| ArchiveTarTaintTracking.go:166:51:166:56 | source : interface type | ArchiveTarTaintTracking.go:166:10:166:57 | call to TaintStepTest_ArchiveTarNewWriter_B0I0O0 : Writer | +| ArchiveTarTaintTracking.go:172:13:172:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:174:56:174:61 | source : interface type | +| ArchiveTarTaintTracking.go:174:10:174:62 | call to TaintStepTest_ArchiveTarHeaderFileInfo_B0I0O0 : FileInfo | ArchiveTarTaintTracking.go:176:8:176:10 | out | +| ArchiveTarTaintTracking.go:174:56:174:61 | source : interface type | ArchiveTarTaintTracking.go:174:10:174:62 | call to TaintStepTest_ArchiveTarHeaderFileInfo_B0I0O0 : FileInfo | +| ArchiveTarTaintTracking.go:180:13:180:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:182:52:182:57 | source : interface type | +| ArchiveTarTaintTracking.go:182:10:182:58 | call to TaintStepTest_ArchiveTarReaderNext_B0I0O0 : pointer type | ArchiveTarTaintTracking.go:184:8:184:10 | out | +| ArchiveTarTaintTracking.go:182:52:182:57 | source : interface type | ArchiveTarTaintTracking.go:182:10:182:58 | call to TaintStepTest_ArchiveTarReaderNext_B0I0O0 : pointer type | +| ArchiveTarTaintTracking.go:188:13:188:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:190:52:190:57 | source : interface type | +| ArchiveTarTaintTracking.go:190:10:190:58 | call to TaintStepTest_ArchiveTarReaderRead_B0I0O0 : slice type | ArchiveTarTaintTracking.go:192:8:192:10 | out | +| ArchiveTarTaintTracking.go:190:52:190:57 | source : interface type | ArchiveTarTaintTracking.go:190:10:190:58 | call to TaintStepTest_ArchiveTarReaderRead_B0I0O0 : slice type | +| ArchiveTarTaintTracking.go:196:13:196:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:198:53:198:58 | source : interface type | +| ArchiveTarTaintTracking.go:198:10:198:59 | call to TaintStepTest_ArchiveTarWriterWrite_B0I0O0 : Writer | ArchiveTarTaintTracking.go:200:8:200:10 | out | +| ArchiveTarTaintTracking.go:198:53:198:58 | source : interface type | ArchiveTarTaintTracking.go:198:10:198:59 | call to TaintStepTest_ArchiveTarWriterWrite_B0I0O0 : Writer | +| ArchiveTarTaintTracking.go:204:13:204:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:206:59:206:64 | source : interface type | +| ArchiveTarTaintTracking.go:206:10:206:65 | call to TaintStepTest_ArchiveTarWriterWriteHeader_B0I0O0 : Writer | ArchiveTarTaintTracking.go:208:8:208:10 | out | +| ArchiveTarTaintTracking.go:206:59:206:64 | source : interface type | ArchiveTarTaintTracking.go:206:10:206:65 | call to TaintStepTest_ArchiveTarWriterWriteHeader_B0I0O0 : Writer | +| ArchiveZipTaintTracking.go:254:13:254:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:256:56:256:61 | source : interface type | +| ArchiveZipTaintTracking.go:256:10:256:62 | call to TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0 : pointer type | ArchiveZipTaintTracking.go:258:8:258:10 | out | +| ArchiveZipTaintTracking.go:256:56:256:61 | source : interface type | ArchiveZipTaintTracking.go:256:10:256:62 | call to TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0 : pointer type | +| ArchiveZipTaintTracking.go:262:13:262:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:264:51:264:56 | source : interface type | +| ArchiveZipTaintTracking.go:264:10:264:57 | call to TaintStepTest_ArchiveZipNewReader_B0I0O0 : pointer type | ArchiveZipTaintTracking.go:266:8:266:10 | out | +| ArchiveZipTaintTracking.go:264:51:264:56 | source : interface type | ArchiveZipTaintTracking.go:264:10:264:57 | call to TaintStepTest_ArchiveZipNewReader_B0I0O0 : pointer type | +| ArchiveZipTaintTracking.go:270:13:270:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:272:51:272:56 | source : interface type | +| ArchiveZipTaintTracking.go:272:10:272:57 | call to TaintStepTest_ArchiveZipNewWriter_B0I0O0 : Writer | ArchiveZipTaintTracking.go:274:8:274:10 | out | +| ArchiveZipTaintTracking.go:272:51:272:56 | source : interface type | ArchiveZipTaintTracking.go:272:10:272:57 | call to TaintStepTest_ArchiveZipNewWriter_B0I0O0 : Writer | +| ArchiveZipTaintTracking.go:278:13:278:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:280:52:280:57 | source : interface type | +| ArchiveZipTaintTracking.go:280:10:280:58 | call to TaintStepTest_ArchiveZipOpenReader_B0I0O0 : pointer type | ArchiveZipTaintTracking.go:282:8:282:10 | out | +| ArchiveZipTaintTracking.go:280:52:280:57 | source : interface type | ArchiveZipTaintTracking.go:280:10:280:58 | call to TaintStepTest_ArchiveZipOpenReader_B0I0O0 : pointer type | +| ArchiveZipTaintTracking.go:286:13:286:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:288:50:288:55 | source : interface type | +| ArchiveZipTaintTracking.go:288:10:288:56 | call to TaintStepTest_ArchiveZipFileOpen_B0I0O0 : ReadCloser | ArchiveZipTaintTracking.go:290:8:290:10 | out | +| ArchiveZipTaintTracking.go:288:50:288:55 | source : interface type | ArchiveZipTaintTracking.go:288:10:288:56 | call to TaintStepTest_ArchiveZipFileOpen_B0I0O0 : ReadCloser | +| ArchiveZipTaintTracking.go:294:13:294:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:296:60:296:65 | source : interface type | +| ArchiveZipTaintTracking.go:296:10:296:66 | call to TaintStepTest_ArchiveZipFileHeaderFileInfo_B0I0O0 : FileInfo | ArchiveZipTaintTracking.go:298:8:298:10 | out | +| ArchiveZipTaintTracking.go:296:60:296:65 | source : interface type | ArchiveZipTaintTracking.go:296:10:296:66 | call to TaintStepTest_ArchiveZipFileHeaderFileInfo_B0I0O0 : FileInfo | +| ArchiveZipTaintTracking.go:302:13:302:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:304:56:304:61 | source : interface type | +| ArchiveZipTaintTracking.go:304:10:304:62 | call to TaintStepTest_ArchiveZipFileHeaderMode_B0I0O0 : FileMode | ArchiveZipTaintTracking.go:306:8:306:10 | out | +| ArchiveZipTaintTracking.go:304:56:304:61 | source : interface type | ArchiveZipTaintTracking.go:304:10:304:62 | call to TaintStepTest_ArchiveZipFileHeaderMode_B0I0O0 : FileMode | +| ArchiveZipTaintTracking.go:310:13:310:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:312:59:312:64 | source : interface type | +| ArchiveZipTaintTracking.go:312:10:312:65 | call to TaintStepTest_ArchiveZipFileHeaderSetMode_B0I0O0 : FileHeader | ArchiveZipTaintTracking.go:314:8:314:10 | out | +| ArchiveZipTaintTracking.go:312:59:312:64 | source : interface type | ArchiveZipTaintTracking.go:312:10:312:65 | call to TaintStepTest_ArchiveZipFileHeaderSetMode_B0I0O0 : FileHeader | +| ArchiveZipTaintTracking.go:318:13:318:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:320:68:320:73 | source : interface type | +| ArchiveZipTaintTracking.go:320:10:320:74 | call to TaintStepTest_ArchiveZipReaderRegisterDecompressor_B0I0O0 : Reader | ArchiveZipTaintTracking.go:322:8:322:10 | out | +| ArchiveZipTaintTracking.go:320:68:320:73 | source : interface type | ArchiveZipTaintTracking.go:320:10:320:74 | call to TaintStepTest_ArchiveZipReaderRegisterDecompressor_B0I0O0 : Reader | +| ArchiveZipTaintTracking.go:326:13:326:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:328:54:328:59 | source : interface type | +| ArchiveZipTaintTracking.go:328:10:328:60 | call to TaintStepTest_ArchiveZipWriterCreate_B0I0O0 : Writer | ArchiveZipTaintTracking.go:330:8:330:10 | out | +| ArchiveZipTaintTracking.go:328:54:328:59 | source : interface type | ArchiveZipTaintTracking.go:328:10:328:60 | call to TaintStepTest_ArchiveZipWriterCreate_B0I0O0 : Writer | +| ArchiveZipTaintTracking.go:334:13:334:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:336:60:336:65 | source : interface type | +| ArchiveZipTaintTracking.go:336:10:336:66 | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0 : Writer | ArchiveZipTaintTracking.go:338:8:338:10 | out | +| ArchiveZipTaintTracking.go:336:60:336:65 | source : interface type | ArchiveZipTaintTracking.go:336:10:336:66 | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0 : Writer | +| ArchiveZipTaintTracking.go:342:13:342:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:344:60:344:65 | source : interface type | +| ArchiveZipTaintTracking.go:344:10:344:66 | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I1O0 : Writer | ArchiveZipTaintTracking.go:346:8:346:10 | out | +| ArchiveZipTaintTracking.go:344:60:344:65 | source : interface type | ArchiveZipTaintTracking.go:344:10:344:66 | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I1O0 : Writer | +| ArchiveZipTaintTracking.go:350:13:350:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:352:66:352:71 | source : interface type | +| ArchiveZipTaintTracking.go:352:10:352:72 | call to TaintStepTest_ArchiveZipWriterRegisterCompressor_B0I0O0 : Writer | ArchiveZipTaintTracking.go:354:8:354:10 | out | +| ArchiveZipTaintTracking.go:352:66:352:71 | source : interface type | ArchiveZipTaintTracking.go:352:10:352:72 | call to TaintStepTest_ArchiveZipWriterRegisterCompressor_B0I0O0 : Writer | +| ArchiveZipTaintTracking.go:358:13:358:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:360:58:360:63 | source : interface type | +| ArchiveZipTaintTracking.go:360:10:360:64 | call to TaintStepTest_ArchiveZipWriterSetComment_B0I0O0 : Writer | ArchiveZipTaintTracking.go:362:8:362:10 | out | +| ArchiveZipTaintTracking.go:360:58:360:63 | source : interface type | ArchiveZipTaintTracking.go:360:10:360:64 | call to TaintStepTest_ArchiveZipWriterSetComment_B0I0O0 : Writer | +nodes +| ArchiveTarTaintTracking.go:148:13:148:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveTarTaintTracking.go:150:10:150:62 | call to TaintStepTest_ArchiveTarFileInfoHeader_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveTarFileInfoHeader_B0I0O0 : pointer type | +| ArchiveTarTaintTracking.go:150:56:150:61 | source : interface type | semmle.label | source : interface type | +| ArchiveTarTaintTracking.go:152:8:152:10 | out | semmle.label | out | +| ArchiveTarTaintTracking.go:156:13:156:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveTarTaintTracking.go:158:10:158:57 | call to TaintStepTest_ArchiveTarNewReader_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveTarNewReader_B0I0O0 : pointer type | +| ArchiveTarTaintTracking.go:158:51:158:56 | source : interface type | semmle.label | source : interface type | +| ArchiveTarTaintTracking.go:160:8:160:10 | out | semmle.label | out | +| ArchiveTarTaintTracking.go:164:13:164:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveTarTaintTracking.go:166:10:166:57 | call to TaintStepTest_ArchiveTarNewWriter_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveTarNewWriter_B0I0O0 : Writer | +| ArchiveTarTaintTracking.go:166:51:166:56 | source : interface type | semmle.label | source : interface type | +| ArchiveTarTaintTracking.go:168:8:168:10 | out | semmle.label | out | +| ArchiveTarTaintTracking.go:172:13:172:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveTarTaintTracking.go:174:10:174:62 | call to TaintStepTest_ArchiveTarHeaderFileInfo_B0I0O0 : FileInfo | semmle.label | call to TaintStepTest_ArchiveTarHeaderFileInfo_B0I0O0 : FileInfo | +| ArchiveTarTaintTracking.go:174:56:174:61 | source : interface type | semmle.label | source : interface type | +| ArchiveTarTaintTracking.go:176:8:176:10 | out | semmle.label | out | +| ArchiveTarTaintTracking.go:180:13:180:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveTarTaintTracking.go:182:10:182:58 | call to TaintStepTest_ArchiveTarReaderNext_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveTarReaderNext_B0I0O0 : pointer type | +| ArchiveTarTaintTracking.go:182:52:182:57 | source : interface type | semmle.label | source : interface type | +| ArchiveTarTaintTracking.go:184:8:184:10 | out | semmle.label | out | +| ArchiveTarTaintTracking.go:188:13:188:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveTarTaintTracking.go:190:10:190:58 | call to TaintStepTest_ArchiveTarReaderRead_B0I0O0 : slice type | semmle.label | call to TaintStepTest_ArchiveTarReaderRead_B0I0O0 : slice type | +| ArchiveTarTaintTracking.go:190:52:190:57 | source : interface type | semmle.label | source : interface type | +| ArchiveTarTaintTracking.go:192:8:192:10 | out | semmle.label | out | +| ArchiveTarTaintTracking.go:196:13:196:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveTarTaintTracking.go:198:10:198:59 | call to TaintStepTest_ArchiveTarWriterWrite_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveTarWriterWrite_B0I0O0 : Writer | +| ArchiveTarTaintTracking.go:198:53:198:58 | source : interface type | semmle.label | source : interface type | +| ArchiveTarTaintTracking.go:200:8:200:10 | out | semmle.label | out | +| ArchiveTarTaintTracking.go:204:13:204:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveTarTaintTracking.go:206:10:206:65 | call to TaintStepTest_ArchiveTarWriterWriteHeader_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveTarWriterWriteHeader_B0I0O0 : Writer | +| ArchiveTarTaintTracking.go:206:59:206:64 | source : interface type | semmle.label | source : interface type | +| ArchiveTarTaintTracking.go:208:8:208:10 | out | semmle.label | out | +| ArchiveZipTaintTracking.go:254:13:254:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveZipTaintTracking.go:256:10:256:62 | call to TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0 : pointer type | +| ArchiveZipTaintTracking.go:256:56:256:61 | source : interface type | semmle.label | source : interface type | +| ArchiveZipTaintTracking.go:258:8:258:10 | out | semmle.label | out | +| ArchiveZipTaintTracking.go:262:13:262:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveZipTaintTracking.go:264:10:264:57 | call to TaintStepTest_ArchiveZipNewReader_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveZipNewReader_B0I0O0 : pointer type | +| ArchiveZipTaintTracking.go:264:51:264:56 | source : interface type | semmle.label | source : interface type | +| ArchiveZipTaintTracking.go:266:8:266:10 | out | semmle.label | out | +| ArchiveZipTaintTracking.go:270:13:270:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveZipTaintTracking.go:272:10:272:57 | call to TaintStepTest_ArchiveZipNewWriter_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveZipNewWriter_B0I0O0 : Writer | +| ArchiveZipTaintTracking.go:272:51:272:56 | source : interface type | semmle.label | source : interface type | +| ArchiveZipTaintTracking.go:274:8:274:10 | out | semmle.label | out | +| ArchiveZipTaintTracking.go:278:13:278:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveZipTaintTracking.go:280:10:280:58 | call to TaintStepTest_ArchiveZipOpenReader_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveZipOpenReader_B0I0O0 : pointer type | +| ArchiveZipTaintTracking.go:280:52:280:57 | source : interface type | semmle.label | source : interface type | +| ArchiveZipTaintTracking.go:282:8:282:10 | out | semmle.label | out | +| ArchiveZipTaintTracking.go:286:13:286:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveZipTaintTracking.go:288:10:288:56 | call to TaintStepTest_ArchiveZipFileOpen_B0I0O0 : ReadCloser | semmle.label | call to TaintStepTest_ArchiveZipFileOpen_B0I0O0 : ReadCloser | +| ArchiveZipTaintTracking.go:288:50:288:55 | source : interface type | semmle.label | source : interface type | +| ArchiveZipTaintTracking.go:290:8:290:10 | out | semmle.label | out | +| ArchiveZipTaintTracking.go:294:13:294:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveZipTaintTracking.go:296:10:296:66 | call to TaintStepTest_ArchiveZipFileHeaderFileInfo_B0I0O0 : FileInfo | semmle.label | call to TaintStepTest_ArchiveZipFileHeaderFileInfo_B0I0O0 : FileInfo | +| ArchiveZipTaintTracking.go:296:60:296:65 | source : interface type | semmle.label | source : interface type | +| ArchiveZipTaintTracking.go:298:8:298:10 | out | semmle.label | out | +| ArchiveZipTaintTracking.go:302:13:302:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveZipTaintTracking.go:304:10:304:62 | call to TaintStepTest_ArchiveZipFileHeaderMode_B0I0O0 : FileMode | semmle.label | call to TaintStepTest_ArchiveZipFileHeaderMode_B0I0O0 : FileMode | +| ArchiveZipTaintTracking.go:304:56:304:61 | source : interface type | semmle.label | source : interface type | +| ArchiveZipTaintTracking.go:306:8:306:10 | out | semmle.label | out | +| ArchiveZipTaintTracking.go:310:13:310:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveZipTaintTracking.go:312:10:312:65 | call to TaintStepTest_ArchiveZipFileHeaderSetMode_B0I0O0 : FileHeader | semmle.label | call to TaintStepTest_ArchiveZipFileHeaderSetMode_B0I0O0 : FileHeader | +| ArchiveZipTaintTracking.go:312:59:312:64 | source : interface type | semmle.label | source : interface type | +| ArchiveZipTaintTracking.go:314:8:314:10 | out | semmle.label | out | +| ArchiveZipTaintTracking.go:318:13:318:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveZipTaintTracking.go:320:10:320:74 | call to TaintStepTest_ArchiveZipReaderRegisterDecompressor_B0I0O0 : Reader | semmle.label | call to TaintStepTest_ArchiveZipReaderRegisterDecompressor_B0I0O0 : Reader | +| ArchiveZipTaintTracking.go:320:68:320:73 | source : interface type | semmle.label | source : interface type | +| ArchiveZipTaintTracking.go:322:8:322:10 | out | semmle.label | out | +| ArchiveZipTaintTracking.go:326:13:326:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveZipTaintTracking.go:328:10:328:60 | call to TaintStepTest_ArchiveZipWriterCreate_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveZipWriterCreate_B0I0O0 : Writer | +| ArchiveZipTaintTracking.go:328:54:328:59 | source : interface type | semmle.label | source : interface type | +| ArchiveZipTaintTracking.go:330:8:330:10 | out | semmle.label | out | +| ArchiveZipTaintTracking.go:334:13:334:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveZipTaintTracking.go:336:10:336:66 | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0 : Writer | +| ArchiveZipTaintTracking.go:336:60:336:65 | source : interface type | semmle.label | source : interface type | +| ArchiveZipTaintTracking.go:338:8:338:10 | out | semmle.label | out | +| ArchiveZipTaintTracking.go:342:13:342:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveZipTaintTracking.go:344:10:344:66 | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I1O0 : Writer | semmle.label | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I1O0 : Writer | +| ArchiveZipTaintTracking.go:344:60:344:65 | source : interface type | semmle.label | source : interface type | +| ArchiveZipTaintTracking.go:346:8:346:10 | out | semmle.label | out | +| ArchiveZipTaintTracking.go:350:13:350:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveZipTaintTracking.go:352:10:352:72 | call to TaintStepTest_ArchiveZipWriterRegisterCompressor_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveZipWriterRegisterCompressor_B0I0O0 : Writer | +| ArchiveZipTaintTracking.go:352:66:352:71 | source : interface type | semmle.label | source : interface type | +| ArchiveZipTaintTracking.go:354:8:354:10 | out | semmle.label | out | +| ArchiveZipTaintTracking.go:358:13:358:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveZipTaintTracking.go:360:10:360:64 | call to TaintStepTest_ArchiveZipWriterSetComment_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveZipWriterSetComment_B0I0O0 : Writer | +| ArchiveZipTaintTracking.go:360:58:360:63 | source : interface type | semmle.label | source : interface type | +| ArchiveZipTaintTracking.go:362:8:362:10 | out | semmle.label | out | +#select +| ArchiveTarTaintTracking.go:152:8:152:10 | out | ArchiveTarTaintTracking.go:148:13:148:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:152:8:152:10 | out | Flow from $@. | ArchiveTarTaintTracking.go:148:13:148:23 | call to newSource | source | +| ArchiveTarTaintTracking.go:160:8:160:10 | out | ArchiveTarTaintTracking.go:156:13:156:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:160:8:160:10 | out | Flow from $@. | ArchiveTarTaintTracking.go:156:13:156:23 | call to newSource | source | +| ArchiveTarTaintTracking.go:168:8:168:10 | out | ArchiveTarTaintTracking.go:164:13:164:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:168:8:168:10 | out | Flow from $@. | ArchiveTarTaintTracking.go:164:13:164:23 | call to newSource | source | +| ArchiveTarTaintTracking.go:176:8:176:10 | out | ArchiveTarTaintTracking.go:172:13:172:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:176:8:176:10 | out | Flow from $@. | ArchiveTarTaintTracking.go:172:13:172:23 | call to newSource | source | +| ArchiveTarTaintTracking.go:184:8:184:10 | out | ArchiveTarTaintTracking.go:180:13:180:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:184:8:184:10 | out | Flow from $@. | ArchiveTarTaintTracking.go:180:13:180:23 | call to newSource | source | +| ArchiveTarTaintTracking.go:192:8:192:10 | out | ArchiveTarTaintTracking.go:188:13:188:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:192:8:192:10 | out | Flow from $@. | ArchiveTarTaintTracking.go:188:13:188:23 | call to newSource | source | +| ArchiveTarTaintTracking.go:200:8:200:10 | out | ArchiveTarTaintTracking.go:196:13:196:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:200:8:200:10 | out | Flow from $@. | ArchiveTarTaintTracking.go:196:13:196:23 | call to newSource | source | +| ArchiveTarTaintTracking.go:208:8:208:10 | out | ArchiveTarTaintTracking.go:204:13:204:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:208:8:208:10 | out | Flow from $@. | ArchiveTarTaintTracking.go:204:13:204:23 | call to newSource | source | +| ArchiveZipTaintTracking.go:258:8:258:10 | out | ArchiveZipTaintTracking.go:254:13:254:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:258:8:258:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:254:13:254:23 | call to newSource | source | +| ArchiveZipTaintTracking.go:266:8:266:10 | out | ArchiveZipTaintTracking.go:262:13:262:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:266:8:266:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:262:13:262:23 | call to newSource | source | +| ArchiveZipTaintTracking.go:274:8:274:10 | out | ArchiveZipTaintTracking.go:270:13:270:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:274:8:274:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:270:13:270:23 | call to newSource | source | +| ArchiveZipTaintTracking.go:282:8:282:10 | out | ArchiveZipTaintTracking.go:278:13:278:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:282:8:282:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:278:13:278:23 | call to newSource | source | +| ArchiveZipTaintTracking.go:290:8:290:10 | out | ArchiveZipTaintTracking.go:286:13:286:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:290:8:290:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:286:13:286:23 | call to newSource | source | +| ArchiveZipTaintTracking.go:298:8:298:10 | out | ArchiveZipTaintTracking.go:294:13:294:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:298:8:298:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:294:13:294:23 | call to newSource | source | +| ArchiveZipTaintTracking.go:306:8:306:10 | out | ArchiveZipTaintTracking.go:302:13:302:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:306:8:306:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:302:13:302:23 | call to newSource | source | +| ArchiveZipTaintTracking.go:314:8:314:10 | out | ArchiveZipTaintTracking.go:310:13:310:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:314:8:314:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:310:13:310:23 | call to newSource | source | +| ArchiveZipTaintTracking.go:322:8:322:10 | out | ArchiveZipTaintTracking.go:318:13:318:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:322:8:322:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:318:13:318:23 | call to newSource | source | +| ArchiveZipTaintTracking.go:330:8:330:10 | out | ArchiveZipTaintTracking.go:326:13:326:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:330:8:330:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:326:13:326:23 | call to newSource | source | +| ArchiveZipTaintTracking.go:338:8:338:10 | out | ArchiveZipTaintTracking.go:334:13:334:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:338:8:338:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:334:13:334:23 | call to newSource | source | +| ArchiveZipTaintTracking.go:346:8:346:10 | out | ArchiveZipTaintTracking.go:342:13:342:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:346:8:346:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:342:13:342:23 | call to newSource | source | +| ArchiveZipTaintTracking.go:354:8:354:10 | out | ArchiveZipTaintTracking.go:350:13:350:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:354:8:354:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:350:13:350:23 | call to newSource | source | +| ArchiveZipTaintTracking.go:362:8:362:10 | out | ArchiveZipTaintTracking.go:358:13:358:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:362:8:362:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:358:13:358:23 | call to newSource | source | From 1591ed3440042e6decb91ecee2f5284727bad450 Mon Sep 17 00:00:00 2001 From: Slavomir Date: Fri, 10 Jul 2020 12:59:03 +0300 Subject: [PATCH 3/7] Implement code review feedback --- ql/src/semmle/go/frameworks/Stdlib.qll | 3 +- ...iveTarTaintTracking.qll => ArchiveTar.qll} | 12 +- ...iveZipTaintTracking.qll => ArchiveZip.qll} | 41 +- .../semmle/go/frameworks/stdlib/ImportAll.qll | 7 - ...chiveTarTaintTracking.go => ArchiveTar.go} | 146 +++---- .../frameworks/StdlibTaintFlow/ArchiveZip.go | 188 +++++++++ .../ArchiveZipTaintTracking.go | 364 ------------------ .../StdlibTaintFlow/StdlibTaintFlow.expected | 296 ++++++-------- 8 files changed, 396 insertions(+), 661 deletions(-) rename ql/src/semmle/go/frameworks/stdlib/{ArchiveTarTaintTracking.qll => ArchiveTar.qll} (84%) rename ql/src/semmle/go/frameworks/stdlib/{ArchiveZipTaintTracking.qll => ArchiveZip.qll} (50%) delete mode 100644 ql/src/semmle/go/frameworks/stdlib/ImportAll.qll rename ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/{ArchiveTarTaintTracking.go => ArchiveTar.go} (56%) create mode 100644 ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveZip.go delete mode 100644 ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveZipTaintTracking.go diff --git a/ql/src/semmle/go/frameworks/Stdlib.qll b/ql/src/semmle/go/frameworks/Stdlib.qll index 92e41cb3..5d8a8324 100644 --- a/ql/src/semmle/go/frameworks/Stdlib.qll +++ b/ql/src/semmle/go/frameworks/Stdlib.qll @@ -3,7 +3,8 @@ */ import go -import semmle.go.frameworks.stdlib.ImportAll +import semmle.go.frameworks.stdlib.ArchiveTar +import semmle.go.frameworks.stdlib.ArchiveZip /** A `String()` method. */ class StringMethod extends TaintTracking::FunctionModel, Method { diff --git a/ql/src/semmle/go/frameworks/stdlib/ArchiveTarTaintTracking.qll b/ql/src/semmle/go/frameworks/stdlib/ArchiveTar.qll similarity index 84% rename from ql/src/semmle/go/frameworks/stdlib/ArchiveTarTaintTracking.qll rename to ql/src/semmle/go/frameworks/stdlib/ArchiveTar.qll index 4f020290..ba776aab 100644 --- a/ql/src/semmle/go/frameworks/stdlib/ArchiveTarTaintTracking.qll +++ b/ql/src/semmle/go/frameworks/stdlib/ArchiveTar.qll @@ -1,16 +1,16 @@ /** - * Provides classes modeling security-relevant aspects of the standard libraries. + * Provides classes modeling security-relevant aspects of the `archive/tar` package. */ import go /** Provides models of commonly used functions in the `archive/tar` package. */ -module ArchiveTarTaintTracking { - private class FunctionTaintTracking extends TaintTracking::FunctionModel { +module ArchiveTar { + private class FunctionModels extends TaintTracking::FunctionModel { FunctionInput inp; FunctionOutput outp; - FunctionTaintTracking() { + FunctionModels() { // signature: func FileInfoHeader(fi os.FileInfo, link string) (*Header, error) hasQualifiedName("archive/tar", "FileInfoHeader") and (inp.isParameter(0) and outp.isResult(0)) @@ -29,11 +29,11 @@ module ArchiveTarTaintTracking { } } - private class MethodAndInterfaceTaintTracking extends TaintTracking::FunctionModel, Method { + private class MethodModels extends TaintTracking::FunctionModel, Method { FunctionInput inp; FunctionOutput outp; - MethodAndInterfaceTaintTracking() { + MethodModels() { // Methods: // signature: func (*Header).FileInfo() os.FileInfo this.(Method).hasQualifiedName("archive/tar", "Header", "FileInfo") and diff --git a/ql/src/semmle/go/frameworks/stdlib/ArchiveZipTaintTracking.qll b/ql/src/semmle/go/frameworks/stdlib/ArchiveZip.qll similarity index 50% rename from ql/src/semmle/go/frameworks/stdlib/ArchiveZipTaintTracking.qll rename to ql/src/semmle/go/frameworks/stdlib/ArchiveZip.qll index 9ef1b1a0..178b3308 100644 --- a/ql/src/semmle/go/frameworks/stdlib/ArchiveZipTaintTracking.qll +++ b/ql/src/semmle/go/frameworks/stdlib/ArchiveZip.qll @@ -1,16 +1,16 @@ /** - * Provides classes modeling security-relevant aspects of the standard libraries. + * Provides classes modeling security-relevant aspects of the `archive/zip` package. */ import go /** Provides models of commonly used functions in the `archive/zip` package. */ -module ArchiveZipTaintTracking { - private class FunctionTaintTracking extends TaintTracking::FunctionModel { +module ArchiveZip { + private class FunctionModels extends TaintTracking::FunctionModel { FunctionInput inp; FunctionOutput outp; - FunctionTaintTracking() { + FunctionModels() { // signature: func FileInfoHeader(fi os.FileInfo) (*FileHeader, error) hasQualifiedName("archive/zip", "FileInfoHeader") and (inp.isParameter(0) and outp.isResult(0)) @@ -33,50 +33,23 @@ module ArchiveZipTaintTracking { } } - private class MethodAndInterfaceTaintTracking extends TaintTracking::FunctionModel, Method { + private class MethodModels extends TaintTracking::FunctionModel, Method { FunctionInput inp; FunctionOutput outp; - MethodAndInterfaceTaintTracking() { + MethodModels() { // Methods: // signature: func (*File).Open() (io.ReadCloser, error) this.(Method).hasQualifiedName("archive/zip", "File", "Open") and (inp.isReceiver() and outp.isResult(0)) or - // signature: func (*FileHeader).FileInfo() os.FileInfo - this.(Method).hasQualifiedName("archive/zip", "FileHeader", "FileInfo") and - (inp.isReceiver() and outp.isResult()) - or - // signature: func (*FileHeader).Mode() (mode os.FileMode) - this.(Method).hasQualifiedName("archive/zip", "FileHeader", "Mode") and - (inp.isReceiver() and outp.isResult()) - or - // signature: func (*FileHeader).SetMode(mode os.FileMode) - this.(Method).hasQualifiedName("archive/zip", "FileHeader", "SetMode") and - (inp.isParameter(0) and outp.isReceiver()) - or - // signature: func (*Reader).RegisterDecompressor(method uint16, dcomp Decompressor) - this.(Method).hasQualifiedName("archive/zip", "Reader", "RegisterDecompressor") and - (inp.isParameter(1) and outp.isReceiver()) - or // signature: func (*Writer).Create(name string) (io.Writer, error) this.(Method).hasQualifiedName("archive/zip", "Writer", "Create") and (inp.isResult(0) and outp.isReceiver()) or // signature: func (*Writer).CreateHeader(fh *FileHeader) (io.Writer, error) this.(Method).hasQualifiedName("archive/zip", "Writer", "CreateHeader") and - ( - (inp.isParameter(0) or inp.isResult(0)) and - outp.isReceiver() - ) - or - // signature: func (*Writer).RegisterCompressor(method uint16, comp Compressor) - this.(Method).hasQualifiedName("archive/zip", "Writer", "RegisterCompressor") and - (inp.isParameter(1) and outp.isReceiver()) - or - // signature: func (*Writer).SetComment(comment string) error - this.(Method).hasQualifiedName("archive/zip", "Writer", "SetComment") and - (inp.isParameter(0) and outp.isReceiver()) + (inp.isResult(0) and outp.isReceiver()) } override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { diff --git a/ql/src/semmle/go/frameworks/stdlib/ImportAll.qll b/ql/src/semmle/go/frameworks/stdlib/ImportAll.qll deleted file mode 100644 index 0021de83..00000000 --- a/ql/src/semmle/go/frameworks/stdlib/ImportAll.qll +++ /dev/null @@ -1,7 +0,0 @@ -/** - * Provides imports of all the standard libraries. - */ - -import go -import semmle.go.frameworks.stdlib.ArchiveTarTaintTracking -import semmle.go.frameworks.stdlib.ArchiveZipTaintTracking diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveTarTaintTracking.go b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveTar.go similarity index 56% rename from ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveTarTaintTracking.go rename to ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveTar.go index fa1ac89c..3499d475 100644 --- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveTarTaintTracking.go +++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveTar.go @@ -9,137 +9,137 @@ import ( ) func TaintStepTest_ArchiveTarFileInfoHeader_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromFileInfo656` into `intoHeader414`. + // The flow is from `fromFileInfo291` into `intoHeader926`. - // Assume that `sourceCQL` has the underlying type of `fromFileInfo656`: - fromFileInfo656 := sourceCQL.(os.FileInfo) + // Assume that `sourceCQL` has the underlying type of `fromFileInfo291`: + fromFileInfo291 := sourceCQL.(os.FileInfo) // Call the function that transfers the taint - // from the parameter `fromFileInfo656` to result `intoHeader414` - // (`intoHeader414` is now tainted). - intoHeader414, _ := tar.FileInfoHeader(fromFileInfo656, "") + // from the parameter `fromFileInfo291` to result `intoHeader926` + // (`intoHeader926` is now tainted). + intoHeader926, _ := tar.FileInfoHeader(fromFileInfo291, "") - // Return the tainted `intoHeader414`: - return intoHeader414 + // Return the tainted `intoHeader926`: + return intoHeader926 } func TaintStepTest_ArchiveTarNewReader_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromReader518` into `intoReader650`. + // The flow is from `fromReader527` into `intoReader503`. - // Assume that `sourceCQL` has the underlying type of `fromReader518`: - fromReader518 := sourceCQL.(io.Reader) + // Assume that `sourceCQL` has the underlying type of `fromReader527`: + fromReader527 := sourceCQL.(io.Reader) // Call the function that transfers the taint - // from the parameter `fromReader518` to result `intoReader650` - // (`intoReader650` is now tainted). - intoReader650 := tar.NewReader(fromReader518) + // from the parameter `fromReader527` to result `intoReader503` + // (`intoReader503` is now tainted). + intoReader503 := tar.NewReader(fromReader527) - // Return the tainted `intoReader650`: - return intoReader650 + // Return the tainted `intoReader503`: + return intoReader503 } func TaintStepTest_ArchiveTarNewWriter_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromWriter784` into `intoWriter957`. + // The flow is from `fromWriter907` into `intoWriter317`. - // Assume that `sourceCQL` has the underlying type of `fromWriter784`: - fromWriter784 := sourceCQL.(*tar.Writer) + // Assume that `sourceCQL` has the underlying type of `fromWriter907`: + fromWriter907 := sourceCQL.(*tar.Writer) - // Declare `intoWriter957` variable: - var intoWriter957 io.Writer + // Declare `intoWriter317` variable: + var intoWriter317 io.Writer // Call the function that will transfer the taint - // from the result `intermediateCQL` to parameter `intoWriter957`: - intermediateCQL := tar.NewWriter(intoWriter957) + // from the result `intermediateCQL` to parameter `intoWriter317`: + intermediateCQL := tar.NewWriter(intoWriter317) - // Extra step (`fromWriter784` taints `intermediateCQL`, which taints `intoWriter957`: - link(fromWriter784, intermediateCQL) + // Extra step (`fromWriter907` taints `intermediateCQL`, which taints `intoWriter317`: + link(fromWriter907, intermediateCQL) - // Return the tainted `intoWriter957`: - return intoWriter957 + // Return the tainted `intoWriter317`: + return intoWriter317 } func TaintStepTest_ArchiveTarHeaderFileInfo_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromHeader520` into `intoFileInfo443`. + // The flow is from `fromHeader460` into `intoFileInfo402`. - // Assume that `sourceCQL` has the underlying type of `fromHeader520`: - fromHeader520 := sourceCQL.(tar.Header) + // Assume that `sourceCQL` has the underlying type of `fromHeader460`: + fromHeader460 := sourceCQL.(tar.Header) // Call the method that transfers the taint - // from the receiver `fromHeader520` to the result `intoFileInfo443` - // (`intoFileInfo443` is now tainted). - intoFileInfo443 := fromHeader520.FileInfo() + // from the receiver `fromHeader460` to the result `intoFileInfo402` + // (`intoFileInfo402` is now tainted). + intoFileInfo402 := fromHeader460.FileInfo() - // Return the tainted `intoFileInfo443`: - return intoFileInfo443 + // Return the tainted `intoFileInfo402`: + return intoFileInfo402 } func TaintStepTest_ArchiveTarReaderNext_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromReader127` into `intoHeader483`. + // The flow is from `fromReader994` into `intoHeader183`. - // Assume that `sourceCQL` has the underlying type of `fromReader127`: - fromReader127 := sourceCQL.(tar.Reader) + // Assume that `sourceCQL` has the underlying type of `fromReader994`: + fromReader994 := sourceCQL.(tar.Reader) // Call the method that transfers the taint - // from the receiver `fromReader127` to the result `intoHeader483` - // (`intoHeader483` is now tainted). - intoHeader483, _ := fromReader127.Next() + // from the receiver `fromReader994` to the result `intoHeader183` + // (`intoHeader183` is now tainted). + intoHeader183, _ := fromReader994.Next() - // Return the tainted `intoHeader483`: - return intoHeader483 + // Return the tainted `intoHeader183`: + return intoHeader183 } func TaintStepTest_ArchiveTarReaderRead_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromReader989` into `intoByte982`. + // The flow is from `fromReader746` into `intoByte905`. - // Assume that `sourceCQL` has the underlying type of `fromReader989`: - fromReader989 := sourceCQL.(tar.Reader) + // Assume that `sourceCQL` has the underlying type of `fromReader746`: + fromReader746 := sourceCQL.(tar.Reader) - // Declare `intoByte982` variable: - var intoByte982 []byte + // Declare `intoByte905` variable: + var intoByte905 []byte // Call the method that transfers the taint - // from the receiver `fromReader989` to the argument `intoByte982` - // (`intoByte982` is now tainted). - fromReader989.Read(intoByte982) + // from the receiver `fromReader746` to the argument `intoByte905` + // (`intoByte905` is now tainted). + fromReader746.Read(intoByte905) - // Return the tainted `intoByte982`: - return intoByte982 + // Return the tainted `intoByte905`: + return intoByte905 } func TaintStepTest_ArchiveTarWriterWrite_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromByte417` into `intoWriter584`. + // The flow is from `fromByte262` into `intoWriter837`. - // Assume that `sourceCQL` has the underlying type of `fromByte417`: - fromByte417 := sourceCQL.([]byte) + // Assume that `sourceCQL` has the underlying type of `fromByte262`: + fromByte262 := sourceCQL.([]byte) - // Declare `intoWriter584` variable: - var intoWriter584 tar.Writer + // Declare `intoWriter837` variable: + var intoWriter837 tar.Writer // Call the method that transfers the taint - // from the parameter `fromByte417` to the receiver `intoWriter584` - // (`intoWriter584` is now tainted). - intoWriter584.Write(fromByte417) + // from the parameter `fromByte262` to the receiver `intoWriter837` + // (`intoWriter837` is now tainted). + intoWriter837.Write(fromByte262) - // Return the tainted `intoWriter584`: - return intoWriter584 + // Return the tainted `intoWriter837`: + return intoWriter837 } func TaintStepTest_ArchiveTarWriterWriteHeader_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromHeader991` into `intoWriter881`. + // The flow is from `fromHeader798` into `intoWriter568`. - // Assume that `sourceCQL` has the underlying type of `fromHeader991`: - fromHeader991 := sourceCQL.(*tar.Header) + // Assume that `sourceCQL` has the underlying type of `fromHeader798`: + fromHeader798 := sourceCQL.(*tar.Header) - // Declare `intoWriter881` variable: - var intoWriter881 tar.Writer + // Declare `intoWriter568` variable: + var intoWriter568 tar.Writer // Call the method that transfers the taint - // from the parameter `fromHeader991` to the receiver `intoWriter881` - // (`intoWriter881` is now tainted). - intoWriter881.WriteHeader(fromHeader991) + // from the parameter `fromHeader798` to the receiver `intoWriter568` + // (`intoWriter568` is now tainted). + intoWriter568.WriteHeader(fromHeader798) - // Return the tainted `intoWriter881`: - return intoWriter881 + // Return the tainted `intoWriter568`: + return intoWriter568 } func RunAllTaints_ArchiveTar() { diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveZip.go b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveZip.go new file mode 100644 index 00000000..e127eeb9 --- /dev/null +++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveZip.go @@ -0,0 +1,188 @@ +// WARNING: This file was automatically generated. DO NOT EDIT. + +package main + +import ( + "archive/zip" + "io" + "os" +) + +func TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromFileInfo785` into `intoFileHeader724`. + + // Assume that `sourceCQL` has the underlying type of `fromFileInfo785`: + fromFileInfo785 := sourceCQL.(os.FileInfo) + + // Call the function that transfers the taint + // from the parameter `fromFileInfo785` to result `intoFileHeader724` + // (`intoFileHeader724` is now tainted). + intoFileHeader724, _ := zip.FileInfoHeader(fromFileInfo785) + + // Return the tainted `intoFileHeader724`: + return intoFileHeader724 +} + +func TaintStepTest_ArchiveZipNewReader_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromReaderAt469` into `intoReader991`. + + // Assume that `sourceCQL` has the underlying type of `fromReaderAt469`: + fromReaderAt469 := sourceCQL.(io.ReaderAt) + + // Call the function that transfers the taint + // from the parameter `fromReaderAt469` to result `intoReader991` + // (`intoReader991` is now tainted). + intoReader991, _ := zip.NewReader(fromReaderAt469, 0) + + // Return the tainted `intoReader991`: + return intoReader991 +} + +func TaintStepTest_ArchiveZipNewWriter_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromWriter132` into `intoWriter263`. + + // Assume that `sourceCQL` has the underlying type of `fromWriter132`: + fromWriter132 := sourceCQL.(*zip.Writer) + + // Declare `intoWriter263` variable: + var intoWriter263 io.Writer + + // Call the function that will transfer the taint + // from the result `intermediateCQL` to parameter `intoWriter263`: + intermediateCQL := zip.NewWriter(intoWriter263) + + // Extra step (`fromWriter132` taints `intermediateCQL`, which taints `intoWriter263`: + link(fromWriter132, intermediateCQL) + + // Return the tainted `intoWriter263`: + return intoWriter263 +} + +func TaintStepTest_ArchiveZipOpenReader_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromString370` into `intoReadCloser611`. + + // Assume that `sourceCQL` has the underlying type of `fromString370`: + fromString370 := sourceCQL.(string) + + // Call the function that transfers the taint + // from the parameter `fromString370` to result `intoReadCloser611` + // (`intoReadCloser611` is now tainted). + intoReadCloser611, _ := zip.OpenReader(fromString370) + + // Return the tainted `intoReadCloser611`: + return intoReadCloser611 +} + +func TaintStepTest_ArchiveZipFileOpen_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromFile148` into `intoReadCloser252`. + + // Assume that `sourceCQL` has the underlying type of `fromFile148`: + fromFile148 := sourceCQL.(zip.File) + + // Call the method that transfers the taint + // from the receiver `fromFile148` to the result `intoReadCloser252` + // (`intoReadCloser252` is now tainted). + intoReadCloser252, _ := fromFile148.Open() + + // Return the tainted `intoReadCloser252`: + return intoReadCloser252 +} + +func TaintStepTest_ArchiveZipWriterCreate_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromWriter910` into `intoWriter583`. + + // Assume that `sourceCQL` has the underlying type of `fromWriter910`: + fromWriter910 := sourceCQL.(io.Writer) + + // Declare `intoWriter583` variable: + var intoWriter583 zip.Writer + + // Call the method that will transfer the taint + // from the result `intermediateCQL` to receiver `intoWriter583`: + intermediateCQL, _ := intoWriter583.Create("") + + // Extra step (`fromWriter910` taints `intermediateCQL`, which taints `intoWriter583`: + link(fromWriter910, intermediateCQL) + + // Return the tainted `intoWriter583`: + return intoWriter583 +} + +func TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0(sourceCQL interface{}) interface{} { + // The flow is from `fromWriter564` into `intoWriter189`. + + // Assume that `sourceCQL` has the underlying type of `fromWriter564`: + fromWriter564 := sourceCQL.(io.Writer) + + // Declare `intoWriter189` variable: + var intoWriter189 zip.Writer + + // Call the method that will transfer the taint + // from the result `intermediateCQL` to receiver `intoWriter189`: + intermediateCQL, _ := intoWriter189.CreateHeader(nil) + + // Extra step (`fromWriter564` taints `intermediateCQL`, which taints `intoWriter189`: + link(fromWriter564, intermediateCQL) + + // Return the tainted `intoWriter189`: + return intoWriter189 +} + +func RunAllTaints_ArchiveZip() { + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveZipNewReader_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveZipNewWriter_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveZipOpenReader_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveZipFileOpen_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveZipWriterCreate_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } + { + // Create a new source: + source := newSource() + // Run the taint scenario: + out := TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0(source) + // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: + sink(out) + } +} diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveZipTaintTracking.go b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveZipTaintTracking.go deleted file mode 100644 index 00655690..00000000 --- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveZipTaintTracking.go +++ /dev/null @@ -1,364 +0,0 @@ -// WARNING: This file was automatically generated. DO NOT EDIT. - -package main - -import ( - "archive/zip" - "io" - "os" -) - -func TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromFileInfo656` into `intoFileHeader414`. - - // Assume that `sourceCQL` has the underlying type of `fromFileInfo656`: - fromFileInfo656 := sourceCQL.(os.FileInfo) - - // Call the function that transfers the taint - // from the parameter `fromFileInfo656` to result `intoFileHeader414` - // (`intoFileHeader414` is now tainted). - intoFileHeader414, _ := zip.FileInfoHeader(fromFileInfo656) - - // Return the tainted `intoFileHeader414`: - return intoFileHeader414 -} - -func TaintStepTest_ArchiveZipNewReader_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromReaderAt518` into `intoReader650`. - - // Assume that `sourceCQL` has the underlying type of `fromReaderAt518`: - fromReaderAt518 := sourceCQL.(io.ReaderAt) - - // Call the function that transfers the taint - // from the parameter `fromReaderAt518` to result `intoReader650` - // (`intoReader650` is now tainted). - intoReader650, _ := zip.NewReader(fromReaderAt518, 0) - - // Return the tainted `intoReader650`: - return intoReader650 -} - -func TaintStepTest_ArchiveZipNewWriter_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromWriter784` into `intoWriter957`. - - // Assume that `sourceCQL` has the underlying type of `fromWriter784`: - fromWriter784 := sourceCQL.(*zip.Writer) - - // Declare `intoWriter957` variable: - var intoWriter957 io.Writer - - // Call the function that will transfer the taint - // from the result `intermediateCQL` to parameter `intoWriter957`: - intermediateCQL := zip.NewWriter(intoWriter957) - - // Extra step (`fromWriter784` taints `intermediateCQL`, which taints `intoWriter957`: - link(fromWriter784, intermediateCQL) - - // Return the tainted `intoWriter957`: - return intoWriter957 -} - -func TaintStepTest_ArchiveZipOpenReader_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromString520` into `intoReadCloser443`. - - // Assume that `sourceCQL` has the underlying type of `fromString520`: - fromString520 := sourceCQL.(string) - - // Call the function that transfers the taint - // from the parameter `fromString520` to result `intoReadCloser443` - // (`intoReadCloser443` is now tainted). - intoReadCloser443, _ := zip.OpenReader(fromString520) - - // Return the tainted `intoReadCloser443`: - return intoReadCloser443 -} - -func TaintStepTest_ArchiveZipFileOpen_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromFile127` into `intoReadCloser483`. - - // Assume that `sourceCQL` has the underlying type of `fromFile127`: - fromFile127 := sourceCQL.(zip.File) - - // Call the method that transfers the taint - // from the receiver `fromFile127` to the result `intoReadCloser483` - // (`intoReadCloser483` is now tainted). - intoReadCloser483, _ := fromFile127.Open() - - // Return the tainted `intoReadCloser483`: - return intoReadCloser483 -} - -func TaintStepTest_ArchiveZipFileHeaderFileInfo_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromFileHeader989` into `intoFileInfo982`. - - // Assume that `sourceCQL` has the underlying type of `fromFileHeader989`: - fromFileHeader989 := sourceCQL.(zip.FileHeader) - - // Call the method that transfers the taint - // from the receiver `fromFileHeader989` to the result `intoFileInfo982` - // (`intoFileInfo982` is now tainted). - intoFileInfo982 := fromFileHeader989.FileInfo() - - // Return the tainted `intoFileInfo982`: - return intoFileInfo982 -} - -func TaintStepTest_ArchiveZipFileHeaderMode_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromFileHeader417` into `intoFileMode584`. - - // Assume that `sourceCQL` has the underlying type of `fromFileHeader417`: - fromFileHeader417 := sourceCQL.(zip.FileHeader) - - // Call the method that transfers the taint - // from the receiver `fromFileHeader417` to the result `intoFileMode584` - // (`intoFileMode584` is now tainted). - intoFileMode584 := fromFileHeader417.Mode() - - // Return the tainted `intoFileMode584`: - return intoFileMode584 -} - -func TaintStepTest_ArchiveZipFileHeaderSetMode_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromFileMode991` into `intoFileHeader881`. - - // Assume that `sourceCQL` has the underlying type of `fromFileMode991`: - fromFileMode991 := sourceCQL.(os.FileMode) - - // Declare `intoFileHeader881` variable: - var intoFileHeader881 zip.FileHeader - - // Call the method that transfers the taint - // from the parameter `fromFileMode991` to the receiver `intoFileHeader881` - // (`intoFileHeader881` is now tainted). - intoFileHeader881.SetMode(fromFileMode991) - - // Return the tainted `intoFileHeader881`: - return intoFileHeader881 -} - -func TaintStepTest_ArchiveZipReaderRegisterDecompressor_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromDecompressor186` into `intoReader284`. - - // Assume that `sourceCQL` has the underlying type of `fromDecompressor186`: - fromDecompressor186 := sourceCQL.(zip.Decompressor) - - // Declare `intoReader284` variable: - var intoReader284 zip.Reader - - // Call the method that transfers the taint - // from the parameter `fromDecompressor186` to the receiver `intoReader284` - // (`intoReader284` is now tainted). - intoReader284.RegisterDecompressor(0, fromDecompressor186) - - // Return the tainted `intoReader284`: - return intoReader284 -} - -func TaintStepTest_ArchiveZipWriterCreate_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromWriter908` into `intoWriter137`. - - // Assume that `sourceCQL` has the underlying type of `fromWriter908`: - fromWriter908 := sourceCQL.(io.Writer) - - // Declare `intoWriter137` variable: - var intoWriter137 zip.Writer - - // Call the method that will transfer the taint - // from the result `intermediateCQL` to receiver `intoWriter137`: - intermediateCQL, _ := intoWriter137.Create("") - - // Extra step (`fromWriter908` taints `intermediateCQL`, which taints `intoWriter137`: - link(fromWriter908, intermediateCQL) - - // Return the tainted `intoWriter137`: - return intoWriter137 -} - -func TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromFileHeader494` into `intoWriter873`. - - // Assume that `sourceCQL` has the underlying type of `fromFileHeader494`: - fromFileHeader494 := sourceCQL.(*zip.FileHeader) - - // Declare `intoWriter873` variable: - var intoWriter873 zip.Writer - - // Call the method that transfers the taint - // from the parameter `fromFileHeader494` to the receiver `intoWriter873` - // (`intoWriter873` is now tainted). - intoWriter873.CreateHeader(fromFileHeader494) - - // Return the tainted `intoWriter873`: - return intoWriter873 -} - -func TaintStepTest_ArchiveZipWriterCreateHeader_B0I1O0(sourceCQL interface{}) interface{} { - // The flow is from `fromWriter599` into `intoWriter409`. - - // Assume that `sourceCQL` has the underlying type of `fromWriter599`: - fromWriter599 := sourceCQL.(io.Writer) - - // Declare `intoWriter409` variable: - var intoWriter409 zip.Writer - - // Call the method that will transfer the taint - // from the result `intermediateCQL` to receiver `intoWriter409`: - intermediateCQL, _ := intoWriter409.CreateHeader(nil) - - // Extra step (`fromWriter599` taints `intermediateCQL`, which taints `intoWriter409`: - link(fromWriter599, intermediateCQL) - - // Return the tainted `intoWriter409`: - return intoWriter409 -} - -func TaintStepTest_ArchiveZipWriterRegisterCompressor_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromCompressor246` into `intoWriter898`. - - // Assume that `sourceCQL` has the underlying type of `fromCompressor246`: - fromCompressor246 := sourceCQL.(zip.Compressor) - - // Declare `intoWriter898` variable: - var intoWriter898 zip.Writer - - // Call the method that transfers the taint - // from the parameter `fromCompressor246` to the receiver `intoWriter898` - // (`intoWriter898` is now tainted). - intoWriter898.RegisterCompressor(0, fromCompressor246) - - // Return the tainted `intoWriter898`: - return intoWriter898 -} - -func TaintStepTest_ArchiveZipWriterSetComment_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromString598` into `intoWriter631`. - - // Assume that `sourceCQL` has the underlying type of `fromString598`: - fromString598 := sourceCQL.(string) - - // Declare `intoWriter631` variable: - var intoWriter631 zip.Writer - - // Call the method that transfers the taint - // from the parameter `fromString598` to the receiver `intoWriter631` - // (`intoWriter631` is now tainted). - intoWriter631.SetComment(fromString598) - - // Return the tainted `intoWriter631`: - return intoWriter631 -} - -func RunAllTaints_ArchiveZip() { - { - // Create a new source: - source := newSource() - // Run the taint scenario: - out := TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) - } - { - // Create a new source: - source := newSource() - // Run the taint scenario: - out := TaintStepTest_ArchiveZipNewReader_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) - } - { - // Create a new source: - source := newSource() - // Run the taint scenario: - out := TaintStepTest_ArchiveZipNewWriter_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) - } - { - // Create a new source: - source := newSource() - // Run the taint scenario: - out := TaintStepTest_ArchiveZipOpenReader_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) - } - { - // Create a new source: - source := newSource() - // Run the taint scenario: - out := TaintStepTest_ArchiveZipFileOpen_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) - } - { - // Create a new source: - source := newSource() - // Run the taint scenario: - out := TaintStepTest_ArchiveZipFileHeaderFileInfo_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) - } - { - // Create a new source: - source := newSource() - // Run the taint scenario: - out := TaintStepTest_ArchiveZipFileHeaderMode_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) - } - { - // Create a new source: - source := newSource() - // Run the taint scenario: - out := TaintStepTest_ArchiveZipFileHeaderSetMode_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) - } - { - // Create a new source: - source := newSource() - // Run the taint scenario: - out := TaintStepTest_ArchiveZipReaderRegisterDecompressor_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) - } - { - // Create a new source: - source := newSource() - // Run the taint scenario: - out := TaintStepTest_ArchiveZipWriterCreate_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) - } - { - // Create a new source: - source := newSource() - // Run the taint scenario: - out := TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) - } - { - // Create a new source: - source := newSource() - // Run the taint scenario: - out := TaintStepTest_ArchiveZipWriterCreateHeader_B0I1O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) - } - { - // Create a new source: - source := newSource() - // Run the taint scenario: - out := TaintStepTest_ArchiveZipWriterRegisterCompressor_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) - } - { - // Create a new source: - source := newSource() - // Run the taint scenario: - out := TaintStepTest_ArchiveZipWriterSetComment_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) - } -} diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected index 6142bec1..abfeb6ae 100644 --- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected +++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected @@ -1,179 +1,123 @@ edges -| ArchiveTarTaintTracking.go:148:13:148:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:150:56:150:61 | source : interface type | -| ArchiveTarTaintTracking.go:150:10:150:62 | call to TaintStepTest_ArchiveTarFileInfoHeader_B0I0O0 : pointer type | ArchiveTarTaintTracking.go:152:8:152:10 | out | -| ArchiveTarTaintTracking.go:150:56:150:61 | source : interface type | ArchiveTarTaintTracking.go:150:10:150:62 | call to TaintStepTest_ArchiveTarFileInfoHeader_B0I0O0 : pointer type | -| ArchiveTarTaintTracking.go:156:13:156:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:158:51:158:56 | source : interface type | -| ArchiveTarTaintTracking.go:158:10:158:57 | call to TaintStepTest_ArchiveTarNewReader_B0I0O0 : pointer type | ArchiveTarTaintTracking.go:160:8:160:10 | out | -| ArchiveTarTaintTracking.go:158:51:158:56 | source : interface type | ArchiveTarTaintTracking.go:158:10:158:57 | call to TaintStepTest_ArchiveTarNewReader_B0I0O0 : pointer type | -| ArchiveTarTaintTracking.go:164:13:164:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:166:51:166:56 | source : interface type | -| ArchiveTarTaintTracking.go:166:10:166:57 | call to TaintStepTest_ArchiveTarNewWriter_B0I0O0 : Writer | ArchiveTarTaintTracking.go:168:8:168:10 | out | -| ArchiveTarTaintTracking.go:166:51:166:56 | source : interface type | ArchiveTarTaintTracking.go:166:10:166:57 | call to TaintStepTest_ArchiveTarNewWriter_B0I0O0 : Writer | -| ArchiveTarTaintTracking.go:172:13:172:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:174:56:174:61 | source : interface type | -| ArchiveTarTaintTracking.go:174:10:174:62 | call to TaintStepTest_ArchiveTarHeaderFileInfo_B0I0O0 : FileInfo | ArchiveTarTaintTracking.go:176:8:176:10 | out | -| ArchiveTarTaintTracking.go:174:56:174:61 | source : interface type | ArchiveTarTaintTracking.go:174:10:174:62 | call to TaintStepTest_ArchiveTarHeaderFileInfo_B0I0O0 : FileInfo | -| ArchiveTarTaintTracking.go:180:13:180:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:182:52:182:57 | source : interface type | -| ArchiveTarTaintTracking.go:182:10:182:58 | call to TaintStepTest_ArchiveTarReaderNext_B0I0O0 : pointer type | ArchiveTarTaintTracking.go:184:8:184:10 | out | -| ArchiveTarTaintTracking.go:182:52:182:57 | source : interface type | ArchiveTarTaintTracking.go:182:10:182:58 | call to TaintStepTest_ArchiveTarReaderNext_B0I0O0 : pointer type | -| ArchiveTarTaintTracking.go:188:13:188:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:190:52:190:57 | source : interface type | -| ArchiveTarTaintTracking.go:190:10:190:58 | call to TaintStepTest_ArchiveTarReaderRead_B0I0O0 : slice type | ArchiveTarTaintTracking.go:192:8:192:10 | out | -| ArchiveTarTaintTracking.go:190:52:190:57 | source : interface type | ArchiveTarTaintTracking.go:190:10:190:58 | call to TaintStepTest_ArchiveTarReaderRead_B0I0O0 : slice type | -| ArchiveTarTaintTracking.go:196:13:196:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:198:53:198:58 | source : interface type | -| ArchiveTarTaintTracking.go:198:10:198:59 | call to TaintStepTest_ArchiveTarWriterWrite_B0I0O0 : Writer | ArchiveTarTaintTracking.go:200:8:200:10 | out | -| ArchiveTarTaintTracking.go:198:53:198:58 | source : interface type | ArchiveTarTaintTracking.go:198:10:198:59 | call to TaintStepTest_ArchiveTarWriterWrite_B0I0O0 : Writer | -| ArchiveTarTaintTracking.go:204:13:204:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:206:59:206:64 | source : interface type | -| ArchiveTarTaintTracking.go:206:10:206:65 | call to TaintStepTest_ArchiveTarWriterWriteHeader_B0I0O0 : Writer | ArchiveTarTaintTracking.go:208:8:208:10 | out | -| ArchiveTarTaintTracking.go:206:59:206:64 | source : interface type | ArchiveTarTaintTracking.go:206:10:206:65 | call to TaintStepTest_ArchiveTarWriterWriteHeader_B0I0O0 : Writer | -| ArchiveZipTaintTracking.go:254:13:254:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:256:56:256:61 | source : interface type | -| ArchiveZipTaintTracking.go:256:10:256:62 | call to TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0 : pointer type | ArchiveZipTaintTracking.go:258:8:258:10 | out | -| ArchiveZipTaintTracking.go:256:56:256:61 | source : interface type | ArchiveZipTaintTracking.go:256:10:256:62 | call to TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0 : pointer type | -| ArchiveZipTaintTracking.go:262:13:262:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:264:51:264:56 | source : interface type | -| ArchiveZipTaintTracking.go:264:10:264:57 | call to TaintStepTest_ArchiveZipNewReader_B0I0O0 : pointer type | ArchiveZipTaintTracking.go:266:8:266:10 | out | -| ArchiveZipTaintTracking.go:264:51:264:56 | source : interface type | ArchiveZipTaintTracking.go:264:10:264:57 | call to TaintStepTest_ArchiveZipNewReader_B0I0O0 : pointer type | -| ArchiveZipTaintTracking.go:270:13:270:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:272:51:272:56 | source : interface type | -| ArchiveZipTaintTracking.go:272:10:272:57 | call to TaintStepTest_ArchiveZipNewWriter_B0I0O0 : Writer | ArchiveZipTaintTracking.go:274:8:274:10 | out | -| ArchiveZipTaintTracking.go:272:51:272:56 | source : interface type | ArchiveZipTaintTracking.go:272:10:272:57 | call to TaintStepTest_ArchiveZipNewWriter_B0I0O0 : Writer | -| ArchiveZipTaintTracking.go:278:13:278:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:280:52:280:57 | source : interface type | -| ArchiveZipTaintTracking.go:280:10:280:58 | call to TaintStepTest_ArchiveZipOpenReader_B0I0O0 : pointer type | ArchiveZipTaintTracking.go:282:8:282:10 | out | -| ArchiveZipTaintTracking.go:280:52:280:57 | source : interface type | ArchiveZipTaintTracking.go:280:10:280:58 | call to TaintStepTest_ArchiveZipOpenReader_B0I0O0 : pointer type | -| ArchiveZipTaintTracking.go:286:13:286:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:288:50:288:55 | source : interface type | -| ArchiveZipTaintTracking.go:288:10:288:56 | call to TaintStepTest_ArchiveZipFileOpen_B0I0O0 : ReadCloser | ArchiveZipTaintTracking.go:290:8:290:10 | out | -| ArchiveZipTaintTracking.go:288:50:288:55 | source : interface type | ArchiveZipTaintTracking.go:288:10:288:56 | call to TaintStepTest_ArchiveZipFileOpen_B0I0O0 : ReadCloser | -| ArchiveZipTaintTracking.go:294:13:294:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:296:60:296:65 | source : interface type | -| ArchiveZipTaintTracking.go:296:10:296:66 | call to TaintStepTest_ArchiveZipFileHeaderFileInfo_B0I0O0 : FileInfo | ArchiveZipTaintTracking.go:298:8:298:10 | out | -| ArchiveZipTaintTracking.go:296:60:296:65 | source : interface type | ArchiveZipTaintTracking.go:296:10:296:66 | call to TaintStepTest_ArchiveZipFileHeaderFileInfo_B0I0O0 : FileInfo | -| ArchiveZipTaintTracking.go:302:13:302:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:304:56:304:61 | source : interface type | -| ArchiveZipTaintTracking.go:304:10:304:62 | call to TaintStepTest_ArchiveZipFileHeaderMode_B0I0O0 : FileMode | ArchiveZipTaintTracking.go:306:8:306:10 | out | -| ArchiveZipTaintTracking.go:304:56:304:61 | source : interface type | ArchiveZipTaintTracking.go:304:10:304:62 | call to TaintStepTest_ArchiveZipFileHeaderMode_B0I0O0 : FileMode | -| ArchiveZipTaintTracking.go:310:13:310:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:312:59:312:64 | source : interface type | -| ArchiveZipTaintTracking.go:312:10:312:65 | call to TaintStepTest_ArchiveZipFileHeaderSetMode_B0I0O0 : FileHeader | ArchiveZipTaintTracking.go:314:8:314:10 | out | -| ArchiveZipTaintTracking.go:312:59:312:64 | source : interface type | ArchiveZipTaintTracking.go:312:10:312:65 | call to TaintStepTest_ArchiveZipFileHeaderSetMode_B0I0O0 : FileHeader | -| ArchiveZipTaintTracking.go:318:13:318:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:320:68:320:73 | source : interface type | -| ArchiveZipTaintTracking.go:320:10:320:74 | call to TaintStepTest_ArchiveZipReaderRegisterDecompressor_B0I0O0 : Reader | ArchiveZipTaintTracking.go:322:8:322:10 | out | -| ArchiveZipTaintTracking.go:320:68:320:73 | source : interface type | ArchiveZipTaintTracking.go:320:10:320:74 | call to TaintStepTest_ArchiveZipReaderRegisterDecompressor_B0I0O0 : Reader | -| ArchiveZipTaintTracking.go:326:13:326:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:328:54:328:59 | source : interface type | -| ArchiveZipTaintTracking.go:328:10:328:60 | call to TaintStepTest_ArchiveZipWriterCreate_B0I0O0 : Writer | ArchiveZipTaintTracking.go:330:8:330:10 | out | -| ArchiveZipTaintTracking.go:328:54:328:59 | source : interface type | ArchiveZipTaintTracking.go:328:10:328:60 | call to TaintStepTest_ArchiveZipWriterCreate_B0I0O0 : Writer | -| ArchiveZipTaintTracking.go:334:13:334:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:336:60:336:65 | source : interface type | -| ArchiveZipTaintTracking.go:336:10:336:66 | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0 : Writer | ArchiveZipTaintTracking.go:338:8:338:10 | out | -| ArchiveZipTaintTracking.go:336:60:336:65 | source : interface type | ArchiveZipTaintTracking.go:336:10:336:66 | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0 : Writer | -| ArchiveZipTaintTracking.go:342:13:342:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:344:60:344:65 | source : interface type | -| ArchiveZipTaintTracking.go:344:10:344:66 | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I1O0 : Writer | ArchiveZipTaintTracking.go:346:8:346:10 | out | -| ArchiveZipTaintTracking.go:344:60:344:65 | source : interface type | ArchiveZipTaintTracking.go:344:10:344:66 | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I1O0 : Writer | -| ArchiveZipTaintTracking.go:350:13:350:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:352:66:352:71 | source : interface type | -| ArchiveZipTaintTracking.go:352:10:352:72 | call to TaintStepTest_ArchiveZipWriterRegisterCompressor_B0I0O0 : Writer | ArchiveZipTaintTracking.go:354:8:354:10 | out | -| ArchiveZipTaintTracking.go:352:66:352:71 | source : interface type | ArchiveZipTaintTracking.go:352:10:352:72 | call to TaintStepTest_ArchiveZipWriterRegisterCompressor_B0I0O0 : Writer | -| ArchiveZipTaintTracking.go:358:13:358:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:360:58:360:63 | source : interface type | -| ArchiveZipTaintTracking.go:360:10:360:64 | call to TaintStepTest_ArchiveZipWriterSetComment_B0I0O0 : Writer | ArchiveZipTaintTracking.go:362:8:362:10 | out | -| ArchiveZipTaintTracking.go:360:58:360:63 | source : interface type | ArchiveZipTaintTracking.go:360:10:360:64 | call to TaintStepTest_ArchiveZipWriterSetComment_B0I0O0 : Writer | +| ArchiveTar.go:148:13:148:23 | call to newSource : interface type | ArchiveTar.go:150:56:150:61 | source : interface type | +| ArchiveTar.go:150:10:150:62 | call to TaintStepTest_ArchiveTarFileInfoHeader_B0I0O0 : pointer type | ArchiveTar.go:152:8:152:10 | out | +| ArchiveTar.go:150:56:150:61 | source : interface type | ArchiveTar.go:150:10:150:62 | call to TaintStepTest_ArchiveTarFileInfoHeader_B0I0O0 : pointer type | +| ArchiveTar.go:156:13:156:23 | call to newSource : interface type | ArchiveTar.go:158:51:158:56 | source : interface type | +| ArchiveTar.go:158:10:158:57 | call to TaintStepTest_ArchiveTarNewReader_B0I0O0 : pointer type | ArchiveTar.go:160:8:160:10 | out | +| ArchiveTar.go:158:51:158:56 | source : interface type | ArchiveTar.go:158:10:158:57 | call to TaintStepTest_ArchiveTarNewReader_B0I0O0 : pointer type | +| ArchiveTar.go:164:13:164:23 | call to newSource : interface type | ArchiveTar.go:166:51:166:56 | source : interface type | +| ArchiveTar.go:166:10:166:57 | call to TaintStepTest_ArchiveTarNewWriter_B0I0O0 : Writer | ArchiveTar.go:168:8:168:10 | out | +| ArchiveTar.go:166:51:166:56 | source : interface type | ArchiveTar.go:166:10:166:57 | call to TaintStepTest_ArchiveTarNewWriter_B0I0O0 : Writer | +| ArchiveTar.go:172:13:172:23 | call to newSource : interface type | ArchiveTar.go:174:56:174:61 | source : interface type | +| ArchiveTar.go:174:10:174:62 | call to TaintStepTest_ArchiveTarHeaderFileInfo_B0I0O0 : FileInfo | ArchiveTar.go:176:8:176:10 | out | +| ArchiveTar.go:174:56:174:61 | source : interface type | ArchiveTar.go:174:10:174:62 | call to TaintStepTest_ArchiveTarHeaderFileInfo_B0I0O0 : FileInfo | +| ArchiveTar.go:180:13:180:23 | call to newSource : interface type | ArchiveTar.go:182:52:182:57 | source : interface type | +| ArchiveTar.go:182:10:182:58 | call to TaintStepTest_ArchiveTarReaderNext_B0I0O0 : pointer type | ArchiveTar.go:184:8:184:10 | out | +| ArchiveTar.go:182:52:182:57 | source : interface type | ArchiveTar.go:182:10:182:58 | call to TaintStepTest_ArchiveTarReaderNext_B0I0O0 : pointer type | +| ArchiveTar.go:188:13:188:23 | call to newSource : interface type | ArchiveTar.go:190:52:190:57 | source : interface type | +| ArchiveTar.go:190:10:190:58 | call to TaintStepTest_ArchiveTarReaderRead_B0I0O0 : slice type | ArchiveTar.go:192:8:192:10 | out | +| ArchiveTar.go:190:52:190:57 | source : interface type | ArchiveTar.go:190:10:190:58 | call to TaintStepTest_ArchiveTarReaderRead_B0I0O0 : slice type | +| ArchiveTar.go:196:13:196:23 | call to newSource : interface type | ArchiveTar.go:198:53:198:58 | source : interface type | +| ArchiveTar.go:198:10:198:59 | call to TaintStepTest_ArchiveTarWriterWrite_B0I0O0 : Writer | ArchiveTar.go:200:8:200:10 | out | +| ArchiveTar.go:198:53:198:58 | source : interface type | ArchiveTar.go:198:10:198:59 | call to TaintStepTest_ArchiveTarWriterWrite_B0I0O0 : Writer | +| ArchiveTar.go:204:13:204:23 | call to newSource : interface type | ArchiveTar.go:206:59:206:64 | source : interface type | +| ArchiveTar.go:206:10:206:65 | call to TaintStepTest_ArchiveTarWriterWriteHeader_B0I0O0 : Writer | ArchiveTar.go:208:8:208:10 | out | +| ArchiveTar.go:206:59:206:64 | source : interface type | ArchiveTar.go:206:10:206:65 | call to TaintStepTest_ArchiveTarWriterWriteHeader_B0I0O0 : Writer | +| ArchiveZip.go:134:13:134:23 | call to newSource : interface type | ArchiveZip.go:136:56:136:61 | source : interface type | +| ArchiveZip.go:136:10:136:62 | call to TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0 : pointer type | ArchiveZip.go:138:8:138:10 | out | +| ArchiveZip.go:136:56:136:61 | source : interface type | ArchiveZip.go:136:10:136:62 | call to TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0 : pointer type | +| ArchiveZip.go:142:13:142:23 | call to newSource : interface type | ArchiveZip.go:144:51:144:56 | source : interface type | +| ArchiveZip.go:144:10:144:57 | call to TaintStepTest_ArchiveZipNewReader_B0I0O0 : pointer type | ArchiveZip.go:146:8:146:10 | out | +| ArchiveZip.go:144:51:144:56 | source : interface type | ArchiveZip.go:144:10:144:57 | call to TaintStepTest_ArchiveZipNewReader_B0I0O0 : pointer type | +| ArchiveZip.go:150:13:150:23 | call to newSource : interface type | ArchiveZip.go:152:51:152:56 | source : interface type | +| ArchiveZip.go:152:10:152:57 | call to TaintStepTest_ArchiveZipNewWriter_B0I0O0 : Writer | ArchiveZip.go:154:8:154:10 | out | +| ArchiveZip.go:152:51:152:56 | source : interface type | ArchiveZip.go:152:10:152:57 | call to TaintStepTest_ArchiveZipNewWriter_B0I0O0 : Writer | +| ArchiveZip.go:158:13:158:23 | call to newSource : interface type | ArchiveZip.go:160:52:160:57 | source : interface type | +| ArchiveZip.go:160:10:160:58 | call to TaintStepTest_ArchiveZipOpenReader_B0I0O0 : pointer type | ArchiveZip.go:162:8:162:10 | out | +| ArchiveZip.go:160:52:160:57 | source : interface type | ArchiveZip.go:160:10:160:58 | call to TaintStepTest_ArchiveZipOpenReader_B0I0O0 : pointer type | +| ArchiveZip.go:166:13:166:23 | call to newSource : interface type | ArchiveZip.go:168:50:168:55 | source : interface type | +| ArchiveZip.go:168:10:168:56 | call to TaintStepTest_ArchiveZipFileOpen_B0I0O0 : ReadCloser | ArchiveZip.go:170:8:170:10 | out | +| ArchiveZip.go:168:50:168:55 | source : interface type | ArchiveZip.go:168:10:168:56 | call to TaintStepTest_ArchiveZipFileOpen_B0I0O0 : ReadCloser | +| ArchiveZip.go:174:13:174:23 | call to newSource : interface type | ArchiveZip.go:176:54:176:59 | source : interface type | +| ArchiveZip.go:176:10:176:60 | call to TaintStepTest_ArchiveZipWriterCreate_B0I0O0 : Writer | ArchiveZip.go:178:8:178:10 | out | +| ArchiveZip.go:176:54:176:59 | source : interface type | ArchiveZip.go:176:10:176:60 | call to TaintStepTest_ArchiveZipWriterCreate_B0I0O0 : Writer | +| ArchiveZip.go:182:13:182:23 | call to newSource : interface type | ArchiveZip.go:184:60:184:65 | source : interface type | +| ArchiveZip.go:184:10:184:66 | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0 : Writer | ArchiveZip.go:186:8:186:10 | out | +| ArchiveZip.go:184:60:184:65 | source : interface type | ArchiveZip.go:184:10:184:66 | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0 : Writer | nodes -| ArchiveTarTaintTracking.go:148:13:148:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveTarTaintTracking.go:150:10:150:62 | call to TaintStepTest_ArchiveTarFileInfoHeader_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveTarFileInfoHeader_B0I0O0 : pointer type | -| ArchiveTarTaintTracking.go:150:56:150:61 | source : interface type | semmle.label | source : interface type | -| ArchiveTarTaintTracking.go:152:8:152:10 | out | semmle.label | out | -| ArchiveTarTaintTracking.go:156:13:156:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveTarTaintTracking.go:158:10:158:57 | call to TaintStepTest_ArchiveTarNewReader_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveTarNewReader_B0I0O0 : pointer type | -| ArchiveTarTaintTracking.go:158:51:158:56 | source : interface type | semmle.label | source : interface type | -| ArchiveTarTaintTracking.go:160:8:160:10 | out | semmle.label | out | -| ArchiveTarTaintTracking.go:164:13:164:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveTarTaintTracking.go:166:10:166:57 | call to TaintStepTest_ArchiveTarNewWriter_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveTarNewWriter_B0I0O0 : Writer | -| ArchiveTarTaintTracking.go:166:51:166:56 | source : interface type | semmle.label | source : interface type | -| ArchiveTarTaintTracking.go:168:8:168:10 | out | semmle.label | out | -| ArchiveTarTaintTracking.go:172:13:172:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveTarTaintTracking.go:174:10:174:62 | call to TaintStepTest_ArchiveTarHeaderFileInfo_B0I0O0 : FileInfo | semmle.label | call to TaintStepTest_ArchiveTarHeaderFileInfo_B0I0O0 : FileInfo | -| ArchiveTarTaintTracking.go:174:56:174:61 | source : interface type | semmle.label | source : interface type | -| ArchiveTarTaintTracking.go:176:8:176:10 | out | semmle.label | out | -| ArchiveTarTaintTracking.go:180:13:180:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveTarTaintTracking.go:182:10:182:58 | call to TaintStepTest_ArchiveTarReaderNext_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveTarReaderNext_B0I0O0 : pointer type | -| ArchiveTarTaintTracking.go:182:52:182:57 | source : interface type | semmle.label | source : interface type | -| ArchiveTarTaintTracking.go:184:8:184:10 | out | semmle.label | out | -| ArchiveTarTaintTracking.go:188:13:188:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveTarTaintTracking.go:190:10:190:58 | call to TaintStepTest_ArchiveTarReaderRead_B0I0O0 : slice type | semmle.label | call to TaintStepTest_ArchiveTarReaderRead_B0I0O0 : slice type | -| ArchiveTarTaintTracking.go:190:52:190:57 | source : interface type | semmle.label | source : interface type | -| ArchiveTarTaintTracking.go:192:8:192:10 | out | semmle.label | out | -| ArchiveTarTaintTracking.go:196:13:196:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveTarTaintTracking.go:198:10:198:59 | call to TaintStepTest_ArchiveTarWriterWrite_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveTarWriterWrite_B0I0O0 : Writer | -| ArchiveTarTaintTracking.go:198:53:198:58 | source : interface type | semmle.label | source : interface type | -| ArchiveTarTaintTracking.go:200:8:200:10 | out | semmle.label | out | -| ArchiveTarTaintTracking.go:204:13:204:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveTarTaintTracking.go:206:10:206:65 | call to TaintStepTest_ArchiveTarWriterWriteHeader_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveTarWriterWriteHeader_B0I0O0 : Writer | -| ArchiveTarTaintTracking.go:206:59:206:64 | source : interface type | semmle.label | source : interface type | -| ArchiveTarTaintTracking.go:208:8:208:10 | out | semmle.label | out | -| ArchiveZipTaintTracking.go:254:13:254:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveZipTaintTracking.go:256:10:256:62 | call to TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0 : pointer type | -| ArchiveZipTaintTracking.go:256:56:256:61 | source : interface type | semmle.label | source : interface type | -| ArchiveZipTaintTracking.go:258:8:258:10 | out | semmle.label | out | -| ArchiveZipTaintTracking.go:262:13:262:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveZipTaintTracking.go:264:10:264:57 | call to TaintStepTest_ArchiveZipNewReader_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveZipNewReader_B0I0O0 : pointer type | -| ArchiveZipTaintTracking.go:264:51:264:56 | source : interface type | semmle.label | source : interface type | -| ArchiveZipTaintTracking.go:266:8:266:10 | out | semmle.label | out | -| ArchiveZipTaintTracking.go:270:13:270:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveZipTaintTracking.go:272:10:272:57 | call to TaintStepTest_ArchiveZipNewWriter_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveZipNewWriter_B0I0O0 : Writer | -| ArchiveZipTaintTracking.go:272:51:272:56 | source : interface type | semmle.label | source : interface type | -| ArchiveZipTaintTracking.go:274:8:274:10 | out | semmle.label | out | -| ArchiveZipTaintTracking.go:278:13:278:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveZipTaintTracking.go:280:10:280:58 | call to TaintStepTest_ArchiveZipOpenReader_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveZipOpenReader_B0I0O0 : pointer type | -| ArchiveZipTaintTracking.go:280:52:280:57 | source : interface type | semmle.label | source : interface type | -| ArchiveZipTaintTracking.go:282:8:282:10 | out | semmle.label | out | -| ArchiveZipTaintTracking.go:286:13:286:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveZipTaintTracking.go:288:10:288:56 | call to TaintStepTest_ArchiveZipFileOpen_B0I0O0 : ReadCloser | semmle.label | call to TaintStepTest_ArchiveZipFileOpen_B0I0O0 : ReadCloser | -| ArchiveZipTaintTracking.go:288:50:288:55 | source : interface type | semmle.label | source : interface type | -| ArchiveZipTaintTracking.go:290:8:290:10 | out | semmle.label | out | -| ArchiveZipTaintTracking.go:294:13:294:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveZipTaintTracking.go:296:10:296:66 | call to TaintStepTest_ArchiveZipFileHeaderFileInfo_B0I0O0 : FileInfo | semmle.label | call to TaintStepTest_ArchiveZipFileHeaderFileInfo_B0I0O0 : FileInfo | -| ArchiveZipTaintTracking.go:296:60:296:65 | source : interface type | semmle.label | source : interface type | -| ArchiveZipTaintTracking.go:298:8:298:10 | out | semmle.label | out | -| ArchiveZipTaintTracking.go:302:13:302:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveZipTaintTracking.go:304:10:304:62 | call to TaintStepTest_ArchiveZipFileHeaderMode_B0I0O0 : FileMode | semmle.label | call to TaintStepTest_ArchiveZipFileHeaderMode_B0I0O0 : FileMode | -| ArchiveZipTaintTracking.go:304:56:304:61 | source : interface type | semmle.label | source : interface type | -| ArchiveZipTaintTracking.go:306:8:306:10 | out | semmle.label | out | -| ArchiveZipTaintTracking.go:310:13:310:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveZipTaintTracking.go:312:10:312:65 | call to TaintStepTest_ArchiveZipFileHeaderSetMode_B0I0O0 : FileHeader | semmle.label | call to TaintStepTest_ArchiveZipFileHeaderSetMode_B0I0O0 : FileHeader | -| ArchiveZipTaintTracking.go:312:59:312:64 | source : interface type | semmle.label | source : interface type | -| ArchiveZipTaintTracking.go:314:8:314:10 | out | semmle.label | out | -| ArchiveZipTaintTracking.go:318:13:318:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveZipTaintTracking.go:320:10:320:74 | call to TaintStepTest_ArchiveZipReaderRegisterDecompressor_B0I0O0 : Reader | semmle.label | call to TaintStepTest_ArchiveZipReaderRegisterDecompressor_B0I0O0 : Reader | -| ArchiveZipTaintTracking.go:320:68:320:73 | source : interface type | semmle.label | source : interface type | -| ArchiveZipTaintTracking.go:322:8:322:10 | out | semmle.label | out | -| ArchiveZipTaintTracking.go:326:13:326:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveZipTaintTracking.go:328:10:328:60 | call to TaintStepTest_ArchiveZipWriterCreate_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveZipWriterCreate_B0I0O0 : Writer | -| ArchiveZipTaintTracking.go:328:54:328:59 | source : interface type | semmle.label | source : interface type | -| ArchiveZipTaintTracking.go:330:8:330:10 | out | semmle.label | out | -| ArchiveZipTaintTracking.go:334:13:334:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveZipTaintTracking.go:336:10:336:66 | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0 : Writer | -| ArchiveZipTaintTracking.go:336:60:336:65 | source : interface type | semmle.label | source : interface type | -| ArchiveZipTaintTracking.go:338:8:338:10 | out | semmle.label | out | -| ArchiveZipTaintTracking.go:342:13:342:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveZipTaintTracking.go:344:10:344:66 | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I1O0 : Writer | semmle.label | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I1O0 : Writer | -| ArchiveZipTaintTracking.go:344:60:344:65 | source : interface type | semmle.label | source : interface type | -| ArchiveZipTaintTracking.go:346:8:346:10 | out | semmle.label | out | -| ArchiveZipTaintTracking.go:350:13:350:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveZipTaintTracking.go:352:10:352:72 | call to TaintStepTest_ArchiveZipWriterRegisterCompressor_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveZipWriterRegisterCompressor_B0I0O0 : Writer | -| ArchiveZipTaintTracking.go:352:66:352:71 | source : interface type | semmle.label | source : interface type | -| ArchiveZipTaintTracking.go:354:8:354:10 | out | semmle.label | out | -| ArchiveZipTaintTracking.go:358:13:358:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveZipTaintTracking.go:360:10:360:64 | call to TaintStepTest_ArchiveZipWriterSetComment_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveZipWriterSetComment_B0I0O0 : Writer | -| ArchiveZipTaintTracking.go:360:58:360:63 | source : interface type | semmle.label | source : interface type | -| ArchiveZipTaintTracking.go:362:8:362:10 | out | semmle.label | out | +| ArchiveTar.go:148:13:148:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveTar.go:150:10:150:62 | call to TaintStepTest_ArchiveTarFileInfoHeader_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveTarFileInfoHeader_B0I0O0 : pointer type | +| ArchiveTar.go:150:56:150:61 | source : interface type | semmle.label | source : interface type | +| ArchiveTar.go:152:8:152:10 | out | semmle.label | out | +| ArchiveTar.go:156:13:156:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveTar.go:158:10:158:57 | call to TaintStepTest_ArchiveTarNewReader_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveTarNewReader_B0I0O0 : pointer type | +| ArchiveTar.go:158:51:158:56 | source : interface type | semmle.label | source : interface type | +| ArchiveTar.go:160:8:160:10 | out | semmle.label | out | +| ArchiveTar.go:164:13:164:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveTar.go:166:10:166:57 | call to TaintStepTest_ArchiveTarNewWriter_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveTarNewWriter_B0I0O0 : Writer | +| ArchiveTar.go:166:51:166:56 | source : interface type | semmle.label | source : interface type | +| ArchiveTar.go:168:8:168:10 | out | semmle.label | out | +| ArchiveTar.go:172:13:172:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveTar.go:174:10:174:62 | call to TaintStepTest_ArchiveTarHeaderFileInfo_B0I0O0 : FileInfo | semmle.label | call to TaintStepTest_ArchiveTarHeaderFileInfo_B0I0O0 : FileInfo | +| ArchiveTar.go:174:56:174:61 | source : interface type | semmle.label | source : interface type | +| ArchiveTar.go:176:8:176:10 | out | semmle.label | out | +| ArchiveTar.go:180:13:180:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveTar.go:182:10:182:58 | call to TaintStepTest_ArchiveTarReaderNext_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveTarReaderNext_B0I0O0 : pointer type | +| ArchiveTar.go:182:52:182:57 | source : interface type | semmle.label | source : interface type | +| ArchiveTar.go:184:8:184:10 | out | semmle.label | out | +| ArchiveTar.go:188:13:188:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveTar.go:190:10:190:58 | call to TaintStepTest_ArchiveTarReaderRead_B0I0O0 : slice type | semmle.label | call to TaintStepTest_ArchiveTarReaderRead_B0I0O0 : slice type | +| ArchiveTar.go:190:52:190:57 | source : interface type | semmle.label | source : interface type | +| ArchiveTar.go:192:8:192:10 | out | semmle.label | out | +| ArchiveTar.go:196:13:196:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveTar.go:198:10:198:59 | call to TaintStepTest_ArchiveTarWriterWrite_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveTarWriterWrite_B0I0O0 : Writer | +| ArchiveTar.go:198:53:198:58 | source : interface type | semmle.label | source : interface type | +| ArchiveTar.go:200:8:200:10 | out | semmle.label | out | +| ArchiveTar.go:204:13:204:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveTar.go:206:10:206:65 | call to TaintStepTest_ArchiveTarWriterWriteHeader_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveTarWriterWriteHeader_B0I0O0 : Writer | +| ArchiveTar.go:206:59:206:64 | source : interface type | semmle.label | source : interface type | +| ArchiveTar.go:208:8:208:10 | out | semmle.label | out | +| ArchiveZip.go:134:13:134:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveZip.go:136:10:136:62 | call to TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0 : pointer type | +| ArchiveZip.go:136:56:136:61 | source : interface type | semmle.label | source : interface type | +| ArchiveZip.go:138:8:138:10 | out | semmle.label | out | +| ArchiveZip.go:142:13:142:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveZip.go:144:10:144:57 | call to TaintStepTest_ArchiveZipNewReader_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveZipNewReader_B0I0O0 : pointer type | +| ArchiveZip.go:144:51:144:56 | source : interface type | semmle.label | source : interface type | +| ArchiveZip.go:146:8:146:10 | out | semmle.label | out | +| ArchiveZip.go:150:13:150:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveZip.go:152:10:152:57 | call to TaintStepTest_ArchiveZipNewWriter_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveZipNewWriter_B0I0O0 : Writer | +| ArchiveZip.go:152:51:152:56 | source : interface type | semmle.label | source : interface type | +| ArchiveZip.go:154:8:154:10 | out | semmle.label | out | +| ArchiveZip.go:158:13:158:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveZip.go:160:10:160:58 | call to TaintStepTest_ArchiveZipOpenReader_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveZipOpenReader_B0I0O0 : pointer type | +| ArchiveZip.go:160:52:160:57 | source : interface type | semmle.label | source : interface type | +| ArchiveZip.go:162:8:162:10 | out | semmle.label | out | +| ArchiveZip.go:166:13:166:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveZip.go:168:10:168:56 | call to TaintStepTest_ArchiveZipFileOpen_B0I0O0 : ReadCloser | semmle.label | call to TaintStepTest_ArchiveZipFileOpen_B0I0O0 : ReadCloser | +| ArchiveZip.go:168:50:168:55 | source : interface type | semmle.label | source : interface type | +| ArchiveZip.go:170:8:170:10 | out | semmle.label | out | +| ArchiveZip.go:174:13:174:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveZip.go:176:10:176:60 | call to TaintStepTest_ArchiveZipWriterCreate_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveZipWriterCreate_B0I0O0 : Writer | +| ArchiveZip.go:176:54:176:59 | source : interface type | semmle.label | source : interface type | +| ArchiveZip.go:178:8:178:10 | out | semmle.label | out | +| ArchiveZip.go:182:13:182:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | +| ArchiveZip.go:184:10:184:66 | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0 : Writer | +| ArchiveZip.go:184:60:184:65 | source : interface type | semmle.label | source : interface type | +| ArchiveZip.go:186:8:186:10 | out | semmle.label | out | #select -| ArchiveTarTaintTracking.go:152:8:152:10 | out | ArchiveTarTaintTracking.go:148:13:148:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:152:8:152:10 | out | Flow from $@. | ArchiveTarTaintTracking.go:148:13:148:23 | call to newSource | source | -| ArchiveTarTaintTracking.go:160:8:160:10 | out | ArchiveTarTaintTracking.go:156:13:156:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:160:8:160:10 | out | Flow from $@. | ArchiveTarTaintTracking.go:156:13:156:23 | call to newSource | source | -| ArchiveTarTaintTracking.go:168:8:168:10 | out | ArchiveTarTaintTracking.go:164:13:164:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:168:8:168:10 | out | Flow from $@. | ArchiveTarTaintTracking.go:164:13:164:23 | call to newSource | source | -| ArchiveTarTaintTracking.go:176:8:176:10 | out | ArchiveTarTaintTracking.go:172:13:172:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:176:8:176:10 | out | Flow from $@. | ArchiveTarTaintTracking.go:172:13:172:23 | call to newSource | source | -| ArchiveTarTaintTracking.go:184:8:184:10 | out | ArchiveTarTaintTracking.go:180:13:180:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:184:8:184:10 | out | Flow from $@. | ArchiveTarTaintTracking.go:180:13:180:23 | call to newSource | source | -| ArchiveTarTaintTracking.go:192:8:192:10 | out | ArchiveTarTaintTracking.go:188:13:188:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:192:8:192:10 | out | Flow from $@. | ArchiveTarTaintTracking.go:188:13:188:23 | call to newSource | source | -| ArchiveTarTaintTracking.go:200:8:200:10 | out | ArchiveTarTaintTracking.go:196:13:196:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:200:8:200:10 | out | Flow from $@. | ArchiveTarTaintTracking.go:196:13:196:23 | call to newSource | source | -| ArchiveTarTaintTracking.go:208:8:208:10 | out | ArchiveTarTaintTracking.go:204:13:204:23 | call to newSource : interface type | ArchiveTarTaintTracking.go:208:8:208:10 | out | Flow from $@. | ArchiveTarTaintTracking.go:204:13:204:23 | call to newSource | source | -| ArchiveZipTaintTracking.go:258:8:258:10 | out | ArchiveZipTaintTracking.go:254:13:254:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:258:8:258:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:254:13:254:23 | call to newSource | source | -| ArchiveZipTaintTracking.go:266:8:266:10 | out | ArchiveZipTaintTracking.go:262:13:262:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:266:8:266:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:262:13:262:23 | call to newSource | source | -| ArchiveZipTaintTracking.go:274:8:274:10 | out | ArchiveZipTaintTracking.go:270:13:270:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:274:8:274:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:270:13:270:23 | call to newSource | source | -| ArchiveZipTaintTracking.go:282:8:282:10 | out | ArchiveZipTaintTracking.go:278:13:278:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:282:8:282:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:278:13:278:23 | call to newSource | source | -| ArchiveZipTaintTracking.go:290:8:290:10 | out | ArchiveZipTaintTracking.go:286:13:286:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:290:8:290:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:286:13:286:23 | call to newSource | source | -| ArchiveZipTaintTracking.go:298:8:298:10 | out | ArchiveZipTaintTracking.go:294:13:294:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:298:8:298:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:294:13:294:23 | call to newSource | source | -| ArchiveZipTaintTracking.go:306:8:306:10 | out | ArchiveZipTaintTracking.go:302:13:302:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:306:8:306:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:302:13:302:23 | call to newSource | source | -| ArchiveZipTaintTracking.go:314:8:314:10 | out | ArchiveZipTaintTracking.go:310:13:310:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:314:8:314:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:310:13:310:23 | call to newSource | source | -| ArchiveZipTaintTracking.go:322:8:322:10 | out | ArchiveZipTaintTracking.go:318:13:318:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:322:8:322:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:318:13:318:23 | call to newSource | source | -| ArchiveZipTaintTracking.go:330:8:330:10 | out | ArchiveZipTaintTracking.go:326:13:326:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:330:8:330:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:326:13:326:23 | call to newSource | source | -| ArchiveZipTaintTracking.go:338:8:338:10 | out | ArchiveZipTaintTracking.go:334:13:334:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:338:8:338:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:334:13:334:23 | call to newSource | source | -| ArchiveZipTaintTracking.go:346:8:346:10 | out | ArchiveZipTaintTracking.go:342:13:342:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:346:8:346:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:342:13:342:23 | call to newSource | source | -| ArchiveZipTaintTracking.go:354:8:354:10 | out | ArchiveZipTaintTracking.go:350:13:350:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:354:8:354:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:350:13:350:23 | call to newSource | source | -| ArchiveZipTaintTracking.go:362:8:362:10 | out | ArchiveZipTaintTracking.go:358:13:358:23 | call to newSource : interface type | ArchiveZipTaintTracking.go:362:8:362:10 | out | Flow from $@. | ArchiveZipTaintTracking.go:358:13:358:23 | call to newSource | source | +| ArchiveTar.go:152:8:152:10 | out | ArchiveTar.go:148:13:148:23 | call to newSource : interface type | ArchiveTar.go:152:8:152:10 | out | Flow from $@. | ArchiveTar.go:148:13:148:23 | call to newSource | source | +| ArchiveTar.go:160:8:160:10 | out | ArchiveTar.go:156:13:156:23 | call to newSource : interface type | ArchiveTar.go:160:8:160:10 | out | Flow from $@. | ArchiveTar.go:156:13:156:23 | call to newSource | source | +| ArchiveTar.go:168:8:168:10 | out | ArchiveTar.go:164:13:164:23 | call to newSource : interface type | ArchiveTar.go:168:8:168:10 | out | Flow from $@. | ArchiveTar.go:164:13:164:23 | call to newSource | source | +| ArchiveTar.go:176:8:176:10 | out | ArchiveTar.go:172:13:172:23 | call to newSource : interface type | ArchiveTar.go:176:8:176:10 | out | Flow from $@. | ArchiveTar.go:172:13:172:23 | call to newSource | source | +| ArchiveTar.go:184:8:184:10 | out | ArchiveTar.go:180:13:180:23 | call to newSource : interface type | ArchiveTar.go:184:8:184:10 | out | Flow from $@. | ArchiveTar.go:180:13:180:23 | call to newSource | source | +| ArchiveTar.go:192:8:192:10 | out | ArchiveTar.go:188:13:188:23 | call to newSource : interface type | ArchiveTar.go:192:8:192:10 | out | Flow from $@. | ArchiveTar.go:188:13:188:23 | call to newSource | source | +| ArchiveTar.go:200:8:200:10 | out | ArchiveTar.go:196:13:196:23 | call to newSource : interface type | ArchiveTar.go:200:8:200:10 | out | Flow from $@. | ArchiveTar.go:196:13:196:23 | call to newSource | source | +| ArchiveTar.go:208:8:208:10 | out | ArchiveTar.go:204:13:204:23 | call to newSource : interface type | ArchiveTar.go:208:8:208:10 | out | Flow from $@. | ArchiveTar.go:204:13:204:23 | call to newSource | source | +| ArchiveZip.go:138:8:138:10 | out | ArchiveZip.go:134:13:134:23 | call to newSource : interface type | ArchiveZip.go:138:8:138:10 | out | Flow from $@. | ArchiveZip.go:134:13:134:23 | call to newSource | source | +| ArchiveZip.go:146:8:146:10 | out | ArchiveZip.go:142:13:142:23 | call to newSource : interface type | ArchiveZip.go:146:8:146:10 | out | Flow from $@. | ArchiveZip.go:142:13:142:23 | call to newSource | source | +| ArchiveZip.go:154:8:154:10 | out | ArchiveZip.go:150:13:150:23 | call to newSource : interface type | ArchiveZip.go:154:8:154:10 | out | Flow from $@. | ArchiveZip.go:150:13:150:23 | call to newSource | source | +| ArchiveZip.go:162:8:162:10 | out | ArchiveZip.go:158:13:158:23 | call to newSource : interface type | ArchiveZip.go:162:8:162:10 | out | Flow from $@. | ArchiveZip.go:158:13:158:23 | call to newSource | source | +| ArchiveZip.go:170:8:170:10 | out | ArchiveZip.go:166:13:166:23 | call to newSource : interface type | ArchiveZip.go:170:8:170:10 | out | Flow from $@. | ArchiveZip.go:166:13:166:23 | call to newSource | source | +| ArchiveZip.go:178:8:178:10 | out | ArchiveZip.go:174:13:174:23 | call to newSource : interface type | ArchiveZip.go:178:8:178:10 | out | Flow from $@. | ArchiveZip.go:174:13:174:23 | call to newSource | source | +| ArchiveZip.go:186:8:186:10 | out | ArchiveZip.go:182:13:182:23 | call to newSource : interface type | ArchiveZip.go:186:8:186:10 | out | Flow from $@. | ArchiveZip.go:182:13:182:23 | call to newSource | source | From 19348d2773c276926d353ff15b0e6a26af4d49bf Mon Sep 17 00:00:00 2001 From: Slavomir Date: Sun, 12 Jul 2020 17:51:22 +0300 Subject: [PATCH 4/7] Simplify tests --- .../frameworks/StdlibTaintFlow/ArchiveTar.go | 195 ++++-------------- .../frameworks/StdlibTaintFlow/ArchiveZip.go | 175 ++++------------ .../StdlibTaintFlow/StdlibTaintFlow.expected | 123 ----------- .../StdlibTaintFlow/StdlibTaintFlow.ql | 56 +++-- 4 files changed, 123 insertions(+), 426 deletions(-) diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveTar.go b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveTar.go index 3499d475..cfa5661c 100644 --- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveTar.go +++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveTar.go @@ -9,202 +9,97 @@ import ( ) func TaintStepTest_ArchiveTarFileInfoHeader_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromFileInfo291` into `intoHeader926`. - - // Assume that `sourceCQL` has the underlying type of `fromFileInfo291`: - fromFileInfo291 := sourceCQL.(os.FileInfo) - - // Call the function that transfers the taint - // from the parameter `fromFileInfo291` to result `intoHeader926` - // (`intoHeader926` is now tainted). - intoHeader926, _ := tar.FileInfoHeader(fromFileInfo291, "") - - // Return the tainted `intoHeader926`: - return intoHeader926 + fromFileInfo656 := sourceCQL.(os.FileInfo) + intoHeader414, _ := tar.FileInfoHeader(fromFileInfo656, "") + return intoHeader414 } func TaintStepTest_ArchiveTarNewReader_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromReader527` into `intoReader503`. - - // Assume that `sourceCQL` has the underlying type of `fromReader527`: - fromReader527 := sourceCQL.(io.Reader) - - // Call the function that transfers the taint - // from the parameter `fromReader527` to result `intoReader503` - // (`intoReader503` is now tainted). - intoReader503 := tar.NewReader(fromReader527) - - // Return the tainted `intoReader503`: - return intoReader503 + fromReader518 := sourceCQL.(io.Reader) + intoReader650 := tar.NewReader(fromReader518) + return intoReader650 } func TaintStepTest_ArchiveTarNewWriter_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromWriter907` into `intoWriter317`. - - // Assume that `sourceCQL` has the underlying type of `fromWriter907`: - fromWriter907 := sourceCQL.(*tar.Writer) - - // Declare `intoWriter317` variable: - var intoWriter317 io.Writer - - // Call the function that will transfer the taint - // from the result `intermediateCQL` to parameter `intoWriter317`: - intermediateCQL := tar.NewWriter(intoWriter317) - - // Extra step (`fromWriter907` taints `intermediateCQL`, which taints `intoWriter317`: - link(fromWriter907, intermediateCQL) - - // Return the tainted `intoWriter317`: - return intoWriter317 + fromWriter784 := sourceCQL.(*tar.Writer) + var intoWriter957 io.Writer + intermediateCQL := tar.NewWriter(intoWriter957) + link(fromWriter784, intermediateCQL) + return intoWriter957 } func TaintStepTest_ArchiveTarHeaderFileInfo_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromHeader460` into `intoFileInfo402`. - - // Assume that `sourceCQL` has the underlying type of `fromHeader460`: - fromHeader460 := sourceCQL.(tar.Header) - - // Call the method that transfers the taint - // from the receiver `fromHeader460` to the result `intoFileInfo402` - // (`intoFileInfo402` is now tainted). - intoFileInfo402 := fromHeader460.FileInfo() - - // Return the tainted `intoFileInfo402`: - return intoFileInfo402 + fromHeader520 := sourceCQL.(tar.Header) + intoFileInfo443 := fromHeader520.FileInfo() + return intoFileInfo443 } func TaintStepTest_ArchiveTarReaderNext_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromReader994` into `intoHeader183`. - - // Assume that `sourceCQL` has the underlying type of `fromReader994`: - fromReader994 := sourceCQL.(tar.Reader) - - // Call the method that transfers the taint - // from the receiver `fromReader994` to the result `intoHeader183` - // (`intoHeader183` is now tainted). - intoHeader183, _ := fromReader994.Next() - - // Return the tainted `intoHeader183`: - return intoHeader183 + fromReader127 := sourceCQL.(tar.Reader) + intoHeader483, _ := fromReader127.Next() + return intoHeader483 } func TaintStepTest_ArchiveTarReaderRead_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromReader746` into `intoByte905`. - - // Assume that `sourceCQL` has the underlying type of `fromReader746`: - fromReader746 := sourceCQL.(tar.Reader) - - // Declare `intoByte905` variable: - var intoByte905 []byte - - // Call the method that transfers the taint - // from the receiver `fromReader746` to the argument `intoByte905` - // (`intoByte905` is now tainted). - fromReader746.Read(intoByte905) - - // Return the tainted `intoByte905`: - return intoByte905 + fromReader989 := sourceCQL.(tar.Reader) + var intoByte982 []byte + fromReader989.Read(intoByte982) + return intoByte982 } func TaintStepTest_ArchiveTarWriterWrite_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromByte262` into `intoWriter837`. - - // Assume that `sourceCQL` has the underlying type of `fromByte262`: - fromByte262 := sourceCQL.([]byte) - - // Declare `intoWriter837` variable: - var intoWriter837 tar.Writer - - // Call the method that transfers the taint - // from the parameter `fromByte262` to the receiver `intoWriter837` - // (`intoWriter837` is now tainted). - intoWriter837.Write(fromByte262) - - // Return the tainted `intoWriter837`: - return intoWriter837 + fromByte417 := sourceCQL.([]byte) + var intoWriter584 tar.Writer + intoWriter584.Write(fromByte417) + return intoWriter584 } func TaintStepTest_ArchiveTarWriterWriteHeader_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromHeader798` into `intoWriter568`. - - // Assume that `sourceCQL` has the underlying type of `fromHeader798`: - fromHeader798 := sourceCQL.(*tar.Header) - - // Declare `intoWriter568` variable: - var intoWriter568 tar.Writer - - // Call the method that transfers the taint - // from the parameter `fromHeader798` to the receiver `intoWriter568` - // (`intoWriter568` is now tainted). - intoWriter568.WriteHeader(fromHeader798) - - // Return the tainted `intoWriter568`: - return intoWriter568 + fromHeader991 := sourceCQL.(*tar.Header) + var intoWriter881 tar.Writer + intoWriter881.WriteHeader(fromHeader991) + return intoWriter881 } func RunAllTaints_ArchiveTar() { { - // Create a new source: - source := newSource() - // Run the taint scenario: + source := newSource(0) out := TaintStepTest_ArchiveTarFileInfoHeader_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) + sink(0, out) } { - // Create a new source: - source := newSource() - // Run the taint scenario: + source := newSource(1) out := TaintStepTest_ArchiveTarNewReader_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) + sink(1, out) } { - // Create a new source: - source := newSource() - // Run the taint scenario: + source := newSource(2) out := TaintStepTest_ArchiveTarNewWriter_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) + sink(2, out) } { - // Create a new source: - source := newSource() - // Run the taint scenario: + source := newSource(3) out := TaintStepTest_ArchiveTarHeaderFileInfo_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) + sink(3, out) } { - // Create a new source: - source := newSource() - // Run the taint scenario: + source := newSource(4) out := TaintStepTest_ArchiveTarReaderNext_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) + sink(4, out) } { - // Create a new source: - source := newSource() - // Run the taint scenario: + source := newSource(5) out := TaintStepTest_ArchiveTarReaderRead_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) + sink(5, out) } { - // Create a new source: - source := newSource() - // Run the taint scenario: + source := newSource(6) out := TaintStepTest_ArchiveTarWriterWrite_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) + sink(6, out) } { - // Create a new source: - source := newSource() - // Run the taint scenario: + source := newSource(7) out := TaintStepTest_ArchiveTarWriterWriteHeader_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) + sink(7, out) } } diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveZip.go b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveZip.go index e127eeb9..715ba393 100644 --- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveZip.go +++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveZip.go @@ -9,180 +9,87 @@ import ( ) func TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromFileInfo785` into `intoFileHeader724`. - - // Assume that `sourceCQL` has the underlying type of `fromFileInfo785`: - fromFileInfo785 := sourceCQL.(os.FileInfo) - - // Call the function that transfers the taint - // from the parameter `fromFileInfo785` to result `intoFileHeader724` - // (`intoFileHeader724` is now tainted). - intoFileHeader724, _ := zip.FileInfoHeader(fromFileInfo785) - - // Return the tainted `intoFileHeader724`: - return intoFileHeader724 + fromFileInfo656 := sourceCQL.(os.FileInfo) + intoFileHeader414, _ := zip.FileInfoHeader(fromFileInfo656) + return intoFileHeader414 } func TaintStepTest_ArchiveZipNewReader_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromReaderAt469` into `intoReader991`. - - // Assume that `sourceCQL` has the underlying type of `fromReaderAt469`: - fromReaderAt469 := sourceCQL.(io.ReaderAt) - - // Call the function that transfers the taint - // from the parameter `fromReaderAt469` to result `intoReader991` - // (`intoReader991` is now tainted). - intoReader991, _ := zip.NewReader(fromReaderAt469, 0) - - // Return the tainted `intoReader991`: - return intoReader991 + fromReaderAt518 := sourceCQL.(io.ReaderAt) + intoReader650, _ := zip.NewReader(fromReaderAt518, 0) + return intoReader650 } func TaintStepTest_ArchiveZipNewWriter_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromWriter132` into `intoWriter263`. - - // Assume that `sourceCQL` has the underlying type of `fromWriter132`: - fromWriter132 := sourceCQL.(*zip.Writer) - - // Declare `intoWriter263` variable: - var intoWriter263 io.Writer - - // Call the function that will transfer the taint - // from the result `intermediateCQL` to parameter `intoWriter263`: - intermediateCQL := zip.NewWriter(intoWriter263) - - // Extra step (`fromWriter132` taints `intermediateCQL`, which taints `intoWriter263`: - link(fromWriter132, intermediateCQL) - - // Return the tainted `intoWriter263`: - return intoWriter263 + fromWriter784 := sourceCQL.(*zip.Writer) + var intoWriter957 io.Writer + intermediateCQL := zip.NewWriter(intoWriter957) + link(fromWriter784, intermediateCQL) + return intoWriter957 } func TaintStepTest_ArchiveZipOpenReader_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromString370` into `intoReadCloser611`. - - // Assume that `sourceCQL` has the underlying type of `fromString370`: - fromString370 := sourceCQL.(string) - - // Call the function that transfers the taint - // from the parameter `fromString370` to result `intoReadCloser611` - // (`intoReadCloser611` is now tainted). - intoReadCloser611, _ := zip.OpenReader(fromString370) - - // Return the tainted `intoReadCloser611`: - return intoReadCloser611 + fromString520 := sourceCQL.(string) + intoReadCloser443, _ := zip.OpenReader(fromString520) + return intoReadCloser443 } func TaintStepTest_ArchiveZipFileOpen_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromFile148` into `intoReadCloser252`. - - // Assume that `sourceCQL` has the underlying type of `fromFile148`: - fromFile148 := sourceCQL.(zip.File) - - // Call the method that transfers the taint - // from the receiver `fromFile148` to the result `intoReadCloser252` - // (`intoReadCloser252` is now tainted). - intoReadCloser252, _ := fromFile148.Open() - - // Return the tainted `intoReadCloser252`: - return intoReadCloser252 + fromFile127 := sourceCQL.(zip.File) + intoReadCloser483, _ := fromFile127.Open() + return intoReadCloser483 } func TaintStepTest_ArchiveZipWriterCreate_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromWriter910` into `intoWriter583`. - - // Assume that `sourceCQL` has the underlying type of `fromWriter910`: - fromWriter910 := sourceCQL.(io.Writer) - - // Declare `intoWriter583` variable: - var intoWriter583 zip.Writer - - // Call the method that will transfer the taint - // from the result `intermediateCQL` to receiver `intoWriter583`: - intermediateCQL, _ := intoWriter583.Create("") - - // Extra step (`fromWriter910` taints `intermediateCQL`, which taints `intoWriter583`: - link(fromWriter910, intermediateCQL) - - // Return the tainted `intoWriter583`: - return intoWriter583 + fromWriter989 := sourceCQL.(io.Writer) + var intoWriter982 zip.Writer + intermediateCQL, _ := intoWriter982.Create("") + link(fromWriter989, intermediateCQL) + return intoWriter982 } func TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0(sourceCQL interface{}) interface{} { - // The flow is from `fromWriter564` into `intoWriter189`. - - // Assume that `sourceCQL` has the underlying type of `fromWriter564`: - fromWriter564 := sourceCQL.(io.Writer) - - // Declare `intoWriter189` variable: - var intoWriter189 zip.Writer - - // Call the method that will transfer the taint - // from the result `intermediateCQL` to receiver `intoWriter189`: - intermediateCQL, _ := intoWriter189.CreateHeader(nil) - - // Extra step (`fromWriter564` taints `intermediateCQL`, which taints `intoWriter189`: - link(fromWriter564, intermediateCQL) - - // Return the tainted `intoWriter189`: - return intoWriter189 + fromWriter417 := sourceCQL.(io.Writer) + var intoWriter584 zip.Writer + intermediateCQL, _ := intoWriter584.CreateHeader(nil) + link(fromWriter417, intermediateCQL) + return intoWriter584 } func RunAllTaints_ArchiveZip() { { - // Create a new source: - source := newSource() - // Run the taint scenario: + source := newSource(0) out := TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) + sink(0, out) } { - // Create a new source: - source := newSource() - // Run the taint scenario: + source := newSource(1) out := TaintStepTest_ArchiveZipNewReader_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) + sink(1, out) } { - // Create a new source: - source := newSource() - // Run the taint scenario: + source := newSource(2) out := TaintStepTest_ArchiveZipNewWriter_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) + sink(2, out) } { - // Create a new source: - source := newSource() - // Run the taint scenario: + source := newSource(3) out := TaintStepTest_ArchiveZipOpenReader_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) + sink(3, out) } { - // Create a new source: - source := newSource() - // Run the taint scenario: + source := newSource(4) out := TaintStepTest_ArchiveZipFileOpen_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) + sink(4, out) } { - // Create a new source: - source := newSource() - // Run the taint scenario: + source := newSource(5) out := TaintStepTest_ArchiveZipWriterCreate_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) + sink(5, out) } { - // Create a new source: - source := newSource() - // Run the taint scenario: + source := newSource(6) out := TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0(source) - // If the taint step(s) succeeded, then `out` is tainted and will be sink-able here: - sink(out) + sink(6, out) } } diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected index abfeb6ae..e69de29b 100644 --- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected +++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.expected @@ -1,123 +0,0 @@ -edges -| ArchiveTar.go:148:13:148:23 | call to newSource : interface type | ArchiveTar.go:150:56:150:61 | source : interface type | -| ArchiveTar.go:150:10:150:62 | call to TaintStepTest_ArchiveTarFileInfoHeader_B0I0O0 : pointer type | ArchiveTar.go:152:8:152:10 | out | -| ArchiveTar.go:150:56:150:61 | source : interface type | ArchiveTar.go:150:10:150:62 | call to TaintStepTest_ArchiveTarFileInfoHeader_B0I0O0 : pointer type | -| ArchiveTar.go:156:13:156:23 | call to newSource : interface type | ArchiveTar.go:158:51:158:56 | source : interface type | -| ArchiveTar.go:158:10:158:57 | call to TaintStepTest_ArchiveTarNewReader_B0I0O0 : pointer type | ArchiveTar.go:160:8:160:10 | out | -| ArchiveTar.go:158:51:158:56 | source : interface type | ArchiveTar.go:158:10:158:57 | call to TaintStepTest_ArchiveTarNewReader_B0I0O0 : pointer type | -| ArchiveTar.go:164:13:164:23 | call to newSource : interface type | ArchiveTar.go:166:51:166:56 | source : interface type | -| ArchiveTar.go:166:10:166:57 | call to TaintStepTest_ArchiveTarNewWriter_B0I0O0 : Writer | ArchiveTar.go:168:8:168:10 | out | -| ArchiveTar.go:166:51:166:56 | source : interface type | ArchiveTar.go:166:10:166:57 | call to TaintStepTest_ArchiveTarNewWriter_B0I0O0 : Writer | -| ArchiveTar.go:172:13:172:23 | call to newSource : interface type | ArchiveTar.go:174:56:174:61 | source : interface type | -| ArchiveTar.go:174:10:174:62 | call to TaintStepTest_ArchiveTarHeaderFileInfo_B0I0O0 : FileInfo | ArchiveTar.go:176:8:176:10 | out | -| ArchiveTar.go:174:56:174:61 | source : interface type | ArchiveTar.go:174:10:174:62 | call to TaintStepTest_ArchiveTarHeaderFileInfo_B0I0O0 : FileInfo | -| ArchiveTar.go:180:13:180:23 | call to newSource : interface type | ArchiveTar.go:182:52:182:57 | source : interface type | -| ArchiveTar.go:182:10:182:58 | call to TaintStepTest_ArchiveTarReaderNext_B0I0O0 : pointer type | ArchiveTar.go:184:8:184:10 | out | -| ArchiveTar.go:182:52:182:57 | source : interface type | ArchiveTar.go:182:10:182:58 | call to TaintStepTest_ArchiveTarReaderNext_B0I0O0 : pointer type | -| ArchiveTar.go:188:13:188:23 | call to newSource : interface type | ArchiveTar.go:190:52:190:57 | source : interface type | -| ArchiveTar.go:190:10:190:58 | call to TaintStepTest_ArchiveTarReaderRead_B0I0O0 : slice type | ArchiveTar.go:192:8:192:10 | out | -| ArchiveTar.go:190:52:190:57 | source : interface type | ArchiveTar.go:190:10:190:58 | call to TaintStepTest_ArchiveTarReaderRead_B0I0O0 : slice type | -| ArchiveTar.go:196:13:196:23 | call to newSource : interface type | ArchiveTar.go:198:53:198:58 | source : interface type | -| ArchiveTar.go:198:10:198:59 | call to TaintStepTest_ArchiveTarWriterWrite_B0I0O0 : Writer | ArchiveTar.go:200:8:200:10 | out | -| ArchiveTar.go:198:53:198:58 | source : interface type | ArchiveTar.go:198:10:198:59 | call to TaintStepTest_ArchiveTarWriterWrite_B0I0O0 : Writer | -| ArchiveTar.go:204:13:204:23 | call to newSource : interface type | ArchiveTar.go:206:59:206:64 | source : interface type | -| ArchiveTar.go:206:10:206:65 | call to TaintStepTest_ArchiveTarWriterWriteHeader_B0I0O0 : Writer | ArchiveTar.go:208:8:208:10 | out | -| ArchiveTar.go:206:59:206:64 | source : interface type | ArchiveTar.go:206:10:206:65 | call to TaintStepTest_ArchiveTarWriterWriteHeader_B0I0O0 : Writer | -| ArchiveZip.go:134:13:134:23 | call to newSource : interface type | ArchiveZip.go:136:56:136:61 | source : interface type | -| ArchiveZip.go:136:10:136:62 | call to TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0 : pointer type | ArchiveZip.go:138:8:138:10 | out | -| ArchiveZip.go:136:56:136:61 | source : interface type | ArchiveZip.go:136:10:136:62 | call to TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0 : pointer type | -| ArchiveZip.go:142:13:142:23 | call to newSource : interface type | ArchiveZip.go:144:51:144:56 | source : interface type | -| ArchiveZip.go:144:10:144:57 | call to TaintStepTest_ArchiveZipNewReader_B0I0O0 : pointer type | ArchiveZip.go:146:8:146:10 | out | -| ArchiveZip.go:144:51:144:56 | source : interface type | ArchiveZip.go:144:10:144:57 | call to TaintStepTest_ArchiveZipNewReader_B0I0O0 : pointer type | -| ArchiveZip.go:150:13:150:23 | call to newSource : interface type | ArchiveZip.go:152:51:152:56 | source : interface type | -| ArchiveZip.go:152:10:152:57 | call to TaintStepTest_ArchiveZipNewWriter_B0I0O0 : Writer | ArchiveZip.go:154:8:154:10 | out | -| ArchiveZip.go:152:51:152:56 | source : interface type | ArchiveZip.go:152:10:152:57 | call to TaintStepTest_ArchiveZipNewWriter_B0I0O0 : Writer | -| ArchiveZip.go:158:13:158:23 | call to newSource : interface type | ArchiveZip.go:160:52:160:57 | source : interface type | -| ArchiveZip.go:160:10:160:58 | call to TaintStepTest_ArchiveZipOpenReader_B0I0O0 : pointer type | ArchiveZip.go:162:8:162:10 | out | -| ArchiveZip.go:160:52:160:57 | source : interface type | ArchiveZip.go:160:10:160:58 | call to TaintStepTest_ArchiveZipOpenReader_B0I0O0 : pointer type | -| ArchiveZip.go:166:13:166:23 | call to newSource : interface type | ArchiveZip.go:168:50:168:55 | source : interface type | -| ArchiveZip.go:168:10:168:56 | call to TaintStepTest_ArchiveZipFileOpen_B0I0O0 : ReadCloser | ArchiveZip.go:170:8:170:10 | out | -| ArchiveZip.go:168:50:168:55 | source : interface type | ArchiveZip.go:168:10:168:56 | call to TaintStepTest_ArchiveZipFileOpen_B0I0O0 : ReadCloser | -| ArchiveZip.go:174:13:174:23 | call to newSource : interface type | ArchiveZip.go:176:54:176:59 | source : interface type | -| ArchiveZip.go:176:10:176:60 | call to TaintStepTest_ArchiveZipWriterCreate_B0I0O0 : Writer | ArchiveZip.go:178:8:178:10 | out | -| ArchiveZip.go:176:54:176:59 | source : interface type | ArchiveZip.go:176:10:176:60 | call to TaintStepTest_ArchiveZipWriterCreate_B0I0O0 : Writer | -| ArchiveZip.go:182:13:182:23 | call to newSource : interface type | ArchiveZip.go:184:60:184:65 | source : interface type | -| ArchiveZip.go:184:10:184:66 | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0 : Writer | ArchiveZip.go:186:8:186:10 | out | -| ArchiveZip.go:184:60:184:65 | source : interface type | ArchiveZip.go:184:10:184:66 | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0 : Writer | -nodes -| ArchiveTar.go:148:13:148:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveTar.go:150:10:150:62 | call to TaintStepTest_ArchiveTarFileInfoHeader_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveTarFileInfoHeader_B0I0O0 : pointer type | -| ArchiveTar.go:150:56:150:61 | source : interface type | semmle.label | source : interface type | -| ArchiveTar.go:152:8:152:10 | out | semmle.label | out | -| ArchiveTar.go:156:13:156:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveTar.go:158:10:158:57 | call to TaintStepTest_ArchiveTarNewReader_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveTarNewReader_B0I0O0 : pointer type | -| ArchiveTar.go:158:51:158:56 | source : interface type | semmle.label | source : interface type | -| ArchiveTar.go:160:8:160:10 | out | semmle.label | out | -| ArchiveTar.go:164:13:164:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveTar.go:166:10:166:57 | call to TaintStepTest_ArchiveTarNewWriter_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveTarNewWriter_B0I0O0 : Writer | -| ArchiveTar.go:166:51:166:56 | source : interface type | semmle.label | source : interface type | -| ArchiveTar.go:168:8:168:10 | out | semmle.label | out | -| ArchiveTar.go:172:13:172:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveTar.go:174:10:174:62 | call to TaintStepTest_ArchiveTarHeaderFileInfo_B0I0O0 : FileInfo | semmle.label | call to TaintStepTest_ArchiveTarHeaderFileInfo_B0I0O0 : FileInfo | -| ArchiveTar.go:174:56:174:61 | source : interface type | semmle.label | source : interface type | -| ArchiveTar.go:176:8:176:10 | out | semmle.label | out | -| ArchiveTar.go:180:13:180:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveTar.go:182:10:182:58 | call to TaintStepTest_ArchiveTarReaderNext_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveTarReaderNext_B0I0O0 : pointer type | -| ArchiveTar.go:182:52:182:57 | source : interface type | semmle.label | source : interface type | -| ArchiveTar.go:184:8:184:10 | out | semmle.label | out | -| ArchiveTar.go:188:13:188:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveTar.go:190:10:190:58 | call to TaintStepTest_ArchiveTarReaderRead_B0I0O0 : slice type | semmle.label | call to TaintStepTest_ArchiveTarReaderRead_B0I0O0 : slice type | -| ArchiveTar.go:190:52:190:57 | source : interface type | semmle.label | source : interface type | -| ArchiveTar.go:192:8:192:10 | out | semmle.label | out | -| ArchiveTar.go:196:13:196:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveTar.go:198:10:198:59 | call to TaintStepTest_ArchiveTarWriterWrite_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveTarWriterWrite_B0I0O0 : Writer | -| ArchiveTar.go:198:53:198:58 | source : interface type | semmle.label | source : interface type | -| ArchiveTar.go:200:8:200:10 | out | semmle.label | out | -| ArchiveTar.go:204:13:204:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveTar.go:206:10:206:65 | call to TaintStepTest_ArchiveTarWriterWriteHeader_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveTarWriterWriteHeader_B0I0O0 : Writer | -| ArchiveTar.go:206:59:206:64 | source : interface type | semmle.label | source : interface type | -| ArchiveTar.go:208:8:208:10 | out | semmle.label | out | -| ArchiveZip.go:134:13:134:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveZip.go:136:10:136:62 | call to TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveZipFileInfoHeader_B0I0O0 : pointer type | -| ArchiveZip.go:136:56:136:61 | source : interface type | semmle.label | source : interface type | -| ArchiveZip.go:138:8:138:10 | out | semmle.label | out | -| ArchiveZip.go:142:13:142:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveZip.go:144:10:144:57 | call to TaintStepTest_ArchiveZipNewReader_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveZipNewReader_B0I0O0 : pointer type | -| ArchiveZip.go:144:51:144:56 | source : interface type | semmle.label | source : interface type | -| ArchiveZip.go:146:8:146:10 | out | semmle.label | out | -| ArchiveZip.go:150:13:150:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveZip.go:152:10:152:57 | call to TaintStepTest_ArchiveZipNewWriter_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveZipNewWriter_B0I0O0 : Writer | -| ArchiveZip.go:152:51:152:56 | source : interface type | semmle.label | source : interface type | -| ArchiveZip.go:154:8:154:10 | out | semmle.label | out | -| ArchiveZip.go:158:13:158:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveZip.go:160:10:160:58 | call to TaintStepTest_ArchiveZipOpenReader_B0I0O0 : pointer type | semmle.label | call to TaintStepTest_ArchiveZipOpenReader_B0I0O0 : pointer type | -| ArchiveZip.go:160:52:160:57 | source : interface type | semmle.label | source : interface type | -| ArchiveZip.go:162:8:162:10 | out | semmle.label | out | -| ArchiveZip.go:166:13:166:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveZip.go:168:10:168:56 | call to TaintStepTest_ArchiveZipFileOpen_B0I0O0 : ReadCloser | semmle.label | call to TaintStepTest_ArchiveZipFileOpen_B0I0O0 : ReadCloser | -| ArchiveZip.go:168:50:168:55 | source : interface type | semmle.label | source : interface type | -| ArchiveZip.go:170:8:170:10 | out | semmle.label | out | -| ArchiveZip.go:174:13:174:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveZip.go:176:10:176:60 | call to TaintStepTest_ArchiveZipWriterCreate_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveZipWriterCreate_B0I0O0 : Writer | -| ArchiveZip.go:176:54:176:59 | source : interface type | semmle.label | source : interface type | -| ArchiveZip.go:178:8:178:10 | out | semmle.label | out | -| ArchiveZip.go:182:13:182:23 | call to newSource : interface type | semmle.label | call to newSource : interface type | -| ArchiveZip.go:184:10:184:66 | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0 : Writer | semmle.label | call to TaintStepTest_ArchiveZipWriterCreateHeader_B0I0O0 : Writer | -| ArchiveZip.go:184:60:184:65 | source : interface type | semmle.label | source : interface type | -| ArchiveZip.go:186:8:186:10 | out | semmle.label | out | -#select -| ArchiveTar.go:152:8:152:10 | out | ArchiveTar.go:148:13:148:23 | call to newSource : interface type | ArchiveTar.go:152:8:152:10 | out | Flow from $@. | ArchiveTar.go:148:13:148:23 | call to newSource | source | -| ArchiveTar.go:160:8:160:10 | out | ArchiveTar.go:156:13:156:23 | call to newSource : interface type | ArchiveTar.go:160:8:160:10 | out | Flow from $@. | ArchiveTar.go:156:13:156:23 | call to newSource | source | -| ArchiveTar.go:168:8:168:10 | out | ArchiveTar.go:164:13:164:23 | call to newSource : interface type | ArchiveTar.go:168:8:168:10 | out | Flow from $@. | ArchiveTar.go:164:13:164:23 | call to newSource | source | -| ArchiveTar.go:176:8:176:10 | out | ArchiveTar.go:172:13:172:23 | call to newSource : interface type | ArchiveTar.go:176:8:176:10 | out | Flow from $@. | ArchiveTar.go:172:13:172:23 | call to newSource | source | -| ArchiveTar.go:184:8:184:10 | out | ArchiveTar.go:180:13:180:23 | call to newSource : interface type | ArchiveTar.go:184:8:184:10 | out | Flow from $@. | ArchiveTar.go:180:13:180:23 | call to newSource | source | -| ArchiveTar.go:192:8:192:10 | out | ArchiveTar.go:188:13:188:23 | call to newSource : interface type | ArchiveTar.go:192:8:192:10 | out | Flow from $@. | ArchiveTar.go:188:13:188:23 | call to newSource | source | -| ArchiveTar.go:200:8:200:10 | out | ArchiveTar.go:196:13:196:23 | call to newSource : interface type | ArchiveTar.go:200:8:200:10 | out | Flow from $@. | ArchiveTar.go:196:13:196:23 | call to newSource | source | -| ArchiveTar.go:208:8:208:10 | out | ArchiveTar.go:204:13:204:23 | call to newSource : interface type | ArchiveTar.go:208:8:208:10 | out | Flow from $@. | ArchiveTar.go:204:13:204:23 | call to newSource | source | -| ArchiveZip.go:138:8:138:10 | out | ArchiveZip.go:134:13:134:23 | call to newSource : interface type | ArchiveZip.go:138:8:138:10 | out | Flow from $@. | ArchiveZip.go:134:13:134:23 | call to newSource | source | -| ArchiveZip.go:146:8:146:10 | out | ArchiveZip.go:142:13:142:23 | call to newSource : interface type | ArchiveZip.go:146:8:146:10 | out | Flow from $@. | ArchiveZip.go:142:13:142:23 | call to newSource | source | -| ArchiveZip.go:154:8:154:10 | out | ArchiveZip.go:150:13:150:23 | call to newSource : interface type | ArchiveZip.go:154:8:154:10 | out | Flow from $@. | ArchiveZip.go:150:13:150:23 | call to newSource | source | -| ArchiveZip.go:162:8:162:10 | out | ArchiveZip.go:158:13:158:23 | call to newSource : interface type | ArchiveZip.go:162:8:162:10 | out | Flow from $@. | ArchiveZip.go:158:13:158:23 | call to newSource | source | -| ArchiveZip.go:170:8:170:10 | out | ArchiveZip.go:166:13:166:23 | call to newSource : interface type | ArchiveZip.go:170:8:170:10 | out | Flow from $@. | ArchiveZip.go:166:13:166:23 | call to newSource | source | -| ArchiveZip.go:178:8:178:10 | out | ArchiveZip.go:174:13:174:23 | call to newSource : interface type | ArchiveZip.go:178:8:178:10 | out | Flow from $@. | ArchiveZip.go:174:13:174:23 | call to newSource | source | -| ArchiveZip.go:186:8:186:10 | out | ArchiveZip.go:182:13:182:23 | call to newSource : interface type | ArchiveZip.go:186:8:186:10 | out | Flow from $@. | ArchiveZip.go:182:13:182:23 | call to newSource | source | diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.ql b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.ql index b3f33bce..bc41ecbd 100644 --- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.ql +++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/StdlibTaintFlow.ql @@ -1,22 +1,10 @@ /** - * @kind path-problem + * @kind problem */ import go -import DataFlow::PathGraph - -class Source extends DataFlow::ExprNode { - Source() { - exists(Function fn | fn.hasQualifiedName(_, "newSource") | this = fn.getACall().getResult()) - } -} - -class Sink extends DataFlow::ExprNode { - Sink() { - exists(Function fn | fn.hasQualifiedName(_, "sink") | this = fn.getACall().getArgument(0)) - } -} +/* A special helper function used inside the test code */ class Link extends TaintTracking::FunctionModel { Link() { hasQualifiedName(_, "link") } @@ -25,14 +13,44 @@ class Link extends TaintTracking::FunctionModel { } } +predicate isSource(DataFlow::Node source, DataFlow::CallNode call) { + exists(Function fn | fn.hasQualifiedName(_, "newSource") | + call = fn.getACall() and source = call.getResult() + ) +} + +predicate isSink(DataFlow::Node sink, DataFlow::CallNode call) { + exists(Function fn | fn.hasQualifiedName(_, "sink") | + call = fn.getACall() and sink = call.getArgument(1) + ) +} + class FlowConf extends TaintTracking::Configuration { FlowConf() { this = "FlowConf" } - override predicate isSource(DataFlow::Node source) { source instanceof Source } + override predicate isSource(DataFlow::Node source) { isSource(source, _) } - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + override predicate isSink(DataFlow::Node sink) { isSink(sink, _) } } -from FlowConf cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) -select sink.getNode(), source, sink, "Flow from $@.", source.getNode(), "source" +/** + * True if the result of the provided sourceCall flows to the corresponding sink, + * both marked by the same numeric first argument. + */ +predicate flowsToSink(DataFlow::CallNode sourceCall) { + exists( + FlowConf cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::CallNode sinkCall + | + cfg.hasFlowPath(source, sink) and + ( + isSource(source.getNode(), sourceCall) and + isSink(sink.getNode(), sinkCall) and + sourceCall.getArgument(0).getIntValue() = sinkCall.getArgument(0).getIntValue() + ) + ) +} + +/* Show only flow sources that DON'T flow to their dedicated sink. */ +from DataFlow::CallNode sourceCall +where isSource(_, sourceCall) and not flowsToSink(sourceCall) +select sourceCall, "No flow to its sink" From f7a03c0862389abe4eccbb97b05579e29f10d4f9 Mon Sep 17 00:00:00 2001 From: Slavomir Date: Mon, 13 Jul 2020 08:49:34 +0300 Subject: [PATCH 5/7] Update main.go --- .../semmle/go/frameworks/StdlibTaintFlow/main.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/main.go b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/main.go index 197f9809..110a1881 100644 --- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/main.go +++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/main.go @@ -1,10 +1,10 @@ package main func main() {} -func sink(v interface{}) {} +func sink(id int, v interface{}) {} func link(from interface{}, into interface{}) {} -func newSource() interface{} { +func newSource(id int) interface{} { return nil } From 9cd86f9be8f1ef94214a3616ad6bc98863bb73bd Mon Sep 17 00:00:00 2001 From: Slavomir Date: Wed, 15 Jul 2020 18:46:40 +0300 Subject: [PATCH 6/7] Generated Go files: add what they were generated with --- .../semmle/go/frameworks/StdlibTaintFlow/ArchiveTar.go | 2 +- .../semmle/go/frameworks/StdlibTaintFlow/ArchiveZip.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveTar.go b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveTar.go index cfa5661c..1e67bd1f 100644 --- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveTar.go +++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveTar.go @@ -1,4 +1,4 @@ -// WARNING: This file was automatically generated. DO NOT EDIT. +// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT. package main diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveZip.go b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveZip.go index 715ba393..6cbbfcb7 100644 --- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveZip.go +++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/ArchiveZip.go @@ -1,4 +1,4 @@ -// WARNING: This file was automatically generated. DO NOT EDIT. +// Code generated by https://github.com/gagliardetto/codebox. DO NOT EDIT. package main From 437f4b7eab74707046593a137f123db6db76db5d Mon Sep 17 00:00:00 2001 From: Slavomir Date: Wed, 15 Jul 2020 19:12:33 +0300 Subject: [PATCH 7/7] Fix go autoformat --- .../library-tests/semmle/go/frameworks/StdlibTaintFlow/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/main.go b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/main.go index 110a1881..1d1a0104 100644 --- a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/main.go +++ b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/main.go @@ -1,6 +1,6 @@ package main -func main() {} +func main() {} func sink(id int, v interface{}) {} func link(from interface{}, into interface{}) {}