зеркало из https://github.com/github/codeql-go.git
Add example queries.
This commit is contained in:
Max Schaefer
Родитель
9507a22f48
Коммит
ebea811a83
2
Makefile
2
Makefile
|
|
@ -95,7 +95,7 @@ ql/src/go.dbscheme.stats: ql/src/go.dbscheme
|
|||
odasa collectStats --dbscheme $^ --db build/stats-project/revision/working/db-go --outputFile $@
|
||||
|
||||
test: all extractor build/testdb/check-upgrade-path
|
||||
codeql test run ql/test --search-path . --additional-packs .
|
||||
codeql test run ql/test --search-path . --additional-packs ql
|
||||
cd extractor; go test -mod=vendor ./... | grep -vF "[no test files]"
|
||||
|
||||
.PHONY: build/testdb/check-upgrade-path
|
||||
|
|
|
|||
|
|
@ -0,0 +1,12 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<projectDescription>
|
||||
<name>go-examples</name>
|
||||
<comment></comment>
|
||||
<projects>
|
||||
</projects>
|
||||
<buildSpec>
|
||||
</buildSpec>
|
||||
<natures>
|
||||
<nature>com.semmle.plugin.qdt.core.qlnature</nature>
|
||||
</natures>
|
||||
</projectDescription>
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<ns2:qlpath xmlns:ns2="https://semmle.com/schemas/qlpath">
|
||||
<librarypath>
|
||||
<path kind="WORKSPACE">/go-queries</path>
|
||||
</librarypath>
|
||||
<dbscheme kind="WORKSPACE">/go-queries/go.dbscheme</dbscheme>
|
||||
<defaultImports>
|
||||
<defaultImport>go</defaultImport>
|
||||
</defaultImports>
|
||||
</ns2:qlpath>
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
name: codeql-go-examples
|
||||
version: 0.0.0
|
||||
libraryPathDependencies: codeql-go
|
||||
|
|
@ -0,0 +1 @@
|
|||
<queries language="go"/>
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
/**
|
||||
* @name Call to built-in function
|
||||
* @description Finds calls to the built-in `len` function.
|
||||
* @id go/examples/calltolen
|
||||
* @tags call
|
||||
* function
|
||||
* len
|
||||
* built-in
|
||||
*/
|
||||
|
||||
import go
|
||||
|
||||
from DataFlow::CallNode call
|
||||
where call = Builtin::len().getACall()
|
||||
select call
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
/**
|
||||
* @name Call to library function
|
||||
* @description Finds calls to "fmt.Println".
|
||||
* @id go/examples/calltoprintln
|
||||
* @tags call
|
||||
* function
|
||||
* println
|
||||
*/
|
||||
|
||||
import go
|
||||
|
||||
from Function println, DataFlow::CallNode call
|
||||
where
|
||||
println.hasQualifiedName("fmt", "Println") and
|
||||
call = println.getACall()
|
||||
select call
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
/**
|
||||
* @name Call to method
|
||||
* @description Finds calls to the `Get` method of type `Header` from the `net/http` package.
|
||||
* @id go/examples/calltoheaderget
|
||||
* @tags call
|
||||
* function
|
||||
* net/http
|
||||
* Header
|
||||
* strings
|
||||
*/
|
||||
|
||||
import go
|
||||
|
||||
from Method get, DataFlow::CallNode call
|
||||
where
|
||||
get.hasQualifiedName("net/http", "Header", "Get") and
|
||||
call = get.getACall()
|
||||
select call
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
/**
|
||||
* @name Compile-time constant
|
||||
* @description Finds compile-time constants with value zero.
|
||||
* @id go/examples/zeroconstant
|
||||
* @tags expression
|
||||
* numeric value
|
||||
* constant
|
||||
*/
|
||||
|
||||
import go
|
||||
|
||||
from DataFlow::Node zero
|
||||
where zero.getNumericValue() = 0
|
||||
select zero
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
/**
|
||||
* @name If statements with empty then branch
|
||||
* @description Finds 'if' statements where the 'then' branch is
|
||||
* an empty block statement
|
||||
* @id go/examples/emptythen
|
||||
* @tags if
|
||||
* then
|
||||
* empty
|
||||
* conditional
|
||||
* branch
|
||||
* statement
|
||||
*/
|
||||
|
||||
import go
|
||||
|
||||
from IfStmt i
|
||||
where i.getThen().getNumStmt() = 0
|
||||
select i
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
/**
|
||||
* @name Field read
|
||||
* @description Finds code that reads `Request.Method`.
|
||||
* @id go/examples/readofrequestmethod
|
||||
* @tags field
|
||||
* read
|
||||
*/
|
||||
|
||||
import go
|
||||
|
||||
from Type reqtp, Field reqm, DataFlow::Read read
|
||||
where
|
||||
reqtp.hasQualifiedName("net/http", "Request") and
|
||||
reqm = reqtp.getField("Method") and
|
||||
read = reqm.getARead()
|
||||
select read
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
/**
|
||||
* @name Field write
|
||||
* @description Finds assignments to field `Status` of type `Response` from package `net/http`.
|
||||
* @id go/examples/responsestatus
|
||||
* @tags net/http
|
||||
* field write
|
||||
*/
|
||||
|
||||
import go
|
||||
|
||||
from Type response, Field status, DataFlow::Write write
|
||||
where
|
||||
response.hasQualifiedName("net/http", "Response") and
|
||||
status = response.getField("Status") and
|
||||
write = status.getAWrite()
|
||||
select write, write.getRhs()
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
/**
|
||||
* @name Function
|
||||
* @description Finds functions called "main".
|
||||
* @id go/examples/mainfunction
|
||||
* @tags function
|
||||
* main
|
||||
*/
|
||||
|
||||
import go
|
||||
|
||||
from Function main
|
||||
where main.getName() = "main"
|
||||
select main
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
/**
|
||||
* @name Comparison with nil
|
||||
* @description Finds comparisons with nil.
|
||||
* @id go/examples/nilcheck
|
||||
* @tags comparison
|
||||
* nil
|
||||
*/
|
||||
|
||||
import go
|
||||
|
||||
from DataFlow::EqualityTestNode eq, DataFlow::Node nd, DataFlow::Node nil
|
||||
where
|
||||
nil = Builtin::nil().getARead() and
|
||||
eq.eq(_, nd, nil)
|
||||
select eq
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
/**
|
||||
* @name Parameter
|
||||
* @description Finds parameters of type "ResponseWriter" from package "net/http".
|
||||
* @id go/examples/responseparam
|
||||
* @tags parameter
|
||||
*/
|
||||
|
||||
import go
|
||||
|
||||
from Parameter req
|
||||
where req.getType().hasQualifiedName("net/http", "ResponseWriter")
|
||||
select req
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
/**
|
||||
* @name Type
|
||||
* @description Finds pointer type `*Request` from package `net/http`.
|
||||
* @id go/examples/requestptrtype
|
||||
* @tags net/http
|
||||
* type
|
||||
*/
|
||||
|
||||
import go
|
||||
|
||||
from Type reqtp, PointerType reqptrtp
|
||||
where
|
||||
reqtp.hasQualifiedName("net/http", "Request") and
|
||||
reqptrtp.getBaseType() = reqtp
|
||||
select reqptrtp
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
/**
|
||||
* @name Receiver variable
|
||||
* @description Finds receiver variables of pointer type.
|
||||
* @id go/examples/pointerreceiver
|
||||
* @tags receiver variable
|
||||
*/
|
||||
|
||||
import go
|
||||
|
||||
from ReceiverVariable recv
|
||||
where recv.getType() instanceof PointerType
|
||||
select recv
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
/**
|
||||
* @name Result variable
|
||||
* @description Finds result variables of type "error".
|
||||
* @id go/examples/errresult
|
||||
* @tags result variable
|
||||
*/
|
||||
|
||||
import go
|
||||
|
||||
from ResultVariable err
|
||||
where err.getType() = Builtin::error().getType()
|
||||
select err
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
/**
|
||||
* @name Type
|
||||
* @description Finds type `Request` from package `net/http`.
|
||||
* @id go/examples/requesttype
|
||||
* @tags net/http
|
||||
* type
|
||||
*/
|
||||
|
||||
import go
|
||||
|
||||
from Type response
|
||||
where response.hasQualifiedName("net/http", "Request")
|
||||
select response
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
/**
|
||||
* @name Type information
|
||||
* @description Finds code elements of type `*Request` from package `net/http`.
|
||||
* @id go/examples/requests
|
||||
* @tags net/http
|
||||
* types
|
||||
*/
|
||||
|
||||
import go
|
||||
|
||||
from Type reqtp, PointerType reqptrtp, DataFlow::Node req
|
||||
where
|
||||
reqtp.hasQualifiedName("net/http", "Request") and
|
||||
reqptrtp.getBaseType() = reqtp and
|
||||
req.getType() = reqptrtp
|
||||
select req
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
/**
|
||||
* @name Increment statements in loops
|
||||
* @description Finds increment statements that are nested in a loop
|
||||
* @id go/examples/updateinloop
|
||||
* @tags nesting
|
||||
* increment
|
||||
*/
|
||||
|
||||
import go
|
||||
|
||||
from IncStmt s, LoopStmt l
|
||||
where s.getParent+() = l
|
||||
select s, l
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
/**
|
||||
* @name Variable
|
||||
* @description Finds variables called "err".
|
||||
* @id go/examples/errvariable
|
||||
* @tags variable
|
||||
* err
|
||||
*/
|
||||
|
||||
import go
|
||||
|
||||
from Variable err
|
||||
where err.getName() = "err"
|
||||
select err
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
/**
|
||||
* @name Variable read
|
||||
* @description Finds code that reads a variable called `err`.
|
||||
* @id go/examples/readoferr
|
||||
* @tags variable read
|
||||
*/
|
||||
|
||||
import go
|
||||
|
||||
from Variable err, DataFlow::Read read
|
||||
where
|
||||
err.getName() = "err" and
|
||||
read = err.getARead()
|
||||
select read
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
/**
|
||||
* @name Variable write
|
||||
* @description Finds assignments to variables named "err".
|
||||
* @id go/examples/errwrite
|
||||
* @tags variable write
|
||||
*/
|
||||
|
||||
import go
|
||||
|
||||
from Variable err, DataFlow::Write write
|
||||
where
|
||||
err.getName() = "err" and
|
||||
write = err.getAWrite()
|
||||
select write, write.getRhs()
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
/**
|
||||
* @name Comparison with zero
|
||||
* @description Finds comparisons between an unsigned value and zero.
|
||||
* @id go/examples/unsignedgez
|
||||
* @tags comparison
|
||||
* unsigned
|
||||
*/
|
||||
|
||||
import go
|
||||
|
||||
from DataFlow::RelationalComparisonNode cmp, DataFlow::Node unsigned, DataFlow::Node zero
|
||||
where
|
||||
zero.getNumericValue() = 0 and
|
||||
unsigned.getType().getUnderlyingType() instanceof UnsignedIntegerType and
|
||||
cmp.leq(_, zero, unsigned, 0)
|
||||
select cmp, unsigned
|
||||
|
|
@ -0,0 +1 @@
|
|||
| main.go:15:41:15:52 | call to len |
|
||||
|
|
@ -0,0 +1 @@
|
|||
snippets/calltobuiltin.ql
|
||||
|
|
@ -0,0 +1 @@
|
|||
| main.go:14:2:14:29 | call to Println |
|
||||
|
|
@ -0,0 +1 @@
|
|||
snippets/calltofunction.ql
|
||||
|
|
@ -0,0 +1 @@
|
|||
| main.go:19:2:19:22 | call to Get |
|
||||
|
|
@ -0,0 +1 @@
|
|||
snippets/calltomethod.ql
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
| main.go:11:18:11:26 | ...-... |
|
||||
| main.go:15:56:15:59 | zero |
|
||||
| main.go:35:9:35:9 | 0 |
|
||||
| main.go:46:11:46:11 | 0 |
|
||||
|
|
@ -0,0 +1 @@
|
|||
snippets/constant.ql
|
||||
|
|
@ -0,0 +1 @@
|
|||
| main.go:30:2:31:2 | if statement |
|
||||
|
|
@ -0,0 +1 @@
|
|||
snippets/emptythen.ql
|
||||
|
|
@ -0,0 +1 @@
|
|||
| main.go:20:5:20:14 | selection of Method |
|
||||
|
|
@ -0,0 +1 @@
|
|||
snippets/fieldread.ql
|
||||
|
|
@ -0,0 +1 @@
|
|||
| main.go:23:3:23:13 | assignment to field Status | main.go:23:17:23:21 | "200" |
|
||||
|
|
@ -0,0 +1 @@
|
|||
snippets/fieldwrite.ql
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
| file://:0:0:0:0 | main |
|
||||
| main.go:13:6:13:9 | main |
|
||||
|
|
@ -0,0 +1 @@
|
|||
snippets/function.ql
|
||||
|
|
@ -0,0 +1,49 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"os"
|
||||
)
|
||||
|
||||
const one int = 1
|
||||
const zero int = one - one
|
||||
|
||||
func main() {
|
||||
fmt.Println("Hello, world!")
|
||||
fmt.Printf("Ignoring %d arguments.\n", len(os.Args)-1+zero)
|
||||
}
|
||||
|
||||
func test1(req *http.Request, hdr *http.Header, resp *http.Response, w http.ResponseWriter) (e error) {
|
||||
hdr.Get("X-MyHeader")
|
||||
if req.Method != "GET" {
|
||||
return errors.New("nope")
|
||||
} else {
|
||||
resp.Status = "200"
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func test2(w http.ResponseWriter) {
|
||||
err := test1(nil, nil, nil, w)
|
||||
if err == nil {
|
||||
}
|
||||
}
|
||||
|
||||
func test3(n uint) string {
|
||||
if n < 0 {
|
||||
return "?"
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
type counter struct {
|
||||
val int
|
||||
}
|
||||
|
||||
func (c *counter) bump(n int) {
|
||||
for i := 0; i < n; i++ {
|
||||
c.val++
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1 @@
|
|||
| main.go:30:5:30:14 | ...==... |
|
||||
|
|
@ -0,0 +1 @@
|
|||
snippets/nilcheck.ql
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
| main.go:18:70:18:70 | w |
|
||||
| main.go:28:12:28:12 | w |
|
||||
|
|
@ -0,0 +1 @@
|
|||
snippets/param.ql
|
||||
|
|
@ -0,0 +1 @@
|
|||
| pointer type |
|
||||
|
|
@ -0,0 +1 @@
|
|||
snippets/pointertype.ql
|
||||
|
|
@ -0,0 +1 @@
|
|||
| main.go:45:7:45:7 | c |
|
||||
|
|
@ -0,0 +1 @@
|
|||
snippets/receiver.ql
|
||||
|
|
@ -0,0 +1 @@
|
|||
| main.go:18:94:18:94 | e |
|
||||
|
|
@ -0,0 +1 @@
|
|||
snippets/result.ql
|
||||
|
|
@ -0,0 +1 @@
|
|||
| Request |
|
||||
|
|
@ -0,0 +1 @@
|
|||
snippets/type.ql
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
| main.go:18:12:18:14 | argument corresponding to req |
|
||||
| main.go:18:12:18:14 | definition of req |
|
||||
| main.go:20:5:20:7 | req |
|
||||
|
|
@ -0,0 +1 @@
|
|||
snippets/typeinfo.ql
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
| main.go:46:21:46:23 | increment statement | main.go:46:2:48:2 | for statement |
|
||||
| main.go:47:3:47:9 | increment statement | main.go:46:2:48:2 | for statement |
|
||||
|
|
@ -0,0 +1 @@
|
|||
snippets/updateinloop.ql
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| file://:0:0:0:0 | err |
|
||||
| main.go:29:2:29:4 | err |
|
||||
|
|
@ -0,0 +1 @@
|
|||
snippets/variable.ql
|
||||
|
|
@ -0,0 +1 @@
|
|||
| main.go:30:5:30:7 | err |
|
||||
|
|
@ -0,0 +1 @@
|
|||
snippets/varread.ql
|
||||
|
|
@ -0,0 +1 @@
|
|||
| main.go:29:2:29:4 | assignment to err | main.go:29:9:29:31 | call to test1 |
|
||||
|
|
@ -0,0 +1 @@
|
|||
snippets/varwrite.ql
|
||||
|
|
@ -0,0 +1 @@
|
|||
| main.go:35:5:35:9 | ...<... | main.go:35:5:35:5 | n |
|
||||
|
|
@ -0,0 +1 @@
|
|||
snippets/zerocheck.ql
|
||||
|
|
@ -1,3 +1,5 @@
|
|||
name: codeql-go-tests
|
||||
version: 0.0.0
|
||||
libraryPathDependencies: codeql-go
|
||||
libraryPathDependencies:
|
||||
- codeql-go
|
||||
- codeql-go-examples
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче