github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Convert gocb nosql-injection sinks to MaD

This commit is contained in:
Owen Mansel-Chan 2024-08-16 07:59:04 +01:00
Родитель ec9d88b364
Коммит 2d2afb17ad
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 67E427E02E6DA1B8
4 изменённых файлов: 43 добавлений и 138 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

57
go/ql/lib/ext/github.com.couchbase.gocb.model.yml
Просмотреть файл

@ -3,28 +3,43 @@ extensions:
pack: codeql/go-all pack: codeql/go-all
extensible: packageGrouping extensible: packageGrouping
data: data:
- ["gocb", "github.com/couchbase/gocb"] - ["gocb1", "fixed-version:github.com/couchbase/gocb"]
- ["gocb", "gopkg.in/couchbase/gocb"] - ["gocb1", "fixed-version:gopkg.in/couchbase/gocb.v1"]
- ["gocb", "github.com/couchbaselabs/gocb"] - ["gocb1", "fixed-version:github.com/couchbaselabs/gocb"]
- ["gocb2", "github.com/couchbase/gocb/v2"]
- ["gocb2", "gopkg.in/couchbase/gocb.v2"]
- ["gocb2", "github.com/couchbaselabs/gocb/v2"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["group:gocb1", "Bucket", True, "ExecuteN1qlQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
- ["group:gocb1", "Bucket", True, "ExecuteAnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
- ["group:gocb1", "Cluster", True, "ExecuteN1qlQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
- ["group:gocb1", "Cluster", True, "ExecuteAnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
- ["group:gocb2", "Cluster", True, "AnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
- ["group:gocb2", "Cluster", True, "Query", "", "", "Argument[0]", "nosql-injection", "manual"]
- ["group:gocb2", "Scope", True, "AnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
- ["group:gocb2", "Scope", True, "Query", "", "", "Argument[0]", "nosql-injection", "manual"]
- addsTo: - addsTo:
pack: codeql/go-all pack: codeql/go-all
extensible: summaryModel extensible: summaryModel
data: data:
- ["group:gocb", "", False, "NewAnalyticsQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "", False, "NewAnalyticsQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "", False, "NewN1qlQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "", False, "NewN1qlQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "AnalyticsQuery", True, "ContextId", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "AnalyticsQuery", True, "ContextId", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "AnalyticsQuery", True, "Deferred", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "AnalyticsQuery", True, "Deferred", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "AnalyticsQuery", True, "Pretty", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "AnalyticsQuery", True, "Pretty", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "AnalyticsQuery", True, "Priority", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "AnalyticsQuery", True, "Priority", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "AnalyticsQuery", True, "RawParam", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "AnalyticsQuery", True, "RawParam", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "AnalyticsQuery", True, "ServerSideTimeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "AnalyticsQuery", True, "ServerSideTimeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "N1qlQuery", True, "AdHoc", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "N1qlQuery", True, "AdHoc", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "N1qlQuery", True, "Consistency", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "N1qlQuery", True, "Consistency", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "N1qlQuery", True, "ConsistentWith", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "N1qlQuery", True, "ConsistentWith", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "N1qlQuery", True, "Custom", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "N1qlQuery", True, "Custom", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "N1qlQuery", True, "PipelineBatch", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "N1qlQuery", True, "PipelineBatch", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "N1qlQuery", True, "PipelineCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "N1qlQuery", True, "PipelineCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "N1qlQuery", True, "Profile", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "N1qlQuery", True, "Profile", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "N1qlQuery", True, "ReadOnly", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "N1qlQuery", True, "ReadOnly", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "N1qlQuery", True, "ScanCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "N1qlQuery", True, "ScanCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "N1qlQuery", True, "Timeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["group:gocb1", "N1qlQuery", True, "Timeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]

2
go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml
Просмотреть файл

@ -3,6 +3,7 @@ extensions:
pack: codeql/go-all pack: codeql/go-all
extensible: sinkModel extensible: sinkModel
data: data:
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Aggregate", "", "", "Argument[1]", "nosql-injection", "manual"]
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "CountDocuments", "", "", "Argument[1]", "nosql-injection", "manual"] - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "CountDocuments", "", "", "Argument[1]", "nosql-injection", "manual"]
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "DeleteMany", "", "", "Argument[1]", "nosql-injection", "manual"] - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "DeleteMany", "", "", "Argument[1]", "nosql-injection", "manual"]
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "DeleteOne", "", "", "Argument[1]", "nosql-injection", "manual"] - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "DeleteOne", "", "", "Argument[1]", "nosql-injection", "manual"]
@ -16,4 +17,3 @@ extensions:
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "UpdateMany", "", "", "Argument[1]", "nosql-injection", "manual"] - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "UpdateMany", "", "", "Argument[1]", "nosql-injection", "manual"]
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "UpdateOne", "", "", "Argument[1]", "nosql-injection", "manual"] - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "UpdateOne", "", "", "Argument[1]", "nosql-injection", "manual"]
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Watch", "", "", "Argument[1]", "nosql-injection", "manual"] - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Watch", "", "", "Argument[1]", "nosql-injection", "manual"]
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Aggregate", "", "", "Argument[1]", "nosql-injection", "manual"]

46
go/ql/lib/semmle/go/frameworks/Couchbase.qll
Просмотреть файл

@ -5,57 +5,23 @@
import go import go
/** /**
* DEPRECATED
*
* Provides models of commonly used functions in the official Couchbase Go SDK library. * Provides models of commonly used functions in the official Couchbase Go SDK library.
*/ */
module Couchbase { deprecated module Couchbase {
/** /**
* DEPRECATED
*
* Gets a package path for the official Couchbase Go SDK library. * Gets a package path for the official Couchbase Go SDK library.
* *
* Note that v1 and v2 have different APIs, but the names are disjoint so there is no need to * Note that v1 and v2 have different APIs, but the names are disjoint so there is no need to
* distinguish between them. * distinguish between them.
*/ */
string packagePath() { deprecated string packagePath() {
result = result =
package([ package([
"gopkg.in/couchbase/gocb", "github.com/couchbase/gocb", "github.com/couchbaselabs/gocb" "gopkg.in/couchbase/gocb", "github.com/couchbase/gocb", "github.com/couchbaselabs/gocb"
], "") ], "")
} }
/**
* A query used in an API function acting on a `Bucket` or `Cluster` struct of v1 of
* the official Couchbase Go library, gocb.
*/
private class CouchbaseV1Query extends NoSql::Query::Range {
CouchbaseV1Query() {
// func (b *Bucket) ExecuteAnalyticsQuery(q *AnalyticsQuery, params interface{}) (AnalyticsResults, error)
// func (b *Bucket) ExecuteN1qlQuery(q *N1qlQuery, params interface{}) (QueryResults, error)
// func (c *Cluster) ExecuteAnalyticsQuery(q *AnalyticsQuery, params interface{}) (AnalyticsResults, error)
// func (c *Cluster) ExecuteN1qlQuery(q *N1qlQuery, params interface{}) (QueryResults, error)
exists(Method meth, string structName, string methodName |
structName in ["Bucket", "Cluster"] and
methodName in ["ExecuteN1qlQuery", "ExecuteAnalyticsQuery"] and
meth.hasQualifiedName(packagePath(), structName, methodName) and
this = meth.getACall().getArgument(0)
)
}
}
/**
* A query used in an API function acting on a `Bucket` or `Cluster` struct of v1 of
* the official Couchbase Go library, gocb.
*/
private class CouchbaseV2Query extends NoSql::Query::Range {
CouchbaseV2Query() {
// func (c *Cluster) AnalyticsQuery(statement string, opts *AnalyticsOptions) (*AnalyticsResult, error)
// func (c *Cluster) Query(statement string, opts *QueryOptions) (*QueryResult, error)
// func (s *Scope) AnalyticsQuery(statement string, opts *AnalyticsOptions) (*AnalyticsResult, error)
// func (s *Scope) Query(statement string, opts *QueryOptions) (*QueryResult, error)
exists(Method meth, string structName, string methodName |
structName in ["Cluster", "Scope"] and
methodName in ["AnalyticsQuery", "Query"] and
meth.hasQualifiedName(packagePath(), structName, methodName) and
this = meth.getACall().getArgument(0)
)
}
}
} }

76
go/ql/lib/semmle/go/frameworks/NoSQL.qll
Просмотреть файл

@ -31,82 +31,6 @@ module NoSql {
) )
} }
} }
// /**
// * Holds if method `name` of struct `Collection` from package
// * [go.mongodb.org/mongo-driver/mongo](https://pkg.go.dev/go.mongodb.org/mongo-driver/mongo)
// * interprets parameter `n` as a query.
// */
// private predicate mongoDbCollectionMethod(string name, int n) {
// // func (coll *Collection) CountDocuments(ctx context.Context, filter interface{},
// // opts ...*options.CountOptions) (int64, error)
// name = "CountDocuments" and n = 1
// or
// // func (coll *Collection) DeleteMany(ctx context.Context, filter interface{},
// // opts ...*options.DeleteOptions) (*DeleteResult, error)
// name = "DeleteMany" and n = 1
// or
// // func (coll *Collection) DeleteOne(ctx context.Context, filter interface{},
// // opts ...*options.DeleteOptions) (*DeleteResult, error)
// name = "DeleteOne" and n = 1
// or
// // func (coll *Collection) Distinct(ctx context.Context, fieldName string, filter interface{},
// // ...) ([]interface{}, error)
// name = "Distinct" and n = 2
// or
// // func (coll *Collection) Find(ctx context.Context, filter interface{},
// // opts ...*options.FindOptions) (*Cursor, error)
// name = "Find" and n = 1
// or
// // func (coll *Collection) FindOne(ctx context.Context, filter interface{},
// // opts ...*options.FindOneOptions) *SingleResult
// name = "FindOne" and n = 1
// or
// // func (coll *Collection) FindOneAndDelete(ctx context.Context, filter interface{}, ...)
// // *SingleResult
// name = "FindOneAndDelete" and n = 1
// or
// // func (coll *Collection) FindOneAndReplace(ctx context.Context, filter interface{},
// // replacement interface{}, ...) *SingleResult
// name = "FindOneAndReplace" and n = 1
// or
// // func (coll *Collection) FindOneAndUpdate(ctx context.Context, filter interface{},
// // update interface{}, ...) *SingleResult
// name = "FindOneAndUpdate" and n = 1
// or
// // func (coll *Collection) ReplaceOne(ctx context.Context, filter interface{},
// // replacement interface{}, ...) (*UpdateResult, error)
// name = "ReplaceOne" and n = 1
// or
// // func (coll *Collection) UpdateMany(ctx context.Context, filter interface{},
// // update interface{}, ...) (*UpdateResult, error)
// name = "UpdateMany" and n = 1
// or
// // func (coll *Collection) UpdateOne(ctx context.Context, filter interface{},
// // update interface{}, ...) (*UpdateResult, error)
// name = "UpdateOne" and n = 1
// or
// // func (coll *Collection) Watch(ctx context.Context, pipeline interface{}, ...)
// // (*ChangeStream, error)
// name = "Watch" and n = 1
// or
// // func (coll *Collection) Aggregate(ctx context.Context, pipeline interface{},
// // opts ...*options.AggregateOptions) (*Cursor, error)
// name = "Aggregate" and n = 1
// }
// /**
// * A query used in an API function acting on a `Collection` struct of package
// * [go.mongodb.org/mongo-driver/mongo](https://pkg.go.dev/go.mongodb.org/mongo-driver/mongo).
// */
// private class MongoDbCollectionQuery extends Range {
// MongoDbCollectionQuery() {
// exists(Method meth, string methodName, int n |
// mongoDbCollectionMethod(methodName, n) and
// meth.hasQualifiedName(package("go.mongodb.org/mongo-driver", "mongo"), "Collection",
// methodName) and
// this = meth.getACall().getArgument(n)
// )
// }
// }
} }
/** /**