зеркало из https://github.com/github/codeql.git
Convert gocb nosql-injection sinks to MaD
This commit is contained in:
Owen Mansel-Chan
Родитель
ec9d88b364
Коммит
2d2afb17ad
|
|
@ -3,28 +3,43 @@ extensions:
|
|||
pack: codeql/go-all
|
||||
extensible: packageGrouping
|
||||
data:
|
||||
- ["gocb", "github.com/couchbase/gocb"]
|
||||
- ["gocb", "gopkg.in/couchbase/gocb"]
|
||||
- ["gocb", "github.com/couchbaselabs/gocb"]
|
||||
- ["gocb1", "fixed-version:github.com/couchbase/gocb"]
|
||||
- ["gocb1", "fixed-version:gopkg.in/couchbase/gocb.v1"]
|
||||
- ["gocb1", "fixed-version:github.com/couchbaselabs/gocb"]
|
||||
- ["gocb2", "github.com/couchbase/gocb/v2"]
|
||||
- ["gocb2", "gopkg.in/couchbase/gocb.v2"]
|
||||
- ["gocb2", "github.com/couchbaselabs/gocb/v2"]
|
||||
- addsTo:
|
||||
pack: codeql/go-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["group:gocb1", "Bucket", True, "ExecuteN1qlQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
|
||||
- ["group:gocb1", "Bucket", True, "ExecuteAnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
|
||||
- ["group:gocb1", "Cluster", True, "ExecuteN1qlQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
|
||||
- ["group:gocb1", "Cluster", True, "ExecuteAnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
|
||||
- ["group:gocb2", "Cluster", True, "AnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
|
||||
- ["group:gocb2", "Cluster", True, "Query", "", "", "Argument[0]", "nosql-injection", "manual"]
|
||||
- ["group:gocb2", "Scope", True, "AnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
|
||||
- ["group:gocb2", "Scope", True, "Query", "", "", "Argument[0]", "nosql-injection", "manual"]
|
||||
- addsTo:
|
||||
pack: codeql/go-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["group:gocb", "", False, "NewAnalyticsQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb", "", False, "NewN1qlQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb", "AnalyticsQuery", True, "ContextId", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb", "AnalyticsQuery", True, "Deferred", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb", "AnalyticsQuery", True, "Pretty", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb", "AnalyticsQuery", True, "Priority", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb", "AnalyticsQuery", True, "RawParam", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb", "AnalyticsQuery", True, "ServerSideTimeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb", "N1qlQuery", True, "AdHoc", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb", "N1qlQuery", True, "Consistency", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb", "N1qlQuery", True, "ConsistentWith", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb", "N1qlQuery", True, "Custom", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb", "N1qlQuery", True, "PipelineBatch", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb", "N1qlQuery", True, "PipelineCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb", "N1qlQuery", True, "Profile", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb", "N1qlQuery", True, "ReadOnly", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb", "N1qlQuery", True, "ScanCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb", "N1qlQuery", True, "Timeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb1", "", False, "NewAnalyticsQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb1", "", False, "NewN1qlQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb1", "AnalyticsQuery", True, "ContextId", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb1", "AnalyticsQuery", True, "Deferred", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb1", "AnalyticsQuery", True, "Pretty", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb1", "AnalyticsQuery", True, "Priority", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb1", "AnalyticsQuery", True, "RawParam", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb1", "AnalyticsQuery", True, "ServerSideTimeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb1", "N1qlQuery", True, "AdHoc", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb1", "N1qlQuery", True, "Consistency", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb1", "N1qlQuery", True, "ConsistentWith", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb1", "N1qlQuery", True, "Custom", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb1", "N1qlQuery", True, "PipelineBatch", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb1", "N1qlQuery", True, "PipelineCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb1", "N1qlQuery", True, "Profile", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb1", "N1qlQuery", True, "ReadOnly", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb1", "N1qlQuery", True, "ScanCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
- ["group:gocb1", "N1qlQuery", True, "Timeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ extensions:
|
|||
pack: codeql/go-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Aggregate", "", "", "Argument[1]", "nosql-injection", "manual"]
|
||||
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "CountDocuments", "", "", "Argument[1]", "nosql-injection", "manual"]
|
||||
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "DeleteMany", "", "", "Argument[1]", "nosql-injection", "manual"]
|
||||
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "DeleteOne", "", "", "Argument[1]", "nosql-injection", "manual"]
|
||||
|
|
@ -16,4 +17,3 @@ extensions:
|
|||
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "UpdateMany", "", "", "Argument[1]", "nosql-injection", "manual"]
|
||||
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "UpdateOne", "", "", "Argument[1]", "nosql-injection", "manual"]
|
||||
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Watch", "", "", "Argument[1]", "nosql-injection", "manual"]
|
||||
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Aggregate", "", "", "Argument[1]", "nosql-injection", "manual"]
|
||||
|
|
|
|||
|
|
@ -5,57 +5,23 @@
|
|||
import go
|
||||
|
||||
/**
|
||||
* DEPRECATED
|
||||
*
|
||||
* Provides models of commonly used functions in the official Couchbase Go SDK library.
|
||||
*/
|
||||
module Couchbase {
|
||||
deprecated module Couchbase {
|
||||
/**
|
||||
* DEPRECATED
|
||||
*
|
||||
* Gets a package path for the official Couchbase Go SDK library.
|
||||
*
|
||||
* Note that v1 and v2 have different APIs, but the names are disjoint so there is no need to
|
||||
* distinguish between them.
|
||||
*/
|
||||
string packagePath() {
|
||||
deprecated string packagePath() {
|
||||
result =
|
||||
package([
|
||||
"gopkg.in/couchbase/gocb", "github.com/couchbase/gocb", "github.com/couchbaselabs/gocb"
|
||||
], "")
|
||||
}
|
||||
|
||||
/**
|
||||
* A query used in an API function acting on a `Bucket` or `Cluster` struct of v1 of
|
||||
* the official Couchbase Go library, gocb.
|
||||
*/
|
||||
private class CouchbaseV1Query extends NoSql::Query::Range {
|
||||
CouchbaseV1Query() {
|
||||
// func (b *Bucket) ExecuteAnalyticsQuery(q *AnalyticsQuery, params interface{}) (AnalyticsResults, error)
|
||||
// func (b *Bucket) ExecuteN1qlQuery(q *N1qlQuery, params interface{}) (QueryResults, error)
|
||||
// func (c *Cluster) ExecuteAnalyticsQuery(q *AnalyticsQuery, params interface{}) (AnalyticsResults, error)
|
||||
// func (c *Cluster) ExecuteN1qlQuery(q *N1qlQuery, params interface{}) (QueryResults, error)
|
||||
exists(Method meth, string structName, string methodName |
|
||||
structName in ["Bucket", "Cluster"] and
|
||||
methodName in ["ExecuteN1qlQuery", "ExecuteAnalyticsQuery"] and
|
||||
meth.hasQualifiedName(packagePath(), structName, methodName) and
|
||||
this = meth.getACall().getArgument(0)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A query used in an API function acting on a `Bucket` or `Cluster` struct of v1 of
|
||||
* the official Couchbase Go library, gocb.
|
||||
*/
|
||||
private class CouchbaseV2Query extends NoSql::Query::Range {
|
||||
CouchbaseV2Query() {
|
||||
// func (c *Cluster) AnalyticsQuery(statement string, opts *AnalyticsOptions) (*AnalyticsResult, error)
|
||||
// func (c *Cluster) Query(statement string, opts *QueryOptions) (*QueryResult, error)
|
||||
// func (s *Scope) AnalyticsQuery(statement string, opts *AnalyticsOptions) (*AnalyticsResult, error)
|
||||
// func (s *Scope) Query(statement string, opts *QueryOptions) (*QueryResult, error)
|
||||
exists(Method meth, string structName, string methodName |
|
||||
structName in ["Cluster", "Scope"] and
|
||||
methodName in ["AnalyticsQuery", "Query"] and
|
||||
meth.hasQualifiedName(packagePath(), structName, methodName) and
|
||||
this = meth.getACall().getArgument(0)
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -31,82 +31,6 @@ module NoSql {
|
|||
)
|
||||
}
|
||||
}
|
||||
// /**
|
||||
// * Holds if method `name` of struct `Collection` from package
|
||||
// * [go.mongodb.org/mongo-driver/mongo](https://pkg.go.dev/go.mongodb.org/mongo-driver/mongo)
|
||||
// * interprets parameter `n` as a query.
|
||||
// */
|
||||
// private predicate mongoDbCollectionMethod(string name, int n) {
|
||||
// // func (coll *Collection) CountDocuments(ctx context.Context, filter interface{},
|
||||
// // opts ...*options.CountOptions) (int64, error)
|
||||
// name = "CountDocuments" and n = 1
|
||||
// or
|
||||
// // func (coll *Collection) DeleteMany(ctx context.Context, filter interface{},
|
||||
// // opts ...*options.DeleteOptions) (*DeleteResult, error)
|
||||
// name = "DeleteMany" and n = 1
|
||||
// or
|
||||
// // func (coll *Collection) DeleteOne(ctx context.Context, filter interface{},
|
||||
// // opts ...*options.DeleteOptions) (*DeleteResult, error)
|
||||
// name = "DeleteOne" and n = 1
|
||||
// or
|
||||
// // func (coll *Collection) Distinct(ctx context.Context, fieldName string, filter interface{},
|
||||
// // ...) ([]interface{}, error)
|
||||
// name = "Distinct" and n = 2
|
||||
// or
|
||||
// // func (coll *Collection) Find(ctx context.Context, filter interface{},
|
||||
// // opts ...*options.FindOptions) (*Cursor, error)
|
||||
// name = "Find" and n = 1
|
||||
// or
|
||||
// // func (coll *Collection) FindOne(ctx context.Context, filter interface{},
|
||||
// // opts ...*options.FindOneOptions) *SingleResult
|
||||
// name = "FindOne" and n = 1
|
||||
// or
|
||||
// // func (coll *Collection) FindOneAndDelete(ctx context.Context, filter interface{}, ...)
|
||||
// // *SingleResult
|
||||
// name = "FindOneAndDelete" and n = 1
|
||||
// or
|
||||
// // func (coll *Collection) FindOneAndReplace(ctx context.Context, filter interface{},
|
||||
// // replacement interface{}, ...) *SingleResult
|
||||
// name = "FindOneAndReplace" and n = 1
|
||||
// or
|
||||
// // func (coll *Collection) FindOneAndUpdate(ctx context.Context, filter interface{},
|
||||
// // update interface{}, ...) *SingleResult
|
||||
// name = "FindOneAndUpdate" and n = 1
|
||||
// or
|
||||
// // func (coll *Collection) ReplaceOne(ctx context.Context, filter interface{},
|
||||
// // replacement interface{}, ...) (*UpdateResult, error)
|
||||
// name = "ReplaceOne" and n = 1
|
||||
// or
|
||||
// // func (coll *Collection) UpdateMany(ctx context.Context, filter interface{},
|
||||
// // update interface{}, ...) (*UpdateResult, error)
|
||||
// name = "UpdateMany" and n = 1
|
||||
// or
|
||||
// // func (coll *Collection) UpdateOne(ctx context.Context, filter interface{},
|
||||
// // update interface{}, ...) (*UpdateResult, error)
|
||||
// name = "UpdateOne" and n = 1
|
||||
// or
|
||||
// // func (coll *Collection) Watch(ctx context.Context, pipeline interface{}, ...)
|
||||
// // (*ChangeStream, error)
|
||||
// name = "Watch" and n = 1
|
||||
// or
|
||||
// // func (coll *Collection) Aggregate(ctx context.Context, pipeline interface{},
|
||||
// // opts ...*options.AggregateOptions) (*Cursor, error)
|
||||
// name = "Aggregate" and n = 1
|
||||
// }
|
||||
// /**
|
||||
// * A query used in an API function acting on a `Collection` struct of package
|
||||
// * [go.mongodb.org/mongo-driver/mongo](https://pkg.go.dev/go.mongodb.org/mongo-driver/mongo).
|
||||
// */
|
||||
// private class MongoDbCollectionQuery extends Range {
|
||||
// MongoDbCollectionQuery() {
|
||||
// exists(Method meth, string methodName, int n |
|
||||
// mongoDbCollectionMethod(methodName, n) and
|
||||
// meth.hasQualifiedName(package("go.mongodb.org/mongo-driver", "mongo"), "Collection",
|
||||
// methodName) and
|
||||
// this = meth.getACall().getArgument(n)
|
||||
// )
|
||||
// }
|
||||
// }
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче