Convert ElazarlGoproxy::UserControlledRequestData to MaD

2024-06-23 07:36:15 +01:00 · 2024-06-23 07:36:15 +01:00 · 99ed3c2ac1
--- a/go/ql/lib/ext/github.com.elazarl.goproxy.model.yml
+++ b/go/ql/lib/ext/github.com.elazarl.goproxy.model.yml
@ -5,3 +5,10 @@ extensions:
    data:
      - ["github.com/elazarl/goproxy", "CertStorage", True, "Fetch", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
      - ["github.com/elazarl/goproxy", "CertStorage", True, "Fetch", "", "", "Argument[1]", "ReturnValue[0]", "taint", "manual"]
+
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sourceModel
+    data:
+      - ["github.com/elazarl/goproxy", "ProxyCtx", True, "UserData", "", "", "", "remote", "manual"]
+      - ["github.com/elazarl/goproxy", "ProxyCtx", True, "Charset", "", "", "ReturnValue", "remote", "manual"]
--- a/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll
+++ b/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll
@ -95,19 +95,6 @@ module ElazarlGoproxy {
    }
  }

-  private class UserControlledRequestData extends RemoteFlowSource::Range {
-    UserControlledRequestData() {
-      exists(DataFlow::FieldReadNode frn | this = frn |
-        // liberally consider ProxyCtx.UserData to be untrusted; it's a data field set by a request handler
-        frn.getField().hasQualifiedName(packagePath(), "ProxyCtx", "UserData")
-      )
-      or
-      exists(DataFlow::MethodCallNode call | this = call |
-        call.getTarget().hasQualifiedName(packagePath(), "ProxyCtx", "Charset")
-      )
-    }
-  }
-
  private class ProxyLogFunction extends StringOps::Formatting::Range, Method {
    ProxyLogFunction() { this.hasQualifiedName(packagePath(), "ProxyCtx", ["Logf", "Warnf"]) }