github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Revert "Convert logging sinks to use MaD" 

This reverts commit fa472f5e18.
This commit is contained in:
Chris Smowton 2024-08-24 17:39:24 +01:00
Родитель 686f47af98
Коммит a6e3b913d0
19 изменённых файлов: 98 добавлений и 385 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

7
go/ql/lib/ext/fmt.model.yml
Просмотреть файл

@ -1,11 +1,4 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["fmt", "", False, "Print", "", "", "Argument[0]", "log-injection", "manual"]
- ["fmt", "", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["fmt", "", False, "Println", "", "", "Argument[0]", "log-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel

34
go/ql/lib/ext/github.com.beego.beego.core.logs.model.yml
Просмотреть файл

@ -1,34 +0,0 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: packageGrouping
data:
- ["beego-logs", "github.com/astaxie/beego/logs"]
- ["beego-logs", "github.com/beego/beego/logs"]
- ["beego-logs", "github.com/beego/beego/core/logs"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["group:beego-logs", "", False, "Alert", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", False, "Critical", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", False, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", False, "Emergency", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", False, "Error", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", False, "Info", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", False, "Informational", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", False, "Notice", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", False, "Trace", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", False, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", False, "Warning", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", False, "Alert", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", False, "Critical", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", False, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", False, "Emergency", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", False, "Error", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", False, "Info", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", False, "Informational", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", False, "Notice", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", False, "Trace", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", False, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", False, "Warning", "", "", "Argument[0..1]", "log-injection", "manual"]

5
go/ql/lib/ext/github.com.beego.beego.core.utils.model.yml
Просмотреть файл

@ -6,11 +6,6 @@ extensions:
- ["beego-utils", "github.com/astaxie/beego/utils"]
- ["beego-utils", "github.com/beego/beego/utils"]
- ["beego-utils", "github.com/beego/beego/core/utils"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["group:beego-utils", "", False, "Display", "", "", "Argument[0]", "log-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel

12
go/ql/lib/ext/github.com.beego.beego.server.web.model.yml
Просмотреть файл

@ -10,18 +10,6 @@ extensions:
pack: codeql/go-all
extensible: sinkModel
data:
# log-injection
- ["group:beego", "", False, "Alert", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", False, "Critical", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", False, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", False, "Emergency", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", False, "Error", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", False, "Info", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", False, "Informational", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", False, "Notice", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", False, "Trace", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", False, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", False, "Warning", "", "", "Argument[0..1]", "log-injection", "manual"]
# path-injection
- ["group:beego", "", False, "Walk", "", "", "Argument[1]", "path-injection", "manual"]
- ["group:beego", "Controller", False, "SaveToFile", "", "", "Argument[1]", "path-injection", "manual"]

14
go/ql/lib/ext/github.com.davecgh.go-spew.spew.model.yml
Просмотреть файл

@ -1,14 +0,0 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/davecgh/go-spew/spew", "", False, "Dump", "", "", "Argument[0]", "log-injection", "manual"]
- ["github.com/davecgh/go-spew/spew", "", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["github.com/davecgh/go-spew/spew", "", False, "Fdump", "", "", "Argument[1]", "log-injection", "manual"]
- ["github.com/davecgh/go-spew/spew", "", False, "Fprint", "", "", "Argument[1]", "log-injection", "manual"]
- ["github.com/davecgh/go-spew/spew", "", False, "Fprintf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["github.com/davecgh/go-spew/spew", "", False, "Fprintln", "", "", "Argument[1]", "log-injection", "manual"]
- ["github.com/davecgh/go-spew/spew", "", False, "Print", "", "", "Argument[0]", "log-injection", "manual"]
- ["github.com/davecgh/go-spew/spew", "", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["github.com/davecgh/go-spew/spew", "", False, "Println", "", "", "Argument[0]", "log-injection", "manual"]

6
go/ql/lib/ext/github.com.elazarl.goproxy.model.yml
Просмотреть файл

@ -1,10 +1,4 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/elazarl/goproxy", "ProxyCtx", False, "Logf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["github.com/elazarl/goproxy", "ProxyCtx", False, "Warnf", "", "", "Argument[0..1]", "log-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel

102
go/ql/lib/ext/github.com.golang.glog.model.yml
Просмотреть файл

@ -1,102 +0,0 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: packageGrouping
data:
- ["glog", "github.com/golang/glog"]
- ["glog", "gopkg.in/glog"]
- ["glog", "k8s.io/klog"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["group:glog", "", False, "Error", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "", False, "ErrorContext", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "", False, "ErrorContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
- ["group:glog", "", False, "ErrorContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
- ["group:glog", "", False, "ErrorContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "", False, "ErrorDepth", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "", False, "ErrorDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:glog", "", False, "Errorln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "", False, "Exit", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "", False, "ExitContext", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "", False, "ExitContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
- ["group:glog", "", False, "ExitContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
- ["group:glog", "", False, "ExitContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "", False, "ExitDepth", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "", False, "ExitDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "", False, "Exitf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:glog", "", False, "Exitln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "", False, "FatalContext", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "", False, "FatalContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
- ["group:glog", "", False, "FatalContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
- ["group:glog", "", False, "FatalContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "", False, "FatalDepth", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "", False, "FatalDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:glog", "", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "", False, "Info", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "", False, "InfoContext", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "", False, "InfoContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
- ["group:glog", "", False, "InfoContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
- ["group:glog", "", False, "InfoContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "", False, "InfoDepth", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "", False, "InfoDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "", False, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:glog", "", False, "Infoln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "", False, "Warning", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "", False, "WarningContext", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "", False, "WarningContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
- ["group:glog", "", False, "WarningContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
- ["group:glog", "", False, "WarningContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "", False, "WarningDepth", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "", False, "WarningDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "", False, "Warningf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:glog", "", False, "Warningln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "Error", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "ErrorContext", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "ErrorContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "ErrorContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "ErrorContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "ErrorDepth", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "ErrorDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "Errorln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "Exit", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "ExitContext", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "ExitContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "ExitContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "ExitContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "ExitDepth", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "ExitDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "Exitf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "Exitln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "FatalContext", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "FatalContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "FatalContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "FatalContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "FatalDepth", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "FatalDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "Info", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "InfoContext", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "InfoContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "InfoContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "InfoContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "InfoDepth", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "InfoDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "Infoln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "Warning", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "WarningContext", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "WarningContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "WarningContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "WarningContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "WarningDepth", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "WarningDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "Warningf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:glog", "Verbose", False, "Warningln", "", "", "Argument[0]", "log-injection", "manual"]

131
go/ql/lib/ext/github.com.sirupsen.logrus.model.yml
Просмотреть файл

@ -1,131 +0,0 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: packageGrouping
data:
- ["logrus", "github.com/sirupsen/logrus"]
- ["logrus", "ggithub.com/Sirupsen/logrus"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["group:logrus", "", False, "Debug", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "DebugFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Debugf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "", False, "Debugln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Error", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "ErrorFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "", False, "Errorln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "FatalFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Info", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "InfoFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "", False, "Infoln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Panic", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "PanicFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "", False, "Panicln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Print", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "PrintFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "", False, "Println", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Trace", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "TraceFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Tracef", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "", False, "Traceln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Warn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "WarnFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Warnf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "", False, "Warnln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Warning", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "WarningFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Warningf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "", False, "Warningln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "WithError", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "WithField", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "", False, "WithFields", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "WithTime", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Debug", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Debugf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Debugln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Error", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Errorln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Info", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Infoln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Log", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Logf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Logln", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Panic", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Panicln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Print", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Println", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Trace", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Tracef", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Traceln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Warn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Warnf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Warnln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Warning", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Warningf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "Warningln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "WithError", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "WithField", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "WithFields", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", False, "WithTime", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Debug", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "DebugFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Debugf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Debugln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Error", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "ErrorFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Errorln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "FatalFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Info", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "InfoFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Infoln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Log", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "LogFn", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Logf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Logln", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Panic", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "PanicFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Panicln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Print", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "PrintFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Println", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Trace", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "TraceFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Tracef", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Traceln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Warn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "WarnFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Warnf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Warnln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Warning", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "WarningFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Warningf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "Warningln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "WithError", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "WithField", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "WithFields", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", False, "WithTime", "", "", "Argument[0]", "log-injection", "manual"]

37
go/ql/lib/ext/go.uber.org.zap.model.yml
Просмотреть файл

@ -1,41 +1,4 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["go.uber.org/zap", "Logger", False, "DPanic", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "Logger", False, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "Logger", False, "Error", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "Logger", False, "Fatal", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "Logger", False, "Info", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "Logger", False, "Named", "", "", "Argument[0]", "log-injection", "manual"]
- ["go.uber.org/zap", "Logger", False, "Panic", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "Logger", False, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "Logger", False, "With", "", "", "Argument[0]", "log-injection", "manual"]
- ["go.uber.org/zap", "Logger", False, "WithOptions", "", "", "Argument[0]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "DPanic", "", "", "Argument[0]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "DPanicf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "DPanicw", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "Debug", "", "", "Argument[0]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "Debugf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "Debugw", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "Error", "", "", "Argument[0]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "Errorw", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "Fatalw", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "Info", "", "", "Argument[0]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "Infow", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "Named", "", "", "Argument[0]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "Panic", "", "", "Argument[0]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "Panicw", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "Warn", "", "", "Argument[0]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "Warnf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "Warnw", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", False, "With", "", "", "Argument[0]", "log-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel

24
go/ql/lib/ext/log.model.yml
Просмотреть файл

@ -1,28 +1,4 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["log", "", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
- ["log", "", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["log", "", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"]
- ["log", "", False, "Output", "", "", "Argument[1]", "log-injection", "manual"]
- ["log", "", False, "Panic", "", "", "Argument[0]", "log-injection", "manual"]
- ["log", "", False, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["log", "", False, "Panicln", "", "", "Argument[0]", "log-injection", "manual"]
- ["log", "", False, "Print", "", "", "Argument[0]", "log-injection", "manual"]
- ["log", "", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["log", "", False, "Println", "", "", "Argument[0]", "log-injection", "manual"]
- ["log", "Logger", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
- ["log", "Logger", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["log", "Logger", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"]
- ["log", "Logger", False, "Output", "", "", "Argument[1]", "log-injection", "manual"]
- ["log", "Logger", False, "Panic", "", "", "Argument[0]", "log-injection", "manual"]
- ["log", "Logger", False, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["log", "Logger", False, "Panicln", "", "", "Argument[0]", "log-injection", "manual"]
- ["log", "Logger", False, "Print", "", "", "Argument[0]", "log-injection", "manual"]
- ["log", "Logger", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["log", "Logger", False, "Println", "", "", "Argument[0]", "log-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel

13
go/ql/lib/semmle/go/Concepts.qll
Просмотреть файл

@ -373,19 +373,6 @@ module LoggerCall {
}
}
private class DefaultLoggerCall extends LoggerCall::Range, DataFlow::CallNode {
DataFlow::ArgumentNode messageArgument;
DefaultLoggerCall() {
sinkNode(messageArgument, "log-injection") and
this = messageArgument.getCall()
}
override DataFlow::Node getAMessageComponent() {
result = messageArgument.getACorrespondingSyntacticArgument()
}
}
/**
* A function that encodes data into a binary or textual format.
*

37
go/ql/lib/semmle/go/frameworks/Beego.qll
Просмотреть файл

@ -33,6 +33,13 @@ module Beego {
result = package(v2modulePath(), "server/web/context")
}
/** Gets the path for the logs package of beego. */
string logsPackagePath() {
result = package(v1modulePath(), "logs")
or
result = package(v2modulePath(), "core/logs")
}
/** Gets the path for the utils package of beego. */
string utilsPackagePath() {
result = package(v1modulePath(), "utils")
@ -165,6 +172,36 @@ module Beego {
override string getAContentType() { none() }
}
private string getALogFunctionName() {
result =
[
"Alert", "Critical", "Debug", "Emergency", "Error", "Info", "Informational", "Notice",
"Trace", "Warn", "Warning"
]
}
private class ToplevelBeegoLoggers extends LoggerCall::Range, DataFlow::CallNode {
ToplevelBeegoLoggers() {
this.getTarget().hasQualifiedName([packagePath(), logsPackagePath()], getALogFunctionName())
}
override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
}
private class BeegoLoggerMethods extends LoggerCall::Range, DataFlow::MethodCallNode {
BeegoLoggerMethods() {
this.getTarget().hasQualifiedName(logsPackagePath(), "BeeLogger", getALogFunctionName())
}
override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
}
private class UtilLoggers extends LoggerCall::Range, DataFlow::CallNode {
UtilLoggers() { this.getTarget().hasQualifiedName(utilsPackagePath(), "Display") }
override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
}
private class HtmlQuoteSanitizer extends SharedXss::Sanitizer {
HtmlQuoteSanitizer() {
exists(DataFlow::CallNode c | c.getTarget().hasQualifiedName(packagePath(), "Htmlquote") |

6
go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll
Просмотреть файл

@ -100,4 +100,10 @@ module ElazarlGoproxy {
override int getFormatStringIndex() { result = 0 }
}
private class ProxyLog extends LoggerCall::Range, DataFlow::MethodCallNode {
ProxyLog() { this.getTarget() instanceof ProxyLogFunction }
override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
}
}

10
go/ql/lib/semmle/go/frameworks/Glog.qll
Просмотреть файл

@ -40,4 +40,14 @@ module Glog {
override int getFormatStringIndex() { result = super.getFirstPrintedArg() }
}
private class GlogCall extends LoggerCall::Range, DataFlow::CallNode {
GlogFunction callee;
GlogCall() { this = callee.getACall() }
override DataFlow::Node getAMessageComponent() {
result = this.getSyntacticArgument(any(int i | i >= callee.getFirstPrintedArg()))
}
}
}

6
go/ql/lib/semmle/go/frameworks/Logrus.qll
Просмотреть файл

@ -28,6 +28,12 @@ module Logrus {
}
}
private class LogCall extends LoggerCall::Range, DataFlow::CallNode {
LogCall() { this = any(LogFunction f).getACall() }
override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
}
private class StringFormatters extends StringOps::Formatting::Range instanceof LogFunction {
int argOffset;

10
go/ql/lib/semmle/go/frameworks/Spew.qll
Просмотреть файл

@ -33,6 +33,16 @@ module Spew {
override int getFormatStringIndex() { result = super.getFirstPrintedArg() }
}
private class SpewCall extends LoggerCall::Range, DataFlow::CallNode {
SpewFunction target;
SpewCall() { this = target.getACall() }
override DataFlow::Node getAMessageComponent() {
result = this.getSyntacticArgument(any(int i | i >= target.getFirstPrintedArg()))
}
}
// These are expressed using TaintTracking::FunctionModel because varargs functions don't work with Models-as-Data sumamries yet.
/** The `Sprint` function or one of its variants. */
class Sprinter extends TaintTracking::FunctionModel {

12
go/ql/lib/semmle/go/frameworks/Zap.qll
Просмотреть файл

@ -34,6 +34,18 @@ module Zap {
override int getFormatStringIndex() { result = 0 }
}
/**
* A call to a logger function in Zap.
*
* Functions which add data to be included the next time a direct logging
* function is called are included.
*/
private class ZapCall extends LoggerCall::Range, DataFlow::MethodCallNode {
ZapCall() { this = any(ZapFunction f).getACall() }
override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
}
// These are expressed using TaintTracking::FunctionModel because varargs functions don't work with Models-as-Data sumamries yet.
/** The function `Fields` that creates an `Option` that can be added to the logger out of `Field`s. */
class FieldsFunction extends TaintTracking::FunctionModel {

7
go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll
Просмотреть файл

@ -41,6 +41,13 @@ module Fmt {
Printer() { this.hasQualifiedName("fmt", ["Print", "Printf", "Println"]) }
}
/** A call to `Print` or similar. */
private class PrintCall extends LoggerCall::Range, DataFlow::CallNode {
PrintCall() { this.getTarget() instanceof Printer }
override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
}
/** The `Fprint` function or one of its variants. */
private class Fprinter extends TaintTracking::FunctionModel {
Fprinter() {

10
go/ql/lib/semmle/go/frameworks/stdlib/Log.qll
Просмотреть файл

@ -32,6 +32,16 @@ module Log {
override int getFormatStringIndex() { result = 0 }
}
private class LogCall extends LoggerCall::Range, DataFlow::CallNode {
LogFunction target;
LogCall() { this = target.getACall() }
override DataFlow::Node getAMessageComponent() {
result = this.getSyntacticArgument(any(int i | i >= target.getFirstPrintedArg()))
}
}
/** A fatal log function, which calls `os.Exit`. */
private class FatalLogFunction extends Function {
FatalLogFunction() { this.hasQualifiedName("log", ["Fatal", "Fatalf", "Fatalln"]) }