From a6e3b913d0a55cd4da0b8c67b0da8749bc1e182e Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Sat, 24 Aug 2024 17:39:24 +0100 Subject: [PATCH] Revert "Convert logging sinks to use MaD" This reverts commit fa472f5e18c17b06a0070e7f6d7c790c72991b78. --- go/ql/lib/ext/fmt.model.yml | 7 - ...github.com.beego.beego.core.logs.model.yml | 34 ----- ...ithub.com.beego.beego.core.utils.model.yml | 5 - ...ithub.com.beego.beego.server.web.model.yml | 12 -- .../github.com.davecgh.go-spew.spew.model.yml | 14 -- .../ext/github.com.elazarl.goproxy.model.yml | 6 - .../lib/ext/github.com.golang.glog.model.yml | 102 -------------- .../ext/github.com.sirupsen.logrus.model.yml | 131 ------------------ go/ql/lib/ext/go.uber.org.zap.model.yml | 37 ----- go/ql/lib/ext/log.model.yml | 24 ---- go/ql/lib/semmle/go/Concepts.qll | 13 -- go/ql/lib/semmle/go/frameworks/Beego.qll | 37 +++++ .../semmle/go/frameworks/ElazarlGoproxy.qll | 6 + go/ql/lib/semmle/go/frameworks/Glog.qll | 10 ++ go/ql/lib/semmle/go/frameworks/Logrus.qll | 6 + go/ql/lib/semmle/go/frameworks/Spew.qll | 10 ++ go/ql/lib/semmle/go/frameworks/Zap.qll | 12 ++ go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll | 7 + go/ql/lib/semmle/go/frameworks/stdlib/Log.qll | 10 ++ 19 files changed, 98 insertions(+), 385 deletions(-) delete mode 100644 go/ql/lib/ext/github.com.beego.beego.core.logs.model.yml delete mode 100644 go/ql/lib/ext/github.com.davecgh.go-spew.spew.model.yml delete mode 100644 go/ql/lib/ext/github.com.golang.glog.model.yml delete mode 100644 go/ql/lib/ext/github.com.sirupsen.logrus.model.yml diff --git a/go/ql/lib/ext/fmt.model.yml b/go/ql/lib/ext/fmt.model.yml index ff975cf423c..5234b509933 100644 --- a/go/ql/lib/ext/fmt.model.yml +++ b/go/ql/lib/ext/fmt.model.yml @@ -1,11 +1,4 @@ extensions: - - addsTo: - pack: codeql/go-all - extensible: sinkModel - data: - - ["fmt", "", False, "Print", "", "", "Argument[0]", "log-injection", "manual"] - - ["fmt", "", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["fmt", "", False, "Println", "", "", "Argument[0]", "log-injection", "manual"] - addsTo: pack: codeql/go-all extensible: summaryModel diff --git a/go/ql/lib/ext/github.com.beego.beego.core.logs.model.yml b/go/ql/lib/ext/github.com.beego.beego.core.logs.model.yml deleted file mode 100644 index 3dfbbe89719..00000000000 --- a/go/ql/lib/ext/github.com.beego.beego.core.logs.model.yml +++ /dev/null @@ -1,34 +0,0 @@ -extensions: - - addsTo: - pack: codeql/go-all - extensible: packageGrouping - data: - - ["beego-logs", "github.com/astaxie/beego/logs"] - - ["beego-logs", "github.com/beego/beego/logs"] - - ["beego-logs", "github.com/beego/beego/core/logs"] - - addsTo: - pack: codeql/go-all - extensible: sinkModel - data: - - ["group:beego-logs", "", False, "Alert", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego-logs", "", False, "Critical", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego-logs", "", False, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego-logs", "", False, "Emergency", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego-logs", "", False, "Error", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego-logs", "", False, "Info", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego-logs", "", False, "Informational", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego-logs", "", False, "Notice", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego-logs", "", False, "Trace", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego-logs", "", False, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego-logs", "", False, "Warning", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego-logs", "BeeLogger", False, "Alert", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego-logs", "BeeLogger", False, "Critical", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego-logs", "BeeLogger", False, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego-logs", "BeeLogger", False, "Emergency", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego-logs", "BeeLogger", False, "Error", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego-logs", "BeeLogger", False, "Info", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego-logs", "BeeLogger", False, "Informational", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego-logs", "BeeLogger", False, "Notice", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego-logs", "BeeLogger", False, "Trace", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego-logs", "BeeLogger", False, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego-logs", "BeeLogger", False, "Warning", "", "", "Argument[0..1]", "log-injection", "manual"] diff --git a/go/ql/lib/ext/github.com.beego.beego.core.utils.model.yml b/go/ql/lib/ext/github.com.beego.beego.core.utils.model.yml index 63c05b92040..4eb0688e37e 100644 --- a/go/ql/lib/ext/github.com.beego.beego.core.utils.model.yml +++ b/go/ql/lib/ext/github.com.beego.beego.core.utils.model.yml @@ -6,11 +6,6 @@ extensions: - ["beego-utils", "github.com/astaxie/beego/utils"] - ["beego-utils", "github.com/beego/beego/utils"] - ["beego-utils", "github.com/beego/beego/core/utils"] - - addsTo: - pack: codeql/go-all - extensible: sinkModel - data: - - ["group:beego-utils", "", False, "Display", "", "", "Argument[0]", "log-injection", "manual"] - addsTo: pack: codeql/go-all extensible: summaryModel diff --git a/go/ql/lib/ext/github.com.beego.beego.server.web.model.yml b/go/ql/lib/ext/github.com.beego.beego.server.web.model.yml index c55d620c2e4..8a11da7ad83 100644 --- a/go/ql/lib/ext/github.com.beego.beego.server.web.model.yml +++ b/go/ql/lib/ext/github.com.beego.beego.server.web.model.yml @@ -10,18 +10,6 @@ extensions: pack: codeql/go-all extensible: sinkModel data: - # log-injection - - ["group:beego", "", False, "Alert", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego", "", False, "Critical", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego", "", False, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego", "", False, "Emergency", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego", "", False, "Error", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego", "", False, "Info", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego", "", False, "Informational", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego", "", False, "Notice", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego", "", False, "Trace", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego", "", False, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:beego", "", False, "Warning", "", "", "Argument[0..1]", "log-injection", "manual"] # path-injection - ["group:beego", "", False, "Walk", "", "", "Argument[1]", "path-injection", "manual"] - ["group:beego", "Controller", False, "SaveToFile", "", "", "Argument[1]", "path-injection", "manual"] diff --git a/go/ql/lib/ext/github.com.davecgh.go-spew.spew.model.yml b/go/ql/lib/ext/github.com.davecgh.go-spew.spew.model.yml deleted file mode 100644 index 4b4996926e3..00000000000 --- a/go/ql/lib/ext/github.com.davecgh.go-spew.spew.model.yml +++ /dev/null @@ -1,14 +0,0 @@ -extensions: - - addsTo: - pack: codeql/go-all - extensible: sinkModel - data: - - ["github.com/davecgh/go-spew/spew", "", False, "Dump", "", "", "Argument[0]", "log-injection", "manual"] - - ["github.com/davecgh/go-spew/spew", "", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["github.com/davecgh/go-spew/spew", "", False, "Fdump", "", "", "Argument[1]", "log-injection", "manual"] - - ["github.com/davecgh/go-spew/spew", "", False, "Fprint", "", "", "Argument[1]", "log-injection", "manual"] - - ["github.com/davecgh/go-spew/spew", "", False, "Fprintf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["github.com/davecgh/go-spew/spew", "", False, "Fprintln", "", "", "Argument[1]", "log-injection", "manual"] - - ["github.com/davecgh/go-spew/spew", "", False, "Print", "", "", "Argument[0]", "log-injection", "manual"] - - ["github.com/davecgh/go-spew/spew", "", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["github.com/davecgh/go-spew/spew", "", False, "Println", "", "", "Argument[0]", "log-injection", "manual"] diff --git a/go/ql/lib/ext/github.com.elazarl.goproxy.model.yml b/go/ql/lib/ext/github.com.elazarl.goproxy.model.yml index 01a61d2c3ac..20e4a26f1cd 100644 --- a/go/ql/lib/ext/github.com.elazarl.goproxy.model.yml +++ b/go/ql/lib/ext/github.com.elazarl.goproxy.model.yml @@ -1,10 +1,4 @@ extensions: - - addsTo: - pack: codeql/go-all - extensible: sinkModel - data: - - ["github.com/elazarl/goproxy", "ProxyCtx", False, "Logf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["github.com/elazarl/goproxy", "ProxyCtx", False, "Warnf", "", "", "Argument[0..1]", "log-injection", "manual"] - addsTo: pack: codeql/go-all extensible: summaryModel diff --git a/go/ql/lib/ext/github.com.golang.glog.model.yml b/go/ql/lib/ext/github.com.golang.glog.model.yml deleted file mode 100644 index dd36e6a7d8f..00000000000 --- a/go/ql/lib/ext/github.com.golang.glog.model.yml +++ /dev/null @@ -1,102 +0,0 @@ -extensions: - - addsTo: - pack: codeql/go-all - extensible: packageGrouping - data: - - ["glog", "github.com/golang/glog"] - - ["glog", "gopkg.in/glog"] - - ["glog", "k8s.io/klog"] - - addsTo: - pack: codeql/go-all - extensible: sinkModel - data: - - ["group:glog", "", False, "Error", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:glog", "", False, "ErrorContext", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:glog", "", False, "ErrorContextDepth", "", "", "Argument[2]", "log-injection", "manual"] - - ["group:glog", "", False, "ErrorContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"] - - ["group:glog", "", False, "ErrorContextf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["group:glog", "", False, "ErrorDepth", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:glog", "", False, "ErrorDepthf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["group:glog", "", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:glog", "", False, "Errorln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:glog", "", False, "Exit", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:glog", "", False, "ExitContext", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:glog", "", False, "ExitContextDepth", "", "", "Argument[2]", "log-injection", "manual"] - - ["group:glog", "", False, "ExitContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"] - - ["group:glog", "", False, "ExitContextf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["group:glog", "", False, "ExitDepth", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:glog", "", False, "ExitDepthf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["group:glog", "", False, "Exitf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:glog", "", False, "Exitln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:glog", "", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:glog", "", False, "FatalContext", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:glog", "", False, "FatalContextDepth", "", "", "Argument[2]", "log-injection", "manual"] - - ["group:glog", "", False, "FatalContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"] - - ["group:glog", "", False, "FatalContextf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["group:glog", "", False, "FatalDepth", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:glog", "", False, "FatalDepthf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["group:glog", "", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:glog", "", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:glog", "", False, "Info", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:glog", "", False, "InfoContext", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:glog", "", False, "InfoContextDepth", "", "", "Argument[2]", "log-injection", "manual"] - - ["group:glog", "", False, "InfoContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"] - - ["group:glog", "", False, "InfoContextf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["group:glog", "", False, "InfoDepth", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:glog", "", False, "InfoDepthf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["group:glog", "", False, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:glog", "", False, "Infoln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:glog", "", False, "Warning", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:glog", "", False, "WarningContext", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:glog", "", False, "WarningContextDepth", "", "", "Argument[2]", "log-injection", "manual"] - - ["group:glog", "", False, "WarningContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"] - - ["group:glog", "", False, "WarningContextf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["group:glog", "", False, "WarningDepth", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:glog", "", False, "WarningDepthf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["group:glog", "", False, "Warningf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:glog", "", False, "Warningln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "Error", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "ErrorContext", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "ErrorContextDepth", "", "", "Argument[2]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "ErrorContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "ErrorContextf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "ErrorDepth", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "ErrorDepthf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "Errorln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "Exit", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "ExitContext", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "ExitContextDepth", "", "", "Argument[2]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "ExitContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "ExitContextf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "ExitDepth", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "ExitDepthf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "Exitf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "Exitln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "FatalContext", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "FatalContextDepth", "", "", "Argument[2]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "FatalContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "FatalContextf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "FatalDepth", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "FatalDepthf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "Info", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "InfoContext", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "InfoContextDepth", "", "", "Argument[2]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "InfoContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "InfoContextf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "InfoDepth", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "InfoDepthf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "Infoln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "Warning", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "WarningContext", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "WarningContextDepth", "", "", "Argument[2]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "WarningContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "WarningContextf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "WarningDepth", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "WarningDepthf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "Warningf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:glog", "Verbose", False, "Warningln", "", "", "Argument[0]", "log-injection", "manual"] diff --git a/go/ql/lib/ext/github.com.sirupsen.logrus.model.yml b/go/ql/lib/ext/github.com.sirupsen.logrus.model.yml deleted file mode 100644 index 5779b5fa639..00000000000 --- a/go/ql/lib/ext/github.com.sirupsen.logrus.model.yml +++ /dev/null @@ -1,131 +0,0 @@ -extensions: - - addsTo: - pack: codeql/go-all - extensible: packageGrouping - data: - - ["logrus", "github.com/sirupsen/logrus"] - - ["logrus", "ggithub.com/Sirupsen/logrus"] - - addsTo: - pack: codeql/go-all - extensible: sinkModel - data: - - ["group:logrus", "", False, "Debug", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "DebugFn", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "Debugf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "", False, "Debugln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "Error", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "ErrorFn", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "", False, "Errorln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "FatalFn", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "Info", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "InfoFn", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "", False, "Infoln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "Panic", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "PanicFn", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "", False, "Panicln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "Print", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "PrintFn", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "", False, "Println", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "Trace", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "TraceFn", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "Tracef", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "", False, "Traceln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "Warn", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "WarnFn", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "Warnf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "", False, "Warnln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "Warning", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "WarningFn", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "Warningf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "", False, "Warningln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "WithError", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "WithField", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "", False, "WithFields", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "", False, "WithTime", "", "", "Argument[0]", "log-injection", "manual"] - - - ["group:logrus", "Entry", False, "Debug", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Debugf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Debugln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Error", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Errorln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Info", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Infoln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Log", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Logf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Logln", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Panic", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Panicln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Print", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Println", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Trace", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Tracef", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Traceln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Warn", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Warnf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Warnln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Warning", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Warningf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "Warningln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "WithError", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "WithField", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "WithFields", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Entry", False, "WithTime", "", "", "Argument[0]", "log-injection", "manual"] - - - ["group:logrus", "Logger", False, "Debug", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "DebugFn", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Debugf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Debugln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Error", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "ErrorFn", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Errorln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "FatalFn", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Info", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "InfoFn", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Infoln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Log", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "LogFn", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Logf", "", "", "Argument[1..2]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Logln", "", "", "Argument[1]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Panic", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "PanicFn", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Panicln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Print", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "PrintFn", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Println", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Trace", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "TraceFn", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Tracef", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Traceln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Warn", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "WarnFn", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Warnf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Warnln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Warning", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "WarningFn", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Warningf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "Warningln", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "WithError", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "WithField", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "WithFields", "", "", "Argument[0]", "log-injection", "manual"] - - ["group:logrus", "Logger", False, "WithTime", "", "", "Argument[0]", "log-injection", "manual"] diff --git a/go/ql/lib/ext/go.uber.org.zap.model.yml b/go/ql/lib/ext/go.uber.org.zap.model.yml index c4e43356f26..2ca7f7e8a80 100644 --- a/go/ql/lib/ext/go.uber.org.zap.model.yml +++ b/go/ql/lib/ext/go.uber.org.zap.model.yml @@ -1,41 +1,4 @@ extensions: - - addsTo: - pack: codeql/go-all - extensible: sinkModel - data: - - ["go.uber.org/zap", "Logger", False, "DPanic", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["go.uber.org/zap", "Logger", False, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["go.uber.org/zap", "Logger", False, "Error", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["go.uber.org/zap", "Logger", False, "Fatal", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["go.uber.org/zap", "Logger", False, "Info", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["go.uber.org/zap", "Logger", False, "Named", "", "", "Argument[0]", "log-injection", "manual"] - - ["go.uber.org/zap", "Logger", False, "Panic", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["go.uber.org/zap", "Logger", False, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["go.uber.org/zap", "Logger", False, "With", "", "", "Argument[0]", "log-injection", "manual"] - - ["go.uber.org/zap", "Logger", False, "WithOptions", "", "", "Argument[0]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "DPanic", "", "", "Argument[0]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "DPanicf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "DPanicw", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "Debug", "", "", "Argument[0]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "Debugf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "Debugw", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "Error", "", "", "Argument[0]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "Errorw", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "Fatalw", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "Info", "", "", "Argument[0]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "Infow", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "Named", "", "", "Argument[0]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "Panic", "", "", "Argument[0]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "Panicw", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "Warn", "", "", "Argument[0]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "Warnf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "Warnw", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["go.uber.org/zap", "SugaredLogger", False, "With", "", "", "Argument[0]", "log-injection", "manual"] - addsTo: pack: codeql/go-all extensible: summaryModel diff --git a/go/ql/lib/ext/log.model.yml b/go/ql/lib/ext/log.model.yml index 1ebce079a52..7f52a173307 100644 --- a/go/ql/lib/ext/log.model.yml +++ b/go/ql/lib/ext/log.model.yml @@ -1,28 +1,4 @@ extensions: - - addsTo: - pack: codeql/go-all - extensible: sinkModel - data: - - ["log", "", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"] - - ["log", "", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["log", "", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"] - - ["log", "", False, "Output", "", "", "Argument[1]", "log-injection", "manual"] - - ["log", "", False, "Panic", "", "", "Argument[0]", "log-injection", "manual"] - - ["log", "", False, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["log", "", False, "Panicln", "", "", "Argument[0]", "log-injection", "manual"] - - ["log", "", False, "Print", "", "", "Argument[0]", "log-injection", "manual"] - - ["log", "", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["log", "", False, "Println", "", "", "Argument[0]", "log-injection", "manual"] - - ["log", "Logger", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"] - - ["log", "Logger", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["log", "Logger", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"] - - ["log", "Logger", False, "Output", "", "", "Argument[1]", "log-injection", "manual"] - - ["log", "Logger", False, "Panic", "", "", "Argument[0]", "log-injection", "manual"] - - ["log", "Logger", False, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["log", "Logger", False, "Panicln", "", "", "Argument[0]", "log-injection", "manual"] - - ["log", "Logger", False, "Print", "", "", "Argument[0]", "log-injection", "manual"] - - ["log", "Logger", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"] - - ["log", "Logger", False, "Println", "", "", "Argument[0]", "log-injection", "manual"] - addsTo: pack: codeql/go-all extensible: summaryModel diff --git a/go/ql/lib/semmle/go/Concepts.qll b/go/ql/lib/semmle/go/Concepts.qll index 8fd38a56e1c..c15d3683b40 100644 --- a/go/ql/lib/semmle/go/Concepts.qll +++ b/go/ql/lib/semmle/go/Concepts.qll @@ -373,19 +373,6 @@ module LoggerCall { } } -private class DefaultLoggerCall extends LoggerCall::Range, DataFlow::CallNode { - DataFlow::ArgumentNode messageArgument; - - DefaultLoggerCall() { - sinkNode(messageArgument, "log-injection") and - this = messageArgument.getCall() - } - - override DataFlow::Node getAMessageComponent() { - result = messageArgument.getACorrespondingSyntacticArgument() - } -} - /** * A function that encodes data into a binary or textual format. * diff --git a/go/ql/lib/semmle/go/frameworks/Beego.qll b/go/ql/lib/semmle/go/frameworks/Beego.qll index a9e296a1f97..9f6ee598003 100644 --- a/go/ql/lib/semmle/go/frameworks/Beego.qll +++ b/go/ql/lib/semmle/go/frameworks/Beego.qll @@ -33,6 +33,13 @@ module Beego { result = package(v2modulePath(), "server/web/context") } + /** Gets the path for the logs package of beego. */ + string logsPackagePath() { + result = package(v1modulePath(), "logs") + or + result = package(v2modulePath(), "core/logs") + } + /** Gets the path for the utils package of beego. */ string utilsPackagePath() { result = package(v1modulePath(), "utils") @@ -165,6 +172,36 @@ module Beego { override string getAContentType() { none() } } + private string getALogFunctionName() { + result = + [ + "Alert", "Critical", "Debug", "Emergency", "Error", "Info", "Informational", "Notice", + "Trace", "Warn", "Warning" + ] + } + + private class ToplevelBeegoLoggers extends LoggerCall::Range, DataFlow::CallNode { + ToplevelBeegoLoggers() { + this.getTarget().hasQualifiedName([packagePath(), logsPackagePath()], getALogFunctionName()) + } + + override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() } + } + + private class BeegoLoggerMethods extends LoggerCall::Range, DataFlow::MethodCallNode { + BeegoLoggerMethods() { + this.getTarget().hasQualifiedName(logsPackagePath(), "BeeLogger", getALogFunctionName()) + } + + override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() } + } + + private class UtilLoggers extends LoggerCall::Range, DataFlow::CallNode { + UtilLoggers() { this.getTarget().hasQualifiedName(utilsPackagePath(), "Display") } + + override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() } + } + private class HtmlQuoteSanitizer extends SharedXss::Sanitizer { HtmlQuoteSanitizer() { exists(DataFlow::CallNode c | c.getTarget().hasQualifiedName(packagePath(), "Htmlquote") | diff --git a/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll b/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll index b1bf4571216..4d10c8af312 100644 --- a/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll +++ b/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll @@ -100,4 +100,10 @@ module ElazarlGoproxy { override int getFormatStringIndex() { result = 0 } } + + private class ProxyLog extends LoggerCall::Range, DataFlow::MethodCallNode { + ProxyLog() { this.getTarget() instanceof ProxyLogFunction } + + override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() } + } } diff --git a/go/ql/lib/semmle/go/frameworks/Glog.qll b/go/ql/lib/semmle/go/frameworks/Glog.qll index 146b8a4f814..f9f5c9e3f11 100644 --- a/go/ql/lib/semmle/go/frameworks/Glog.qll +++ b/go/ql/lib/semmle/go/frameworks/Glog.qll @@ -40,4 +40,14 @@ module Glog { override int getFormatStringIndex() { result = super.getFirstPrintedArg() } } + + private class GlogCall extends LoggerCall::Range, DataFlow::CallNode { + GlogFunction callee; + + GlogCall() { this = callee.getACall() } + + override DataFlow::Node getAMessageComponent() { + result = this.getSyntacticArgument(any(int i | i >= callee.getFirstPrintedArg())) + } + } } diff --git a/go/ql/lib/semmle/go/frameworks/Logrus.qll b/go/ql/lib/semmle/go/frameworks/Logrus.qll index 83278a4cd9e..f7de9a75dae 100644 --- a/go/ql/lib/semmle/go/frameworks/Logrus.qll +++ b/go/ql/lib/semmle/go/frameworks/Logrus.qll @@ -28,6 +28,12 @@ module Logrus { } } + private class LogCall extends LoggerCall::Range, DataFlow::CallNode { + LogCall() { this = any(LogFunction f).getACall() } + + override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() } + } + private class StringFormatters extends StringOps::Formatting::Range instanceof LogFunction { int argOffset; diff --git a/go/ql/lib/semmle/go/frameworks/Spew.qll b/go/ql/lib/semmle/go/frameworks/Spew.qll index f49a4aa4d89..b12bd0fed81 100644 --- a/go/ql/lib/semmle/go/frameworks/Spew.qll +++ b/go/ql/lib/semmle/go/frameworks/Spew.qll @@ -33,6 +33,16 @@ module Spew { override int getFormatStringIndex() { result = super.getFirstPrintedArg() } } + private class SpewCall extends LoggerCall::Range, DataFlow::CallNode { + SpewFunction target; + + SpewCall() { this = target.getACall() } + + override DataFlow::Node getAMessageComponent() { + result = this.getSyntacticArgument(any(int i | i >= target.getFirstPrintedArg())) + } + } + // These are expressed using TaintTracking::FunctionModel because varargs functions don't work with Models-as-Data sumamries yet. /** The `Sprint` function or one of its variants. */ class Sprinter extends TaintTracking::FunctionModel { diff --git a/go/ql/lib/semmle/go/frameworks/Zap.qll b/go/ql/lib/semmle/go/frameworks/Zap.qll index 0928d2b0595..359f9aba410 100644 --- a/go/ql/lib/semmle/go/frameworks/Zap.qll +++ b/go/ql/lib/semmle/go/frameworks/Zap.qll @@ -34,6 +34,18 @@ module Zap { override int getFormatStringIndex() { result = 0 } } + /** + * A call to a logger function in Zap. + * + * Functions which add data to be included the next time a direct logging + * function is called are included. + */ + private class ZapCall extends LoggerCall::Range, DataFlow::MethodCallNode { + ZapCall() { this = any(ZapFunction f).getACall() } + + override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() } + } + // These are expressed using TaintTracking::FunctionModel because varargs functions don't work with Models-as-Data sumamries yet. /** The function `Fields` that creates an `Option` that can be added to the logger out of `Field`s. */ class FieldsFunction extends TaintTracking::FunctionModel { diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll b/go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll index 8c4a5f27b3c..950b67483f0 100644 --- a/go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll +++ b/go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll @@ -41,6 +41,13 @@ module Fmt { Printer() { this.hasQualifiedName("fmt", ["Print", "Printf", "Println"]) } } + /** A call to `Print` or similar. */ + private class PrintCall extends LoggerCall::Range, DataFlow::CallNode { + PrintCall() { this.getTarget() instanceof Printer } + + override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() } + } + /** The `Fprint` function or one of its variants. */ private class Fprinter extends TaintTracking::FunctionModel { Fprinter() { diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/Log.qll b/go/ql/lib/semmle/go/frameworks/stdlib/Log.qll index ca74160bf0d..5b402fca1b7 100644 --- a/go/ql/lib/semmle/go/frameworks/stdlib/Log.qll +++ b/go/ql/lib/semmle/go/frameworks/stdlib/Log.qll @@ -32,6 +32,16 @@ module Log { override int getFormatStringIndex() { result = 0 } } + private class LogCall extends LoggerCall::Range, DataFlow::CallNode { + LogFunction target; + + LogCall() { this = target.getACall() } + + override DataFlow::Node getAMessageComponent() { + result = this.getSyntacticArgument(any(int i | i >= target.getFirstPrintedArg())) + } + } + /** A fatal log function, which calls `os.Exit`. */ private class FatalLogFunction extends Function { FatalLogFunction() { this.hasQualifiedName("log", ["Fatal", "Fatalf", "Fatalln"]) }