github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Make taint tracking tests use InlineFlowTest

This commit is contained in:
Owen Mansel-Chan 2023-07-19 14:08:23 +01:00
Родитель 663fb2cc06
Коммит c11da5bf67
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 67E427E02E6DA1B8
21 изменённых файлов: 278 добавлений и 523 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

14
go/ql/test/experimental/frameworks/CleverGo/TaintTracking.go
Просмотреть файл

@ -17,7 +17,7 @@ func TaintTracking_ClevergoTechClevergoV052() {
{ {
fromString598 := source().(string) fromString598 := source().(string)
intoString631 := clevergo.CleanPath(fromString598) intoString631 := clevergo.CleanPath(fromString598)
sink(intoString631) // $ taintSink sink(intoString631) // $ hasTaintFlow="intoString631"
} }
} }
// Taint-tracking through method calls. // Taint-tracking through method calls.
@ -30,13 +30,13 @@ func TaintTracking_ClevergoTechClevergoV052() {
fromString165 := source().(string) fromString165 := source().(string)
var mediumObjCQL clevergo.Application var mediumObjCQL clevergo.Application
intoURL150, _ := mediumObjCQL.RouteURL(fromString165, "") intoURL150, _ := mediumObjCQL.RouteURL(fromString165, "")
sink(intoURL150) // $ taintSink sink(intoURL150) // $ hasTaintFlow="intoURL150"
} }
{ {
fromString340 := source().(string) fromString340 := source().(string)
var mediumObjCQL clevergo.Application var mediumObjCQL clevergo.Application
intoURL471, _ := mediumObjCQL.RouteURL("", fromString340) intoURL471, _ := mediumObjCQL.RouteURL("", fromString340)
sink(intoURL471) // $ taintSink sink(intoURL471) // $ hasTaintFlow="intoURL471"
} }
} }
} }
@ -46,7 +46,7 @@ func TaintTracking_ClevergoTechClevergoV052() {
{ {
fromContext290 := source().(clevergo.Context) fromContext290 := source().(clevergo.Context)
intoContext758 := fromContext290.Context() intoContext758 := fromContext290.Context()
sink(intoContext758) // $ taintSink sink(intoContext758) // $ hasTaintFlow="intoContext758"
} }
} }
// Taint-tracking through method calls on clevergo.tech/clevergo.Params. // Taint-tracking through method calls on clevergo.tech/clevergo.Params.
@ -55,7 +55,7 @@ func TaintTracking_ClevergoTechClevergoV052() {
{ {
fromParams396 := source().(clevergo.Params) fromParams396 := source().(clevergo.Params)
intoString707 := fromParams396.String("") intoString707 := fromParams396.String("")
sink(intoString707) // $ taintSink untrustedFlowSource sink(intoString707) // $ hasTaintFlow="intoString707" untrustedFlowSource
} }
} }
} }
@ -69,7 +69,7 @@ func TaintTracking_ClevergoTechClevergoV052() {
var intoInterface718 interface{} var intoInterface718 interface{}
var mediumObjCQL clevergo.Decoder var mediumObjCQL clevergo.Decoder
mediumObjCQL.Decode(fromRequest912, intoInterface718) mediumObjCQL.Decode(fromRequest912, intoInterface718)
sink(intoInterface718) // $ taintSink untrustedFlowSource sink(intoInterface718) // $ hasTaintFlow="intoInterface718" untrustedFlowSource
} }
} }
// Taint-tracking through method calls on clevergo.tech/clevergo.Renderer interface. // Taint-tracking through method calls on clevergo.tech/clevergo.Renderer interface.
@ -80,7 +80,7 @@ func TaintTracking_ClevergoTechClevergoV052() {
var intoWriter633 io.Writer var intoWriter633 io.Writer
var mediumObjCQL clevergo.Renderer var mediumObjCQL clevergo.Renderer
mediumObjCQL.Render(intoWriter633, "", fromInterface972, nil) mediumObjCQL.Render(intoWriter633, "", fromInterface972, nil)
sink(intoWriter633) // $ taintSink sink(intoWriter633) // $ hasTaintFlow="intoWriter633"
} }
} }
} }

31
go/ql/test/experimental/frameworks/CleverGo/TaintTracking.ql
Просмотреть файл

@ -1,31 +1,4 @@
import go import go
import TestUtilities.InlineExpectationsTest
import experimental.frameworks.CleverGo import experimental.frameworks.CleverGo
import TestUtilities.InlineFlowTest
class Configuration extends TaintTracking::Configuration { import DefaultFlowTest
Configuration() { this = "test-configuration" }
override predicate isSource(DataFlow::Node source) {
exists(Function fn | fn.hasQualifiedName(_, "source") | source = fn.getACall().getResult())
}
override predicate isSink(DataFlow::Node sink) {
exists(Function fn | fn.hasQualifiedName(_, "sink") | sink = fn.getACall().getAnArgument())
}
}
module TaintTrackingTest implements TestSig {
string getARelevantTag() { result = "taintSink" }
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "taintSink" and
exists(DataFlow::Node sink | any(Configuration c).hasFlow(_, sink) |
element = sink.toString() and
value = "" and
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
)
}
}
import MakeTest<TaintTrackingTest>

28
go/ql/test/experimental/frameworks/Fiber/TaintTracking.go
Просмотреть файл

@ -15,7 +15,7 @@ func TaintTracking_GithubComGofiberFiberV1146() {
{ {
fromString656 := source().(string) fromString656 := source().(string)
intoError414 := fiber.NewError(0, fromString656) intoError414 := fiber.NewError(0, fromString656)
sink(intoError414) // $ taintSink sink(intoError414) // $ hasTaintFlow="intoError414"
} }
} }
} }
@ -28,79 +28,79 @@ func TaintTracking_GithubComGofiberUtilsV0010() {
{ {
fromString989 := source().(string) fromString989 := source().(string)
intoByte982 := utils.GetBytes(fromString989) intoByte982 := utils.GetBytes(fromString989)
sink(intoByte982) // $ taintSink sink(intoByte982) // $ hasTaintFlow="intoByte982"
} }
// func GetString(b []byte) string // func GetString(b []byte) string
{ {
fromByte417 := source().([]byte) fromByte417 := source().([]byte)
intoString584 := utils.GetString(fromByte417) intoString584 := utils.GetString(fromByte417)
sink(intoString584) // $ taintSink sink(intoString584) // $ hasTaintFlow="intoString584"
} }
// func ImmutableString(s string) string // func ImmutableString(s string) string
{ {
fromString991 := source().(string) fromString991 := source().(string)
intoString881 := utils.ImmutableString(fromString991) intoString881 := utils.ImmutableString(fromString991)
sink(intoString881) // $ taintSink sink(intoString881) // $ hasTaintFlow="intoString881"
} }
// func ToLower(b string) string // func ToLower(b string) string
{ {
fromString494 := source().(string) fromString494 := source().(string)
intoString873 := utils.ToLower(fromString494) intoString873 := utils.ToLower(fromString494)
sink(intoString873) // $ taintSink sink(intoString873) // $ hasTaintFlow="intoString873"
} }
// func ToLowerBytes(b []byte) []byte // func ToLowerBytes(b []byte) []byte
{ {
fromByte599 := source().([]byte) fromByte599 := source().([]byte)
intoByte409 := utils.ToLowerBytes(fromByte599) intoByte409 := utils.ToLowerBytes(fromByte599)
sink(intoByte409) // $ taintSink sink(intoByte409) // $ hasTaintFlow="intoByte409"
} }
// func ToUpper(b string) string // func ToUpper(b string) string
{ {
fromString246 := source().(string) fromString246 := source().(string)
intoString898 := utils.ToUpper(fromString246) intoString898 := utils.ToUpper(fromString246)
sink(intoString898) // $ taintSink sink(intoString898) // $ hasTaintFlow="intoString898"
} }
// func ToUpperBytes(b []byte) []byte // func ToUpperBytes(b []byte) []byte
{ {
fromByte598 := source().([]byte) fromByte598 := source().([]byte)
intoByte631 := utils.ToUpperBytes(fromByte598) intoByte631 := utils.ToUpperBytes(fromByte598)
sink(intoByte631) // $ taintSink sink(intoByte631) // $ hasTaintFlow="intoByte631"
} }
// func Trim(s string, cutset byte) string // func Trim(s string, cutset byte) string
{ {
fromString165 := source().(string) fromString165 := source().(string)
intoString150 := utils.Trim(fromString165, 0) intoString150 := utils.Trim(fromString165, 0)
sink(intoString150) // $ taintSink sink(intoString150) // $ hasTaintFlow="intoString150"
} }
// func TrimBytes(b []byte, cutset byte) []byte // func TrimBytes(b []byte, cutset byte) []byte
{ {
fromByte340 := source().([]byte) fromByte340 := source().([]byte)
intoByte471 := utils.TrimBytes(fromByte340, 0) intoByte471 := utils.TrimBytes(fromByte340, 0)
sink(intoByte471) // $ taintSink sink(intoByte471) // $ hasTaintFlow="intoByte471"
} }
// func TrimLeft(s string, cutset byte) string // func TrimLeft(s string, cutset byte) string
{ {
fromString290 := source().(string) fromString290 := source().(string)
intoString758 := utils.TrimLeft(fromString290, 0) intoString758 := utils.TrimLeft(fromString290, 0)
sink(intoString758) // $ taintSink sink(intoString758) // $ hasTaintFlow="intoString758"
} }
// func TrimLeftBytes(b []byte, cutset byte) []byte // func TrimLeftBytes(b []byte, cutset byte) []byte
{ {
fromByte396 := source().([]byte) fromByte396 := source().([]byte)
intoByte707 := utils.TrimLeftBytes(fromByte396, 0) intoByte707 := utils.TrimLeftBytes(fromByte396, 0)
sink(intoByte707) // $ taintSink sink(intoByte707) // $ hasTaintFlow="intoByte707"
} }
// func TrimRight(s string, cutset byte) string // func TrimRight(s string, cutset byte) string
{ {
fromString912 := source().(string) fromString912 := source().(string)
intoString718 := utils.TrimRight(fromString912, 0) intoString718 := utils.TrimRight(fromString912, 0)
sink(intoString718) // $ taintSink sink(intoString718) // $ hasTaintFlow="intoString718"
} }
// func TrimRightBytes(b []byte, cutset byte) []byte // func TrimRightBytes(b []byte, cutset byte) []byte
{ {
fromByte972 := source().([]byte) fromByte972 := source().([]byte)
intoByte633 := utils.TrimRightBytes(fromByte972, 0) intoByte633 := utils.TrimRightBytes(fromByte972, 0)
sink(intoByte633) // $ taintSink sink(intoByte633) // $ hasTaintFlow="intoByte633"
} }
} }
} }

31
go/ql/test/experimental/frameworks/Fiber/TaintTracking.ql
Просмотреть файл

@ -1,31 +1,4 @@
import go import go
import TestUtilities.InlineExpectationsTest
import experimental.frameworks.Fiber import experimental.frameworks.Fiber
import TestUtilities.InlineFlowTest
class Configuration extends TaintTracking::Configuration { import DefaultFlowTest
Configuration() { this = "test-configuration" }
override predicate isSource(DataFlow::Node source) {
exists(Function fn | fn.hasQualifiedName(_, "source") | source = fn.getACall().getResult())
}
override predicate isSink(DataFlow::Node sink) {
exists(Function fn | fn.hasQualifiedName(_, "sink") | sink = fn.getACall().getAnArgument())
}
}
module TaintTrackingTest implements TestSig {
string getARelevantTag() { result = "taintSink" }
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "taintSink" and
exists(DataFlow::Node sink | any(Configuration c).hasFlow(_, sink) |
element = sink.toString() and
value = "" and
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
)
}
}
import MakeTest<TaintTrackingTest>

18
go/ql/test/library-tests/semmle/go/dataflow/ListOfConstantsSanitizerGuards/test.go
Просмотреть файл

@ -138,14 +138,14 @@ func main() {
if switchStatementReturningTrueOnlyWhenConstant(s) { if switchStatementReturningTrueOnlyWhenConstant(s) {
sink(s) sink(s)
} else { } else {
sink(s) // $ dataflow=s sink(s) // $ hasTaintFlow="s"
} }
} }
{ {
s := source() s := source()
if switchStatementReturningFalseOnlyWhenConstant("", s) { if switchStatementReturningFalseOnlyWhenConstant("", s) {
sink(s) // $ dataflow=s sink(s) // $ hasTaintFlow="s"
} else { } else {
sink(s) sink(s)
} }
@ -157,7 +157,7 @@ func main() {
if err != nil { if err != nil {
sink(s) sink(s)
} else { } else {
sink(s) // $ dataflow=s sink(s) // $ hasTaintFlow="s"
} }
} }
@ -166,7 +166,7 @@ func main() {
if switchStatementReturningNilOnlyWhenConstant(s) == nil { if switchStatementReturningNilOnlyWhenConstant(s) == nil {
sink(s) sink(s)
} else { } else {
sink(s) // $ dataflow=s sink(s) // $ hasTaintFlow="s"
} }
} }
@ -175,25 +175,25 @@ func main() {
if multipleSwitchStatementReturningTrueOnlyWhenConstant(s, getRandomString()) { if multipleSwitchStatementReturningTrueOnlyWhenConstant(s, getRandomString()) {
sink(s) sink(s)
} else { } else {
sink(s) // $ dataflow=s sink(s) // $ hasTaintFlow="s"
} }
} }
{ {
s := source() s := source()
if switchStatementWithoutUsefulInfo(s) { if switchStatementWithoutUsefulInfo(s) {
sink(s) // $ dataflow=s sink(s) // $ hasTaintFlow="s"
} else { } else {
sink(s) // $ dataflow=s sink(s) // $ hasTaintFlow="s"
} }
} }
{ {
s := source() s := source()
if switchStatementOverRandomString(s) { if switchStatementOverRandomString(s) {
sink(s) // $ dataflow=s sink(s) // $ hasTaintFlow="s"
} else { } else {
sink(s) // $ dataflow=s sink(s) // $ hasTaintFlow="s"
} }
} }

31
go/ql/test/library-tests/semmle/go/dataflow/ListOfConstantsSanitizerGuards/test.ql
Просмотреть файл

@ -1,30 +1,3 @@
import go import go
import TestUtilities.InlineExpectationsTest import TestUtilities.InlineFlowTest
import TaintFlowTest<DefaultFlowConfig>
class TestConfig extends TaintTracking::Configuration {
TestConfig() { this = "test config" }
override predicate isSource(DataFlow::Node source) {
source.(DataFlow::CallNode).getTarget().getName() = "source"
}
override predicate isSink(DataFlow::Node sink) {
sink = any(DataFlow::CallNode c | c.getTarget().getName() = "sink").getAnArgument()
}
}
module DataFlowTest implements TestSig {
string getARelevantTag() { result = "dataflow" }
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "dataflow" and
exists(DataFlow::Node sink | any(TestConfig c).hasFlow(_, sink) |
element = sink.toString() and
value = sink.toString() and
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
)
}
}
import MakeTest<DataFlowTest>

41
go/ql/test/library-tests/semmle/go/frameworks/EvanphxJsonPatch/TaintFlows.ql
Просмотреть файл

@ -1,33 +1,20 @@
import go import go
import TestUtilities.InlineExpectationsTest import TestUtilities.InlineFlowTest
class Configuration extends TaintTracking::Configuration { module Config implements DataFlow::ConfigSig {
Configuration() { this = "test-configuration" } predicate isSource(DataFlow::Node source) {
exists(Function fn | fn.hasQualifiedName(_, ["getTaintedByteArray", "getTaintedPatch"]) |
override predicate isSource(DataFlow::Node source) { source = fn.getACall().getResult()
source =
any(DataFlow::CallNode c | c.getCalleeName() in ["getTaintedByteArray", "getTaintedPatch"])
.getResult(0)
}
override predicate isSink(DataFlow::Node sink) {
sink =
any(DataFlow::CallNode c | c.getCalleeName() in ["sinkByteArray", "sinkPatch"]).getArgument(0)
}
}
module TaintFlowTest implements TestSig {
string getARelevantTag() { result = "taintflow" }
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "taintflow" and
exists(DataFlow::Node sink | any(Configuration c).hasFlow(_, sink) |
element = sink.toString() and
value = "" and
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
) )
} }
predicate isSink(DataFlow::Node sink) {
exists(Function fn | fn.hasQualifiedName(_, ["sinkByteArray", "sinkPatch"]) |
sink = fn.getACall().getAnArgument()
)
}
int fieldFlowBranchLimit() { result = 1000 }
} }
import MakeTest<TaintFlowTest> import TaintFlowTest<Config>

34
go/ql/test/library-tests/semmle/go/frameworks/EvanphxJsonPatch/main.go
Просмотреть файл

@ -5,7 +5,7 @@ package main
import patch "github.com/evanphx/json-patch/v5" import patch "github.com/evanphx/json-patch/v5"
func getTaintedByteArray() []byte { func getTaintedByteArray() []byte {
return make([]byte, 1, 1) return make([]byte, 1)
} }
func getTaintedPatch() patch.Patch { func getTaintedPatch() patch.Patch {
@ -20,59 +20,59 @@ func sinkPatch(patch.Patch) {
} }
func main() { func main() {
untaintedByteArray := make([]byte, 1, 1) untaintedByteArray := make([]byte, 1)
var untaintedPatch patch.Patch var untaintedPatch patch.Patch
// func MergeMergePatches(patch1Data, patch2Data []byte) ([]byte, error) // func MergeMergePatches(patch1Data, patch2Data []byte) ([]byte, error)
b1, _ := patch.MergeMergePatches(getTaintedByteArray(), untaintedByteArray) b1, _ := patch.MergeMergePatches(getTaintedByteArray(), untaintedByteArray)
sinkByteArray(b1) // $ taintflow sinkByteArray(b1) // $ hasTaintFlow="b1"
b2, _ := patch.MergeMergePatches(untaintedByteArray, getTaintedByteArray()) b2, _ := patch.MergeMergePatches(untaintedByteArray, getTaintedByteArray())
sinkByteArray(b2) // $ taintflow sinkByteArray(b2) // $ hasTaintFlow="b2"
// func MergePatch(docData, patchData []byte) ([]byte, error) // func MergePatch(docData, patchData []byte) ([]byte, error)
b3, _ := patch.MergePatch(getTaintedByteArray(), untaintedByteArray) b3, _ := patch.MergePatch(getTaintedByteArray(), untaintedByteArray)
sinkByteArray(b3) // $ taintflow sinkByteArray(b3) // $ hasTaintFlow="b3"
b4, _ := patch.MergePatch(untaintedByteArray, getTaintedByteArray()) b4, _ := patch.MergePatch(untaintedByteArray, getTaintedByteArray())
sinkByteArray(b4) // $ taintflow sinkByteArray(b4) // $ hasTaintFlow="b4"
// func CreateMergePatch(originalJSON, modifiedJSON []byte) ([]byte, error) // func CreateMergePatch(originalJSON, modifiedJSON []byte) ([]byte, error)
b5, _ := patch.CreateMergePatch(getTaintedByteArray(), untaintedByteArray) b5, _ := patch.CreateMergePatch(getTaintedByteArray(), untaintedByteArray)
sinkByteArray(b5) // $ taintflow sinkByteArray(b5) // $ hasTaintFlow="b5"
b6, _ := patch.CreateMergePatch(untaintedByteArray, getTaintedByteArray()) b6, _ := patch.CreateMergePatch(untaintedByteArray, getTaintedByteArray())
sinkByteArray(b6) // $ taintflow sinkByteArray(b6) // $ hasTaintFlow="b6"
// func DecodePatch(buf []byte) (Patch, error) // func DecodePatch(buf []byte) (Patch, error)
p7, _ := patch.DecodePatch(getTaintedByteArray()) p7, _ := patch.DecodePatch(getTaintedByteArray())
sinkPatch(p7) // $ taintflow sinkPatch(p7) // $ hasTaintFlow="p7"
// func (p Patch) Apply(doc []byte) ([]byte, error) // func (p Patch) Apply(doc []byte) ([]byte, error)
b8, _ := untaintedPatch.Apply(getTaintedByteArray()) b8, _ := untaintedPatch.Apply(getTaintedByteArray())
sinkByteArray(b8) // $ taintflow sinkByteArray(b8) // $ hasTaintFlow="b8"
b9, _ := getTaintedPatch().Apply(untaintedByteArray) b9, _ := getTaintedPatch().Apply(untaintedByteArray)
sinkByteArray(b9) // $ taintflow sinkByteArray(b9) // $ hasTaintFlow="b9"
// func (p Patch) ApplyIndent(doc []byte, indent string) ([]byte, error) // func (p Patch) ApplyIndent(doc []byte, indent string) ([]byte, error)
b10, _ := untaintedPatch.ApplyIndent(getTaintedByteArray(), " ") b10, _ := untaintedPatch.ApplyIndent(getTaintedByteArray(), " ")
sinkByteArray(b10) // $ taintflow sinkByteArray(b10) // $ hasTaintFlow="b10"
b11, _ := getTaintedPatch().ApplyIndent(untaintedByteArray, " ") b11, _ := getTaintedPatch().ApplyIndent(untaintedByteArray, " ")
sinkByteArray(b11) // $ taintflow sinkByteArray(b11) // $ hasTaintFlow="b11"
// func (p Patch) ApplyWithOptions(doc []byte, options *ApplyOptions) ([]byte, error) // func (p Patch) ApplyWithOptions(doc []byte, options *ApplyOptions) ([]byte, error)
b12, _ := untaintedPatch.ApplyWithOptions(getTaintedByteArray(), nil) b12, _ := untaintedPatch.ApplyWithOptions(getTaintedByteArray(), nil)
sinkByteArray(b12) // $ taintflow sinkByteArray(b12) // $ hasTaintFlow="b12"
b13, _ := getTaintedPatch().ApplyWithOptions(untaintedByteArray, nil) b13, _ := getTaintedPatch().ApplyWithOptions(untaintedByteArray, nil)
sinkByteArray(b13) // $ taintflow sinkByteArray(b13) // $ hasTaintFlow="b13"
// func (p Patch) ApplyIndentWithOptions(doc []byte, indent string, options *ApplyOptions) ([]byte, error) // func (p Patch) ApplyIndentWithOptions(doc []byte, indent string, options *ApplyOptions) ([]byte, error)
b14, _ := untaintedPatch.ApplyIndentWithOptions(getTaintedByteArray(), " ", nil) b14, _ := untaintedPatch.ApplyIndentWithOptions(getTaintedByteArray(), " ", nil)
sinkByteArray(b14) // $ taintflow sinkByteArray(b14) // $ hasTaintFlow="b14"
b15, _ := getTaintedPatch().ApplyIndentWithOptions(untaintedByteArray, " ", nil) b15, _ := getTaintedPatch().ApplyIndentWithOptions(untaintedByteArray, " ", nil)
sinkByteArray(b15) // $ taintflow sinkByteArray(b15) // $ hasTaintFlow="b15"
} }

40
go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/TaintFlowsInline.ql
Просмотреть файл

@ -1,39 +1,3 @@
import go import go
import TestUtilities.InlineExpectationsTest import TestUtilities.InlineFlowTest
import DefaultFlowTest
class SourceFunction extends Function {
SourceFunction() { this.getName() = "source" }
}
class SinkFunction extends Function {
SinkFunction() { this.getName() = "sink" }
}
class TestConfig extends TaintTracking::Configuration {
TestConfig() { this = "testconfig" }
override predicate isSource(DataFlow::Node source) {
source = any(SourceFunction f).getACall().getResult(0)
}
override predicate isSink(DataFlow::Node sink) {
sink = any(SinkFunction f).getACall().getArgument(0)
}
}
module K8sIoApiCoreV1Test implements TestSig {
string getARelevantTag() { result = "KsIoApiCoreV" }
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(TestConfig config, DataFlow::PathNode sink |
config.hasFlowPath(_, sink) and
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = sink.toString() and
value = "" and
tag = "KsIoApiCoreV"
)
}
}
import MakeTest<K8sIoApiCoreV1Test>

34
go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/main.go
Просмотреть файл

@ -9,86 +9,88 @@ import (
//go:generate depstubber -vendor k8s.io/apimachinery/pkg/runtime ProtobufMarshaller,ProtobufReverseMarshaller //go:generate depstubber -vendor k8s.io/apimachinery/pkg/runtime ProtobufMarshaller,ProtobufReverseMarshaller
func source() interface{} { func source() interface{} {
return make([]byte, 1, 1) return make([]byte, 1)
} }
func sink(...interface{}) { func sink(interface{}) {
} }
func main() { func main() {
{ {
// func (in *Secret) DeepCopy() *Secret // func (in *Secret) DeepCopy() *Secret
sink(source().(*corev1.Secret).DeepCopy()) // $ KsIoApiCoreV sink(source().(*corev1.Secret).DeepCopy()) // $ hasTaintFlow="call to DeepCopy"
} }
{ {
// func (in *Secret) DeepCopyInto(out *Secret) // func (in *Secret) DeepCopyInto(out *Secret)
var out *corev1.Secret var out *corev1.Secret
source().(*corev1.Secret).DeepCopyInto(out) source().(*corev1.Secret).DeepCopyInto(out)
sink(out) // $ KsIoApiCoreV sink(out) // $ hasTaintFlow="out"
} }
{ {
// func (in *Secret) DeepCopyObject() runtime.Object // func (in *Secret) DeepCopyObject() runtime.Object
sink(source().(*corev1.Secret).DeepCopyObject()) // $ KsIoApiCoreV sink(source().(*corev1.Secret).DeepCopyObject()) // $ hasTaintFlow="call to DeepCopyObject"
} }
{ {
// func (m *Secret) Marshal() (dAtA []byte, err error) // func (m *Secret) Marshal() (dAtA []byte, err error)
sink(source().(*corev1.Secret).Marshal()) // $ KsIoApiCoreV out, _ := source().(*corev1.Secret).Marshal()
sink(out) // $ hasTaintFlow="out"
} }
{ {
// func (m *Secret) MarshalTo(dAtA []byte) (int, error) // func (m *Secret) MarshalTo(dAtA []byte) (int, error)
var dAtA []byte var dAtA []byte
source().(*corev1.Secret).MarshalTo(dAtA) source().(*corev1.Secret).MarshalTo(dAtA)
sink(dAtA) // $ KsIoApiCoreV sink(dAtA) // $ hasTaintFlow="dAtA"
} }
{ {
// func (m *Secret) MarshalToSizedBuffer(dAtA []byte) (int, error) // func (m *Secret) MarshalToSizedBuffer(dAtA []byte) (int, error)
var dAtA []byte var dAtA []byte
source().(*corev1.Secret).MarshalToSizedBuffer(dAtA) source().(*corev1.Secret).MarshalToSizedBuffer(dAtA)
sink(dAtA) // $ KsIoApiCoreV sink(dAtA) // $ hasTaintFlow="dAtA"
} }
{ {
// func (m *Secret) Unmarshal(dAtA []byte) error // func (m *Secret) Unmarshal(dAtA []byte) error
var dAtA []byte var dAtA []byte
source().(*corev1.Secret).Unmarshal(dAtA) source().(*corev1.Secret).Unmarshal(dAtA)
sink(dAtA) // $ KsIoApiCoreV sink(dAtA) // $ hasTaintFlow="dAtA"
} }
{ {
// func (in *SecretList) DeepCopy() *SecretList // func (in *SecretList) DeepCopy() *SecretList
sink(source().(*corev1.SecretList).DeepCopy()) // $ KsIoApiCoreV sink(source().(*corev1.SecretList).DeepCopy()) // $ hasTaintFlow="call to DeepCopy"
} }
{ {
// func (in *SecretList) DeepCopyInto(out *SecretList) // func (in *SecretList) DeepCopyInto(out *SecretList)
var out *corev1.SecretList var out *corev1.SecretList
source().(*corev1.SecretList).DeepCopyInto(out) source().(*corev1.SecretList).DeepCopyInto(out)
sink(out) // $ KsIoApiCoreV sink(out) // $ hasTaintFlow="out"
} }
{ {
// func (in *SecretList) DeepCopyObject() runtime.Object // func (in *SecretList) DeepCopyObject() runtime.Object
sink(source().(*corev1.SecretList).DeepCopyObject()) // $ KsIoApiCoreV sink(source().(*corev1.SecretList).DeepCopyObject()) // $ hasTaintFlow="call to DeepCopyObject"
} }
{ {
// func (m *SecretList) Marshal() (dAtA []byte, err error) // func (m *SecretList) Marshal() (dAtA []byte, err error)
sink(source().(*corev1.SecretList).Marshal()) // $ KsIoApiCoreV out, _ := source().(*corev1.SecretList).Marshal()
sink(out) // $ hasTaintFlow="out"
} }
{ {
// func (m *SecretList) MarshalTo(dAtA []byte) (int, error) // func (m *SecretList) MarshalTo(dAtA []byte) (int, error)
var dAtA []byte var dAtA []byte
source().(*corev1.SecretList).MarshalTo(dAtA) source().(*corev1.SecretList).MarshalTo(dAtA)
sink(dAtA) // $ KsIoApiCoreV sink(dAtA) // $ hasTaintFlow="dAtA"
} }
{ {
// func (m *SecretList) MarshalToSizedBuffer(dAtA []byte) (int, error) // func (m *SecretList) MarshalToSizedBuffer(dAtA []byte) (int, error)
var dAtA []byte var dAtA []byte
source().(*corev1.SecretList).MarshalToSizedBuffer(dAtA) source().(*corev1.SecretList).MarshalToSizedBuffer(dAtA)
sink(dAtA) // $ KsIoApiCoreV sink(dAtA) // $ hasTaintFlow="dAtA"
} }
{ {
// func (m *SecretList) Unmarshal(dAtA []byte) error // func (m *SecretList) Unmarshal(dAtA []byte) error
var dAtA []byte var dAtA []byte
source().(*corev1.SecretList).Unmarshal(dAtA) source().(*corev1.SecretList).Unmarshal(dAtA)
sink(dAtA) // $ KsIoApiCoreV sink(dAtA) // $ hasTaintFlow="dAtA"
} }
} }

40
go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/TaintFlowsInline.ql
Просмотреть файл

@ -1,39 +1,3 @@
import go import go
import TestUtilities.InlineExpectationsTest import TestUtilities.InlineFlowTest
import DefaultFlowTest
class SourceFunction extends Function {
SourceFunction() { this.getName() = "source" }
}
class SinkFunction extends Function {
SinkFunction() { this.getName() = "sink" }
}
class TestConfig extends TaintTracking::Configuration {
TestConfig() { this = "testconfig" }
override predicate isSource(DataFlow::Node source) {
source = any(SourceFunction f).getACall().getAResult()
}
override predicate isSink(DataFlow::Node sink) {
sink = any(SinkFunction f).getACall().getAnArgument()
}
}
module K8sIoApimachineryPkgRuntimeTest implements TestSig {
string getARelevantTag() { result = "KsIoApimachineryPkgRuntime" }
predicate hasActualResult(Location location, string element, string tag, string value) {
exists(TestConfig config, DataFlow::PathNode sink |
config.hasFlowPath(_, sink) and
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
element = sink.toString() and
value = "" and
tag = "KsIoApimachineryPkgRuntime"
)
}
}
import MakeTest<K8sIoApimachineryPkgRuntimeTest>

106
go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/main.go
Просмотреть файл

@ -31,93 +31,93 @@ func main() {
// func Convert_Slice_string_To_Pointer_int64(in *[]string, out **int64, s conversion.Scope) error // func Convert_Slice_string_To_Pointer_int64(in *[]string, out **int64, s conversion.Scope) error
var out **int64 var out **int64
runtime.Convert_Slice_string_To_Pointer_int64(source().(*[]string), out, s) runtime.Convert_Slice_string_To_Pointer_int64(source().(*[]string), out, s)
sink(out) // $ KsIoApimachineryPkgRuntime sink(out) // $ hasTaintFlow="out"
} }
{ {
// func Convert_Slice_string_To_int(in *[]string, out *int, s conversion.Scope) error // func Convert_Slice_string_To_int(in *[]string, out *int, s conversion.Scope) error
var out *int var out *int
runtime.Convert_Slice_string_To_int(source().(*[]string), out, s) runtime.Convert_Slice_string_To_int(source().(*[]string), out, s)
sink(out) // $ KsIoApimachineryPkgRuntime sink(out) // $ hasTaintFlow="out"
} }
{ {
// func Convert_Slice_string_To_int64(in *[]string, out *int64, s conversion.Scope) error // func Convert_Slice_string_To_int64(in *[]string, out *int64, s conversion.Scope) error
var out *int64 var out *int64
runtime.Convert_Slice_string_To_int64(source().(*[]string), out, s) runtime.Convert_Slice_string_To_int64(source().(*[]string), out, s)
sink(out) // $ KsIoApimachineryPkgRuntime sink(out) // $ hasTaintFlow="out"
} }
{ {
// func Convert_Slice_string_To_string(in *[]string, out *string, s conversion.Scope) error // func Convert_Slice_string_To_string(in *[]string, out *string, s conversion.Scope) error
var out *string var out *string
runtime.Convert_Slice_string_To_string(source().(*[]string), out, s) runtime.Convert_Slice_string_To_string(source().(*[]string), out, s)
sink(out) // $ KsIoApimachineryPkgRuntime sink(out) // $ hasTaintFlow="out"
} }
{ {
// func Convert_runtime_Object_To_runtime_RawExtension(in *Object, out *RawExtension, s conversion.Scope) error // func Convert_runtime_Object_To_runtime_RawExtension(in *Object, out *RawExtension, s conversion.Scope) error
var out *runtime.RawExtension var out *runtime.RawExtension
runtime.Convert_runtime_Object_To_runtime_RawExtension(source().(*runtime.Object), out, s) runtime.Convert_runtime_Object_To_runtime_RawExtension(source().(*runtime.Object), out, s)
sink(out) // $ KsIoApimachineryPkgRuntime sink(out) // $ hasTaintFlow="out"
} }
{ {
// func Convert_runtime_RawExtension_To_runtime_Object(in *RawExtension, out *Object, s conversion.Scope) error // func Convert_runtime_RawExtension_To_runtime_Object(in *RawExtension, out *Object, s conversion.Scope) error
var out *runtime.Object var out *runtime.Object
runtime.Convert_runtime_RawExtension_To_runtime_Object(source().(*runtime.RawExtension), out, s) runtime.Convert_runtime_RawExtension_To_runtime_Object(source().(*runtime.RawExtension), out, s)
sink(out) // $ KsIoApimachineryPkgRuntime sink(out) // $ hasTaintFlow="out"
} }
{ {
// func Convert_string_To_Pointer_int64(in *string, out **int64, s conversion.Scope) error // func Convert_string_To_Pointer_int64(in *string, out **int64, s conversion.Scope) error
var out **int64 var out **int64
runtime.Convert_string_To_Pointer_int64(source().(*string), out, s) runtime.Convert_string_To_Pointer_int64(source().(*string), out, s)
sink(out) // $ KsIoApimachineryPkgRuntime sink(out) // $ hasTaintFlow="out"
} }
{ {
// func Convert_string_To_int64(in *string, out *int64, s conversion.Scope) error // func Convert_string_To_int64(in *string, out *int64, s conversion.Scope) error
var out *int64 var out *int64
runtime.Convert_string_To_int64(source().(*string), out, s) runtime.Convert_string_To_int64(source().(*string), out, s)
sink(out) // $ KsIoApimachineryPkgRuntime sink(out) // $ hasTaintFlow="out"
} }
{ {
// func DecodeInto(d Decoder, data []byte, into Object) error // func DecodeInto(d Decoder, data []byte, into Object) error
var o runtime.Object var o runtime.Object
runtime.DecodeInto(decoder, source().([]byte), o) runtime.DecodeInto(decoder, source().([]byte), o)
sink(o) // $ KsIoApimachineryPkgRuntime sink(o) // $ hasTaintFlow="o"
} }
{ {
// func DeepCopyJSON(x map[string]interface{}) map[string]interface{} // func DeepCopyJSON(x map[string]interface{}) map[string]interface{}
sink(runtime.DeepCopyJSON(source().(map[string]interface{}))) // $ KsIoApimachineryPkgRuntime sink(runtime.DeepCopyJSON(source().(map[string]interface{}))) // $ hasTaintFlow="call to DeepCopyJSON"
} }
{ {
// func DeepCopyJSONValue(x interface{}) interface{} // func DeepCopyJSONValue(x interface{}) interface{}
sink(runtime.DeepCopyJSONValue(source().(map[string]interface{}))) // $ KsIoApimachineryPkgRuntime sink(runtime.DeepCopyJSONValue(source().(map[string]interface{}))) // $ hasTaintFlow="call to DeepCopyJSONValue"
} }
{ {
// func Encode(e Encoder, obj Object) ([]byte, error) // func Encode(e Encoder, obj Object) ([]byte, error)
x, _ := runtime.Encode(encoder, source().(runtime.Object)) x, _ := runtime.Encode(encoder, source().(runtime.Object))
sink(x) // $ KsIoApimachineryPkgRuntime sink(x) // $ hasTaintFlow="x"
} }
{ {
// func EncodeOrDie(e Encoder, obj Object) string // func EncodeOrDie(e Encoder, obj Object) string
sink(runtime.EncodeOrDie(encoder, source().(runtime.Object))) // $ KsIoApimachineryPkgRuntime sink(runtime.EncodeOrDie(encoder, source().(runtime.Object))) // $ hasTaintFlow="call to EncodeOrDie"
} }
{ {
// func Field(v reflect.Value, fieldName string, dest interface{}) error // func Field(v reflect.Value, fieldName string, dest interface{}) error
var fieldName string var fieldName string
var dest interface{} var dest interface{}
runtime.Field(source().(reflect.Value), fieldName, dest) runtime.Field(source().(reflect.Value), fieldName, dest)
sink(dest) // $ KsIoApimachineryPkgRuntime sink(dest) // $ hasTaintFlow="dest"
} }
{ {
// func FieldPtr(v reflect.Value, fieldName string, dest interface{}) error // func FieldPtr(v reflect.Value, fieldName string, dest interface{}) error
var fieldName string var fieldName string
var dest interface{} var dest interface{}
runtime.FieldPtr(source().(reflect.Value), fieldName, dest) runtime.FieldPtr(source().(reflect.Value), fieldName, dest)
sink(dest) // $ KsIoApimachineryPkgRuntime sink(dest) // $ hasTaintFlow="dest"
} }
{ {
// func SetField(src interface{}, v reflect.Value, fieldName string) error // func SetField(src interface{}, v reflect.Value, fieldName string) error
var v reflect.Value var v reflect.Value
var fieldName string var fieldName string
runtime.SetField(source(), v, fieldName) runtime.SetField(source(), v, fieldName)
sink(v) // $ KsIoApimachineryPkgRuntime sink(v) // $ hasTaintFlow="v"
} }
{ {
// CacheEncode(id Identifier, encode func(Object, io.Writer) error, w io.Writer) error // CacheEncode(id Identifier, encode func(Object, io.Writer) error, w io.Writer) error
@ -125,19 +125,19 @@ func main() {
var encode func(runtime.Object, io.Writer) error var encode func(runtime.Object, io.Writer) error
var w io.Writer var w io.Writer
source().(myCacheableObject).CacheEncode(id, encode, w) source().(myCacheableObject).CacheEncode(id, encode, w)
sink(w) // $ KsIoApimachineryPkgRuntime sink(w) // $ hasTaintFlow="w"
} }
{ {
// GetObject() Object // GetObject() Object
sink(source().(myCacheableObject).GetObject()) // $ KsIoApimachineryPkgRuntime sink(source().(myCacheableObject).GetObject()) // $ hasTaintFlow="call to GetObject"
} }
{ {
// Decode(data []byte, defaults *schema.GroupVersionKind, into Object) (Object, *schema.GroupVersionKind, error) // Decode(data []byte, defaults *schema.GroupVersionKind, into Object) (Object, *schema.GroupVersionKind, error)
var defaults *schema.GroupVersionKind var defaults *schema.GroupVersionKind
var into runtime.Object var into runtime.Object
x, _, _ := decoder.Decode(source().([]byte), defaults, into) x, _, _ := decoder.Decode(source().([]byte), defaults, into)
sink(x) // $ KsIoApimachineryPkgRuntime sink(x) // $ hasTaintFlow="x"
sink(into) // $ KsIoApimachineryPkgRuntime sink(into) // $ hasTaintFlow="into"
} }
{ {
// Decode(data []byte, defaults *schema.GroupVersionKind, into Object) (Object, *schema.GroupVersionKind, error) // Decode(data []byte, defaults *schema.GroupVersionKind, into Object) (Object, *schema.GroupVersionKind, error)
@ -145,47 +145,47 @@ func main() {
var into runtime.Object var into runtime.Object
var withoutVersionDecoder runtime.WithoutVersionDecoder var withoutVersionDecoder runtime.WithoutVersionDecoder
x, _, _ := withoutVersionDecoder.Decode(source().([]byte), defaults, into) x, _, _ := withoutVersionDecoder.Decode(source().([]byte), defaults, into)
sink(x) // $ KsIoApimachineryPkgRuntime sink(x) // $ hasTaintFlow="x"
sink(into) // $ KsIoApimachineryPkgRuntime sink(into) // $ hasTaintFlow="into"
} }
{ {
// Encode(obj Object, w io.Writer) error // Encode(obj Object, w io.Writer) error
var w io.Writer var w io.Writer
encoder.Encode(source().(runtime.Object), w) encoder.Encode(source().(runtime.Object), w)
sink(w) // $ KsIoApimachineryPkgRuntime sink(w) // $ hasTaintFlow="w"
} }
{ {
// Encode(obj Object, w io.Writer) error // Encode(obj Object, w io.Writer) error
var w io.Writer var w io.Writer
var withVersionEncoder runtime.WithVersionEncoder var withVersionEncoder runtime.WithVersionEncoder
withVersionEncoder.Encode(source().(runtime.Object), w) withVersionEncoder.Encode(source().(runtime.Object), w)
sink(w) // $ KsIoApimachineryPkgRuntime sink(w) // $ hasTaintFlow="w"
} }
{ {
var framer myFramer var framer myFramer
// NewFrameReader(r io.ReadCloser) io.ReadCloser // NewFrameReader(r io.ReadCloser) io.ReadCloser
sink(framer.NewFrameReader(source().(io.ReadCloser))) // $ KsIoApimachineryPkgRuntime sink(framer.NewFrameReader(source().(io.ReadCloser))) // $ hasTaintFlow="call to NewFrameReader"
// NewFrameWriter(w io.Writer) io.Writer // NewFrameWriter(w io.Writer) io.Writer
sink(framer.NewFrameWriter(source().(io.Writer))) // $ KsIoApimachineryPkgRuntime sink(framer.NewFrameWriter(source().(io.Writer))) // $ hasTaintFlow="call to NewFrameWriter"
} }
{ {
// DeepCopyObject() Object // DeepCopyObject() Object
sink(source().(runtime.Object).DeepCopyObject()) // $ KsIoApimachineryPkgRuntime sink(source().(runtime.Object).DeepCopyObject()) // $ hasTaintFlow="call to DeepCopyObject"
} }
{ {
// func Decode(d Decoder, data []byte) (Object, error) // func Decode(d Decoder, data []byte) (Object, error)
o, _ := runtime.Decode(decoder, source().([]byte)) o, _ := runtime.Decode(decoder, source().([]byte))
sink(o) // $ KsIoApimachineryPkgRuntime sink(o) // $ hasTaintFlow="o"
} }
{ {
// func NewEncodable(e Encoder, obj Object, versions ...schema.GroupVersion) Object // func NewEncodable(e Encoder, obj Object, versions ...schema.GroupVersion) Object
sink(runtime.NewEncodable(encoder, source().(runtime.Object))) // $ KsIoApimachineryPkgRuntime sink(runtime.NewEncodable(encoder, source().(runtime.Object))) // $ hasTaintFlow="call to NewEncodable"
} }
{ {
// func NewEncodableList(e Encoder, objects []Object, versions ...schema.GroupVersion) []Object // func NewEncodableList(e Encoder, objects []Object, versions ...schema.GroupVersion) []Object
sink(runtime.NewEncodableList(encoder, source().([]runtime.Object))) // $ KsIoApimachineryPkgRuntime sink(runtime.NewEncodableList(encoder, source().([]runtime.Object))) // $ hasTaintFlow="call to NewEncodableList"
} }
{ {
// func UseOrCreateObject(t ObjectTyper, c ObjectCreater, gvk schema.GroupVersionKind, obj Object) (Object, error) // func UseOrCreateObject(t ObjectTyper, c ObjectCreater, gvk schema.GroupVersionKind, obj Object) (Object, error)
@ -193,7 +193,7 @@ func main() {
var c runtime.ObjectCreater var c runtime.ObjectCreater
var gvk schema.GroupVersionKind var gvk schema.GroupVersionKind
o, _ := runtime.UseOrCreateObject(t, c, gvk, source().(runtime.Object)) o, _ := runtime.UseOrCreateObject(t, c, gvk, source().(runtime.Object))
sink(o) // $ KsIoApimachineryPkgRuntime sink(o) // $ hasTaintFlow="o"
} }
{ {
var objectConverter myObjectConverter var objectConverter myObjectConverter
@ -201,12 +201,12 @@ func main() {
// Convert(in, out, context interface{}) error // Convert(in, out, context interface{}) error
var out, context interface{} var out, context interface{}
objectConverter.Convert(source(), out, context) objectConverter.Convert(source(), out, context)
sink(out) // $ KsIoApimachineryPkgRuntime sink(out) // $ hasTaintFlow="out"
// ConvertToVersion(in Object, gv GroupVersioner) (out Object, err error) // ConvertToVersion(in Object, gv GroupVersioner) (out Object, err error)
var gv runtime.GroupVersioner var gv runtime.GroupVersioner
o, _ := objectConverter.ConvertToVersion(source().(runtime.Object), gv) o, _ := objectConverter.ConvertToVersion(source().(runtime.Object), gv)
sink(o) // $ KsIoApimachineryPkgRuntime sink(o) // $ hasTaintFlow="o"
} }
{ {
var parameterCodec myParameterCodec var parameterCodec myParameterCodec
@ -215,110 +215,110 @@ func main() {
var gv schema.GroupVersion var gv schema.GroupVersion
var into runtime.Object var into runtime.Object
parameterCodec.DecodeParameters(source().(url.Values), gv, into) parameterCodec.DecodeParameters(source().(url.Values), gv, into)
sink(into) // $ KsIoApimachineryPkgRuntime sink(into) // $ hasTaintFlow="into"
// EncodeParameters(obj Object, to schema.GroupVersion) (url.Values, error) // EncodeParameters(obj Object, to schema.GroupVersion) (url.Values, error)
urlValues, _ := parameterCodec.EncodeParameters(source().(runtime.Object), gv) urlValues, _ := parameterCodec.EncodeParameters(source().(runtime.Object), gv)
sink(urlValues) // $ KsIoApimachineryPkgRuntime sink(urlValues) // $ hasTaintFlow="urlValues"
} }
{ {
// MarshalTo(data []byte) (int, error) // MarshalTo(data []byte) (int, error)
var data []byte var data []byte
source().(myProtobufMarshaller).MarshalTo(data) source().(myProtobufMarshaller).MarshalTo(data)
sink(data) // $ KsIoApimachineryPkgRuntime sink(data) // $ hasTaintFlow="data"
} }
{ {
// MarshalToSizedBuffer(data []byte) (int, error) // MarshalToSizedBuffer(data []byte) (int, error)
var data []byte var data []byte
source().(myProtobufReverseMarshaller).MarshalToSizedBuffer(data) source().(myProtobufReverseMarshaller).MarshalToSizedBuffer(data)
sink(data) // $ KsIoApimachineryPkgRuntime sink(data) // $ hasTaintFlow="data"
} }
{ {
// func (in *RawExtension) DeepCopy() *RawExtension // func (in *RawExtension) DeepCopy() *RawExtension
sink(source().(*runtime.RawExtension).DeepCopy()) // $ KsIoApimachineryPkgRuntime sink(source().(*runtime.RawExtension).DeepCopy()) // $ hasTaintFlow="call to DeepCopy"
} }
{ {
// func (in *RawExtension) DeepCopyInto(out *RawExtension) // func (in *RawExtension) DeepCopyInto(out *RawExtension)
var out *runtime.RawExtension var out *runtime.RawExtension
source().(*runtime.RawExtension).DeepCopyInto(out) source().(*runtime.RawExtension).DeepCopyInto(out)
sink(out) // $ KsIoApimachineryPkgRuntime sink(out) // $ hasTaintFlow="out"
} }
{ {
// func (m *RawExtension) Marshal() (dAtA []byte, err error) // func (m *RawExtension) Marshal() (dAtA []byte, err error)
dAtA, _ := source().(*runtime.RawExtension).Marshal() dAtA, _ := source().(*runtime.RawExtension).Marshal()
sink(dAtA) // $ KsIoApimachineryPkgRuntime sink(dAtA) // $ hasTaintFlow="dAtA"
} }
{ {
// func (m *RawExtension) MarshalTo(dAtA []byte) (int, error) // func (m *RawExtension) MarshalTo(dAtA []byte) (int, error)
var dAtA []byte var dAtA []byte
source().(*runtime.RawExtension).MarshalTo(dAtA) source().(*runtime.RawExtension).MarshalTo(dAtA)
sink(dAtA) // $ KsIoApimachineryPkgRuntime sink(dAtA) // $ hasTaintFlow="dAtA"
} }
{ {
// func (m *RawExtension) MarshalToSizedBuffer(dAtA []byte) (int, error) // func (m *RawExtension) MarshalToSizedBuffer(dAtA []byte) (int, error)
var dAtA []byte var dAtA []byte
source().(*runtime.RawExtension).MarshalToSizedBuffer(dAtA) source().(*runtime.RawExtension).MarshalToSizedBuffer(dAtA)
sink(dAtA) // $ KsIoApimachineryPkgRuntime sink(dAtA) // $ hasTaintFlow="dAtA"
} }
{ {
// func (m *RawExtension) Unmarshal(dAtA []byte) error // func (m *RawExtension) Unmarshal(dAtA []byte) error
var dAtA []byte var dAtA []byte
source().(*runtime.RawExtension).Unmarshal(dAtA) source().(*runtime.RawExtension).Unmarshal(dAtA)
sink(dAtA) // $ KsIoApimachineryPkgRuntime sink(dAtA) // $ hasTaintFlow="dAtA"
} }
{ {
// func (in *Unknown) DeepCopy() *Unknown // func (in *Unknown) DeepCopy() *Unknown
sink(source().(*runtime.Unknown).DeepCopy()) // $ KsIoApimachineryPkgRuntime sink(source().(*runtime.Unknown).DeepCopy()) // $ hasTaintFlow="call to DeepCopy"
} }
{ {
// func (in *Unknown) DeepCopyObject() Object // func (in *Unknown) DeepCopyObject() Object
sink(source().(*runtime.Unknown).DeepCopyObject()) // $ KsIoApimachineryPkgRuntime sink(source().(*runtime.Unknown).DeepCopyObject()) // $ hasTaintFlow="call to DeepCopyObject"
} }
{ {
// func (in *Unknown) DeepCopyInto(out *Unknown) // func (in *Unknown) DeepCopyInto(out *Unknown)
var out *runtime.Unknown var out *runtime.Unknown
source().(*runtime.Unknown).DeepCopyInto(out) source().(*runtime.Unknown).DeepCopyInto(out)
sink(out) // $ KsIoApimachineryPkgRuntime sink(out) // $ hasTaintFlow="out"
} }
{ {
// func (m *Unknown) Marshal() (dAtA []byte, err error) // func (m *Unknown) Marshal() (dAtA []byte, err error)
dAtA, _ := source().(*runtime.Unknown).Marshal() dAtA, _ := source().(*runtime.Unknown).Marshal()
sink(dAtA) // $ KsIoApimachineryPkgRuntime sink(dAtA) // $ hasTaintFlow="dAtA"
} }
{ {
// func (m *Unknown) MarshalTo(dAtA []byte) (int, error) // func (m *Unknown) MarshalTo(dAtA []byte) (int, error)
var dAtA []byte var dAtA []byte
source().(*runtime.Unknown).MarshalTo(dAtA) source().(*runtime.Unknown).MarshalTo(dAtA)
sink(dAtA) // $ KsIoApimachineryPkgRuntime sink(dAtA) // $ hasTaintFlow="dAtA"
} }
{ {
// func (m *Unknown) MarshalToSizedBuffer(dAtA []byte) (int, error) // func (m *Unknown) MarshalToSizedBuffer(dAtA []byte) (int, error)
var dAtA []byte var dAtA []byte
source().(*runtime.Unknown).MarshalToSizedBuffer(dAtA) source().(*runtime.Unknown).MarshalToSizedBuffer(dAtA)
sink(dAtA) // $ KsIoApimachineryPkgRuntime sink(dAtA) // $ hasTaintFlow="dAtA"
} }
{ {
// func (m *Unknown) NestedMarshalTo(data []byte, b ProtobufMarshaller, size uint64) (int, error) // func (m *Unknown) NestedMarshalTo(data []byte, b ProtobufMarshaller, size uint64) (int, error)
var dAtA []byte var dAtA []byte
var b myProtobufMarshaller var b myProtobufMarshaller
source().(*runtime.Unknown).NestedMarshalTo(dAtA, b, 1) source().(*runtime.Unknown).NestedMarshalTo(dAtA, b, 1)
sink(dAtA) // $ KsIoApimachineryPkgRuntime sink(dAtA) // $ hasTaintFlow="dAtA"
} }
{ {
// func (m *Unknown) Unmarshal(dAtA []byte) error // func (m *Unknown) Unmarshal(dAtA []byte) error
var dAtA []byte var dAtA []byte
source().(*runtime.Unknown).Unmarshal(dAtA) source().(*runtime.Unknown).Unmarshal(dAtA)
sink(dAtA) // $ KsIoApimachineryPkgRuntime sink(dAtA) // $ hasTaintFlow="dAtA"
} }
{ {
// UnstructuredContent() map[string]interface{} // UnstructuredContent() map[string]interface{}
sink(source().(myUnstructured).UnstructuredContent()) // $ KsIoApimachineryPkgRuntime sink(source().(myUnstructured).UnstructuredContent()) // $ hasTaintFlow="call to UnstructuredContent"
} }
{ {
// SetUnstructuredContent(map[string]interface{}) // SetUnstructuredContent(map[string]interface{})
var unstructured myUnstructured var unstructured myUnstructured
unstructured.SetUnstructuredContent(source().(map[string]interface{})) unstructured.SetUnstructuredContent(source().(map[string]interface{}))
sink(unstructured) // $ KsIoApimachineryPkgRuntime sink(unstructured) // $ hasTaintFlow="unstructured"
} }
} }

35
go/ql/test/library-tests/semmle/go/frameworks/Protobuf/TaintFlows.expected
Просмотреть файл

@ -1,33 +1,2 @@
| testDeprecatedApi.go:22:22:22:41 | call to getUntrustedString | testDeprecatedApi.go:26:12:26:21 | serialized | failures
| testDeprecatedApi.go:31:22:31:41 | call to getUntrustedString | testDeprecatedApi.go:37:12:37:21 | serialized | testFailures
| testDeprecatedApi.go:41:25:41:43 | call to getUntrustedBytes | testDeprecatedApi.go:45:13:45:29 | selection of Description |
| testDeprecatedApi.go:49:25:49:43 | call to getUntrustedBytes | testDeprecatedApi.go:53:13:53:34 | call to GetDescription |
| testDeprecatedApi.go:58:23:58:42 | call to getUntrustedString | testDeprecatedApi.go:65:12:65:21 | serialized |
| testDeprecatedApi.go:70:14:70:33 | call to getUntrustedString | testDeprecatedApi.go:77:12:77:21 | serialized |
| testDeprecatedApi.go:85:24:85:43 | call to getUntrustedString | testDeprecatedApi.go:89:12:89:21 | serialized |
| testDeprecatedApi.go:93:25:93:43 | call to getUntrustedBytes | testDeprecatedApi.go:97:13:97:31 | selection of Msg |
| testDeprecatedApi.go:104:22:104:41 | call to getUntrustedString | testDeprecatedApi.go:105:13:105:20 | selection of Id |
| testDeprecatedApi.go:112:22:112:41 | call to getUntrustedString | testDeprecatedApi.go:117:12:117:21 | serialized |
| testDeprecatedApi.go:133:29:133:48 | call to getUntrustedString | testDeprecatedApi.go:137:12:137:21 | serialized |
| testDeprecatedApi.go:143:20:143:39 | call to getUntrustedString | testDeprecatedApi.go:148:12:148:21 | serialized |
| testDeprecatedApi.go:152:25:152:43 | call to getUntrustedBytes | testDeprecatedApi.go:157:13:157:36 | index expression |
| testDeprecatedApi.go:161:25:161:43 | call to getUntrustedBytes | testDeprecatedApi.go:168:13:168:25 | index expression |
| testDeprecatedApi.go:176:24:176:43 | call to getUntrustedString | testDeprecatedApi.go:180:12:180:21 | serialized |
| testModernApi.go:11:22:11:41 | call to getUntrustedString | testModernApi.go:15:12:15:21 | serialized |
| testModernApi.go:20:22:20:41 | call to getUntrustedString | testModernApi.go:26:12:26:21 | serialized |
| testModernApi.go:30:25:30:43 | call to getUntrustedBytes | testModernApi.go:34:13:34:29 | selection of Description |
| testModernApi.go:38:25:38:43 | call to getUntrustedBytes | testModernApi.go:42:13:42:34 | call to GetDescription |
| testModernApi.go:47:23:47:42 | call to getUntrustedString | testModernApi.go:54:12:54:21 | serialized |
| testModernApi.go:59:22:59:41 | call to getUntrustedString | testModernApi.go:64:12:64:21 | serialized |
| testModernApi.go:71:22:71:41 | call to getUntrustedString | testModernApi.go:77:12:77:21 | serialized |
| testModernApi.go:98:14:98:33 | call to getUntrustedString | testModernApi.go:105:12:105:21 | serialized |
| testModernApi.go:113:24:113:43 | call to getUntrustedString | testModernApi.go:117:12:117:21 | serialized |
| testModernApi.go:121:25:121:43 | call to getUntrustedBytes | testModernApi.go:125:13:125:31 | selection of Msg |
| testModernApi.go:131:25:131:43 | call to getUntrustedBytes | testModernApi.go:135:13:135:29 | selection of Description |
| testModernApi.go:142:22:142:41 | call to getUntrustedString | testModernApi.go:143:13:143:20 | selection of Id |
| testModernApi.go:150:22:150:41 | call to getUntrustedString | testModernApi.go:155:12:155:21 | serialized |
| testModernApi.go:190:29:190:48 | call to getUntrustedString | testModernApi.go:194:12:194:21 | serialized |
| testModernApi.go:200:20:200:39 | call to getUntrustedString | testModernApi.go:205:12:205:21 | serialized |
| testModernApi.go:209:25:209:43 | call to getUntrustedBytes | testModernApi.go:214:13:214:36 | index expression |
| testModernApi.go:218:25:218:43 | call to getUntrustedBytes | testModernApi.go:225:13:225:25 | index expression |
| testModernApi.go:233:24:233:43 | call to getUntrustedString | testModernApi.go:237:12:237:21 | serialized |

33
go/ql/test/library-tests/semmle/go/frameworks/Protobuf/TaintFlows.ql
Просмотреть файл

@ -1,27 +1,18 @@
import go import go
import TestUtilities.InlineFlowTest
class UntrustedFunction extends Function { module Config implements DataFlow::ConfigSig {
UntrustedFunction() { this.getName() = ["getUntrustedString", "getUntrustedBytes"] } predicate isSource(DataFlow::Node source) {
} exists(Function fn | fn.hasQualifiedName(_, ["getUntrustedString", "getUntrustedBytes"]) |
source = fn.getACall().getResult()
)
}
class UntrustedSource extends DataFlow::Node, UntrustedFlowSource::Range { predicate isSink(DataFlow::Node sink) {
UntrustedSource() { this = any(UntrustedFunction f).getACall() } exists(Function fn | fn.hasQualifiedName(_, ["sinkString", "sinkBytes"]) |
} sink = fn.getACall().getAnArgument()
)
class SinkFunction extends Function {
SinkFunction() { this.getName() = ["sinkString", "sinkBytes"] }
}
class TestConfig extends TaintTracking::Configuration {
TestConfig() { this = "testconfig" }
override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
override predicate isSink(DataFlow::Node sink) {
sink = any(SinkFunction f).getACall().getAnArgument()
} }
} }
from TaintTracking::Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink import TaintFlowTest<Config>
where config.hasFlowPath(source, sink)
select source, sink

33
go/ql/test/library-tests/semmle/go/frameworks/Protobuf/testDeprecatedApi.go
Просмотреть файл

@ -2,6 +2,7 @@ package main
import ( import (
"codeql-go-tests/protobuf/protos/query" "codeql-go-tests/protobuf/protos/query"
"github.com/golang/protobuf/proto" "github.com/golang/protobuf/proto"
) )
@ -23,7 +24,7 @@ func testMarshal() {
serialized, _ := proto.Marshal(query) serialized, _ := proto.Marshal(query)
sinkBytes(serialized) // BAD sinkBytes(serialized) // $ hasTaintFlow="serialized"
} }
func testCloneThenMarshal() { func testCloneThenMarshal() {
@ -34,7 +35,7 @@ func testCloneThenMarshal() {
serialized, _ := proto.Marshal(queryClone) serialized, _ := proto.Marshal(queryClone)
sinkBytes(serialized) // BAD sinkBytes(serialized) // $ hasTaintFlow="serialized"
} }
func testUnmarshalFieldAccess() { func testUnmarshalFieldAccess() {
@ -42,7 +43,7 @@ func testUnmarshalFieldAccess() {
query := &query.Query{} query := &query.Query{}
proto.Unmarshal(untrustedSerialized, query) proto.Unmarshal(untrustedSerialized, query)
sinkString(query.Description) // BAD sinkString(query.Description) // $ hasTaintFlow="selection of Description"
} }
func testUnmarshalGetter() { func testUnmarshalGetter() {
@ -50,7 +51,7 @@ func testUnmarshalGetter() {
query := &query.Query{} query := &query.Query{}
proto.Unmarshal(untrustedSerialized, query) proto.Unmarshal(untrustedSerialized, query)
sinkString(query.GetDescription()) // BAD sinkString(query.GetDescription()) // $ hasTaintFlow="call to GetDescription"
} }
func testMergeThenMarshal() { func testMergeThenMarshal() {
@ -62,7 +63,7 @@ func testMergeThenMarshal() {
serialized, _ := proto.Marshal(query2) serialized, _ := proto.Marshal(query2)
sinkBytes(serialized) // BAD sinkBytes(serialized) // $ hasTaintFlow="serialized"
} }
func testTaintedSubmessage() { func testTaintedSubmessage() {
@ -74,7 +75,7 @@ func testTaintedSubmessage() {
serialized, _ := proto.Marshal(query) serialized, _ := proto.Marshal(query)
sinkBytes(serialized) // BAD sinkBytes(serialized) // $ hasTaintFlow="serialized"
} }
func testTaintedSubmessageInPlace() { func testTaintedSubmessageInPlace() {
@ -86,7 +87,7 @@ func testTaintedSubmessageInPlace() {
serialized, _ := proto.Marshal(query) serialized, _ := proto.Marshal(query)
sinkBytes(serialized) // BAD sinkBytes(serialized) // $ hasTaintFlow="serialized"
} }
func testUnmarshalTaintedSubmessage() { func testUnmarshalTaintedSubmessage() {
@ -94,7 +95,7 @@ func testUnmarshalTaintedSubmessage() {
query := &query.Query{} query := &query.Query{}
proto.Unmarshal(untrustedSerialized, query) proto.Unmarshal(untrustedSerialized, query)
sinkString(query.Alerts[0].Msg) // BAD sinkString(query.Alerts[0].Msg) // $ hasTaintFlow="selection of Msg"
} }
// This test should be ok, but is flagged because writing taint to a field of a Message // This test should be ok, but is flagged because writing taint to a field of a Message
@ -102,7 +103,7 @@ func testUnmarshalTaintedSubmessage() {
func testFieldConflationFalsePositive() { func testFieldConflationFalsePositive() {
query := &query.Query{} query := &query.Query{}
query.Description = getUntrustedString() query.Description = getUntrustedString()
sinkString(query.Id) // OK (but incorrectly tainted) sinkString(query.Id) // $ SPURIOUS: hasTaintFlow="selection of Id"
} }
// This test should be ok, but it flagged because our current implementation doesn't notice // This test should be ok, but it flagged because our current implementation doesn't notice
@ -114,7 +115,7 @@ func testMessageReuseFalsePositive() {
serialized, _ := proto.Marshal(query) serialized, _ := proto.Marshal(query)
sinkBytes(serialized) // OK (but incorrectly tainted) sinkBytes(serialized) // $ SPURIOUS: hasTaintFlow="serialized"
} }
// This test should be flagged, but we don't notice tainting via an alias of a field. // This test should be flagged, but we don't notice tainting via an alias of a field.
@ -125,7 +126,7 @@ func testSubmessageAliasFalseNegative() {
serialized, _ := proto.Marshal(query) serialized, _ := proto.Marshal(query)
sinkBytes(serialized) // BAD (but not noticed by our current implementation) sinkBytes(serialized) // $ MISSING: hasTaintFlow="serialized"
} }
func testTaintedMapFieldWrite() { func testTaintedMapFieldWrite() {
@ -134,7 +135,7 @@ func testTaintedMapFieldWrite() {
serialized, _ := proto.Marshal(query) serialized, _ := proto.Marshal(query)
sinkBytes(serialized) // BAD sinkBytes(serialized) // $ hasTaintFlow="serialized"
} }
func testTaintedMapWriteWholeMap() { func testTaintedMapWriteWholeMap() {
@ -145,7 +146,7 @@ func testTaintedMapWriteWholeMap() {
serialized, _ := proto.Marshal(query) serialized, _ := proto.Marshal(query)
sinkBytes(serialized) // BAD sinkBytes(serialized) // $ hasTaintFlow="serialized"
} }
func testTaintedMapFieldRead() { func testTaintedMapFieldRead() {
@ -154,7 +155,7 @@ func testTaintedMapFieldRead() {
proto.Unmarshal(untrustedSerialized, query) proto.Unmarshal(untrustedSerialized, query)
sinkString(query.KeyValuePairs[123]) // BAD sinkString(query.KeyValuePairs[123]) // $ hasTaintFlow="index expression"
} }
func testTaintedMapFieldReadViaAlias() { func testTaintedMapFieldReadViaAlias() {
@ -165,7 +166,7 @@ func testTaintedMapFieldReadViaAlias() {
alias := &query.KeyValuePairs alias := &query.KeyValuePairs
sinkString((*alias)[123]) // BAD sinkString((*alias)[123]) // $ hasTaintFlow="index expression"
} }
func testTaintedSubmessageInPlaceNonPointerBase() { func testTaintedSubmessageInPlaceNonPointerBase() {
@ -177,5 +178,5 @@ func testTaintedSubmessageInPlaceNonPointerBase() {
serialized, _ := proto.Marshal(query) serialized, _ := proto.Marshal(query)
sinkBytes(serialized) // BAD (but not detected by our current analysis) sinkBytes(serialized) // $ hasTaintFlow="serialized"
} }

41
go/ql/test/library-tests/semmle/go/frameworks/Protobuf/testModernApi.go
Просмотреть файл

@ -2,6 +2,7 @@ package main
import ( import (
"codeql-go-tests/protobuf/protos/query" "codeql-go-tests/protobuf/protos/query"
"google.golang.org/protobuf/proto" "google.golang.org/protobuf/proto"
"google.golang.org/protobuf/runtime/protoiface" "google.golang.org/protobuf/runtime/protoiface"
) )
@ -12,7 +13,7 @@ func testMarshalModern() {
serialized, _ := proto.Marshal(query) serialized, _ := proto.Marshal(query)
sinkBytes(serialized) sinkBytes(serialized) // $ hasTaintFlow="serialized"
} }
func testCloneThenMarshalModern() { func testCloneThenMarshalModern() {
@ -23,7 +24,7 @@ func testCloneThenMarshalModern() {
serialized, _ := proto.Marshal(queryClone) serialized, _ := proto.Marshal(queryClone)
sinkBytes(serialized) sinkBytes(serialized) // $ hasTaintFlow="serialized"
} }
func testUnmarshalFieldAccessModern() { func testUnmarshalFieldAccessModern() {
@ -31,7 +32,7 @@ func testUnmarshalFieldAccessModern() {
query := &query.Query{} query := &query.Query{}
proto.Unmarshal(untrustedSerialized, query) proto.Unmarshal(untrustedSerialized, query)
sinkString(query.Description) sinkString(query.Description) // $ hasTaintFlow="selection of Description"
} }
func testUnmarshalGetterModern() { func testUnmarshalGetterModern() {
@ -39,7 +40,7 @@ func testUnmarshalGetterModern() {
query := &query.Query{} query := &query.Query{}
proto.Unmarshal(untrustedSerialized, query) proto.Unmarshal(untrustedSerialized, query)
sinkString(query.GetDescription()) sinkString(query.GetDescription()) // $ hasTaintFlow="call to GetDescription"
} }
func testMergeThenMarshalModern() { func testMergeThenMarshalModern() {
@ -51,7 +52,7 @@ func testMergeThenMarshalModern() {
serialized, _ := proto.Marshal(query2) serialized, _ := proto.Marshal(query2)
sinkBytes(serialized) sinkBytes(serialized) // $ hasTaintFlow="serialized"
} }
func testMarshalWithOptionsModern() { func testMarshalWithOptionsModern() {
@ -61,7 +62,7 @@ func testMarshalWithOptionsModern() {
options := proto.MarshalOptions{} options := proto.MarshalOptions{}
serialized, _ := options.Marshal(query) serialized, _ := options.Marshal(query)
sinkBytes(serialized) sinkBytes(serialized) // $ hasTaintFlow="serialized"
} }
// Tests only applicable to the modern API: // Tests only applicable to the modern API:
@ -74,7 +75,7 @@ func testMarshalAppend() {
emptyArray := []byte{} emptyArray := []byte{}
serialized, _ := options.MarshalAppend(emptyArray, query) serialized, _ := options.MarshalAppend(emptyArray, query)
sinkBytes(serialized) sinkBytes(serialized) // $ hasTaintFlow="serialized"
} }
func testMarshalState() { func testMarshalState() {
@ -102,7 +103,7 @@ func testTaintedSubmessageModern() {
serialized, _ := proto.Marshal(query) serialized, _ := proto.Marshal(query)
sinkBytes(serialized) // BAD sinkBytes(serialized) // $ hasTaintFlow="serialized"
} }
func testTaintedSubmessageInPlaceModern() { func testTaintedSubmessageInPlaceModern() {
@ -114,7 +115,7 @@ func testTaintedSubmessageInPlaceModern() {
serialized, _ := proto.Marshal(query) serialized, _ := proto.Marshal(query)
sinkBytes(serialized) // BAD sinkBytes(serialized) // $ hasTaintFlow="serialized"
} }
func testUnmarshalTaintedSubmessageModern() { func testUnmarshalTaintedSubmessageModern() {
@ -122,7 +123,7 @@ func testUnmarshalTaintedSubmessageModern() {
query := &query.Query{} query := &query.Query{}
proto.Unmarshal(untrustedSerialized, query) proto.Unmarshal(untrustedSerialized, query)
sinkString(query.Alerts[0].Msg) // BAD sinkString(query.Alerts[0].Msg) // $ hasTaintFlow="selection of Msg"
} }
func testUnmarshalOptions() { func testUnmarshalOptions() {
@ -132,7 +133,7 @@ func testUnmarshalOptions() {
query := &query.Query{} query := &query.Query{}
options.Unmarshal(untrustedSerialized, query) options.Unmarshal(untrustedSerialized, query)
sinkString(query.Description) // BAD sinkString(query.Description) // $ hasTaintFlow="selection of Description"
} }
// This test should be ok, but is flagged because writing taint to a field of a Message // This test should be ok, but is flagged because writing taint to a field of a Message
@ -140,7 +141,7 @@ func testUnmarshalOptions() {
func testFieldConflationFalsePositiveModern() { func testFieldConflationFalsePositiveModern() {
query := &query.Query{} query := &query.Query{}
query.Description = getUntrustedString() query.Description = getUntrustedString()
sinkString(query.Id) // OK (but incorrectly tainted) sinkString(query.Id) // $ SPURIOUS: hasTaintFlow="selection of Id"
} }
// This test should be ok, but it flagged because our current implementation doesn't notice // This test should be ok, but it flagged because our current implementation doesn't notice
@ -152,7 +153,7 @@ func testMessageReuseFalsePositiveModern() {
serialized, _ := proto.Marshal(query) serialized, _ := proto.Marshal(query)
sinkBytes(serialized) // OK (but incorrectly tainted) sinkBytes(serialized) // $ SPURIOUS: hasTaintFlow="serialized"
} }
// This test should be flagged, but we don't notice tainting via an alias of a field. // This test should be flagged, but we don't notice tainting via an alias of a field.
@ -163,7 +164,7 @@ func testSubmessageAliasFalseNegativeModern() {
serialized, _ := proto.Marshal(query) serialized, _ := proto.Marshal(query)
sinkBytes(serialized) // BAD (but not noticed by our current implementation) sinkBytes(serialized) // $ MISSING: hasTaintFlow="serialized"
} }
// This test should be flagged, but we don't notice that marshalState2.Message is the // This test should be flagged, but we don't notice that marshalState2.Message is the
@ -182,7 +183,7 @@ func testMarshalStateFalseNegative() {
marshalState2 := marshalState marshalState2 := marshalState
serialized, _ := options.MarshalState(marshalState2) serialized, _ := options.MarshalState(marshalState2)
sinkBytes(serialized.Buf) // BAD (but not noticed by our current implementation) sinkBytes(serialized.Buf) // $ MISSING: hasTaintFlow="selection of Buf"
} }
func testTaintedMapFieldWriteModern() { func testTaintedMapFieldWriteModern() {
@ -191,7 +192,7 @@ func testTaintedMapFieldWriteModern() {
serialized, _ := proto.Marshal(query) serialized, _ := proto.Marshal(query)
sinkBytes(serialized) // BAD sinkBytes(serialized) // $ hasTaintFlow="serialized"
} }
func testTaintedMapWriteWholeMapModern() { func testTaintedMapWriteWholeMapModern() {
@ -202,7 +203,7 @@ func testTaintedMapWriteWholeMapModern() {
serialized, _ := proto.Marshal(query) serialized, _ := proto.Marshal(query)
sinkBytes(serialized) // BAD sinkBytes(serialized) // $ hasTaintFlow="serialized"
} }
func testTaintedMapFieldReadModern() { func testTaintedMapFieldReadModern() {
@ -211,7 +212,7 @@ func testTaintedMapFieldReadModern() {
proto.Unmarshal(untrustedSerialized, query) proto.Unmarshal(untrustedSerialized, query)
sinkString(query.KeyValuePairs[123]) // BAD sinkString(query.KeyValuePairs[123]) // $ hasTaintFlow="index expression"
} }
func testTaintedMapFieldReadViaAliasModern() { func testTaintedMapFieldReadViaAliasModern() {
@ -222,7 +223,7 @@ func testTaintedMapFieldReadViaAliasModern() {
alias := &query.KeyValuePairs alias := &query.KeyValuePairs
sinkString((*alias)[123]) // BAD sinkString((*alias)[123]) // $ hasTaintFlow="index expression"
} }
func testTaintedSubmessageInPlaceNonPointerBaseModern() { func testTaintedSubmessageInPlaceNonPointerBaseModern() {
@ -234,5 +235,5 @@ func testTaintedSubmessageInPlaceNonPointerBaseModern() {
serialized, _ := proto.Marshal(query) serialized, _ := proto.Marshal(query)
sinkBytes(serialized) // BAD (but not detected by our current implementation) sinkBytes(serialized) // $ hasTaintFlow="serialized"
} }

19
go/ql/test/library-tests/semmle/go/frameworks/Spew/TaintFlows.expected
Просмотреть файл

@ -1,17 +1,2 @@
| test.go:26:16:26:35 | call to getUntrustedString | test.go:33:14:33:23 | sUntrusted | failures
| test.go:26:16:26:35 | call to getUntrustedString | test.go:35:14:35:23 | sUntrusted | testFailures
| test.go:26:16:26:35 | call to getUntrustedString | test.go:41:18:41:27 | sUntrusted |
| test.go:26:16:26:35 | call to getUntrustedString | test.go:51:13:51:16 | str3 |
| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:30:12:30:21 | pUntrusted |
| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:31:13:31:22 | pUntrusted |
| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:32:15:32:24 | pUntrusted |
| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:34:17:34:26 | pUntrusted |
| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:36:17:36:26 | pUntrusted |
| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:38:16:38:25 | pUntrusted |
| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:39:17:39:26 | pUntrusted |
| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:40:19:40:28 | pUntrusted |
| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:42:21:42:30 | pUntrusted |
| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:45:13:45:16 | str1 |
| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:48:13:48:16 | str2 |
| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:54:13:54:16 | str4 |
| test.go:28:16:28:35 | call to getUntrustedStruct | test.go:57:13:57:16 | str5 |

32
go/ql/test/library-tests/semmle/go/frameworks/Spew/TaintFlows.ql
Просмотреть файл

@ -1,28 +1,18 @@
import go import go
import TestUtilities.InlineFlowTest
class UntrustedFunction extends Function { module TestConfig implements DataFlow::ConfigSig {
UntrustedFunction() { this.getName() = ["getUntrustedString", "getUntrustedStruct"] } predicate isSource(DataFlow::Node source) {
} source =
any(Function f | f.getName() = ["getUntrustedString", "getUntrustedStruct"])
.getACall()
.getResult()
}
class UntrustedSource extends DataFlow::Node, UntrustedFlowSource::Range { predicate isSink(DataFlow::Node sink) {
UntrustedSource() { this = any(UntrustedFunction f).getACall() } sink = any(Function f | f.getName() = "sinkString").getACall().getAnArgument() or
}
class SinkFunction extends Function {
SinkFunction() { this.getName() = "sinkString" }
}
class TestConfig extends TaintTracking::Configuration {
TestConfig() { this = "testconfig" }
override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
override predicate isSink(DataFlow::Node sink) {
sink = any(SinkFunction f).getACall().getAnArgument() or
sink = any(LoggerCall log).getAMessageComponent() sink = any(LoggerCall log).getAMessageComponent()
} }
} }
from TaintTracking::Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink import FlowTest<TestConfig, TestConfig>
where config.hasFlowPath(source, sink)
select source, sink

34
go/ql/test/library-tests/semmle/go/frameworks/Spew/test.go
Просмотреть файл

@ -27,32 +27,32 @@ func testSpew(w io.Writer) {
p := Person{} p := Person{}
pUntrusted := getUntrustedStruct() pUntrusted := getUntrustedStruct()
spew.Dump(pUntrusted) // NOT OK spew.Dump(pUntrusted) // $ hasValueFlow="pUntrusted"
spew.Print(pUntrusted) // NOT OK spew.Print(pUntrusted) // $ hasValueFlow="pUntrusted"
spew.Println(pUntrusted) // NOT OK spew.Println(pUntrusted) // $ hasValueFlow="pUntrusted"
spew.Errorf(sUntrusted, p) // NOT OK spew.Errorf(sUntrusted, p) // $ hasValueFlow="sUntrusted"
spew.Errorf(s, pUntrusted) // NOT OK spew.Errorf(s, pUntrusted) // $ hasValueFlow="pUntrusted"
spew.Printf(sUntrusted, p) // NOT OK spew.Printf(sUntrusted, p) // $ hasValueFlow="sUntrusted"
spew.Printf(s, pUntrusted) // NOT OK spew.Printf(s, pUntrusted) // $ hasValueFlow="pUntrusted"
spew.Fdump(w, pUntrusted) // NOT OK spew.Fdump(w, pUntrusted) // $ hasValueFlow="pUntrusted"
spew.Fprint(w, pUntrusted) // NOT OK spew.Fprint(w, pUntrusted) // $ hasValueFlow="pUntrusted"
spew.Fprintln(w, pUntrusted) // NOT OK spew.Fprintln(w, pUntrusted) // $ hasValueFlow="pUntrusted"
spew.Fprintf(w, sUntrusted, p) // NOT OK spew.Fprintf(w, sUntrusted, p) // $ hasValueFlow="sUntrusted"
spew.Fprintf(w, s, pUntrusted) // NOT OK spew.Fprintf(w, s, pUntrusted) // $ hasValueFlow="pUntrusted"
str1 := spew.Sdump(pUntrusted) str1 := spew.Sdump(pUntrusted)
sinkString(str1) // NOT OK sinkString(str1) // $ hasTaintFlow="str1"
str2 := spew.Sprint(pUntrusted) str2 := spew.Sprint(pUntrusted)
sinkString(str2) // NOT OK sinkString(str2) // $ hasTaintFlow="str2"
str3 := spew.Sprintf(sUntrusted, p) str3 := spew.Sprintf(sUntrusted, p)
sinkString(str3) // NOT OK sinkString(str3) // $ hasTaintFlow="str3"
str4 := spew.Sprintf(s, pUntrusted) str4 := spew.Sprintf(s, pUntrusted)
sinkString(str4) // NOT OK sinkString(str4) // $ hasTaintFlow="str4"
str5 := spew.Sprintln(pUntrusted) str5 := spew.Sprintln(pUntrusted)
sinkString(str5) // NOT OK sinkString(str5) // $ hasTaintFlow="str5"
} }

28
go/ql/test/library-tests/semmle/go/frameworks/Zap/TaintFlows.ql
Просмотреть файл

@ -1,30 +1,12 @@
import go import go
import TestUtilities.InlineExpectationsTest import TestUtilities.InlineFlowTest
class TestConfig extends TaintTracking::Configuration { module Config implements DataFlow::ConfigSig {
TestConfig() { this = "test config" } predicate isSource(DataFlow::Node source) {
override predicate isSource(DataFlow::Node source) {
source.(DataFlow::CallNode).getTarget().getName() = ["getUntrustedData", "getUntrustedString"] source.(DataFlow::CallNode).getTarget().getName() = ["getUntrustedData", "getUntrustedString"]
} }
override predicate isSink(DataFlow::Node sink) { predicate isSink(DataFlow::Node sink) { sink = any(LoggerCall log).getAMessageComponent() }
sink = any(LoggerCall log).getAMessageComponent()
}
} }
module ZapTest implements TestSig { import FlowTest<Config, Config>
string getARelevantTag() { result = "zap" }
predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "zap" and
exists(DataFlow::Node sink | any(TestConfig c).hasFlow(_, sink) |
element = sink.toString() and
value = "\"" + sink.toString() + "\"" and
sink.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
location.getStartColumn(), location.getEndLine(), location.getEndColumn())
)
}
}
import MakeTest<ZapTest>

98
go/ql/test/library-tests/semmle/go/frameworks/Zap/test.go
Просмотреть файл

@ -18,72 +18,72 @@ func getUntrustedString() string {
func testZapLoggerDPanic() { func testZapLoggerDPanic() {
logger, _ := zap.NewProduction() logger, _ := zap.NewProduction()
logger.DPanic(getUntrustedString()) // $ zap="call to getUntrustedString" logger.DPanic(getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
} }
func testZapLoggerFatal() { func testZapLoggerFatal() {
logger := zap.NewExample() logger := zap.NewExample()
logger.Fatal("msg", zap.String(getUntrustedString(), "value")) // $ zap="call to String" logger.Fatal("msg", zap.String(getUntrustedString(), "value")) // $ hasTaintFlow="call to String"
} }
func testZapLoggerPanic() { func testZapLoggerPanic() {
logger, _ := zap.NewDevelopment() logger, _ := zap.NewDevelopment()
logger.Panic("msg", zap.Any("key", getUntrustedData())) // $ zap="call to Any" logger.Panic("msg", zap.Any("key", getUntrustedData())) // $ hasTaintFlow="call to Any"
} }
func testZapLoggerDebug(core zapcore.Core, byteArray []byte) { func testZapLoggerDebug(core zapcore.Core, byteArray []byte) {
logger := zap.New(core) logger := zap.New(core)
logger.Debug(getUntrustedString()) // $ zap="call to getUntrustedString" logger.Debug(getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
logger.Debug("msg", zap.Binary(getUntrustedString(), byteArray)) // $ zap="call to Binary" logger.Debug("msg", zap.Binary(getUntrustedString(), byteArray)) // $ hasTaintFlow="call to Binary"
logger.Debug("msg", zap.ByteString("key", getUntrustedData().([]byte))) // $ zap="call to ByteString" logger.Debug("msg", zap.ByteString("key", getUntrustedData().([]byte))) // $ hasTaintFlow="call to ByteString"
} }
func testZapLoggerError(bss [][]byte) { func testZapLoggerError(bss [][]byte) {
logger := zap.L() logger := zap.L()
logger.Error(getUntrustedString()) // $ zap="call to getUntrustedString" logger.Error(getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
logger.Error("msg", zap.ByteStrings(getUntrustedString(), bss)) // $ zap="call to ByteStrings" logger.Error("msg", zap.ByteStrings(getUntrustedString(), bss)) // $ hasTaintFlow="call to ByteStrings"
logger.Error("msg", zap.Error(getUntrustedData().(error))) // $ zap="call to Error" logger.Error("msg", zap.Error(getUntrustedData().(error))) // $ hasTaintFlow="call to Error"
} }
func testZapLoggerInfo(logger *zap.Logger, errs []error) { func testZapLoggerInfo(logger *zap.Logger, errs []error) {
logger.Info(getUntrustedString()) // $ zap="call to getUntrustedString" logger.Info(getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
logger.Info("msg", zap.Errors(getUntrustedString(), errs)) // $ zap="call to Errors" logger.Info("msg", zap.Errors(getUntrustedString(), errs)) // $ hasTaintFlow="call to Errors"
logger.Info("msg", zap.NamedError("key", getUntrustedData().(error))) // $ zap="call to NamedError" logger.Info("msg", zap.NamedError("key", getUntrustedData().(error))) // $ hasTaintFlow="call to NamedError"
} }
func testZapLoggerWarn(logger *zap.Logger) { func testZapLoggerWarn(logger *zap.Logger) {
logger.Warn(getUntrustedString()) // $ zap="call to getUntrustedString" logger.Warn(getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
logger.Warn("msg", zap.Reflect(getUntrustedString(), nil)) // $ zap="call to Reflect" logger.Warn("msg", zap.Reflect(getUntrustedString(), nil)) // $ hasTaintFlow="call to Reflect"
logger.Warn("msg", zap.Stringp("key", getUntrustedData().(*string))) // $ zap="call to Stringp" logger.Warn("msg", zap.Stringp("key", getUntrustedData().(*string))) // $ hasTaintFlow="call to Stringp"
logger.Warn("msg", zap.Strings("key", getUntrustedData().([]string))) // $ zap="call to Strings" logger.Warn("msg", zap.Strings("key", getUntrustedData().([]string))) // $ hasTaintFlow="call to Strings"
} }
func testZapLoggerNop() { func testZapLoggerNop() {
// We do not currently recognise that a logger made using NewNop() does not actually do any logging // We do not currently recognise that a logger made using NewNop() does not actually do any logging
logger := zap.NewNop() logger := zap.NewNop()
logger.Debug(getUntrustedString()) // $ SPURIOUS: zap="call to getUntrustedString" logger.Debug(getUntrustedString()) // $ SPURIOUS: hasValueFlow="call to getUntrustedString"
} }
func testLoggerNamed(logger *zap.Logger) { func testLoggerNamed(logger *zap.Logger) {
namedLogger := logger.Named(getUntrustedString()) // $ zap="call to getUntrustedString" namedLogger := logger.Named(getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
namedLogger.Info("hello world") namedLogger.Info("hello world")
} }
func testLoggerWith(logger *zap.Logger) *zap.Logger { func testLoggerWith(logger *zap.Logger) *zap.Logger {
logger1 := logger.With(zap.Any(getUntrustedString(), nil)) // $ zap="call to Any" logger1 := logger.With(zap.Any(getUntrustedString(), nil)) // $ hasTaintFlow="call to Any"
logger1.Info("hello world") logger1.Info("hello world")
logger2 := logger.With(zap.String("key", getUntrustedString())) // $ zap="call to String" logger2 := logger.With(zap.String("key", getUntrustedString())) // $ hasTaintFlow="call to String"
logger2.Info("hello world") logger2.Info("hello world")
logger3 := logger.With(zap.String("key", getUntrustedString())) // $ SPURIOUS: zap="call to String" logger3 := logger.With(zap.String("key", getUntrustedString())) // $ SPURIOUS: hasTaintFlow="call to String"
return logger3 return logger3
} }
func getLoggerWithUntrustedField() *zap.Logger { func getLoggerWithUntrustedField() *zap.Logger {
return zap.NewExample().With(zap.NamedError("key", getUntrustedData().(error))) // $ zap="call to NamedError" return zap.NewExample().With(zap.NamedError("key", getUntrustedData().(error))) // $ hasTaintFlow="call to NamedError"
} }
func getLoggerWithUntrustedFieldUnused() *zap.Logger { func getLoggerWithUntrustedFieldUnused() *zap.Logger {
return zap.NewExample().With(zap.NamedError("key", getUntrustedData().(error))) // $ SPURIOUS: zap="call to NamedError" return zap.NewExample().With(zap.NamedError("key", getUntrustedData().(error))) // $ SPURIOUS: hasTaintFlow="call to NamedError"
} }
func testLoggerWithAcrossFunctionBoundary() { func testLoggerWithAcrossFunctionBoundary() {
@ -91,91 +91,91 @@ func testLoggerWithAcrossFunctionBoundary() {
} }
func testLoggerWithOptions(logger *zap.Logger) *zap.Logger { func testLoggerWithOptions(logger *zap.Logger) *zap.Logger {
logger1 := logger.WithOptions(zap.Fields(zap.Any(getUntrustedString(), nil))) // $ zap="call to Fields" logger1 := logger.WithOptions(zap.Fields(zap.Any(getUntrustedString(), nil))) // $ hasTaintFlow="call to Fields"
logger1.Info("hello world") logger1.Info("hello world")
logger2 := logger.WithOptions(zap.Fields(zap.String("key", getUntrustedString()))) // $ zap="call to Fields" logger2 := logger.WithOptions(zap.Fields(zap.String("key", getUntrustedString()))) // $ hasTaintFlow="call to Fields"
logger2.Info("hello world") logger2.Info("hello world")
logger3 := logger.WithOptions(zap.Fields(zap.String("key", getUntrustedString()))) // $ SPURIOUS: zap="call to Fields" logger3 := logger.WithOptions(zap.Fields(zap.String("key", getUntrustedString()))) // $ SPURIOUS: hasTaintFlow="call to Fields"
return logger3 return logger3
} }
func testZapSugaredLoggerDPanic(sugaredLogger *zap.SugaredLogger) { func testZapSugaredLoggerDPanic(sugaredLogger *zap.SugaredLogger) {
sugaredLogger.DPanic(getUntrustedData()) // $ zap="call to getUntrustedData" sugaredLogger.DPanic(getUntrustedData()) // $ hasValueFlow="call to getUntrustedData"
} }
func testZapSugaredLoggerDPanicf(sugaredLogger *zap.SugaredLogger) { func testZapSugaredLoggerDPanicf(sugaredLogger *zap.SugaredLogger) {
sugaredLogger.DPanicf(getUntrustedString()) // $ zap="call to getUntrustedString" sugaredLogger.DPanicf(getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
} }
func testZapSugaredLoggerDPanicw(sugaredLogger *zap.SugaredLogger) { func testZapSugaredLoggerDPanicw(sugaredLogger *zap.SugaredLogger) {
sugaredLogger.DPanicw(getUntrustedString()) // $ zap="call to getUntrustedString" sugaredLogger.DPanicw(getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
} }
func testZapSugaredLoggerFatal(sugaredLogger *zap.SugaredLogger) { func testZapSugaredLoggerFatal(sugaredLogger *zap.SugaredLogger) {
sugaredLogger.Fatal(getUntrustedData()) // $ zap="call to getUntrustedData" sugaredLogger.Fatal(getUntrustedData()) // $ hasValueFlow="call to getUntrustedData"
} }
func testZapSugaredLoggerFatalf(sugaredLogger *zap.SugaredLogger) { func testZapSugaredLoggerFatalf(sugaredLogger *zap.SugaredLogger) {
sugaredLogger.Fatalf(getUntrustedString()) // $ zap="call to getUntrustedString" sugaredLogger.Fatalf(getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
} }
func testZapSugaredLoggerFatalw(sugaredLogger *zap.SugaredLogger) { func testZapSugaredLoggerFatalw(sugaredLogger *zap.SugaredLogger) {
sugaredLogger.Fatalw(getUntrustedString()) // $ zap="call to getUntrustedString" sugaredLogger.Fatalw(getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
} }
func testZapSugaredLoggerPanic(sugaredLogger *zap.SugaredLogger) { func testZapSugaredLoggerPanic(sugaredLogger *zap.SugaredLogger) {
sugaredLogger.Panic(getUntrustedData()) // $ zap="call to getUntrustedData" sugaredLogger.Panic(getUntrustedData()) // $ hasValueFlow="call to getUntrustedData"
} }
func testZapSugaredLoggerPanicf(sugaredLogger *zap.SugaredLogger) { func testZapSugaredLoggerPanicf(sugaredLogger *zap.SugaredLogger) {
sugaredLogger.Panicf(getUntrustedString()) // $ zap="call to getUntrustedString" sugaredLogger.Panicf(getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
} }
func testZapSugaredLoggerPanicw(sugaredLogger *zap.SugaredLogger) { func testZapSugaredLoggerPanicw(sugaredLogger *zap.SugaredLogger) {
sugaredLogger.Panicw(getUntrustedString()) // $ zap="call to getUntrustedString" sugaredLogger.Panicw(getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
} }
func testZapSugaredLoggerDebug() { func testZapSugaredLoggerDebug() {
sugaredLogger := zap.S() sugaredLogger := zap.S()
sugaredLogger.Debug(getUntrustedData()) // $ zap="call to getUntrustedData" sugaredLogger.Debug(getUntrustedData()) // $ hasValueFlow="call to getUntrustedData"
sugaredLogger.Debugf("msg", getUntrustedData()) // $ zap="call to getUntrustedData" sugaredLogger.Debugf("msg", getUntrustedData()) // $ hasValueFlow="call to getUntrustedData"
sugaredLogger.Debugw("msg", "key", getUntrustedData()) // $ zap="call to getUntrustedData" sugaredLogger.Debugw("msg", "key", getUntrustedData()) // $ hasValueFlow="call to getUntrustedData"
} }
func testZapSugaredLoggerError() { func testZapSugaredLoggerError() {
logger, _ := zap.NewProduction() logger, _ := zap.NewProduction()
sugaredLogger := logger.Sugar() sugaredLogger := logger.Sugar()
sugaredLogger.Error(getUntrustedData()) // $ zap="call to getUntrustedData" sugaredLogger.Error(getUntrustedData()) // $ hasValueFlow="call to getUntrustedData"
sugaredLogger.Errorf("msg", getUntrustedData()) // $ zap="call to getUntrustedData" sugaredLogger.Errorf("msg", getUntrustedData()) // $ hasValueFlow="call to getUntrustedData"
sugaredLogger.Errorw("msg", "key", getUntrustedData()) // $ zap="call to getUntrustedData" sugaredLogger.Errorw("msg", "key", getUntrustedData()) // $ hasValueFlow="call to getUntrustedData"
} }
func testZapSugaredLoggerInfo() { func testZapSugaredLoggerInfo() {
logger := zap.NewExample() logger := zap.NewExample()
sugaredLogger := logger.Sugar() sugaredLogger := logger.Sugar()
sugaredLogger.Info(getUntrustedData()) // $ zap="call to getUntrustedData" sugaredLogger.Info(getUntrustedData()) // $ hasValueFlow="call to getUntrustedData"
sugaredLogger.Infof("msg", getUntrustedData()) // $ zap="call to getUntrustedData" sugaredLogger.Infof("msg", getUntrustedData()) // $ hasValueFlow="call to getUntrustedData"
sugaredLogger.Infow("msg", "key", getUntrustedData()) // $ zap="call to getUntrustedData" sugaredLogger.Infow("msg", "key", getUntrustedData()) // $ hasValueFlow="call to getUntrustedData"
} }
func testZapSugaredLoggerWarn() { func testZapSugaredLoggerWarn() {
logger, _ := zap.NewDevelopment() logger, _ := zap.NewDevelopment()
sugaredLogger := logger.Sugar() sugaredLogger := logger.Sugar()
sugaredLogger.Warn(getUntrustedData()) // $ zap="call to getUntrustedData" sugaredLogger.Warn(getUntrustedData()) // $ hasValueFlow="call to getUntrustedData"
sugaredLogger.Warnf("msg", getUntrustedData()) // $ zap="call to getUntrustedData" sugaredLogger.Warnf("msg", getUntrustedData()) // $ hasValueFlow="call to getUntrustedData"
sugaredLogger.Warnw("msg", "key", getUntrustedData()) // $ zap="call to getUntrustedData" sugaredLogger.Warnw("msg", "key", getUntrustedData()) // $ hasValueFlow="call to getUntrustedData"
} }
func testZapSugaredLoggerNamed() { func testZapSugaredLoggerNamed() {
logger := zap.L() logger := zap.L()
sugaredLogger := logger.Sugar() sugaredLogger := logger.Sugar()
sugaredLogger.Named(getUntrustedString()) // $ zap="call to getUntrustedString" sugaredLogger.Named(getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
sugaredLogger.Info("msg") sugaredLogger.Info("msg")
} }
func testZapSugaredLoggerWith() { func testZapSugaredLoggerWith() {
logger := zap.L() logger := zap.L()
sugaredLogger := logger.Sugar() sugaredLogger := logger.Sugar()
sugaredLogger.With("key", getUntrustedData()) // $ zap="call to getUntrustedData" sugaredLogger.With("key", getUntrustedData()) // $ hasValueFlow="call to getUntrustedData"
sugaredLogger.Info("msg") sugaredLogger.Info("msg")
} }