github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Use $ANYVERSION to allow applying a model to all versions of a given package

This commit is contained in:
Chris Smowton 2023-03-23 14:20:24 +00:00
Родитель f36a2143f5
Коммит c242c28af9
15 изменённых файлов: 90 добавлений и 102 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

13
go/ql/lib/ext/github.com.evanphx.json-patch.model.yml Normal file
Просмотреть файл

@ -0,0 +1,13 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["github.com/evanphx/json-patch/$ANYVERSION", "", False, "CreateMergePatch", "", "", "Argument[0..1]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/evanphx/json-patch/$ANYVERSION", "", False, "DecodePatch", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/evanphx/json-patch/$ANYVERSION", "", False, "MergeMergePatches", "", "", "Argument[0..1]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/evanphx/json-patch/$ANYVERSION", "", False, "MergePatch", "", "", "Argument[0..1]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/evanphx/json-patch/$ANYVERSION", "Patch", True, "Apply", "", "", "Argument[-1]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/evanphx/json-patch/$ANYVERSION", "Patch", True, "Apply", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/evanphx/json-patch/$ANYVERSION", "Patch", True, "ApplyIndent", "", "", "Argument[-1]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/evanphx/json-patch/$ANYVERSION", "Patch", True, "ApplyIndent", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]

13
go/ql/lib/ext/github.com.evanphx.json-patch.v5.model.yml
Просмотреть файл

@ -1,13 +0,0 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["github.com/evanphx/json-patch/v5", "", False, "CreateMergePatch", "", "", "Argument[0..1]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/evanphx/json-patch/v5", "", False, "DecodePatch", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/evanphx/json-patch/v5", "", False, "MergeMergePatches", "", "", "Argument[0..1]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/evanphx/json-patch/v5", "", False, "MergePatch", "", "", "Argument[0..1]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/evanphx/json-patch/v5", "Patch", True, "Apply", "", "", "Argument[-1]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/evanphx/json-patch/v5", "Patch", True, "Apply", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/evanphx/json-patch/v5", "Patch", True, "ApplyIndent", "", "", "Argument[-1]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/evanphx/json-patch/v5", "Patch", True, "ApplyIndent", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]

7
go/ql/lib/ext/github.com.labstack.echo.model.yml Normal file
Просмотреть файл

@ -0,0 +1,7 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["github.com/labstack/echo/$ANYVERSION", "Context", True, "Get", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["github.com/labstack/echo/$ANYVERSION", "Context", True, "Set", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]

7
go/ql/lib/ext/github.com.labstack.echo.v4.model.yml
Просмотреть файл

@ -1,7 +0,0 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["github.com/labstack/echo/v4", "Context", True, "Get", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["github.com/labstack/echo/v4", "Context", True, "Set", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"]

23
go/ql/lib/ext/gopkg.in.couchbase.gocb.model.yml Normal file
Просмотреть файл

@ -0,0 +1,23 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["gopkg.in/couchbase/gocb.$ANYVERSION", "", False, "NewAnalyticsQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.$ANYVERSION", "", False, "NewN1qlQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.$ANYVERSION", "AnalyticsQuery", True, "ContextId", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.$ANYVERSION", "AnalyticsQuery", True, "Deferred", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.$ANYVERSION", "AnalyticsQuery", True, "Pretty", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.$ANYVERSION", "AnalyticsQuery", True, "Priority", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.$ANYVERSION", "AnalyticsQuery", True, "RawParam", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.$ANYVERSION", "AnalyticsQuery", True, "ServerSideTimeout", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.$ANYVERSION", "N1qlQuery", True, "AdHoc", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.$ANYVERSION", "N1qlQuery", True, "Consistency", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.$ANYVERSION", "N1qlQuery", True, "ConsistentWith", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.$ANYVERSION", "N1qlQuery", True, "Custom", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.$ANYVERSION", "N1qlQuery", True, "PipelineBatch", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.$ANYVERSION", "N1qlQuery", True, "PipelineCap", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.$ANYVERSION", "N1qlQuery", True, "Profile", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.$ANYVERSION", "N1qlQuery", True, "ReadOnly", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.$ANYVERSION", "N1qlQuery", True, "ScanCap", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.$ANYVERSION", "N1qlQuery", True, "Timeout", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]

23
go/ql/lib/ext/gopkg.in.couchbase.gocb.v1.model.yml
Просмотреть файл

@ -1,23 +0,0 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["gopkg.in/couchbase/gocb.v1", "", False, "NewAnalyticsQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.v1", "", False, "NewN1qlQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.v1", "AnalyticsQuery", True, "ContextId", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.v1", "AnalyticsQuery", True, "Deferred", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.v1", "AnalyticsQuery", True, "Pretty", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.v1", "AnalyticsQuery", True, "Priority", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.v1", "AnalyticsQuery", True, "RawParam", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.v1", "AnalyticsQuery", True, "ServerSideTimeout", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.v1", "N1qlQuery", True, "AdHoc", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.v1", "N1qlQuery", True, "Consistency", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.v1", "N1qlQuery", True, "ConsistentWith", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.v1", "N1qlQuery", True, "Custom", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.v1", "N1qlQuery", True, "PipelineBatch", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.v1", "N1qlQuery", True, "PipelineCap", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.v1", "N1qlQuery", True, "Profile", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.v1", "N1qlQuery", True, "ReadOnly", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.v1", "N1qlQuery", True, "ScanCap", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/couchbase/gocb.v1", "N1qlQuery", True, "Timeout", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]

6
go/ql/lib/ext/gopkg.in.macaron.model.yml Normal file
Просмотреть файл

@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["gopkg.in/macaron.$ANYVERSION", "RequestBody", True, "String", "", "", "Argument[-1]", "ReturnValue[0]", "taint", "manual"]

6
go/ql/lib/ext/gopkg.in.macaron.v1.model.yml
Просмотреть файл

@ -1,6 +0,0 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["gopkg.in/macaron.v1", "RequestBody", True, "String", "", "", "Argument[-1]", "ReturnValue[0]", "taint", "manual"]

14
go/ql/lib/ext/gopkg.in.yaml.model.yml Normal file
Просмотреть файл

@ -0,0 +1,14 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["gopkg.in/yaml.$ANYVERSION", "", False, "Marshal", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["gopkg.in/yaml.$ANYVERSION", "", False, "Unmarshal", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["gopkg.in/yaml.$ANYVERSION", "", False, "UnmarshalStrict", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["gopkg.in/yaml.$ANYVERSION", "", False, "NewDecoder", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/yaml.$ANYVERSION", "Decoder", True, "Decode", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
- ["gopkg.in/yaml.$ANYVERSION", "Encoder", True, "Encode", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["gopkg.in/yaml.$ANYVERSION", "Node", True, "Decode", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
- ["gopkg.in/yaml.$ANYVERSION", "Node", True, "Encode", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["gopkg.in/yaml.$ANYVERSION", "Node", True, "SetString", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]

7
go/ql/lib/ext/gopkg.in.yaml.v1.model.yml
Просмотреть файл

@ -1,7 +0,0 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["gopkg.in/yaml.v1", "", False, "Marshal", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["gopkg.in/yaml.v1", "", False, "Unmarshal", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]

11
go/ql/lib/ext/gopkg.in.yaml.v2.model.yml
Просмотреть файл

@ -1,11 +0,0 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["gopkg.in/yaml.v2", "", False, "Marshal", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["gopkg.in/yaml.v2", "", False, "NewDecoder", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/yaml.v2", "", False, "Unmarshal", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["gopkg.in/yaml.v2", "", False, "UnmarshalStrict", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["gopkg.in/yaml.v2", "Decoder", True, "Decode", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
- ["gopkg.in/yaml.v2", "Encoder", True, "Encode", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]

13
go/ql/lib/ext/gopkg.in.yaml.v3.model.yml
Просмотреть файл

@ -1,13 +0,0 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["gopkg.in/yaml.v3", "", False, "Marshal", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["gopkg.in/yaml.v3", "", False, "NewDecoder", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["gopkg.in/yaml.v3", "", False, "Unmarshal", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["gopkg.in/yaml.v3", "Decoder", True, "Decode", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
- ["gopkg.in/yaml.v3", "Encoder", True, "Encode", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["gopkg.in/yaml.v3", "Node", True, "Decode", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
- ["gopkg.in/yaml.v3", "Node", True, "Encode", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["gopkg.in/yaml.v3", "Node", True, "SetString", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]

15
go/ql/lib/ext/k8s.io.api.core.model.yml Normal file
Просмотреть файл

@ -0,0 +1,15 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["k8s.io/api/core/$ANYVERSION", "Secret", True, "DeepCopy", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["k8s.io/api/core/$ANYVERSION", "Secret", True, "DeepCopyInto", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
- ["k8s.io/api/core/$ANYVERSION", "Secret", True, "DeepCopyObject", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["k8s.io/api/core/$ANYVERSION", "Secret", True, "Marshal", "", "", "Argument[-1]", "ReturnValue[0]", "taint", "manual"]
- ["k8s.io/api/core/$ANYVERSION", "Secret", True, "Unmarshal", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
- ["k8s.io/api/core/$ANYVERSION", "SecretList", True, "DeepCopy", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["k8s.io/api/core/$ANYVERSION", "SecretList", True, "DeepCopyInto", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
- ["k8s.io/api/core/$ANYVERSION", "SecretList", True, "DeepCopyObject", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["k8s.io/api/core/$ANYVERSION", "SecretList", True, "Marshal", "", "", "Argument[-1]", "ReturnValue[0]", "taint", "manual"]
- ["k8s.io/api/core/$ANYVERSION", "SecretList", True, "Unmarshal", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]

19
go/ql/lib/ext/k8s.io.api.core.v1.model.yml
Просмотреть файл

@ -1,19 +0,0 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["k8s.io/api/core/v1", "Secret", True, "DeepCopy", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["k8s.io/api/core/v1", "Secret", True, "DeepCopy", "", "", "Argument[-1]", "ReturnValue[0]", "taint", "manual"]
- ["k8s.io/api/core/v1", "Secret", True, "DeepCopyInto", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
- ["k8s.io/api/core/v1", "Secret", True, "DeepCopyObject", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["k8s.io/api/core/v1", "Secret", True, "DeepCopyObject", "", "", "Argument[-1]", "ReturnValue[0]", "taint", "manual"]
- ["k8s.io/api/core/v1", "Secret", True, "Marshal", "", "", "Argument[-1]", "ReturnValue[0]", "taint", "manual"]
- ["k8s.io/api/core/v1", "Secret", True, "Unmarshal", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
- ["k8s.io/api/core/v1", "SecretList", True, "DeepCopy", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["k8s.io/api/core/v1", "SecretList", True, "DeepCopy", "", "", "Argument[-1]", "ReturnValue[0]", "taint", "manual"]
- ["k8s.io/api/core/v1", "SecretList", True, "DeepCopyInto", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
- ["k8s.io/api/core/v1", "SecretList", True, "DeepCopyObject", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["k8s.io/api/core/v1", "SecretList", True, "DeepCopyObject", "", "", "Argument[-1]", "ReturnValue[0]", "taint", "manual"]
- ["k8s.io/api/core/v1", "SecretList", True, "Marshal", "", "", "Argument[-1]", "ReturnValue[0]", "taint", "manual"]
- ["k8s.io/api/core/v1", "SecretList", True, "Unmarshal", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]

15
go/ql/lib/semmle/go/dataflow/ExternalFlow.qll
Просмотреть файл

@ -265,6 +265,15 @@ private string paramsStringPart(Function f, int i) {
*/
string paramsString(Function f) { result = concat(int i | | paramsStringPart(f, i) order by i) }
bindingset[p]
private string interpretPackage(string p) {
exists(string r | r = "([^$]+)([./]\\$ANYVERSION(/|$)(.*))?" |
if exists(p.regexpCapture(r, 4))
then result = package(p.regexpCapture(r, 1), p.regexpCapture(r, 4))
else result = p
)
}
/** Gets the source/sink/summary element corresponding to the supplied parameters. */
SourceOrSinkElement interpretElement(
string pkg, string type, boolean subtypes, string name, string signature, string ext
@ -273,16 +282,16 @@ SourceOrSinkElement interpretElement(
// Go does not need to distinguish functions with signature
signature = "" and
(
exists(Field f | f.hasQualifiedName(pkg, type, name) | result.asEntity() = f)
exists(Field f | f.hasQualifiedName(interpretPackage(pkg), type, name) | result.asEntity() = f)
or
exists(Method m | m.hasQualifiedName(pkg, type, name) |
exists(Method m | m.hasQualifiedName(interpretPackage(pkg), type, name) |
result.asEntity() = m
or
subtypes = true and result.asEntity().(Method).implements(m)
)
or
type = "" and
exists(Entity e | e.hasQualifiedName(pkg, name) | result.asEntity() = e)
exists(Entity e | e.hasQualifiedName(interpretPackage(pkg), name) | result.asEntity() = e)
)
}