-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathEncoding.qll
More file actions
25 lines (19 loc) · 898 Bytes
/
Encoding.qll
File metadata and controls
25 lines (19 loc) · 898 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
/**
* Provides classes modeling taint propagation through marshalling and encoding functions.
*/
overlay[local?]
module;
import go
/** Gets the package name `github.com/json-iterator/go`. */
private string packagePath() { result = package("github.com/json-iterator/go", "") }
/** A model of json-iterator's `Unmarshal` function, propagating taint from the JSON input to the decoded object. */
private class JsonIteratorUnmarshalFunction extends UnmarshalingFunction::Range {
JsonIteratorUnmarshalFunction() {
this.hasQualifiedName(packagePath(), ["Unmarshal", "UnmarshalFromString"])
or
this.(Method).implements(packagePath(), "API", ["Unmarshal", "UnmarshalFromString"])
}
override DataFlow::FunctionInput getAnInput() { result.isParameter(0) }
override DataFlow::FunctionOutput getOutput() { result.isParameter(1) }
override string getFormat() { result = "JSON" }
}