-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathRsCors.qll
More file actions
151 lines (127 loc) · 4.49 KB
/
RsCors.qll
File metadata and controls
151 lines (127 loc) · 4.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
/** Provides classes for modeling the `github.com/rs/cors` package. */
overlay[local?]
module;
import go
/** An abstract class for modeling the Go CORS handler model origin write. */
abstract class UniversalOriginWrite extends DataFlow::ExprNode {
/** Gets the config variable holding header values. */
abstract DataFlow::Node getBase();
/** Gets the config variable holding header values. */
abstract Variable getConfig();
}
/**
* An abstract class for modeling the Go CORS handler model allow all origins
* write.
*/
abstract class UniversalAllowAllOriginsWrite extends DataFlow::ExprNode {
/** Gets the config variable holding header values. */
abstract DataFlow::Node getBase();
/** Gets the config variable holding header values. */
abstract Variable getConfig();
}
/**
* An abstract class for modeling the Go CORS handler model allow credentials
* write.
*/
abstract class UniversalAllowCredentialsWrite extends DataFlow::ExprNode {
/** Gets the config struct holding header values. */
abstract DataFlow::Node getBase();
/** Gets the config variable holding header values. */
abstract Variable getConfig();
}
/** Provides classes for modeling the `github.com/rs/cors` package. */
module RsCors {
/** Gets the package name `github.com/gin-gonic/gin`. */
string packagePath() { result = package("github.com/rs/cors", "") }
/** The `New` function that creates a new rs Handler. */
class New extends Function {
New() { exists(Function f | f.hasQualifiedName(packagePath(), "New") | this = f) }
}
/**
* A write to the value of Access-Control-Allow-Credentials header.
*/
class AllowCredentialsWrite extends UniversalAllowCredentialsWrite {
DataFlow::Node base;
AllowCredentialsWrite() {
exists(Field f, Write w |
f.hasQualifiedName(packagePath(), "Options", "AllowCredentials") and
w.writesFieldPreUpdate(base, f, this) and
this.getType() instanceof BoolType
)
}
/** Gets the options struct holding header values. */
override DataFlow::Node getBase() { result = base }
/** Gets the options variable holding header values. */
override RsOptions getConfig() {
exists(RsOptions gc |
(
gc.getV().getBaseVariable().getDefinition().(SsaExplicitDefinition).getRhs() =
base.asInstruction() or
gc.getV().getAUse() = base
) and
result = gc
)
}
}
/** A write to the value of Access-Control-Allow-Origins header. */
class AllowOriginsWrite extends UniversalOriginWrite {
DataFlow::Node base;
AllowOriginsWrite() {
exists(Field f, Write w |
f.hasQualifiedName(packagePath(), "Options", "AllowedOrigins") and
w.writesFieldPreUpdate(base, f, this) and
this.asExpr() instanceof SliceLit
)
}
/** Gets the options struct holding header values. */
override DataFlow::Node getBase() { result = base }
/** Gets the options variable holding header values. */
override RsOptions getConfig() {
exists(RsOptions gc |
(
gc.getV().getBaseVariable().getDefinition().(SsaExplicitDefinition).getRhs() =
base.asInstruction() or
gc.getV().getAUse() = base
) and
result = gc
)
}
}
/**
* A write to the value of Access-Control-Allow-Origins of value "*",
* overriding `AllowOrigins`.
*/
class AllowAllOriginsWrite extends UniversalAllowAllOriginsWrite {
DataFlow::Node base;
AllowAllOriginsWrite() {
exists(Field f, Write w |
f.hasQualifiedName(packagePath(), "Options", "AllowAllOrigins") and
w.writesFieldPreUpdate(base, f, this) and
this.getType() instanceof BoolType
)
}
/** Gets the options struct holding header values. */
override DataFlow::Node getBase() { result = base }
/** Gets options variable holding header values. */
override RsOptions getConfig() {
exists(RsOptions gc |
(
gc.getV().getBaseVariable().getDefinition().(SsaExplicitDefinition).getRhs() =
base.asInstruction() or
gc.getV().getAUse() = base
) and
result = gc
)
}
}
/** A variable of type Options that holds the headers to be set. */
class RsOptions extends Variable {
SsaWithFields v;
RsOptions() {
this = v.getBaseVariable().getSourceVariable() and
v.getType().hasQualifiedName(packagePath(), "Options")
}
/** Gets the SSA variable declaration of Options. */
SsaWithFields getV() { result = v }
}
}