Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 957757c

Browse files
mbgowen-mc
mbg
authored and
owen-mc
committed
Make UntrustedDataToUnknownExternalAPI use new API
1 parent d6919dd commit 957757c

2 files changed

Lines changed: 19 additions & 5 deletions

File tree

go/ql/lib/semmle/go/security/ExternalAPIs.qll

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -212,8 +212,12 @@ module UntrustedDataToExternalApiFlow = DataFlow::Global<UntrustedDataConfig>;
212212
/** DEPRECATED: Alias for UntrustedDataToExternalApiConfig */
213213
deprecated class UntrustedDataToExternalAPIConfig = UntrustedDataToExternalApiConfig;
214214

215-
/** A configuration for tracking flow from `RemoteFlowSource`s to `UnknownExternalApiDataNode`s. */
216-
class UntrustedDataToUnknownExternalApiConfig extends TaintTracking::Configuration {
215+
/**
216+
* DEPRECATED: Use `UntrustedDataToUnknownExternalApiFlow` instead.
217+
*
218+
* A configuration for tracking flow from `RemoteFlowSource`s to `UnknownExternalApiDataNode`s.
219+
*/
220+
deprecated class UntrustedDataToUnknownExternalApiConfig extends TaintTracking::Configuration {
217221
UntrustedDataToUnknownExternalApiConfig() { this = "UntrustedDataToUnknownExternalAPIConfig" }
218222

219223
override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
@@ -224,6 +228,15 @@ class UntrustedDataToUnknownExternalApiConfig extends TaintTracking::Configurati
224228
/** DEPRECATED: Alias for UntrustedDataToUnknownExternalApiConfig */
225229
deprecated class UntrustedDataToUnknownExternalAPIConfig = UntrustedDataToUnknownExternalApiConfig;
226230

231+
private module UntrustedDataToUnknownExternalApiConfig implements DataFlow::ConfigSig {
232+
predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
233+
234+
predicate isSink(DataFlow::Node sink) { sink instanceof UnknownExternalApiDataNode }
235+
}
236+
237+
module UntrustedDataToUnknownExternalApiFlow =
238+
DataFlow::Global<UntrustedDataToUnknownExternalApiConfig>;
239+
227240
/** A node representing untrusted data being passed to an external API. */
228241
class UntrustedExternalApiDataNode extends ExternalApiDataNode {
229242
UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) }

go/ql/src/Security/CWE-020/UntrustedDataToUnknownExternalAPI.ql

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,11 +11,12 @@
1111

1212
import go
1313
import semmle.go.security.ExternalAPIs
14-
import DataFlow::PathGraph
14+
import UntrustedDataToUnknownExternalApiFlow::PathGraph
1515

1616
from
17-
UntrustedDataToUnknownExternalApiConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
18-
where config.hasFlowPath(source, sink)
17+
UntrustedDataToUnknownExternalApiFlow::PathNode source,
18+
UntrustedDataToUnknownExternalApiFlow::PathNode sink
19+
where UntrustedDataToUnknownExternalApiFlow::flowPath(source, sink)
1920
select sink, source, sink,
2021
"Call to " + sink.getNode().(UnknownExternalApiDataNode).getFunctionDescription() +
2122
" with untrusted data from $@.", source, source.toString()

0 commit comments

Comments
 (0)