Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit d6919dd

Browse files
mbgowen-mc
authored andcommitted
Make UntrustedDataToExternalAPI use new API
1 parent 82a1b15 commit d6919dd

2 files changed

Lines changed: 19 additions & 9 deletions

File tree

go/ql/lib/semmle/go/security/ExternalAPIs.qll

Lines changed: 16 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -188,15 +188,27 @@ class UnknownExternalApiDataNode extends ExternalApiDataNode {
188188
/** DEPRECATED: Alias for UnknownExternalApiDataNode */
189189
deprecated class UnknownExternalAPIDataNode = UnknownExternalApiDataNode;
190190

191-
/** A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. */
192-
class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration {
191+
/**
192+
* DEPRECATED: Use `UntrustedDataToExternalApiFlow` instead.
193+
*
194+
* A configuration for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s.
195+
*/
196+
deprecated class UntrustedDataToExternalApiConfig extends TaintTracking::Configuration {
193197
UntrustedDataToExternalApiConfig() { this = "UntrustedDataToExternalAPIConfig" }
194198

195199
override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
196200

197201
override predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
198202
}
199203

204+
private module UntrustedDataConfig implements DataFlow::ConfigSig {
205+
predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
206+
207+
predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
208+
}
209+
210+
module UntrustedDataToExternalApiFlow = DataFlow::Global<UntrustedDataConfig>;
211+
200212
/** DEPRECATED: Alias for UntrustedDataToExternalApiConfig */
201213
deprecated class UntrustedDataToExternalAPIConfig = UntrustedDataToExternalApiConfig;
202214

@@ -214,12 +226,10 @@ deprecated class UntrustedDataToUnknownExternalAPIConfig = UntrustedDataToUnknow
214226

215227
/** A node representing untrusted data being passed to an external API. */
216228
class UntrustedExternalApiDataNode extends ExternalApiDataNode {
217-
UntrustedExternalApiDataNode() { any(UntrustedDataToExternalApiConfig c).hasFlow(_, this) }
229+
UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) }
218230

219231
/** Gets a source of untrusted data which is passed to this external API data node. */
220-
DataFlow::Node getAnUntrustedSource() {
221-
any(UntrustedDataToExternalApiConfig c).hasFlow(result, this)
222-
}
232+
DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }
223233
}
224234

225235
/** DEPRECATED: Alias for UntrustedExternalApiDataNode */

go/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,10 +11,10 @@
1111

1212
import go
1313
import semmle.go.security.ExternalAPIs
14-
import DataFlow::PathGraph
14+
import UntrustedDataToExternalApiFlow::PathGraph
1515

16-
from UntrustedDataToExternalApiConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
17-
where config.hasFlowPath(source, sink)
16+
from UntrustedDataToExternalApiFlow::PathNode source, UntrustedDataToExternalApiFlow::PathNode sink
17+
where UntrustedDataToExternalApiFlow::flowPath(source, sink)
1818
select sink, source, sink,
1919
"Call to " + sink.getNode().(ExternalApiDataNode).getFunctionDescription() +
2020
" with untrusted data from $@.", source, source.toString()

0 commit comments

Comments
 (0)