Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit d9844bd

Browse files
owen-mcowen-mc
committed
Make WrongUsageOfUnsafe use new API
1 parent 00ea023 commit d9844bd

1 file changed

Lines changed: 30 additions & 27 deletions

File tree

go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql

Lines changed: 30 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,6 @@
1212
*/
1313

1414
import go
15-
import DataFlow::PathGraph
1615

1716
/*
1817
* Returns the type after all aliases, named types, and pointer
@@ -39,38 +38,40 @@ class ConversionToUnsafePointer extends DataFlow::TypeCastNode {
3938
}
4039

4140
/* Type casting from a `unsafe.Pointer`.*/
42-
class UnsafeTypeCastingConf extends TaintTracking::Configuration {
43-
UnsafeTypeCastingConf() { this = "UnsafeTypeCastingConf" }
44-
45-
predicate conversionIsSource(DataFlow::Node source, ConversionToUnsafePointer conv) {
41+
module UnsafeTypeCastingConfig implements DataFlow::ConfigSig {
42+
additional predicate conversionIsSource(DataFlow::Node source, ConversionToUnsafePointer conv) {
4643
source = conv
4744
}
4845

49-
predicate typeCastNodeIsSink(DataFlow::Node sink, DataFlow::TypeCastNode ca) {
46+
additional predicate typeCastNodeIsSink(DataFlow::Node sink, DataFlow::TypeCastNode ca) {
5047
ca.getOperand().getType() instanceof UnsafePointerType and
5148
sink = ca
5249
}
5350

54-
override predicate isSource(DataFlow::Node source) { this.conversionIsSource(source, _) }
51+
predicate isSource(DataFlow::Node source) { conversionIsSource(source, _) }
5552

56-
override predicate isSink(DataFlow::Node sink) { this.typeCastNodeIsSink(sink, _) }
53+
predicate isSink(DataFlow::Node sink) { typeCastNodeIsSink(sink, _) }
5754
}
5855

56+
module UnsafeTypeCastingFlow = TaintTracking::Global<UnsafeTypeCastingConfig>;
57+
58+
import UnsafeTypeCastingFlow::PathGraph
59+
5960
/*
6061
* Type casting from a shorter array to a longer array
6162
* through the use of unsafe pointers.
6263
*/
6364

6465
predicate castShortArrayToLongerArray(
65-
DataFlow::PathNode source, DataFlow::PathNode sink, string message
66+
UnsafeTypeCastingFlow::PathNode source, UnsafeTypeCastingFlow::PathNode sink, string message
6667
) {
6768
exists(
68-
UnsafeTypeCastingConf cfg, DataFlow::TypeCastNode castBig, ConversionToUnsafePointer castLittle,
69-
ArrayType arrTo, ArrayType arrFrom, int arrFromSize
69+
DataFlow::TypeCastNode castBig, ConversionToUnsafePointer castLittle, ArrayType arrTo,
70+
ArrayType arrFrom, int arrFromSize
7071
|
71-
cfg.hasFlowPath(source, sink) and
72-
cfg.conversionIsSource(source.getNode(), castLittle) and
73-
cfg.typeCastNodeIsSink(sink.getNode(), castBig) and
72+
UnsafeTypeCastingFlow::flowPath(source, sink) and
73+
UnsafeTypeCastingConfig::conversionIsSource(source.getNode(), castLittle) and
74+
UnsafeTypeCastingConfig::typeCastNodeIsSink(sink.getNode(), castBig) and
7475
arrTo = getFinalType(castBig.getResultType()) and
7576
(
7677
// Array (whole) to array:
@@ -108,14 +109,16 @@ predicate castShortArrayToLongerArray(
108109
* through the use of unsafe pointers.
109110
*/
110111

111-
predicate castTypeToArray(DataFlow::PathNode source, DataFlow::PathNode sink, string message) {
112+
predicate castTypeToArray(
113+
UnsafeTypeCastingFlow::PathNode source, UnsafeTypeCastingFlow::PathNode sink, string message
114+
) {
112115
exists(
113-
UnsafeTypeCastingConf cfg, DataFlow::TypeCastNode castBig, ConversionToUnsafePointer castLittle,
114-
ArrayType arrTo, Type typeFrom
116+
DataFlow::TypeCastNode castBig, ConversionToUnsafePointer castLittle, ArrayType arrTo,
117+
Type typeFrom
115118
|
116-
cfg.hasFlowPath(source, sink) and
117-
cfg.conversionIsSource(source.getNode(), castLittle) and
118-
cfg.typeCastNodeIsSink(sink.getNode(), castBig) and
119+
UnsafeTypeCastingFlow::flowPath(source, sink) and
120+
UnsafeTypeCastingConfig::conversionIsSource(source.getNode(), castLittle) and
121+
UnsafeTypeCastingConfig::typeCastNodeIsSink(sink.getNode(), castBig) and
119122
arrTo = getFinalType(castBig.getResultType()) and
120123
not typeFrom.getUnderlyingType() instanceof ArrayType and
121124
not typeFrom instanceof PointerType and
@@ -137,15 +140,15 @@ predicate castTypeToArray(DataFlow::PathNode source, DataFlow::PathNode sink, st
137140
*/
138141

139142
predicate castDifferentBitSizeNumbers(
140-
DataFlow::PathNode source, DataFlow::PathNode sink, string message
143+
UnsafeTypeCastingFlow::PathNode source, UnsafeTypeCastingFlow::PathNode sink, string message
141144
) {
142145
exists(
143-
UnsafeTypeCastingConf cfg, DataFlow::TypeCastNode castBig, ConversionToUnsafePointer castLittle,
144-
NumericType numTo, NumericType numFrom
146+
DataFlow::TypeCastNode castBig, ConversionToUnsafePointer castLittle, NumericType numTo,
147+
NumericType numFrom
145148
|
146-
cfg.hasFlowPath(source, sink) and
147-
cfg.conversionIsSource(source.getNode(), castLittle) and
148-
cfg.typeCastNodeIsSink(sink.getNode(), castBig) and
149+
UnsafeTypeCastingFlow::flowPath(source, sink) and
150+
UnsafeTypeCastingConfig::conversionIsSource(source.getNode(), castLittle) and
151+
UnsafeTypeCastingConfig::typeCastNodeIsSink(sink.getNode(), castBig) and
149152
numTo = getFinalType(castBig.getResultType()) and
150153
numFrom = getFinalType(castLittle.getOperand().getType()) and
151154
// TODO: also consider cast from uint to int?
@@ -171,7 +174,7 @@ int getNumericTypeSize(NumericType typ) {
171174
result = typ.getSize()
172175
}
173176

174-
from DataFlow::PathNode source, DataFlow::PathNode sink, string message
177+
from UnsafeTypeCastingFlow::PathNode source, UnsafeTypeCastingFlow::PathNode sink, string message
175178
where
176179
castShortArrayToLongerArray(source, sink, message) or
177180
castTypeToArray(source, sink, message) or

0 commit comments

Comments
 (0)