Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Jan 5, 2023. It is now read-only.

Pilot #0: Add web framework clevergo #438

Merged
merged 28 commits into from
Apr 9, 2021
Merged

Pilot #0: Add web framework clevergo #438

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
6d9b7d3
Add web framework: clevergo
gagliardetto Dec 20, 2020
1bfe395
Remove `import DataFlow::PathGraph`
gagliardetto Dec 20, 2020
dfbad0e
Regenerate code implementing the code review feedback
gagliardetto Jan 5, 2021
7c62c63
codeql: add packagePath predicate
gagliardetto Jan 5, 2021
c4ee617
Add back bindingset to packagePath
gagliardetto Jan 5, 2021
11326eb
Update ql/src/semmle/go/frameworks/CleverGo.qll
gagliardetto Jan 5, 2021
34dcf83
Fix module doc
gagliardetto Jan 6, 2021
928c12d
Simplify UntrustedSources methods
gagliardetto Jan 23, 2021
a90f609
Manually add packagePath() predicate
gagliardetto Jan 23, 2021
a6c1acf
Fix imports
gagliardetto Jan 23, 2021
54abdf1
Regenerate tests
gagliardetto Jan 23, 2021
c01259e
Simplify UntrustedSources interface methods
gagliardetto Jan 23, 2021
d3d7d2d
Simplify UntrustedSources struct fields
gagliardetto Jan 23, 2021
bdc5f90
Cleanup comments
gagliardetto Jan 23, 2021
f95f353
Cleanup comments
gagliardetto Jan 23, 2021
0c1ae62
Use //go:generate depstubber --vendor --auto
gagliardetto Jan 23, 2021
1de7196
Regenerate dep stubs
gagliardetto Jan 23, 2021
55c8d9b
Make naming more consistent
gagliardetto Jan 23, 2021
c53d8d3
Add http redirect model
gagliardetto Jan 25, 2021
98b3cc2
Fix autoformatting
gagliardetto Jan 25, 2021
0fe7050
Add models for HTTP::ResponseBody
gagliardetto Jan 27, 2021
93ff245
Use docs instead of comments for classes.
gagliardetto Jan 27, 2021
7edf739
Model HTTP::HeaderWrite; regenerate stubs
gagliardetto Feb 5, 2021
8c18aa6
Simplify HTTP::HeaderWrite
gagliardetto Feb 5, 2021
3915305
Refactor and improve HTTP:ResponseBody models and tests
gagliardetto Feb 9, 2021
7ea0434
Move clevergo framework to experimental
gagliardetto Apr 7, 2021
4ae5bdb
Improve naming of files and elements.
gagliardetto Apr 8, 2021
8e839f3
Put all tests file in to the CleverGo folder instead of having dedica…
gagliardetto Apr 8, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add models for HTTP::ResponseBody
  • Loading branch information
@gagliardetto @smowton
gagliardetto authored and smowton committed Apr 9, 2021
commit 0fe7050e7e843c5edfdf9d9364db30c7e8ec02e8
89 changes: 89 additions & 0 deletions ql/src/semmle/go/frameworks/CleverGo.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,4 +172,93 @@ private module CleverGo {

override HTTP::ResponseWriter getResponseWriter() { none() }
}

// Models HTTP ResponseBody.
private class HttpResponseBody extends HTTP::ResponseBody::Range {
string package;
DataFlow::CallNode call;
string contentType;

HttpResponseBody() {
// HTTP ResponseBody models for package: clevergo.tech/[email protected]
package = packagePath() and
// Receiver type: Context
(
// signature: func (*Context).Error(code int, msg string) error
call = any(Method m | m.hasQualifiedName(package, "Context", "Error")).getACall() and
this = call.getArgument(1) and
contentType = "text/plain"
or
// signature: func (*Context).HTML(code int, html string) error
call = any(Method m | m.hasQualifiedName(package, "Context", "HTML")).getACall() and
this = call.getArgument(1) and
contentType = "text/html"
or
// signature: func (*Context).HTMLBlob(code int, bs []byte) error
call = any(Method m | m.hasQualifiedName(package, "Context", "HTMLBlob")).getACall() and
this = call.getArgument(1) and
contentType = "text/html"
or
// signature: func (*Context).JSON(code int, data interface{}) error
call = any(Method m | m.hasQualifiedName(package, "Context", "JSON")).getACall() and
this = call.getArgument(1) and
contentType = "application/json"
or
// signature: func (*Context).JSONBlob(code int, bs []byte) error
call = any(Method m | m.hasQualifiedName(package, "Context", "JSONBlob")).getACall() and
this = call.getArgument(1) and
contentType = "application/json"
or
// signature: func (*Context).JSONP(code int, data interface{}) error
call = any(Method m | m.hasQualifiedName(package, "Context", "JSONP")).getACall() and
this = call.getArgument(1) and
contentType = "application/javascript"
or
// signature: func (*Context).JSONPBlob(code int, bs []byte) error
call = any(Method m | m.hasQualifiedName(package, "Context", "JSONPBlob")).getACall() and
this = call.getArgument(1) and
contentType = "application/javascript"
or
// signature: func (*Context).JSONPCallback(code int, callback string, data interface{}) error
call = any(Method m | m.hasQualifiedName(package, "Context", "JSONPCallback")).getACall() and
this = call.getArgument(2) and
contentType = "application/javascript"
or
// signature: func (*Context).JSONPCallbackBlob(code int, callback string, bs []byte) (err error)
call =
any(Method m | m.hasQualifiedName(package, "Context", "JSONPCallbackBlob")).getACall() and
this = call.getArgument(2) and
contentType = "application/javascript"
or
// signature: func (*Context).String(code int, s string) error
call = any(Method m | m.hasQualifiedName(package, "Context", "String")).getACall() and
this = call.getArgument(1) and
contentType = "text/plain"
or
// signature: func (*Context).StringBlob(code int, bs []byte) error
call = any(Method m | m.hasQualifiedName(package, "Context", "StringBlob")).getACall() and
this = call.getArgument(1) and
contentType = "text/plain"
or
// signature: func (*Context).Stringf(code int, format string, a ...interface{}) error
call = any(Method m | m.hasQualifiedName(package, "Context", "Stringf")).getACall() and
this = call.getArgument([1, any(int i | i >= 2)]) and
contentType = "text/plain"
or
// signature: func (*Context).XML(code int, data interface{}) error
call = any(Method m | m.hasQualifiedName(package, "Context", "XML")).getACall() and
this = call.getArgument(1) and
contentType = "text/xml"
or
// signature: func (*Context).XMLBlob(code int, bs []byte) error
call = any(Method m | m.hasQualifiedName(package, "Context", "XMLBlob")).getACall() and
this = call.getArgument(1) and
contentType = "text/xml"
)
}

override string getAContentType() { result = contentType }

override HTTP::ResponseWriter getResponseWriter() { none() }
}
}
12 changes: 6 additions & 6 deletions ql/test/library-tests/semmle/go/frameworks/CleverGo/HttpRedirect/Test.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
import go
import TestUtilities.InlineExpectationsTest

class TaintTrackingTest extends InlineExpectationsTest {
TaintTrackingTest() { this = "TaintTrackingTest" }
class HttpRedirectTest extends InlineExpectationsTest {
HttpRedirectTest() { this = "HttpRedirectTest" }

override string getARelevantTag() { result = "redirectUrl" }

override predicate hasActualResult(string file, int line, string element, string tag, string value) {
tag = "redirectUrl" and
exists(HTTP::Redirect q |
q.hasLocationInfo(file, line, _, _, _) and
element = q.getUrl().toString() and
value = q.getUrl().toString()
exists(HTTP::Redirect rd |
rd.hasLocationInfo(file, line, _, _, _) and
element = rd.getUrl().toString() and
value = rd.getUrl().toString()
)
}
}
106 changes: 106 additions & 0 deletions ...st/library-tests/semmle/go/frameworks/CleverGo/HttpResponseBody/Model-HttpResponseBody.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Empty file added ql/test/library-tests/semmle/go/frameworks/CleverGo/HttpResponseBody/Test.expected
View file
Open in desktop
Empty file.
23 changes: 23 additions & 0 deletions ql/test/library-tests/semmle/go/frameworks/CleverGo/HttpResponseBody/Test.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
import go
import TestUtilities.InlineExpectationsTest

class HttpResponseBodyTest extends InlineExpectationsTest {
HttpResponseBodyTest() { this = "HttpResponseBodyTest" }

override string getARelevantTag() { result = ["contentType", "responseBody"] }

override predicate hasActualResult(string file, int line, string element, string tag, string value) {
exists(HTTP::ResponseBody rd |
rd.hasLocationInfo(file, line, _, _, _) and
(
element = rd.getAContentType().toString() and
value = rd.getAContentType().toString() and
tag = "contentType"
or
element = rd.toString() and
value = rd.toString() and
tag = "responseBody"
)
)
}
}
5 changes: 5 additions & 0 deletions ql/test/library-tests/semmle/go/frameworks/CleverGo/HttpResponseBody/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
module example.com/hello/world

go 1.15

require clevergo.tech/clevergo v0.5.2
Loading