Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Go: reinstate models-as-data sink conversions with fixes #17494

Draft
wants to merge 29 commits into
base: main
Choose a base branch
from
Draft

Go: reinstate models-as-data sink conversions with fixes #17494

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
d372d66
Convert squirrel sql-injection sinks to MaD (non-existent methods rem…
owen-mc Aug 8, 2024
83effdc
Upgrade and convert gorqlite sql-injection sinks to MaD
owen-mc Aug 15, 2024
d68951e
Convert gogf/gf sql-injection sinks to MaD
owen-mc Aug 15, 2024
ca71c5b
Convert sqlx sql-injection sinks to MaD
owen-mc Aug 15, 2024
ed51d4e
Convert Gorm sql-injection sinks to MaD
owen-mc Aug 15, 2024
07e7b84
Convert Xorm sql-injection sinks to MaD
owen-mc Aug 15, 2024
e078686
Convert Bun sql-injection sinks to MaD
owen-mc Aug 15, 2024
17e560d
Convert Beego orm sql-injection sinks to MaD
owen-mc Aug 15, 2024
18698ed
Convert database/sql sql-injection sinks to MaD
owen-mc Aug 15, 2024
485261f
Convert database/sql/driver sql-injection sinks to MaD
owen-mc Aug 15, 2024
7d63f43
Convert mongodb nosql-injection sinks to MaD
owen-mc Aug 16, 2024
e880667
Convert gocb nosql-injection sinks to MaD
owen-mc Aug 16, 2024
cdfe3e6
Convert logging sinks to use MaD
owen-mc Jul 25, 2024
48123b5
Fix typo in package path
owen-mc Aug 9, 2024
d503ae8
Model some squirrel methods in QL
owen-mc Sep 12, 2024
89376e0
Model some Xorm methods in QL
owen-mc Sep 12, 2024
3992496
Model `logrus.FieldLogger` using models-as-data
owen-mc Sep 17, 2024
30a0a4b
Add tests for squirrel.Eq
owen-mc Sep 12, 2024
482dff6
Add tests for Xorm first argument of varargs slice
owen-mc Sep 12, 2024
dec52d8
Add tests for logrus.FieldLogger
owen-mc Sep 12, 2024
c5d4248
Make Logrus log injection tests more comprehensive
owen-mc Sep 17, 2024
1e5426c
Set Subtypes column to True in all modified MaD files
owen-mc Sep 18, 2024
2dc16fb
Update test expectations
owen-mc Sep 19, 2024
f411569
Add heuristic logger calls
owen-mc Sep 18, 2024
61bee8d
Fix typo in unrelated QLDoc
owen-mc Sep 18, 2024
15424dc
Add tests for heuristic logger calls
owen-mc Sep 18, 2024
35253de
Remove type restriction on args to heuristic loggers
owen-mc Sep 19, 2024
9963db1
Allow heuristic logging interfaces ending in "logger"
owen-mc Sep 19, 2024
e0f6acc
Allow "Output" as heuristic logger method name
owen-mc Sep 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions go/ql/lib/ext/database.sql.driver.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,14 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["database/sql/driver", "Execer", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql/driver", "ExecerContext", True, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql/driver", "Conn", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql/driver", "ConnPrepareContext", True, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql/driver", "Queryer", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql/driver", "QueryerContext", True, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel
Expand Down
30 changes: 29 additions & 1 deletion go/ql/lib/ext/database.sql.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,37 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["database/sql", "Conn", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "Conn", True, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql", "Conn", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "Conn", True, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql", "Conn", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "Conn", True, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql", "Conn", True, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "Conn", True, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql", "DB", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "DB", True, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql", "DB", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "DB", True, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql", "DB", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "DB", True, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql", "DB", True, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "DB", True, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql", "Tx", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "Tx", True, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql", "Tx", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "Tx", True, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql", "Tx", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "Tx", True, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql", "Tx", True, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "Tx", True, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["database/sql", "", False, "Named", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
- ["database/sql", "", True, "Named", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
- ["database/sql", "Conn", True, "PrepareContext", "", "", "Argument[1]", "ReturnValue[0]", "taint", "manual"]
- ["database/sql", "DB", True, "Prepare", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["database/sql", "DB", True, "PrepareContext", "", "", "Argument[1]", "ReturnValue[0]", "taint", "manual"]
Expand Down
7 changes: 7 additions & 0 deletions go/ql/lib/ext/fmt.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,11 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["fmt", "", True, "Print", "", "", "Argument[0]", "log-injection", "manual"]
- ["fmt", "", True, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["fmt", "", True, "Println", "", "", "Argument[0]", "log-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel
Expand Down
42 changes: 42 additions & 0 deletions go/ql/lib/ext/github.com.beego.beego.client.orm.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: packageGrouping
data:
- ["beego-orm", "github.com/beego/beego/client/orm"]
- ["beego-orm", "github.com/astaxie/beego/orm"]
- ["beego-orm", "github.com/beego/beego/orm"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["group:beego-orm", "Condition", True, "Raw", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:beego-orm", "DB", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "DB", True, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:beego-orm", "DB", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "DB", True, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:beego-orm", "DB", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "DB", True, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:beego-orm", "DB", True, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "DB", True, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:beego-orm", "Ormer", True, "Raw", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "And", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "Delete", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "From", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "GroupBy", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "Having", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "In", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "InnerJoin", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "InsertInto", "", "", "Argument[0..1]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "LeftJoin", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "On", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "Or", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "OrderBy", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "RightJoin", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "Select", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "Set", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "Subquery", "", "", "Argument[0..1]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "Update", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "Values", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QuerySeter", True, "FilterRaw", "", "", "Argument[1]", "sql-injection", "manual"]
34 changes: 34 additions & 0 deletions go/ql/lib/ext/github.com.beego.beego.core.logs.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: packageGrouping
data:
- ["beego-logs", "github.com/astaxie/beego/logs"]
- ["beego-logs", "github.com/beego/beego/logs"]
- ["beego-logs", "github.com/beego/beego/core/logs"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["group:beego-logs", "", True, "Alert", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", True, "Critical", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", True, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", True, "Emergency", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", True, "Error", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", True, "Info", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", True, "Informational", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", True, "Notice", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", True, "Trace", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", True, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", True, "Warning", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", True, "Alert", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", True, "Critical", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", True, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", True, "Emergency", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", True, "Error", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", True, "Info", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", True, "Informational", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", True, "Notice", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", True, "Trace", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", True, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", True, "Warning", "", "", "Argument[0..1]", "log-injection", "manual"]
25 changes: 15 additions & 10 deletions go/ql/lib/ext/github.com.beego.beego.core.utils.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,25 @@ extensions:
- ["beego-utils", "github.com/astaxie/beego/utils"]
- ["beego-utils", "github.com/beego/beego/utils"]
- ["beego-utils", "github.com/beego/beego/core/utils"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["group:beego-utils", "", True, "Display", "", "", "Argument[0]", "log-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["group:beego-utils", "", False, "SliceChunk", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", False, "SliceDiff", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", False, "SliceFilter", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", False, "SliceIntersect", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", False, "SliceMerge", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", False, "SlicePad", "", "", "Argument[0..2]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", False, "SliceRand", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", False, "SliceReduce", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", False, "SliceShuffle", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", False, "SliceUnique", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", True, "SliceChunk", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", True, "SliceDiff", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", True, "SliceFilter", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", True, "SliceIntersect", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", True, "SliceMerge", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", True, "SlicePad", "", "", "Argument[0..2]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", True, "SliceRand", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", True, "SliceReduce", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", True, "SliceShuffle", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "", True, "SliceUnique", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "BeeMap", True, "Get", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "BeeMap", True, "Items", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:beego-utils", "BeeMap", True, "Set", "", "", "Argument[1]", "Argument[receiver]", "taint", "manual"]
34 changes: 23 additions & 11 deletions go/ql/lib/ext/github.com.beego.beego.server.web.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,24 +10,36 @@ extensions:
pack: codeql/go-all
extensible: sinkModel
data:
# log-injection
- ["group:beego", "", True, "Alert", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", True, "Critical", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", True, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", True, "Emergency", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", True, "Error", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", True, "Info", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", True, "Informational", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", True, "Notice", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", True, "Trace", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", True, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", True, "Warning", "", "", "Argument[0..1]", "log-injection", "manual"]
# path-injection
- ["group:beego", "", False, "Walk", "", "", "Argument[1]", "path-injection", "manual"]
- ["group:beego", "Controller", False, "SaveToFile", "", "", "Argument[1]", "path-injection", "manual"]
- ["group:beego", "Controller", False, "SaveToFileWithBuffer", "", "", "Argument[1]", "path-injection", "manual"] # only exists in v2
- ["group:beego", "FileSystem", False, "Open", "", "", "Argument[0]", "path-injection", "manual"]
- ["group:beego", "", True, "Walk", "", "", "Argument[1]", "path-injection", "manual"]
- ["group:beego", "Controller", True, "SaveToFile", "", "", "Argument[1]", "path-injection", "manual"]
- ["group:beego", "Controller", True, "SaveToFileWithBuffer", "", "", "Argument[1]", "path-injection", "manual"] # only exists in v2
- ["group:beego", "FileSystem", True, "Open", "", "", "Argument[0]", "path-injection", "manual"]
# url-redirection
- ["group:beego", "Controller", True, "Redirect", "", "", "Argument[0]", "url-redirection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["group:beego", "", False, "HTML2str", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego", "", False, "Htmlquote", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego", "", False, "Htmlunquote", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego", "", False, "MapGet", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["group:beego", "", False, "ParseForm", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["group:beego", "", False, "Str2html", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego", "", False, "Substr", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego", "", True, "HTML2str", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego", "", True, "Htmlquote", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego", "", True, "Htmlunquote", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego", "", True, "MapGet", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["group:beego", "", True, "ParseForm", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["group:beego", "", True, "Str2html", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:beego", "", True, "Substr", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- addsTo:
pack: codeql/go-all
extensible: sourceModel
Expand Down
Loading
Loading