-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #17335 from egregius313/egregius313/go/dataflow/mo…
…dels/stdin Go: Implement `stdin` models
- Loading branch information
Showing
11 changed files
with
125 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
--- | ||
category: minorAnalysis | ||
--- | ||
* Local source models with the `stdin` source kind have been added for the variable `os.Stdin` and the functions `fmt.Scan`, `fmt.Scanf` and `fmt.Scanln`. You can optionally include threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 changes: 3 additions & 0 deletions
3
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/stdin/go.mod
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
module test | ||
|
||
go 1.22.6 |
3 changes: 3 additions & 0 deletions
3
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/stdin/source.expected
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
testFailures | ||
invalidModelRow | ||
failures |
7 changes: 7 additions & 0 deletions
7
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/stdin/source.ext.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
extensions: | ||
|
||
- addsTo: | ||
pack: codeql/threat-models | ||
extensible: threatModelConfiguration | ||
data: | ||
- ["stdin", true, 0] |
19 changes: 19 additions & 0 deletions
19
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/stdin/source.ql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
import go | ||
import ModelValidation | ||
import TestUtilities.InlineExpectationsTest | ||
|
||
module SourceTest implements TestSig { | ||
string getARelevantTag() { result = "source" } | ||
|
||
predicate hasActualResult(Location location, string element, string tag, string value) { | ||
exists(ActiveThreatModelSource s | | ||
s.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(), | ||
location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and | ||
element = s.toString() and | ||
value = "" and | ||
tag = "source" | ||
) | ||
} | ||
} | ||
|
||
import MakeTest<SourceTest> |
2 changes: 2 additions & 0 deletions
2
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/stdin/test.expected
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
testFailures | ||
invalidModelRow |
7 changes: 7 additions & 0 deletions
7
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/stdin/test.ext.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
extensions: | ||
|
||
- addsTo: | ||
pack: codeql/threat-models | ||
extensible: threatModelConfiguration | ||
data: | ||
- ["stdin", true, 0] |
48 changes: 48 additions & 0 deletions
48
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/stdin/test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
package test | ||
|
||
import ( | ||
"bufio" | ||
"fmt" | ||
"os" | ||
) | ||
|
||
func sink(string) { | ||
|
||
} | ||
|
||
func readStdinBuffer() { | ||
buf := make([]byte, 1024) | ||
n, err := os.Stdin.Read(buf) // $source | ||
if err != nil { | ||
return | ||
} | ||
sink(string(buf[:n])) // $hasTaintFlow="type conversion" | ||
} | ||
|
||
func readStdinBuffReader() { | ||
buf := make([]byte, 1024) | ||
r := bufio.NewReader(os.Stdin) // $source | ||
n, err := r.Read(buf) | ||
if err != nil { | ||
return | ||
} | ||
sink(string(buf[:n])) // $hasTaintFlow="type conversion" | ||
} | ||
|
||
func scan() { | ||
var username, email string | ||
fmt.Scan(&username, &email) // $source | ||
sink(username) // $hasTaintFlow="username" | ||
} | ||
|
||
func scanf() { | ||
var s string | ||
fmt.Scanf("%s", &s) // $source | ||
sink(s) // $hasTaintFlow="s" | ||
} | ||
|
||
func scanl() { | ||
var s string | ||
fmt.Scanln(&s) // $source | ||
sink(s) // $hasTaintFlow="s" | ||
} |
15 changes: 15 additions & 0 deletions
15
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/stdin/test.ql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
import go | ||
import semmle.go.dataflow.ExternalFlow | ||
import ModelValidation | ||
import experimental.frameworks.CleverGo | ||
import TestUtilities.InlineFlowTest | ||
|
||
module Config implements DataFlow::ConfigSig { | ||
predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } | ||
|
||
predicate isSink(DataFlow::Node sink) { | ||
sink.asExpr() = any(CallExpr c | c.getTarget().getName() = "sink").getArgument(0) | ||
} | ||
} | ||
|
||
import TaintFlowTest<Config> |