forked from github/codeql
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
44c3787
commit a3d11c6
Showing
19 changed files
with
206 additions
and
46 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
4cae4b23fc1b2b1760e259b660996e9bb5573279 | ||
894102defd0777931a0e261ad66e631e63ec0ad8 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
33 changes: 33 additions & 0 deletions
33
repo-tests/codeql-go/ql/lib/semmle/go/security/LogInjection.qll
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
/** | ||
* Provides a taint tracking configuration for reasoning about log injection vulnerabilities. | ||
* | ||
* Note: for performance reasons, only import this file if `LogInjection::Configuration` is needed, | ||
* otherwise `LogInjectionCustomizations` should be imported instead. | ||
*/ | ||
|
||
import go | ||
|
||
/** | ||
* Provides a taint-tracking configuration for reasoning about | ||
* log injection vulnerabilities. | ||
*/ | ||
module LogInjection { | ||
import LogInjectionCustomizations::LogInjection | ||
|
||
/** | ||
* A taint-tracking configuration for reasoning about log injection vulnerabilities. | ||
*/ | ||
class Configuration extends TaintTracking::Configuration { | ||
Configuration() { this = "LogInjection" } | ||
|
||
override predicate isSource(DataFlow::Node source) { source instanceof Source } | ||
|
||
override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } | ||
|
||
override predicate isSanitizer(DataFlow::Node sanitizer) { sanitizer instanceof Sanitizer } | ||
|
||
override predicate isSanitizerGuard(DataFlow::BarrierGuard guard) { | ||
guard instanceof SanitizerGuard | ||
} | ||
} | ||
} |
42 changes: 42 additions & 0 deletions
42
repo-tests/codeql-go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
/** | ||
* Provides default sources, sinks, and sanitizers for reasoning about | ||
* log injection vulnerabilities, as well as extension points for adding your own. | ||
*/ | ||
|
||
import go | ||
|
||
/** | ||
* Provides extension points for customizing the data-flow tracking configuration for reasoning | ||
* about log injection. | ||
*/ | ||
module LogInjection { | ||
/** | ||
* A data flow source for log injection vulnerabilities. | ||
*/ | ||
abstract class Source extends DataFlow::Node { } | ||
|
||
/** | ||
* A data flow sink for log injection vulnerabilities. | ||
*/ | ||
abstract class Sink extends DataFlow::Node { } | ||
|
||
/** | ||
* A sanitizer for log injection vulnerabilities. | ||
*/ | ||
abstract class Sanitizer extends DataFlow::Node { } | ||
|
||
/** | ||
* A sanitizer guard for log injection vulnerabilities. | ||
*/ | ||
abstract class SanitizerGuard extends DataFlow::BarrierGuard { } | ||
|
||
/** A source of untrusted data, considered as a taint source for log injection. */ | ||
class UntrustedFlowAsSource extends Source { | ||
UntrustedFlowAsSource() { this instanceof UntrustedFlowSource } | ||
} | ||
|
||
/** An argument to a logging mechanism. */ | ||
class LoggerSink extends Sink { | ||
LoggerSink() { this = any(LoggerCall log).getAMessageComponent() } | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
21 changes: 21 additions & 0 deletions
21
repo-tests/codeql-go/ql/src/Security/CWE-117/LogInjection.ql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
/** | ||
* @name Log entries created from user input | ||
* @description Building log entries from user-controlled sources is vulnerable to | ||
* insertion of forged log entries by a malicious user. | ||
* @kind path-problem | ||
* @problem.severity error | ||
* @security-severity 7.8 | ||
* @precision high | ||
* @id go/log-injection | ||
* @tags security | ||
* external/cwe/cwe-117 | ||
*/ | ||
|
||
import go | ||
import semmle.go.security.LogInjection | ||
import DataFlow::PathGraph | ||
|
||
from LogInjection::Configuration c, DataFlow::PathNode source, DataFlow::PathNode sink | ||
where c.hasFlowPath(source, sink) | ||
select sink, source, sink, "This log write receives unsanitized user input from $@.", | ||
source.getNode(), "here" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.