diff --git a/.codeqlmanifest.json b/.codeqlmanifest.json index 5eef6cac46..f3a36330c4 100644 --- a/.codeqlmanifest.json +++ b/.codeqlmanifest.json @@ -5,7 +5,9 @@ "codeql-go/*/ql/src/qlpack.yml", "codeql-go/*/ql/lib/qlpack.yml", "*/qlpack.yml", - "*/customizations/qlpack.yml" + "*/customizations/qlpack.yml", + "go/qlpack.yml", + "tests/go-tests/qlpack.yml" ], "versionPolicies": { "default": { diff --git a/.gitignore b/.gitignore index 8341e0db03..d2ed312dc8 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,5 @@ test.ql test-*.ql testing/** +*/*.testproj/* +*/test-output.txt \ No newline at end of file diff --git a/go/github/LocalSources.qll b/go/github/LocalSources.qll new file mode 100644 index 0000000000..3c34cbdb77 --- /dev/null +++ b/go/github/LocalSources.qll @@ -0,0 +1,84 @@ +private import go + +module LocalSources { + private import semmle.go.dataflow.DataFlow + private import semmle.go.dataflow.TaintTracking + private import semmle.go.Scopes + + abstract class Range extends DataFlow::Node { } + +// ========== Sources ========== + +abstract class Sources extends DataFlow::Node { } + +// ---------------------------------------------------- +// Used for finding Selections or Calls for Go imports +// ---------------------------------------------------- + +//class UseOfGoImports extends Sources { + //UseOfGoImports () { + //exists ( ValueEntity read, + //DataFlow::Package pkg | + //read.getScope().getEntity(_) = pkg.getScope().getEntity(_) + //and ( this.toString().regexpMatch("selection of.*") + //or this.toString().regexpMatch("call to .*") ) + //) + //} +//} + +// ---------------------------------------------------- + +class OsCmd extends LocalSources::Range { + OsCmd() { + exists ( ValueEntity read, + DataFlow::Package pkg | + read.getScope().getEntity(_) = pkg.getScope().getEntity(_) + and this.toString() = "selection of Run" + ) + } +} + +class OsExec extends LocalSources::Range { + OsExec() { + exists ( ValueEntity read, + DataFlow::Package pkg | + read.getScope().getEntity(_) = pkg.getScope().getEntity(_) + and this.toString() = "selection of Command" + ) + } +} + +class OsArgs extends LocalSources::Range { + OsArgs() { + exists ( ValueEntity read, + DataFlow::Package pkg | + read.getScope().getEntity(_) = pkg.getScope().getEntity(_) + and this.toString() = "selection of Args" + ) + } +} + +// Not currently working (need a test case) +//class OsGetenv extends Sources, DataFlow::CallNode { + //OsGetenv() { + //// https://pkg.go.dev/os#Getenv + //this.getTarget().hasQualifiedName(package("os", ""), "Getenv") + //or + //// https://pkg.go.dev/os#Environ + //this.getTarget().hasQualifiedName(package("os", ""), "Environ") + //} +//} + + // https://pkg.go.dev/flag +class Flag extends LocalSources::Range { + Flag() { + exists ( ValueEntity read, + DataFlow::Package pkg | + read.getScope().getEntity(_) = pkg.getScope().getEntity(_) + and + ( this.toString() = "selection of String" + or this.toString() = "selection of Parse" ) + ) + } +} +} \ No newline at end of file diff --git a/go/qlpack.yml b/go/qlpack.yml index 8af56a0699..39eced8e4d 100644 --- a/go/qlpack.yml +++ b/go/qlpack.yml @@ -1,3 +1,3 @@ name: github-queries-go -version: 0.0.0 +version: 0.1.0 libraryPathDependencies: codeql-go \ No newline at end of file diff --git a/tests/go-tests/qlpack.lock.yml b/tests/go-tests/qlpack.lock.yml new file mode 100644 index 0000000000..a046f6d978 --- /dev/null +++ b/tests/go-tests/qlpack.lock.yml @@ -0,0 +1,4 @@ +--- +dependencies: {} +compiled: false +lockVersion: 1.0.0 \ No newline at end of file diff --git a/tests/go-tests/qlpack.yml b/tests/go-tests/qlpack.yml new file mode 100644 index 0000000000..54e2b6f85d --- /dev/null +++ b/tests/go-tests/qlpack.yml @@ -0,0 +1,10 @@ +name: github-queries-go-tests +groups: [go, test] +dependencies: + codeql-go: "*" + codeql/go-all: "*" + github-queries-go: "*" + #codeql-queries/go: "*" + +extractor: go +tests: . \ No newline at end of file