Add getSourceType declarations to existing remote flow sources

egregius313 · egregius313 · commit 49fb372eb99e · 2024-06-17T10:51:09.000-04:00
diff --git a/go/ql/lib/semmle/go/frameworks/AwsLambda.qll b/go/ql/lib/semmle/go/frameworks/AwsLambda.qll
@@ -14,6 +14,8 @@ private class LambdaInput extends RemoteFlowSource::Range {
       not p instanceof ReceiverVariable
     )
   }
+
+  override string getSourceType() { result = "AWS Lambda Input" }
 }
 
 private class HandlerFunction extends FuncDef {
diff --git a/go/ql/lib/semmle/go/frameworks/Beego.qll b/go/ql/lib/semmle/go/frameworks/Beego.qll
@@ -71,6 +71,8 @@ module Beego {
     }
 
     predicate isSafeUrlSource() { methodName in ["URI", "URL"] }
+
+    override string getSourceType() { result = "Beego Input" }
   }
 
   /** `BeegoInput` sources that are safe to use for redirection. */
@@ -100,6 +102,8 @@ module Beego {
         )
       )
     }
+
+    override string getSourceType() { result = "a Beego Controller" }
   }
 
   /**
@@ -111,6 +115,8 @@ module Beego {
         frn.getField().hasQualifiedName(contextPackagePath(), "BeegoInput", "RequestBody")
       )
     }
+
+    override string getSourceType() { result = "Beego Input Request Body" }
   }
 
   /**
@@ -122,6 +128,8 @@ module Beego {
         this = m.getACall().getResult()
       )
     }
+
+    override string getSourceType() { result = "a Beego cookie" }
   }
 
   private class BeegoOutputInstance extends Http::ResponseWriter::Range {
diff --git a/go/ql/lib/semmle/go/frameworks/Chi.qll b/go/ql/lib/semmle/go/frameworks/Chi.qll
@@ -15,6 +15,8 @@ private module Chi {
     UserControlledFunction() {
       this.getTarget().hasQualifiedName(packagePath(), ["URLParam", "URLParamFromCtx"])
     }
+
+    override string getSourceType() { result = "URL parameter" }
   }
 
   /**
@@ -26,5 +28,7 @@ private module Chi {
     UserControlledRequestMethod() {
       this.getTarget().hasQualifiedName(packagePath(), "Context", "URLParam")
     }
+
+    override string getSourceType() { result = "URL parameter" }
   }
 }
diff --git a/go/ql/lib/semmle/go/frameworks/Echo.qll b/go/ql/lib/semmle/go/frameworks/Echo.qll
@@ -24,6 +24,8 @@ private module Echo {
         this = call.getResult(0)
       )
     }
+
+    override string getSourceType() { result = "HTTP request context" }
   }
 
   /**
@@ -50,6 +52,8 @@ private module Echo {
         this = FunctionOutput::parameter(0).getExitNode(call)
       )
     }
+
+    override string getSourceType() { result = "HTTP request data" }
   }
 
   /**
diff --git a/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll b/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll
@@ -106,6 +106,8 @@ module ElazarlGoproxy {
         call.getTarget().hasQualifiedName(packagePath(), "ProxyCtx", "Charset")
       )
     }
+
+    override string getSourceType() { result = "HTTP request data" }
   }
 
   private class ProxyLogFunction extends StringOps::Formatting::Range, Method {
diff --git a/go/ql/lib/semmle/go/frameworks/Fasthttp.qll b/go/ql/lib/semmle/go/frameworks/Fasthttp.qll
@@ -271,6 +271,8 @@ module Fasthttp {
           this = m.getACall().getResult(0)
         )
       }
+
+      override string getSourceType() { result = "a component of a URI" }
     }
   }
 
@@ -296,6 +298,8 @@ module Fasthttp {
           this = m.getACall().getResult(0)
         )
       }
+
+      override string getSourceType() { result = "URL Parameters" }
     }
   }
 
@@ -421,6 +425,8 @@ module Fasthttp {
           this = m.getACall().getArgument(0)
         )
       }
+
+      override string getSourceType() { result = "HTTP request" }
     }
 
     /**
@@ -499,6 +505,8 @@ module Fasthttp {
           this = m.getACall().getResult(0)
         )
       }
+
+      override string getSourceType() { result = "HTTP header" }
     }
   }
 
@@ -529,6 +537,8 @@ module Fasthttp {
           this = m.getACall().getResult(0)
         )
       }
+
+      override string getSourceType() { result = "HTTP request header" }
     }
   }
 }
diff --git a/go/ql/lib/semmle/go/frameworks/Gin.qll b/go/ql/lib/semmle/go/frameworks/Gin.qll
@@ -34,6 +34,8 @@ private module Gin {
         this = fld.getARead()
       )
     }
+
+    override string getSourceType() { result = "HTTP request context" }
   }
 
   /**
@@ -53,6 +55,8 @@ private module Gin {
         this = FunctionOutput::parameter(0).getExitNode(call)
       )
     }
+
+    override string getSourceType() { result = "HTTP request data" }
   }
 
   /**
diff --git a/go/ql/lib/semmle/go/frameworks/GoKit.qll b/go/ql/lib/semmle/go/frameworks/GoKit.qll
@@ -37,6 +37,8 @@ module GoKit {
 
     private class EndpointRequest extends RemoteFlowSource::Range {
       EndpointRequest() { this = DataFlow::parameterNode(getAnEndpointFunction().getParameter(1)) }
+
+      override string getSourceType() { result = "Go Kit endpoint request" }
     }
   }
 }
diff --git a/go/ql/lib/semmle/go/frameworks/GoMicro.qll b/go/ql/lib/semmle/go/frameworks/GoMicro.qll
@@ -150,5 +150,7 @@ module GoMicro {
         this.getType().(PointerType).getBaseType() instanceof ProtocMessageType
       )
     }
+
+    override string getSourceType() { result = "service handler request" }
   }
 }
diff --git a/go/ql/lib/semmle/go/frameworks/GoRestfulHttp.qll b/go/ql/lib/semmle/go/frameworks/GoRestfulHttp.qll
@@ -29,6 +29,8 @@ private module GoRestfulHttp {
    */
   private class GoRestfulSource extends RemoteFlowSource::Range {
     GoRestfulSource() { this = any(GoRestfulSourceMethod g).getACall() }
+
+    override string getSourceType() { result = "HTTP request" }
   }
 
   /**
@@ -42,5 +44,7 @@ private module GoRestfulHttp {
         this = FunctionOutput::parameter(0).getExitNode(call)
       )
     }
+
+    override string getSourceType() { result = "HTTP request body" }
   }
 }
diff --git a/go/ql/lib/semmle/go/frameworks/Gqlgen.qll b/go/ql/lib/semmle/go/frameworks/Gqlgen.qll
@@ -43,5 +43,7 @@ module Gqlgen {
     ResolverParameter() {
       this.asParameter() = any(ResolverImplementationMethod h).getAnUntrustedParameter()
     }
+
+    override string getSourceType() { result = "GraphQL request" }
   }
 }
diff --git a/go/ql/lib/semmle/go/frameworks/Mux.qll b/go/ql/lib/semmle/go/frameworks/Mux.qll
@@ -13,5 +13,7 @@ module Mux {
     RequestVars() {
       this.getTarget().hasQualifiedName(package("github.com/gorilla/mux", ""), "Vars")
     }
+
+    override string getSourceType() { result = "Mux request variable" }
   }
 }
diff --git a/go/ql/lib/semmle/go/frameworks/Revel.qll b/go/ql/lib/semmle/go/frameworks/Revel.qll
@@ -19,6 +19,8 @@ module Revel {
         f.hasQualifiedName(packagePath(), "Controller", "Params")
       )
     }
+
+    override string getSourceType() { result = "Revel controller parameter" }
   }
 
   private class ParamsFixedSanitizer extends TaintTracking::DefaultTaintSanitizer,
@@ -39,6 +41,8 @@ module Revel {
         f.hasQualifiedName(packagePath(), "RouteMatch", "Params")
       )
     }
+
+    override string getSourceType() { result = "Revel route match parameter" }
   }
 
   /** An access to an HTTP request field whose value may be controlled by an untrusted user. */
@@ -52,6 +56,8 @@ module Revel {
           ]
       )
     }
+
+    override string getSourceType() { result = "HTTP request field" }
   }
 
   private class UserControlledRequestMethod extends RemoteFlowSource::Range,
@@ -65,6 +71,8 @@ module Revel {
               "Cookie", "GetHttpHeader", "GetRequestURI", "MultipartReader", "Referer", "UserAgent"
             ])
     }
+
+    override string getSourceType() { result = "Revel request method" }
   }
 
   private string contentTypeFromFilename(DataFlow::Node filename) {
diff --git a/go/ql/lib/semmle/go/frameworks/Twirp.qll b/go/ql/lib/semmle/go/frameworks/Twirp.qll
@@ -138,5 +138,7 @@ module Twirp {
         this.getType().(PointerType).getBaseType() instanceof ProtobufMessageType
       )
     }
+
+    override string getSourceType() { result = "Twirp request" }
   }
 }
diff --git a/go/ql/lib/semmle/go/frameworks/WebSocket.qll b/go/ql/lib/semmle/go/frameworks/WebSocket.qll
@@ -131,6 +131,8 @@ class WebSocketReaderAsSource extends RemoteFlowSource::Range {
   WebSocketReaderAsSource() {
     exists(WebSocketReader r | this = r.getAnOutput().getNode(r.getACall()))
   }
+
+  override string getSourceType() { result = "WebSocket reader" }
 }
 
 /**
diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
@@ -16,6 +16,8 @@ module NetHttp {
           ["Body", "GetBody", "Form", "PostForm", "MultipartForm", "Header", "Trailer", "URL"]
       )
     }
+
+    override string getSourceType() { result = "HTTP request" }
   }
 
   /** The declaration of a variable which either is or has a field that implements the http.ResponseWriter type */
diff --git a/go/ql/src/experimental/frameworks/CleverGo.qll b/go/ql/src/experimental/frameworks/CleverGo.qll
@@ -100,6 +100,8 @@ private module CleverGo {
         this = v.getARead()
       )
     }
+
+    override string getSourceType() { result = "Clever Go" }
   }
 
   /**
diff --git a/go/ql/src/experimental/frameworks/DecompressionBombs.qll b/go/ql/src/experimental/frameworks/DecompressionBombs.qll
@@ -19,6 +19,8 @@ class MimeMultipartFileHeader extends RemoteFlowSource::Range {
       frn.getField().hasQualifiedName("mime/multipart", "Form", "Value")
     )
   }
+
+  override string getSourceType() { result = "mime/multipart file header" }
 }
 
 /** Provides a taint tracking configuration for reasoning about decompression bomb vulnerabilities. */
diff --git a/go/ql/src/experimental/frameworks/Fiber.qll b/go/ql/src/experimental/frameworks/Fiber.qll
@@ -386,5 +386,7 @@ private module Fiber {
         fields = "Message"
       )
     }
+
+    override string getSourceType() { result = "HTTP request" }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,8 @@ private class LambdaInput extends RemoteFlowSource::Range {`
`14`	`14`	`not p instanceof ReceiverVariable`
`15`	`15`	`)`
`16`	`16`	`}`
	`17`	`+`
	`18`	`+ override string getSourceType() { result = "AWS Lambda Input" }`
`17`	`19`	`}`
`18`	`20`
`19`	`21`	`private class HandlerFunction extends FuncDef {`
Original file line number	Diff line number	Diff line change
`@@ -71,6 +71,8 @@ module Beego {`
`71`	`71`	`}`
`72`	`72`
`73`	`73`	`predicate isSafeUrlSource() { methodName in ["URI", "URL"] }`
	`74`	`+`
	`75`	`+ override string getSourceType() { result = "Beego Input" }`
`74`	`76`	`}`
`75`	`77`
`76`	`78`	/** `BeegoInput` sources that are safe to use for redirection. */
`@@ -100,6 +102,8 @@ module Beego {`
`100`	`102`	`)`
`101`	`103`	`)`
`102`	`104`	`}`
	`105`	`+`
	`106`	`+ override string getSourceType() { result = "a Beego Controller" }`
`103`	`107`	`}`
`104`	`108`
`105`	`109`	`/**`
`@@ -111,6 +115,8 @@ module Beego {`
`111`	`115`	`frn.getField().hasQualifiedName(contextPackagePath(), "BeegoInput", "RequestBody")`
`112`	`116`	`)`
`113`	`117`	`}`
	`118`	`+`
	`119`	`+ override string getSourceType() { result = "Beego Input Request Body" }`
`114`	`120`	`}`
`115`	`121`
`116`	`122`	`/**`
`@@ -122,6 +128,8 @@ module Beego {`
`122`	`128`	`this = m.getACall().getResult()`
`123`	`129`	`)`
`124`	`130`	`}`
	`131`	`+`
	`132`	`+ override string getSourceType() { result = "a Beego cookie" }`
`125`	`133`	`}`
`126`	`134`
`127`	`135`	`private class BeegoOutputInstance extends Http::ResponseWriter::Range {`
Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,8 @@ private module Chi {`
`15`	`15`	`UserControlledFunction() {`
`16`	`16`	`this.getTarget().hasQualifiedName(packagePath(), ["URLParam", "URLParamFromCtx"])`
`17`	`17`	`}`
	`18`	`+`
	`19`	`+ override string getSourceType() { result = "URL parameter" }`
`18`	`20`	`}`
`19`	`21`
`20`	`22`	`/**`
`@@ -26,5 +28,7 @@ private module Chi {`
`26`	`28`	`UserControlledRequestMethod() {`
`27`	`29`	`this.getTarget().hasQualifiedName(packagePath(), "Context", "URLParam")`
`28`	`30`	`}`
	`31`	`+`
	`32`	`+ override string getSourceType() { result = "URL parameter" }`
`29`	`33`	`}`
`30`	`34`	`}`
Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,8 @@ private module Echo {`
`24`	`24`	`this = call.getResult(0)`
`25`	`25`	`)`
`26`	`26`	`}`
	`27`	`+`
	`28`	`+ override string getSourceType() { result = "HTTP request context" }`
`27`	`29`	`}`
`28`	`30`
`29`	`31`	`/**`
`@@ -50,6 +52,8 @@ private module Echo {`
`50`	`52`	`this = FunctionOutput::parameter(0).getExitNode(call)`
`51`	`53`	`)`
`52`	`54`	`}`
	`55`	`+`
	`56`	`+ override string getSourceType() { result = "HTTP request data" }`
`53`	`57`	`}`
`54`	`58`
`55`	`59`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -106,6 +106,8 @@ module ElazarlGoproxy {`
`106`	`106`	`call.getTarget().hasQualifiedName(packagePath(), "ProxyCtx", "Charset")`
`107`	`107`	`)`
`108`	`108`	`}`
	`109`	`+`
	`110`	`+ override string getSourceType() { result = "HTTP request data" }`
`109`	`111`	`}`
`110`	`112`
`111`	`113`	`private class ProxyLogFunction extends StringOps::Formatting::Range, Method {`
Original file line number	Diff line number	Diff line change
`@@ -271,6 +271,8 @@ module Fasthttp {`
`271`	`271`	`this = m.getACall().getResult(0)`
`272`	`272`	`)`
`273`	`273`	`}`
	`274`	`+`
	`275`	`+ override string getSourceType() { result = "a component of a URI" }`
`274`	`276`	`}`
`275`	`277`	`}`
`276`	`278`
`@@ -296,6 +298,8 @@ module Fasthttp {`
`296`	`298`	`this = m.getACall().getResult(0)`
`297`	`299`	`)`
`298`	`300`	`}`
	`301`	`+`
	`302`	`+ override string getSourceType() { result = "URL Parameters" }`
`299`	`303`	`}`
`300`	`304`	`}`
`301`	`305`
`@@ -421,6 +425,8 @@ module Fasthttp {`
`421`	`425`	`this = m.getACall().getArgument(0)`
`422`	`426`	`)`
`423`	`427`	`}`
	`428`	`+`
	`429`	`+ override string getSourceType() { result = "HTTP request" }`
`424`	`430`	`}`
`425`	`431`
`426`	`432`	`/**`
`@@ -499,6 +505,8 @@ module Fasthttp {`
`499`	`505`	`this = m.getACall().getResult(0)`
`500`	`506`	`)`
`501`	`507`	`}`
	`508`	`+`
	`509`	`+ override string getSourceType() { result = "HTTP header" }`
`502`	`510`	`}`
`503`	`511`	`}`
`504`	`512`
`@@ -529,6 +537,8 @@ module Fasthttp {`
`529`	`537`	`this = m.getACall().getResult(0)`
`530`	`538`	`)`
`531`	`539`	`}`
	`540`	`+`
	`541`	`+ override string getSourceType() { result = "HTTP request header" }`
`532`	`542`	`}`
`533`	`543`	`}`
`534`	`544`	`}`
Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,8 @@ private module Gin {`
`34`	`34`	`this = fld.getARead()`
`35`	`35`	`)`
`36`	`36`	`}`
	`37`	`+`
	`38`	`+ override string getSourceType() { result = "HTTP request context" }`
`37`	`39`	`}`
`38`	`40`
`39`	`41`	`/**`
`@@ -53,6 +55,8 @@ private module Gin {`
`53`	`55`	`this = FunctionOutput::parameter(0).getExitNode(call)`
`54`	`56`	`)`
`55`	`57`	`}`
	`58`	`+`
	`59`	`+ override string getSourceType() { result = "HTTP request data" }`
`56`	`60`	`}`
`57`	`61`
`58`	`62`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,8 @@ module GoKit {`
`37`	`37`
`38`	`38`	`private class EndpointRequest extends RemoteFlowSource::Range {`
`39`	`39`	`EndpointRequest() { this = DataFlow::parameterNode(getAnEndpointFunction().getParameter(1)) }`
	`40`	`+`
	`41`	`+ override string getSourceType() { result = "Go Kit endpoint request" }`
`40`	`42`	`}`
`41`	`43`	`}`
`42`	`44`	`}`
Original file line number	Diff line number	Diff line change
`@@ -150,5 +150,7 @@ module GoMicro {`
`150`	`150`	`this.getType().(PointerType).getBaseType() instanceof ProtocMessageType`
`151`	`151`	`)`
`152`	`152`	`}`
	`153`	`+`
	`154`	`+ override string getSourceType() { result = "service handler request" }`
`153`	`155`	`}`
`154`	`156`	`}`
Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,8 @@ private module GoRestfulHttp {`
`29`	`29`	`*/`
`30`	`30`	`private class GoRestfulSource extends RemoteFlowSource::Range {`
`31`	`31`	`GoRestfulSource() { this = any(GoRestfulSourceMethod g).getACall() }`
	`32`	`+`
	`33`	`+ override string getSourceType() { result = "HTTP request" }`
`32`	`34`	`}`
`33`	`35`
`34`	`36`	`/**`
`@@ -42,5 +44,7 @@ private module GoRestfulHttp {`
`42`	`44`	`this = FunctionOutput::parameter(0).getExitNode(call)`
`43`	`45`	`)`
`44`	`46`	`}`
	`47`	`+`
	`48`	`+ override string getSourceType() { result = "HTTP request body" }`
`45`	`49`	`}`
`46`	`50`	`}`