Skip to content
This repository was archived by the owner on Jan 5, 2023. It is now read-only.

Commit 1d13ca5

Browse files
gagliardettogagliardetto
committed
Merge branch 'standard-lib-pt-22' into from-331-to-337
2 parents cd151fc + c2fc26a commit 1d13ca5

File tree

5 files changed

+429
-0
lines changed

5 files changed

+429
-0
lines changed

ql/src/semmle/go/frameworks/Stdlib.qll

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,8 @@ import semmle.go.frameworks.stdlib.PathFilepath
3535
import semmle.go.frameworks.stdlib.Reflect
3636
import semmle.go.frameworks.stdlib.Strconv
3737
import semmle.go.frameworks.stdlib.Strings
38+
import semmle.go.frameworks.stdlib.Sync
39+
import semmle.go.frameworks.stdlib.SyncAtomic
3840
import semmle.go.frameworks.stdlib.TextScanner
3941
import semmle.go.frameworks.stdlib.TextTabwriter
4042
import semmle.go.frameworks.stdlib.TextTemplate

ql/src/semmle/go/frameworks/stdlib/Sync.qll

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
/**
2+
* Provides classes modeling security-relevant aspects of the `sync` package.
3+
*/
4+
5+
import go
6+
7+
/** Provides models of commonly used functions in the `sync` package. */
8+
module Sync {
9+
private class MethodModels extends TaintTracking::FunctionModel, Method {
10+
FunctionInput inp;
11+
FunctionOutput outp;
12+
13+
MethodModels() {
14+
// signature: func (*Map).Load(key interface{}) (value interface{}, ok bool)
15+
this.hasQualifiedName("sync", "Map", "Load") and
16+
(inp.isReceiver() and outp.isResult(0))
17+
or
18+
// signature: func (*Map).LoadOrStore(key interface{}, value interface{}) (actual interface{}, loaded bool)
19+
this.hasQualifiedName("sync", "Map", "LoadOrStore") and
20+
(
21+
inp.isReceiver() and outp.isResult(0)
22+
or
23+
inp.isParameter(_) and
24+
(outp.isReceiver() or outp.isResult(0))
25+
)
26+
or
27+
// signature: func (*Map).Store(key interface{}, value interface{})
28+
this.hasQualifiedName("sync", "Map", "Store") and
29+
(inp.isParameter(_) and outp.isReceiver())
30+
or
31+
// signature: func (*Pool).Get() interface{}
32+
this.hasQualifiedName("sync", "Pool", "Get") and
33+
(inp.isReceiver() and outp.isResult())
34+
or
35+
// signature: func (*Pool).Put(x interface{})
36+
this.hasQualifiedName("sync", "Pool", "Put") and
37+
(inp.isParameter(0) and outp.isReceiver())
38+
}
39+
40+
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
41+
input = inp and output = outp
42+
}
43+
}
44+
}

ql/src/semmle/go/frameworks/stdlib/SyncAtomic.qll

Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,85 @@
1+
/**
2+
* Provides classes modeling security-relevant aspects of the `sync/atomic` package.
3+
*/
4+
5+
import go
6+
7+
/** Provides models of commonly used functions in the `sync/atomic` package. */
8+
module SyncAtomic {
9+
private class FunctionModels extends TaintTracking::FunctionModel {
10+
FunctionInput inp;
11+
FunctionOutput outp;
12+
13+
FunctionModels() {
14+
// signature: func AddUintptr(addr *uintptr, delta uintptr) (new uintptr)
15+
hasQualifiedName("sync/atomic", "AddUintptr") and
16+
(
17+
inp.isParameter(1) and
18+
(outp.isParameter(0) or outp.isResult())
19+
)
20+
or
21+
// signature: func CompareAndSwapPointer(addr *unsafe.Pointer, old unsafe.Pointer, new unsafe.Pointer) (swapped bool)
22+
hasQualifiedName("sync/atomic", "CompareAndSwapPointer") and
23+
(inp.isParameter(2) and outp.isParameter(0))
24+
or
25+
// signature: func CompareAndSwapUintptr(addr *uintptr, old uintptr, new uintptr) (swapped bool)
26+
hasQualifiedName("sync/atomic", "CompareAndSwapUintptr") and
27+
(inp.isParameter(2) and outp.isParameter(0))
28+
or
29+
// signature: func LoadPointer(addr *unsafe.Pointer) (val unsafe.Pointer)
30+
hasQualifiedName("sync/atomic", "LoadPointer") and
31+
(inp.isParameter(0) and outp.isResult())
32+
or
33+
// signature: func LoadUintptr(addr *uintptr) (val uintptr)
34+
hasQualifiedName("sync/atomic", "LoadUintptr") and
35+
(inp.isParameter(0) and outp.isResult())
36+
or
37+
// signature: func StorePointer(addr *unsafe.Pointer, val unsafe.Pointer)
38+
hasQualifiedName("sync/atomic", "StorePointer") and
39+
(inp.isParameter(1) and outp.isParameter(0))
40+
or
41+
// signature: func StoreUintptr(addr *uintptr, val uintptr)
42+
hasQualifiedName("sync/atomic", "StoreUintptr") and
43+
(inp.isParameter(1) and outp.isParameter(0))
44+
or
45+
// signature: func SwapPointer(addr *unsafe.Pointer, new unsafe.Pointer) (old unsafe.Pointer)
46+
hasQualifiedName("sync/atomic", "SwapPointer") and
47+
(
48+
inp.isParameter(1) and outp.isParameter(0)
49+
or
50+
inp.isParameter(0) and outp.isResult()
51+
)
52+
or
53+
// signature: func SwapUintptr(addr *uintptr, new uintptr) (old uintptr)
54+
hasQualifiedName("sync/atomic", "SwapUintptr") and
55+
(
56+
inp.isParameter(1) and outp.isParameter(0)
57+
or
58+
inp.isParameter(0) and outp.isResult()
59+
)
60+
}
61+
62+
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
63+
input = inp and output = outp
64+
}
65+
}
66+
67+
private class MethodModels extends TaintTracking::FunctionModel, Method {
68+
FunctionInput inp;
69+
FunctionOutput outp;
70+
71+
MethodModels() {
72+
// signature: func (*Value).Load() (x interface{})
73+
this.hasQualifiedName("sync/atomic", "Value", "Load") and
74+
(inp.isReceiver() and outp.isResult())
75+
or
76+
// signature: func (*Value).Store(x interface{})
77+
this.hasQualifiedName("sync/atomic", "Value", "Store") and
78+
(inp.isParameter(0) and outp.isReceiver())
79+
}
80+
81+
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
82+
input = inp and output = outp
83+
}
84+
}
85+
}

ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Sync.go

Lines changed: 125 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)