Merge branch 'standard-lib-pt-4' into stdlib-339-340-342-346-347

Author: gagliardetto

ql/src/semmle/go/frameworks/Stdlib.qll

@@ -13,6 +13,9 @@ import semmle.go.frameworks.stdlib.CompressGzip
 import semmle.go.frameworks.stdlib.CompressLzw
 import semmle.go.frameworks.stdlib.CompressZlib
 import semmle.go.frameworks.stdlib.Fmt
+import semmle.go.frameworks.stdlib.ContainerHeap
+import semmle.go.frameworks.stdlib.ContainerList
+import semmle.go.frameworks.stdlib.ContainerRing
 import semmle.go.frameworks.stdlib.Mime
 import semmle.go.frameworks.stdlib.MimeMultipart
 import semmle.go.frameworks.stdlib.MimeQuotedprintable

ql/src/semmle/go/frameworks/stdlib/ContainerHeap.qll

@@ -0,0 +1,50 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `container/heap` package.
+ */
+
+import go
+
+/** Provides models of commonly used functions in the `container/heap` package. */
+module ContainerHeap {
+  private class FunctionModels extends TaintTracking::FunctionModel {
+    FunctionInput inp;
+    FunctionOutput outp;
+
+    FunctionModels() {
+      // signature: func Pop(h Interface) interface{}
+      hasQualifiedName("container/heap", "Pop") and
+      (inp.isParameter(0) and outp.isResult())
+      or
+      // signature: func Push(h Interface, x interface{})
+      hasQualifiedName("container/heap", "Push") and
+      (inp.isParameter(1) and outp.isParameter(0))
+      or
+      // signature: func Remove(h Interface, i int) interface{}
+      hasQualifiedName("container/heap", "Remove") and
+      (inp.isParameter(0) and outp.isResult())
+    }
+
+    override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
+      input = inp and output = outp
+    }
+  }
+
+  private class MethodModels extends TaintTracking::FunctionModel, Method {
+    FunctionInput inp;
+    FunctionOutput outp;
+
+    MethodModels() {
+      // signature: func (Interface).Pop() interface{}
+      this.implements("container/heap", "Interface", "Pop") and
+      (inp.isReceiver() and outp.isResult())
+      or
+      // signature: func (Interface).Push(x interface{})
+      this.implements("container/heap", "Interface", "Push") and
+      (inp.isParameter(0) and outp.isReceiver())
+    }
+
+    override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
+      input = inp and output = outp
+    }
+  }
+}

ql/src/semmle/go/frameworks/stdlib/ContainerList.qll

@@ -0,0 +1,95 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `container/list` package.
+ */
+
+import go
+
+/** Provides models of commonly used functions in the `container/list` package. */
+module ContainerList {
+  private class MethodModels extends TaintTracking::FunctionModel, Method {
+    FunctionInput inp;
+    FunctionOutput outp;
+
+    MethodModels() {
+      // signature: func (*Element).Next() *Element
+      this.hasQualifiedName("container/list", "Element", "Next") and
+      (inp.isReceiver() and outp.isResult())
+      or
+      // signature: func (*Element).Prev() *Element
+      this.hasQualifiedName("container/list", "Element", "Prev") and
+      (inp.isReceiver() and outp.isResult())
+      or
+      // signature: func (*List).Back() *Element
+      this.hasQualifiedName("container/list", "List", "Back") and
+      (inp.isReceiver() and outp.isResult())
+      or
+      // signature: func (*List).Front() *Element
+      this.hasQualifiedName("container/list", "List", "Front") and
+      (inp.isReceiver() and outp.isResult())
+      or
+      // signature: func (*List).Init() *List
+      this.hasQualifiedName("container/list", "List", "Init") and
+      (inp.isReceiver() and outp.isResult())
+      or
+      // signature: func (*List).InsertAfter(v interface{}, mark *Element) *Element
+      this.hasQualifiedName("container/list", "List", "InsertAfter") and
+      (
+        inp.isParameter(0) and
+        (outp.isReceiver() or outp.isResult())
+      )
+      or
+      // signature: func (*List).InsertBefore(v interface{}, mark *Element) *Element
+      this.hasQualifiedName("container/list", "List", "InsertBefore") and
+      (
+        inp.isParameter(0) and
+        (outp.isReceiver() or outp.isResult())
+      )
+      or
+      // signature: func (*List).MoveAfter(e *Element, mark *Element)
+      this.hasQualifiedName("container/list", "List", "MoveAfter") and
+      (inp.isParameter(0) and outp.isReceiver())
+      or
+      // signature: func (*List).MoveBefore(e *Element, mark *Element)
+      this.hasQualifiedName("container/list", "List", "MoveBefore") and
+      (inp.isParameter(0) and outp.isReceiver())
+      or
+      // signature: func (*List).MoveToBack(e *Element)
+      this.hasQualifiedName("container/list", "List", "MoveToBack") and
+      (inp.isParameter(0) and outp.isReceiver())
+      or
+      // signature: func (*List).MoveToFront(e *Element)
+      this.hasQualifiedName("container/list", "List", "MoveToFront") and
+      (inp.isParameter(0) and outp.isReceiver())
+      or
+      // signature: func (*List).PushBack(v interface{}) *Element
+      this.hasQualifiedName("container/list", "List", "PushBack") and
+      (
+        inp.isParameter(0) and
+        (outp.isReceiver() or outp.isResult())
+      )
+      or
+      // signature: func (*List).PushBackList(other *List)
+      this.hasQualifiedName("container/list", "List", "PushBackList") and
+      (inp.isParameter(0) and outp.isReceiver())
+      or
+      // signature: func (*List).PushFront(v interface{}) *Element
+      this.hasQualifiedName("container/list", "List", "PushFront") and
+      (
+        inp.isParameter(0) and
+        (outp.isReceiver() or outp.isResult())
+      )
+      or
+      // signature: func (*List).PushFrontList(other *List)
+      this.hasQualifiedName("container/list", "List", "PushFrontList") and
+      (inp.isParameter(0) and outp.isReceiver())
+      or
+      // signature: func (*List).Remove(e *Element) interface{}
+      this.hasQualifiedName("container/list", "List", "Remove") and
+      (inp.isParameter(0) and outp.isResult())
+    }
+
+    override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
+      input = inp and output = outp
+    }
+  }
+}

ql/src/semmle/go/frameworks/stdlib/ContainerRing.qll

@@ -0,0 +1,39 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `container/ring` package.
+ */
+
+import go
+
+/** Provides models of commonly used functions in the `container/ring` package. */
+module ContainerRing {
+  private class MethodModels extends TaintTracking::FunctionModel, Method {
+    FunctionInput inp;
+    FunctionOutput outp;
+
+    MethodModels() {
+      // signature: func (*Ring).Link(s *Ring) *Ring
+      this.hasQualifiedName("container/ring", "Ring", "Link") and
+      (inp.isParameter(0) and outp.isResult())
+      or
+      // signature: func (*Ring).Move(n int) *Ring
+      this.hasQualifiedName("container/ring", "Ring", "Move") and
+      (inp.isReceiver() and outp.isResult())
+      or
+      // signature: func (*Ring).Next() *Ring
+      this.hasQualifiedName("container/ring", "Ring", "Next") and
+      (inp.isReceiver() and outp.isResult())
+      or
+      // signature: func (*Ring).Prev() *Ring
+      this.hasQualifiedName("container/ring", "Ring", "Prev") and
+      (inp.isReceiver() and outp.isResult())
+      or
+      // signature: func (*Ring).Unlink(n int) *Ring
+      this.hasQualifiedName("container/ring", "Ring", "Unlink") and
+      (inp.isReceiver() and outp.isResult())
+    }
+
+    override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
+      input = inp and output = outp
+    }
+  }
+}