Skip to content
This repository was archived by the owner on Jan 5, 2023. It is now read-only.

Commit cf29f9d

Browse files
gagliardettosmowton
gagliardetto
authored and
smowton
committed
Remove taint-tracking on single bytes and runes
1 parent 6d3e6de commit cf29f9d

File tree

4 files changed

+48
-150
lines changed

4 files changed

+48
-150
lines changed

ql/src/semmle/go/frameworks/stdlib/Strconv.qll

Lines changed: 1 addition & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -56,18 +56,6 @@ module Strconv {
5656
hasQualifiedName("strconv", "Quote") and
5757
(inp.isParameter(0) and outp.isResult())
5858
or
59-
// signature: func QuoteRune(r rune) string
60-
hasQualifiedName("strconv", "QuoteRune") and
61-
(inp.isParameter(0) and outp.isResult())
62-
or
63-
// signature: func QuoteRuneToASCII(r rune) string
64-
hasQualifiedName("strconv", "QuoteRuneToASCII") and
65-
(inp.isParameter(0) and outp.isResult())
66-
or
67-
// signature: func QuoteRuneToGraphic(r rune) string
68-
hasQualifiedName("strconv", "QuoteRuneToGraphic") and
69-
(inp.isParameter(0) and outp.isResult())
70-
or
7159
// signature: func QuoteToASCII(s string) string
7260
hasQualifiedName("strconv", "QuoteToASCII") and
7361
(inp.isParameter(0) and outp.isResult())
@@ -82,7 +70,7 @@ module Strconv {
8270
or
8371
// signature: func UnquoteChar(s string, quote byte) (value rune, multibyte bool, tail string, err error)
8472
hasQualifiedName("strconv", "UnquoteChar") and
85-
(inp.isParameter(0) and outp.isResult([0, 2]))
73+
(inp.isParameter(0) and outp.isResult(2))
8674
}
8775

8876
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {

ql/src/semmle/go/frameworks/stdlib/Strings.qll

Lines changed: 0 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -150,10 +150,6 @@ module Strings {
150150
this.hasQualifiedName("strings", "Builder", "Write") and
151151
(inp.isParameter(0) and outp.isReceiver())
152152
or
153-
// signature: func (*Builder).WriteByte(c byte) error
154-
this.hasQualifiedName("strings", "Builder", "WriteByte") and
155-
(inp.isParameter(0) and outp.isReceiver())
156-
or
157153
// signature: func (*Builder).WriteString(s string) (int, error)
158154
this.hasQualifiedName("strings", "Builder", "WriteString") and
159155
(inp.isParameter(0) and outp.isReceiver())
@@ -166,14 +162,6 @@ module Strings {
166162
this.hasQualifiedName("strings", "Reader", "ReadAt") and
167163
(inp.isReceiver() and outp.isParameter(0))
168164
or
169-
// signature: func (*Reader).ReadByte() (byte, error)
170-
this.hasQualifiedName("strings", "Reader", "ReadByte") and
171-
(inp.isReceiver() and outp.isResult(0))
172-
or
173-
// signature: func (*Reader).ReadRune() (ch rune, size int, err error)
174-
this.hasQualifiedName("strings", "Reader", "ReadRune") and
175-
(inp.isReceiver() and outp.isResult(0))
176-
or
177165
// signature: func (*Reader).Reset(s string)
178166
this.hasQualifiedName("strings", "Reader", "Reset") and
179167
(inp.isParameter(0) and outp.isReceiver())

ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Strconv.go

Lines changed: 15 additions & 59 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Strings.go

Lines changed: 32 additions & 66 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)