Add taint-tracking for package net/textproto

gagliardetto · gagliardetto · commit e14f85776129 · 2020-09-20T15:01:42.000+02:00
diff --git a/ql/src/semmle/go/frameworks/Stdlib.qll b/ql/src/semmle/go/frameworks/Stdlib.qll
@@ -33,6 +33,7 @@ import semmle.go.frameworks.stdlib.Net
 import semmle.go.frameworks.stdlib.NetHttp
 import semmle.go.frameworks.stdlib.NetHttpHttputil
 import semmle.go.frameworks.stdlib.NetMail
+import semmle.go.frameworks.stdlib.NetTextproto
 import semmle.go.frameworks.stdlib.Path
 import semmle.go.frameworks.stdlib.PathFilepath
 import semmle.go.frameworks.stdlib.Reflect
diff --git a/ql/src/semmle/go/frameworks/stdlib/NetTextproto.qll b/ql/src/semmle/go/frameworks/stdlib/NetTextproto.qll
@@ -0,0 +1,122 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `net/textproto` package.
+ */
+
+import go
+
+/** Provides models of commonly used functions in the `net/textproto` package. */
+module NetTextproto {
+  private class FunctionModels extends TaintTracking::FunctionModel {
+    FunctionInput inp;
+    FunctionOutput outp;
+
+    FunctionModels() {
+      // signature: func CanonicalMIMEHeaderKey(s string) string
+      hasQualifiedName("net/textproto", "CanonicalMIMEHeaderKey") and
+      (inp.isParameter(0) and outp.isResult())
+      or
+      // signature: func NewConn(conn io.ReadWriteCloser) *Conn
+      hasQualifiedName("net/textproto", "NewConn") and
+      (
+        inp.isParameter(0) and outp.isResult()
+        or
+        inp.isResult() and outp.isParameter(0)
+      )
+      or
+      // signature: func NewReader(r *bufio.Reader) *Reader
+      hasQualifiedName("net/textproto", "NewReader") and
+      (inp.isParameter(0) and outp.isResult())
+      or
+      // signature: func NewWriter(w *bufio.Writer) *Writer
+      hasQualifiedName("net/textproto", "NewWriter") and
+      (inp.isResult() and outp.isParameter(0))
+      or
+      // signature: func TrimBytes(b []byte) []byte
+      hasQualifiedName("net/textproto", "TrimBytes") and
+      (inp.isParameter(0) and outp.isResult())
+      or
+      // signature: func TrimString(s string) string
+      hasQualifiedName("net/textproto", "TrimString") and
+      (inp.isParameter(0) and outp.isResult())
+    }
+
+    override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
+      input = inp and output = outp
+    }
+  }
+
+  private class MethodModels extends TaintTracking::FunctionModel, Method {
+    FunctionInput inp;
+    FunctionOutput outp;
+
+    MethodModels() {
+      // signature: func (MIMEHeader).Add(key string, value string)
+      this.hasQualifiedName("net/textproto", "MIMEHeader", "Add") and
+      (inp.isParameter(_) and outp.isReceiver())
+      or
+      // signature: func (MIMEHeader).Get(key string) string
+      this.hasQualifiedName("net/textproto", "MIMEHeader", "Get") and
+      (inp.isReceiver() and outp.isResult())
+      or
+      // signature: func (MIMEHeader).Set(key string, value string)
+      this.hasQualifiedName("net/textproto", "MIMEHeader", "Set") and
+      (inp.isParameter(_) and outp.isReceiver())
+      or
+      // signature: func (MIMEHeader).Values(key string) []string
+      this.hasQualifiedName("net/textproto", "MIMEHeader", "Values") and
+      (inp.isReceiver() and outp.isResult())
+      or
+      // signature: func (*Reader).DotReader() io.Reader
+      this.hasQualifiedName("net/textproto", "Reader", "DotReader") and
+      (inp.isReceiver() and outp.isResult())
+      or
+      // signature: func (*Reader).ReadCodeLine(expectCode int) (code int, message string, err error)
+      this.hasQualifiedName("net/textproto", "Reader", "ReadCodeLine") and
+      (inp.isReceiver() and outp.isResult(1))
+      or
+      // signature: func (*Reader).ReadContinuedLine() (string, error)
+      this.hasQualifiedName("net/textproto", "Reader", "ReadContinuedLine") and
+      (inp.isReceiver() and outp.isResult(0))
+      or
+      // signature: func (*Reader).ReadContinuedLineBytes() ([]byte, error)
+      this.hasQualifiedName("net/textproto", "Reader", "ReadContinuedLineBytes") and
+      (inp.isReceiver() and outp.isResult(0))
+      or
+      // signature: func (*Reader).ReadDotBytes() ([]byte, error)
+      this.hasQualifiedName("net/textproto", "Reader", "ReadDotBytes") and
+      (inp.isReceiver() and outp.isResult(0))
+      or
+      // signature: func (*Reader).ReadDotLines() ([]string, error)
+      this.hasQualifiedName("net/textproto", "Reader", "ReadDotLines") and
+      (inp.isReceiver() and outp.isResult(0))
+      or
+      // signature: func (*Reader).ReadLine() (string, error)
+      this.hasQualifiedName("net/textproto", "Reader", "ReadLine") and
+      (inp.isReceiver() and outp.isResult(0))
+      or
+      // signature: func (*Reader).ReadLineBytes() ([]byte, error)
+      this.hasQualifiedName("net/textproto", "Reader", "ReadLineBytes") and
+      (inp.isReceiver() and outp.isResult(0))
+      or
+      // signature: func (*Reader).ReadMIMEHeader() (MIMEHeader, error)
+      this.hasQualifiedName("net/textproto", "Reader", "ReadMIMEHeader") and
+      (inp.isReceiver() and outp.isResult(0))
+      or
+      // signature: func (*Reader).ReadResponse(expectCode int) (code int, message string, err error)
+      this.hasQualifiedName("net/textproto", "Reader", "ReadResponse") and
+      (inp.isReceiver() and outp.isResult(1))
+      or
+      // signature: func (*Writer).DotWriter() io.WriteCloser
+      this.hasQualifiedName("net/textproto", "Writer", "DotWriter") and
+      (inp.isResult() and outp.isReceiver())
+      or
+      // signature: func (*Writer).PrintfLine(format string, args ...interface{}) error
+      this.hasQualifiedName("net/textproto", "Writer", "PrintfLine") and
+      (inp.isParameter(_) and outp.isReceiver())
+    }
+
+    override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
+      input = inp and output = outp
+    }
+  }
+}
diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/NetTextproto.go b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/NetTextproto.go
