Skip to content

Commit 78b66ab

Browse files
owen-mcowen-mc
committed
Convert existing credentials sinks to MaD
I checked that the tests failed when I removed the classes and passed again when I add the MaD models.
1 parent 93c9910 commit 78b66ab

9 files changed

+27
-56
lines changed

go/ql/lib/ext/github.com.appleboy.gin-jwt.model.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
extensions:
2+
- addsTo:
3+
pack: codeql/go-all
4+
extensible: sinkModel
5+
data:
6+
- ["github.com/appleboy/gin-jwt", "GinJWTMiddleware", True, "Key", "", "", "", "credentials-key", "manual"]

go/ql/lib/ext/github.com.go-jose.go-jose.model.yml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
extensions:
2+
- addsTo:
3+
pack: codeql/go-all
4+
extensible: packageGrouping
5+
data:
6+
- ["go-jose", "github.com/go-jose/go-jose"]
7+
- ["go-jose", "gopkg.in/square/go-jose"]
8+
- ["go-jose", "github.com/square/go-jose"]
9+
- addsTo:
10+
pack: codeql/go-all
11+
extensible: sinkModel
12+
data:
13+
- ["group:go-jose", "Recipient", True, "Key", "", "", "", "credentials-key", "manual"]
14+
- ["group:go-jose", "SigningKey", True, "Key", "", "", "", "credentials-key", "manual"]

go/ql/lib/ext/github.com.gogf.gf-jwt.model.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
extensions:
2+
- addsTo:
3+
pack: codeql/go-all
4+
extensible: sinkModel
5+
data:
6+
- ["github.com/gogf/gf-jwt", "GfJWTMiddleware", True, "Key", "", "", "", "credentials-key", "manual"]

go/ql/lib/ext/github.com.kataras.iris.middleware.jwt.model.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,3 +4,4 @@ extensions:
44
extensible: sinkModel
55
data:
66
- ["github.com/kataras/iris/middleware/jwt", "", True, "NewSigner", "", "", "Argument[1]", "credentials-key", "manual"]
7+
- ["github.com/kataras/iris/middleware/jwt", "Signer", True, "Key", "", "", "", "credentials-key", "manual"]

go/ql/lib/go.qll

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,6 @@ import semmle.go.frameworks.Fiber
4444
import semmle.go.frameworks.Gin
4545
import semmle.go.frameworks.GinCors
4646
import semmle.go.frameworks.Glog
47-
import semmle.go.frameworks.Gogf
4847
import semmle.go.frameworks.GoJose
4948
import semmle.go.frameworks.GoKit
5049
import semmle.go.frameworks.GoMicro

go/ql/lib/semmle/go/frameworks/Gin.qll

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@
33
*/
44

55
import go
6-
private import semmle.go.security.HardcodedCredentials
76

87
private module Gin {
98
/** Gets the package name `github.com/gin-gonic/gin`. */
@@ -30,13 +29,4 @@ private module Gin {
3029

3130
override DataFlow::Node getAPathArgument() { result = this.getArgument(pathArg) }
3231
}
33-
34-
private class GinJwtSign extends HardcodedCredentials::Sink {
35-
GinJwtSign() {
36-
exists(Field f |
37-
f.hasQualifiedName(package("github.com/appleboy/gin-jwt", ""), "GinJWTMiddleware", "Key") and
38-
f.getAWrite().getRhs() = this
39-
)
40-
}
41-
}
4232
}

go/ql/lib/semmle/go/frameworks/GoJose.qll

Lines changed: 0 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -4,26 +4,8 @@
44
*/
55

66
import go
7-
private import semmle.go.security.HardcodedCredentials
87

98
private module GoJose {
10-
private class GoJoseKey extends HardcodedCredentials::Sink {
11-
GoJoseKey() {
12-
exists(Field f |
13-
f.hasQualifiedName(goJosePackage(), ["Recipient", "SigningKey"], "Key") and
14-
f.getAWrite().getRhs() = this
15-
)
16-
}
17-
}
18-
19-
private string goJosePackage() {
20-
result =
21-
[
22-
package("github.com/square/go-jose", ""), package("github.com/go-jose/go-jose", ""),
23-
"gopkg.in/square/go-jose.v2"
24-
]
25-
}
26-
279
/**
2810
* Provides classes and predicates for working with the `gopkg.in/square/go-jose/jwt` and
2911
* `github.com/go-jose/go-jose/jwt` packages.

go/ql/lib/semmle/go/frameworks/Gogf.qll

Lines changed: 0 additions & 17 deletions
This file was deleted.

go/ql/lib/semmle/go/frameworks/Iris.qll

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@
33
*/
44

55
import go
6-
private import semmle.go.security.HardcodedCredentials
76

87
private module Iris {
98
/** Gets the v1 module path `github.com/kataras/iris`. */
@@ -47,13 +46,4 @@ private module Iris {
4746

4847
override DataFlow::Node getAPathArgument() { result = this.getArgument(pathArg) }
4948
}
50-
51-
private class IrisJwt extends HardcodedCredentials::Sink {
52-
IrisJwt() {
53-
exists(Field f |
54-
f.hasQualifiedName(package("github.com/kataras/iris", "middleware/jwt"), "Signer", "Key") and
55-
f.getAWrite().getRhs() = this
56-
)
57-
}
58-
}
5949
}

0 commit comments

Comments
 (0)