Skip to content

Commit 84bb8a4

Browse files
owen-mcowen-mc
committed
Convert BeegoInputRequestBodySource to MaD
1 parent 194491f commit 84bb8a4

File tree

3 files changed

+25
-29
lines changed

3 files changed

+25
-29
lines changed

go/ql/lib/ext/github.com.astaxie.beego.context.model.yml

Lines changed: 3 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -9,12 +9,6 @@ extensions:
99
pack: codeql/go-all
1010
extensible: sourceModel
1111
data:
12-
- ["github.com/astaxie/beego", "Controller", True, "ParseForm", "", "", "Argument[0]", "remote", "manual"]
13-
- ["github.com/astaxie/beego", "Controller", True, "GetFile", "", "", "ReturnValue[0..1]", "remote", "manual"]
14-
- ["github.com/astaxie/beego", "Controller", True, "GetFiles", "", "", "ReturnValue[0]", "remote", "manual"]
15-
- ["github.com/astaxie/beego", "Controller", True, "GetString", "", "", "ReturnValue[0]", "remote", "manual"]
16-
- ["github.com/astaxie/beego", "Controller", True, "GetStrings", "", "", "ReturnValue[0]", "remote", "manual"]
17-
- ["github.com/astaxie/beego", "Controller", True, "Input", "", "", "ReturnValue[0]", "remote", "manual"]
1812
- ["github.com/astaxie/beego/context", "BeegoInput", True, "Bind", "", "", "Argument[0]", "remote", "manual"]
1913
- ["github.com/astaxie/beego/context", "BeegoInput", True, "Cookie", "", "", "ReturnValue[0]", "remote", "manual"]
2014
- ["github.com/astaxie/beego/context", "BeegoInput", True, "Data", "", "", "ReturnValue[0]", "remote", "manual"]
@@ -25,16 +19,11 @@ extensions:
2519
- ["github.com/astaxie/beego/context", "BeegoInput", True, "Query", "", "", "ReturnValue[0]", "remote", "manual"]
2620
- ["github.com/astaxie/beego/context", "BeegoInput", True, "Refer", "", "", "ReturnValue[0]", "remote", "manual"]
2721
- ["github.com/astaxie/beego/context", "BeegoInput", True, "Referer", "", "", "ReturnValue[0]", "remote", "manual"]
22+
- ["github.com/astaxie/beego/context", "BeegoInput", True, "RequestBody", "", "", "", "remote", "manual"]
2823
- ["github.com/astaxie/beego/context", "BeegoInput", True, "URI", "", "", "ReturnValue[0]", "remote", "manual"]
2924
- ["github.com/astaxie/beego/context", "BeegoInput", True, "URL", "", "", "ReturnValue[0]", "remote", "manual"]
3025
- ["github.com/astaxie/beego/context", "BeegoInput", True, "UserAgent", "", "", "ReturnValue[0]", "remote", "manual"]
3126

32-
- ["github.com/beego/beego", "Controller", True, "ParseForm", "", "", "Argument[0]", "remote", "manual"]
33-
- ["github.com/beego/beego", "Controller", True, "GetFile", "", "", "ReturnValue[0..1]", "remote", "manual"]
34-
- ["github.com/beego/beego", "Controller", True, "GetFiles", "", "", "ReturnValue[0]", "remote", "manual"]
35-
- ["github.com/beego/beego", "Controller", True, "GetString", "", "", "ReturnValue[0]", "remote", "manual"]
36-
- ["github.com/beego/beego", "Controller", True, "GetStrings", "", "", "ReturnValue[0]", "remote", "manual"]
37-
- ["github.com/beego/beego", "Controller", True, "Input", "", "", "ReturnValue[0]", "remote", "manual"]
3827
- ["github.com/beego/beego/context", "BeegoInput", True, "Bind", "", "", "Argument[0]", "remote", "manual"]
3928
- ["github.com/beego/beego/context", "BeegoInput", True, "Cookie", "", "", "ReturnValue[0]", "remote", "manual"]
4029
- ["github.com/beego/beego/context", "BeegoInput", True, "Data", "", "", "ReturnValue[0]", "remote", "manual"]
@@ -45,16 +34,11 @@ extensions:
4534
- ["github.com/beego/beego/context", "BeegoInput", True, "Query", "", "", "ReturnValue[0]", "remote", "manual"]
4635
- ["github.com/beego/beego/context", "BeegoInput", True, "Refer", "", "", "ReturnValue[0]", "remote", "manual"]
4736
- ["github.com/beego/beego/context", "BeegoInput", True, "Referer", "", "", "ReturnValue[0]", "remote", "manual"]
37+
- ["github.com/beego/beego/context", "BeegoInput", True, "RequestBody", "", "", "", "remote", "manual"]
4838
- ["github.com/beego/beego/context", "BeegoInput", True, "URI", "", "", "ReturnValue[0]", "remote", "manual"]
4939
- ["github.com/beego/beego/context", "BeegoInput", True, "URL", "", "", "ReturnValue[0]", "remote", "manual"]
5040
- ["github.com/beego/beego/context", "BeegoInput", True, "UserAgent", "", "", "ReturnValue[0]", "remote", "manual"]
5141

52-
- ["github.com/beego/beego/server/web", "Controller", True, "ParseForm", "", "", "Argument[0]", "remote", "manual"]
53-
- ["github.com/beego/beego/server/web", "Controller", True, "GetFile", "", "", "ReturnValue[0..1]", "remote", "manual"]
54-
- ["github.com/beego/beego/server/web", "Controller", True, "GetFiles", "", "", "ReturnValue[0]", "remote", "manual"]
55-
- ["github.com/beego/beego/server/web", "Controller", True, "GetString", "", "", "ReturnValue[0]", "remote", "manual"]
56-
- ["github.com/beego/beego/server/web", "Controller", True, "GetStrings", "", "", "ReturnValue[0]", "remote", "manual"]
57-
- ["github.com/beego/beego/server/web", "Controller", True, "Input", "", "", "ReturnValue[0]", "remote", "manual"]
5842
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "Bind", "", "", "Argument[0]", "remote", "manual"]
5943
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "Cookie", "", "", "ReturnValue[0]", "remote", "manual"]
6044
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "Data", "", "", "ReturnValue[0]", "remote", "manual"]
@@ -65,6 +49,7 @@ extensions:
6549
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "Query", "", "", "ReturnValue[0]", "remote", "manual"]
6650
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "Refer", "", "", "ReturnValue[0]", "remote", "manual"]
6751
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "Referer", "", "", "ReturnValue[0]", "remote", "manual"]
52+
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "RequestBody", "", "", "", "remote", "manual"]
6853
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "URI", "", "", "ReturnValue[0]", "remote", "manual"]
6954
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "URL", "", "", "ReturnValue[0]", "remote", "manual"]
7055
- ["github.com/beego/beego/server/web/context", "BeegoInput", True, "UserAgent", "", "", "ReturnValue[0]", "remote", "manual"]

go/ql/lib/ext/github.com.astaxie.beego.model.yml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,3 +24,25 @@ extensions:
2424
- ["github.com/beego/beego/server/web", "", False, "ParseForm", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
2525
- ["github.com/beego/beego/server/web", "", False, "Str2html", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
2626
- ["github.com/beego/beego/server/web", "", False, "Substr", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
27+
- addsTo:
28+
pack: codeql/go-all
29+
extensible: sourceModel
30+
data:
31+
- ["github.com/astaxie/beego", "Controller", True, "ParseForm", "", "", "Argument[0]", "remote", "manual"]
32+
- ["github.com/astaxie/beego", "Controller", True, "GetFile", "", "", "ReturnValue[0..1]", "remote", "manual"]
33+
- ["github.com/astaxie/beego", "Controller", True, "GetFiles", "", "", "ReturnValue[0]", "remote", "manual"]
34+
- ["github.com/astaxie/beego", "Controller", True, "GetString", "", "", "ReturnValue[0]", "remote", "manual"]
35+
- ["github.com/astaxie/beego", "Controller", True, "GetStrings", "", "", "ReturnValue[0]", "remote", "manual"]
36+
- ["github.com/astaxie/beego", "Controller", True, "Input", "", "", "ReturnValue[0]", "remote", "manual"]
37+
- ["github.com/beego/beego", "Controller", True, "ParseForm", "", "", "Argument[0]", "remote", "manual"]
38+
- ["github.com/beego/beego", "Controller", True, "GetFile", "", "", "ReturnValue[0..1]", "remote", "manual"]
39+
- ["github.com/beego/beego", "Controller", True, "GetFiles", "", "", "ReturnValue[0]", "remote", "manual"]
40+
- ["github.com/beego/beego", "Controller", True, "GetString", "", "", "ReturnValue[0]", "remote", "manual"]
41+
- ["github.com/beego/beego", "Controller", True, "GetStrings", "", "", "ReturnValue[0]", "remote", "manual"]
42+
- ["github.com/beego/beego", "Controller", True, "Input", "", "", "ReturnValue[0]", "remote", "manual"]
43+
- ["github.com/beego/beego/server/web", "Controller", True, "ParseForm", "", "", "Argument[0]", "remote", "manual"]
44+
- ["github.com/beego/beego/server/web", "Controller", True, "GetFile", "", "", "ReturnValue[0..1]", "remote", "manual"]
45+
- ["github.com/beego/beego/server/web", "Controller", True, "GetFiles", "", "", "ReturnValue[0]", "remote", "manual"]
46+
- ["github.com/beego/beego/server/web", "Controller", True, "GetString", "", "", "ReturnValue[0]", "remote", "manual"]
47+
- ["github.com/beego/beego/server/web", "Controller", True, "GetStrings", "", "", "ReturnValue[0]", "remote", "manual"]
48+
- ["github.com/beego/beego/server/web", "Controller", True, "Input", "", "", "ReturnValue[0]", "remote", "manual"]

go/ql/lib/semmle/go/frameworks/Beego.qll

Lines changed: 0 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -56,17 +56,6 @@ module Beego {
5656
}
5757
}
5858

59-
/**
60-
* `BeegoInputRequestBody` sources of untrusted data.
61-
*/
62-
private class BeegoInputRequestBodySource extends RemoteFlowSource::Range {
63-
BeegoInputRequestBodySource() {
64-
exists(DataFlow::FieldReadNode frn | this = frn |
65-
frn.getField().hasQualifiedName(contextPackagePath(), "BeegoInput", "RequestBody")
66-
)
67-
}
68-
}
69-
7059
/**
7160
* `beego/context.Context` sources of untrusted data.
7261
*/

0 commit comments

Comments
 (0)