Skip to content

Commit 873fd66

Browse files
owen-mcowen-mc
committed
Convert Revel::UserControlledRequestMethod sources to MaD
1 parent 034f2d4 commit 873fd66

File tree

2 files changed

+12
-13
lines changed

2 files changed

+12
-13
lines changed

go/ql/lib/ext/github.com.revel.revel.model.yml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,18 @@ extensions:
1818
- ["group:revel", "Request", True, "Form", "", "", "", "remote", "manual"]
1919
- ["group:revel", "Request", True, "MultipartForm", "", "", "", "remote", "manual"]
2020
- ["group:revel", "RouteMatch", True, "Params", "", "", "", "remote", "manual"]
21+
- ["group:revel", "Request", True, "Cookie", "", "", "ReturnValue[0]", "remote", "manual"]
22+
- ["group:revel", "Request", True, "FormValue", "", "", "ReturnValue", "remote", "manual"]
23+
- ["group:revel", "Request", True, "GetBody", "", "", "ReturnValue", "remote", "manual"]
24+
- ["group:revel", "Request", True, "GetForm", "", "", "ReturnValue[0]", "remote", "manual"]
25+
- ["group:revel", "Request", True, "GetHttpHeader", "", "", "ReturnValue", "remote", "manual"]
26+
- ["group:revel", "Request", True, "GetMultipartForm", "", "", "ReturnValue[0]", "remote", "manual"]
27+
- ["group:revel", "Request", True, "GetQuery", "", "", "ReturnValue", "remote", "manual"]
28+
- ["group:revel", "Request", True, "GetRequestURI", "", "", "ReturnValue", "remote", "manual"]
29+
- ["group:revel", "Request", True, "MultipartReader", "", "", "ReturnValue[0]", "remote", "manual"]
30+
- ["group:revel", "Request", True, "PostFormValue", "", "", "ReturnValue", "remote", "manual"]
31+
- ["group:revel", "Request", True, "Referer", "", "", "ReturnValue", "remote", "manual"]
32+
- ["group:revel", "Request", True, "UserAgent", "", "", "ReturnValue", "remote", "manual"]
2133
- addsTo:
2234
pack: codeql/go-all
2335
extensible: summaryModel

go/ql/lib/semmle/go/frameworks/Revel.qll

Lines changed: 0 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -23,19 +23,6 @@ module Revel {
2323
}
2424
}
2525

26-
private class UserControlledRequestMethod extends RemoteFlowSource::Range,
27-
DataFlow::MethodCallNode
28-
{
29-
UserControlledRequestMethod() {
30-
this.getTarget()
31-
.hasQualifiedName(packagePath(), "Request",
32-
[
33-
"FormValue", "PostFormValue", "GetQuery", "GetForm", "GetMultipartForm", "GetBody",
34-
"Cookie", "GetHttpHeader", "GetRequestURI", "MultipartReader", "Referer", "UserAgent"
35-
])
36-
}
37-
}
38-
3926
private string contentTypeFromFilename(DataFlow::Node filename) {
4027
if filename.getStringValue().regexpMatch("(?i).*\\.html?")
4128
then result = "text/html"

0 commit comments

Comments
 (0)