Merge pull request #13867 from github/mbg/go/1.21-support

Go: Basic Go 1.21 support

Author: mbg

.github/workflows/go-tests-other-os.yml

@@ -7,15 +7,17 @@ on:
       - .github/workflows/go-tests-other-os.yml
       - .github/actions/**
       - codeql-workspace.yml
+env:
+  GO_VERSION: '~1.21.0'
 jobs:
   test-mac:
     name: Test MacOS
     runs-on: macos-latest
     steps:
-      - name: Set up Go 1.20
+      - name: Set up Go ${{ env.GO_VERSION }}
         uses: actions/setup-go@v4
         with:
-          go-version: '1.20'
+          go-version: ${{ env.GO_VERSION }}
         id: go
 
       - name: Check out code
@@ -47,10 +49,10 @@ jobs:
     name: Test Windows
     runs-on: windows-latest-xl
     steps:
-      - name: Set up Go 1.20
+      - name: Set up Go ${{ env.GO_VERSION }}
         uses: actions/setup-go@v4
         with:
-          go-version: '1.20'
+          go-version: ${{ env.GO_VERSION }}
         id: go
 
       - name: Check out code

.github/workflows/go-tests.yml

@@ -15,15 +15,17 @@ on:
       - .github/workflows/go-tests.yml
       - .github/actions/**
       - codeql-workspace.yml
+env:
+  GO_VERSION: '~1.21.0'
 jobs:
   test-linux:
     name: Test Linux (Ubuntu)
     runs-on: ubuntu-latest-xl
     steps:
-      - name: Set up Go 1.20
+      - name: Set up Go ${{ env.GO_VERSION }}
         uses: actions/setup-go@v4
         with:
-          go-version: '1.20'
+          go-version: ${{ env.GO_VERSION }}
         id: go
 
       - name: Check out code

go/extractor/cli/go-autobuilder/go-autobuilder.go

@@ -830,7 +830,7 @@ func installDependenciesAndBuild() {
 }
 
 const minGoVersion = "1.11"
-const maxGoVersion = "1.20"
+const maxGoVersion = "1.21"
 
 // Check if `version` is lower than `minGoVersion`. Note that for this comparison we ignore the
 // patch part of the version, so 1.20.1 and 1.20 are considered equal.

go/go.mod

@@ -1,6 +1,6 @@
 module github.com/github/codeql-go
 
-go 1.20
+go 1.21
 
 require (
 	golang.org/x/mod v0.12.0

go/ql/lib/semmle/go/Scopes.qll

@@ -678,6 +678,8 @@ private predicate builtinFunction(
   or
   name = "cap" and pure = true and mayPanic = false and mustPanic = false and variadic = false
   or
+  name = "clear" and pure = false and mayPanic = false and mustPanic = false and variadic = false
+  or
   name = "close" and pure = false and mayPanic = true and mustPanic = false and variadic = false
   or
   name = "complex" and pure = true and mayPanic = true and mustPanic = false and variadic = false
@@ -692,6 +694,10 @@ private predicate builtinFunction(
   or
   name = "make" and pure = true and mayPanic = true and mustPanic = false and variadic = true
   or
+  name = "max" and pure = true and mayPanic = false and mustPanic = false and variadic = true
+  or
+  name = "min" and pure = true and mayPanic = false and mustPanic = false and variadic = true
+  or
   name = "new" and pure = true and mayPanic = false and mustPanic = false and variadic = false
   or
   name = "panic" and pure = false and mayPanic = true and mustPanic = true and variadic = false
@@ -795,6 +801,9 @@ module Builtin {
   /** Gets the built-in function `cap`. */
   BuiltinFunction cap() { result.getName() = "cap" }
 
+  /** Gets the built-in function `clear`. */
+  BuiltinFunction clear() { result.getName() = "clear" }
+
   /** Gets the built-in function `close`. */
   BuiltinFunction close() { result.getName() = "close" }
 
@@ -816,6 +825,12 @@ module Builtin {
   /** Gets the built-in function `make`. */
   BuiltinFunction make() { result.getName() = "make" }
 
+  /** Gets the built-in function `max`. */
+  BuiltinFunction max_() { result.getName() = "max" }
+
+  /** Gets the built-in function `min`. */
+  BuiltinFunction min_() { result.getName() = "min" }
+
   /** Gets the built-in function `new`. */
   BuiltinFunction new() { result.getName() = "new" }
 

go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll

@@ -408,3 +408,19 @@ class ListOfConstantsComparisonSanitizerGuard extends TaintTracking::DefaultTain
     this = DataFlow::BarrierGuard<listOfConstantsComparisonSanitizerGuard/3>::getABarrierNode()
   }
 }
+
+/**
+ * The `clear` built-in function deletes or zeroes out all elements of a map or slice
+ * and therefore acts as a general sanitizer for taint flow to any uses dominated by it.
+ */
+private class ClearSanitizer extends DefaultTaintSanitizer {
+  ClearSanitizer() {
+    exists(SsaWithFields var, DataFlow::CallNode call, DataFlow::Node arg | this = var.getAUse() |
+      call = Builtin::clear().getACall() and
+      arg = call.getAnArgument() and
+      arg = var.getAUse() and
+      arg != this and
+      this.getBasicBlock().(ReachableBasicBlock).dominates(this.getBasicBlock())
+    )
+  }
+}

go/ql/lib/semmle/go/frameworks/Stdlib.qll

@@ -70,6 +70,32 @@ private class CopyFunction extends TaintTracking::FunctionModel {
   }
 }
 
+/**
+ * A model of the built-in `min` function, which computes the smallest value of a fixed number of
+ * arguments of ordered types. There is at least one argument and "ordered types" includes e.g.
+ * strings, so we care about data flow through `min`.
+ */
+private class MinFunction extends DataFlow::FunctionModel {
+  MinFunction() { this = Builtin::min_() }
+
+  override predicate hasDataFlow(FunctionInput inp, FunctionOutput outp) {
+    inp.isParameter(_) and outp.isResult()
+  }
+}
+
+/**
+ * A model of the built-in `max` function, which computes the largest value of a fixed number of
+ * arguments of ordered types. There is at least one argument and "ordered types" includes e.g.
+ * strings, so we care about data flow through `max`.
+ */
+private class MaxFunction extends DataFlow::FunctionModel {
+  MaxFunction() { this = Builtin::max_() }
+
+  override predicate hasDataFlow(FunctionInput inp, FunctionOutput outp) {
+    inp.isParameter(_) and outp.isResult()
+  }
+}
+
 /** Provides a class for modeling functions which convert strings into integers. */
 module IntegerParser {
   /**

go/ql/test/library-tests/semmle/go/Function/TypeParamType.expected

@@ -1,12 +1,15 @@
 | Edge | EdgeConstraint |
 | Edge | interface { } |
+| F | floaty |
 | K | comparable |
 | Node | NodeConstraint |
 | Node | interface { } |
 | S | interface { } |
 | SF2 | interface { } |
 | SG2 | interface { } |
 | T | interface { } |
+| T1 | interface { } |
+| T2 | interface { } |
 | TF1 | interface { } |
 | TF2 | interface { } |
 | TG1 | interface { } |

go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/Builtin.go

@@ -0,0 +1,16 @@
+package main
+
+import "net/http"
+
+func clearTestBad(sourceReq *http.Request) string {
+	b := make([]byte, 8)
+	sourceReq.Body.Read(b)
+	return string(b)
+}
+
+func clearTestGood(sourceReq *http.Request) string {
+	b := make([]byte, 8)
+	sourceReq.Body.Read(b)
+	clear(b) // should prevent taint flow
+	return string(b)
+}

go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected

@@ -0,0 +1,10 @@
+edges
+| Builtin.go:6:2:6:2 | definition of b | Builtin.go:8:9:8:17 | type conversion |
+| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b |
+nodes
+| Builtin.go:6:2:6:2 | definition of b | semmle.label | definition of b |
+| Builtin.go:7:2:7:15 | selection of Body | semmle.label | selection of Body |
+| Builtin.go:8:9:8:17 | type conversion | semmle.label | type conversion |
+subpaths
+#select
+| Builtin.go:8:9:8:17 | type conversion | Builtin.go:7:2:7:15 | selection of Body | Builtin.go:8:9:8:17 | type conversion | Found taint flow |