Merge pull request #17162 from owen-mc/go/mad/convert-sink-2

Go: Convert log-injection, path-injection and command-injection sinks to use models-as-data

Author: owen-mc

go/ql/lib/ext/fmt.model.yml

@@ -1,4 +1,11 @@
 extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["fmt", "", False, "Print", "", "", "Argument[0]", "log-injection", "manual"]
+      - ["fmt", "", False, "Printf",  "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["fmt", "", False, "Println", "", "", "Argument[0]", "log-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel

go/ql/lib/ext/github.com.beego.beego.core.logs.model.yml

@@ -0,0 +1,34 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: packageGrouping
+    data:
+      - ["beego-logs", "github.com/astaxie/beego/logs"]
+      - ["beego-logs", "github.com/beego/beego/logs"]
+      - ["beego-logs", "github.com/beego/beego/core/logs"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["group:beego-logs", "", False, "Alert", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego-logs", "", False, "Critical", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego-logs", "", False, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego-logs", "", False, "Emergency", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego-logs", "", False, "Error", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego-logs", "", False, "Info", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego-logs", "", False, "Informational", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego-logs", "", False, "Notice", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego-logs", "", False, "Trace", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego-logs", "", False, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego-logs", "", False, "Warning", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego-logs", "BeeLogger", False, "Alert", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego-logs", "BeeLogger", False, "Critical", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego-logs", "BeeLogger", False, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego-logs", "BeeLogger", False, "Emergency", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego-logs", "BeeLogger", False, "Error", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego-logs", "BeeLogger", False, "Info", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego-logs", "BeeLogger", False, "Informational", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego-logs", "BeeLogger", False, "Notice", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego-logs", "BeeLogger", False, "Trace", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego-logs", "BeeLogger", False, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego-logs", "BeeLogger", False, "Warning", "", "", "Argument[0..1]", "log-injection", "manual"]

go/ql/lib/ext/github.com.beego.beego.core.utils.model.yml

@@ -6,6 +6,11 @@ extensions:
       - ["beego-utils", "github.com/astaxie/beego/utils"]
       - ["beego-utils", "github.com/beego/beego/utils"]
       - ["beego-utils", "github.com/beego/beego/core/utils"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["group:beego-utils", "", False, "Display", "", "", "Argument[0]", "log-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel

go/ql/lib/ext/github.com.beego.beego.server.web.context.model.yml

@@ -6,6 +6,11 @@ extensions:
       - ["beego-context", "github.com/astaxie/beego/context"]
       - ["beego-context", "github.com/beego/beego/context"]
       - ["beego-context", "github.com/beego/beego/server/web/context"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["group:beego-context", "BeegoOutput", False, "Download", "", "", "Argument[0]", "path-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel

go/ql/lib/ext/github.com.beego.beego.server.web.model.yml

@@ -6,6 +6,27 @@ extensions:
       - ["beego", "github.com/astaxie/beego"]
       - ["beego", "github.com/beego/beego"]
       - ["beego", "github.com/beego/beego/server/web"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      # log-injection
+      - ["group:beego", "", False, "Alert", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego", "", False, "Critical", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego", "", False, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego", "", False, "Emergency", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego", "", False, "Error", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego", "", False, "Info", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego", "", False, "Informational", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego", "", False, "Notice", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego", "", False, "Trace", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego", "", False, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["group:beego", "", False, "Warning", "", "", "Argument[0..1]", "log-injection", "manual"]
+      # path-injection
+      - ["group:beego", "", False, "Walk", "", "", "Argument[1]", "path-injection", "manual"]
+      - ["group:beego", "Controller", False, "SaveToFile", "", "", "Argument[1]", "path-injection", "manual"]
+      - ["group:beego", "Controller", False, "SaveToFileWithBuffer", "", "", "Argument[1]", "path-injection", "manual"] # only exists in v2
+      - ["group:beego", "FileSystem", False, "Open", "", "", "Argument[0]", "path-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel

go/ql/lib/ext/github.com.codeskyblue.go-sh.model.yml

@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/codeskyblue/go-sh", "", False, "Command", "", "", "Argument[0]", "command-injection", "manual"]
+      - ["github.com/codeskyblue/go-sh", "Session", False, "Call", "", "", "Argument[0]", "command-injection", "manual"]
+      - ["github.com/codeskyblue/go-sh", "Session", False, "Command", "", "", "Argument[0]", "command-injection", "manual"]
+      - ["github.com/codeskyblue/go-sh", "Session", False, "Exec", "", "", "Argument[0]", "command-injection", "manual"]

go/ql/lib/ext/github.com.davecgh.go-spew.spew.model.yml

@@ -0,0 +1,14 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/davecgh/go-spew/spew", "", False, "Dump", "", "", "Argument[0]", "log-injection", "manual"]
+      - ["github.com/davecgh/go-spew/spew", "", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["github.com/davecgh/go-spew/spew", "", False, "Fdump", "", "", "Argument[1]", "log-injection", "manual"]
+      - ["github.com/davecgh/go-spew/spew", "", False, "Fprint", "", "", "Argument[1]", "log-injection", "manual"]
+      - ["github.com/davecgh/go-spew/spew", "", False, "Fprintf", "", "", "Argument[1..2]", "log-injection", "manual"]
+      - ["github.com/davecgh/go-spew/spew", "", False, "Fprintln", "", "", "Argument[1]", "log-injection", "manual"]
+      - ["github.com/davecgh/go-spew/spew", "", False, "Print", "", "", "Argument[0]", "log-injection", "manual"]
+      - ["github.com/davecgh/go-spew/spew", "", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["github.com/davecgh/go-spew/spew", "", False, "Println", "", "", "Argument[0]", "log-injection", "manual"]

go/ql/lib/ext/github.com.elazarl.goproxy.model.yml

@@ -1,4 +1,10 @@
 extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/elazarl/goproxy", "ProxyCtx", False, "Logf", "", "", "Argument[0..1]", "log-injection", "manual"]
+      - ["github.com/elazarl/goproxy", "ProxyCtx", False, "Warnf", "", "", "Argument[0..1]", "log-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel

go/ql/lib/ext/github.com.gin-gonic.gin.model.yml

@@ -1,4 +1,11 @@
 extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/gin-gonic/gin", "Context", False, "File", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", False, "FileAttachment", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", False, "SaveUploadedFile", "", "", "Argument[1]", "path-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel

go/ql/lib/ext/github.com.gofiber.fiber.model.yml

@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/gofiber/fiber", "Ctx", False, "SendFile", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/gofiber/fiber", "Ctx", False, "Download", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/gofiber/fiber", "Ctx", False, "SaveFile", "", "", "Argument[1]", "path-injection", "manual"]
+      - ["github.com/gofiber/fiber", "Ctx", False, "SaveFileToStorage", "", "", "Argument[1]", "path-injection", "manual"] # does not exist in v1