Skip to content

Commit b4b848a

Browse files
KwstubbsKwstubbs
committed
Fix tests and simplify sanitizer
1 parent f86152d commit b4b848a

File tree

4 files changed

+4
-10
lines changed

4 files changed

+4
-10
lines changed

go/ql/lib/ext/os.model.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ extensions:
2828
- ["os", "", False, "ReadDir", "", "", "Argument[0]", "path-injection", "manual"]
2929
- ["os", "", False, "ReadFile", "", "", "Argument[0]", "path-injection", "manual"]
3030
- ["os", "", False, "MkdirTemp", "", "", "Argument[0..1]", "path-injection", "manual"]
31+
- ["os", "", False, "CreateTemp", "", "", "Argument[0]", "path-injection", "manual"]
3132
- ["os", "", False, "WriteFile", "", "", "Argument[0]", "path-injection", "manual"]
3233
# command-injection
3334
- ["os", "", False, "StartProcess", "", "", "Argument[0]", "command-injection", "manual"]

go/ql/lib/semmle/go/security/TaintedPathCustomizations.qll

Lines changed: 1 addition & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -87,14 +87,7 @@ module TaintedPath {
8787
exists(DataFlow::CallNode cleanCall, StringOps::Concatenation concatNode |
8888
cleanCall = any(Function f | f.hasQualifiedName("path/filepath", "Clean")).getACall() and
8989
concatNode = cleanCall.getArgument(0) and
90-
(
91-
concatNode.getOperand(0).asExpr().(StringLit).getValue() = "/"
92-
or
93-
exists(DeclaredConstant dc |
94-
dc.hasQualifiedName("os", "PathSeparator") and
95-
dc.getAReference() = concatNode.getOperand(0).asExpr().getAChildExpr*()
96-
)
97-
) and
90+
concatNode.getOperand(0).getStringValue().prefix(1) = ["/", "\\"] and
9891
this = cleanCall.getResult()
9992
)
10093
}

go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Os.go

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

go/ql/test/query-tests/Security/CWE-022/TaintedPath.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,7 @@ func handler(w http.ResponseWriter, r *http.Request) {
6666

6767
// GOOD: Sanitized by filepath.Clean with a prepended os.PathSeparator forcing interpretation
6868
// as an absolute path, so that Clean will throw away any leading `..` components.
69-
data, _ = ioutil.ReadFile(filepath.Clean(string(os.PathSeparator) + tainted_path))
69+
data, _ = ioutil.ReadFile(filepath.Clean(string(os.PathSeparator) + "hardcoded" + tainted_path))
7070
w.Write(data)
7171

7272
// BAD: Sanitized by path.Clean with a prepended '/' forcing interpretation

0 commit comments

Comments
 (0)