Skip to content

Commit ec9d88b

Browse files
owen-mcowen-mc
committed
Convert mongodb nosql-injection sinks to MaD
1 parent 86e9f15 commit ec9d88b

File tree

3 files changed

+170
-137
lines changed

3 files changed

+170
-137
lines changed

go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
extensions:
2+
- addsTo:
3+
pack: codeql/go-all
4+
extensible: sinkModel
5+
data:
6+
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "CountDocuments", "", "", "Argument[1]", "nosql-injection", "manual"]
7+
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "DeleteMany", "", "", "Argument[1]", "nosql-injection", "manual"]
8+
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "DeleteOne", "", "", "Argument[1]", "nosql-injection", "manual"]
9+
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Distinct", "", "", "Argument[2]", "nosql-injection", "manual"]
10+
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Find", "", "", "Argument[1]", "nosql-injection", "manual"]
11+
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOne", "", "", "Argument[1]", "nosql-injection", "manual"]
12+
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOneAndDelete", "", "", "Argument[1]", "nosql-injection", "manual"]
13+
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOneAndReplace", "", "", "Argument[1]", "nosql-injection", "manual"]
14+
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOneAndUpdate", "", "", "Argument[1]", "nosql-injection", "manual"]
15+
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "ReplaceOne", "", "", "Argument[1]", "nosql-injection", "manual"]
16+
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "UpdateMany", "", "", "Argument[1]", "nosql-injection", "manual"]
17+
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "UpdateOne", "", "", "Argument[1]", "nosql-injection", "manual"]
18+
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Watch", "", "", "Argument[1]", "nosql-injection", "manual"]
19+
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Aggregate", "", "", "Argument[1]", "nosql-injection", "manual"]

go/ql/lib/semmle/go/frameworks/NoSQL.qll

Lines changed: 76 additions & 78 deletions
Original file line numberDiff line numberDiff line change
@@ -31,84 +31,82 @@ module NoSql {
3131
)
3232
}
3333
}
34-
35-
/**
36-
* Holds if method `name` of struct `Collection` from package
37-
* [go.mongodb.org/mongo-driver/mongo](https://pkg.go.dev/go.mongodb.org/mongo-driver/mongo)
38-
* interprets parameter `n` as a query.
39-
*/
40-
private predicate mongoDbCollectionMethod(string name, int n) {
41-
// func (coll *Collection) CountDocuments(ctx context.Context, filter interface{},
42-
// opts ...*options.CountOptions) (int64, error)
43-
name = "CountDocuments" and n = 1
44-
or
45-
// func (coll *Collection) DeleteMany(ctx context.Context, filter interface{},
46-
// opts ...*options.DeleteOptions) (*DeleteResult, error)
47-
name = "DeleteMany" and n = 1
48-
or
49-
// func (coll *Collection) DeleteOne(ctx context.Context, filter interface{},
50-
// opts ...*options.DeleteOptions) (*DeleteResult, error)
51-
name = "DeleteOne" and n = 1
52-
or
53-
// func (coll *Collection) Distinct(ctx context.Context, fieldName string, filter interface{},
54-
// ...) ([]interface{}, error)
55-
name = "Distinct" and n = 2
56-
or
57-
// func (coll *Collection) Find(ctx context.Context, filter interface{},
58-
// opts ...*options.FindOptions) (*Cursor, error)
59-
name = "Find" and n = 1
60-
or
61-
// func (coll *Collection) FindOne(ctx context.Context, filter interface{},
62-
// opts ...*options.FindOneOptions) *SingleResult
63-
name = "FindOne" and n = 1
64-
or
65-
// func (coll *Collection) FindOneAndDelete(ctx context.Context, filter interface{}, ...)
66-
// *SingleResult
67-
name = "FindOneAndDelete" and n = 1
68-
or
69-
// func (coll *Collection) FindOneAndReplace(ctx context.Context, filter interface{},
70-
// replacement interface{}, ...) *SingleResult
71-
name = "FindOneAndReplace" and n = 1
72-
or
73-
// func (coll *Collection) FindOneAndUpdate(ctx context.Context, filter interface{},
74-
// update interface{}, ...) *SingleResult
75-
name = "FindOneAndUpdate" and n = 1
76-
or
77-
// func (coll *Collection) ReplaceOne(ctx context.Context, filter interface{},
78-
// replacement interface{}, ...) (*UpdateResult, error)
79-
name = "ReplaceOne" and n = 1
80-
or
81-
// func (coll *Collection) UpdateMany(ctx context.Context, filter interface{},
82-
// update interface{}, ...) (*UpdateResult, error)
83-
name = "UpdateMany" and n = 1
84-
or
85-
// func (coll *Collection) UpdateOne(ctx context.Context, filter interface{},
86-
// update interface{}, ...) (*UpdateResult, error)
87-
name = "UpdateOne" and n = 1
88-
or
89-
// func (coll *Collection) Watch(ctx context.Context, pipeline interface{}, ...)
90-
// (*ChangeStream, error)
91-
name = "Watch" and n = 1
92-
or
93-
// func (coll *Collection) Aggregate(ctx context.Context, pipeline interface{},
94-
// opts ...*options.AggregateOptions) (*Cursor, error)
95-
name = "Aggregate" and n = 1
96-
}
97-
98-
/**
99-
* A query used in an API function acting on a `Collection` struct of package
100-
* [go.mongodb.org/mongo-driver/mongo](https://pkg.go.dev/go.mongodb.org/mongo-driver/mongo).
101-
*/
102-
private class MongoDbCollectionQuery extends Range {
103-
MongoDbCollectionQuery() {
104-
exists(Method meth, string methodName, int n |
105-
mongoDbCollectionMethod(methodName, n) and
106-
meth.hasQualifiedName(package("go.mongodb.org/mongo-driver", "mongo"), "Collection",
107-
methodName) and
108-
this = meth.getACall().getArgument(n)
109-
)
110-
}
111-
}
34+
// /**
35+
// * Holds if method `name` of struct `Collection` from package
36+
// * [go.mongodb.org/mongo-driver/mongo](https://pkg.go.dev/go.mongodb.org/mongo-driver/mongo)
37+
// * interprets parameter `n` as a query.
38+
// */
39+
// private predicate mongoDbCollectionMethod(string name, int n) {
40+
// // func (coll *Collection) CountDocuments(ctx context.Context, filter interface{},
41+
// // opts ...*options.CountOptions) (int64, error)
42+
// name = "CountDocuments" and n = 1
43+
// or
44+
// // func (coll *Collection) DeleteMany(ctx context.Context, filter interface{},
45+
// // opts ...*options.DeleteOptions) (*DeleteResult, error)
46+
// name = "DeleteMany" and n = 1
47+
// or
48+
// // func (coll *Collection) DeleteOne(ctx context.Context, filter interface{},
49+
// // opts ...*options.DeleteOptions) (*DeleteResult, error)
50+
// name = "DeleteOne" and n = 1
51+
// or
52+
// // func (coll *Collection) Distinct(ctx context.Context, fieldName string, filter interface{},
53+
// // ...) ([]interface{}, error)
54+
// name = "Distinct" and n = 2
55+
// or
56+
// // func (coll *Collection) Find(ctx context.Context, filter interface{},
57+
// // opts ...*options.FindOptions) (*Cursor, error)
58+
// name = "Find" and n = 1
59+
// or
60+
// // func (coll *Collection) FindOne(ctx context.Context, filter interface{},
61+
// // opts ...*options.FindOneOptions) *SingleResult
62+
// name = "FindOne" and n = 1
63+
// or
64+
// // func (coll *Collection) FindOneAndDelete(ctx context.Context, filter interface{}, ...)
65+
// // *SingleResult
66+
// name = "FindOneAndDelete" and n = 1
67+
// or
68+
// // func (coll *Collection) FindOneAndReplace(ctx context.Context, filter interface{},
69+
// // replacement interface{}, ...) *SingleResult
70+
// name = "FindOneAndReplace" and n = 1
71+
// or
72+
// // func (coll *Collection) FindOneAndUpdate(ctx context.Context, filter interface{},
73+
// // update interface{}, ...) *SingleResult
74+
// name = "FindOneAndUpdate" and n = 1
75+
// or
76+
// // func (coll *Collection) ReplaceOne(ctx context.Context, filter interface{},
77+
// // replacement interface{}, ...) (*UpdateResult, error)
78+
// name = "ReplaceOne" and n = 1
79+
// or
80+
// // func (coll *Collection) UpdateMany(ctx context.Context, filter interface{},
81+
// // update interface{}, ...) (*UpdateResult, error)
82+
// name = "UpdateMany" and n = 1
83+
// or
84+
// // func (coll *Collection) UpdateOne(ctx context.Context, filter interface{},
85+
// // update interface{}, ...) (*UpdateResult, error)
86+
// name = "UpdateOne" and n = 1
87+
// or
88+
// // func (coll *Collection) Watch(ctx context.Context, pipeline interface{}, ...)
89+
// // (*ChangeStream, error)
90+
// name = "Watch" and n = 1
91+
// or
92+
// // func (coll *Collection) Aggregate(ctx context.Context, pipeline interface{},
93+
// // opts ...*options.AggregateOptions) (*Cursor, error)
94+
// name = "Aggregate" and n = 1
95+
// }
96+
// /**
97+
// * A query used in an API function acting on a `Collection` struct of package
98+
// * [go.mongodb.org/mongo-driver/mongo](https://pkg.go.dev/go.mongodb.org/mongo-driver/mongo).
99+
// */
100+
// private class MongoDbCollectionQuery extends Range {
101+
// MongoDbCollectionQuery() {
102+
// exists(Method meth, string methodName, int n |
103+
// mongoDbCollectionMethod(methodName, n) and
104+
// meth.hasQualifiedName(package("go.mongodb.org/mongo-driver", "mongo"), "Collection",
105+
// methodName) and
106+
// this = meth.getACall().getArgument(n)
107+
// )
108+
// }
109+
// }
112110
}
113111

114112
/**

0 commit comments

Comments
 (0)