added *ReadBody* Methods as UntrustedFlowSource

am0o0 · am0o0 · commit d84333dad85e · 2023-12-14T15:31:09.000+01:00
diff --git a/go/ql/lib/semmle/go/frameworks/Fasthttp.qll b/go/ql/lib/semmle/go/frameworks/Fasthttp.qll
@@ -399,6 +399,12 @@ module Fasthttp {
             ]) and
           this = m.getACall().getResult(0)
         )
+        or
+        exists(Method m |
+          m.hasQualifiedName(packagePath(), "Request",
+            ["ReadBody", "ReadLimitBody", "ContinueReadBodyStream", "ContinueReadBody"]) and
+          this = m.getACall().getArgument(0)
+        )
       }
     }
 
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/fasthttp.go b/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/fasthttp.go
@@ -166,12 +166,13 @@ func fasthttpServer() {
 		body2, _ := requestCtx.Request.BodyInflate()      // $ UntrustedFlowSource="... := ...[0]"
 		body3, _ := requestCtx.Request.BodyUnbrotli()     // $ UntrustedFlowSource="... := ...[0]"
 		body4, _ := requestCtx.Request.BodyUncompressed() // $ UntrustedFlowSource="... := ...[0]"
-		requestCtx.Request.BodyStream()                   // $ UntrustedFlowSource="call to BodyStream"
-		requestCtx.Request.ReadBody(dstReader, 100, 1000)
-		requestCtx.Request.ReadLimitBody(dstReader, 100)
-		requestCtx.Request.ContinueReadBodyStream(dstReader, 100, true)
-		requestCtx.Request.ContinueReadBody(dstReader, 100)
 		fmt.Println(body1, body2, body3, body4)
+		requestCtx.Request.BodyStream() // $ UntrustedFlowSource="call to BodyStream"
+
+		requestCtx.Request.ReadBody(dstReader, 100, 1000)               // $ UntrustedFlowSource="dstReader"
+		requestCtx.Request.ReadLimitBody(dstReader, 100)                // $ UntrustedFlowSource="dstReader"
+		requestCtx.Request.ContinueReadBodyStream(dstReader, 100, true) // $ UntrustedFlowSource="dstReader"
+		requestCtx.Request.ContinueReadBody(dstReader, 100)             // $ UntrustedFlowSource="dstReader"
 
 		// Response methods
 		// Xss Sinks Related method
@@ -186,6 +187,7 @@ func fasthttpServer() {
 		fmt.Fprintf(rspWriter, "%s", userInputByte) // $ XssSink=userInputByte
 		io.WriteString(rspWriter, userInput)        // $ XssSink=userInput
 		io.TeeReader(userInputReader, rspWriter)    // $ XssSink=userInputReader
+		io.TeeReader(userInputReader, rspWriter)    // $ XssSink=userInputReader
 		bufioReader := bufio.NewReader(dstReader)
 		bufioReader.WriteTo(rspWriter) // $ XssSink=bufioReader
 		bytesUserInput := bytes.NewBuffer(userInputByte)

Original file line number	Diff line number	Diff line change
`@@ -399,6 +399,12 @@ module Fasthttp {`
`399`	`399`	`]) and`
`400`	`400`	`this = m.getACall().getResult(0)`
`401`	`401`	`)`
	`402`	`+ or`
	`403`	`+ exists(Method m \|`
	`404`	`+ m.hasQualifiedName(packagePath(), "Request",`
	`405`	`+ ["ReadBody", "ReadLimitBody", "ContinueReadBodyStream", "ContinueReadBody"]) and`
	`406`	`+ this = m.getACall().getArgument(0)`
	`407`	`+ )`
`402`	`408`	`}`
`403`	`409`	`}`
`404`	`410`