@@ -35,83 +35,59 @@ module Twirp {
3535 }
3636 }
3737
38- /**
39- * A type representing a protobuf message.
40- */
38+ /** A type representing a protobuf message. */
4139 class ProtobufMessageType extends Type {
4240 ProtobufMessageType ( ) {
43- exists ( TypeEntity te |
44- te .getType ( ) = this and
45- te .getDeclaration ( ) .getLocation ( ) .getFile ( ) instanceof ProtobufGeneratedFile
46- )
41+ this .hasLocationInfo ( any ( ProtobufGeneratedFile f ) .getAbsolutePath ( ) , _, _, _, _)
4742 }
4843 }
4944
50- /**
51- * An interface type representing a Twirp service.
52- */
45+ /** An interface type representing a Twirp service. */
5346 class ServiceInterfaceType extends InterfaceType {
5447 NamedType namedType ;
5548
5649 ServiceInterfaceType ( ) {
57- exists ( TypeEntity te |
58- te .getType ( ) = namedType and
59- namedType .getUnderlyingType ( ) = this and
60- te .getDeclaration ( ) .getLocation ( ) .getFile ( ) instanceof ServicesGeneratedFile
61- )
50+ namedType .getUnderlyingType ( ) = this and
51+ namedType .hasLocationInfo ( any ( ServicesGeneratedFile f ) .getAbsolutePath ( ) , _, _, _, _)
6252 }
6353
64- /**
65- * Gets the name of the interface.
66- */
54+ /** Gets the name of the interface. */
6755 override string getName ( ) { result = namedType .getName ( ) }
6856
69- /**
70- * Gets the named type on top of this interface type.
71- */
57+ /** Gets the named type on top of this interface type. */
7258 NamedType getNamedType ( ) { result = namedType }
7359 }
7460
75- /**
76- * A Twirp client.
77- */
61+ /** A Twirp client. */
7862 class ServiceClientType extends NamedType {
7963 ServiceClientType ( ) {
80- exists ( ServiceInterfaceType i , PointerType p , TypeEntity te |
64+ exists ( ServiceInterfaceType i , PointerType p |
8165 p .implements ( i ) and
8266 this = p .getBaseType ( ) and
8367 this .getName ( ) .regexpMatch ( "(?i)" + i .getName ( ) + "(protobuf|json)client" ) and
84- te .getType ( ) = this and
85- te .getDeclaration ( ) .getLocation ( ) .getFile ( ) instanceof ServicesGeneratedFile
68+ this .hasLocationInfo ( any ( ServicesGeneratedFile f ) .getAbsolutePath ( ) , _, _, _, _)
8669 )
8770 }
8871 }
8972
90- /**
91- * A Twirp server.
92- */
73+ /** A Twirp server. */
9374 class ServiceServerType extends NamedType {
9475 ServiceServerType ( ) {
95- exists ( ServiceInterfaceType i , TypeEntity te |
76+ exists ( ServiceInterfaceType i |
9677 this .implements ( i ) and
9778 this .getName ( ) .regexpMatch ( "(?i)" + i .getName ( ) + "server" ) and
98- te .getType ( ) = this and
99- te .getDeclaration ( ) .getLocation ( ) .getFile ( ) instanceof ServicesGeneratedFile
79+ this .hasLocationInfo ( any ( ServicesGeneratedFile f ) .getAbsolutePath ( ) , _, _, _, _)
10080 )
10181 }
10282 }
10383
104- /**
105- * A Twirp function to construct a Client.
106- */
84+ /** A Twirp function to construct a Client. */
10785 class ClientConstructor extends Function {
10886 ClientConstructor ( ) {
109- exists ( ServiceClientType c |
110- this .getName ( ) .regexpMatch ( "(?i)new" + c .getName ( ) ) and
111- this .getParameterType ( 0 ) instanceof StringType and
112- this .getParameterType ( 1 ) .getName ( ) = "HTTPClient" and
113- this .getDeclaration ( ) .getLocation ( ) .getFile ( ) instanceof ServicesGeneratedFile
114- )
87+ this .getName ( ) .regexpMatch ( "(?i)new" + any ( ServiceClientType c ) .getName ( ) ) and
88+ this .getParameterType ( 0 ) instanceof StringType and
89+ this .getParameterType ( 1 ) .getName ( ) = "HTTPClient" and
90+ this .hasLocationInfo ( any ( ServicesGeneratedFile f ) .getAbsolutePath ( ) , _, _, _, _)
11591 }
11692 }
11793
@@ -122,17 +98,13 @@ module Twirp {
12298 */
12399 class ServerConstructor extends Function {
124100 ServerConstructor ( ) {
125- exists ( ServiceServerType c , ServiceInterfaceType i |
126- this .getName ( ) .regexpMatch ( "(?i)new" + c .getName ( ) ) and
127- this .getParameterType ( 0 ) = i .getNamedType ( ) and
128- this .getDeclaration ( ) .getLocation ( ) .getFile ( ) instanceof ServicesGeneratedFile
129- )
101+ this .getName ( ) .regexpMatch ( "(?i)new" + any ( ServiceServerType c ) .getName ( ) ) and
102+ this .getParameterType ( 0 ) = any ( ServiceInterfaceType i ) .getNamedType ( ) and
103+ this .hasLocationInfo ( any ( ServicesGeneratedFile f ) .getAbsolutePath ( ) , _, _, _, _)
130104 }
131105 }
132106
133- /**
134- * An SSRF sink for the Client constructor.
135- */
107+ /** An SSRF sink for the Client constructor. */
136108 class ClientRequestUrlAsSink extends RequestForgery:: Sink {
137109 ClientRequestUrlAsSink ( ) {
138110 exists ( DataFlow:: CallNode call |
@@ -146,27 +118,22 @@ module Twirp {
146118 override string getKind ( ) { result = "URL" }
147119 }
148120
149- /**
150- * A service handler.
151- */
121+ /** A service handler. */
152122 class ServiceHandler extends Method {
153123 ServiceHandler ( ) {
154- exists ( DataFlow:: CallNode call , Type handlerType , ServiceInterfaceType i |
124+ exists ( DataFlow:: CallNode call |
155125 call .getTarget ( ) instanceof ServerConstructor and
156- call .getArgument ( 0 ) .getType ( ) = handlerType and
157- this = handlerType .getMethod ( _) and
158- this .implements ( i .getNamedType ( ) .getMethod ( _) )
126+ this = call .getArgument ( 0 ) .getType ( ) .getMethod ( _) and
127+ this .implements ( any ( ServiceInterfaceType i ) .getNamedType ( ) .getMethod ( _) )
159128 )
160129 }
161130 }
162131
163- /**
164- * A request coming to the service handler.
165- */
132+ /** A request coming to the service handler. */
166133 class Request extends UntrustedFlowSource:: Range instanceof DataFlow:: ParameterNode {
167134 Request ( ) {
168- exists ( FuncDef c , ServiceHandler handler | handler . getFuncDecl ( ) = c |
169- this .asParameter ( ) .isParameterOf ( c , 1 ) and
135+ exists ( ServiceHandler handler |
136+ this .asParameter ( ) .isParameterOf ( handler . getFuncDecl ( ) , 1 ) and
170137 handler .getParameterType ( 0 ) .hasQualifiedName ( "context" , "Context" ) and
171138 this .getType ( ) .( PointerType ) .getBaseType ( ) instanceof ProtobufMessageType
172139 )
0 commit comments