Convert BeegoControllerSource to MaD

owen-mc · owen-mc · commit 194491f3fbee · 2024-07-01T16:13:38.000+01:00
diff --git a/go/ql/lib/ext/github.com.astaxie.beego.context.model.yml b/go/ql/lib/ext/github.com.astaxie.beego.context.model.yml
@@ -9,6 +9,12 @@ extensions:
       pack: codeql/go-all
       extensible: sourceModel
     data:
+      - ["github.com/astaxie/beego", "Controller", True, "ParseForm", "", "", "Argument[0]", "remote", "manual"]
+      - ["github.com/astaxie/beego", "Controller", True, "GetFile", "", "", "ReturnValue[0..1]", "remote", "manual"]
+      - ["github.com/astaxie/beego", "Controller", True, "GetFiles", "", "", "ReturnValue[0]", "remote", "manual"]
+      - ["github.com/astaxie/beego", "Controller", True, "GetString", "", "", "ReturnValue[0]", "remote", "manual"]
+      - ["github.com/astaxie/beego", "Controller", True, "GetStrings", "", "", "ReturnValue[0]", "remote", "manual"]
+      - ["github.com/astaxie/beego", "Controller", True, "Input", "", "", "ReturnValue[0]", "remote", "manual"]
       - ["github.com/astaxie/beego/context", "BeegoInput", True, "Bind", "", "", "Argument[0]", "remote", "manual"]
       - ["github.com/astaxie/beego/context", "BeegoInput", True, "Cookie", "", "", "ReturnValue[0]", "remote", "manual"]
       - ["github.com/astaxie/beego/context", "BeegoInput", True, "Data", "", "", "ReturnValue[0]", "remote", "manual"]
@@ -23,6 +29,12 @@ extensions:
       - ["github.com/astaxie/beego/context", "BeegoInput", True, "URL", "", "", "ReturnValue[0]", "remote", "manual"]
       - ["github.com/astaxie/beego/context", "BeegoInput", True, "UserAgent", "", "", "ReturnValue[0]", "remote", "manual"]
 
+      - ["github.com/beego/beego", "Controller", True, "ParseForm", "", "", "Argument[0]", "remote", "manual"]
+      - ["github.com/beego/beego", "Controller", True, "GetFile", "", "", "ReturnValue[0..1]", "remote", "manual"]
+      - ["github.com/beego/beego", "Controller", True, "GetFiles", "", "", "ReturnValue[0]", "remote", "manual"]
+      - ["github.com/beego/beego", "Controller", True, "GetString", "", "", "ReturnValue[0]", "remote", "manual"]
+      - ["github.com/beego/beego", "Controller", True, "GetStrings", "", "", "ReturnValue[0]", "remote", "manual"]
+      - ["github.com/beego/beego", "Controller", True, "Input", "", "", "ReturnValue[0]", "remote", "manual"]
       - ["github.com/beego/beego/context", "BeegoInput", True, "Bind", "", "", "Argument[0]", "remote", "manual"]
       - ["github.com/beego/beego/context", "BeegoInput", True, "Cookie", "", "", "ReturnValue[0]", "remote", "manual"]
       - ["github.com/beego/beego/context", "BeegoInput", True, "Data", "", "", "ReturnValue[0]", "remote", "manual"]
@@ -37,6 +49,12 @@ extensions:
       - ["github.com/beego/beego/context", "BeegoInput", True, "URL", "", "", "ReturnValue[0]", "remote", "manual"]
       - ["github.com/beego/beego/context", "BeegoInput", True, "UserAgent", "", "", "ReturnValue[0]", "remote", "manual"]
 
+      - ["github.com/beego/beego/server/web", "Controller", True, "ParseForm", "", "", "Argument[0]", "remote", "manual"]
+      - ["github.com/beego/beego/server/web", "Controller", True, "GetFile", "", "", "ReturnValue[0..1]", "remote", "manual"]
+      - ["github.com/beego/beego/server/web", "Controller", True, "GetFiles", "", "", "ReturnValue[0]", "remote", "manual"]
+      - ["github.com/beego/beego/server/web", "Controller", True, "GetString", "", "", "ReturnValue[0]", "remote", "manual"]
+      - ["github.com/beego/beego/server/web", "Controller", True, "GetStrings", "", "", "ReturnValue[0]", "remote", "manual"]
+      - ["github.com/beego/beego/server/web", "Controller", True, "Input", "", "", "ReturnValue[0]", "remote", "manual"]
       - ["github.com/beego/beego/server/web/context", "BeegoInput", True, "Bind", "", "", "Argument[0]", "remote", "manual"]
       - ["github.com/beego/beego/server/web/context", "BeegoInput", True, "Cookie", "", "", "ReturnValue[0]", "remote", "manual"]
       - ["github.com/beego/beego/server/web/context", "BeegoInput", True, "Data", "", "", "ReturnValue[0]", "remote", "manual"]
diff --git a/go/ql/lib/semmle/go/frameworks/Beego.qll b/go/ql/lib/semmle/go/frameworks/Beego.qll
@@ -56,30 +56,6 @@ module Beego {
     }
   }
 
-  /**
-   * `beego.Controller` sources of untrusted data.
-   */
-  private class BeegoControllerSource extends RemoteFlowSource::Range {
-    BeegoControllerSource() {
-      exists(string methodName, FunctionOutput output |
-        methodName = "ParseForm" and
-        output.isParameter(0)
-        or
-        methodName in ["GetFile", "GetFiles", "GetString", "GetStrings", "Input"] and
-        output.isResult(0)
-        or
-        methodName = "GetFile" and
-        output.isResult(1)
-      |
-        exists(DataFlow::MethodCallNode c |
-          c.getTarget().hasQualifiedName(packagePath(), "Controller", methodName)
-        |
-          this = output.getExitNode(c)
-        )
-      )
-    }
-  }
-
   /**
    * `BeegoInputRequestBody` sources of untrusted data.
    */
