Merge pull request github#14445 from owen-mc/go/automated-mad-coverage-report

owen-mc · web-flow · commit 53561008a170 · 2023-10-15T21:49:47.000+01:00
Go: automated mad coverage report
diff --git a/csharp/ql/src/meta/frameworks/Coverage.ql b/csharp/ql/src/meta/frameworks/Coverage.ql
@@ -1,6 +1,6 @@
 /**
  * @name Framework coverage
- * @description The number of API endpoints covered by CSV models sorted by
+ * @description The number of API endpoints covered by MaD models sorted by
  *              package and source-, sink-, and summary-kind.
  * @kind table
  * @id cs/meta/framework-coverage
diff --git a/go/documentation/library-coverage/coverage.csv b/go/documentation/library-coverage/coverage.csv
@@ -0,0 +1,96 @@
+package,source,summary,source:remote,summary:taint,summary:value
+,,2,,,2
+archive/tar,,5,,5,
+archive/zip,,6,,6,
+bufio,,17,,17,
+bytes,,43,,43,
+compress/bzip2,,1,,1,
+compress/flate,,4,,4,
+compress/gzip,,3,,3,
+compress/lzw,,1,,1,
+compress/zlib,,4,,4,
+container/heap,,5,,5,
+container/list,,20,,20,
+container/ring,,5,,5,
+context,,5,,5,
+crypto,,1,,1,
+crypto/cipher,,3,,3,
+crypto/rsa,,2,,2,
+crypto/tls,,3,,3,
+crypto/x509,,1,,1,
+database/sql,,7,,7,
+database/sql/driver,,4,,4,
+encoding,,4,,4,
+encoding/ascii85,,2,,2,
+encoding/asn1,,8,,8,
+encoding/base32,,3,,3,
+encoding/base64,,3,,3,
+encoding/binary,,2,,2,
+encoding/csv,,5,,5,
+encoding/gob,,7,,7,
+encoding/hex,,3,,3,
+encoding/json,,14,,14,
+encoding/pem,,3,,3,
+encoding/xml,,23,,23,
+errors,,3,,3,
+expvar,,6,,6,
+fmt,,5,,5,
+github.com/astaxie/beego,,7,,7,
+github.com/astaxie/beego/context,,1,,1,
+github.com/astaxie/beego/utils,,13,,13,
+github.com/beego/beego/core/utils,,13,,13,
+github.com/beego/beego/server/web,,7,,7,
+github.com/beego/beego/server/web/context,,1,,1,
+github.com/couchbase/gocb,,18,,18,
+github.com/couchbaselabs/gocb,,18,,18,
+github.com/elazarl/goproxy,,2,,2,
+github.com/evanphx/json-patch,,12,,12,
+github.com/gin-gonic/gin,,2,,2,
+github.com/go-pg/pg/$ANYVERSION/orm,,6,,6,
+github.com/golang/protobuf/$ANYVERSION/proto,,4,,4,
+github.com/json-iterator/go,,4,,4,
+github.com/labstack/echo,,2,,2,
+github.com/revel/revel,,10,,10,
+github.com/robfig/revel,,10,,10,
+github.com/sendgrid/sendgrid-go/$ANYVERSION/helpers/mail,,1,,1,
+go.uber.org/zap,,11,,11,
+golang.org/x/net/$ANYVERSION/html,,16,,16,
+golang.org/x/net/context,,5,,5,
+google.golang.org/protobuf/$ANYVERSION/internal/encoding/text,,1,,1,
+google.golang.org/protobuf/$ANYVERSION/internal/impl,,2,,2,
+google.golang.org/protobuf/$ANYVERSION/proto,,8,,8,
+google.golang.org/protobuf/$ANYVERSION/reflect/protoreflect,,1,,1,
+gopkg.in/couchbase/gocb,,18,,18,
+gopkg.in/macaron,,1,,1,
+gopkg.in/yaml,,9,,9,
+html,,2,,2,
+html/template,,6,,6,
+io,,19,,19,
+io/fs,,12,,12,
+io/ioutil,,2,,2,
+k8s.io/api/core,,10,,10,
+k8s.io/apimachinery/$ANYVERSION/pkg/runtime,,47,,47,
+log,,3,,3,
+mime,,5,,5,
+mime/multipart,,8,,8,
+mime/quotedprintable,,1,,1,
+net,,20,,20,
+net/http,8,22,8,22,
+net/http/httputil,,10,,10,
+net/mail,,6,,6,
+net/textproto,,19,,19,
+net/url,,23,,23,
+os,,4,,4,
+path,,5,,5,
+path/filepath,,13,,13,
+reflect,,37,,37,
+regexp,,20,,20,
+sort,,1,,1,
+strconv,,9,,9,
+strings,,34,,34,
+sync,,10,,10,
+sync/atomic,,24,,24,
+syscall,,8,,8,
+text/scanner,,3,,3,
+text/tabwriter,,1,,1,
+text/template,,6,,6,
diff --git a/go/documentation/library-coverage/coverage.rst b/go/documentation/library-coverage/coverage.rst
@@ -0,0 +1,12 @@
+Go framework & library support
+================================
+
+.. csv-table::
+   :header-rows: 1
+   :class: fullWidthTable
+   :widths: auto
+
+   Framework / library,Package,Flow sources,Taint & value steps,Sinks (total)
+   Others,"````, ``archive/tar``, ``archive/zip``, ``bufio``, ``bytes``, ``compress/bzip2``, ``compress/flate``, ``compress/gzip``, ``compress/lzw``, ``compress/zlib``, ``container/heap``, ``container/list``, ``container/ring``, ``context``, ``crypto``, ``crypto/cipher``, ``crypto/rsa``, ``crypto/tls``, ``crypto/x509``, ``database/sql``, ``database/sql/driver``, ``encoding``, ``encoding/ascii85``, ``encoding/asn1``, ``encoding/base32``, ``encoding/base64``, ``encoding/binary``, ``encoding/csv``, ``encoding/gob``, ``encoding/hex``, ``encoding/json``, ``encoding/pem``, ``encoding/xml``, ``errors``, ``expvar``, ``fmt``, ``github.com/astaxie/beego``, ``github.com/astaxie/beego/context``, ``github.com/astaxie/beego/utils``, ``github.com/beego/beego/core/utils``, ``github.com/beego/beego/server/web``, ``github.com/beego/beego/server/web/context``, ``github.com/couchbase/gocb``, ``github.com/couchbaselabs/gocb``, ``github.com/elazarl/goproxy``, ``github.com/evanphx/json-patch``, ``github.com/gin-gonic/gin``, ``github.com/go-pg/pg/$ANYVERSION/orm``, ``github.com/golang/protobuf/$ANYVERSION/proto``, ``github.com/json-iterator/go``, ``github.com/labstack/echo``, ``github.com/revel/revel``, ``github.com/robfig/revel``, ``github.com/sendgrid/sendgrid-go/$ANYVERSION/helpers/mail``, ``go.uber.org/zap``, ``golang.org/x/net/$ANYVERSION/html``, ``golang.org/x/net/context``, ``google.golang.org/protobuf/$ANYVERSION/internal/encoding/text``, ``google.golang.org/protobuf/$ANYVERSION/internal/impl``, ``google.golang.org/protobuf/$ANYVERSION/proto``, ``google.golang.org/protobuf/$ANYVERSION/reflect/protoreflect``, ``gopkg.in/couchbase/gocb``, ``gopkg.in/macaron``, ``gopkg.in/yaml``, ``html``, ``html/template``, ``io``, ``io/fs``, ``io/ioutil``, ``k8s.io/api/core``, ``k8s.io/apimachinery/$ANYVERSION/pkg/runtime``, ``log``, ``mime``, ``mime/multipart``, ``mime/quotedprintable``, ``net``, ``net/http``, ``net/http/httputil``, ``net/mail``, ``net/textproto``, ``net/url``, ``os``, ``path``, ``path/filepath``, ``reflect``, ``regexp``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/atomic``, ``syscall``, ``text/scanner``, ``text/tabwriter``, ``text/template``",8,826,
+   Totals,,8,826,
+
diff --git a/go/documentation/library-coverage/cwe-sink.csv b/go/documentation/library-coverage/cwe-sink.csv
@@ -0,0 +1 @@
+CWE,Sink identifier,Label
diff --git a/go/documentation/library-coverage/frameworks.csv b/go/documentation/library-coverage/frameworks.csv
@@ -0,0 +1 @@
+Framework name,URL,Package prefixes
diff --git a/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll b/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll
@@ -82,14 +82,6 @@ private import internal.AccessPathSyntax
 private import FlowSummary
 private import codeql.mad.ModelValidation as SharedModelVal
 
-/**
- * A module importing the frameworks that provide external flow data,
- * ensuring that they are visible to the taint tracking / data flow library.
- */
-private module Frameworks {
-  private import semmle.go.frameworks.Stdlib
-}
-
 /** Holds if a source model exists for the given parameters. */
 predicate sourceModel = Extensions::sourceModel/9;
 
diff --git a/go/ql/src/meta/frameworks/Coverage.ql b/go/ql/src/meta/frameworks/Coverage.ql
@@ -0,0 +1,14 @@
+/**
+ * @name Framework coverage
+ * @description The number of API endpoints covered by MaD models sorted by
+ *              package and source-, sink-, and summary-kind.
+ * @kind table
+ * @id go/meta/framework-coverage
+ */
+
+import go
+import semmle.go.dataflow.ExternalFlow
+
+from string package, int pkgs, string kind, string part, int n
+where modelCoverage(package, pkgs, kind, part, n)
+select package, pkgs, kind, part, n
diff --git a/java/ql/src/meta/frameworks/Coverage.ql b/java/ql/src/meta/frameworks/Coverage.ql
@@ -1,6 +1,6 @@
 /**
  * @name Framework coverage
- * @description The number of API endpoints covered by CSV models sorted by
+ * @description The number of API endpoints covered by MaD models sorted by
  *              package and source-, sink-, and summary-kind.
  * @kind table
  * @id java/meta/framework-coverage
diff --git a/misc/scripts/library-coverage/generate-report.py b/misc/scripts/library-coverage/generate-report.py
@@ -114,7 +114,9 @@ def add_package_stats_to_row(row, sorted_cwes, collect):
     utils.LanguageConfig(
         "java", "Java", ".java", query_prefix + "java/ql/src/meta/frameworks/Coverage.ql"),
     utils.LanguageConfig(
-        "csharp", "C#", ".cs", query_prefix + "csharp/ql/src/meta/frameworks/Coverage.ql")
+        "csharp", "C#", ".cs", query_prefix + "csharp/ql/src/meta/frameworks/Coverage.ql"),
+    utils.LanguageConfig(
+        "go", "Go", ".go", query_prefix + "go/ql/src/meta/frameworks/Coverage.ql")
 ]
 
 # The names of input and output files. The placeholder {language} is replaced with the language name.
diff --git a/misc/scripts/library-coverage/generate-timeseries.py b/misc/scripts/library-coverage/generate-timeseries.py
@@ -74,7 +74,9 @@ def get_packages(config, search_path):
     utils.LanguageConfig(
         "java", "Java", ".java", "java/ql/src/meta/frameworks/Coverage.ql", ["java/ql/lib/config/semmlecode.dbscheme", "java/ql/src/config/semmlecode.dbscheme"]),
     utils.LanguageConfig(
-        "csharp", "C#", ".cs", "csharp/ql/src/meta/frameworks/Coverage.ql", ["csharp/ql/lib/semmlecode.csharp.dbscheme", "csharp/ql/src/semmlecode.csharp.dbscheme"])
+        "csharp", "C#", ".cs", "csharp/ql/src/meta/frameworks/Coverage.ql", ["csharp/ql/lib/semmlecode.csharp.dbscheme", "csharp/ql/src/semmlecode.csharp.dbscheme"]),
+    utils.LanguageConfig(
+        "go", "Go", ".go", "go/ql/src/meta/frameworks/Coverage.ql", ["go/ql/lib/go.dbscheme", "go/ql/src/go.dbscheme"])
 ]
 
 output_prefix = "framework-coverage-timeseries-"
diff --git a/misc/scripts/library-coverage/settings.py b/misc/scripts/library-coverage/settings.py
@@ -21,4 +21,4 @@
 repo_output_rst = documentation_folder + output_rst_file_name
 repo_output_csv = documentation_folder + output_csv_file_name
 
-languages = ['java', 'csharp']
+languages = ['java', 'csharp', 'go']
