Convert net/http UserControlledRequestField sources to MaD

owen-mc · owen-mc · commit 535b4ea9862c · 2024-07-16T16:53:02.000+01:00
diff --git a/go/ql/lib/ext/net.http.model.yml b/go/ql/lib/ext/net.http.model.yml
@@ -37,3 +37,11 @@ extensions:
       - ["net/http", "Request", True, "PostFormValue", "", "", "ReturnValue", "remote", "manual"]
       - ["net/http", "Request", True, "Referer", "", "", "ReturnValue", "remote", "manual"]
       - ["net/http", "Request", True, "UserAgent", "", "", "ReturnValue", "remote", "manual"]
+      - ["net/http", "Request", True, "Body", "", "", "", "remote", "manual"]
+      - ["net/http", "Request", True, "GetBody", "", "", "", "remote", "manual"]
+      - ["net/http", "Request", True, "Form", "", "", "", "remote", "manual"]
+      - ["net/http", "Request", True, "PostForm", "", "", "", "remote", "manual"]
+      - ["net/http", "Request", True, "MultipartForm", "", "", "", "remote", "manual"]
+      - ["net/http", "Request", True, "Header", "", "", "", "remote", "manual"]
+      - ["net/http", "Request", True, "Trailer", "", "", "", "remote", "manual"]
+      - ["net/http", "Request", True, "URL", "", "", "", "remote", "manual"]
diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
@@ -8,16 +8,6 @@ private import semmle.go.dataflow.internal.FlowSummaryImpl::Private
 
 /** Provides models of commonly used functions in the `net/http` package. */
 module NetHttp {
-  /** An access to an HTTP request field whose value may be controlled by an untrusted user. */
-  private class UserControlledRequestField extends RemoteFlowSource::Range, DataFlow::FieldReadNode {
-    UserControlledRequestField() {
-      exists(string fieldName | this.getField().hasQualifiedName("net/http", "Request", fieldName) |
-        fieldName =
-          ["Body", "GetBody", "Form", "PostForm", "MultipartForm", "Header", "Trailer", "URL"]
-      )
-    }
-  }
-
   /** The declaration of a variable which either is or has a field that implements the http.ResponseWriter type */
   private class StdlibResponseWriter extends Http::ResponseWriter::Range {
     SsaWithFields v;
