Skip to content

Commit 5b0d4ce

Browse files
owen-mcowen-mc
authored
Merge pull request github#13644 from porcupineyhairs/dsnImprove
Go : Improvements to DSN Injection query
2 parents 0a0e9bb + dc0deb5 commit 5b0d4ce

13 files changed

+12
-9
lines changed

go/ql/src/experimental/CWE-134/DsnBad.go renamed to go/ql/src/experimental/CWE-74/DsnBad.go

File renamed without changes.

go/ql/src/experimental/CWE-134/DsnGood.go renamed to go/ql/src/experimental/CWE-74/DsnGood.go

File renamed without changes.

go/ql/src/experimental/CWE-134/DsnInjection.qhelp renamed to go/ql/src/experimental/CWE-74/DsnInjection.qhelp

File renamed without changes.

go/ql/src/experimental/CWE-134/DsnInjection.ql renamed to go/ql/src/experimental/CWE-74/DsnInjection.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
* @id go/dsn-injection
77
* @tags security
88
* experimental
9-
* external/cwe/cwe-134
9+
* external/cwe/cwe-74
1010
*/
1111

1212
import go
@@ -18,5 +18,5 @@ private class UntrustedFlowAsSource extends Source instanceof UntrustedFlowSourc
1818

1919
from DsnInjection cfg, DataFlow::PathNode source, DataFlow::PathNode sink
2020
where cfg.hasFlowPath(source, sink)
21-
select sink.getNode(), source, sink, "This query depends on a $@.", source.getNode(),
22-
"user-provided value"
21+
select sink.getNode(), source, sink, "Data-Source Name is built using $@.", source.getNode(),
22+
"untrusted user input"

go/ql/src/experimental/CWE-134/DsnInjectionCustomizations.qll renamed to go/ql/src/experimental/CWE-74/DsnInjectionCustomizations.qll

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,8 +14,11 @@ class DsnInjection extends TaintTracking::Configuration {
1414
override predicate isSource(DataFlow::Node node) { node instanceof Source }
1515

1616
override predicate isSink(DataFlow::Node node) {
17-
exists(Function f | f.hasQualifiedName("database/sql", "Open") |
18-
node = f.getACall().getArgument(1)
17+
exists(DataFlow::CallNode c |
18+
c.getTarget().hasQualifiedName("database/sql", "Open") and
19+
c.getArgument(0).getStringValue() = "mysql"
20+
|
21+
node = c.getArgument(1)
1922
)
2023
}
2124

go/ql/src/experimental/CWE-134/DsnInjectionLocal.ql renamed to go/ql/src/experimental/CWE-74/DsnInjectionLocal.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
* @id go/dsn-injection-local
77
* @tags security
88
* experimental
9-
* external/cwe/cwe-134
9+
* external/cwe/cwe-74
1010
*/
1111

1212
import go

go/ql/test/experimental/CWE-134/DsnInjection.qlref

Lines changed: 0 additions & 1 deletion
This file was deleted.

go/ql/test/experimental/CWE-134/DsnInjectionLocal.qlref

Lines changed: 0 additions & 1 deletion
This file was deleted.

go/ql/test/experimental/CWE-134/Dsn.go renamed to go/ql/test/experimental/CWE-74/Dsn.go

File renamed without changes.

go/ql/test/experimental/CWE-134/DsnInjection.expected renamed to go/ql/test/experimental/CWE-74/DsnInjection.expected

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,4 +9,4 @@ nodes
99
| Dsn.go:50:29:50:33 | dbDSN | semmle.label | dbDSN |
1010
subpaths
1111
#select
12-
| Dsn.go:50:29:50:33 | dbDSN | Dsn.go:47:10:47:30 | call to FormValue | Dsn.go:50:29:50:33 | dbDSN | This query depends on a $@. | Dsn.go:47:10:47:30 | call to FormValue | user-provided value |
12+
| Dsn.go:50:29:50:33 | dbDSN | Dsn.go:47:10:47:30 | call to FormValue | Dsn.go:50:29:50:33 | dbDSN | Data-Source Name is built using $@. | Dsn.go:47:10:47:30 | call to FormValue | untrusted user input |

0 commit comments

Comments
 (0)