|
12 | 12 | string packagePath() { result = package("github.com/rs/cors", "") } |
13 | 13 |
|
14 | 14 | /** |
15 | | - * A new function create a new Handler that passed to handler chain as middleware |
| 15 | + * A new function create a new gin Handler that passed to gin as middleware |
16 | 16 | */ |
17 | 17 | class New extends Function { |
18 | 18 | New() { exists(Function f | f.hasQualifiedName(packagePath(), "New") | this = f) } |
|
22 | 22 | * A write to the value of Access-Control-Allow-Credentials header |
23 | 23 | */ |
24 | 24 | class AllowCredentialsWrite extends DataFlow::ExprNode { |
25 | | - RsOptions rs; |
| 25 | + DataFlow::Node base; |
26 | 26 |
|
27 | 27 | AllowCredentialsWrite() { |
28 | | - exists(Field f, Write w, DataFlow::Node base | |
| 28 | + exists(Field f, Write w | |
29 | 29 | f.hasQualifiedName(packagePath(), "Options", "AllowCredentials") and |
30 | 30 | w.writesField(base, f, this) and |
31 | | - this.getType() instanceof BoolType and |
32 | | - ( |
33 | | - rs.getV().getBaseVariable().getDefinition().(SsaExplicitDefinition).getRhs() = |
34 | | - base.asInstruction() or |
35 | | - rs.getV().getAUse() = base |
36 | | - ) |
| 31 | + this.getType() instanceof BoolType |
37 | 32 | ) |
38 | 33 | } |
39 | 34 |
|
| 35 | + /** |
| 36 | + * Get config struct holding header values |
| 37 | + */ |
| 38 | + DataFlow::Node getBase() { result = base } |
| 39 | + |
40 | 40 | /** |
41 | 41 | * Get config variable holding header values |
42 | 42 | */ |
43 | | - RsOptions getConfig() { result = rs } |
| 43 | + RsOptions getConfig() { |
| 44 | + exists(RsOptions gc | |
| 45 | + ( |
| 46 | + gc.getV().getBaseVariable().getDefinition().(SsaExplicitDefinition).getRhs() = |
| 47 | + base.asInstruction() or |
| 48 | + gc.getV().getAUse() = base |
| 49 | + ) and |
| 50 | + result = gc |
| 51 | + ) |
| 52 | + } |
44 | 53 | } |
45 | 54 |
|
46 | 55 | /** |
47 | 56 | * A write to the value of Access-Control-Allow-Origins header |
48 | 57 | */ |
49 | 58 | class AllowOriginsWrite extends DataFlow::ExprNode { |
50 | | - RsOptions rs; |
| 59 | + DataFlow::Node base; |
51 | 60 |
|
52 | 61 | AllowOriginsWrite() { |
53 | | - exists(Field f, Write w, DataFlow::Node base | |
| 62 | + exists(Field f, Write w | |
54 | 63 | f.hasQualifiedName(packagePath(), "Options", "AllowedOrigins") and |
55 | 64 | w.writesField(base, f, this) and |
56 | | - this.asExpr() instanceof SliceLit and |
57 | | - ( |
58 | | - rs.getV().getBaseVariable().getDefinition().(SsaExplicitDefinition).getRhs() = |
59 | | - base.asInstruction() or |
60 | | - rs.getV().getAUse() = base |
61 | | - ) |
| 65 | + this.asExpr() instanceof SliceLit |
62 | 66 | ) |
63 | 67 | } |
64 | 68 |
|
| 69 | + /** |
| 70 | + * Get config struct holding header values |
| 71 | + */ |
| 72 | + DataFlow::Node getBase() { result = base } |
| 73 | + |
65 | 74 | /** |
66 | 75 | * Get config variable holding header values |
67 | 76 | */ |
68 | | - RsOptions getConfig() { result = rs } |
| 77 | + RsOptions getConfig() { |
| 78 | + exists(RsOptions gc | |
| 79 | + ( |
| 80 | + gc.getV().getBaseVariable().getDefinition().(SsaExplicitDefinition).getRhs() = |
| 81 | + base.asInstruction() or |
| 82 | + gc.getV().getAUse() = base |
| 83 | + ) and |
| 84 | + result = gc |
| 85 | + ) |
| 86 | + } |
69 | 87 | } |
70 | 88 |
|
71 | 89 | /** |
72 | 90 | * A write to the value of Access-Control-Allow-Origins of value "*", overriding AllowOrigins |
73 | 91 | */ |
74 | 92 | class AllowAllOriginsWrite extends DataFlow::ExprNode { |
75 | | - RsOptions rs; |
| 93 | + DataFlow::Node base; |
76 | 94 |
|
77 | 95 | AllowAllOriginsWrite() { |
78 | | - exists(Field f, Write w, DataFlow::Node base | |
| 96 | + exists(Field f, Write w | |
79 | 97 | f.hasQualifiedName(packagePath(), "Options", "AllowAllOrigins") and |
80 | 98 | w.writesField(base, f, this) and |
81 | | - this.getType() instanceof BoolType and |
82 | | - ( |
83 | | - rs.getV().getBaseVariable().getDefinition().(SsaExplicitDefinition).getRhs() = |
84 | | - base.asInstruction() or |
85 | | - rs.getV().getAUse() = base |
86 | | - ) |
| 99 | + this.getType() instanceof BoolType |
87 | 100 | ) |
88 | 101 | } |
89 | 102 |
|
| 103 | + /** |
| 104 | + * Get config struct holding header values |
| 105 | + */ |
| 106 | + DataFlow::Node getBase() { result = base } |
| 107 | + |
90 | 108 | /** |
91 | 109 | * Get config variable holding header values |
92 | 110 | */ |
93 | | - RsOptions getConfig() { result = rs } |
| 111 | + RsOptions getConfig() { |
| 112 | + exists(RsOptions gc | |
| 113 | + ( |
| 114 | + gc.getV().getBaseVariable().getDefinition().(SsaExplicitDefinition).getRhs() = |
| 115 | + base.asInstruction() or |
| 116 | + gc.getV().getAUse() = base |
| 117 | + ) and |
| 118 | + result = gc |
| 119 | + ) |
| 120 | + } |
94 | 121 | } |
95 | 122 |
|
96 | 123 | /** |
|
105 | 132 | } |
106 | 133 |
|
107 | 134 | /** |
108 | | - * Get variable declaration of RsOptions |
| 135 | + * Get variable declaration of GinConfig |
109 | 136 | */ |
110 | 137 | SsaWithFields getV() { result = v } |
111 | 138 | } |
|
0 commit comments