Skip to content

Commit abeca3d

Browse files
owen-mcowen-mc
committed
Convert Fasthttp::RequestCtx::RemoteFlowSource to MaD
1 parent 729069e commit abeca3d

File tree

2 files changed

+11
-1
lines changed

2 files changed

+11
-1
lines changed

go/ql/lib/ext/github.com.valyala.fasthttp.model.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,3 +37,11 @@ extensions:
3737
- ["github.com/valyala/fasthttp", "Request", True, "ReadBody", "", "", "Argument[0]", "request", "manual"]
3838
- ["github.com/valyala/fasthttp", "Request", True, "ReadLimitBody", "", "", "Argument[0]", "request", "manual"]
3939
- ["github.com/valyala/fasthttp", "Request", True, "RequestURI", "", "", "ReturnValue[0]", "request", "manual"]
40+
- ["github.com/valyala/fasthttp", "RequestCtx", True, "Host", "", "", "ReturnValue[0]", "request", "manual"]
41+
- ["github.com/valyala/fasthttp", "RequestCtx", True, "Path", "", "", "ReturnValue[0]", "request", "manual"]
42+
- ["github.com/valyala/fasthttp", "RequestCtx", True, "PostBody", "", "", "ReturnValue[0]", "request", "manual"]
43+
- ["github.com/valyala/fasthttp", "RequestCtx", True, "Referer", "", "", "ReturnValue[0]", "request", "manual"]
44+
- ["github.com/valyala/fasthttp", "RequestCtx", True, "RequestBodyStream", "", "", "ReturnValue[0]", "request", "manual"]
45+
- ["github.com/valyala/fasthttp", "RequestCtx", True, "RequestURI", "", "", "ReturnValue[0]", "request", "manual"]
46+
- ["github.com/valyala/fasthttp", "RequestCtx", True, "String", "", "", "ReturnValue[0]", "request", "manual"]
47+
- ["github.com/valyala/fasthttp", "RequestCtx", True, "UserAgent", "", "", "ReturnValue[0]", "request", "manual"]

go/ql/lib/semmle/go/frameworks/Fasthttp.qll

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -494,11 +494,13 @@ module Fasthttp {
494494
deprecated class UntrustedFlowSource = RemoteFlowSource;
495495

496496
/**
497+
* DEPRECATED: Use `RemoteFlowSource` instead.
498+
*
497499
* The methods as Remote user controllable source which are generally related to HTTP request.
498500
*
499501
* When support for lambdas has been implemented we should model "VisitAll", "VisitAllCookie", "VisitAllInOrder", "VisitAllTrailer".
500502
*/
501-
class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
503+
deprecated class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
502504
RemoteFlowSource() {
503505
exists(Method m |
504506
m.hasQualifiedName(packagePath(), "RequestCtx",

0 commit comments

Comments
 (0)