Skip to content
This repository was archived by the owner on Jan 5, 2023. It is now read-only.

Commit 928c12d

Browse files
gagliardettosmowton
gagliardetto
authored and
smowton
committed
Simplify UntrustedSources methods
1 parent 34dcf83 commit 928c12d

File tree

1 file changed

+15
-20
lines changed

1 file changed

+15
-20
lines changed

ql/src/semmle/go/frameworks/CleverGo.qll

Lines changed: 15 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -8,23 +8,17 @@ import go
88
* Provides classes for working with concepts from the [`clevergo.tech/clevergo@v0.5.2`](https://pkg.go.dev/clevergo.tech/clevergo@v0.5.2) package.
99
*/
1010
private module CleverGo {
11-
/** Gets the package path. */
12-
bindingset[result]
13-
string packagePath() {
14-
result = package(["clevergo.tech/clevergo", "github.com/clevergo/clevergo"], "")
15-
}
16-
1711
/**
1812
* Provides models of untrusted flow sources.
1913
*/
2014
private class UntrustedSources extends UntrustedFlowSource::Range {
2115
UntrustedSources() {
2216
// Methods on types of package: clevergo.tech/clevergo@v0.5.2
23-
exists(string methodName, Method mtd, FunctionOutput outp |
24-
this = outp.getExitNode(mtd.getACall())
17+
exists(string receiverName, string methodName, Method mtd, FunctionOutput outp |
18+
this = outp.getExitNode(mtd.getACall()) and
19+
mtd.hasQualifiedName(package("clevergo.tech/clevergo", ""), receiverName, methodName)
2520
|
26-
// Receiver: Context
27-
mtd.hasQualifiedName(packagePath(), "Context", methodName) and
21+
receiverName = "Context" and
2822
(
2923
// Method: func (*Context).BasicAuth() (username string, password string, ok bool)
3024
methodName = "BasicAuth" and
@@ -59,8 +53,7 @@ private module CleverGo {
5953
outp.isResult()
6054
)
6155
or
62-
// Receiver: Params
63-
mtd.hasQualifiedName(packagePath(), "Params", methodName) and
56+
receiverName = "Params" and
6457
(
6558
// Method: func (Params).String(name string) string
6659
methodName = "String" and
@@ -73,7 +66,7 @@ private module CleverGo {
7366
this = outp.getExitNode(mtd.getACall())
7467
|
7568
// Interface: Decoder
76-
mtd.implements(packagePath(), "Decoder", methodName) and
69+
mtd.implements(package("clevergo.tech/clevergo", ""), "Decoder", methodName) and
7770
(
7871
// Method: func (Decoder).Decode(req *net/http.Request, v interface{}) error
7972
methodName = "Decode" and
@@ -84,16 +77,18 @@ private module CleverGo {
8477
// Structs of package: clevergo.tech/clevergo@v0.5.2
8578
exists(DataFlow::Field fld |
8679
// Struct: Context
87-
fld.hasQualifiedName(packagePath(), "Context", "Params")
80+
fld.hasQualifiedName(package("clevergo.tech/clevergo", ""), "Context", "Params")
8881
or
8982
// Struct: Param
90-
fld.hasQualifiedName(packagePath(), "Param", ["Key", "Value"])
83+
fld.hasQualifiedName(package("clevergo.tech/clevergo", ""), "Param", ["Key", "Value"])
9184
|
9285
this = fld.getARead()
9386
)
9487
or
9588
// Types of package: clevergo.tech/clevergo@v0.5.2
96-
exists(ValueEntity v | v.getType().hasQualifiedName(packagePath(), "Params") |
89+
exists(ValueEntity v |
90+
v.getType().hasQualifiedName(package("clevergo.tech/clevergo", ""), "Params")
91+
|
9792
this = v.getARead()
9893
)
9994
}
@@ -108,7 +103,7 @@ private module CleverGo {
108103
// Taint-tracking models for package: clevergo.tech/clevergo@v0.5.2
109104
(
110105
// Function: func CleanPath(p string) string
111-
this.hasQualifiedName(packagePath(), "CleanPath") and
106+
this.hasQualifiedName(package("clevergo.tech/clevergo", ""), "CleanPath") and
112107
inp.isParameter(0) and
113108
out.isResult()
114109
)
@@ -129,19 +124,19 @@ private module CleverGo {
129124
(
130125
// Receiver: Application
131126
// Method: func (*Application).RouteURL(name string, args ...string) (*net/url.URL, error)
132-
this.hasQualifiedName(packagePath(), "Application", "RouteURL") and
127+
this.hasQualifiedName(package("clevergo.tech/clevergo", ""), "Application", "RouteURL") and
133128
inp.isParameter(_) and
134129
out.isResult(0)
135130
or
136131
// Receiver: Decoder
137132
// Method: func (Decoder).Decode(req *net/http.Request, v interface{}) error
138-
this.implements(packagePath(), "Decoder", "Decode") and
133+
this.implements(package("clevergo.tech/clevergo", ""), "Decoder", "Decode") and
139134
inp.isParameter(0) and
140135
out.isParameter(1)
141136
or
142137
// Receiver: Renderer
143138
// Method: func (Renderer).Render(w io.Writer, name string, data interface{}, c *Context) error
144-
this.implements(packagePath(), "Renderer", "Render") and
139+
this.implements(package("clevergo.tech/clevergo", ""), "Renderer", "Render") and
145140
inp.isParameter(2) and
146141
out.isParameter(0)
147142
)

0 commit comments

Comments
 (0)