Taint-track package errors

Author: gagliardetto

ql/src/semmle/go/frameworks/Stdlib.qll

@@ -29,6 +29,7 @@ import semmle.go.frameworks.stdlib.EncodingPem
 import semmle.go.frameworks.stdlib.EncodingXml
 import semmle.go.frameworks.stdlib.Html
 import semmle.go.frameworks.stdlib.HtmlTemplate
+import semmle.go.frameworks.stdlib.Errors
 import semmle.go.frameworks.stdlib.Path
 import semmle.go.frameworks.stdlib.PathFilepath
 import semmle.go.frameworks.stdlib.Reflect

ql/src/semmle/go/frameworks/stdlib/Errors.qll

@@ -0,0 +1,31 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `errors` package.
+ */
+
+import go
+
+/** Provides models of commonly used functions in the `errors` package. */
+module Errors {
+  private class FunctionModels extends TaintTracking::FunctionModel {
+    FunctionInput inp;
+    FunctionOutput outp;
+
+    FunctionModels() {
+      // signature: func As(err error, target interface{}) bool
+      hasQualifiedName("errors", "As") and
+      (inp.isParameter(0) and outp.isParameter(1))
+      or
+      // signature: func New(text string) error
+      hasQualifiedName("errors", "New") and
+      (inp.isParameter(0) and outp.isResult())
+      or
+      // signature: func Unwrap(err error) error
+      hasQualifiedName("errors", "Unwrap") and
+      (inp.isParameter(0) and outp.isResult())
+    }
+
+    override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
+      input = inp and output = outp
+    }
+  }
+}