Skip to content
This repository was archived by the owner on Jan 5, 2023. It is now read-only.

Commit e47715b

Browse files
gagliardettogagliardetto
committed
Add taint-tracking for sync package
1 parent 362d210 commit e47715b

3 files changed

Lines changed: 186 additions & 0 deletions

File tree

ql/src/semmle/go/frameworks/Stdlib.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ import semmle.go.frameworks.stdlib.PathFilepath
2020
import semmle.go.frameworks.stdlib.Reflect
2121
import semmle.go.frameworks.stdlib.Strconv
2222
import semmle.go.frameworks.stdlib.Strings
23+
import semmle.go.frameworks.stdlib.Sync
2324
import semmle.go.frameworks.stdlib.TextScanner
2425
import semmle.go.frameworks.stdlib.TextTabwriter
2526
import semmle.go.frameworks.stdlib.TextTemplate

ql/src/semmle/go/frameworks/stdlib/Sync.qll

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
/**
2+
* Provides classes modeling security-relevant aspects of the `sync` package.
3+
*/
4+
5+
import go
6+
7+
/** Provides models of commonly used functions in the `sync` package. */
8+
module Sync {
9+
private class MethodModels extends TaintTracking::FunctionModel, Method {
10+
FunctionInput inp;
11+
FunctionOutput outp;
12+
13+
MethodModels() {
14+
// signature: func (*Map).Load(key interface{}) (value interface{}, ok bool)
15+
this.hasQualifiedName("sync", "Map", "Load") and
16+
(inp.isReceiver() and outp.isResult(0))
17+
or
18+
// signature: func (*Map).LoadOrStore(key interface{}, value interface{}) (actual interface{}, loaded bool)
19+
this.hasQualifiedName("sync", "Map", "LoadOrStore") and
20+
(
21+
inp.isReceiver() and outp.isResult(0)
22+
or
23+
inp.isParameter(_) and
24+
(outp.isReceiver() or outp.isResult(0))
25+
)
26+
or
27+
// signature: func (*Map).Range(f func(key interface{}, value interface{}) bool)
28+
this.hasQualifiedName("sync", "Map", "Range") and
29+
(inp.isReceiver() and outp.isParameter(0))
30+
or
31+
// signature: func (*Map).Store(key interface{}, value interface{})
32+
this.hasQualifiedName("sync", "Map", "Store") and
33+
(inp.isParameter(_) and outp.isReceiver())
34+
or
35+
// signature: func (*Pool).Get() interface{}
36+
this.hasQualifiedName("sync", "Pool", "Get") and
37+
(inp.isReceiver() and outp.isResult())
38+
or
39+
// signature: func (*Pool).Put(x interface{})
40+
this.hasQualifiedName("sync", "Pool", "Put") and
41+
(inp.isParameter(0) and outp.isReceiver())
42+
}
43+
44+
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
45+
input = inp and output = outp
46+
}
47+
}
48+
}

ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Sync.go

Lines changed: 137 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)