Add taint-tracking for encoding/pem

gagliardetto · gagliardetto · commit e7fc3c50392c · 2020-09-14T13:10:25.000+02:00
diff --git a/ql/src/semmle/go/frameworks/Stdlib.qll b/ql/src/semmle/go/frameworks/Stdlib.qll
@@ -25,6 +25,7 @@ import semmle.go.frameworks.stdlib.EncodingCsv
 import semmle.go.frameworks.stdlib.EncodingGob
 import semmle.go.frameworks.stdlib.EncodingHex
 import semmle.go.frameworks.stdlib.EncodingJson
+import semmle.go.frameworks.stdlib.EncodingPem
 import semmle.go.frameworks.stdlib.Path
 import semmle.go.frameworks.stdlib.PathFilepath
 import semmle.go.frameworks.stdlib.Reflect
diff --git a/ql/src/semmle/go/frameworks/stdlib/EncodingPem.qll b/ql/src/semmle/go/frameworks/stdlib/EncodingPem.qll
@@ -0,0 +1,31 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `encoding/pem` package.
+ */
+
+import go
+
+/** Provides models of commonly used functions in the `encoding/pem` package. */
+module EncodingPem {
+  private class FunctionModels extends TaintTracking::FunctionModel {
+    FunctionInput inp;
+    FunctionOutput outp;
+
+    FunctionModels() {
+      // signature: func Decode(data []byte) (p *Block, rest []byte)
+      hasQualifiedName("encoding/pem", "Decode") and
+      (inp.isParameter(0) and outp.isResult(_))
+      or
+      // signature: func Encode(out io.Writer, b *Block) error
+      hasQualifiedName("encoding/pem", "Encode") and
+      (inp.isParameter(1) and outp.isParameter(0))
+      or
+      // signature: func EncodeToMemory(b *Block) []byte
+      hasQualifiedName("encoding/pem", "EncodeToMemory") and
+      (inp.isParameter(0) and outp.isResult())
+    }
+
+    override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
+      input = inp and output = outp
+    }
+  }
+}
diff --git a/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/EncodingPem.go b/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/EncodingPem.go
