-
Notifications
You must be signed in to change notification settings - Fork 23
Expand file tree
/
Copy pathUtils.qll
More file actions
56 lines (50 loc) · 1.26 KB
/
Utils.qll
File metadata and controls
56 lines (50 loc) · 1.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
private import go
private import semmle.go.dataflow.DataFlow
private import semmle.go.dataflow.TaintTracking
private import semmle.go.frameworks.stdlib.Fmt
/**
* Find Node at Location
*/
predicate filterByLocation(DataFlow::Node node, string relative_path, int linenumber) {
node.getLocation().getFile().getRelativePath() = relative_path and
node.getLocation().getStartLine() = linenumber
}
/**
* List of all the souces
*/
class AllSources extends DataFlow::Node {
private string threatmodel;
AllSources() {
this instanceof RemoteFlowSource::Range and
threatmodel = "remote"
or
this instanceof LocalSources and
threatmodel = "local"
}
/**
* Gets the source threat model.
*/
string getThreatModel() { result = threatmodel }
}
/**
* Local sources
*/
class LocalSources extends DataFlow::Node {
LocalSources() {
this.(SourceNode).getThreatModel() = "local"
}
}
class DynamicStrings extends DataFlow::Node {
DynamicStrings() {
// fmt format string
exists(Fmt::Sprinter formatter |
this = formatter.getACall()
)
or
// binary expression
exists(BinaryExpr expr |
this.asExpr() = expr.getLeftOperand() and
expr.getOperator() = "+"
)
}
}