Skip to content

Commit 4dd1ed8

Browse files
owen-mcowen-mc
committed
Convert barrier for cleartext logging to MaD
1 parent a80ae3b commit 4dd1ed8

File tree

4 files changed

+16
-9
lines changed

4 files changed

+16
-9
lines changed

go/ql/lib/ext/builtin.model.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,9 @@
11
extensions:
2+
- addsTo:
3+
pack: codeql/go-all
4+
extensible: barrierModel
5+
data:
6+
- ["", "error", False, "Error", "", "", "ReturnValue", "go/clear-text-logging", "manual"]
27
- addsTo:
38
pack: codeql/go-all
49
extensible: summaryModel

go/ql/lib/ext/fmt.model.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,11 @@ extensions:
66
- ["fmt", "", False, "Print", "", "", "Argument[0]", "log-injection", "manual"]
77
- ["fmt", "", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
88
- ["fmt", "", False, "Println", "", "", "Argument[0]", "log-injection", "manual"]
9+
- addsTo:
10+
pack: codeql/go-all
11+
extensible: barrierModel
12+
data:
13+
- ["fmt", "Stringer", False, "String", "", "", "ReturnValue", "go/clear-text-logging", "manual"]
914
- addsTo:
1015
pack: codeql/go-all
1116
extensible: summaryModel

go/ql/lib/semmle/go/security/CleartextLogging.qll

Lines changed: 1 addition & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -21,15 +21,7 @@ module CleartextLogging {
2121

2222
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
2323

24-
predicate isBarrier(DataFlow::Node node) {
25-
node instanceof Barrier
26-
or
27-
exists(DataFlow::CallNode call | node = call.getResult() |
28-
call.getTarget() = Builtin::error().getType().getMethod("Error")
29-
or
30-
call.getTarget().(Method).hasQualifiedName("fmt", "Stringer", "String")
31-
)
32-
}
24+
predicate isBarrier(DataFlow::Node node) { node instanceof Barrier }
3325

3426
predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
3527

go/ql/lib/semmle/go/security/CleartextLoggingCustomizations.qll

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
*/
66

77
import go
8+
private import semmle.go.dataflow.ExternalFlow
89
private import semmle.go.security.SensitiveActions::HeuristicNames
910
private import semmle.go.security.SensitiveActions::PasswordHeuristics
1011

@@ -36,6 +37,10 @@ module CleartextLogging {
3637
*/
3738
abstract class Barrier extends DataFlow::Node { }
3839

40+
private class DefaultBarrier extends Barrier {
41+
DefaultBarrier() { barrierNode(this, "go/clear-text-logging") }
42+
}
43+
3944
/**
4045
* An argument to a logging mechanism.
4146
*/

0 commit comments

Comments
 (0)