Skip to content

Go: convert regex-use, url-redirection sinks to use models-as-data #17177

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 12, 2024
Merged

Go: convert regex-use, url-redirection sinks to use models-as-data #17177

merged 4 commits into from
Aug 12, 2024

Conversation

owen-mc
Copy link
Contributor

@owen-mc owen-mc commented Aug 7, 2024

Convert regex-use, url-redirection sinks to use models-as-data. Follows on from #17162.

@owen-mc owen-mc added the no-change-note-required This PR does not need a change note label Aug 7, 2024
@github-actions github-actions bot added the Go label Aug 7, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 7, 2024
edited
Loading

⚠️ The head of this PR and the base branch were compared for differences in the framework coverage reports. The generated reports are available in the artifacts of this workflow run. The differences will be picked up by the nightly job after the PR gets merged.

Click to show differences in coverage

go

Generated file changes for go

  • Changes to framework-coverage-go.rst:
-    `Echo <https://echo.labstack.com/>`_,``github.com/labstack/echo*``,12,2,2
+    `Echo <https://echo.labstack.com/>`_,``github.com/labstack/echo*``,12,2,3
-    `Macaron <https://gopkg.in/macaron.v1>`_,``gopkg.in/macaron*``,12,1,
+    `Macaron <https://gopkg.in/macaron.v1>`_,``gopkg.in/macaron*``,12,1,1
-    `Revel <http://revel.github.io/>`_,"``github.com/revel/revel*``, ``github.com/robfig/revel*``",46,20,2
+    `Revel <http://revel.github.io/>`_,"``github.com/revel/revel*``, ``github.com/robfig/revel*``",46,20,4
-    `Standard library <https://pkg.go.dev/std>`_,"````, ``archive/*``, ``bufio``, ``bytes``, ``cmp``, ``compress/*``, ``container/*``, ``context``, ``crypto``, ``crypto/*``, ``database/*``, ``debug/*``, ``embed``, ``encoding``, ``encoding/*``, ``errors``, ``expvar``, ``flag``, ``fmt``, ``go/*``, ``hash``, ``hash/*``, ``html``, ``html/*``, ``image``, ``image/*``, ``index/*``, ``io``, ``io/*``, ``log``, ``log/*``, ``maps``, ``math``, ``math/*``, ``mime``, ``mime/*``, ``net``, ``net/*``, ``os``, ``os/*``, ``path``, ``path/*``, ``plugin``, ``reflect``, ``reflect/*``, ``regexp``, ``regexp/*``, ``slices``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/*``, ``syscall``, ``syscall/*``, ``testing``, ``testing/*``, ``text/*``, ``time``, ``time/*``, ``unicode``, ``unicode/*``, ``unsafe``",16,584,63
+    `Standard library <https://pkg.go.dev/std>`_,"````, ``archive/*``, ``bufio``, ``bytes``, ``cmp``, ``compress/*``, ``container/*``, ``context``, ``crypto``, ``crypto/*``, ``database/*``, ``debug/*``, ``embed``, ``encoding``, ``encoding/*``, ``errors``, ``expvar``, ``flag``, ``fmt``, ``go/*``, ``hash``, ``hash/*``, ``html``, ``html/*``, ``image``, ``image/*``, ``index/*``, ``io``, ``io/*``, ``log``, ``log/*``, ``maps``, ``math``, ``math/*``, ``mime``, ``mime/*``, ``net``, ``net/*``, ``os``, ``os/*``, ``path``, ``path/*``, ``plugin``, ``reflect``, ``reflect/*``, ``regexp``, ``regexp/*``, ``slices``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/*``, ``syscall``, ``syscall/*``, ``testing``, ``testing/*``, ``text/*``, ``time``, ``time/*``, ``unicode``, ``unicode/*``, ``unsafe``",16,584,74
-    `beego <https://beego.me/>`_,"``github.com/astaxie/beego*``, ``github.com/beego/beego*``",63,63,117
+    `beego <https://beego.me/>`_,"``github.com/astaxie/beego*``, ``github.com/beego/beego*``",63,63,123
-    `fasthttp <https://github.com/valyala/fasthttp>`_,``github.com/valyala/fasthttp*``,50,5,33
+    `fasthttp <https://github.com/valyala/fasthttp>`_,``github.com/valyala/fasthttp*``,50,5,35
-    Others,"``github.com/Sirupsen/logrus``, ``github.com/codeskyblue/go-sh``, ``github.com/davecgh/go-spew/spew``, ``github.com/gofiber/fiber``, ``github.com/golang/glog``, ``github.com/sirupsen/logrus``, ``github.com/spf13/afero``, ``golang.org/x/crypto/ssh``, ``gopkg.in/glog``, ``k8s.io/klog``",,,561
+    Others,"``clevergo.tech/clevergo``, ``github.com/Sirupsen/logrus``, ``github.com/clevergo/clevergo``, ``github.com/codeskyblue/go-sh``, ``github.com/davecgh/go-spew/spew``, ``github.com/gofiber/fiber``, ``github.com/golang/glog``, ``github.com/sirupsen/logrus``, ``github.com/spf13/afero``, ``golang.org/x/crypto/ssh``, ``gopkg.in/glog``, ``k8s.io/klog``",,,564
-    Totals,,267,906,917
+    Totals,,267,906,943
  • Changes to framework-coverage-go.csv:
- package,sink,source,summary,sink:command-injection,sink:credentials-key,sink:jwt,sink:log-injection,sink:path-injection,sink:request-forgery,sink:request-forgery[TCP Addr + Port],sink:xpath-injection,source:remote,summary:taint,summary:value
+ package,sink,source,summary,sink:command-injection,sink:credentials-key,sink:jwt,sink:log-injection,sink:path-injection,sink:regex-use[0],sink:regex-use[1],sink:regex-use[c],sink:request-forgery,sink:request-forgery[TCP Addr + Port],sink:url-redirection,sink:url-redirection[0],sink:url-redirection[receiver],sink:xpath-injection,source:remote,summary:taint,summary:value
- ,,,8,,,,,,,,,,3,5
+ ,,,8,,,,,,,,,,,,,,,,3,5
- archive/tar,,,5,,,,,,,,,,5,
+ archive/tar,,,5,,,,,,,,,,,,,,,,5,
- archive/zip,,,6,,,,,,,,,,6,
+ archive/zip,,,6,,,,,,,,,,,,,,,,6,
- bufio,,,17,,,,,,,,,,17,
+ bufio,,,17,,,,,,,,,,,,,,,,17,
- bytes,,,43,,,,,,,,,,43,
+ bytes,,,43,,,,,,,,,,,,,,,,43,
+ clevergo.tech/clevergo,1,,,,,,,,,,,,,,,1,,,,
- compress/bzip2,,,1,,,,,,,,,,1,
+ compress/bzip2,,,1,,,,,,,,,,,,,,,,1,
- compress/flate,,,4,,,,,,,,,,4,
+ compress/flate,,,4,,,,,,,,,,,,,,,,4,
- compress/gzip,,,3,,,,,,,,,,3,
+ compress/gzip,,,3,,,,,,,,,,,,,,,,3,
- compress/lzw,,,1,,,,,,,,,,1,
+ compress/lzw,,,1,,,,,,,,,,,,,,,,1,
- compress/zlib,,,4,,,,,,,,,,4,
+ compress/zlib,,,4,,,,,,,,,,,,,,,,4,
- container/heap,,,5,,,,,,,,,,5,
+ container/heap,,,5,,,,,,,,,,,,,,,,5,
- container/list,,,20,,,,,,,,,,20,
+ container/list,,,20,,,,,,,,,,,,,,,,20,
- container/ring,,,5,,,,,,,,,,5,
+ container/ring,,,5,,,,,,,,,,,,,,,,5,
- context,,,5,,,,,,,,,,5,
+ context,,,5,,,,,,,,,,,,,,,,5,
- crypto,,,1,,,,,,,,,,1,
+ crypto,,,1,,,,,,,,,,,,,,,,1,
- crypto/cipher,,,3,,,,,,,,,,3,
+ crypto/cipher,,,3,,,,,,,,,,,,,,,,3,
- crypto/rsa,,,2,,,,,,,,,,2,
+ crypto/rsa,,,2,,,,,,,,,,,,,,,,2,
- crypto/tls,,,3,,,,,,,,,,3,
+ crypto/tls,,,3,,,,,,,,,,,,,,,,3,
- crypto/x509,,,1,,,,,,,,,,1,
+ crypto/x509,,,1,,,,,,,,,,,,,,,,1,
- database/sql,,,7,,,,,,,,,,7,
+ database/sql,,,7,,,,,,,,,,,,,,,,7,
- database/sql/driver,,,4,,,,,,,,,,4,
+ database/sql/driver,,,4,,,,,,,,,,,,,,,,4,
- encoding,,,4,,,,,,,,,,4,
+ encoding,,,4,,,,,,,,,,,,,,,,4,
- encoding/ascii85,,,2,,,,,,,,,,2,
+ encoding/ascii85,,,2,,,,,,,,,,,,,,,,2,
- encoding/asn1,,,8,,,,,,,,,,8,
+ encoding/asn1,,,8,,,,,,,,,,,,,,,,8,
- encoding/base32,,,3,,,,,,,,,,3,
+ encoding/base32,,,3,,,,,,,,,,,,,,,,3,
- encoding/base64,,,3,,,,,,,,,,3,
+ encoding/base64,,,3,,,,,,,,,,,,,,,,3,
- encoding/binary,,,2,,,,,,,,,,2,
+ encoding/binary,,,2,,,,,,,,,,,,,,,,2,
- encoding/csv,,,5,,,,,,,,,,5,
+ encoding/csv,,,5,,,,,,,,,,,,,,,,5,
- encoding/gob,,,7,,,,,,,,,,7,
+ encoding/gob,,,7,,,,,,,,,,,,,,,,7,
- encoding/hex,,,3,,,,,,,,,,3,
+ encoding/hex,,,3,,,,,,,,,,,,,,,,3,
- encoding/json,,,14,,,,,,,,,,14,
+ encoding/json,,,14,,,,,,,,,,,,,,,,14,
- encoding/pem,,,3,,,,,,,,,,3,
+ encoding/pem,,,3,,,,,,,,,,,,,,,,3,
- encoding/xml,,,23,,,,,,,,,,23,
+ encoding/xml,,,23,,,,,,,,,,,,,,,,23,
- errors,,,3,,,,,,,,,,3,
+ errors,,,3,,,,,,,,,,,,,,,,3,
- expvar,,,6,,,,,,,,,,6,
+ expvar,,,6,,,,,,,,,,,,,,,,6,
- fmt,3,,16,,,,3,,,,,,16,
+ fmt,3,,16,,,,3,,,,,,,,,,,,16,
- github.com/ChrisTrenkamp/goxpath,3,,,,,,,,,,3,,,
+ github.com/ChrisTrenkamp/goxpath,3,,,,,,,,,,,,,,,,3,,,
- github.com/Sirupsen/logrus,118,,,,,,118,,,,,,,
+ github.com/Sirupsen/logrus,118,,,,,,118,,,,,,,,,,,,,
- github.com/antchfx/htmlquery,4,,,,,,,,,,4,,,
+ github.com/antchfx/htmlquery,4,,,,,,,,,,,,,,,,4,,,
- github.com/antchfx/jsonquery,4,,,,,,,,,,4,,,
+ github.com/antchfx/jsonquery,4,,,,,,,,,,,,,,,,4,,,
- github.com/antchfx/xmlquery,8,,,,,,,,,,8,,,
+ github.com/antchfx/xmlquery,8,,,,,,,,,,,,,,,,8,,,
- github.com/antchfx/xpath,4,,,,,,,,,,4,,,
+ github.com/antchfx/xpath,4,,,,,,,,,,,,,,,,4,,,
- github.com/appleboy/gin-jwt,1,,,,1,,,,,,,,,
+ github.com/appleboy/gin-jwt,1,,,,1,,,,,,,,,,,,,,,
- github.com/astaxie/beego,15,6,7,,,,11,4,,,,6,7,
+ github.com/astaxie/beego,16,6,7,,,,11,4,,,,,,1,,,,6,7,
- github.com/astaxie/beego/context,1,15,1,,,,,1,,,,15,1,
+ github.com/astaxie/beego/context,2,15,1,,,,,1,,,,,,1,,,,15,1,
- github.com/astaxie/beego/logs,22,,,,,,22,,,,,,,
+ github.com/astaxie/beego/logs,22,,,,,,22,,,,,,,,,,,,,
- github.com/astaxie/beego/utils,1,,13,,,,1,,,,,,13,
+ github.com/astaxie/beego/utils,1,,13,,,,1,,,,,,,,,,,,13,
- github.com/beego/beego,15,6,7,,,,11,4,,,,6,7,
+ github.com/beego/beego,16,6,7,,,,11,4,,,,,,1,,,,6,7,
- github.com/beego/beego/context,1,15,1,,,,,1,,,,15,1,
+ github.com/beego/beego/context,2,15,1,,,,,1,,,,,,1,,,,15,1,
- github.com/beego/beego/core/logs,22,,,,,,22,,,,,,,
+ github.com/beego/beego/core/logs,22,,,,,,22,,,,,,,,,,,,,
- github.com/beego/beego/core/utils,1,,13,,,,1,,,,,,13,
+ github.com/beego/beego/core/utils,1,,13,,,,1,,,,,,,,,,,,13,
- github.com/beego/beego/logs,22,,,,,,22,,,,,,,
+ github.com/beego/beego/logs,22,,,,,,22,,,,,,,,,,,,,
- github.com/beego/beego/server/web,15,6,7,,,,11,4,,,,6,7,
+ github.com/beego/beego/server/web,16,6,7,,,,11,4,,,,,,1,,,,6,7,
- github.com/beego/beego/server/web/context,1,15,1,,,,,1,,,,15,1,
+ github.com/beego/beego/server/web/context,2,15,1,,,,,1,,,,,,1,,,,15,1,
- github.com/beego/beego/utils,1,,13,,,,1,,,,,,13,
+ github.com/beego/beego/utils,1,,13,,,,1,,,,,,,,,,,,13,
+ github.com/clevergo/clevergo,1,,,,,,,,,,,,,,,1,,,,
- github.com/codeskyblue/go-sh,4,,,4,,,,,,,,,,
+ github.com/codeskyblue/go-sh,4,,,4,,,,,,,,,,,,,,,,
- github.com/couchbase/gocb,,,18,,,,,,,,,,18,
+ github.com/couchbase/gocb,,,18,,,,,,,,,,,,,,,,18,
- github.com/couchbaselabs/gocb,,,18,,,,,,,,,,18,
+ github.com/couchbaselabs/gocb,,,18,,,,,,,,,,,,,,,,18,
- github.com/crankycoder/xmlpath,2,,,,,,,,,,2,,,
+ github.com/crankycoder/xmlpath,2,,,,,,,,,,,,,,,,2,,,
- github.com/cristalhq/jwt,1,,,,1,,,,,,,,,
+ github.com/cristalhq/jwt,1,,,,1,,,,,,,,,,,,,,,
- github.com/davecgh/go-spew/spew,9,,,,,,9,,,,,,,
+ github.com/davecgh/go-spew/spew,9,,,,,,9,,,,,,,,,,,,,
- github.com/dgrijalva/jwt-go,3,,9,,2,1,,,,,,,9,
+ github.com/dgrijalva/jwt-go,3,,9,,2,1,,,,,,,,,,,,,9,
- github.com/elazarl/goproxy,2,2,2,,,,2,,,,,2,2,
+ github.com/elazarl/goproxy,2,2,2,,,,2,,,,,,,,,,,2,2,
- github.com/emicklei/go-restful,,7,,,,,,,,,,7,,
+ github.com/emicklei/go-restful,,7,,,,,,,,,,,,,,,,7,,
- github.com/evanphx/json-patch,,,12,,,,,,,,,,12,
+ github.com/evanphx/json-patch,,,12,,,,,,,,,,,,,,,,12,
- github.com/form3tech-oss/jwt-go,2,,,,2,,,,,,,,,
+ github.com/form3tech-oss/jwt-go,2,,,,2,,,,,,,,,,,,,,,
- github.com/gin-gonic/gin,3,46,2,,,,,3,,,,46,2,
+ github.com/gin-gonic/gin,3,46,2,,,,,3,,,,,,,,,,46,2,
- github.com/go-chi/chi,,3,,,,,,,,,,3,,
+ github.com/go-chi/chi,,3,,,,,,,,,,,,,,,,3,,
- github.com/go-chi/jwtauth,1,,,,1,,,,,,,,,
+ github.com/go-chi/jwtauth,1,,,,1,,,,,,,,,,,,,,,
- github.com/go-jose/go-jose,2,,,,2,,,,,,,,,
+ github.com/go-jose/go-jose,2,,,,2,,,,,,,,,,,,,,,
- github.com/go-jose/go-jose/jwt,1,,4,,,1,,,,,,,4,
+ github.com/go-jose/go-jose/jwt,1,,4,,,1,,,,,,,,,,,,,4,
- github.com/go-kit/kit/auth/jwt,1,,,,1,,,,,,,,,
+ github.com/go-kit/kit/auth/jwt,1,,,,1,,,,,,,,,,,,,,,
- github.com/go-pg/pg/orm,,,6,,,,,,,,,,6,
+ github.com/go-pg/pg/orm,,,6,,,,,,,,,,,,,,,,6,
- github.com/go-xmlpath/xmlpath,2,,,,,,,,,,2,,,
+ github.com/go-xmlpath/xmlpath,2,,,,,,,,,,,,,,,,2,,,
- github.com/gobwas/ws,,2,,,,,,,,,,2,,
+ github.com/gobwas/ws,,2,,,,,,,,,,,,,,,,2,,
- github.com/gofiber/fiber,4,,,,,,,4,,,,,,
+ github.com/gofiber/fiber,5,,,,,,,4,,,,,,,,1,,,,
- github.com/gogf/gf-jwt,1,,,,1,,,,,,,,,
+ github.com/gogf/gf-jwt,1,,,,1,,,,,,,,,,,,,,,
- github.com/going/toolkit/xmlpath,2,,,,,,,,,,2,,,
+ github.com/going/toolkit/xmlpath,2,,,,,,,,,,,,,,,,2,,,
- github.com/golang-jwt/jwt,3,,11,,2,1,,,,,,,11,
+ github.com/golang-jwt/jwt,3,,11,,2,1,,,,,,,,,,,,,11,
- github.com/golang/glog,90,,,,,,90,,,,,,,
+ github.com/golang/glog,90,,,,,,90,,,,,,,,,,,,,
- github.com/golang/protobuf/proto,,,4,,,,,,,,,,4,
+ github.com/golang/protobuf/proto,,,4,,,,,,,,,,,,,,,,4,
- github.com/gorilla/mux,,1,,,,,,,,,,1,,
+ github.com/gorilla/mux,,1,,,,,,,,,,,,,,,,1,,
- github.com/gorilla/websocket,,3,,,,,,,,,,3,,
+ github.com/gorilla/websocket,,3,,,,,,,,,,,,,,,,3,,
- github.com/jbowtie/gokogiri/xml,4,,,,,,,,,,4,,,
+ github.com/jbowtie/gokogiri/xml,4,,,,,,,,,,,,,,,,4,,,
- github.com/jbowtie/gokogiri/xpath,1,,,,,,,,,,1,,,
+ github.com/jbowtie/gokogiri/xpath,1,,,,,,,,,,,,,,,,1,,,
- github.com/json-iterator/go,,,4,,,,,,,,,,4,
+ github.com/json-iterator/go,,,4,,,,,,,,,,,,,,,,4,
- github.com/kataras/iris/context,6,,,,,,,6,,,,,,
+ github.com/kataras/iris/context,6,,,,,,,6,,,,,,,,,,,,
- github.com/kataras/iris/middleware/jwt,2,,,,2,,,,,,,,,
+ github.com/kataras/iris/middleware/jwt,2,,,,2,,,,,,,,,,,,,,,
- github.com/kataras/iris/server/web/context,6,,,,,,,6,,,,,,
+ github.com/kataras/iris/server/web/context,6,,,,,,,6,,,,,,,,,,,,
- github.com/kataras/jwt,5,,,,5,,,,,,,,,
+ github.com/kataras/jwt,5,,,,5,,,,,,,,,,,,,,,
- github.com/labstack/echo,2,12,2,,,,,2,,,,12,2,
+ github.com/labstack/echo,3,12,2,,,,,2,,,,,,1,,,,12,2,
- github.com/lestrrat-go/jwx,1,,,,1,,,,,,,,,
+ github.com/lestrrat-go/jwx,1,,,,1,,,,,,,,,,,,,,,
- github.com/lestrrat-go/jwx/jwk,1,,,,1,,,,,,,,,
+ github.com/lestrrat-go/jwx/jwk,1,,,,1,,,,,,,,,,,,,,,
- github.com/lestrrat-go/libxml2/parser,3,,,,,,,,,,3,,,
+ github.com/lestrrat-go/libxml2/parser,3,,,,,,,,,,,,,,,,3,,,
- github.com/lestrrat/go-jwx/jwk,1,,,,1,,,,,,,,,
+ github.com/lestrrat/go-jwx/jwk,1,,,,1,,,,,,,,,,,,,,,
- github.com/masterzen/xmlpath,2,,,,,,,,,,2,,,
+ github.com/masterzen/xmlpath,2,,,,,,,,,,,,,,,,2,,,
- github.com/moovweb/gokogiri/xml,4,,,,,,,,,,4,,,
+ github.com/moovweb/gokogiri/xml,4,,,,,,,,,,,,,,,,4,,,
- github.com/moovweb/gokogiri/xpath,1,,,,,,,,,,1,,,
+ github.com/moovweb/gokogiri/xpath,1,,,,,,,,,,,,,,,,1,,,
- github.com/ory/fosite/token/jwt,2,,,,2,,,,,,,,,
+ github.com/ory/fosite/token/jwt,2,,,,2,,,,,,,,,,,,,,,
- github.com/revel/revel,1,23,10,,,,,1,,,,23,10,
+ github.com/revel/revel,2,23,10,,,,,1,,,,,,1,,,,23,10,
- github.com/robfig/revel,1,23,10,,,,,1,,,,23,10,
+ github.com/robfig/revel,2,23,10,,,,,1,,,,,,1,,,,23,10,
- github.com/santhosh-tekuri/xpathparser,2,,,,,,,,,,2,,,
+ github.com/santhosh-tekuri/xpathparser,2,,,,,,,,,,,,,,,,2,,,
- github.com/sendgrid/sendgrid-go/helpers/mail,,,1,,,,,,,,,,1,
+ github.com/sendgrid/sendgrid-go/helpers/mail,,,1,,,,,,,,,,,,,,,,1,
- github.com/sirupsen/logrus,118,,,,,,118,,,,,,,
+ github.com/sirupsen/logrus,118,,,,,,118,,,,,,,,,,,,,
- github.com/spf13/afero,34,,,,,,,34,,,,,,
+ github.com/spf13/afero,34,,,,,,,34,,,,,,,,,,,,
- github.com/square/go-jose,2,,,,2,,,,,,,,,
+ github.com/square/go-jose,2,,,,2,,,,,,,,,,,,,,,
- github.com/square/go-jose/jwt,1,,4,,,1,,,,,,,4,
+ github.com/square/go-jose/jwt,1,,4,,,1,,,,,,,,,,,,,4,
- github.com/valyala/fasthttp,33,50,5,,,,,8,17,8,,50,5,
+ github.com/valyala/fasthttp,35,50,5,,,,,8,,,,17,8,2,,,,50,5,
- go.uber.org/zap,33,,11,,,,33,,,,,,11,
+ go.uber.org/zap,33,,11,,,,33,,,,,,,,,,,,11,
- golang.org/x/crypto/ssh,4,,,4,,,,,,,,,,
+ golang.org/x/crypto/ssh,4,,,4,,,,,,,,,,,,,,,,
- golang.org/x/net/context,,,5,,,,,,,,,,5,
+ golang.org/x/net/context,,,5,,,,,,,,,,,,,,,,5,
- golang.org/x/net/html,,,16,,,,,,,,,,16,
+ golang.org/x/net/html,,,16,,,,,,,,,,,,,,,,16,
- golang.org/x/net/websocket,,2,,,,,,,,,,2,,
+ golang.org/x/net/websocket,,2,,,,,,,,,,,,,,,,2,,
- google.golang.org/protobuf/internal/encoding/text,,,1,,,,,,,,,,1,
+ google.golang.org/protobuf/internal/encoding/text,,,1,,,,,,,,,,,,,,,,1,
- google.golang.org/protobuf/internal/impl,,,2,,,,,,,,,,2,
+ google.golang.org/protobuf/internal/impl,,,2,,,,,,,,,,,,,,,,2,
- google.golang.org/protobuf/proto,,,8,,,,,,,,,,8,
+ google.golang.org/protobuf/proto,,,8,,,,,,,,,,,,,,,,8,
- google.golang.org/protobuf/reflect/protoreflect,,,1,,,,,,,,,,1,
+ google.golang.org/protobuf/reflect/protoreflect,,,1,,,,,,,,,,,,,,,,1,
- gopkg.in/couchbase/gocb,,,18,,,,,,,,,,18,
+ gopkg.in/couchbase/gocb,,,18,,,,,,,,,,,,,,,,18,
- gopkg.in/glog,90,,,,,,90,,,,,,,
+ gopkg.in/glog,90,,,,,,90,,,,,,,,,,,,,
- gopkg.in/go-jose/go-jose,2,,,,2,,,,,,,,,
+ gopkg.in/go-jose/go-jose,2,,,,2,,,,,,,,,,,,,,,
- gopkg.in/go-jose/go-jose/jwt,1,,4,,,1,,,,,,,4,
+ gopkg.in/go-jose/go-jose/jwt,1,,4,,,1,,,,,,,,,,,,,4,
- gopkg.in/go-xmlpath/xmlpath,2,,,,,,,,,,2,,,
+ gopkg.in/go-xmlpath/xmlpath,2,,,,,,,,,,,,,,,,2,,,
- gopkg.in/macaron,,12,1,,,,,,,,,12,1,
+ gopkg.in/macaron,1,12,1,,,,,,,,,,,,,1,,12,1,
- gopkg.in/square/go-jose,2,,,,2,,,,,,,,,
+ gopkg.in/square/go-jose,2,,,,2,,,,,,,,,,,,,,,
- gopkg.in/square/go-jose/jwt,1,,4,,,1,,,,,,,4,
+ gopkg.in/square/go-jose/jwt,1,,4,,,1,,,,,,,,,,,,,4,
- gopkg.in/xmlpath,2,,,,,,,,,,2,,,
+ gopkg.in/xmlpath,2,,,,,,,,,,,,,,,,2,,,
- gopkg.in/yaml,,,9,,,,,,,,,,9,
+ gopkg.in/yaml,,,9,,,,,,,,,,,,,,,,9,
- html,,,2,,,,,,,,,,2,
+ html,,,2,,,,,,,,,,,,,,,,2,
- html/template,,,6,,,,,,,,,,6,
+ html/template,,,6,,,,,,,,,,,,,,,,6,
- io,,,19,,,,,,,,,,19,
+ io,,,19,,,,,,,,,,,,,,,,19,
- io/fs,,,12,,,,,,,,,,12,
+ io/fs,,,12,,,,,,,,,,,,,,,,12,
- io/ioutil,5,,2,,,,,5,,,,,2,
+ io/ioutil,5,,2,,,,,5,,,,,,,,,,,2,
- k8s.io/api/core,,,10,,,,,,,,,,10,
+ k8s.io/api/core,,,10,,,,,,,,,,,,,,,,10,
- k8s.io/apimachinery/pkg/runtime,,,47,,,,,,,,,,47,
+ k8s.io/apimachinery/pkg/runtime,,,47,,,,,,,,,,,,,,,,47,
- k8s.io/klog,90,,,,,,90,,,,,,,
+ k8s.io/klog,90,,,,,,90,,,,,,,,,,,,,
- launchpad.net/xmlpath,2,,,,,,,,,,2,,,
+ launchpad.net/xmlpath,2,,,,,,,,,,,,,,,,2,,,
- log,20,,3,,,,20,,,,,,3,
+ log,20,,3,,,,20,,,,,,,,,,,,3,
- math/big,,,1,,,,,,,,,,1,
+ math/big,,,1,,,,,,,,,,,,,,,,1,
- mime,,,5,,,,,,,,,,5,
+ mime,,,5,,,,,,,,,,,,,,,,5,
- mime/multipart,,,8,,,,,,,,,,8,
+ mime/multipart,,,8,,,,,,,,,,,,,,,,8,
- mime/quotedprintable,,,1,,,,,,,,,,1,
+ mime/quotedprintable,,,1,,,,,,,,,,,,,,,,1,
- net,,,20,,,,,,,,,,20,
+ net,,,20,,,,,,,,,,,,,,,,20,
- net/http,1,16,22,,,,,1,,,,16,22,
+ net/http,2,16,22,,,,,1,,,,,,,1,,,16,22,
- net/http/httputil,,,10,,,,,,,,,,10,
+ net/http/httputil,,,10,,,,,,,,,,,,,,,,10,
- net/mail,,,6,,,,,,,,,,6,
+ net/mail,,,6,,,,,,,,,,,,,,,,6,
- net/textproto,,,19,,,,,,,,,,19,
+ net/textproto,,,19,,,,,,,,,,,,,,,,19,
- net/url,,,23,,,,,,,,,,23,
+ net/url,,,23,,,,,,,,,,,,,,,,23,
- nhooyr.io/websocket,,2,,,,,,,,,,2,,
+ nhooyr.io/websocket,,2,,,,,,,,,,,,,,,,2,,
- os,27,,4,1,,,,26,,,,,4,
+ os,27,,4,1,,,,26,,,,,,,,,,,4,
- os/exec,2,,,2,,,,,,,,,,
+ os/exec,2,,,2,,,,,,,,,,,,,,,,
- path,,,5,,,,,,,,,,5,
+ path,,,5,,,,,,,,,,,,,,,,5,
- path/filepath,,,13,,,,,,,,,,13,
+ path/filepath,,,13,,,,,,,,,,,,,,,,13,
- reflect,,,37,,,,,,,,,,37,
+ reflect,,,37,,,,,,,,,,,,,,,,37,
- regexp,,,20,,,,,,,,,,20,
+ regexp,10,,20,,,,,,3,3,4,,,,,,,,20,
- sort,,,1,,,,,,,,,,1,
+ sort,,,1,,,,,,,,,,,,,,,,1,
- strconv,,,9,,,,,,,,,,9,
+ strconv,,,9,,,,,,,,,,,,,,,,9,
- strings,,,34,,,,,,,,,,34,
+ strings,,,34,,,,,,,,,,,,,,,,34,
- sync,,,10,,,,,,,,,,10,
+ sync,,,10,,,,,,,,,,,,,,,,10,
- sync/atomic,,,24,,,,,,,,,,24,
+ sync/atomic,,,24,,,,,,,,,,,,,,,,24,
- syscall,5,,8,5,,,,,,,,,8,
+ syscall,5,,8,5,,,,,,,,,,,,,,,8,
- text/scanner,,,3,,,,,,,,,,3,
+ text/scanner,,,3,,,,,,,,,,,,,,,,3,
- text/tabwriter,,,1,,,,,,,,,,1,
+ text/tabwriter,,,1,,,,,,,,,,,,,,,,1,
- text/template,,,6,,,,,,,,,,6,
+ text/template,,,6,,,,,,,,,,,,,,,,6,

@owen-mc owen-mc force-pushed the go/mad/convert-sink-3 branch 3 times, most recently from 38bb691 to 3a255d0 Compare August 8, 2024 09:13
@owen-mc owen-mc marked this pull request as ready for review August 8, 2024 10:05
@owen-mc owen-mc requested a review from a team as a code owner August 8, 2024 10:05
@owen-mc owen-mc force-pushed the go/mad/convert-sink-3 branch from 3a255d0 to d30b37b Compare August 8, 2024 16:08
@owen-mc owen-mc requested a review from egregius313 August 8, 2024 20:15
egregius313
egregius313 reviewed Aug 9, 2024
View reviewed changes
go/ql/lib/semmle/go/frameworks/stdlib/Regexp.qll Outdated
Comment on lines 23 to 39
strArg = -3 and
kind = "regex-use"
or
sinkModel(_, _, _, _, _, _, _, kind, _, _) and
exists(string strArgStr |
strArgStr.toInt() = strArg
or
strArg = -2 and
strArgStr = "c"
|
kind = "regex-use[" + strArgStr + "]"
)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this need to add handling of -1 corresponding to receiver like done in the http concepts library?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In practice it can't really ever be the receiver - you'd have to have a type which represents a string, with a method on it that takes a regex and applies it to the receiver. But I'm happy to make it accept "receiver" just for consistency. I'll do it when the other PR is merged and I rebase this one (but I'll keep it as a separate commit for easier reviewing).

egregius313
egregius313 suggested changes Aug 9, 2024
View reviewed changes
Copy link
Contributor

@egregius313 egregius313 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other than my comment about the regex kind, this pretty much LGTM.

However, since this modifies several of the same framework libraries as #17162, I am going to hold off on approving the PR until after the rebasing has happened.

@owen-mc owen-mc force-pushed the go/mad/convert-sink-3 branch from d30b37b to 1df81db Compare August 10, 2024 23:37
@owen-mc
Copy link
Contributor Author

owen-mc commented Aug 10, 2024

I hadn't realised that the two PRs conflicted. Now that #17162 is merged I have rebased (resolving conflicts) and added a commit addressing your review comment.

egregius313
egregius313 approved these changes Aug 12, 2024
View reviewed changes
Copy link
Contributor

@egregius313 egregius313 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM provided tests pass

@owen-mc owen-mc merged commit 0dfdee7 into github:main Aug 12, 2024
35 checks passed
@owen-mc owen-mc deleted the go/mad/convert-sink-3 branch August 12, 2024 15:21
@owen-mc owen-mc mentioned this pull request Aug 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@egregius313 egregius313 egregius313 approved these changes

Assignees
No one assigned
Labels
Go no-change-note-required This PR does not need a change note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@owen-mc @egregius313