CodeQL library for Go
codeql/go-all 2.1.3 (changelog, source)
Search

Module TaintTrackingUtil

Provides Go-specific definitions for use in the taint-tracking library.

Import path

import semmle.go.dataflow.internal.TaintTrackingUtil

Imports

Predicates

defaultAdditionalTaintStep

Holds if the additional step from node1 to node2 should be included in all global taint flow configurations.

defaultImplicitTaintRead

Holds if default TaintTracking::Configurations should allow implicit reads of c at sinks and inputs to additional taint steps.

defaultTaintSanitizer

Holds if node should be a sanitizer in all global taint flow configurations but not in local taint.

elementStep

Holds if taint flows from pred to succ via an array, map, slice, or string index operation.

elementWriteStep

Holds if there is an assignment of the form succ[idx] = pred, meaning that pred may taint succ.

fieldReadStep

Holds if taint flows from pred to succ via a field read.

functionEnsuresInputIsConstant

Holds if whenever outp of function f satisfies p, the input inp of f matched a constant in a case clause of a switch statement.

inputIsConstantIfOutputHasProperty

Holds if whenever outputNode satisfies p, inputNode matched a constant in a case clause of a switch statement.

localAdditionalTaintStep

Holds if the additional step from pred to succ should be included in all global taint flow configurations.

localExprTaint

Holds if taint can flow from src to sink in zero or more local (intra-procedural) steps.

localTaint

Holds if taint can flow from src to sink in zero or more local (intra-procedural) steps.

localTaintStep

Holds if taint can flow in one local step from src to sink.

referenceStep

Holds if taint flows from pred to succ via a reference or dereference.

sliceStep

Holds if taint flows from pred to succ via a slice operation.

stringConcatStep

Holds if taint flows from pred to succ via string concatenation.

tupleStep

Holds if taint flows from pred to succ via an extract tuple operation.

Classes

AdditionalTaintStep

A unit class for adding additional taint steps.

DefaultTaintSanitizer

A sanitizer in all global taint flow configurations but not in local taint.

EqualityTestBarrier

An equality test acting as a sanitizer guard for nonConstNode by restricting it to a known value.

FunctionModel

A model of a function specifying that the function propagates taint from a parameter or qualifier to a result.

ListOfConstantsComparisonSanitizerGuard

A comparison against a list of constants, acting as a sanitizer guard for guardedExpr by restricting it to a known value.