Merge pull request #18108 from owen-mc/go/mad/model-slices-package

owen-mc · web-flow · commit 553bc8c13d97 · 2024-11-26T21:24:22.000Z
Go: model `slices` package (skipping functions that involve iterating over a function)
diff --git a/go/ql/lib/ext/slices.model.yml b/go/ql/lib/ext/slices.model.yml
@@ -0,0 +1,31 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: summaryModel
+    data:
+      # All should be modeled when we have a way to model iterators
+      # AppendSec should be modeled when we have a way to model iterators
+      # Backward should be modeled when we have a way to model iterators
+      # Chunk should be modeled when we have a way to model iterators
+      - ["slices", "", False, "Clip", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["slices", "", False, "Clone", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      # Collect should be modeled when we have a way to model iterators
+      - ["slices", "", False, "Compact", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["slices", "", False, "CompactFunc", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["slices", "", False, "Concat", "", "", "Argument[0].ArrayElement.ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["slices", "", False, "Delete", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["slices", "", False, "DeleteFunc", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["slices", "", False, "Grow", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["slices", "", False, "Insert", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["slices", "", False, "Insert", "", "", "Argument[2].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["slices", "", False, "Max", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
+      - ["slices", "", False, "MaxFunc", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
+      - ["slices", "", False, "Min", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
+      - ["slices", "", False, "MinFunc", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
+      - ["slices", "", False, "Repeat", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["slices", "", False, "Replace", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      - ["slices", "", False, "Replace", "", "", "Argument[3].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
+      # Sorted should be modeled when we have a way to model iterators
+      # SortedFunc should be modeled when we have a way to model iterators
+      # SortedStableFunc should be modeled when we have a way to model iterators
+      # Values should be modeled when we have a way to model iterators
diff --git a/go/ql/src/change-notes/2024-11-26-model-slices-package.md b/go/ql/src/change-notes/2024-11-26-model-slices-package.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added value flow models for functions in the `slices` package which do not involve the `iter` package.
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Slices.go b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Slices.go
@@ -0,0 +1,193 @@
+package main
+
+import (
+	"cmp"
+	"slices"
+	"strings"
+)
+
+func TaintStepTest_SlicesClip(fromStringSlice []string) []string {
+	toStringSlice := slices.Clip(fromStringSlice)
+	return toStringSlice
+}
+
+func TaintStepTest_SlicesClone(fromStringSlice []string) []string {
+	toStringSlice := slices.Clone(fromStringSlice)
+	return toStringSlice
+}
+
+func TaintStepTest_SlicesCompact(fromStringSlice []string) []string {
+	toStringSlice := slices.Compact(fromStringSlice)
+	return toStringSlice
+}
+
+func TaintStepTest_SlicesCompactFunc(fromStringSlice []string) []string {
+	toStringSlice := slices.CompactFunc(fromStringSlice, strings.EqualFold)
+	return toStringSlice
+}
+
+func TaintStepTest_SlicesConcat0(fromStringSlice []string) []string {
+	toStringSlice := slices.Concat(fromStringSlice, []string{"a", "b", "c"})
+	return toStringSlice
+}
+
+func TaintStepTest_SlicesConcat1(fromStringSlice []string) []string {
+	toStringSlice := slices.Concat([]string{"a", "b", "c"}, fromStringSlice)
+	return toStringSlice
+}
+
+func TaintStepTest_SlicesDelete(fromStringSlice []string) []string {
+	toStringSlice := slices.Delete(fromStringSlice, 0, 1)
+	return toStringSlice
+}
+
+func TaintStepTest_SlicesDeleteFunc(fromStringSlice []string) []string {
+	deleteEmptyString := func(str string) bool {
+		return str == ""
+	}
+	toStringSlice := slices.DeleteFunc(fromStringSlice, deleteEmptyString)
+	return toStringSlice
+}
+
+func TaintStepTest_SlicesGrow(fromStringSlice []string) []string {
+	toStringSlice := slices.Grow(fromStringSlice, 1)
+	return toStringSlice
+}
+
+func TaintStepTest_SlicesInsert0(fromStringSlice []string) []string {
+	toStringSlice := slices.Insert(fromStringSlice, 1, "a", "b")
+	return toStringSlice
+}
+
+func TaintStepTest_SlicesInsert2(fromString string) []string {
+	toStringSlice := slices.Insert([]string{}, 0, fromString, "b")
+	return toStringSlice
+}
+
+func TaintStepTest_SlicesMax(fromStringSlice []string) string {
+	toString := slices.Max(fromStringSlice)
+	return toString
+}
+
+func TaintStepTest_SlicesMaxFunc(fromStringSlice []string) string {
+	toString := slices.MaxFunc(fromStringSlice, cmp.Compare)
+	return toString
+}
+
+func TaintStepTest_SlicesMin(fromStringSlice []string) string {
+	toString := slices.Min(fromStringSlice)
+	return toString
+}
+
+func TaintStepTest_SlicesMinFunc(fromStringSlice []string) string {
+	toString := slices.MinFunc(fromStringSlice, cmp.Compare)
+	return toString
+}
+
+func TaintStepTest_SlicesRepeat(fromStringSlice []string) []string {
+	toStringSlice := slices.Repeat(fromStringSlice, 2)
+	return toStringSlice
+}
+
+func TaintStepTest_SlicesReplace0(fromStringSlice []string) []string {
+	toStringSlice := slices.Replace(fromStringSlice, 1, 2, "a")
+	return toStringSlice
+}
+
+func TaintStepTest_SlicesReplace3(fromString string) []string {
+	toStringSlice := slices.Replace([]string{}, 1, 3, fromString, "b")
+	return toStringSlice
+}
+
+func RunAllTaints_Slices() {
+	{
+		source := []string{newSource(0).(string)}
+		out := TaintStepTest_SlicesClip(source)
+		sink(0, out[0])
+	}
+	{
+		source := []string{newSource(1).(string)}
+		out := TaintStepTest_SlicesClone(source)
+		sink(1, out[0])
+	}
+	{
+		source := []string{newSource(2).(string)}
+		out := TaintStepTest_SlicesCompact(source)
+		sink(2, out[0])
+	}
+	{
+		source := []string{newSource(3).(string)}
+		out := TaintStepTest_SlicesCompactFunc(source)
+		sink(3, out[0])
+	}
+	{
+		source := []string{newSource(4).(string)}
+		out := TaintStepTest_SlicesConcat0(source)
+		sink(4, out[0])
+	}
+	{
+		source := []string{newSource(5).(string)}
+		out := TaintStepTest_SlicesConcat1(source)
+		sink(5, out[0])
+	}
+	{
+		source := []string{newSource(6).(string)}
+		out := TaintStepTest_SlicesDelete(source)
+		sink(6, out[0])
+	}
+	{
+		source := []string{newSource(7).(string)}
+		out := TaintStepTest_SlicesDeleteFunc(source)
+		sink(7, out[0])
+	}
+	{
+		source := []string{newSource(8).(string)}
+		out := TaintStepTest_SlicesGrow(source)
+		sink(8, out[0])
+	}
+	{
+		source := []string{newSource(9).(string)}
+		out := TaintStepTest_SlicesInsert0(source)
+		sink(9, out[0])
+	}
+	{
+		source := newSource(10).(string)
+		out := TaintStepTest_SlicesInsert2(source)
+		sink(10, out[0])
+	}
+	{
+		source := []string{newSource(11).(string)}
+		out := TaintStepTest_SlicesMax(source)
+		sink(11, out)
+	}
+	{
+		source := []string{newSource(12).(string)}
+		out := TaintStepTest_SlicesMaxFunc(source)
+		sink(12, out)
+	}
+	{
+		source := []string{newSource(13).(string)}
+		out := TaintStepTest_SlicesMin(source)
+		sink(13, out)
+	}
+	{
+		source := []string{newSource(14).(string)}
+		out := TaintStepTest_SlicesMinFunc(source)
+		sink(14, out)
+	}
+	{
+		source := []string{newSource(15).(string)}
+		out := TaintStepTest_SlicesRepeat(source)
+		sink(15, out[0])
+	}
+	{
+		source := []string{newSource(16).(string)}
+		out := TaintStepTest_SlicesReplace0(source)
+		sink(16, out[0])
+	}
+	{
+		source := newSource(17).(string)
+		out := TaintStepTest_SlicesReplace3(source)
+		sink(17, out[0])
+	}
+}
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/go.mod b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/go.mod
@@ -1,6 +1,6 @@
 module example.com/m
 
-go 1.20
+go 1.23
 
 require (
 	golang.org/x/net v0.0.0-20201010224723-4f7140c49acb
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/vendor/modules.txt
@@ -1,3 +1,3 @@
 # golang.org/x/net v0.0.0-20201010224723-4f7140c49acb
-## explicit
-golang.org/x/net
+## explicit; go 1.11
+golang.org/x/net/context

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* Added value flow models for functions in the `slices` package which do not involve the `iter` package.