Skip to content
This repository was archived by the owner on Jan 5, 2023. It is now read-only.

Go: Add Log Injection query (CWE-117) #609

Merged
atorralba merged 5 commits into from
Nov 24, 2021
Merged

Go: Add Log Injection query (CWE-117) #609

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
c886d10
Add Log Injection query
atorralba Nov 19, 2021
d4a20f1
Autoformat
atorralba Nov 19, 2021
c9332cd
Fix *Depth log levels in glog and klog
atorralba Nov 22, 2021
f2017b6
Fix stubs
atorralba Nov 22, 2021
cc8d9bd
Update ql/src/Security/CWE-117/LogInjection.qhelp
atorralba Nov 24, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Fix *Depth log levels in glog and klog
  • Loading branch information
@atorralba
atorralba committed Nov 22, 2021
commit c9332cdccb2523567979a23fafcab300933fd522
15 changes: 12 additions & 3 deletions ql/lib/semmle/go/frameworks/Glog.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,17 @@ import go
*/
module Glog {
private class GlogCall extends LoggerCall::Range, DataFlow::CallNode {
int firstPrintedArg;

GlogCall() {
exists(string pkg, Function f, string fn |
exists(string pkg, Function f, string fn, string level |
pkg = package(["github.com/golang/glog", "gopkg.in/glog", "k8s.io/klog"], "") and
fn.regexpMatch("(Error|Exit|Fatal|Info|Warning)(|f|ln|Depth)") and
level = ["Error", "Exit", "Fatal", "Info", "Warning"] and
(
fn = level + ["", "f", "ln"] and firstPrintedArg = 0
or
fn = level + "Depth" and firstPrintedArg = 1
) and
this = f.getACall()
|
f.hasQualifiedName(pkg, fn)
Expand All @@ -23,6 +30,8 @@ module Glog {
)
}

override DataFlow::Node getAMessageComponent() { result = this.getAnArgument() }
override DataFlow::Node getAMessageComponent() {
result = this.getArgument(any(int i | i >= firstPrintedArg))
}
}
}
20 changes: 10 additions & 10 deletions ql/test/library-tests/semmle/go/concepts/LoggerCall/glog.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,44 +10,44 @@ import (

func glogTest() {
glog.Error(text) // $ logger=text
glog.ErrorDepth(0, text) // $ MISSING: logger=text
glog.ErrorDepth(0, text) // $ logger=text
glog.Errorf(fmt, text) // $ logger=fmt logger=text
glog.Errorln(text) // $ logger=text
glog.Exit(text) // $ logger=text
glog.ExitDepth(0, text) // $ MISSING: logger=text
glog.ExitDepth(0, text) // $ logger=text
glog.Exitf(fmt, text) // $ logger=fmt logger=text
glog.Exitln(text) // $ logger=text
glog.Fatal(text) // $ logger=text
glog.FatalDepth(0, text) // $ MISSING: logger=text
glog.FatalDepth(0, text) // $ logger=text
glog.Fatalf(fmt, text) // $ logger=fmt logger=text
glog.Fatalln(text) // $ logger=text
glog.Info(text) // $ logger=text
glog.InfoDepth(0, text) // $ MISSING: logger=text
glog.InfoDepth(0, text) // $ logger=text
glog.Infof(fmt, text) // $ logger=fmt logger=text
glog.Infoln(text) // $ logger=text
glog.Warning(text) // $ logger=text
glog.WarningDepth(0, text) // $ MISSING: logger=text
glog.WarningDepth(0, text) // $ logger=text
glog.Warningf(fmt, text) // $ logger=fmt logger=text
glog.Warningln(text) // $ logger=text

klog.Error(text) // $ logger=text
klog.ErrorDepth(0, text) // $ MISSING: logger=text
klog.ErrorDepth(0, text) // $ logger=text
klog.Errorf(fmt, text) // $ logger=fmt logger=text
klog.Errorln(text) // $ logger=text
klog.Exit(text) // $ logger=text
klog.ExitDepth(0, text) // $ MISSING: logger=text
klog.ExitDepth(0, text) // $ logger=text
klog.Exitf(fmt, text) // $ logger=fmt logger=text
klog.Exitln(text) // $ logger=text
klog.Fatal(text) // $ logger=text
klog.FatalDepth(0, text) // $ MISSING: logger=text
klog.FatalDepth(0, text) // $ logger=text
klog.Fatalf(fmt, text) // $ logger=fmt logger=text
klog.Fatalln(text) // $ logger=text
klog.Info(text) // $ logger=text
klog.InfoDepth(0, text) // $ MISSING: logger=text
klog.InfoDepth(0, text) // $ logger=text
klog.Infof(fmt, text) // $ logger=fmt logger=text
klog.Infoln(text) // $ logger=text
klog.Warning(text) // $ logger=text
klog.WarningDepth(0, text) // $ MISSING: logger=text
klog.WarningDepth(0, text) // $ logger=text
klog.Warningf(fmt, text) // $ logger=fmt logger=text
klog.Warningln(text) // $ logger=text
}
70 changes: 35 additions & 35 deletions ql/test/query-tests/Security/CWE-117/LogInjection.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,25 +77,25 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
// k8s.io/klog
{
verbose := klog.V(0)
verbose.Info(username) // $ hasTaintFlow="username"
verbose.Infof(username) // $ hasTaintFlow="username"
verbose.Infoln(username) // $ hasTaintFlow="username"
klog.Info(username) // $ hasTaintFlow="username"
klog.InfoDepth(username) // $ hasTaintFlow="username"
klog.Infof(username) // $ hasTaintFlow="username"
klog.Infoln(username) // $ hasTaintFlow="username"
klog.Error(username) // $ hasTaintFlow="username"
klog.ErrorDepth(username) // $ hasTaintFlow="username"
klog.Errorf(username) // $ hasTaintFlow="username"
klog.Errorln(username) // $ hasTaintFlow="username"
klog.Fatal(username) // $ hasTaintFlow="username"
klog.FatalDepth(username) // $ hasTaintFlow="username"
klog.Fatalf(username) // $ hasTaintFlow="username"
klog.Fatalln(username) // $ hasTaintFlow="username"
klog.Exit(username) // $ hasTaintFlow="username"
klog.ExitDepth(username) // $ hasTaintFlow="username"
klog.Exitf(username) // $ hasTaintFlow="username"
klog.Exitln(username) // $ hasTaintFlow="username"
verbose.Info(username) // $ hasTaintFlow="username"
verbose.Infof(username) // $ hasTaintFlow="username"
verbose.Infoln(username) // $ hasTaintFlow="username"
klog.Info(username) // $ hasTaintFlow="username"
klog.InfoDepth(0, username) // $ hasTaintFlow="username"
klog.Infof(username) // $ hasTaintFlow="username"
klog.Infoln(username) // $ hasTaintFlow="username"
klog.Error(username) // $ hasTaintFlow="username"
klog.ErrorDepth(0, username) // $ hasTaintFlow="username"
klog.Errorf(username) // $ hasTaintFlow="username"
klog.Errorln(username) // $ hasTaintFlow="username"
klog.Fatal(username) // $ hasTaintFlow="username"
klog.FatalDepth(0, username) // $ hasTaintFlow="username"
klog.Fatalf(username) // $ hasTaintFlow="username"
klog.Fatalln(username) // $ hasTaintFlow="username"
klog.Exit(username) // $ hasTaintFlow="username"
klog.ExitDepth(0, username) // $ hasTaintFlow="username"
klog.Exitf(username) // $ hasTaintFlow="username"
klog.Exitln(username) // $ hasTaintFlow="username"
}
// astaxie/beego
{
Expand Down Expand Up @@ -152,22 +152,22 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
verbose.Infof(username) // $ hasTaintFlow="username"
verbose.Infoln(username) // $ hasTaintFlow="username"

glog.Info(username) // $ hasTaintFlow="username"
glog.InfoDepth(username) // $ hasTaintFlow="username"
glog.Infof(username) // $ hasTaintFlow="username"
glog.Infoln(username) // $ hasTaintFlow="username"
glog.Error(username) // $ hasTaintFlow="username"
glog.ErrorDepth(username) // $ hasTaintFlow="username"
glog.Errorf(username) // $ hasTaintFlow="username"
glog.Errorln(username) // $ hasTaintFlow="username"
glog.Fatal(username) // $ hasTaintFlow="username"
glog.FatalDepth(username) // $ hasTaintFlow="username"
glog.Fatalf(username) // $ hasTaintFlow="username"
glog.Fatalln(username) // $ hasTaintFlow="username"
glog.Exit(username) // $ hasTaintFlow="username"
glog.ExitDepth(username) // $ hasTaintFlow="username"
glog.Exitf(username) // $ hasTaintFlow="username"
glog.Exitln(username) // $ hasTaintFlow="username"
glog.Info(username) // $ hasTaintFlow="username"
glog.InfoDepth(0, username) // $ hasTaintFlow="username"
glog.Infof(username) // $ hasTaintFlow="username"
glog.Infoln(username) // $ hasTaintFlow="username"
glog.Error(username) // $ hasTaintFlow="username"
glog.ErrorDepth(0, username) // $ hasTaintFlow="username"
glog.Errorf(username) // $ hasTaintFlow="username"
glog.Errorln(username) // $ hasTaintFlow="username"
glog.Fatal(username) // $ hasTaintFlow="username"
glog.FatalDepth(0, username) // $ hasTaintFlow="username"
glog.Fatalf(username) // $ hasTaintFlow="username"
glog.Fatalln(username) // $ hasTaintFlow="username"
glog.Exit(username) // $ hasTaintFlow="username"
glog.ExitDepth(0, username) // $ hasTaintFlow="username"
glog.Exitf(username) // $ hasTaintFlow="username"
glog.Exitln(username) // $ hasTaintFlow="username"

}
// sirupsen/logrus
Expand Down