Skip to content

Commit 73227f1

Browse files
smowtonsmowton
authored
Merge pull request github#539 from gagliardetto/fiber
Add web framework: github.com/gofiber/fiber
2 parents cd1e14e + d252d60 commit 73227f1

24 files changed

+2486
-0
lines changed

ql/src/experimental/frameworks/Fiber.json

+1,027
Large diffs are not rendered by default.

ql/src/experimental/frameworks/Fiber.qll

+400
Large diffs are not rendered by default.

ql/test/experimental/frameworks/Fiber/HeaderWrite.expected

Whitespace-only changes.

ql/test/experimental/frameworks/Fiber/HeaderWrite.go

+29
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

ql/test/experimental/frameworks/Fiber/HeaderWrite.ql

+55
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,55 @@
1+
import go
2+
import TestUtilities.InlineExpectationsTest
3+
import experimental.frameworks.Fiber
4+
5+
class HttpHeaderWriteTest extends InlineExpectationsTest {
6+
HttpHeaderWriteTest() { this = "HttpHeaderWriteTest" }
7+
8+
override string getARelevantTag() {
9+
result = ["headerKeyNode", "headerValNode", "headerKey", "headerVal"]
10+
}
11+
12+
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
13+
// Dynamic key-value header:
14+
exists(HTTP::HeaderWrite hw |
15+
hw.hasLocationInfo(file, line, _, _, _) and
16+
(
17+
element = hw.getName().toString() and
18+
value = hw.getName().toString() and
19+
tag = "headerKeyNode"
20+
or
21+
element = hw.getValue().toString() and
22+
value = hw.getValue().toString() and
23+
tag = "headerValNode"
24+
)
25+
)
26+
or
27+
// Static key, dynamic value header:
28+
exists(HTTP::HeaderWrite hw |
29+
hw.hasLocationInfo(file, line, _, _, _) and
30+
(
31+
element = hw.getHeaderName().toString() and
32+
value = hw.getHeaderName() and
33+
tag = "headerKey"
34+
or
35+
element = hw.getValue().toString() and
36+
value = hw.getValue().toString() and
37+
tag = "headerValNode"
38+
)
39+
)
40+
or
41+
// Static key, static value header:
42+
exists(HTTP::HeaderWrite hw |
43+
hw.hasLocationInfo(file, line, _, _, _) and
44+
(
45+
element = hw.getHeaderName().toString() and
46+
value = hw.getHeaderName() and
47+
tag = "headerKey"
48+
or
49+
element = hw.getHeaderValue().toString() and
50+
value = hw.getHeaderValue() and
51+
tag = "headerVal"
52+
)
53+
)
54+
}
55+
}

ql/test/experimental/frameworks/Fiber/Redirect.expected

Whitespace-only changes.

ql/test/experimental/frameworks/Fiber/Redirect.go

+21
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

ql/test/experimental/frameworks/Fiber/Redirect.ql

+18
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
import go
2+
import TestUtilities.InlineExpectationsTest
3+
import experimental.frameworks.Fiber
4+
5+
class HttpRedirectTest extends InlineExpectationsTest {
6+
HttpRedirectTest() { this = "HttpRedirectTest" }
7+
8+
override string getARelevantTag() { result = "redirectUrl" }
9+
10+
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
11+
tag = "redirectUrl" and
12+
exists(HTTP::Redirect rd |
13+
rd.hasLocationInfo(file, line, _, _, _) and
14+
element = rd.getUrl().toString() and
15+
value = rd.getUrl().toString()
16+
)
17+
}
18+
}

ql/test/experimental/frameworks/Fiber/ResponseBody.expected

Whitespace-only changes.

ql/test/experimental/frameworks/Fiber/ResponseBody.go

+73
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

ql/test/experimental/frameworks/Fiber/ResponseBody.ql

+24
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
import go
2+
import TestUtilities.InlineExpectationsTest
3+
import experimental.frameworks.Fiber
4+
5+
class HttpResponseBodyTest extends InlineExpectationsTest {
6+
HttpResponseBodyTest() { this = "HttpResponseBodyTest" }
7+
8+
override string getARelevantTag() { result = ["contentType", "responseBody"] }
9+
10+
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
11+
exists(HTTP::ResponseBody rd |
12+
rd.hasLocationInfo(file, line, _, _, _) and
13+
(
14+
element = rd.getAContentType().toString() and
15+
value = rd.getAContentType().toString() and
16+
tag = "contentType"
17+
or
18+
element = rd.toString() and
19+
value = rd.toString() and
20+
tag = "responseBody"
21+
)
22+
)
23+
}
24+
}

ql/test/experimental/frameworks/Fiber/TaintTracking.expected

Whitespace-only changes.

ql/test/experimental/frameworks/Fiber/TaintTracking.go

+106
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

ql/test/experimental/frameworks/Fiber/TaintTracking.ql

+30
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
import go
2+
import TestUtilities.InlineExpectationsTest
3+
import experimental.frameworks.Fiber
4+
5+
class Configuration extends TaintTracking::Configuration {
6+
Configuration() { this = "test-configuration" }
7+
8+
override predicate isSource(DataFlow::Node source) {
9+
exists(Function fn | fn.hasQualifiedName(_, "source") | source = fn.getACall().getResult())
10+
}
11+
12+
override predicate isSink(DataFlow::Node sink) {
13+
exists(Function fn | fn.hasQualifiedName(_, "sink") | sink = fn.getACall().getAnArgument())
14+
}
15+
}
16+
17+
class TaintTrackingTest extends InlineExpectationsTest {
18+
TaintTrackingTest() { this = "TaintTrackingTest" }
19+
20+
override string getARelevantTag() { result = "taintSink" }
21+
22+
override predicate hasActualResult(string file, int line, string element, string tag, string value) {
23+
tag = "taintSink" and
24+
exists(DataFlow::Node sink | any(Configuration c).hasFlow(_, sink) |
25+
element = sink.toString() and
26+
value = "" and
27+
sink.hasLocationInfo(file, line, _, _, _)
28+
)
29+
}
30+
}

ql/test/experimental/frameworks/Fiber/UntrustedFlowSources.expected

Whitespace-only changes.

0 commit comments

Comments
 (0)