Created
May 2, 2020 05:37
-
-
Save abhisek/53c3455f9e9fef5bd0a26fed689a69a4 to your computer and use it in GitHub Desktop.
CodeQL query to find integer casting issues
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import go | |
| import semmle.go.dataflow.DataFlow | |
| import semmle.go.dataflow.TaintTracking | |
| class IntegerSource extends Function { | |
| IntegerSource() { | |
| this.hasQualifiedName("strconv", "Atoi") or | |
| this.hasQualifiedName("strconv", "ParseInt") | |
| } | |
| } | |
| class IntegerDownCastingConfig extends TaintTracking::Configuration { | |
| IntegerDownCastingConfig() { this = "IntegerDownCastingConfig" } | |
| override predicate isSource(DataFlow::Node source) { | |
| exists(IntegerSource f | | |
| source.asExpr() = f.getACall().asExpr() | |
| ) | |
| } | |
| override predicate isSink(DataFlow::Node sink) { | |
| exists(ConversionExpr expr | | |
| // expr.mayHaveSideEffects() and | |
| expr.getOperand() = sink.asExpr() | |
| ) | |
| } | |
| } | |
| from IntegerDownCastingConfig cfg, DataFlow::PathNode source, DataFlow::PathNode sink | |
| where cfg.hasFlowPath(source, sink) | |
| select sink, source, sink |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment