Skip to content

Commit 9960d11

Browse files
committed
added RequestBody source to Beego framework
1 parent a856bc8 commit 9960d11

File tree

6 files changed

+403
-379
lines changed

6 files changed

+403
-379
lines changed

go/ql/lib/semmle/go/frameworks/Beego.qll

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -103,6 +103,17 @@ module Beego {
103103
}
104104
}
105105

106+
/**
107+
* `BeegoInputRequestBody` sources of untrusted data.
108+
*/
109+
private class BeegoInputRequestBodySource extends UntrustedFlowSource::Range {
110+
BeegoInputRequestBodySource() {
111+
exists(DataFlow::FieldReadNode frn | this = frn |
112+
frn.getField().hasQualifiedName(contextPackagePath(), "BeegoInput", "RequestBody")
113+
)
114+
}
115+
}
116+
106117
/**
107118
* `beego/context.Context` sources of untrusted data.
108119
*/
Lines changed: 66 additions & 66 deletions
Original file line numberDiff line numberDiff line change
@@ -1,72 +1,72 @@
11
edges
22
nodes
3-
| test.go:147:14:147:21 | password | semmle.label | password |
4-
| test.go:148:17:148:24 | password | semmle.label | password |
5-
| test.go:149:14:149:21 | password | semmle.label | password |
6-
| test.go:150:18:150:25 | password | semmle.label | password |
7-
| test.go:151:14:151:21 | password | semmle.label | password |
8-
| test.go:152:13:152:20 | password | semmle.label | password |
9-
| test.go:153:22:153:29 | password | semmle.label | password |
10-
| test.go:154:15:154:22 | password | semmle.label | password |
11-
| test.go:155:14:155:21 | password | semmle.label | password |
12-
| test.go:156:13:156:20 | password | semmle.label | password |
13-
| test.go:157:16:157:23 | password | semmle.label | password |
14-
| test.go:158:13:158:20 | password | semmle.label | password |
15-
| test.go:159:16:159:23 | password | semmle.label | password |
16-
| test.go:160:13:160:20 | password | semmle.label | password |
17-
| test.go:161:17:161:24 | password | semmle.label | password |
18-
| test.go:162:13:162:20 | password | semmle.label | password |
19-
| test.go:163:12:163:19 | password | semmle.label | password |
20-
| test.go:164:21:164:28 | password | semmle.label | password |
21-
| test.go:165:14:165:21 | password | semmle.label | password |
22-
| test.go:166:13:166:20 | password | semmle.label | password |
23-
| test.go:167:12:167:19 | password | semmle.label | password |
24-
| test.go:168:15:168:22 | password | semmle.label | password |
3+
| test.go:148:14:148:21 | password | semmle.label | password |
4+
| test.go:149:17:149:24 | password | semmle.label | password |
5+
| test.go:150:14:150:21 | password | semmle.label | password |
6+
| test.go:151:18:151:25 | password | semmle.label | password |
7+
| test.go:152:14:152:21 | password | semmle.label | password |
8+
| test.go:153:13:153:20 | password | semmle.label | password |
9+
| test.go:154:22:154:29 | password | semmle.label | password |
10+
| test.go:155:15:155:22 | password | semmle.label | password |
11+
| test.go:156:14:156:21 | password | semmle.label | password |
12+
| test.go:157:13:157:20 | password | semmle.label | password |
13+
| test.go:158:16:158:23 | password | semmle.label | password |
14+
| test.go:159:13:159:20 | password | semmle.label | password |
15+
| test.go:160:16:160:23 | password | semmle.label | password |
16+
| test.go:161:13:161:20 | password | semmle.label | password |
17+
| test.go:162:17:162:24 | password | semmle.label | password |
18+
| test.go:163:13:163:20 | password | semmle.label | password |
19+
| test.go:164:12:164:19 | password | semmle.label | password |
20+
| test.go:165:21:165:28 | password | semmle.label | password |
21+
| test.go:166:14:166:21 | password | semmle.label | password |
22+
| test.go:167:13:167:20 | password | semmle.label | password |
23+
| test.go:168:12:168:19 | password | semmle.label | password |
2524
| test.go:169:15:169:22 | password | semmle.label | password |
26-
| test.go:170:18:170:25 | password | semmle.label | password |
27-
| test.go:171:15:171:22 | password | semmle.label | password |
28-
| test.go:172:19:172:26 | password | semmle.label | password |
29-
| test.go:173:15:173:22 | password | semmle.label | password |
30-
| test.go:174:14:174:21 | password | semmle.label | password |
31-
| test.go:175:23:175:30 | password | semmle.label | password |
32-
| test.go:176:16:176:23 | password | semmle.label | password |
33-
| test.go:177:15:177:22 | password | semmle.label | password |
34-
| test.go:178:14:178:21 | password | semmle.label | password |
35-
| test.go:179:17:179:24 | password | semmle.label | password |
36-
| test.go:180:16:180:23 | password | semmle.label | password |
25+
| test.go:170:15:170:22 | password | semmle.label | password |
26+
| test.go:171:18:171:25 | password | semmle.label | password |
27+
| test.go:172:15:172:22 | password | semmle.label | password |
28+
| test.go:173:19:173:26 | password | semmle.label | password |
29+
| test.go:174:15:174:22 | password | semmle.label | password |
30+
| test.go:175:14:175:21 | password | semmle.label | password |
31+
| test.go:176:23:176:30 | password | semmle.label | password |
32+
| test.go:177:16:177:23 | password | semmle.label | password |
33+
| test.go:178:15:178:22 | password | semmle.label | password |
34+
| test.go:179:14:179:21 | password | semmle.label | password |
35+
| test.go:180:17:180:24 | password | semmle.label | password |
36+
| test.go:181:16:181:23 | password | semmle.label | password |
3737
subpaths
3838
#select
39-
| test.go:147:14:147:21 | password | test.go:147:14:147:21 | password | test.go:147:14:147:21 | password | $@ flows to a logging call. | test.go:147:14:147:21 | password | Sensitive data returned by an access to password |
40-
| test.go:148:17:148:24 | password | test.go:148:17:148:24 | password | test.go:148:17:148:24 | password | $@ flows to a logging call. | test.go:148:17:148:24 | password | Sensitive data returned by an access to password |
41-
| test.go:149:14:149:21 | password | test.go:149:14:149:21 | password | test.go:149:14:149:21 | password | $@ flows to a logging call. | test.go:149:14:149:21 | password | Sensitive data returned by an access to password |
42-
| test.go:150:18:150:25 | password | test.go:150:18:150:25 | password | test.go:150:18:150:25 | password | $@ flows to a logging call. | test.go:150:18:150:25 | password | Sensitive data returned by an access to password |
43-
| test.go:151:14:151:21 | password | test.go:151:14:151:21 | password | test.go:151:14:151:21 | password | $@ flows to a logging call. | test.go:151:14:151:21 | password | Sensitive data returned by an access to password |
44-
| test.go:152:13:152:20 | password | test.go:152:13:152:20 | password | test.go:152:13:152:20 | password | $@ flows to a logging call. | test.go:152:13:152:20 | password | Sensitive data returned by an access to password |
45-
| test.go:153:22:153:29 | password | test.go:153:22:153:29 | password | test.go:153:22:153:29 | password | $@ flows to a logging call. | test.go:153:22:153:29 | password | Sensitive data returned by an access to password |
46-
| test.go:154:15:154:22 | password | test.go:154:15:154:22 | password | test.go:154:15:154:22 | password | $@ flows to a logging call. | test.go:154:15:154:22 | password | Sensitive data returned by an access to password |
47-
| test.go:155:14:155:21 | password | test.go:155:14:155:21 | password | test.go:155:14:155:21 | password | $@ flows to a logging call. | test.go:155:14:155:21 | password | Sensitive data returned by an access to password |
48-
| test.go:156:13:156:20 | password | test.go:156:13:156:20 | password | test.go:156:13:156:20 | password | $@ flows to a logging call. | test.go:156:13:156:20 | password | Sensitive data returned by an access to password |
49-
| test.go:157:16:157:23 | password | test.go:157:16:157:23 | password | test.go:157:16:157:23 | password | $@ flows to a logging call. | test.go:157:16:157:23 | password | Sensitive data returned by an access to password |
50-
| test.go:158:13:158:20 | password | test.go:158:13:158:20 | password | test.go:158:13:158:20 | password | $@ flows to a logging call. | test.go:158:13:158:20 | password | Sensitive data returned by an access to password |
51-
| test.go:159:16:159:23 | password | test.go:159:16:159:23 | password | test.go:159:16:159:23 | password | $@ flows to a logging call. | test.go:159:16:159:23 | password | Sensitive data returned by an access to password |
52-
| test.go:160:13:160:20 | password | test.go:160:13:160:20 | password | test.go:160:13:160:20 | password | $@ flows to a logging call. | test.go:160:13:160:20 | password | Sensitive data returned by an access to password |
53-
| test.go:161:17:161:24 | password | test.go:161:17:161:24 | password | test.go:161:17:161:24 | password | $@ flows to a logging call. | test.go:161:17:161:24 | password | Sensitive data returned by an access to password |
54-
| test.go:162:13:162:20 | password | test.go:162:13:162:20 | password | test.go:162:13:162:20 | password | $@ flows to a logging call. | test.go:162:13:162:20 | password | Sensitive data returned by an access to password |
55-
| test.go:163:12:163:19 | password | test.go:163:12:163:19 | password | test.go:163:12:163:19 | password | $@ flows to a logging call. | test.go:163:12:163:19 | password | Sensitive data returned by an access to password |
56-
| test.go:164:21:164:28 | password | test.go:164:21:164:28 | password | test.go:164:21:164:28 | password | $@ flows to a logging call. | test.go:164:21:164:28 | password | Sensitive data returned by an access to password |
57-
| test.go:165:14:165:21 | password | test.go:165:14:165:21 | password | test.go:165:14:165:21 | password | $@ flows to a logging call. | test.go:165:14:165:21 | password | Sensitive data returned by an access to password |
58-
| test.go:166:13:166:20 | password | test.go:166:13:166:20 | password | test.go:166:13:166:20 | password | $@ flows to a logging call. | test.go:166:13:166:20 | password | Sensitive data returned by an access to password |
59-
| test.go:167:12:167:19 | password | test.go:167:12:167:19 | password | test.go:167:12:167:19 | password | $@ flows to a logging call. | test.go:167:12:167:19 | password | Sensitive data returned by an access to password |
60-
| test.go:168:15:168:22 | password | test.go:168:15:168:22 | password | test.go:168:15:168:22 | password | $@ flows to a logging call. | test.go:168:15:168:22 | password | Sensitive data returned by an access to password |
39+
| test.go:148:14:148:21 | password | test.go:148:14:148:21 | password | test.go:148:14:148:21 | password | $@ flows to a logging call. | test.go:148:14:148:21 | password | Sensitive data returned by an access to password |
40+
| test.go:149:17:149:24 | password | test.go:149:17:149:24 | password | test.go:149:17:149:24 | password | $@ flows to a logging call. | test.go:149:17:149:24 | password | Sensitive data returned by an access to password |
41+
| test.go:150:14:150:21 | password | test.go:150:14:150:21 | password | test.go:150:14:150:21 | password | $@ flows to a logging call. | test.go:150:14:150:21 | password | Sensitive data returned by an access to password |
42+
| test.go:151:18:151:25 | password | test.go:151:18:151:25 | password | test.go:151:18:151:25 | password | $@ flows to a logging call. | test.go:151:18:151:25 | password | Sensitive data returned by an access to password |
43+
| test.go:152:14:152:21 | password | test.go:152:14:152:21 | password | test.go:152:14:152:21 | password | $@ flows to a logging call. | test.go:152:14:152:21 | password | Sensitive data returned by an access to password |
44+
| test.go:153:13:153:20 | password | test.go:153:13:153:20 | password | test.go:153:13:153:20 | password | $@ flows to a logging call. | test.go:153:13:153:20 | password | Sensitive data returned by an access to password |
45+
| test.go:154:22:154:29 | password | test.go:154:22:154:29 | password | test.go:154:22:154:29 | password | $@ flows to a logging call. | test.go:154:22:154:29 | password | Sensitive data returned by an access to password |
46+
| test.go:155:15:155:22 | password | test.go:155:15:155:22 | password | test.go:155:15:155:22 | password | $@ flows to a logging call. | test.go:155:15:155:22 | password | Sensitive data returned by an access to password |
47+
| test.go:156:14:156:21 | password | test.go:156:14:156:21 | password | test.go:156:14:156:21 | password | $@ flows to a logging call. | test.go:156:14:156:21 | password | Sensitive data returned by an access to password |
48+
| test.go:157:13:157:20 | password | test.go:157:13:157:20 | password | test.go:157:13:157:20 | password | $@ flows to a logging call. | test.go:157:13:157:20 | password | Sensitive data returned by an access to password |
49+
| test.go:158:16:158:23 | password | test.go:158:16:158:23 | password | test.go:158:16:158:23 | password | $@ flows to a logging call. | test.go:158:16:158:23 | password | Sensitive data returned by an access to password |
50+
| test.go:159:13:159:20 | password | test.go:159:13:159:20 | password | test.go:159:13:159:20 | password | $@ flows to a logging call. | test.go:159:13:159:20 | password | Sensitive data returned by an access to password |
51+
| test.go:160:16:160:23 | password | test.go:160:16:160:23 | password | test.go:160:16:160:23 | password | $@ flows to a logging call. | test.go:160:16:160:23 | password | Sensitive data returned by an access to password |
52+
| test.go:161:13:161:20 | password | test.go:161:13:161:20 | password | test.go:161:13:161:20 | password | $@ flows to a logging call. | test.go:161:13:161:20 | password | Sensitive data returned by an access to password |
53+
| test.go:162:17:162:24 | password | test.go:162:17:162:24 | password | test.go:162:17:162:24 | password | $@ flows to a logging call. | test.go:162:17:162:24 | password | Sensitive data returned by an access to password |
54+
| test.go:163:13:163:20 | password | test.go:163:13:163:20 | password | test.go:163:13:163:20 | password | $@ flows to a logging call. | test.go:163:13:163:20 | password | Sensitive data returned by an access to password |
55+
| test.go:164:12:164:19 | password | test.go:164:12:164:19 | password | test.go:164:12:164:19 | password | $@ flows to a logging call. | test.go:164:12:164:19 | password | Sensitive data returned by an access to password |
56+
| test.go:165:21:165:28 | password | test.go:165:21:165:28 | password | test.go:165:21:165:28 | password | $@ flows to a logging call. | test.go:165:21:165:28 | password | Sensitive data returned by an access to password |
57+
| test.go:166:14:166:21 | password | test.go:166:14:166:21 | password | test.go:166:14:166:21 | password | $@ flows to a logging call. | test.go:166:14:166:21 | password | Sensitive data returned by an access to password |
58+
| test.go:167:13:167:20 | password | test.go:167:13:167:20 | password | test.go:167:13:167:20 | password | $@ flows to a logging call. | test.go:167:13:167:20 | password | Sensitive data returned by an access to password |
59+
| test.go:168:12:168:19 | password | test.go:168:12:168:19 | password | test.go:168:12:168:19 | password | $@ flows to a logging call. | test.go:168:12:168:19 | password | Sensitive data returned by an access to password |
6160
| test.go:169:15:169:22 | password | test.go:169:15:169:22 | password | test.go:169:15:169:22 | password | $@ flows to a logging call. | test.go:169:15:169:22 | password | Sensitive data returned by an access to password |
62-
| test.go:170:18:170:25 | password | test.go:170:18:170:25 | password | test.go:170:18:170:25 | password | $@ flows to a logging call. | test.go:170:18:170:25 | password | Sensitive data returned by an access to password |
63-
| test.go:171:15:171:22 | password | test.go:171:15:171:22 | password | test.go:171:15:171:22 | password | $@ flows to a logging call. | test.go:171:15:171:22 | password | Sensitive data returned by an access to password |
64-
| test.go:172:19:172:26 | password | test.go:172:19:172:26 | password | test.go:172:19:172:26 | password | $@ flows to a logging call. | test.go:172:19:172:26 | password | Sensitive data returned by an access to password |
65-
| test.go:173:15:173:22 | password | test.go:173:15:173:22 | password | test.go:173:15:173:22 | password | $@ flows to a logging call. | test.go:173:15:173:22 | password | Sensitive data returned by an access to password |
66-
| test.go:174:14:174:21 | password | test.go:174:14:174:21 | password | test.go:174:14:174:21 | password | $@ flows to a logging call. | test.go:174:14:174:21 | password | Sensitive data returned by an access to password |
67-
| test.go:175:23:175:30 | password | test.go:175:23:175:30 | password | test.go:175:23:175:30 | password | $@ flows to a logging call. | test.go:175:23:175:30 | password | Sensitive data returned by an access to password |
68-
| test.go:176:16:176:23 | password | test.go:176:16:176:23 | password | test.go:176:16:176:23 | password | $@ flows to a logging call. | test.go:176:16:176:23 | password | Sensitive data returned by an access to password |
69-
| test.go:177:15:177:22 | password | test.go:177:15:177:22 | password | test.go:177:15:177:22 | password | $@ flows to a logging call. | test.go:177:15:177:22 | password | Sensitive data returned by an access to password |
70-
| test.go:178:14:178:21 | password | test.go:178:14:178:21 | password | test.go:178:14:178:21 | password | $@ flows to a logging call. | test.go:178:14:178:21 | password | Sensitive data returned by an access to password |
71-
| test.go:179:17:179:24 | password | test.go:179:17:179:24 | password | test.go:179:17:179:24 | password | $@ flows to a logging call. | test.go:179:17:179:24 | password | Sensitive data returned by an access to password |
72-
| test.go:180:16:180:23 | password | test.go:180:16:180:23 | password | test.go:180:16:180:23 | password | $@ flows to a logging call. | test.go:180:16:180:23 | password | Sensitive data returned by an access to password |
61+
| test.go:170:15:170:22 | password | test.go:170:15:170:22 | password | test.go:170:15:170:22 | password | $@ flows to a logging call. | test.go:170:15:170:22 | password | Sensitive data returned by an access to password |
62+
| test.go:171:18:171:25 | password | test.go:171:18:171:25 | password | test.go:171:18:171:25 | password | $@ flows to a logging call. | test.go:171:18:171:25 | password | Sensitive data returned by an access to password |
63+
| test.go:172:15:172:22 | password | test.go:172:15:172:22 | password | test.go:172:15:172:22 | password | $@ flows to a logging call. | test.go:172:15:172:22 | password | Sensitive data returned by an access to password |
64+
| test.go:173:19:173:26 | password | test.go:173:19:173:26 | password | test.go:173:19:173:26 | password | $@ flows to a logging call. | test.go:173:19:173:26 | password | Sensitive data returned by an access to password |
65+
| test.go:174:15:174:22 | password | test.go:174:15:174:22 | password | test.go:174:15:174:22 | password | $@ flows to a logging call. | test.go:174:15:174:22 | password | Sensitive data returned by an access to password |
66+
| test.go:175:14:175:21 | password | test.go:175:14:175:21 | password | test.go:175:14:175:21 | password | $@ flows to a logging call. | test.go:175:14:175:21 | password | Sensitive data returned by an access to password |
67+
| test.go:176:23:176:30 | password | test.go:176:23:176:30 | password | test.go:176:23:176:30 | password | $@ flows to a logging call. | test.go:176:23:176:30 | password | Sensitive data returned by an access to password |
68+
| test.go:177:16:177:23 | password | test.go:177:16:177:23 | password | test.go:177:16:177:23 | password | $@ flows to a logging call. | test.go:177:16:177:23 | password | Sensitive data returned by an access to password |
69+
| test.go:178:15:178:22 | password | test.go:178:15:178:22 | password | test.go:178:15:178:22 | password | $@ flows to a logging call. | test.go:178:15:178:22 | password | Sensitive data returned by an access to password |
70+
| test.go:179:14:179:21 | password | test.go:179:14:179:21 | password | test.go:179:14:179:21 | password | $@ flows to a logging call. | test.go:179:14:179:21 | password | Sensitive data returned by an access to password |
71+
| test.go:180:17:180:24 | password | test.go:180:17:180:24 | password | test.go:180:17:180:24 | password | $@ flows to a logging call. | test.go:180:17:180:24 | password | Sensitive data returned by an access to password |
72+
| test.go:181:16:181:23 | password | test.go:181:16:181:23 | password | test.go:181:16:181:23 | password | $@ flows to a logging call. | test.go:181:16:181:23 | password | Sensitive data returned by an access to password |

0 commit comments

Comments
 (0)