Skip to content

Commit 2f3ebfb

Browse files
egregius313egregius313
authored
Merge pull request #17205 from egregius313/egregius313/go/dataflow/models/environment
Go: Add models for environment variables
2 parents 15989ce + c2fa721 commit 2f3ebfb

File tree

19 files changed

+378
-1
lines changed

19 files changed

+378
-1
lines changed

go/ql/lib/change-notes/2024-08-12-add-environment-models.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
---
2+
category: minorAnalysis
3+
---
4+
* Local source models for reading and parsing environment variables have been added for the following libraries:
5+
- os
6+
- syscall
7+
- github.com/caarlos0/env
8+
- github.com/gobuffalo/envy
9+
- github.com/hashicorp/go-envparse
10+
- github.com/joho/godotenv
11+
- github.com/kelseyhightower/envconfig

go/ql/lib/ext/github.com.caarlos0.env.model.yml

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
extensions:
2+
- addsTo:
3+
pack: codeql/go-all
4+
extensible: sourceModel
5+
data:
6+
- ["github.com/caarlos0/env", "", False, "Parse", "", "", "Argument[0]", "environment", "manual"]
7+
- ["github.com/caarlos0/env", "", False, "ParseAs", "", "", "ReturnValue[0]", "environment", "manual"]
8+
- ["github.com/caarlos0/env", "", False, "ParseAsWithOptions", "", "", "ReturnValue[0]", "environment", "manual"]
9+
- ["github.com/caarlos0/env", "", False, "ParseWithFuncs", "", "", "Argument[0]", "environment", "manual"]
10+
- ["github.com/caarlos0/env", "", False, "ParseWithOptions", "", "", "Argument[0]", "environment", "manual"]
11+
- addsTo:
12+
pack: codeql/go-all
13+
extensible: summaryModel
14+
data:
15+
- ["github.com/caarlos0/env", "", False, "Must", "", "", "Argument[0]", "ReturnValue", "value", "manual"]
16+
- ["github.com/caarlos0/env", "", False, "ToMap", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]

go/ql/lib/ext/github.com.gobuffalo.envy.model.yml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
extensions:
2+
- addsTo:
3+
pack: codeql/go-all
4+
extensible: sourceModel
5+
data:
6+
- ["github.com/gobuffalo/envy", "", False, "Environ", "", "", "ReturnValue", "environment", "manual"]
7+
- ["github.com/gobuffalo/envy", "", False, "Get", "", "", "ReturnValue", "environment", "manual"]
8+
- ["github.com/gobuffalo/envy", "", False, "GoBin", "", "", "ReturnValue", "environment", "manual"]
9+
- ["github.com/gobuffalo/envy", "", False, "GoPath", "", "", "ReturnValue", "environment", "manual"]
10+
- ["github.com/gobuffalo/envy", "", False, "GoPaths", "", "", "ReturnValue", "environment", "manual"]
11+
- ["github.com/gobuffalo/envy", "", False, "Map", "", "", "ReturnValue", "environment", "manual"]
12+
- ["github.com/gobuffalo/envy", "", False, "MustGet", "", "", "ReturnValue[0]", "environment", "manual"]

go/ql/lib/ext/github.com.hashicorp.go-envparse.model.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
extensions:
2+
- addsTo:
3+
pack: codeql/go-all
4+
extensible: sourceModel
5+
data:
6+
- ["github.com/hashicorp/go-envparse", "", False, "Parse", "", "", "ReturnValue", "environment", "manual"]

go/ql/lib/ext/github.com.joho.godotenv.model.yml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
extensions:
2+
- addsTo:
3+
pack: codeql/go-all
4+
extensible: sourceModel
5+
data:
6+
- ["github.com/joho/godotenv", "", False, "Parse", "", "", "ReturnValue", "environment", "manual"]
7+
- ["github.com/joho/godotenv", "", False, "Read", "", "", "ReturnValue", "environment", "manual"]
8+
- ["github.com/joho/godotenv", "", False, "Unmarshal", "", "", "ReturnValue", "environment", "manual"]
9+
- ["github.com/joho/godotenv", "", False, "UnmarshalBytes", "", "", "ReturnValue", "environment", "manual"]

go/ql/lib/ext/github.com.kelseyhightower.envconfig.model.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
extensions:
2+
- addsTo:
3+
pack: codeql/go-all
4+
extensible: sourceModel
5+
data:
6+
- ["github.com/kelseyhightower/envconfig", "", False, "CheckDisallowed", "", "", "Argument[1]", "environment", "manual"]
7+
- ["github.com/kelseyhightower/envconfig", "", False, "MustProcess", "", "", "Argument[1]", "environment", "manual"]
8+
- ["github.com/kelseyhightower/envconfig", "", False, "Process", "", "", "Argument[1]", "environment", "manual"]
9+
- ["github.com/kelseyhightower/envconfig", "", False, "Usage", "", "", "Argument[1]", "environment", "manual"]
10+
- ["github.com/kelseyhightower/envconfig", "", False, "Usagef", "", "", "Argument[1]", "environment", "manual"]
11+
- ["github.com/kelseyhightower/envconfig", "", False, "Usaget", "", "", "Argument[1]", "environment", "manual"]

go/ql/lib/ext/os.model.yml

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,13 @@ extensions:
4646
pack: codeql/go-all
4747
extensible: sourceModel
4848
data:
49+
- ["os", "", False, "Environ", "", "", "ReturnValue", "environment", "manual"] # TODO: when sources can have access paths, use .ArrayElement
50+
- ["os", "", False, "ExpandEnv", "", "", "ReturnValue", "environment", "manual"]
51+
- ["os", "", False, "Getenv", "", "", "ReturnValue", "environment", "manual"]
52+
- ["os", "", False, "LookupEnv", "", "", "ReturnValue[0]", "environment", "manual"]
4953
- ["os", "", False, "Open", "", "", "ReturnValue[0]", "file", "manual"]
5054
- ["os", "", False, "OpenFile", "", "", "ReturnValue[0]", "file", "manual"]
51-
- ["os", "", False, "ReadFile", "", "", "ReturnValue[0]", "file", "manual"]
55+
- ["os", "", False, "ReadFile", "", "", "ReturnValue[0]", "file", "manual"]
56+
- ["os", "", False, "UserCacheDir", "", "", "ReturnValue[0]", "environment", "manual"]
57+
- ["os", "", False, "UserConfigDir", "", "", "ReturnValue[0]", "environment", "manual"]
58+
- ["os", "", False, "UserHomeDir", "", "", "ReturnValue[0]", "environment", "manual"]

go/ql/lib/ext/syscall.model.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,3 +20,9 @@ extensions:
2020
- ["syscall", "Conn", True, "SyscallConn", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
2121
- ["syscall", "RawConn", True, "Read", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
2222
- ["syscall", "RawConn", True, "Write", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"]
23+
- addsTo:
24+
pack: codeql/go-all
25+
extensible: sourceModel
26+
data:
27+
- ["syscall", "", False, "Environ", "", "", "ReturnValue", "environment", "manual"]
28+
- ["syscall", "", False, "Getenv", "", "", "ReturnValue[0]", "environment", "manual"]

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/environment/go.mod

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
module test
2+
3+
go 1.22.5
4+
5+
require (
6+
github.com/hashicorp/go-envparse v0.1.0
7+
github.com/joho/godotenv v1.5.1
8+
github.com/kelseyhightower/envconfig v1.4.0
9+
)

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/environment/test.expected

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
testFailures
2+
invalidModelRow
3+
failures

0 commit comments

Comments
 (0)