Merge pull request #480 from sauyon/go116

Add preliminary support for go 1.16

Author: Sauyon Lee

.github/workflows/codeqltest.yml

@@ -7,10 +7,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
-    - name: Set up Go 1.14
+    - name: Set up Go 1.16
       uses: actions/setup-go@v1
       with:
-        go-version: 1.14
+        go-version: 1.16
       id: go
 
     - name: Set up CodeQL CLI
@@ -52,10 +52,10 @@ jobs:
     name: Test MacOS
     runs-on: macOS-latest
     steps:
-    - name: Set up Go 1.14
+    - name: Set up Go 1.16
       uses: actions/setup-go@v1
       with:
-        go-version: 1.14
+        go-version: 1.16
       id: go
 
     - name: Set up CodeQL CLI
@@ -85,10 +85,10 @@ jobs:
     name: Test Windows
     runs-on: windows-latest
     steps:
-    - name: Set up Go 1.14
+    - name: Set up Go 1.16
       uses: actions/setup-go@v1
       with:
-        go-version: 1.14
+        go-version: 1.16
       id: go
 
     - name: Set up CodeQL CLI

Makefile

@@ -115,7 +115,8 @@ ql/src/go.dbscheme.stats: ql/src/go.dbscheme build/stats/src.stamp extractor
 
 test: all build/testdb/check-upgrade-path
 	codeql test run ql/test --search-path . --consistency-queries ql/test/consistency
-	env GOARCH=386 codeql$(EXE) test run ql/test/query-tests/Security/CWE-681 --search-path . --consistency-queries ql/test/consistency
+  #	use GOOS=linux because GOOS=darwin GOARCH=386 is no longer supported
+	env GOOS=linux GOARCH=386 codeql$(EXE) test run ql/test/query-tests/Security/CWE-681 --search-path . --consistency-queries ql/test/consistency
 	cd extractor; go test -mod=vendor ./... | grep -vF "[no test files]"
 
 .PHONY: build/testdb/check-upgrade-path

change-notes/2021-02-18-go-116.md

@@ -0,0 +1,2 @@
+lgtm,codescanning
+* The extractor now supports Go 1.16 and the new `io/fs` library that was introduced.

extractor/cli/go-autobuilder/go-autobuilder.go

@@ -549,10 +549,13 @@ func main() {
 				install = exec.Command("glide", "install")
 				log.Println("Installing dependencies using `glide install`")
 			} else {
+				// explicitly set go module support
 				if depMode == GoGetWithModules {
-					// enable go modules if used
 					os.Setenv("GO111MODULE", "on")
+				} else if depMode == GoGetNoModules {
+					os.Setenv("GO111MODULE", "off")
 				}
+
 				// get dependencies
 				install = exec.Command("go", "get", "-v", "./...")
 				log.Println("Installing dependencies using `go get -v ./...`.")

go.mod

@@ -1,6 +1,6 @@
 module github.com/github/codeql-go
 
-go 1.14
+go 1.16
 
 require (
 	golang.org/x/mod v0.3.0

ql/src/semmle/go/frameworks/Stdlib.qll

@@ -40,6 +40,7 @@ import semmle.go.frameworks.stdlib.Fmt
 import semmle.go.frameworks.stdlib.Html
 import semmle.go.frameworks.stdlib.HtmlTemplate
 import semmle.go.frameworks.stdlib.Io
+import semmle.go.frameworks.stdlib.IoFs
 import semmle.go.frameworks.stdlib.IoIoutil
 import semmle.go.frameworks.stdlib.Log
 import semmle.go.frameworks.stdlib.Mime

ql/src/semmle/go/frameworks/stdlib/Io.qll

@@ -61,6 +61,14 @@ module Io {
       // signature: func WriteString(w Writer, s string) (n int, err error)
       hasQualifiedName("io", "WriteString") and
       (inp.isParameter(1) and outp.isParameter(0))
+      or
+      // signature: func NopCloser(r io.Reader) io.ReadCloser
+      hasQualifiedName("io", "NopCloser") and
+      (inp.isParameter(0) and outp.isResult())
+      or
+      // signature: func ReadAll(r io.Reader) ([]byte, error)
+      hasQualifiedName("io", "ReadAll") and
+      (inp.isParameter(0) and outp.isResult(0))
     }
 
     override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {

ql/src/semmle/go/frameworks/stdlib/IoFs.qll

@@ -0,0 +1,100 @@
+/**
+ * Provides classes modeling security-relevant aspects of the 'io/fs' package.
+ */
+
+import go
+
+/**
+ * Provides classes modeling security-relevant aspects of the 'io/fs' package.
+ */
+module IoFs {
+  /** Gets the package name `io/fs`. */
+  string packagePath() { result = "io/fs" }
+
+  private class FunctionModels extends TaintTracking::FunctionModel {
+    FunctionInput inp;
+    FunctionOutput outp;
+
+    FunctionModels() {
+      //signature: func Glob(fsys FS, pattern string) (matches []string, err error)
+      this.hasQualifiedName(packagePath(), "Glob") and
+      (inp.isParameter(0) and outp.isResult(0))
+      or
+      //signature: func ReadFile(fsys FS, name string) ([]byte, error)
+      this.hasQualifiedName(packagePath(), "ReadFile") and
+      (inp.isParameter(0) and outp.isResult(0))
+      or
+      //signature: func ReadDir(fsys FS, name string) ([]DirEntry, error)
+      this.hasQualifiedName(packagePath(), "ReadDir") and
+      (inp.isParameter(0) and outp.isResult(0))
+      or
+      //signature: func Sub(fsys FS, dir string) (FS, error)
+      this.hasQualifiedName(packagePath(), "Sub") and
+      (inp.isParameter(0) and outp.isResult(0))
+    }
+
+    override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
+      input = inp and output = outp
+    }
+  }
+
+  /**
+   * Models a step from `fs` to `path` and `d` in
+   * `fs.WalkDir(fs, "root", func(path string, d DirEntry, err error) {}`
+   */
+  private class WalkDirStep extends TaintTracking::AdditionalTaintStep {
+    override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
+      //signature: func WalkDir(fsys FS, root string, fn WalkDirFunc) error
+      exists(DataFlow::CallNode call, DataFlow::FunctionNode f |
+        call.getTarget().hasQualifiedName(packagePath(), "WalkDir") and
+        f.getASuccessor*() = call.getArgument(2)
+      |
+        pred = call.getArgument(0) and
+        succ = f.getParameter([0, 1])
+      )
+    }
+  }
+
+  private class MethodModels extends TaintTracking::FunctionModel, Method {
+    FunctionInput inp;
+    FunctionOutput outp;
+
+    MethodModels() {
+      //signature: func (DirEntry).Name() string
+      this.implements(packagePath(), "DirEntry", "Name") and
+      (inp.isReceiver() and outp.isResult())
+      or
+      //signature: func (DirEntry).Info() (FileInfo, error)
+      this.implements(packagePath(), "DirEntry", "Info") and
+      (inp.isReceiver() and outp.isResult(0))
+      or
+      //signature: func (FS).Open(name string) (File, error)
+      this.implements(packagePath(), "FS", "Open") and
+      (inp.isReceiver() and outp.isResult(0))
+      or
+      //signature: func (GlobFS).Glob(pattern string) ([]string, error)
+      this.implements(packagePath(), "GlobFS", "Glob") and
+      (inp.isReceiver() and outp.isResult(0))
+      or
+      //signature: func (ReadDirFS).ReadDir(name string) ([]DirEntry, error)
+      this.implements(packagePath(), "ReadDirFS", "ReadDir") and
+      (inp.isReceiver() and outp.isResult(0))
+      or
+      //signature: func (ReadFileFS).ReadFile(name string) ([]byte, error)
+      this.implements(packagePath(), "ReadFileFS", "ReadFile") and
+      (inp.isReceiver() and outp.isResult(0))
+      or
+      //signature: func (SubFS).Sub(dir string) (FS, error)
+      this.implements(packagePath(), "SubFS", "Sub") and
+      (inp.isReceiver() and outp.isResult(0))
+      or
+      //signature: func (File).Read([]byte) (int, error)
+      this.implements(packagePath(), "File", "Read") and
+      (inp.isReceiver() and outp.isParameter(0))
+    }
+
+    override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
+      input = inp and output = outp
+    }
+  }
+}

ql/src/semmle/go/frameworks/stdlib/Os.qll

@@ -53,6 +53,18 @@ module Os {
         fn = "Symlink" and pathidx in [0 .. 1]
         or
         fn = "Truncate" and pathidx = 0
+        or
+        fn = "DirFS" and pathidx = 0
+        or
+        fn = "ReadDir" and pathidx = 0
+        or
+        fn = "ReadFile" and pathidx = 0
+        or
+        fn = "MkdirTemp" and pathidx in [0 .. 1]
+        or
+        fn = "CreateTemp" and pathidx in [0 .. 1]
+        or
+        fn = "WriteFile" and pathidx = 0
       )
     }
 

ql/src/semmle/go/security/StoredXssCustomizations.qll

@@ -42,16 +42,13 @@ module StoredXss {
   class FileNameSource extends Source {
     FileNameSource() {
       // the second parameter to a filepath.Walk function
-      exists(DataFlow::ParameterNode prm, DataFlow::FunctionNode f, DataFlow::CallNode walkCall |
-        prm = this and
-        f.getParameter(0) = prm
-      |
-        walkCall.getTarget().hasQualifiedName("path/filepath", "Walk") and
-        walkCall.getArgument(1) = f.getASuccessor*()
+      exists(DataFlow::FunctionNode f, Function walkFn | this = f.getParameter(0) |
+        walkFn.hasQualifiedName("path/filepath", ["Walk", "WalkDir"]) and
+        walkFn.getACall().getArgument(1) = f.getASuccessor*()
       )
       or
       // A call to os.FileInfo.Name
-      exists(Method m | m.implements("os", "FileInfo", "Name") |
+      exists(Method m | m.implements("io/fs", "FileInfo", "Name") |
         m = this.(DataFlow::CallNode).getTarget()
       )
     }