From 4f7733c51eb1b47a162710e0a2dfbc35b64ed3cc Mon Sep 17 00:00:00 2001 From: Vinayak Goyal Date: Sat, 12 Dec 2020 16:49:53 -0800 Subject: [PATCH 1/5] If a ssa.TypeAssert instruction does not have CommaOk and the AssertedType is a source then, create a Source. --- go.sum | 1 + .../example.com/tests/typeassert/assertion_inference_tests.go | 2 +- .../levee/testdata/src/example.com/tests/typeassert/tests.go | 2 +- internal/pkg/source/source.go | 4 ++++ 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/go.sum b/go.sum index 269efb6a..62bb10da 100644 --- a/go.sum +++ b/go.sum @@ -18,6 +18,7 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200416214402-fc959738d646 h1:7CEkhBsBejkW845gR1AmglqMfc1yGzn42FBmtM4jxyM= golang.org/x/tools v0.0.0-20200416214402-fc959738d646/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20201211185031-d93e913c1a58 h1:1Bs6RVeBFtLZ8Yi1Hk07DiOqzvwLD/4hln4iahvFlag= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= diff --git a/internal/pkg/levee/testdata/src/example.com/tests/typeassert/assertion_inference_tests.go b/internal/pkg/levee/testdata/src/example.com/tests/typeassert/assertion_inference_tests.go index 722595ee..e937a1b8 100644 --- a/internal/pkg/levee/testdata/src/example.com/tests/typeassert/assertion_inference_tests.go +++ b/internal/pkg/levee/testdata/src/example.com/tests/typeassert/assertion_inference_tests.go @@ -51,7 +51,7 @@ func TestPanicTypeAssertSource(i interface{}) { s := i.(core.Source) _ = s // The dominating type assertion would panic if i were not a source type. - core.Sink(i) // TODO(210) want "a source has reached a sink" + core.Sink(i) // want "a source has reached a sink" } func TestPanicTypeAssertInnocuous(i interface{}) { diff --git a/internal/pkg/levee/testdata/src/example.com/tests/typeassert/tests.go b/internal/pkg/levee/testdata/src/example.com/tests/typeassert/tests.go index 583bea04..48863e28 100644 --- a/internal/pkg/levee/testdata/src/example.com/tests/typeassert/tests.go +++ b/internal/pkg/levee/testdata/src/example.com/tests/typeassert/tests.go @@ -30,7 +30,7 @@ func TestSourcePointerAssertedFromTaintedEface(s *core.Source) { func TestSourcePointerAssertedFromParameterEface(e interface{}) { s := e.(*core.Source) - core.Sink(s) // TODO(#190) want "a source has reached a sink" + core.Sink(s) // want "a source has reached a sink" } func TestSourcePointerAssertedFromParameterEfaceCommaOk(e interface{}) { diff --git a/internal/pkg/source/source.go b/internal/pkg/source/source.go index e9207664..496d7b9b 100644 --- a/internal/pkg/source/source.go +++ b/internal/pkg/source/source.go @@ -134,6 +134,10 @@ func sourcesFromBlocks(fn *ssa.Function, conf Classifier, taggedFields fieldtags if isProducedBySanitizer(v.(ssa.Value), conf) { continue } + case *ssa.TypeAssert: + if !v.CommaOk && IsSourceType(conf, taggedFields, v.AssertedType) { + sources = append(sources, New(v)) + } // An Extract is used to obtain a value from an instruction that returns multiple values. // If the Extract is used to get a Pointer, create a Source, otherwise the Source won't From 7cf8cf4d92354fcc48db6ae9dbdc55507efa7b83 Mon Sep 17 00:00:00 2001 From: Vinayak Goyal Date: Sat, 12 Dec 2020 17:12:03 -0800 Subject: [PATCH 2/5] go mod tidy --- go.sum | 1 - 1 file changed, 1 deletion(-) diff --git a/go.sum b/go.sum index 62bb10da..269efb6a 100644 --- a/go.sum +++ b/go.sum @@ -18,7 +18,6 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200416214402-fc959738d646 h1:7CEkhBsBejkW845gR1AmglqMfc1yGzn42FBmtM4jxyM= golang.org/x/tools v0.0.0-20200416214402-fc959738d646/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20201211185031-d93e913c1a58 h1:1Bs6RVeBFtLZ8Yi1Hk07DiOqzvwLD/4hln4iahvFlag= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= From cee3112e1310c00bd8382a0b71fd597280c73b55 Mon Sep 17 00:00:00 2001 From: Vinayak Goyal Date: Mon, 14 Dec 2020 11:06:45 -0800 Subject: [PATCH 3/5] Fixed spacing. --- internal/pkg/source/source.go | 1 + 1 file changed, 1 insertion(+) diff --git a/internal/pkg/source/source.go b/internal/pkg/source/source.go index 496d7b9b..402782e0 100644 --- a/internal/pkg/source/source.go +++ b/internal/pkg/source/source.go @@ -134,6 +134,7 @@ func sourcesFromBlocks(fn *ssa.Function, conf Classifier, taggedFields fieldtags if isProducedBySanitizer(v.(ssa.Value), conf) { continue } + case *ssa.TypeAssert: if !v.CommaOk && IsSourceType(conf, taggedFields, v.AssertedType) { sources = append(sources, New(v)) From 025b9076bc9575f5f43524bcb98ca88075085d52 Mon Sep 17 00:00:00 2001 From: Vinayak Goyal Date: Mon, 14 Dec 2020 11:15:54 -0800 Subject: [PATCH 4/5] Added comments explaining why we need the case for ssa.TypeAssert. --- internal/pkg/source/source.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/internal/pkg/source/source.go b/internal/pkg/source/source.go index 402782e0..8638e8fd 100644 --- a/internal/pkg/source/source.go +++ b/internal/pkg/source/source.go @@ -134,7 +134,9 @@ func sourcesFromBlocks(fn *ssa.Function, conf Classifier, taggedFields fieldtags if isProducedBySanitizer(v.(ssa.Value), conf) { continue } - + // A panicky type assert like s := e.(*core.Source) does not result in ssa.Extract + // so we need to create a source if the type assert is panicky i.e. CommaOk is false + // and the type being asserted is a source type. case *ssa.TypeAssert: if !v.CommaOk && IsSourceType(conf, taggedFields, v.AssertedType) { sources = append(sources, New(v)) From 45f83d890f3cd347f0f68dd3dee72364bbc61f6e Mon Sep 17 00:00:00 2001 From: Vinayak Goyal Date: Mon, 14 Dec 2020 11:18:15 -0800 Subject: [PATCH 5/5] Fix spacing again. --- internal/pkg/source/source.go | 1 + 1 file changed, 1 insertion(+) diff --git a/internal/pkg/source/source.go b/internal/pkg/source/source.go index 8638e8fd..544bdabc 100644 --- a/internal/pkg/source/source.go +++ b/internal/pkg/source/source.go @@ -134,6 +134,7 @@ func sourcesFromBlocks(fn *ssa.Function, conf Classifier, taggedFields fieldtags if isProducedBySanitizer(v.(ssa.Value), conf) { continue } + // A panicky type assert like s := e.(*core.Source) does not result in ssa.Extract // so we need to create a source if the type assert is panicky i.e. CommaOk is false // and the type being asserted is a source type.