fix #9097

cokeBeer · cokeBeer · commit 2b51b4206ec5 · 2022-05-11T11:22:23.000+08:00
diff --git a/ql/lib/semmle/go/frameworks/Beego.qll b/ql/lib/semmle/go/frameworks/Beego.qll
@@ -12,8 +12,17 @@ private import semmle.go.security.SafeUrlFlowCustomizations
  * from the [Beego](https://github.com/beego/beego) package.
  */
 module Beego {
-  /** Gets the module path `github.com/astaxie/beego` or `github.com/beego/beego`. */
-  string modulePath() { result = ["github.com/astaxie/beego", "github.com/beego/beego"] }
+  /** 
+   * Gets the module path `github.com/astaxie/beego` or `github.com/beego/beego` 
+   * or `github.com/beego/beego/v2/server/web`. 
+   */
+  string modulePath() { 
+    result = 
+    [
+      "github.com/astaxie/beego", "github.com/beego/beego",
+      "github.com/beego/beego/v2/server/web"
+    ] 
+  }
 
   /** Gets the path for the root package of beego. */
   string packagePath() { result = package(modulePath(), "") }
diff --git a/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll b/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
@@ -29,7 +29,7 @@ module NetHttp {
     UserControlledRequestField() {
       exists(string fieldName | this.getField().hasQualifiedName("net/http", "Request", fieldName) |
         fieldName =
-          ["Body", "GetBody", "Form", "PostForm", "MultipartForm", "Header", "Trailer", "URL"]
+          ["Body", "GetBody", "Form", "PostForm", "MultipartForm", "Header", "Trailer", "URL", "Host"]
       )
     }
   }

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ module NetHttp {`
`29`	`29`	`UserControlledRequestField() {`
`30`	`30`	`exists(string fieldName \| this.getField().hasQualifiedName("net/http", "Request", fieldName) \|`
`31`	`31`	`fieldName =`
`32`		`- ["Body", "GetBody", "Form", "PostForm", "MultipartForm", "Header", "Trailer", "URL"]`
	`32`	`+ ["Body", "GetBody", "Form", "PostForm", "MultipartForm", "Header", "Trailer", "URL", "Host"]`
`33`	`33`	`)`
`34`	`34`	`}`
`35`	`35`	`}`