Skip to content

Commit a3188f2

Browse files
author
Alvaro Muñoz
committed
address review feedback
1 parent 3502ab6 commit a3188f2

1 file changed

Lines changed: 9 additions & 14 deletions

File tree

go/ql/lib/semmle/go/frameworks/Twirp.qll

Lines changed: 9 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ import semmle.go.security.RequestForgery
77
module Twirp {
88
/**
99
* A *.pb.go file generated by Twirp.
10-
* This file will all the types representing protobuf messages and should have a companion *.twirp.go file.
10+
* This file contains all the types representing protobuf messages and should have a companion *.twirp.go file.
1111
*/
1212
class ProtobufGeneratedFile extends File {
1313
ProtobufGeneratedFile() {
@@ -77,12 +77,10 @@ module Twirp {
7777
* A Twirp client
7878
*/
7979
class ServiceClient extends NamedType {
80-
PointerType pointerType;
81-
8280
ServiceClient() {
83-
exists(ServiceInterface i |
84-
pointerType.implements(i) and
85-
this = pointerType.getBaseType() and
81+
exists(ServiceInterface i, PointerType p |
82+
p.implements(i) and
83+
this = p.getBaseType() and
8684
this.getName().toLowerCase() = i.getName().toLowerCase() + ["protobuf", "json"] + "client"
8785
)
8886
}
@@ -101,7 +99,7 @@ module Twirp {
10199
}
102100

103101
/**
104-
* Twirp function to construct a Client
102+
* A Twirp function to construct a Client
105103
*/
106104
class ClientConstructor extends Function {
107105
ClientConstructor() {
@@ -114,7 +112,7 @@ module Twirp {
114112
}
115113

116114
/**
117-
* Twirp function to construct a Server
115+
* A Twirp function to construct a Server
118116
* Its first argument should be an implementation of the service interface
119117
*/
120118
class ServerConstructor extends Function {
@@ -127,7 +125,7 @@ module Twirp {
127125
}
128126

129127
/**
130-
* SSRF sink for the Client constructor
128+
* An SSRF sink for the Client constructor
131129
*/
132130
class ClientRequestUrlAsSink extends RequestForgery::Sink {
133131
ClientRequestUrlAsSink() {
@@ -146,22 +144,19 @@ module Twirp {
146144
* A service handler
147145
*/
148146
class ServiceHandler extends Method {
149-
Method m;
150-
151147
ServiceHandler() {
152148
exists(DataFlow::CallNode call, Type handlerType, ServiceInterface i |
153149
call.getTarget() instanceof ServerConstructor and
154150
call.getArgument(0).getType() = handlerType and
155151
handlerType.implements(i) and
156152
this = handlerType.getMethod(_) and
157-
this.implements(m) and
158-
i.getNamedType().getMethod(_) = m
153+
this.implements(i.getNamedType().getMethod(_))
159154
)
160155
}
161156
}
162157

163158
/**
164-
* A request comming to the service handler
159+
* A request coming to the service handler
165160
*/
166161
class Request extends UntrustedFlowSource::Range, DataFlow::ParameterNode {
167162
ServiceHandler handler;

0 commit comments

Comments
 (0)