Fix broken queries

Alvaro Muñoz · Alvaro Muñoz · commit c35165fa554a · 2023-09-15T13:05:04.000+02:00
diff --git a/go/src/audit/explore/Dependencies.ql b/go/src/audit/explore/Dependencies.ql
@@ -1,7 +1,17 @@
+/**
+ * @name External dependencies
+ * @description Count the number of dependencies that a Java project has on external packages.
+ * @kind treemap
+ * @id githubsecuritylab/external-dependencies
+ * @metricType externalDependency
+ * @tags audit
+ */
+
 import go
 import semmle.go.dependencies.Dependencies
 
 from Dependency d, int nimports, string name
-where nimports = strictsum(ImportSpec is | is = d.getAnImport() | 1)
-  and exists(string p, string v | d.info(p, v) and name = p + v)
+where
+  nimports = strictsum(ImportSpec is | is = d.getAnImport() | 1) and
+  exists(string p, string v | d.info(p, v) and name = p + v)
 select name, nimports order by nimports desc
diff --git a/go/src/audit/explore/Files.ql b/go/src/audit/explore/Files.ql
@@ -1,3 +1,11 @@
+/**
+ * @name Files
+ * @description List of all files in the repository
+ * @kind table
+ * @id githubsecuritylab/files
+ * @tags audit
+ */
+
 import go
 
 from File f
diff --git a/go/src/audit/explore/RemoteFlowSources.ql b/go/src/audit/explore/RemoteFlowSources.ql
@@ -1,17 +1,14 @@
 /**
  * @name Attack Surface
- * @description attack surface
- * @kind problem
- * @precision low
- * @id seclab/attack-surface
+ * @description Application attack surface
+ * @kind table
+ * @id githubsecuritylab/attack-surface
  * @tags audit
  */
 
 import semmle.go.security.FlowSources
 
 from UntrustedFlowSource source
-where
-  not source.getFile().getRelativePath().matches("%/test/%")
+where not source.getFile().getRelativePath().matches("%/test/%")
 select source, "remote", source.getFile().getRelativePath(), source.getStartLine(),
   source.getEndLine(), source.getStartColumn(), source.getEndColumn()
-
diff --git a/go/src/audit/templates/BackwardsPartialDataFlow.ql b/go/src/audit/templates/BackwardsPartialDataFlow.ql
@@ -1,21 +1,17 @@
 /**
  * @name Backwards Partial Dataflow
  * @description Backwards Partial Dataflow
- * @kind problem
- * @precision low
- * @problem.severity error
- * @id seclab/backwards-partial-dataflow
- * @tags audit
+ * @kind table
+ * @id githubsecuritylab/backwards-partial-dataflow
+ * @tags template
  */
 
 import go
 import semmle.go.dataflow.TaintTracking
 import PartialFlow::PartialPathGraph
 
 private module MyConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    none()
-  }
+  predicate isSource(DataFlow::Node source) { none() }
 
   predicate isSink(DataFlow::Node sink) {
     // Define the sink to run the backwards partial dataflow from. Eg:
@@ -28,7 +24,9 @@ private module MyConfig implements DataFlow::ConfigSig {
 }
 
 private module MyFlow = TaintTracking::Global<MyConfig>; // or DataFlow::Global<..>
+
 int explorationLimit() { result = 10 }
+
 private module PartialFlow = MyFlow::FlowExploration<explorationLimit/0>;
 
 from PartialFlow::PartialPathNode n, int dist
diff --git a/go/src/audit/templates/DataFlowConfiguration.ql b/go/src/audit/templates/DataFlowConfiguration.ql
@@ -1,11 +1,11 @@
 /**
  * @name DataFlow configuration
- * @description DataFlow TaintTracking configuration 
+ * @description DataFlow TaintTracking configuration
  * @kind path-problem
  * @precision low
  * @problem.severity error
- * @id seclab/dataflow-query
- * @tags audit
+ * @id githubsecuritylab/dataflow-query
+ * @tags template
  */
 
 import go
diff --git a/go/src/audit/templates/ForwardPartialDataflow.ql b/go/src/audit/templates/ForwardPartialDataflow.ql
@@ -1,11 +1,9 @@
 /**
  * @name Forward Partial Dataflow
  * @description Forward Partial Dataflow
- * @kind problem
- * @precision low
- * @problem.severity error
- * @id seclab/forward-partial-dataflow
- * @tags audit
+ * @kind table
+ * @id githubsecuritylab/forward-partial-dataflow
+ * @tags template
  */
 
 import go
@@ -22,13 +20,13 @@ private module MyConfig implements DataFlow::ConfigSig {
     none()
   }
 
-  predicate isSink(DataFlow::Node sink) {
-    none()
-  }
+  predicate isSink(DataFlow::Node sink) { none() }
 }
 
 private module MyFlow = TaintTracking::Global<MyConfig>; // or DataFlow::Global<..>
+
 int explorationLimit() { result = 10 }
+
 private module PartialFlow = MyFlow::FlowExploration<explorationLimit/0>;
 
 from PartialFlow::PartialPathNode n, int dist
diff --git a/go/src/audit/templates/HoistSink.ql b/go/src/audit/templates/HoistSink.ql
@@ -1,21 +1,17 @@
 /**
  * @name Sink Hoisting to method parameter
  * @description Hoist a sink using partial dataflow
- * @kind problem
- * @precision low
- * @problem.severity error
- * @id seclab/sink-hoister
- * @tags audit
+ * @kind table
+ * @id githubsecuritylab/sink-hoister
+ * @tags template
  */
 
-import go 
+import go
 import semmle.go.dataflow.TaintTracking
 import PartialFlow::PartialPathGraph
 
 private module MyConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) {
-    none()
-  }
+  predicate isSource(DataFlow::Node source) { none() }
 
   predicate isSink(DataFlow::Node sink) {
     // Define the sink to be hoisted here. eg:
@@ -27,11 +23,14 @@ private module MyConfig implements DataFlow::ConfigSig {
   }
 }
 
-private module MyFlow = TaintTracking::Make<MyConfig>; // or DataFlow::Make<..>
+private module MyFlow = TaintTracking::Global<MyConfig>; // or DataFlow::Make<..>
+
 int explorationLimit() { result = 10 }
+
 private module PartialFlow = MyFlow::FlowExploration<explorationLimit/0>;
 
 from PartialFlow::PartialPathNode n, int dist
-where PartialFlow::hasPartialFlowRev(n, _, dist) and
-  n.getNode() instanceof DataFlow::ParameterNode 
+where
+  PartialFlow::partialFlowRev(n, _, dist) and
+  n.getNode() instanceof DataFlow::ParameterNode
 select dist, n
diff --git a/go/src/security/CWE-078/CommandInjection.ql b/go/src/security/CWE-078/CommandInjection.ql
@@ -21,19 +21,21 @@ class InUseCommandInjectionConfiguration extends CommandInjection::Configuration
   override predicate isSource(DataFlow::Node node) {
     exists(UntrustedFlowSource source, Function function, DataFlow::CallNode callNode |
       source.asExpr() = node.asExpr() and
-
       source.(DataFlow::ExprNode).asExpr().getEnclosingFunction() = function.getFuncDecl() and
       (
         // function is called directly
         callNode.getACallee() = function.getFuncDecl()
-        
+        or
         // function is passed to another function to be called
-        or callNode.getCall().getAnArgument().(Ident).refersTo(function) //NEW with 2.13.2: or c.getASyntacticArgument().asExpr().(Ident).refersTo(f)
-      )      
+        callNode.getCall().getAnArgument().(Ident).refersTo(function) //NEW with 2.13.2: or c.getASyntacticArgument().asExpr().(Ident).refersTo(f)
+      )
     )
   }
 }
- 
- from InUseCommandInjectionConfiguration cfg, CommandInjection::DoubleDashSanitizingConfiguration cfg2, DataFlow::PathNode source, DataFlow::PathNode sink
- where (cfg.hasFlowPath(source, sink) or cfg2.hasFlowPath(source, sink))
- select sink.getNode(), source, sink, "This command depends on a $@.", source.getNode(), "user-provided value"
+
+from
+  InUseCommandInjectionConfiguration cfg, CommandInjection::DoubleDashSanitizingConfiguration cfg2,
+  DataFlow::PathNode source, DataFlow::PathNode sink
+where (cfg.hasFlowPath(source, sink) or cfg2.hasFlowPath(source, sink))
+select sink.getNode(), source, sink, "This command depends on a $@.", source.getNode(),
+  "user-provided value"
