Skip to content

[Go] How to query for a function that is passed as a variable? #13159

Answered by smowton
JasperSurmont asked this question in Q&A
Discussion options

You must be logged in to vote

Depending on how precise you want to be, here's a sink that identifies any write to the field MethodDesc.Handler:

  override predicate isSink(DataFlow::Node n) {
    exists(Write w |
      w.writesField(_, any(Field f | f.hasQualifiedName("google.golang.org/grpc", "MethodDesc", "Handler")), n)
    )
  }

However perhaps you're concerned that not all MethodDesc.Handlers end up passed to RegisterService? In that case we can make our sink any argument to RegisterService:

  override predicate isSink(DataFlow::Node n) {
    n = any(DataFlow::CallNode cn |
      cn.getTarget().(Method).hasQualifiedName("github.com/gogo/protobuf/grpc", "Server", "RegisterService")
    ).getArgument(0)
  }

...then…

Replies: 1 comment 20 replies

Comment options

You must be logged in to vote
20 replies
@JasperSurmont
Comment options

@smowton
Comment options

@JasperSurmont
Comment options

@smowton
Comment options

Answer selected by JasperSurmont
@JasperSurmont
Comment options

@JasperSurmont
Comment options

@smowton
Comment options

@JasperSurmont
Comment options

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants