Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Go: Add BigQuery as a sink for SQLi queries #2 #19561

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: main
Choose a base branch
Loading
from
Open

Go: Add BigQuery as a sink for SQLi queries #2 #19561

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c0187af
Add model for cloud.google.com/go/bigquery.Client.Query
owen-mc May 22, 2025
66bbaf2
Add tests for cloud.google.com/go/bigquery.Client.Query
owen-mc May 22, 2025
46a6b8a
Add change note
owen-mc May 22, 2025
fb92999
Add bigquery to frameworks.csv
owen-mc May 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add tests for cloud.google.com/go/bigquery.Client.Query
  • Loading branch information
@owen-mc
owen-mc committed May 22, 2025
commit 66bbaf2dc89ed8a63b61201d0a6d364caddcc19a
2 changes: 2 additions & 0 deletions 2 go/ql/test/library-tests/semmle/go/frameworks/SQL/bigquery/QueryString.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
invalidModelRow
testFailures
56 changes: 56 additions & 0 deletions 56 go/ql/test/library-tests/semmle/go/frameworks/SQL/bigquery/QueryString.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
import go
import semmle.go.dataflow.ExternalFlow
import ModelValidation
import utils.test.InlineExpectationsTest

module SqlTest implements TestSig {
string getARelevantTag() { result = "query" }

predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "query" and
exists(SQL::Query q, SQL::QueryString qs | qs = q.getAQueryString() |
q.getLocation() = location and
element = q.toString() and
value = qs.toString()
)
}
}

module QueryString implements TestSig {
string getARelevantTag() { result = "querystring" }

predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "querystring" and
element = "" and
exists(SQL::QueryString qs | not exists(SQL::Query q | qs = q.getAQueryString()) |
qs.getLocation() = location and
value = qs.toString()
)
}
}

module Config implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node n) { n.asExpr() instanceof StringLit }

predicate isSink(DataFlow::Node n) {
n = any(DataFlow::CallNode cn | cn.getTarget().getName() = "sink").getAnArgument()
}
}

module Flow = TaintTracking::Global<Config>;

module TaintFlow implements TestSig {
string getARelevantTag() { result = "flowfrom" }

predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "flowfrom" and
element = "" and
exists(DataFlow::Node fromNode, DataFlow::Node toNode |
toNode.getLocation() = location and
Flow::flow(fromNode, toNode) and
value = fromNode.asExpr().(StringLit).getValue()
)
}
}

import MakeTest<MergeTests3<SqlTest, QueryString, TaintFlow>>
1 change: 1 addition & 0 deletions 1 go/ql/test/library-tests/semmle/go/frameworks/SQL/bigquery/bigquery.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
| bigquery.go:17:15:17:23 | untrusted | cloud.google.com/go/bigquery.Client | Query |
18 changes: 18 additions & 0 deletions 18 go/ql/test/library-tests/semmle/go/frameworks/SQL/bigquery/bigquery.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
package main

//go:generate depstubber -vendor cloud.google.com/go/bigquery Client

import (
"cloud.google.com/go/bigquery"
)

func getUntrustedString() string {
return "trouble"
}

func main() {
untrusted := getUntrustedString()
var client *bigquery.Client

client.Query(untrusted) // $ querystring=untrusted
}
7 changes: 7 additions & 0 deletions 7 go/ql/test/library-tests/semmle/go/frameworks/SQL/bigquery/bigquery.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
import go

from SQL::QueryString qs, Function func, string a, string b
where
func.hasQualifiedName(a, b) and
qs = func.getACall().getSyntacticArgument(_)
select qs, a, b
50 changes: 50 additions & 0 deletions 50 go/ql/test/library-tests/semmle/go/frameworks/SQL/bigquery/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
module bigquerytest

go 1.24

require cloud.google.com/go/bigquery v1.68.0

require (
cloud.google.com/go v0.121.0 // indirect
cloud.google.com/go/auth v0.16.1 // indirect
cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
cloud.google.com/go/compute/metadata v0.6.0 // indirect
cloud.google.com/go/iam v1.5.2 // indirect
github.com/apache/arrow/go/v15 v15.0.2 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/goccy/go-json v0.10.2 // indirect
github.com/google/flatbuffers v23.5.26+incompatible // indirect
github.com/google/s2a-go v0.1.9 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect
github.com/googleapis/gax-go/v2 v2.14.1 // indirect
github.com/klauspost/compress v1.16.7 // indirect
github.com/klauspost/cpuid/v2 v2.2.5 // indirect
github.com/pierrec/lz4/v4 v4.1.18 // indirect
github.com/zeebo/xxh3 v1.0.2 // indirect
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
go.opentelemetry.io/otel v1.35.0 // indirect
go.opentelemetry.io/otel/metric v1.35.0 // indirect
go.opentelemetry.io/otel/trace v1.35.0 // indirect
golang.org/x/crypto v0.37.0 // indirect
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
golang.org/x/mod v0.23.0 // indirect
golang.org/x/net v0.39.0 // indirect
golang.org/x/oauth2 v0.29.0 // indirect
golang.org/x/sync v0.14.0 // indirect
golang.org/x/sys v0.32.0 // indirect
golang.org/x/text v0.24.0 // indirect
golang.org/x/time v0.11.0 // indirect
golang.org/x/tools v0.30.0 // indirect
golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da // indirect
google.golang.org/api v0.231.0 // indirect
google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20250428153025-10db94c68c34 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20250428153025-10db94c68c34 // indirect
google.golang.org/grpc v1.72.0 // indirect
google.golang.org/protobuf v1.36.6 // indirect
)
Loading
Morty Proxy This is a proxified and sanitized view of the page, visit original site.