Merge pull request #21109 from owen-mc/go/misc-trivial-fixes

Go: misc trivial fixes

Author: owen-mc

go/ql/lib/semmle/go/frameworks/K8sIoApimachineryPkgRuntime.qll

@@ -50,7 +50,7 @@ module K8sIoApimachineryPkgRuntime {
     }
   }
 
-  private class DecoderDecode extends Method, UnmarshalingFunction::Range {
+  private class DecoderDecode extends UnmarshalingFunction::Range, Method {
     DecoderDecode() {
       this.implements(packagePath(), "Decoder", "Decode") or
       this.hasQualifiedName(packagePath(), "WithoutVersionDecoder", "Decode")
@@ -95,7 +95,7 @@ module K8sIoApimachineryPkgRuntime {
     }
   }
 
-  private class ParameterCodecDecodeParameters extends Method, UnmarshalingFunction::Range {
+  private class ParameterCodecDecodeParameters extends UnmarshalingFunction::Range, Method {
     ParameterCodecDecodeParameters() {
       this.implements(packagePath(), "ParameterCodec", "DecodeParameters")
     }
@@ -110,7 +110,7 @@ module K8sIoApimachineryPkgRuntime {
     }
   }
 
-  private class ParameterCodecEncodeParameters extends Method, MarshalingFunction::Range {
+  private class ParameterCodecEncodeParameters extends MarshalingFunction::Range, Method {
     ParameterCodecEncodeParameters() {
       this.implements(packagePath(), "ParameterCodec", "EncodeParameters")
     }
@@ -125,7 +125,7 @@ module K8sIoApimachineryPkgRuntime {
     }
   }
 
-  private class ProtobufMarshallerMarshalTo extends Method, MarshalingFunction::Range {
+  private class ProtobufMarshallerMarshalTo extends MarshalingFunction::Range, Method {
     ProtobufMarshallerMarshalTo() {
       this.implements(packagePath(), "ProtobufMarshaller", "MarshalTo") or
       this.implements(packagePath(), "ProtobufReverseMarshaller", "MarshalToSizedBuffer")
@@ -138,7 +138,7 @@ module K8sIoApimachineryPkgRuntime {
     override string getFormat() { result = "protobuf" }
   }
 
-  private class RawExtensionMarshal extends Method, MarshalingFunction::Range {
+  private class RawExtensionMarshal extends MarshalingFunction::Range, Method {
     RawExtensionMarshal() { this.hasQualifiedName(packagePath(), "RawExtension", "Marshal") }
 
     override DataFlow::FunctionInput getAnInput() { result.isReceiver() }
@@ -148,7 +148,7 @@ module K8sIoApimachineryPkgRuntime {
     override string getFormat() { result = "protobuf" }
   }
 
-  private class RawExtensionUnmarshal extends Method, UnmarshalingFunction::Range {
+  private class RawExtensionUnmarshal extends UnmarshalingFunction::Range, Method {
     RawExtensionUnmarshal() { this.hasQualifiedName(packagePath(), "RawExtension", "Unmarshal") }
 
     override DataFlow::FunctionInput getAnInput() { result.isReceiver() }
@@ -158,7 +158,7 @@ module K8sIoApimachineryPkgRuntime {
     override string getFormat() { result = "protobuf" }
   }
 
-  private class UnknownMarshal extends Method, MarshalingFunction::Range {
+  private class UnknownMarshal extends MarshalingFunction::Range, Method {
     string methodName;
 
     UnknownMarshal() {
@@ -177,7 +177,7 @@ module K8sIoApimachineryPkgRuntime {
     override string getFormat() { result = "protobuf" }
   }
 
-  private class UnknownUnmarshal extends Method, UnmarshalingFunction::Range {
+  private class UnknownUnmarshal extends UnmarshalingFunction::Range, Method {
     UnknownUnmarshal() { this.hasQualifiedName(packagePath(), "Unknown", "Unmarshal") }
 
     override DataFlow::FunctionInput getAnInput() { result.isReceiver() }

go/ql/lib/semmle/go/frameworks/Revel.qll

@@ -140,7 +140,7 @@ module Revel {
   /**
    * A render of a template.
    */
-  abstract class TemplateRender extends DataFlow::Node, TemplateInstantiation::Range {
+  abstract class TemplateRender extends TemplateInstantiation::Range {
     /** Gets the name of the file that is rendered. */
     abstract File getRenderedFile();
 

go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll

@@ -46,7 +46,7 @@ module NetHttp {
     }
   }
 
-  private class MapWrite extends Http::HeaderWrite::Range, DataFlow::Node {
+  private class MapWrite extends Http::HeaderWrite::Range {
     DataFlow::Node index;
     DataFlow::Node rhs;
 

go/ql/lib/semmle/go/frameworks/stdlib/Regexp.qll

@@ -61,7 +61,7 @@ module Regexp {
     }
   }
 
-  private class ExternalRegexpMatchFunction extends RegexpMatchFunction::Range, Function {
+  private class ExternalRegexpMatchFunction extends RegexpMatchFunction::Range {
     int patArg;
     int strArg;
 

go/ql/lib/semmle/go/security/CleartextLoggingCustomizations.qll

@@ -120,7 +120,7 @@ module CleartextLogging {
    *
    * This is a source since `log.Print(obj)` will often show the fields of `obj`.
    */
-  private class StructPasswordFieldSource extends DataFlow::Node, Source {
+  private class StructPasswordFieldSource extends Source {
     string name;
 
     StructPasswordFieldSource() {
@@ -137,7 +137,7 @@ module CleartextLogging {
   }
 
   /** An access to a variable or property that might contain a password. */
-  private class ReadPasswordSource extends DataFlow::Node, Source {
+  private class ReadPasswordSource extends Source {
     string name;
 
     ReadPasswordSource() {
@@ -162,7 +162,7 @@ module CleartextLogging {
   }
 
   /** A call that might return a password. */
-  private class CallPasswordSource extends DataFlow::CallNode, Source {
+  private class CallPasswordSource extends Source, DataFlow::CallNode {
     string name;
 
     CallPasswordSource() {

go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll

@@ -61,15 +61,15 @@ module OpenUrlRedirect {
   /**
    * An HTTP redirect, considered as a sink for `Configuration`.
    */
-  class RedirectSink extends Sink, DataFlow::Node {
+  class RedirectSink extends Sink {
     RedirectSink() { this = any(Http::Redirect redir).getUrl() }
   }
 
   /**
    * A definition of the HTTP "Location" header, considered as a sink for
    * `Configuration`.
    */
-  class LocationHeaderSink extends Sink, DataFlow::Node {
+  class LocationHeaderSink extends Sink {
     LocationHeaderSink() {
       exists(Http::HeaderWrite hw | hw.getHeaderName() = "location" | this = hw.getValue())
     }
@@ -99,20 +99,20 @@ module OpenUrlRedirect {
    * A call to a function called `isLocalUrl`, `isValidRedirect`, or similar, which is
    * considered a barrier guard for sanitizing untrusted URLs.
    */
-  class RedirectCheckBarrierGuardAsBarrierGuard extends RedirectCheckBarrier, Barrier { }
+  class RedirectCheckBarrierGuardAsBarrierGuard extends Barrier instanceof RedirectCheckBarrier { }
 
   /**
    * A call to a regexp match function, considered as a barrier guard for sanitizing untrusted URLs.
    *
    * This is overapproximate: we do not attempt to reason about the correctness of the regexp.
    */
-  class RegexpCheckAsBarrierGuard extends RegexpCheckBarrier, Barrier { }
+  class RegexpCheckAsBarrierGuard extends Barrier instanceof RegexpCheckBarrier { }
 
   /**
    * A check against a constant value or the `Hostname` function,
    * considered a barrier guard for url flow.
    */
-  class UrlCheckAsBarrierGuard extends UrlCheckBarrier, Barrier { }
+  class UrlCheckAsBarrierGuard extends Barrier instanceof UrlCheckBarrier { }
 }
 
 /** A sink for an open redirect, considered as a sink for safe URL flow. */

go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll

@@ -102,14 +102,15 @@ module RequestForgery {
    * A call to a function called `isLocalUrl`, `isValidRedirect`, or similar, which is
    * considered a barrier guard.
    */
-  class RedirectCheckBarrierGuardAsBarrierGuard extends RedirectCheckBarrier, Sanitizer { }
+  class RedirectCheckBarrierGuardAsBarrierGuard extends Sanitizer instanceof RedirectCheckBarrier {
+  }
 
   /**
    * A call to a regexp match function, considered as a barrier guard for sanitizing untrusted URLs.
    *
    * This is overapproximate: we do not attempt to reason about the correctness of the regexp.
    */
-  class RegexpCheckAsBarrierGuard extends RegexpCheckBarrier, Sanitizer { }
+  class RegexpCheckAsBarrierGuard extends Sanitizer instanceof RegexpCheckBarrier { }
 
   /**
    * An equality check comparing a data-flow node against a constant string, considered as
@@ -118,7 +119,7 @@ module RequestForgery {
    * Additionally, a check comparing `url.Hostname()` against a constant string is also
    * considered a barrier guard for `url`.
    */
-  class UrlCheckAsBarrierGuard extends UrlCheckBarrier, Sanitizer { }
+  class UrlCheckAsBarrierGuard extends Sanitizer instanceof UrlCheckBarrier { }
 
   /**
    * A simple-typed node, considered a sanitizer for request forgery.

go/ql/lib/semmle/go/security/UnsafeUnzipSymlinkCustomizations.qll

@@ -126,7 +126,7 @@ module UnsafeUnzipSymlink {
    * An argument to a call to `os.Symlink` within a loop that extracts a zip or tar archive,
    * taken as a sink for unsafe unzipping of symlinks.
    */
-  class OsSymlink extends DataFlow::Node, SymlinkSink {
+  class OsSymlink extends SymlinkSink {
     OsSymlink() {
       exists(DataFlow::CallNode n | n.asExpr() = getASymlinkCall() |
         this = n.getArgument([0, 1]) and
@@ -139,7 +139,7 @@ module UnsafeUnzipSymlink {
    * An argument to `path/filepath.EvalSymlinks` or `os.Readlink`, taken as a sink for detecting target
    * paths that are likely safe to extract to.
    */
-  class StdlibSymlinkResolvers extends DataFlow::Node, EvalSymlinksSink {
+  class StdlibSymlinkResolvers extends EvalSymlinksSink {
     StdlibSymlinkResolvers() {
       exists(DataFlow::CallNode n |
         n.getTarget().hasQualifiedName("path/filepath", "EvalSymlinks")

go/ql/lib/semmle/go/security/Xss.qll

@@ -139,14 +139,14 @@ module SharedXss {
    * A `Template` from `html/template` will HTML-escape data automatically
    * and therefore acts as a sanitizer for XSS vulnerabilities.
    */
-  class HtmlTemplateSanitizer extends Sanitizer, DataFlow::Node {
+  class HtmlTemplateSanitizer extends Sanitizer {
     HtmlTemplateSanitizer() {
       exists(Method m, DataFlow::CallNode call | m = call.getCall().getTarget() |
         m.hasQualifiedName("html/template", "Template", "ExecuteTemplate") and
-        call.getArgument(2) = this
+        this = call.getArgument(2)
         or
         m.hasQualifiedName("html/template", "Template", "Execute") and
-        call.getArgument(1) = this
+        this = call.getArgument(1)
       )
     }
   }

go/ql/lib/semmle/go/security/ZipSlipCustomizations.qll

@@ -30,7 +30,7 @@ module ZipSlip {
   /**
    * A tar file header, as a source for zip slip.
    */
-  class TarHeaderSource extends Source, DataFlow::Node {
+  class TarHeaderSource extends Source {
     TarHeaderSource() {
       this =
         any(DataFlow::MethodCallNode mcn |