Pull Request: Add Go SSTI Method Detection Query for CodeQL

Overview

This pull request introduces a new CodeQL query specifically designed to detect Server-Side Template Injection (SSTI) vulnerabilities in Go applications. SSTI in Go can occur when user input is dynamically embedded into templates, leading to potential code execution or other security breaches. This query focuses on identifying patterns in Go code that could be exploited through SSTI.

Changes Introduced

• New Query Added: SSTI.ql - Detects patterns in Go applications that are potentially vulnerable to SSTI.
• Experimental Code Samples: Provided in the CWE-1336/ directory, showcasing both vulnerable (bad) and secure (good) code implementations related to SSTI in Go.
• Documentation: Comprehensive documentation detailing the query's purpose, implementation, and the nature of SSTI vulnerabilities in Go.

Implementation Details

• The query scans for instances where user input may be unsafely incorporated into server-side templates.
• Focuses on Go's template package and common patterns where SSTI vulnerabilities are likely to occur.

Testing and Validation

• Rigorously tested against various synthetic Go code samples (included in the pull request).
• Evaluated to ensure a low false positive rate and minimal performance impact on large Go codebases.

Future Work

• Plans to enhance the detection capabilities for more complex and nuanced SSTI scenarios in Go.
• Welcoming community contributions for further improvements and updates.

References

• A detailed blog post on Go SSTI method research and findings: OnSecurity Go SSTI Method Research.