Improve style of library models

Author: smowton

ql/src/go.qll

@@ -26,6 +26,7 @@ import semmle.go.dataflow.GlobalValueNumbering
 import semmle.go.dataflow.SSA
 import semmle.go.dataflow.TaintTracking
 import semmle.go.frameworks.Email
+import semmle.go.frameworks.Encoding
 import semmle.go.frameworks.Glog
 import semmle.go.frameworks.HTTP
 import semmle.go.frameworks.Macaron
@@ -37,7 +38,4 @@ import semmle.go.frameworks.SystemCommandExecutors
 import semmle.go.frameworks.Testing
 import semmle.go.frameworks.WebSocket
 import semmle.go.frameworks.XPath
-import semmle.go.frameworks.thirdpartlib.HTTP
-import semmle.go.frameworks.thirdpartlib.SQL
-import semmle.go.frameworks.thirdpartlib.Encoding
 import semmle.go.security.FlowSources

ql/src/semmle/go/frameworks/Encoding.qll

@@ -0,0 +1,23 @@
+/**
+ * Provides classes modelling taint propagation through the `json-iterator` package.
+ */
+
+import go
+
+/** Models json-iterator's Unmarshal function, propagating taint from the JSON input to the decoded object. */
+private class JsonIteratorUnmarshalFunction extends TaintTracking::FunctionModel,
+  UnmarshalingFunction::Range {
+  JsonIteratorUnmarshalFunction() {
+    this.hasQualifiedName("github.com/json-iterator/go", "Unmarshal")
+  }
+
+  override DataFlow::FunctionInput getAnInput() { result.isParameter(0) }
+
+  override DataFlow::FunctionOutput getOutput() { result.isParameter(1) }
+
+  override string getFormat() { result = "JSON" }
+
+  override predicate hasTaintFlow(DataFlow::FunctionInput inp, DataFlow::FunctionOutput outp) {
+    inp = getAnInput() and outp = getOutput()
+  }
+}

ql/src/semmle/go/frameworks/HTTP.qll

@@ -232,3 +232,26 @@ private module StdlibHttp {
   }
 }
 
+/**
+ * Provides models of the go-restful library (https://github.com/emicklei/go-restful).
+ */
+private module GoRestfulHttp {
+  /**
+   * A model for methods defined on go-restful's `Request` object that may return user-controlled data.
+   */
+  private class GoRestfulSourceMethod extends Method {
+    GoRestfulSourceMethod() {
+      this
+          .hasQualifiedName("github.com/emicklei/go-restful", "Request",
+            ["QueryParameters", "QueryParameter", "BodyParameter", "HeaderParameter",
+                "PathParameter", "PathParameters"])
+    }
+  }
+
+  /**
+   * A model of go-restful's `Request` object as a source of user-controlled data.
+   */
+  private class GoRestfulSource extends UntrustedFlowSource::Range {
+    GoRestfulSource() { this = any(GoRestfulSourceMethod g).getACall() }
+  }
+}

ql/src/semmle/go/frameworks/SQL.qll

@@ -160,4 +160,29 @@ module SQL {
       }
     }
   }
+
+  /** A model for sinks of github.com/jinzhu/gorm. */
+  private class GormSink extends SQL::QueryString::Range {
+    GormSink() {
+      exists(Method meth, string name |
+        meth.hasQualifiedName("github.com/jinzhu/gorm", "DB", name) and
+        this = meth.getACall().getArgument(0) and
+        name in ["Where", "Raw", "Order", "Not", "Or", "Select", "Table", "Group", "Having", "Joins"]
+      )
+    }
+  }
+
+  /** A model for sinks of github.com/jmoiron/sqlx. */
+  private class SqlxSink extends SQL::QueryString::Range {
+    SqlxSink() {
+      exists(Method meth, string name, int n |
+        meth.hasQualifiedName("github.com/jmoiron/sqlx", ["DB", "Tx"], name) and
+        this = meth.getACall().getArgument(n)
+      |
+        name = ["Select", "Get"] and n = 1
+        or
+        name = ["MustExec", "Queryx", "NamedExec", "NamedQuery"] and n = 0
+      )
+    }
+  }
 }