github
diff --git a/‎ql/src/semmle/go/frameworks/Stdlib.qll
Lines changed: 2 additions & 52 deletions b/‎ql/src/semmle/go/frameworks/Stdlib.qll
Lines changed: 2 additions & 52 deletions
diff --git a/‎ql/src/semmle/go/frameworks/stdlib/Path.qll
Lines changed: 43 additions & 0 deletions b/‎ql/src/semmle/go/frameworks/stdlib/Path.qll
Lines changed: 43 additions & 0 deletions
diff --git a/‎ql/src/semmle/go/frameworks/stdlib/PathFilepath.qll
Lines changed: 75 additions & 0 deletions b/‎ql/src/semmle/go/frameworks/stdlib/PathFilepath.qll
Lines changed: 75 additions & 0 deletions
diff --git a/‎ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Path.go
Lines changed: 85 additions & 0 deletions b/‎ql/test/library-tests/semmle/go/frameworks/StdlibTaintFlow/Path.go
Lines changed: 85 additions & 0 deletions
@@ -12,6 +12,8 @@ import semmle.go.frameworks.stdlib.CompressFlate
 import semmle.go.frameworks.stdlib.CompressGzip
 import semmle.go.frameworks.stdlib.CompressLzw
 import semmle.go.frameworks.stdlib.CompressZlib
+import semmle.go.frameworks.stdlib.Path
+import semmle.go.frameworks.stdlib.PathFilepath
 
 /** A `String()` method. */
 class StringMethod extends TaintTracking::FunctionModel, Method {
@@ -50,36 +52,6 @@ private class CopyFunction extends TaintTracking::FunctionModel {
   }
 }
 
-/** Provides models of commonly used functions in the `path/filepath` package. */
-module PathFilePath {
-  /** A path-manipulating function in the `path/filepath` package. */
-  private class PathManipulatingFunction extends TaintTracking::FunctionModel {
-    PathManipulatingFunction() {
-      exists(string fn | hasQualifiedName("path/filepath", fn) |
-        fn = "Abs" or
-        fn = "Base" or
-        fn = "Clean" or
-        fn = "Dir" or
-        fn = "EvalSymlinks" or
-        fn = "Ext" or
-        fn = "FromSlash" or
-        fn = "Glob" or
-        fn = "Join" or
-        fn = "Rel" or
-        fn = "Split" or
-        fn = "SplitList" or
-        fn = "ToSlash" or
-        fn = "VolumeName"
-      )
-    }
-
-    override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
-      inp.isParameter(_) and
-      outp.isResult(_)
-    }
-  }
-}
-
 /** Provides models of commonly used functions in the `fmt` package. */
 module Fmt {
   /** The `Sprint` function or one of its variants. */
@@ -490,28 +462,6 @@ module OS {
   }
 }
 
-/** Provides models of commonly used functions in the `path` package. */
-module Path {
-  /** A path-manipulating function in the `path` package. */
-  class PathManipulatingFunction extends TaintTracking::FunctionModel {
-    PathManipulatingFunction() {
-      exists(string fn | hasQualifiedName("path", fn) |
-        fn = "Base" or
-        fn = "Clean" or
-        fn = "Dir" or
-        fn = "Ext" or
-        fn = "Join" or
-        fn = "Split"
-      )
-    }
-
-    override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
-      inp.isParameter(_) and
-      outp.isResult(_)
-    }
-  }
-}
-
 /** Provides a class for modeling functions which convert strings into integers. */
 module IntegerParser {
   /**
 
@@ -0,0 +1,43 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `path` package.
+ */
+
+import go
+
+/** Provides models of commonly used functions in the `path` package. */
+module Path {
+  private class FunctionModels extends TaintTracking::FunctionModel {
+    FunctionInput inp;
+    FunctionOutput outp;
+
+    FunctionModels() {
+      // signature: func Base(path string) string
+      hasQualifiedName("path", "Base") and
+      (inp.isParameter(0) and outp.isResult())
+      or
+      // signature: func Clean(path string) string
+      hasQualifiedName("path", "Clean") and
+      (inp.isParameter(0) and outp.isResult())
+      or
+      // signature: func Dir(path string) string
+      hasQualifiedName("path", "Dir") and
+      (inp.isParameter(0) and outp.isResult())
+      or
+      // signature: func Ext(path string) string
+      hasQualifiedName("path", "Ext") and
+      (inp.isParameter(0) and outp.isResult())
+      or
+      // signature: func Join(elem ...string) string
+      hasQualifiedName("path", "Join") and
+      (inp.isParameter(_) and outp.isResult())
+      or
+      // signature: func Split(path string) (dir string, file string)
+      hasQualifiedName("path", "Split") and
+      (inp.isParameter(0) and outp.isResult(_))
+    }
+
+    override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
+      input = inp and output = outp
+    }
+  }
+}
@@ -0,0 +1,75 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `path/filepath` package.
+ */
+
+import go
+
+/** Provides models of commonly used functions in the `path/filepath` package. */
+module PathFilepath {
+  private class FunctionModels extends TaintTracking::FunctionModel {
+    FunctionInput inp;
+    FunctionOutput outp;
+
+    FunctionModels() {
+      // signature: func Abs(path string) (string, error)
+      hasQualifiedName("path/filepath", "Abs") and
+      (inp.isParameter(0) and outp.isResult(0))
+      or
+      // signature: func Base(path string) string
+      hasQualifiedName("path/filepath", "Base") and
+      (inp.isParameter(0) and outp.isResult())
+      or
+      // signature: func Clean(path string) string
+      hasQualifiedName("path/filepath", "Clean") and
+      (inp.isParameter(0) and outp.isResult())
+      or
+      // signature: func Dir(path string) string
+      hasQualifiedName("path/filepath", "Dir") and
+      (inp.isParameter(0) and outp.isResult())
+      or
+      // signature: func EvalSymlinks(path string) (string, error)
+      hasQualifiedName("path/filepath", "EvalSymlinks") and
+      (inp.isParameter(0) and outp.isResult(0))
+      or
+      // signature: func Ext(path string) string
+      hasQualifiedName("path/filepath", "Ext") and
+      (inp.isParameter(0) and outp.isResult())
+      or
+      // signature: func FromSlash(path string) string
+      hasQualifiedName("path/filepath", "FromSlash") and
+      (inp.isParameter(0) and outp.isResult())
+      or
+      // signature: func Glob(pattern string) (matches []string, err error)
+      hasQualifiedName("path/filepath", "Glob") and
+      (inp.isParameter(0) and outp.isResult(0))
+      or
+      // signature: func Join(elem ...string) string
+      hasQualifiedName("path/filepath", "Join") and
+      (inp.isParameter(_) and outp.isResult())
+      or
+      // signature: func Rel(basepath string, targpath string) (string, error)
+      hasQualifiedName("path/filepath", "Rel") and
+      (inp.isParameter(_) and outp.isResult(0))
+      or
+      // signature: func Split(path string) (dir string, file string)
+      hasQualifiedName("path/filepath", "Split") and
+      (inp.isParameter(0) and outp.isResult(_))
+      or
+      // signature: func SplitList(path string) []string
+      hasQualifiedName("path/filepath", "SplitList") and
+      (inp.isParameter(0) and outp.isResult())
+      or
+      // signature: func ToSlash(path string) string
+      hasQualifiedName("path/filepath", "ToSlash") and
+      (inp.isParameter(0) and outp.isResult())
+      or
+      // signature: func VolumeName(path string) string
+      hasQualifiedName("path/filepath", "VolumeName") and
+      (inp.isParameter(0) and outp.isResult())
+    }
+
+    override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
+      input = inp and output = outp
+    }
+  }
+}