github
diff --git a/‎go/ql/lib/ext/github.com.emicklei.go-restful.model.yml
Lines changed: 12 additions & 0 deletions b/‎go/ql/lib/ext/github.com.emicklei.go-restful.model.yml
Lines changed: 12 additions & 0 deletions
diff --git a/‎go/ql/lib/ext/github.com.gin-gonic.gin.model.yml
Lines changed: 50 additions & 0 deletions b/‎go/ql/lib/ext/github.com.gin-gonic.gin.model.yml
Lines changed: 50 additions & 0 deletions
diff --git a/‎go/ql/lib/ext/github.com.gorilla.mux.model.yml
Lines changed: 6 additions & 0 deletions b/‎go/ql/lib/ext/github.com.gorilla.mux.model.yml
Lines changed: 6 additions & 0 deletions
diff --git a/‎go/ql/lib/go.qll
Lines changed: 0 additions & 1 deletion b/‎go/ql/lib/go.qll
Lines changed: 0 additions & 1 deletion
diff --git a/‎go/ql/lib/semmle/go/frameworks/Gin.qll
Lines changed: 0 additions & 46 deletions b/‎go/ql/lib/semmle/go/frameworks/Gin.qll
Lines changed: 0 additions & 46 deletions
diff --git a/‎go/ql/lib/semmle/go/frameworks/GoRestfulHttp.qll
Lines changed: 0 additions & 46 deletions b/‎go/ql/lib/semmle/go/frameworks/GoRestfulHttp.qll
Lines changed: 0 additions & 46 deletions
diff --git a/‎go/ql/lib/semmle/go/frameworks/Mux.qll
Lines changed: 9 additions & 3 deletions b/‎go/ql/lib/semmle/go/frameworks/Mux.qll
Lines changed: 9 additions & 3 deletions
diff --git a/‎go/ql/test/experimental/CWE-090/LDAPInjection.expected
Lines changed: 14 additions & 14 deletions b/‎go/ql/test/experimental/CWE-090/LDAPInjection.expected
Lines changed: 14 additions & 14 deletions
diff --git a/‎go/ql/test/experimental/CWE-203/Timing.expected
Lines changed: 3 additions & 3 deletions b/‎go/ql/test/experimental/CWE-203/Timing.expected
Lines changed: 3 additions & 3 deletions
diff --git a/‎go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected
Lines changed: 1 addition & 1 deletion b/‎go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected
Lines changed: 1 addition & 1 deletion
@@ -0,0 +1,12 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sourceModel
+    data:
+      - ["github.com/emicklei/go-restful", "Request", True, "QueryParameters", "", "", "ReturnValue", "remote", "manual"] # TODO: when sources can have access paths, use .ArrayElement
+      - ["github.com/emicklei/go-restful", "Request", True, "QueryParameter", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/emicklei/go-restful", "Request", True, "BodyParameter", "", "", "ReturnValue[0]", "remote", "manual"]
+      - ["github.com/emicklei/go-restful", "Request", True, "HeaderParameter", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/emicklei/go-restful", "Request", True, "PathParameter", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/emicklei/go-restful", "Request", True, "PathParameters", "", "", "ReturnValue", "remote", "manual"] # TODO: when sources can have access paths, use .MapValue
+      - ["github.com/emicklei/go-restful", "Request", True, "ReadEntity", "", "", "Argument[0]", "remote", "manual"]
@@ -5,3 +5,53 @@ extensions:
     data:
       - ["github.com/gin-gonic/gin", "Params", True, "ByName", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
       - ["github.com/gin-gonic/gin", "Params", True, "Get", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sourceModel
+    data:
+      - ["github.com/gin-gonic/gin", "Context", True, "Accepted", "", "", "", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "Bind", "", "", "Argument[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "BindHeader", "", "", "Argument[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "BindJSON", "", "", "Argument[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "BindQuery", "", "", "Argument[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "BindXML", "", "", "Argument[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "BindYAML", "", "", "Argument[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "BindUri", "", "", "Argument[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "BindWith", "", "", "Argument[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "ClientIP", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "ContentType", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "Cookie", "", "", "ReturnValue[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "DefaultPostForm", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "DefaultQuery", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "FullPath", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "GetHeader", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "GetPostForm", "", "", "ReturnValue[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "GetPostFormArray", "", "", "ReturnValue[0]", "remote", "manual"] # TODO: when sources can have access paths, use .ArrayElement
+      - ["github.com/gin-gonic/gin", "Context", True, "GetPostFormMap", "", "", "ReturnValue[0]", "remote", "manual"] # TODO: when sources can have access paths, use .MapValue (and .MapKey?)
+      - ["github.com/gin-gonic/gin", "Context", True, "GetQuery", "", "", "ReturnValue[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "GetQueryArray", "", "", "ReturnValue[0]", "remote", "manual"] # TODO: when sources can have access paths, use .ArrayElement
+      - ["github.com/gin-gonic/gin", "Context", True, "GetQueryMap", "", "", "ReturnValue[0]", "remote", "manual"] # TODO: when sources can have access paths, use .MapValue (and .MapKey?)
+      - ["github.com/gin-gonic/gin", "Context", True, "GetRawData", "", "", "ReturnValue[0]", "remote", "manual"] # TODO: when sources can have access paths, use .ArrayElement
+      - ["github.com/gin-gonic/gin", "Context", True, "GetString", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "GetStringMap", "", "", "ReturnValue", "remote", "manual"] # TODO: when sources can have access paths, use .MapValue (and .MapKey?)
+      - ["github.com/gin-gonic/gin", "Context", True, "GetStringMapString", "", "", "ReturnValue", "remote", "manual"] # TODO: when sources can have access paths, use .MapValue (and .MapKey?)
+      - ["github.com/gin-gonic/gin", "Context", True, "GetStringMapStringSlice", "", "", "ReturnValue", "remote", "manual"] # TODO: when sources can have access paths, use .MapValue.ArrayElement (and .MapKey?)
+      - ["github.com/gin-gonic/gin", "Context", True, "GetStringSlice", "", "", "ReturnValue", "remote", "manual"] # TODO: when sources can have access paths, use .ArrayElement
+      - ["github.com/gin-gonic/gin", "Context", True, "MustBindWith", "", "", "Argument[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "Param", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "Params", "", "", "", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "PostForm", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "PostFormArray", "", "", "ReturnValue", "remote", "manual"] # TODO: when sources can have access paths, use .ArrayElement
+      - ["github.com/gin-gonic/gin", "Context", True, "PostFormMap", "", "", "ReturnValue", "remote", "manual"] # TODO: when sources can have access paths, use .MapValue (and .MapKey?)
+      - ["github.com/gin-gonic/gin", "Context", True, "Query", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "QueryArray", "", "", "ReturnValue", "remote", "manual"] # TODO: when sources can have access paths, use .ArrayElement
+      - ["github.com/gin-gonic/gin", "Context", True, "QueryMap", "", "", "ReturnValue", "remote", "manual"] # TODO: when sources can have access paths, use .MapValue (and .MapKey?)
+      - ["github.com/gin-gonic/gin", "Context", True, "ShouldBind", "", "", "Argument[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "ShouldBindBodyWith", "", "", "Argument[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "ShouldBindHeader", "", "", "Argument[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "ShouldBindJSON", "", "", "Argument[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "ShouldBindQuery", "", "", "Argument[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "ShouldBindUri", "", "", "Argument[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "ShouldBindWith", "", "", "Argument[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "ShouldBindXML", "", "", "Argument[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "ShouldBindYAML", "", "", "Argument[0]", "remote", "manual"]
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sourceModel
+    data:
+      - ["github.com/gorilla/mux", "", True, "Vars", "", "", "ReturnValue", "remote", "manual"] # TODO: when sources can have access paths, use .MapValue (and .MapKey?)
@@ -48,7 +48,6 @@ import semmle.go.frameworks.Gogf
 import semmle.go.frameworks.GoJose
 import semmle.go.frameworks.GoKit
 import semmle.go.frameworks.GoMicro
-import semmle.go.frameworks.GoRestfulHttp
 import semmle.go.frameworks.Gqlgen
 import semmle.go.frameworks.Iris
 import semmle.go.frameworks.Jwt
 
@@ -9,52 +9,6 @@ private module Gin {
   /** Gets the package name `github.com/gin-gonic/gin`. */
   string packagePath() { result = package("github.com/gin-gonic/gin", "") }
 
-  /**
-   * Data from a `Context` struct, considered as a source of remote flow.
-   */
-  private class GithubComGinGonicGinContextSource extends RemoteFlowSource::Range {
-    GithubComGinGonicGinContextSource() {
-      // Method calls:
-      exists(DataFlow::MethodCallNode call, string methodName |
-        call.getTarget().hasQualifiedName(packagePath(), "Context", methodName) and
-        methodName in [
-            "FullPath", "GetHeader", "QueryArray", "Query", "PostFormArray", "PostForm", "Param",
-            "GetStringSlice", "GetString", "GetRawData", "ClientIP", "ContentType", "Cookie",
-            "GetQueryArray", "GetQuery", "GetPostFormArray", "GetPostForm", "DefaultPostForm",
-            "DefaultQuery", "GetPostFormMap", "GetQueryMap", "GetStringMap", "GetStringMapString",
-            "GetStringMapStringSlice", "PostFormMap", "QueryMap"
-          ]
-      |
-        this = call.getResult(0)
-      )
-      or
-      // Field reads:
-      exists(DataFlow::Field fld |
-        fld.hasQualifiedName(packagePath(), "Context", ["Accepted", "Params"]) and
-        this = fld.getARead()
-      )
-    }
-  }
-
-  /**
-   * A call to a method on `Context` struct that unmarshals data into a target.
-   */
-  private class GithubComGinGonicGinContextBindSource extends RemoteFlowSource::Range {
-    GithubComGinGonicGinContextBindSource() {
-      exists(DataFlow::MethodCallNode call, string methodName |
-        call.getTarget().hasQualifiedName(packagePath(), "Context", methodName) and
-        methodName in [
-            "BindJSON", "BindYAML", "BindXML", "BindUri", "BindQuery", "BindWith", "BindHeader",
-            "MustBindWith", "Bind", "ShouldBind", "ShouldBindBodyWith", "ShouldBindJSON",
-            "ShouldBindQuery", "ShouldBindUri", "ShouldBindHeader", "ShouldBindWith",
-            "ShouldBindXML", "ShouldBindYAML"
-          ]
-      |
-        this = FunctionOutput::parameter(0).getExitNode(call)
-      )
-    }
-  }
-
   /**
    * The File system access sinks
    */
 
@@ -5,11 +5,17 @@
 import go
 
 /**
+ * DEPRECATED
+ *
  * Provides classes for working with concepts in the Mux HTTP middleware library.
  */
-module Mux {
-  /** An access to a Mux middleware variable. */
-  class RequestVars extends DataFlow::RemoteFlowSource::Range, DataFlow::CallNode {
+deprecated module Mux {
+  /**
+   * DEPRECATED: Use `RemoteFlowSource::Range` instead.
+   *
+   * An access to a Mux middleware variable.
+   */
+  deprecated class RequestVars extends DataFlow::RemoteFlowSource::Range, DataFlow::CallNode {
     RequestVars() {
       this.getTarget().hasQualifiedName(package("github.com/gorilla/mux", ""), "Vars")
     }
 
@@ -1,18 +1,18 @@
 edges
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:59:3:59:11 | untrusted | provenance | Src:MaD:703  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:61:3:61:51 | ...+... | provenance | Src:MaD:703  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:3:62:33 | slice literal | provenance | Src:MaD:703  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:24:62:32 | untrusted | provenance | Src:MaD:703  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:66:3:66:11 | untrusted | provenance | Src:MaD:703  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:68:3:68:51 | ...+... | provenance | Src:MaD:703  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:3:69:33 | slice literal | provenance | Src:MaD:703  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:24:69:32 | untrusted | provenance | Src:MaD:703  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:73:3:73:11 | untrusted | provenance | Src:MaD:703  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:75:3:75:51 | ...+... | provenance | Src:MaD:703  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:3:76:33 | slice literal | provenance | Src:MaD:703  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:24:76:32 | untrusted | provenance | Src:MaD:703  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:80:22:80:30 | untrusted | provenance | Src:MaD:703  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:81:25:81:33 | untrusted | provenance | Src:MaD:703  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:59:3:59:11 | untrusted | provenance | Src:MaD:757  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:61:3:61:51 | ...+... | provenance | Src:MaD:757  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:3:62:33 | slice literal | provenance | Src:MaD:757  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:24:62:32 | untrusted | provenance | Src:MaD:757  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:66:3:66:11 | untrusted | provenance | Src:MaD:757  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:68:3:68:51 | ...+... | provenance | Src:MaD:757  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:3:69:33 | slice literal | provenance | Src:MaD:757  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:24:69:32 | untrusted | provenance | Src:MaD:757  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:73:3:73:11 | untrusted | provenance | Src:MaD:757  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:75:3:75:51 | ...+... | provenance | Src:MaD:757  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:3:76:33 | slice literal | provenance | Src:MaD:757  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:24:76:32 | untrusted | provenance | Src:MaD:757  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:80:22:80:30 | untrusted | provenance | Src:MaD:757  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:81:25:81:33 | untrusted | provenance | Src:MaD:757  |
 | LDAPInjection.go:62:3:62:33 | slice literal [array] | LDAPInjection.go:62:3:62:33 | slice literal | provenance |  |
 | LDAPInjection.go:62:24:62:32 | untrusted | LDAPInjection.go:62:3:62:33 | slice literal [array] | provenance |  |
 | LDAPInjection.go:69:3:69:33 | slice literal [array] | LDAPInjection.go:69:3:69:33 | slice literal | provenance |  |
 
@@ -1,9 +1,9 @@
 edges
-| timing.go:15:18:15:27 | selection of Header | timing.go:15:18:15:45 | call to Get | provenance | MaD:684 |
+| timing.go:15:18:15:27 | selection of Header | timing.go:15:18:15:45 | call to Get | provenance | MaD:738 |
 | timing.go:15:18:15:45 | call to Get | timing.go:17:31:17:42 | headerSecret | provenance |  |
-| timing.go:28:18:28:27 | selection of Header | timing.go:28:18:28:45 | call to Get | provenance | MaD:684 |
+| timing.go:28:18:28:27 | selection of Header | timing.go:28:18:28:45 | call to Get | provenance | MaD:738 |
 | timing.go:28:18:28:45 | call to Get | timing.go:30:47:30:58 | headerSecret | provenance |  |
-| timing.go:41:18:41:27 | selection of Header | timing.go:41:18:41:45 | call to Get | provenance | MaD:684 |
+| timing.go:41:18:41:27 | selection of Header | timing.go:41:18:41:45 | call to Get | provenance | MaD:738 |
 | timing.go:41:18:41:45 | call to Get | timing.go:42:25:42:36 | headerSecret | provenance |  |
 nodes
 | timing.go:15:18:15:27 | selection of Header | semmle.label | selection of Header |
 
@@ -1,5 +1,5 @@
 edges
-| ImproperLdapAuth.go:18:18:18:24 | selection of URL | ImproperLdapAuth.go:18:18:18:32 | call to Query | provenance | MaD:764 |
+| ImproperLdapAuth.go:18:18:18:24 | selection of URL | ImproperLdapAuth.go:18:18:18:32 | call to Query | provenance | MaD:818 |
 | ImproperLdapAuth.go:18:18:18:32 | call to Query | ImproperLdapAuth.go:28:23:28:34 | bindPassword | provenance |  |
 | ImproperLdapAuth.go:87:18:87:19 | "" | ImproperLdapAuth.go:97:23:97:34 | bindPassword | provenance |  |
 nodes