Merge pull request #17242 from owen-mc/go/mad/convert-sink-4

 Go: convert sql-injection and nosql-injection sinks to use models-as-data

Author: owen-mc

go/ql/lib/ext/database.sql.driver.model.yml

@@ -1,4 +1,14 @@
 extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["database/sql/driver", "Execer", False, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["database/sql/driver", "ExecerContext", False, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["database/sql/driver", "Conn", False, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["database/sql/driver", "ConnPrepareContext", False, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["database/sql/driver", "Queryer", False, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["database/sql/driver", "QueryerContext", False, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel

go/ql/lib/ext/database.sql.model.yml

@@ -1,4 +1,32 @@
 extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["database/sql", "Conn", False, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["database/sql", "Conn", False, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["database/sql", "Conn", False, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["database/sql", "Conn", False, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["database/sql", "Conn", False, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["database/sql", "Conn", False, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["database/sql", "Conn", False, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["database/sql", "Conn", False, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["database/sql", "DB", False, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["database/sql", "DB", False, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["database/sql", "DB", False, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["database/sql", "DB", False, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["database/sql", "DB", False, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["database/sql", "DB", False, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["database/sql", "DB", False, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["database/sql", "DB", False, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["database/sql", "Tx", False, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["database/sql", "Tx", False, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["database/sql", "Tx", False, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["database/sql", "Tx", False, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["database/sql", "Tx", False, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["database/sql", "Tx", False, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["database/sql", "Tx", False, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["database/sql", "Tx", False, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel

go/ql/lib/ext/github.com.beego.beego.client.orm.model.yml

@@ -0,0 +1,42 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: packageGrouping
+    data:
+      - ["beego-orm", "github.com/beego/beego/client/orm"]
+      - ["beego-orm", "github.com/astaxie/beego/orm"]
+      - ["beego-orm", "github.com/beego/beego/orm"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["group:beego-orm", "Condition", False, "Raw", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["group:beego-orm", "DB", False, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:beego-orm", "DB", False, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["group:beego-orm", "DB", False, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:beego-orm", "DB", False, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["group:beego-orm", "DB", False, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:beego-orm", "DB", False, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["group:beego-orm", "DB", False, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:beego-orm", "DB", False, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["group:beego-orm", "Ormer", False, "Raw", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:beego-orm", "QueryBuilder", False, "And", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:beego-orm", "QueryBuilder", False, "Delete", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:beego-orm", "QueryBuilder", False, "From", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:beego-orm", "QueryBuilder", False, "GroupBy", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:beego-orm", "QueryBuilder", False, "Having", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:beego-orm", "QueryBuilder", False, "In", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:beego-orm", "QueryBuilder", False, "InnerJoin", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:beego-orm", "QueryBuilder", False, "InsertInto", "", "", "Argument[0..1]", "sql-injection", "manual"]
+      - ["group:beego-orm", "QueryBuilder", False, "LeftJoin", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:beego-orm", "QueryBuilder", False, "On", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:beego-orm", "QueryBuilder", False, "Or", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:beego-orm", "QueryBuilder", False, "OrderBy", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:beego-orm", "QueryBuilder", False, "RightJoin", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:beego-orm", "QueryBuilder", False, "Select", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:beego-orm", "QueryBuilder", False, "Set", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:beego-orm", "QueryBuilder", False, "Subquery", "", "", "Argument[0..1]", "sql-injection", "manual"]
+      - ["group:beego-orm", "QueryBuilder", False, "Update", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:beego-orm", "QueryBuilder", False, "Values", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:beego-orm", "QueryBuilder", False, "Where", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:beego-orm", "QuerySeter", False, "FilterRaw", "", "", "Argument[1]", "sql-injection", "manual"]

go/ql/lib/ext/github.com.couchbase.gocb.model.yml

@@ -3,28 +3,43 @@ extensions:
       pack: codeql/go-all
       extensible: packageGrouping
     data:
-      - ["gocb", "github.com/couchbase/gocb"]
-      - ["gocb", "gopkg.in/couchbase/gocb"]
-      - ["gocb", "github.com/couchbaselabs/gocb"]
+      - ["gocb1", "fixed-version:github.com/couchbase/gocb"]
+      - ["gocb1", "fixed-version:gopkg.in/couchbase/gocb.v1"]
+      - ["gocb1", "fixed-version:github.com/couchbaselabs/gocb"]
+      - ["gocb2", "github.com/couchbase/gocb/v2"]
+      - ["gocb2", "gopkg.in/couchbase/gocb.v2"]
+      - ["gocb2", "github.com/couchbaselabs/gocb/v2"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["group:gocb1", "Bucket", True, "ExecuteN1qlQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
+      - ["group:gocb1", "Bucket", True, "ExecuteAnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
+      - ["group:gocb1", "Cluster", True, "ExecuteN1qlQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
+      - ["group:gocb1", "Cluster", True, "ExecuteAnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
+      - ["group:gocb2", "Cluster", True, "AnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
+      - ["group:gocb2", "Cluster", True, "Query", "", "", "Argument[0]", "nosql-injection", "manual"]
+      - ["group:gocb2", "Scope", True, "AnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
+      - ["group:gocb2", "Scope", True, "Query", "", "", "Argument[0]", "nosql-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel
     data:
-      - ["group:gocb", "", False, "NewAnalyticsQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "", False, "NewN1qlQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "AnalyticsQuery", True, "ContextId", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "AnalyticsQuery", True, "Deferred", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "AnalyticsQuery", True, "Pretty", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "AnalyticsQuery", True, "Priority", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "AnalyticsQuery", True, "RawParam", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "AnalyticsQuery", True, "ServerSideTimeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "N1qlQuery", True, "AdHoc", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "N1qlQuery", True, "Consistency", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "N1qlQuery", True, "ConsistentWith", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "N1qlQuery", True, "Custom", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "N1qlQuery", True, "PipelineBatch", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "N1qlQuery", True, "PipelineCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "N1qlQuery", True, "Profile", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "N1qlQuery", True, "ReadOnly", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "N1qlQuery", True, "ScanCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "N1qlQuery", True, "Timeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "", False, "NewAnalyticsQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "", False, "NewN1qlQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "AnalyticsQuery", True, "ContextId", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "AnalyticsQuery", True, "Deferred", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "AnalyticsQuery", True, "Pretty", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "AnalyticsQuery", True, "Priority", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "AnalyticsQuery", True, "RawParam", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "AnalyticsQuery", True, "ServerSideTimeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "N1qlQuery", True, "AdHoc", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "N1qlQuery", True, "Consistency", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "N1qlQuery", True, "ConsistentWith", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "N1qlQuery", True, "Custom", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "N1qlQuery", True, "PipelineBatch", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "N1qlQuery", True, "PipelineCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "N1qlQuery", True, "Profile", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "N1qlQuery", True, "ReadOnly", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "N1qlQuery", True, "ScanCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "N1qlQuery", True, "Timeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]

go/ql/lib/ext/github.com.gogf.gf.database.gdb.model.yml

@@ -0,0 +1,57 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      # These models are for v1. Some of them hold for v2, but we should model v2 properly.
+      - ["github.com/gogf/gf/database/gdb", "Core", True, "DoCommit", "", "", "Argument[2]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Core", True, "DoExec", "", "", "Argument[2]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Core", True, "DoGetAll", "", "", "Argument[2]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Core", True, "DoQuery", "", "", "Argument[2]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Core", True, "DoPrepare", "", "", "Argument[2]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Core", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Core", True, "GetAll", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Core", True, "GetArray", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Core", True, "GetCount", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Core", True, "GetOne", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Core", True, "GetScan", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Core", True, "GetStruct", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Core", True, "GetStructs", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Core", True, "GetValue", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Core", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Core", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Core", True, "Raw", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "DB", True, "DoCommit", "", "", "Argument[2]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "DB", True, "DoExec", "", "", "Argument[2]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "DB", True, "DoGetAll", "", "", "Argument[2]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "DB", True, "DoQuery", "", "", "Argument[2]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "DB", True, "DoPrepare", "", "", "Argument[2]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "DB", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "DB", True, "GetAll", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "DB", True, "GetArray", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "DB", True, "GetCount", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "DB", True, "GetOne", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "DB", True, "GetScan", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "DB", True, "GetStruct", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "DB", True, "GetStructs", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "DB", True, "GetValue", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "DB", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "DB", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "DB", True, "Raw", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Tx", True, "DoCommit", "", "", "Argument[2]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Tx", True, "DoExec", "", "", "Argument[2]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Tx", True, "DoGetAll", "", "", "Argument[2]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Tx", True, "DoQuery", "", "", "Argument[2]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Tx", True, "DoPrepare", "", "", "Argument[2]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Tx", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Tx", True, "GetAll", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Tx", True, "GetArray", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Tx", True, "GetCount", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Tx", True, "GetOne", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Tx", True, "GetScan", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Tx", True, "GetStruct", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Tx", True, "GetStructs", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Tx", True, "GetValue", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Tx", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Tx", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["github.com/gogf/gf/database/gdb", "Tx", True, "Raw", "", "", "Argument[0]", "sql-injection", "manual"]