Split Jwt.qll into framework libraries, which makes more sense

Author: atorralba

go/ql/lib/go.qll

@@ -45,6 +45,7 @@ import semmle.go.frameworks.Fiber
 import semmle.go.frameworks.Gin
 import semmle.go.frameworks.GinCors
 import semmle.go.frameworks.Glog
+import semmle.go.frameworks.Gogf
 import semmle.go.frameworks.GoKit
 import semmle.go.frameworks.GoMicro
 import semmle.go.frameworks.GoRestfulHttp
@@ -61,6 +62,7 @@ import semmle.go.frameworks.Protobuf
 import semmle.go.frameworks.Revel
 import semmle.go.frameworks.Spew
 import semmle.go.frameworks.SQL
+import semmle.go.frameworks.Square
 import semmle.go.frameworks.Stdlib
 import semmle.go.frameworks.SystemCommandExecutors
 import semmle.go.frameworks.Testing

go/ql/lib/semmle/go/frameworks/Gin.qll

@@ -1,8 +1,9 @@
 /**
- * Provides classes for working with untrusted flow sources from the `github.com/gin-gonic/gin` package.
+ * Provides classes for working with the `github.com/gin-gonic/gin` package.
  */
 
 import go
+private import semmle.go.security.HardcodedCredentials
 
 private module Gin {
   /** Gets the package name `github.com/gin-gonic/gin`. */
@@ -75,4 +76,13 @@ private module Gin {
 
     override DataFlow::Node getAPathArgument() { result = this.getArgument(pathArg) }
   }
+
+  private class GinJwtSign extends HardcodedCredentials::Sink {
+    GinJwtSign() {
+      exists(Field f |
+        f.hasQualifiedName(package("github.com/appleboy/gin-jwt", ""), "GinJWTMiddleware", "Key") and
+        f.getAWrite().getRhs() = this
+      )
+    }
+  }
 }

go/ql/lib/semmle/go/frameworks/GoJose.qll

@@ -0,0 +1,24 @@
+/**
+ * Provides classes for working with the `github.com/square/go-jose`, `github.com/go-jose/go-jose`,
+ * and `gopkg.in/square-go-jose.v2` packages.
+ */
+
+import go
+private import semmle.go.security.HardcodedCredentials
+
+private module GoJose {
+  private class GoJoseKey extends HardcodedCredentials::Sink {
+    GoJoseKey() {
+      exists(Field f, string pkg |
+        pkg =
+          [
+            package("github.com/square/go-jose", ""), package("github.com/go-jose/go-jose", ""),
+            "gopkg.in/square/go-jose.v2"
+          ]
+      |
+        f.hasQualifiedName(pkg, ["Recipient", "SigningKey"], "Key") and
+        f.getAWrite().getRhs() = this
+      )
+    }
+  }
+}

go/ql/lib/semmle/go/frameworks/Gogf.qll

@@ -0,0 +1,17 @@
+/**
+ * Provides classes for working the `github.com/gogf` package.
+ */
+
+import go
+private import semmle.go.security.HardcodedCredentials
+
+private module Gogf {
+  private class GogfJwtSign extends HardcodedCredentials::Sink {
+    GogfJwtSign() {
+      exists(Field f |
+        f.hasQualifiedName(package("github.com/gogf/gf-jwt", ""), "GfJWTMiddleware", "Key") and
+        f.getAWrite().getRhs() = this
+      )
+    }
+  }
+}

go/ql/lib/semmle/go/frameworks/Iris.qll

@@ -3,6 +3,7 @@
  */
 
 import go
+private import semmle.go.security.HardcodedCredentials
 
 private module Iris {
   /** Gets the v1 module path `github.com/kataras/iris`. */
@@ -46,4 +47,13 @@ private module Iris {
 
     override DataFlow::Node getAPathArgument() { result = this.getArgument(pathArg) }
   }
+
+  private class IrisJwt extends HardcodedCredentials::Sink {
+    IrisJwt() {
+      exists(Field f |
+        f.hasQualifiedName(package("github.com/kataras/iris", "middleware/jwt"), "Signer", "Key") and
+        f.getAWrite().getRhs() = this
+      )
+    }
+  }
 }

go/ql/lib/semmle/go/security/HardcodedCredentials.qll

@@ -7,7 +7,6 @@
 import go
 private import semmle.go.StringOps
 private import semmle.go.dataflow.ExternalFlow
-private import semmle.go.security.Jwt
 
 /**
  * Provides default sources, sinks and sanitizers for reasoning about