Revert "Convert gocb nosql-injection sinks to MaD"

smowton · smowton · commit 437df5c2a5f9 · 2024-08-24T17:42:45.000+01:00
This reverts commit 2d2afb1.
diff --git a/go/ql/lib/ext/github.com.couchbase.gocb.model.yml b/go/ql/lib/ext/github.com.couchbase.gocb.model.yml
@@ -3,43 +3,28 @@ extensions:
       pack: codeql/go-all
       extensible: packageGrouping
     data:
-      - ["gocb1", "fixed-version:github.com/couchbase/gocb"]
-      - ["gocb1", "fixed-version:gopkg.in/couchbase/gocb.v1"]
-      - ["gocb1", "fixed-version:github.com/couchbaselabs/gocb"]
-      - ["gocb2", "github.com/couchbase/gocb/v2"]
-      - ["gocb2", "gopkg.in/couchbase/gocb.v2"]
-      - ["gocb2", "github.com/couchbaselabs/gocb/v2"]
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["group:gocb1", "Bucket", True, "ExecuteN1qlQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
-      - ["group:gocb1", "Bucket", True, "ExecuteAnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
-      - ["group:gocb1", "Cluster", True, "ExecuteN1qlQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
-      - ["group:gocb1", "Cluster", True, "ExecuteAnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
-      - ["group:gocb2", "Cluster", True, "AnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
-      - ["group:gocb2", "Cluster", True, "Query", "", "", "Argument[0]", "nosql-injection", "manual"]
-      - ["group:gocb2", "Scope", True, "AnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
-      - ["group:gocb2", "Scope", True, "Query", "", "", "Argument[0]", "nosql-injection", "manual"]
+      - ["gocb", "github.com/couchbase/gocb"]
+      - ["gocb", "gopkg.in/couchbase/gocb"]
+      - ["gocb", "github.com/couchbaselabs/gocb"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel
     data:
-      - ["group:gocb1", "", False, "NewAnalyticsQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "", False, "NewN1qlQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "AnalyticsQuery", True, "ContextId", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "AnalyticsQuery", True, "Deferred", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "AnalyticsQuery", True, "Pretty", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "AnalyticsQuery", True, "Priority", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "AnalyticsQuery", True, "RawParam", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "AnalyticsQuery", True, "ServerSideTimeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "N1qlQuery", True, "AdHoc", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "N1qlQuery", True, "Consistency", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "N1qlQuery", True, "ConsistentWith", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "N1qlQuery", True, "Custom", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "N1qlQuery", True, "PipelineBatch", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "N1qlQuery", True, "PipelineCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "N1qlQuery", True, "Profile", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "N1qlQuery", True, "ReadOnly", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "N1qlQuery", True, "ScanCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "N1qlQuery", True, "Timeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "", False, "NewAnalyticsQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "", False, "NewN1qlQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "AnalyticsQuery", True, "ContextId", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "AnalyticsQuery", True, "Deferred", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "AnalyticsQuery", True, "Pretty", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "AnalyticsQuery", True, "Priority", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "AnalyticsQuery", True, "RawParam", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "AnalyticsQuery", True, "ServerSideTimeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "AdHoc", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "Consistency", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "ConsistentWith", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "Custom", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "PipelineBatch", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "PipelineCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "Profile", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "ReadOnly", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "ScanCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "Timeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
diff --git a/go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml b/go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml
@@ -3,7 +3,6 @@ extensions:
       pack: codeql/go-all
       extensible: sinkModel
     data:
-      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Aggregate", "", "", "Argument[1]", "nosql-injection", "manual"]
       - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "CountDocuments", "", "", "Argument[1]", "nosql-injection", "manual"]
       - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "DeleteMany", "", "", "Argument[1]", "nosql-injection", "manual"]
       - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "DeleteOne", "", "", "Argument[1]", "nosql-injection", "manual"]
@@ -17,3 +16,4 @@ extensions:
       - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "UpdateMany", "", "", "Argument[1]", "nosql-injection", "manual"]
       - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "UpdateOne", "", "", "Argument[1]", "nosql-injection", "manual"]
       - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Watch", "", "", "Argument[1]", "nosql-injection", "manual"]
+      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Aggregate", "", "", "Argument[1]", "nosql-injection", "manual"]
diff --git a/go/ql/lib/semmle/go/frameworks/Couchbase.qll b/go/ql/lib/semmle/go/frameworks/Couchbase.qll
@@ -5,23 +5,57 @@
 import go
 
 /**
- * DEPRECATED
- *
  * Provides models of commonly used functions in the official Couchbase Go SDK library.
  */
-deprecated module Couchbase {
+module Couchbase {
   /**
-   * DEPRECATED
-   *
    * Gets a package path for the official Couchbase Go SDK library.
    *
    * Note that v1 and v2 have different APIs, but the names are disjoint so there is no need to
    * distinguish between them.
    */
-  deprecated string packagePath() {
+  string packagePath() {
     result =
       package([
           "gopkg.in/couchbase/gocb", "github.com/couchbase/gocb", "github.com/couchbaselabs/gocb"
         ], "")
   }
+
+  /**
+   * A query used in an API function acting on a `Bucket` or `Cluster` struct of v1 of
+   * the official Couchbase Go library, gocb.
+   */
+  private class CouchbaseV1Query extends NoSql::Query::Range {
+    CouchbaseV1Query() {
+      // func (b *Bucket) ExecuteAnalyticsQuery(q *AnalyticsQuery, params interface{}) (AnalyticsResults, error)
+      // func (b *Bucket) ExecuteN1qlQuery(q *N1qlQuery, params interface{}) (QueryResults, error)
+      // func (c *Cluster) ExecuteAnalyticsQuery(q *AnalyticsQuery, params interface{}) (AnalyticsResults, error)
+      // func (c *Cluster) ExecuteN1qlQuery(q *N1qlQuery, params interface{}) (QueryResults, error)
+      exists(Method meth, string structName, string methodName |
+        structName in ["Bucket", "Cluster"] and
+        methodName in ["ExecuteN1qlQuery", "ExecuteAnalyticsQuery"] and
+        meth.hasQualifiedName(packagePath(), structName, methodName) and
+        this = meth.getACall().getArgument(0)
+      )
+    }
+  }
+
+  /**
+   * A query used in an API function acting on a `Bucket` or `Cluster` struct of v1 of
+   * the official Couchbase Go library, gocb.
+   */
+  private class CouchbaseV2Query extends NoSql::Query::Range {
+    CouchbaseV2Query() {
+      // func (c *Cluster) AnalyticsQuery(statement string, opts *AnalyticsOptions) (*AnalyticsResult, error)
+      // func (c *Cluster) Query(statement string, opts *QueryOptions) (*QueryResult, error)
+      // func (s *Scope) AnalyticsQuery(statement string, opts *AnalyticsOptions) (*AnalyticsResult, error)
+      // func (s *Scope) Query(statement string, opts *QueryOptions) (*QueryResult, error)
+      exists(Method meth, string structName, string methodName |
+        structName in ["Cluster", "Scope"] and
+        methodName in ["AnalyticsQuery", "Query"] and
+        meth.hasQualifiedName(packagePath(), structName, methodName) and
+        this = meth.getACall().getArgument(0)
+      )
+    }
+  }
 }
diff --git a/go/ql/lib/semmle/go/frameworks/NoSQL.qll b/go/ql/lib/semmle/go/frameworks/NoSQL.qll
@@ -31,6 +31,82 @@ module NoSql {
         )
       }
     }
+    //   /**
+    //    * Holds if method `name` of struct `Collection` from package
+    //    * [go.mongodb.org/mongo-driver/mongo](https://pkg.go.dev/go.mongodb.org/mongo-driver/mongo)
+    //    * interprets parameter `n` as a query.
+    //    */
+    //   private predicate mongoDbCollectionMethod(string name, int n) {
+    //     // func (coll *Collection) CountDocuments(ctx context.Context, filter interface{},
+    //     //                                        opts ...*options.CountOptions) (int64, error)
+    //     name = "CountDocuments" and n = 1
+    //     or
+    //     // func (coll *Collection) DeleteMany(ctx context.Context, filter interface{},
+    //     //                                    opts ...*options.DeleteOptions) (*DeleteResult, error)
+    //     name = "DeleteMany" and n = 1
+    //     or
+    //     // func (coll *Collection) DeleteOne(ctx context.Context, filter interface{},
+    //     //                                   opts ...*options.DeleteOptions) (*DeleteResult, error)
+    //     name = "DeleteOne" and n = 1
+    //     or
+    //     // func (coll *Collection) Distinct(ctx context.Context, fieldName string, filter interface{},
+    //     //                                  ...) ([]interface{}, error)
+    //     name = "Distinct" and n = 2
+    //     or
+    //     // func (coll *Collection) Find(ctx context.Context, filter interface{},
+    //     //                              opts ...*options.FindOptions) (*Cursor, error)
+    //     name = "Find" and n = 1
+    //     or
+    //     // func (coll *Collection) FindOne(ctx context.Context, filter interface{},
+    //     //                                 opts ...*options.FindOneOptions) *SingleResult
+    //     name = "FindOne" and n = 1
+    //     or
+    //     // func (coll *Collection) FindOneAndDelete(ctx context.Context, filter interface{}, ...)
+    //     //                                         *SingleResult
+    //     name = "FindOneAndDelete" and n = 1
+    //     or
+    //     // func (coll *Collection) FindOneAndReplace(ctx context.Context, filter interface{},
+    //     //                                           replacement interface{}, ...) *SingleResult
+    //     name = "FindOneAndReplace" and n = 1
+    //     or
+    //     // func (coll *Collection) FindOneAndUpdate(ctx context.Context, filter interface{},
+    //     //                                          update interface{}, ...) *SingleResult
+    //     name = "FindOneAndUpdate" and n = 1
+    //     or
+    //     // func (coll *Collection) ReplaceOne(ctx context.Context, filter interface{},
+    //     //                                    replacement interface{}, ...) (*UpdateResult, error)
+    //     name = "ReplaceOne" and n = 1
+    //     or
+    //     // func (coll *Collection) UpdateMany(ctx context.Context, filter interface{},
+    //     //                                    update interface{}, ...) (*UpdateResult, error)
+    //     name = "UpdateMany" and n = 1
+    //     or
+    //     // func (coll *Collection) UpdateOne(ctx context.Context, filter interface{},
+    //     //                                   update interface{}, ...) (*UpdateResult, error)
+    //     name = "UpdateOne" and n = 1
+    //     or
+    //     // func (coll *Collection) Watch(ctx context.Context, pipeline interface{}, ...)
+    //     //                              (*ChangeStream, error)
+    //     name = "Watch" and n = 1
+    //     or
+    //     // func (coll *Collection) Aggregate(ctx context.Context, pipeline interface{},
+    //     //                                   opts ...*options.AggregateOptions) (*Cursor, error)
+    //     name = "Aggregate" and n = 1
+    //   }
+    //   /**
+    //    * A query used in an API function acting on a `Collection` struct of package
+    //    * [go.mongodb.org/mongo-driver/mongo](https://pkg.go.dev/go.mongodb.org/mongo-driver/mongo).
+    //    */
+    //   private class MongoDbCollectionQuery extends Range {
+    //     MongoDbCollectionQuery() {
+    //       exists(Method meth, string methodName, int n |
+    //         mongoDbCollectionMethod(methodName, n) and
+    //         meth.hasQualifiedName(package("go.mongodb.org/mongo-driver", "mongo"), "Collection",
+    //           methodName) and
+    //         this = meth.getACall().getArgument(n)
+    //       )
+    //     }
+    //   }
   }
 
   /**
