Revert "Convert Bun sql-injection sinks to MaD"

This reverts commit 3eb5b26.

Author: smowton

go/ql/lib/ext/github.com.uptrace.bun.model.yml

@@ -167,8 +167,45 @@ module Xorm {
 }
 
 /**
- * DEPRECATED
- *
  * Provides classes for working with the [Bun](https://bun.uptrace.dev/) package.
  */
-deprecated module Bun { }
+module Bun {
+  /** Gets the package name for Bun package. */
+  private string packagePath() { result = package("github.com/uptrace/bun", "") }
+
+  /** A model for sinks of Bun. */
+  private class BunSink extends SQL::QueryString::Range {
+    BunSink() {
+      exists(Function f, string m, int arg | this = f.getACall().getArgument(arg) |
+        f.hasQualifiedName(packagePath(), m) and
+        m = "NewRawQuery" and
+        arg = 1
+      )
+      or
+      exists(Method f, string tp, string m, int arg | this = f.getACall().getArgument(arg) |
+        f.hasQualifiedName(packagePath(), tp, m) and
+        (
+          tp = ["DB", "Conn"] and
+          m = ["ExecContext", "PrepareContext", "QueryContext", "QueryRowContext"] and
+          arg = 1
+          or
+          tp = ["DB", "Conn"] and
+          m = ["Exec", "NewRaw", "Prepare", "Query", "QueryRow", "Raw"] and
+          arg = 0
+          or
+          tp.matches("%Query") and
+          m =
+            [
+              "ColumnExpr", "DistinctOn", "For", "GroupExpr", "Having", "ModelTableExpr",
+              "OrderExpr", "TableExpr", "Where", "WhereOr"
+            ] and
+          arg = 0
+          or
+          tp = "RawQuery" and
+          m = "NewRaw" and
+          arg = 0
+        )
+      )
+    }
+  }
+}

go/ql/lib/semmle/go/frameworks/SQL.qll

@@ -22,28 +22,28 @@ func main() {
 		panic(err)
 	}
 	db := bun.NewDB(sqlite, sqlitedialect.New())
-	bun.NewRawQuery(db, untrusted) // $ querystring=untrusted
-
-	db.ExecContext(ctx, untrusted)     // $ querystring=untrusted
-	db.PrepareContext(ctx, untrusted)  // $ querystring=untrusted
-	db.QueryContext(ctx, untrusted)    // $ querystring=untrusted
-	db.QueryRowContext(ctx, untrusted) // $ querystring=untrusted
-
-	db.Exec(untrusted)     // $ querystring=untrusted
-	db.NewRaw(untrusted)   // $ querystring=untrusted
-	db.Prepare(untrusted)  // $ querystring=untrusted
-	db.Query(untrusted)    // $ querystring=untrusted
-	db.QueryRow(untrusted) // $ querystring=untrusted
-	db.Raw(untrusted)      // $ querystring=untrusted
-
-	db.NewSelect().ColumnExpr(untrusted)     // $ querystring=untrusted
-	db.NewSelect().DistinctOn(untrusted)     // $ querystring=untrusted
-	db.NewSelect().For(untrusted)            // $ querystring=untrusted
-	db.NewSelect().GroupExpr(untrusted)      // $ querystring=untrusted
-	db.NewSelect().Having(untrusted)         // $ querystring=untrusted
-	db.NewSelect().ModelTableExpr(untrusted) // $ querystring=untrusted
-	db.NewSelect().OrderExpr(untrusted)      // $ querystring=untrusted
-	db.NewSelect().TableExpr(untrusted)      // $ querystring=untrusted
-	db.NewSelect().Where(untrusted)          // $ querystring=untrusted
-	db.NewSelect().WhereOr(untrusted)        // $ querystring=untrusted
+	bun.NewRawQuery(db, untrusted)
+
+	db.ExecContext(ctx, untrusted)
+	db.PrepareContext(ctx, untrusted)
+	db.QueryContext(ctx, untrusted)
+	db.QueryRowContext(ctx, untrusted)
+
+	db.Exec(untrusted)
+	db.NewRaw(untrusted)
+	db.Prepare(untrusted)
+	db.Query(untrusted)
+	db.QueryRow(untrusted)
+	db.Raw(untrusted)
+
+	db.NewSelect().ColumnExpr(untrusted)
+	db.NewSelect().DistinctOn(untrusted)
+	db.NewSelect().For(untrusted)
+	db.NewSelect().GroupExpr(untrusted)
+	db.NewSelect().Having(untrusted)
+	db.NewSelect().ModelTableExpr(untrusted)
+	db.NewSelect().OrderExpr(untrusted)
+	db.NewSelect().TableExpr(untrusted)
+	db.NewSelect().Where(untrusted)
+	db.NewSelect().WhereOr(untrusted)
 }