Skip to content

Commit 80ad349

Browse files
egregius313egregius313
committed
database/sql summary models for Row types
1 parent 8093d57 commit 80ad349

File tree

3 files changed

+3
-20
lines changed

3 files changed

+3
-20
lines changed

go/ql/lib/ext/database.sql.driver.model.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,5 +23,6 @@ extensions:
2323
data:
2424
- ["database/sql/driver", "Conn", True, "Prepare", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
2525
- ["database/sql/driver", "ConnPrepareContext", True, "PrepareContext", "", "", "Argument[1]", "ReturnValue[0]", "taint", "manual"]
26+
- ["database/sql/driver", "Rows", True, "Next", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
2627
- ["database/sql/driver", "ValueConverter", True, "ConvertValue", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
2728
- ["database/sql/driver", "Valuer", True, "Value", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]

go/ql/lib/ext/database.sql.model.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,8 @@ extensions:
5353
- ["database/sql", "Conn", True, "PrepareContext", "", "", "Argument[1]", "ReturnValue[0]", "taint", "manual"]
5454
- ["database/sql", "DB", True, "Prepare", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
5555
- ["database/sql", "DB", True, "PrepareContext", "", "", "Argument[1]", "ReturnValue[0]", "taint", "manual"]
56+
- ["database/sql", "Row", True, "Scan", "", "", "Argument[receiver]", "Argument[0].ArrayElement", "taint", "manual"]
57+
- ["database/sql", "Rows", True, "Scan", "", "", "Argument[receiver]", "Argument[0].ArrayElement", "taint", "manual"]
5658
- ["database/sql", "Scanner", True, "Scan", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"]
5759
- ["database/sql", "Tx", True, "Prepare", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
5860
- ["database/sql", "Tx", True, "PrepareContext", "", "", "Argument[1]", "ReturnValue[0]", "taint", "manual"]

go/ql/lib/semmle/go/frameworks/stdlib/DatabaseSql.qll

Lines changed: 0 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -66,24 +66,4 @@ module DatabaseSql {
6666
result = this.getReceiver().getAPredecessor*().(DataFlow::MethodCallNode).getAnArgument()
6767
}
6868
}
69-
70-
// These are expressed using TaintTracking::FunctionModel because varargs functions don't work with Models-as-Data sumamries yet.
71-
private class SqlMethodModels extends TaintTracking::FunctionModel, Method {
72-
FunctionInput inp;
73-
FunctionOutput outp;
74-
75-
SqlMethodModels() {
76-
// signature: func (*Row) Scan(dest ...interface{}) error
77-
this.hasQualifiedName("database/sql", "Row", "Scan") and
78-
(inp.isReceiver() and outp.isParameter(_))
79-
or
80-
// signature: func (*Rows) Scan(dest ...interface{}) error
81-
this.hasQualifiedName("database/sql", "Rows", "Scan") and
82-
(inp.isReceiver() and outp.isParameter(_))
83-
}
84-
85-
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
86-
input = inp and output = outp
87-
}
88-
}
8969
}

0 commit comments

Comments
 (0)