github
diff --git a/‎go/ql/lib/ext/github.com.beego.beego.server.web.context.model.yml
Lines changed: 5 additions & 0 deletions b/‎go/ql/lib/ext/github.com.beego.beego.server.web.context.model.yml
Lines changed: 5 additions & 0 deletions
diff --git a/‎go/ql/lib/ext/github.com.beego.beego.server.web.model.yml
Lines changed: 6 additions & 0 deletions b/‎go/ql/lib/ext/github.com.beego.beego.server.web.model.yml
Lines changed: 6 additions & 0 deletions
diff --git a/‎go/ql/lib/ext/github.com.gin-gonic.gin.model.yml
Lines changed: 7 additions & 0 deletions b/‎go/ql/lib/ext/github.com.gin-gonic.gin.model.yml
Lines changed: 7 additions & 0 deletions
diff --git a/‎go/ql/lib/ext/github.com.gofiber.fiber.model.yml
Lines changed: 9 additions & 0 deletions b/‎go/ql/lib/ext/github.com.gofiber.fiber.model.yml
Lines changed: 9 additions & 0 deletions
diff --git a/‎go/ql/lib/ext/github.com.kataras.iris.context.model.yml
Lines changed: 17 additions & 0 deletions b/‎go/ql/lib/ext/github.com.kataras.iris.context.model.yml
Lines changed: 17 additions & 0 deletions
diff --git a/‎go/ql/lib/ext/github.com.labstack.echo.model.yml
Lines changed: 6 additions & 0 deletions b/‎go/ql/lib/ext/github.com.labstack.echo.model.yml
Lines changed: 6 additions & 0 deletions
diff --git a/‎go/ql/lib/ext/github.com.revel.revel.model.yml
Lines changed: 5 additions & 0 deletions b/‎go/ql/lib/ext/github.com.revel.revel.model.yml
Lines changed: 5 additions & 0 deletions
diff --git a/‎go/ql/lib/ext/github.com.spf13.afero.model.yml
Lines changed: 39 additions & 0 deletions b/‎go/ql/lib/ext/github.com.spf13.afero.model.yml
Lines changed: 39 additions & 0 deletions
diff --git a/‎go/ql/lib/ext/github.com.valyala.fasthttp.model.yml
Lines changed: 10 additions & 0 deletions b/‎go/ql/lib/ext/github.com.valyala.fasthttp.model.yml
Lines changed: 10 additions & 0 deletions
diff --git a/‎go/ql/lib/ext/io.ioutil.model.yml
Lines changed: 9 additions & 0 deletions b/‎go/ql/lib/ext/io.ioutil.model.yml
Lines changed: 9 additions & 0 deletions
@@ -6,6 +6,11 @@ extensions:
       - ["beego-context", "github.com/astaxie/beego/context"]
       - ["beego-context", "github.com/beego/beego/context"]
       - ["beego-context", "github.com/beego/beego/server/web/context"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["group:beego-context", "BeegoOutput", False, "Download", "", "", "Argument[0]", "path-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel
 
@@ -10,6 +10,7 @@ extensions:
       pack: codeql/go-all
       extensible: sinkModel
     data:
+      # log-injection
       - ["group:beego", "", False, "Alert", "", "", "Argument[0..1]", "log-injection", "manual"]
       - ["group:beego", "", False, "Critical", "", "", "Argument[0..1]", "log-injection", "manual"]
       - ["group:beego", "", False, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"]
@@ -21,6 +22,11 @@ extensions:
       - ["group:beego", "", False, "Trace", "", "", "Argument[0..1]", "log-injection", "manual"]
       - ["group:beego", "", False, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"]
       - ["group:beego", "", False, "Warning", "", "", "Argument[0..1]", "log-injection", "manual"]
+      # path-injection
+      - ["group:beego", "", False, "Walk", "", "", "Argument[1]", "path-injection", "manual"]
+      - ["group:beego", "Controller", False, "SaveToFile", "", "", "Argument[1]", "path-injection", "manual"]
+      - ["group:beego", "Controller", False, "SaveToFileWithBuffer", "", "", "Argument[1]", "path-injection", "manual"] # only exists in v2
+      - ["group:beego", "FileSystem", False, "Open", "", "", "Argument[0]", "path-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel
 
@@ -1,4 +1,11 @@
 extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/gin-gonic/gin", "Context", False, "File", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", False, "FileAttachment", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", False, "SaveUploadedFile", "", "", "Argument[1]", "path-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel
 
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/gofiber/fiber", "Ctx", False, "SendFile", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/gofiber/fiber", "Ctx", False, "Download", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/gofiber/fiber", "Ctx", False, "SaveFile", "", "", "Argument[1]", "path-injection", "manual"]
+      - ["github.com/gofiber/fiber", "Ctx", False, "SaveFileToStorage", "", "", "Argument[1]", "path-injection", "manual"] # does not exist in v1
@@ -0,0 +1,17 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: packageGrouping
+    data:
+      - ["iris-context", "github.com/kataras/iris/context"]
+      - ["iris-context", "github.com/kataras/iris/server/web/context"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["group:iris-context", "Context", True, "SendFile", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["group:iris-context", "Context", True, "ServeFile", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["group:iris-context", "Context", True, "SendFileWithRate", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["group:iris-context", "Context", True, "ServeFileWithRate", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["group:iris-context", "Context", True, "UploadFormFiles", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["group:iris-context", "Context", True, "SaveFormFile", "", "", "Argument[1]", "path-injection", "manual"]
@@ -1,4 +1,10 @@
 extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/labstack/echo", "Context", False, "Attachment", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/labstack/echo", "Context", False, "File", "", "", "Argument[0]", "path-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel
 
@@ -32,6 +32,11 @@ extensions:
       - ["group:revel", "Request", True, "UserAgent", "", "", "ReturnValue", "remote", "manual"]
       - ["group:revel", "ServerWebSocket", True, "MessageReceive", "", "", "Argument[0]", "remote", "manual"]
       - ["group:revel", "ServerWebSocket", True, "MessageReceiveJSON", "", "", "Argument[0]", "remote", "manual"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["group:revel", "Controller", True, "RenderFileName", "", "", "Argument[0]", "path-injection", "manual"] # we model this as a path-injection sink rather than extending HTTP::ResponseBody as this will usually mean exposing a user-controlled file rather than the actual contents being user-controlled.
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel
 
@@ -0,0 +1,39 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["github.com/spf13/afero", "HttpFs", False, "Create", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "HttpFs", False, "Open", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "HttpFs", False, "OpenFile", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "HttpFs", False, "Remove", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "HttpFs", False, "RemoveAll", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "MemMapFs", False, "Create", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "MemMapFs", False, "Open", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "MemMapFs", False, "OpenFile", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "MemMapFs", False, "Remove", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "MemMapFs", False, "RemoveAll", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "MemMapFs", False, "Mkdir", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "MemMapFs", False, "MkdirAll", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "OsFs", False, "Create", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "OsFs", False, "Open", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "OsFs", False, "OpenFile", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "OsFs", False, "ReadlinkIfPossible", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "OsFs", False, "Remove", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "OsFs", False, "RemoveAll", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "OsFs", False, "Mkdir", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "OsFs", False, "MkdirAll", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "ReadOnlyFs", False, "Create", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "ReadOnlyFs", False, "Open", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "ReadOnlyFs", False, "OpenFile", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "ReadOnlyFs", False, "ReadDir", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "ReadOnlyFs", False, "ReadlinkIfPossible", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "ReadOnlyFs", False, "Mkdir", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "ReadOnlyFs", False, "MkdirAll", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "RegexpFs", False, "Create", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "RegexpFs", False, "Open", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "RegexpFs", False, "OpenFile", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "RegexpFs", False, "Remove", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "RegexpFs", False, "RemoveAll", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "RegexpFs", False, "Mkdir", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/spf13/afero", "RegexpFs", False, "MkdirAll", "", "", "Argument[0]", "path-injection", "manual"]
@@ -3,6 +3,7 @@ extensions:
       pack: codeql/go-all
       extensible: sinkModel
     data:
+      # request-forgery
       - ["github.com/valyala/fasthttp", "", True, "Get", "", "", "Argument[1]", "request-forgery", "manual"]
       - ["github.com/valyala/fasthttp", "", True, "GetDeadline", "", "", "Argument[1]", "request-forgery", "manual"]
       - ["github.com/valyala/fasthttp", "", True, "GetTimeout", "", "", "Argument[1]", "request-forgery", "manual"]
@@ -28,6 +29,15 @@ extensions:
       - ["github.com/valyala/fasthttp", "TCPDialer", True, "DialDualStack", "", "", "Argument[0]", "request-forgery[TCP Addr + Port]", "manual"]
       - ["github.com/valyala/fasthttp", "TCPDialer", True, "DialDualStackTimeout", "", "", "Argument[0]", "request-forgery[TCP Addr + Port]", "manual"]
       - ["github.com/valyala/fasthttp", "TCPDialer", True, "DialTimeout", "", "", "Argument[0]", "request-forgery[TCP Addr + Port]", "manual"]
+      # path-injection
+      - ["github.com/valyala/fasthttp", "", False, "SaveMultipartFile", "", "", "Argument[1]", "path-injection", "manual"]
+      - ["github.com/valyala/fasthttp", "", False, "ServeFile", "", "", "Argument[1]", "path-injection", "manual"]
+      - ["github.com/valyala/fasthttp", "", False, "ServeFileBytes", "", "", "Argument[1]", "path-injection", "manual"]
+      - ["github.com/valyala/fasthttp", "", False, "ServeFileBytesUncompressed", "", "", "Argument[1]", "path-injection", "manual"]
+      - ["github.com/valyala/fasthttp", "", False, "ServeFileUncompressed", "", "", "Argument[1]", "path-injection", "manual"]
+      - ["github.com/valyala/fasthttp", "RequestCtx", False, "SendFile", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/valyala/fasthttp", "RequestCtx", False, "SendFileBytes", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["github.com/valyala/fasthttp", "Response", False, "SendFile", "", "", "Argument[0]", "path-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel
 
@@ -1,4 +1,13 @@
 extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["io/ioutil", "", False, "ReadDir", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["io/ioutil", "", False, "ReadFile", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["io/ioutil", "", False, "TempDir", "", "", "Argument[0..1]", "path-injection", "manual"]
+      - ["io/ioutil", "", False, "TempFile", "", "", "Argument[0..1]", "path-injection", "manual"]
+      - ["io/ioutil", "", False, "WriteFile", "", "", "Argument[0]", "path-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel