Revert "Convert gogf/gf sql-injection sinks to MaD"

This reverts commit db559f7.

Author: smowton

go/ql/lib/ext/github.com.gogf.gf.database.gdb.model.yml

@@ -81,6 +81,9 @@ module SQL {
     /** A string that might identify package `go-pg/pg/orm` or a specific version of it. */
     private string gopgorm() { result = package("github.com/go-pg/pg", "orm") }
 
+    /** A string that might identify package `github.com/gogf/gf/database/gdb` or a specific version of it. */
+    private string gogf() { result = package("github.com/gogf/gf", "database/gdb") }
+
     /**
      * A string argument to an API of `go-pg/pg` that is directly interpreted as SQL without
      * taking syntactic structure into account.
@@ -145,6 +148,46 @@ module SQL {
         )
       }
     }
+
+    /**
+     * A string argument to an API of `github.com/gogf/gf/database/gdb`, or a specific version of it, that is directly interpreted as SQL without
+     * taking syntactic structure into account.
+     */
+    private class GogfQueryString extends Range {
+      GogfQueryString() {
+        exists(Method m, string name | m.implements(gogf(), ["DB", "Core", "TX"], name) |
+          // func (c *Core) Exec(sql string, args ...interface{}) (result sql.Result, err error)
+          // func (c *Core) GetAll(sql string, args ...interface{}) (Result, error)
+          // func (c *Core) GetArray(sql string, args ...interface{}) ([]Value, error)
+          // func (c *Core) GetCount(sql string, args ...interface{}) (int, error)
+          // func (c *Core) GetOne(sql string, args ...interface{}) (Record, error)
+          // func (c *Core) GetValue(sql string, args ...interface{}) (Value, error)
+          // func (c *Core) Prepare(sql string, execOnMaster ...bool) (*Stmt, error)
+          // func (c *Core) Query(sql string, args ...interface{}) (rows *sql.Rows, err error)
+          // func (c *Core) Raw(rawSql string, args ...interface{}) *Model
+          name =
+            [
+              "Query", "Exec", "Prepare", "GetAll", "GetOne", "GetValue", "GetArray", "GetCount",
+              "Raw"
+            ] and
+          this = m.getACall().getArgument(0)
+          or
+          // func (c *Core) GetScan(pointer interface{}, sql string, args ...interface{}) error
+          // func (c *Core) GetStruct(pointer interface{}, sql string, args ...interface{}) error
+          // func (c *Core) GetStructs(pointer interface{}, sql string, args ...interface{}) error
+          name = ["GetScan", "GetStruct", "GetStructs"] and
+          this = m.getACall().getArgument(1)
+          or
+          // func (c *Core) DoCommit(ctx context.Context, link Link, sql string, args []interface{}) (newSql string, newArgs []interface{}, err error)
+          // func (c *Core) DoExec(ctx context.Context, link Link, sql string, args ...interface{}) (result sql.Result, err error)
+          // func (c *Core) DoGetAll(ctx context.Context, link Link, sql string, args ...interface{}) (result Result, err error)
+          // func (c *Core) DoPrepare(ctx context.Context, link Link, sql string) (*Stmt, error)
+          // func (c *Core) DoQuery(ctx context.Context, link Link, sql string, args ...interface{}) (rows *sql.Rows, err error)
+          name = ["DoGetAll", "DoQuery", "DoExec", "DoCommit", "DoPrepare"] and
+          this = m.getACall().getArgument(2)
+        )
+      }
+    }
   }
 
   /** A model for sinks of GORM. */

go/ql/lib/semmle/go/frameworks/SQL.qll

@@ -0,0 +1,47 @@
+| gogf.go:12:9:12:11 | sql |
+| gogf.go:13:11:13:13 | sql |
+| gogf.go:14:13:14:15 | sql |
+| gogf.go:15:13:15:15 | sql |
+| gogf.go:16:11:16:13 | sql |
+| gogf.go:17:13:17:15 | sql |
+| gogf.go:18:12:18:14 | sql |
+| gogf.go:19:10:19:12 | sql |
+| gogf.go:20:8:20:10 | sql |
+| gogf.go:21:17:21:19 | sql |
+| gogf.go:22:19:22:21 | sql |
+| gogf.go:23:20:23:22 | sql |
+| gogf.go:24:23:24:25 | sql |
+| gogf.go:25:21:25:23 | sql |
+| gogf.go:26:23:26:25 | sql |
+| gogf.go:27:22:27:24 | sql |
+| gogf.go:28:24:28:26 | sql |
+| gogf.go:32:9:32:11 | sql |
+| gogf.go:33:11:33:13 | sql |
+| gogf.go:34:13:34:15 | sql |
+| gogf.go:35:13:35:15 | sql |
+| gogf.go:36:11:36:13 | sql |
+| gogf.go:37:13:37:15 | sql |
+| gogf.go:38:12:38:14 | sql |
+| gogf.go:39:10:39:12 | sql |
+| gogf.go:40:8:40:10 | sql |
+| gogf.go:41:17:41:19 | sql |
+| gogf.go:42:23:42:25 | sql |
+| gogf.go:43:21:43:23 | sql |
+| gogf.go:44:23:44:25 | sql |
+| gogf.go:45:22:45:24 | sql |
+| gogf.go:46:24:46:26 | sql |
+| gogf.go:51:9:51:11 | sql |
+| gogf.go:52:11:52:13 | sql |
+| gogf.go:53:13:53:15 | sql |
+| gogf.go:54:13:54:15 | sql |
+| gogf.go:55:11:55:13 | sql |
+| gogf.go:56:13:56:15 | sql |
+| gogf.go:57:12:57:14 | sql |
+| gogf.go:58:10:58:12 | sql |
+| gogf.go:59:8:59:10 | sql |
+| gogf.go:60:17:60:19 | sql |
+| gogf.go:61:23:61:25 | sql |
+| gogf.go:62:21:62:23 | sql |
+| gogf.go:63:23:63:25 | sql |
+| gogf.go:64:22:64:24 | sql |
+| gogf.go:65:24:65:26 | sql |

go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/QueryString.expected

@@ -4,13 +4,11 @@ package main
 //go:generate depstubber -vendor github.com/gogf/gf/database/gdb DB,Core,TX ""
 
 import (
-	"context"
-
 	"github.com/gogf/gf/database/gdb"
 	"github.com/gogf/gf/frame/g"
 )
 
-func gogfCoreTest(sql string, c *gdb.Core, ctx context.Context) {
+func gogfCoreTest(sql string, c *gdb.Core) {
 	c.Exec(sql, nil)               // $ querystring=sql
 	c.GetAll(sql, nil)             // $ querystring=sql
 	c.GetArray(sql, nil)           // $ querystring=sql
@@ -23,14 +21,14 @@ func gogfCoreTest(sql string, c *gdb.Core, ctx context.Context) {
 	c.GetScan(nil, sql, nil)       // $ querystring=sql
 	c.GetStruct(nil, sql, nil)     // $ querystring=sql
 	c.GetStructs(nil, sql, nil)    // $ querystring=sql
-	c.DoCommit(ctx, nil, sql, nil) // $ querystring=sql
-	c.DoExec(ctx, nil, sql, nil)   // $ querystring=sql
-	c.DoGetAll(ctx, nil, sql, nil) // $ querystring=sql
-	c.DoQuery(ctx, nil, sql, nil)  // $ querystring=sql
-	c.DoPrepare(ctx, nil, sql)     // $ querystring=sql
+	c.DoCommit(nil, nil, sql, nil) // $ querystring=sql
+	c.DoExec(nil, nil, sql, nil)   // $ querystring=sql
+	c.DoGetAll(nil, nil, sql, nil) // $ querystring=sql
+	c.DoQuery(nil, nil, sql, nil)  // $ querystring=sql
+	c.DoPrepare(nil, nil, sql)     // $ querystring=sql
 }
 
-func gogfDbtest(sql string, c gdb.DB, ctx context.Context) {
+func gogfDbtest(sql string, c gdb.DB) {
 	c.Exec(sql, nil)               // $ querystring=sql
 	c.GetAll(sql, nil)             // $ querystring=sql
 	c.GetArray(sql, nil)           // $ querystring=sql
@@ -41,14 +39,14 @@ func gogfDbtest(sql string, c gdb.DB, ctx context.Context) {
 	c.Query(sql, nil)              // $ querystring=sql
 	c.Raw(sql, nil)                // $ querystring=sql
 	c.GetScan(nil, sql, nil)       // $ querystring=sql
-	c.DoCommit(ctx, nil, sql, nil) // $ querystring=sql
-	c.DoExec(ctx, nil, sql, nil)   // $ querystring=sql
-	c.DoGetAll(ctx, nil, sql, nil) // $ querystring=sql
-	c.DoQuery(ctx, nil, sql, nil)  // $ querystring=sql
-	c.DoPrepare(ctx, nil, sql)     // $ querystring=sql
+	c.DoCommit(nil, nil, sql, nil) // $ querystring=sql
+	c.DoExec(nil, nil, sql, nil)   // $ querystring=sql
+	c.DoGetAll(nil, nil, sql, nil) // $ querystring=sql
+	c.DoQuery(nil, nil, sql, nil)  // $ querystring=sql
+	c.DoPrepare(nil, nil, sql)     // $ querystring=sql
 }
 
-func gogfGTest(sql string, ctx context.Context) {
+func gogfGTest(sql string) {
 	c := g.DB("ad")
 	c.Exec(sql, nil)               // $ querystring=sql
 	c.GetAll(sql, nil)             // $ querystring=sql
@@ -60,11 +58,11 @@ func gogfGTest(sql string, ctx context.Context) {
 	c.Query(sql, nil)              // $ querystring=sql
 	c.Raw(sql, nil)                // $ querystring=sql
 	c.GetScan(nil, sql, nil)       // $ querystring=sql
-	c.DoCommit(ctx, nil, sql, nil) // $ querystring=sql
-	c.DoExec(ctx, nil, sql, nil)   // $ querystring=sql
-	c.DoGetAll(ctx, nil, sql, nil) // $ querystring=sql
-	c.DoQuery(ctx, nil, sql, nil)  // $ querystring=sql
-	c.DoPrepare(ctx, nil, sql)     // $ querystring=sql
+	c.DoCommit(nil, nil, sql, nil) // $ querystring=sql
+	c.DoExec(nil, nil, sql, nil)   // $ querystring=sql
+	c.DoGetAll(nil, nil, sql, nil) // $ querystring=sql
+	c.DoQuery(nil, nil, sql, nil)  // $ querystring=sql
+	c.DoPrepare(nil, nil, sql)     // $ querystring=sql
 }
 
 func main() {

go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/QueryString.ql

@@ -0,0 +1,4 @@
+import go
+
+from SQL::QueryString qs
+select qs