github
diff --git a/‎go/ql/lib/ext/github.com.couchbase.gocb.model.yml
Lines changed: 30 additions & 0 deletions b/‎go/ql/lib/ext/github.com.couchbase.gocb.model.yml
Lines changed: 30 additions & 0 deletions
diff --git a/‎go/ql/lib/ext/github.com.go-jose.go-jose.jwt.model.yml
Lines changed: 21 additions & 0 deletions b/‎go/ql/lib/ext/github.com.go-jose.go-jose.jwt.model.yml
Lines changed: 21 additions & 0 deletions
diff --git a/‎go/ql/lib/ext/github.com.go-jose.go-jose.model.yml
Lines changed: 0 additions & 14 deletions b/‎go/ql/lib/ext/github.com.go-jose.go-jose.model.yml
Lines changed: 0 additions & 14 deletions
diff --git a/‎go/ql/lib/ext/github.com.golang.protobuf.proto.model.yml
Lines changed: 9 additions & 0 deletions b/‎go/ql/lib/ext/github.com.golang.protobuf.proto.model.yml
Lines changed: 9 additions & 0 deletions
diff --git a/‎go/ql/lib/ext/google.golang.org.protobuf.proto.model.yml
Lines changed: 0 additions & 4 deletions b/‎go/ql/lib/ext/google.golang.org.protobuf.proto.model.yml
Lines changed: 0 additions & 4 deletions
diff --git a/‎go/ql/lib/ext/gopkg.in.couchbase.gocb.model.yml
Lines changed: 0 additions & 59 deletions b/‎go/ql/lib/ext/gopkg.in.couchbase.gocb.model.yml
Lines changed: 0 additions & 59 deletions
diff --git a/‎go/ql/lib/ext/gopkg.in.square.go-jose.model.yml
Lines changed: 0 additions & 14 deletions b/‎go/ql/lib/ext/gopkg.in.square.go-jose.model.yml
Lines changed: 0 additions & 14 deletions
diff --git a/‎go/ql/test/experimental/CWE-090/LDAPInjection.expected
Lines changed: 14 additions & 14 deletions b/‎go/ql/test/experimental/CWE-090/LDAPInjection.expected
Lines changed: 14 additions & 14 deletions
diff --git a/‎go/ql/test/experimental/CWE-203/Timing.expected
Lines changed: 3 additions & 3 deletions b/‎go/ql/test/experimental/CWE-203/Timing.expected
Lines changed: 3 additions & 3 deletions
diff --git a/‎go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected
Lines changed: 1 addition & 1 deletion b/‎go/ql/test/experimental/CWE-287/ImproperLdapAuth.expected
Lines changed: 1 addition & 1 deletion
@@ -0,0 +1,30 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: packageGrouping
+    data:
+      - ["gocb", "github.com/couchbase/gocb"]
+      - ["gocb", "gopkg.in/couchbase/gocb"]
+      - ["gocb", "github.com/couchbaselabs/gocb"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: summaryModel
+    data:
+      - ["group:gocb", "", False, "NewAnalyticsQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "", False, "NewN1qlQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "AnalyticsQuery", True, "ContextId", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "AnalyticsQuery", True, "Deferred", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "AnalyticsQuery", True, "Pretty", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "AnalyticsQuery", True, "Priority", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "AnalyticsQuery", True, "RawParam", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "AnalyticsQuery", True, "ServerSideTimeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "AdHoc", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "Consistency", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "ConsistentWith", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "Custom", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "PipelineBatch", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "PipelineCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "Profile", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "ReadOnly", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "ScanCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "Timeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
@@ -0,0 +1,21 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: packageGrouping
+    data:
+      - ["go-jose/jwt", "github.com/go-jose/go-jose/jwt"]
+      - ["go-jose/jwt", "gopkg.in/square/go-jose/jwt"]
+      - ["go-jose/jwt", "github.com/square/go-jose/jwt"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["group:go-jose/jwt", "JSONWebToken", True, "UnsafeClaimsWithoutVerification", "", "", "Argument[receiver]", "jwt", "manual"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: summaryModel
+    data:
+      - ["group:go-jose/jwt", "", True, "ParseEncrypted", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
+      - ["group:go-jose/jwt", "", True, "ParseSigned", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
+      - ["group:go-jose/jwt", "NestedJSONWebToken", True, "ParseSignedAndEncrypted", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
+      - ["group:go-jose/jwt", "NestedJSONWebToken", True, "Decrypt", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: summaryModel
+    data:
+      - ["github.com/golang/protobuf/proto", "", False, "Clone", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["github.com/golang/protobuf/proto", "", False, "Marshal", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
+      - ["github.com/golang/protobuf/proto", "", False, "Merge", "", "", "Argument[1]", "Argument[0]", "taint", "manual"]
+      - ["github.com/golang/protobuf/proto", "", False, "Unmarshal", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
@@ -3,10 +3,6 @@ extensions:
       pack: codeql/go-all
       extensible: summaryModel
     data:
-      - ["github.com/golang/protobuf/proto", "", False, "Clone", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["github.com/golang/protobuf/proto", "", False, "Marshal", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
-      - ["github.com/golang/protobuf/proto", "", False, "Merge", "", "", "Argument[1]", "Argument[0]", "taint", "manual"]
-      - ["github.com/golang/protobuf/proto", "", False, "Unmarshal", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
       - ["google.golang.org/protobuf/proto", "", False, "Clone", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["google.golang.org/protobuf/proto", "", False, "Marshal", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
       - ["google.golang.org/protobuf/proto", "", False, "Merge", "", "", "Argument[1]", "Argument[0]", "taint", "manual"]
 
@@ -1,18 +1,18 @@
 edges
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:59:3:59:11 | untrusted | provenance | Src:MaD:770  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:61:3:61:51 | ...+... | provenance | Src:MaD:770  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:3:62:33 | slice literal | provenance | Src:MaD:770  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:24:62:32 | untrusted | provenance | Src:MaD:770  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:66:3:66:11 | untrusted | provenance | Src:MaD:770  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:68:3:68:51 | ...+... | provenance | Src:MaD:770  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:3:69:33 | slice literal | provenance | Src:MaD:770  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:24:69:32 | untrusted | provenance | Src:MaD:770  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:73:3:73:11 | untrusted | provenance | Src:MaD:770  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:75:3:75:51 | ...+... | provenance | Src:MaD:770  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:3:76:33 | slice literal | provenance | Src:MaD:770  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:24:76:32 | untrusted | provenance | Src:MaD:770  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:80:22:80:30 | untrusted | provenance | Src:MaD:770  |
-| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:81:25:81:33 | untrusted | provenance | Src:MaD:770  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:59:3:59:11 | untrusted | provenance | Src:MaD:735  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:61:3:61:51 | ...+... | provenance | Src:MaD:735  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:3:62:33 | slice literal | provenance | Src:MaD:735  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:62:24:62:32 | untrusted | provenance | Src:MaD:735  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:66:3:66:11 | untrusted | provenance | Src:MaD:735  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:68:3:68:51 | ...+... | provenance | Src:MaD:735  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:3:69:33 | slice literal | provenance | Src:MaD:735  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:69:24:69:32 | untrusted | provenance | Src:MaD:735  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:73:3:73:11 | untrusted | provenance | Src:MaD:735  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:75:3:75:51 | ...+... | provenance | Src:MaD:735  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:3:76:33 | slice literal | provenance | Src:MaD:735  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:76:24:76:32 | untrusted | provenance | Src:MaD:735  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:80:22:80:30 | untrusted | provenance | Src:MaD:735  |
+| LDAPInjection.go:57:15:57:29 | call to UserAgent | LDAPInjection.go:81:25:81:33 | untrusted | provenance | Src:MaD:735  |
 | LDAPInjection.go:62:3:62:33 | slice literal [array] | LDAPInjection.go:62:3:62:33 | slice literal | provenance |  |
 | LDAPInjection.go:62:24:62:32 | untrusted | LDAPInjection.go:62:3:62:33 | slice literal [array] | provenance |  |
 | LDAPInjection.go:69:3:69:33 | slice literal [array] | LDAPInjection.go:69:3:69:33 | slice literal | provenance |  |
 
@@ -1,9 +1,9 @@
 edges
-| timing.go:15:18:15:27 | selection of Header | timing.go:15:18:15:45 | call to Get | provenance | Src:MaD:776 MaD:751 |
+| timing.go:15:18:15:27 | selection of Header | timing.go:15:18:15:45 | call to Get | provenance | Src:MaD:741 MaD:716 |
 | timing.go:15:18:15:45 | call to Get | timing.go:17:31:17:42 | headerSecret | provenance |  |
-| timing.go:28:18:28:27 | selection of Header | timing.go:28:18:28:45 | call to Get | provenance | Src:MaD:776 MaD:751 |
+| timing.go:28:18:28:27 | selection of Header | timing.go:28:18:28:45 | call to Get | provenance | Src:MaD:741 MaD:716 |
 | timing.go:28:18:28:45 | call to Get | timing.go:30:47:30:58 | headerSecret | provenance |  |
-| timing.go:41:18:41:27 | selection of Header | timing.go:41:18:41:45 | call to Get | provenance | Src:MaD:776 MaD:751 |
+| timing.go:41:18:41:27 | selection of Header | timing.go:41:18:41:45 | call to Get | provenance | Src:MaD:741 MaD:716 |
 | timing.go:41:18:41:45 | call to Get | timing.go:42:25:42:36 | headerSecret | provenance |  |
 nodes
 | timing.go:15:18:15:27 | selection of Header | semmle.label | selection of Header |
 
@@ -1,5 +1,5 @@
 edges
-| ImproperLdapAuth.go:18:18:18:24 | selection of URL | ImproperLdapAuth.go:18:18:18:32 | call to Query | provenance | Src:MaD:778 MaD:839 |
+| ImproperLdapAuth.go:18:18:18:24 | selection of URL | ImproperLdapAuth.go:18:18:18:32 | call to Query | provenance | Src:MaD:743 MaD:804 |
 | ImproperLdapAuth.go:18:18:18:32 | call to Query | ImproperLdapAuth.go:28:23:28:34 | bindPassword | provenance |  |
 | ImproperLdapAuth.go:87:18:87:19 | "" | ImproperLdapAuth.go:97:23:97:34 | bindPassword | provenance |  |
 nodes