Merge pull request #17113 from owen-mc/go/xmlpath/add-more-package-paths

Go: add more import paths for `xmlpath`

Author: owen-mc

go/ql/lib/ext/github.com.go-xmlpath.xmlpath.model.yml

@@ -1,7 +1,18 @@
 extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: packageGrouping
+    data:
+      - ["xmlpath", "gopkg.in/xmlpath"]
+      - ["xmlpath", "github.com/go-xmlpath/xmlpath"]
+      - ["xmlpath", "github.com/crankycoder/xmlpath"]
+      - ["xmlpath", "launchpad.net/xmlpath"]
+      - ["xmlpath", "github.com/masterzen/xmlpath"]
+      - ["xmlpath", "github.com/going/toolkit/xmlpath"]
+      - ["xmlpath", "gopkg.in/go-xmlpath/xmlpath"]
   - addsTo:
       pack: codeql/go-all
       extensible: sinkModel
     data:
-      - ["github.com/go-xmlpath/xmlpath", "", True, "Compile", "", "", "Argument[0]", "xpath-injection", "manual"]
-      - ["github.com/go-xmlpath/xmlpath", "", True, "MustCompile", "", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["group:xmlpath", "", True, "Compile", "", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["group:xmlpath", "", True, "MustCompile", "", "", "Argument[0]", "xpath-injection", "manual"]

go/ql/lib/semmle/go/frameworks/XPath.qll

@@ -43,6 +43,11 @@ deprecated module XmlPath {
    * Gets the package name `github.com/go-xmlpath/xmlpath` or `gopkg.in/xmlpath`.
    */
   deprecated string packagePath() {
-    result = package(["github.com/go-xmlpath/xmlpath", "gopkg.in/xmlpath"], "")
+    result =
+      package([
+          "github.com/go-xmlpath/xmlpath", "gopkg.in/xmlpath", "github.com/crankycoder/xmlpath",
+          "launchpad.net/xmlpath", "github.com/masterzen/xmlpath",
+          "github.com/going/toolkit/xmlpath", "gopkg.in/go-xmlpath/xmlpath"
+        ], "")
   }
 }

go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected

@@ -124,8 +124,20 @@ models
 | 21 | Sink: github.com/ChrisTrenkamp/goxpath; ; true; MustParse; ; ; Argument[0]; xpath-injection; manual |
 | 22 | Sink: github.com/ChrisTrenkamp/goxpath; ; true; Parse; ; ; Argument[0]; xpath-injection; manual |
 | 23 | Sink: github.com/ChrisTrenkamp/goxpath; ; true; ParseExec; ; ; Argument[0]; xpath-injection; manual |
+| 24 | Sink: github.com/crankycoder/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
 | 24 | Sink: github.com/go-xmlpath/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
+| 24 | Sink: github.com/going/toolkit/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
+| 24 | Sink: github.com/masterzen/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
+| 24 | Sink: gopkg.in/go-xmlpath/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
+| 24 | Sink: gopkg.in/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
+| 24 | Sink: launchpad.net/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
+| 25 | Sink: github.com/crankycoder/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
 | 25 | Sink: github.com/go-xmlpath/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
+| 25 | Sink: github.com/going/toolkit/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
+| 25 | Sink: github.com/masterzen/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
+| 25 | Sink: gopkg.in/go-xmlpath/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
+| 25 | Sink: gopkg.in/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
+| 25 | Sink: launchpad.net/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
 | 26 | Sink: github.com/jbowtie/gokogiri/xpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
 | 27 | Sink: github.com/jbowtie/gokogiri/xml; Node; true; Search; ; ; Argument[0]; xpath-injection; manual |
 | 28 | Sink: github.com/jbowtie/gokogiri/xml; Node; true; SearchWithVariables; ; ; Argument[0]; xpath-injection; manual |