Skip to content

Commit c33568b

Browse files
smowtonsmowton
committed
Revert "Convert mongodb nosql-injection sinks to MaD"
This reverts commit ec9d88b.
1 parent 437df5c commit c33568b

File tree

3 files changed

+137
-170
lines changed

3 files changed

+137
-170
lines changed

go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml

Lines changed: 0 additions & 19 deletions
This file was deleted.

go/ql/lib/semmle/go/frameworks/NoSQL.qll

Lines changed: 78 additions & 76 deletions
Original file line numberDiff line numberDiff line change
@@ -31,82 +31,84 @@ module NoSql {
3131
)
3232
}
3333
}
34-
// /**
35-
// * Holds if method `name` of struct `Collection` from package
36-
// * [go.mongodb.org/mongo-driver/mongo](https://pkg.go.dev/go.mongodb.org/mongo-driver/mongo)
37-
// * interprets parameter `n` as a query.
38-
// */
39-
// private predicate mongoDbCollectionMethod(string name, int n) {
40-
// // func (coll *Collection) CountDocuments(ctx context.Context, filter interface{},
41-
// // opts ...*options.CountOptions) (int64, error)
42-
// name = "CountDocuments" and n = 1
43-
// or
44-
// // func (coll *Collection) DeleteMany(ctx context.Context, filter interface{},
45-
// // opts ...*options.DeleteOptions) (*DeleteResult, error)
46-
// name = "DeleteMany" and n = 1
47-
// or
48-
// // func (coll *Collection) DeleteOne(ctx context.Context, filter interface{},
49-
// // opts ...*options.DeleteOptions) (*DeleteResult, error)
50-
// name = "DeleteOne" and n = 1
51-
// or
52-
// // func (coll *Collection) Distinct(ctx context.Context, fieldName string, filter interface{},
53-
// // ...) ([]interface{}, error)
54-
// name = "Distinct" and n = 2
55-
// or
56-
// // func (coll *Collection) Find(ctx context.Context, filter interface{},
57-
// // opts ...*options.FindOptions) (*Cursor, error)
58-
// name = "Find" and n = 1
59-
// or
60-
// // func (coll *Collection) FindOne(ctx context.Context, filter interface{},
61-
// // opts ...*options.FindOneOptions) *SingleResult
62-
// name = "FindOne" and n = 1
63-
// or
64-
// // func (coll *Collection) FindOneAndDelete(ctx context.Context, filter interface{}, ...)
65-
// // *SingleResult
66-
// name = "FindOneAndDelete" and n = 1
67-
// or
68-
// // func (coll *Collection) FindOneAndReplace(ctx context.Context, filter interface{},
69-
// // replacement interface{}, ...) *SingleResult
70-
// name = "FindOneAndReplace" and n = 1
71-
// or
72-
// // func (coll *Collection) FindOneAndUpdate(ctx context.Context, filter interface{},
73-
// // update interface{}, ...) *SingleResult
74-
// name = "FindOneAndUpdate" and n = 1
75-
// or
76-
// // func (coll *Collection) ReplaceOne(ctx context.Context, filter interface{},
77-
// // replacement interface{}, ...) (*UpdateResult, error)
78-
// name = "ReplaceOne" and n = 1
79-
// or
80-
// // func (coll *Collection) UpdateMany(ctx context.Context, filter interface{},
81-
// // update interface{}, ...) (*UpdateResult, error)
82-
// name = "UpdateMany" and n = 1
83-
// or
84-
// // func (coll *Collection) UpdateOne(ctx context.Context, filter interface{},
85-
// // update interface{}, ...) (*UpdateResult, error)
86-
// name = "UpdateOne" and n = 1
87-
// or
88-
// // func (coll *Collection) Watch(ctx context.Context, pipeline interface{}, ...)
89-
// // (*ChangeStream, error)
90-
// name = "Watch" and n = 1
91-
// or
92-
// // func (coll *Collection) Aggregate(ctx context.Context, pipeline interface{},
93-
// // opts ...*options.AggregateOptions) (*Cursor, error)
94-
// name = "Aggregate" and n = 1
95-
// }
96-
// /**
97-
// * A query used in an API function acting on a `Collection` struct of package
98-
// * [go.mongodb.org/mongo-driver/mongo](https://pkg.go.dev/go.mongodb.org/mongo-driver/mongo).
99-
// */
100-
// private class MongoDbCollectionQuery extends Range {
101-
// MongoDbCollectionQuery() {
102-
// exists(Method meth, string methodName, int n |
103-
// mongoDbCollectionMethod(methodName, n) and
104-
// meth.hasQualifiedName(package("go.mongodb.org/mongo-driver", "mongo"), "Collection",
105-
// methodName) and
106-
// this = meth.getACall().getArgument(n)
107-
// )
108-
// }
109-
// }
34+
35+
/**
36+
* Holds if method `name` of struct `Collection` from package
37+
* [go.mongodb.org/mongo-driver/mongo](https://pkg.go.dev/go.mongodb.org/mongo-driver/mongo)
38+
* interprets parameter `n` as a query.
39+
*/
40+
private predicate mongoDbCollectionMethod(string name, int n) {
41+
// func (coll *Collection) CountDocuments(ctx context.Context, filter interface{},
42+
// opts ...*options.CountOptions) (int64, error)
43+
name = "CountDocuments" and n = 1
44+
or
45+
// func (coll *Collection) DeleteMany(ctx context.Context, filter interface{},
46+
// opts ...*options.DeleteOptions) (*DeleteResult, error)
47+
name = "DeleteMany" and n = 1
48+
or
49+
// func (coll *Collection) DeleteOne(ctx context.Context, filter interface{},
50+
// opts ...*options.DeleteOptions) (*DeleteResult, error)
51+
name = "DeleteOne" and n = 1
52+
or
53+
// func (coll *Collection) Distinct(ctx context.Context, fieldName string, filter interface{},
54+
// ...) ([]interface{}, error)
55+
name = "Distinct" and n = 2
56+
or
57+
// func (coll *Collection) Find(ctx context.Context, filter interface{},
58+
// opts ...*options.FindOptions) (*Cursor, error)
59+
name = "Find" and n = 1
60+
or
61+
// func (coll *Collection) FindOne(ctx context.Context, filter interface{},
62+
// opts ...*options.FindOneOptions) *SingleResult
63+
name = "FindOne" and n = 1
64+
or
65+
// func (coll *Collection) FindOneAndDelete(ctx context.Context, filter interface{}, ...)
66+
// *SingleResult
67+
name = "FindOneAndDelete" and n = 1
68+
or
69+
// func (coll *Collection) FindOneAndReplace(ctx context.Context, filter interface{},
70+
// replacement interface{}, ...) *SingleResult
71+
name = "FindOneAndReplace" and n = 1
72+
or
73+
// func (coll *Collection) FindOneAndUpdate(ctx context.Context, filter interface{},
74+
// update interface{}, ...) *SingleResult
75+
name = "FindOneAndUpdate" and n = 1
76+
or
77+
// func (coll *Collection) ReplaceOne(ctx context.Context, filter interface{},
78+
// replacement interface{}, ...) (*UpdateResult, error)
79+
name = "ReplaceOne" and n = 1
80+
or
81+
// func (coll *Collection) UpdateMany(ctx context.Context, filter interface{},
82+
// update interface{}, ...) (*UpdateResult, error)
83+
name = "UpdateMany" and n = 1
84+
or
85+
// func (coll *Collection) UpdateOne(ctx context.Context, filter interface{},
86+
// update interface{}, ...) (*UpdateResult, error)
87+
name = "UpdateOne" and n = 1
88+
or
89+
// func (coll *Collection) Watch(ctx context.Context, pipeline interface{}, ...)
90+
// (*ChangeStream, error)
91+
name = "Watch" and n = 1
92+
or
93+
// func (coll *Collection) Aggregate(ctx context.Context, pipeline interface{},
94+
// opts ...*options.AggregateOptions) (*Cursor, error)
95+
name = "Aggregate" and n = 1
96+
}
97+
98+
/**
99+
* A query used in an API function acting on a `Collection` struct of package
100+
* [go.mongodb.org/mongo-driver/mongo](https://pkg.go.dev/go.mongodb.org/mongo-driver/mongo).
101+
*/
102+
private class MongoDbCollectionQuery extends Range {
103+
MongoDbCollectionQuery() {
104+
exists(Method meth, string methodName, int n |
105+
mongoDbCollectionMethod(methodName, n) and
106+
meth.hasQualifiedName(package("go.mongodb.org/mongo-driver", "mongo"), "Collection",
107+
methodName) and
108+
this = meth.getACall().getArgument(n)
109+
)
110+
}
111+
}
110112
}
111113

112114
/**

0 commit comments

Comments
 (0)