Revert "Convert sqlx sql-injection sinks to MaD"

This reverts commit 7ad63fc.

Author: smowton

go/ql/lib/ext/github.com.jmoiron.sqlx.model.yml

@@ -161,6 +161,20 @@ module SQL {
       )
     }
   }
+
+  /** A model for sinks of github.com/jmoiron/sqlx. */
+  private class SqlxSink extends SQL::QueryString::Range {
+    SqlxSink() {
+      exists(Method meth, string name, int n |
+        meth.hasQualifiedName(package("github.com/jmoiron/sqlx", ""), ["DB", "Tx"], name) and
+        this = meth.getACall().getArgument(n)
+      |
+        name = ["Select", "Get"] and n = 1
+        or
+        name = ["MustExec", "Queryx", "NamedExec", "NamedQuery"] and n = 0
+      )
+    }
+  }
 }
 
 /**

go/ql/lib/semmle/go/frameworks/SQL.qll

@@ -0,0 +1,12 @@
+| sqlx.go:15:17:15:25 | untrusted |
+| sqlx.go:16:14:16:22 | untrusted |
+| sqlx.go:17:14:17:22 | untrusted |
+| sqlx.go:18:12:18:20 | untrusted |
+| sqlx.go:19:15:19:23 | untrusted |
+| sqlx.go:20:16:20:24 | untrusted |
+| sqlx.go:23:17:23:25 | untrusted |
+| sqlx.go:24:14:24:22 | untrusted |
+| sqlx.go:25:14:25:22 | untrusted |
+| sqlx.go:26:12:26:20 | untrusted |
+| sqlx.go:27:15:27:23 | untrusted |
+| sqlx.go:28:16:28:24 | untrusted |

go/ql/test/library-tests/semmle/go/frameworks/SQL/Sqlx/QueryString.expected

@@ -12,19 +12,19 @@ func main() {
 
 	db := sqlx.DB{}
 	untrusted := getUntrustedString()
-	db.Select(nil, untrusted)     // $ querystring=untrusted
-	db.Get(nil, untrusted)        // $ querystring=untrusted
-	db.MustExec(untrusted)        // $ querystring=untrusted
-	db.Queryx(untrusted)          // $ querystring=untrusted
-	db.NamedExec(untrusted, nil)  // $ querystring=untrusted
-	db.NamedQuery(untrusted, nil) // $ querystring=untrusted
+	db.Select(nil, untrusted)
+	db.Get(nil, untrusted)
+	db.MustExec(untrusted)
+	db.Queryx(untrusted)
+	db.NamedExec(untrusted, nil)
+	db.NamedQuery(untrusted, nil)
 
 	tx := sqlx.Tx{}
-	tx.Select(nil, untrusted)     // $ querystring=untrusted
-	tx.Get(nil, untrusted)        // $ querystring=untrusted
-	tx.MustExec(untrusted)        // $ querystring=untrusted
-	tx.Queryx(untrusted)          // $ querystring=untrusted
-	tx.NamedExec(untrusted, nil)  // $ querystring=untrusted
-	tx.NamedQuery(untrusted, nil) // $ querystring=untrusted
+	tx.Select(nil, untrusted)
+	tx.Get(nil, untrusted)
+	tx.MustExec(untrusted)
+	tx.Queryx(untrusted)
+	tx.NamedExec(untrusted, nil)
+	tx.NamedQuery(untrusted, nil)
 
 }

go/ql/test/library-tests/semmle/go/frameworks/SQL/Sqlx/QueryString.ql

@@ -0,0 +1,4 @@
+import go
+
+from SQL::QueryString qs
+select qs