microsoft
diff --git a/‎go/ql/lib/change-notes/2024-11-12-models-as-data-subtypes-true.md
Lines changed: 4 additions & 0 deletions b/‎go/ql/lib/change-notes/2024-11-12-models-as-data-subtypes-true.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎go/ql/lib/ext/fmt.model.yml
Lines changed: 11 additions & 11 deletions b/‎go/ql/lib/ext/fmt.model.yml
Lines changed: 11 additions & 11 deletions
diff --git a/‎go/ql/lib/ext/github.com.antchfx.htmlquery.model.yml
Lines changed: 4 additions & 4 deletions b/‎go/ql/lib/ext/github.com.antchfx.htmlquery.model.yml
Lines changed: 4 additions & 4 deletions
diff --git a/‎go/ql/lib/ext/github.com.antchfx.jsonquery.model.yml
Lines changed: 4 additions & 4 deletions b/‎go/ql/lib/ext/github.com.antchfx.jsonquery.model.yml
Lines changed: 4 additions & 4 deletions
diff --git a/‎go/ql/lib/ext/github.com.antchfx.xmlquery.model.yml
Lines changed: 6 additions & 6 deletions b/‎go/ql/lib/ext/github.com.antchfx.xmlquery.model.yml
Lines changed: 6 additions & 6 deletions
diff --git a/‎go/ql/lib/ext/github.com.antchfx.xpath.model.yml
Lines changed: 4 additions & 4 deletions b/‎go/ql/lib/ext/github.com.antchfx.xpath.model.yml
Lines changed: 4 additions & 4 deletions
diff --git a/‎go/ql/lib/ext/github.com.beego.beego.server.web.context.model.yml
Lines changed: 1 addition & 1 deletion b/‎go/ql/lib/ext/github.com.beego.beego.server.web.context.model.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎go/ql/lib/ext/github.com.beego.beego.server.web.model.yml
Lines changed: 3 additions & 3 deletions b/‎go/ql/lib/ext/github.com.beego.beego.server.web.model.yml
Lines changed: 3 additions & 3 deletions
diff --git a/‎go/ql/lib/ext/github.com.christrenkamp.goxpath.model.yml
Lines changed: 3 additions & 3 deletions b/‎go/ql/lib/ext/github.com.christrenkamp.goxpath.model.yml
Lines changed: 3 additions & 3 deletions
diff --git a/‎go/ql/lib/ext/github.com.codeskyblue.go-sh.model.yml
Lines changed: 3 additions & 3 deletions b/‎go/ql/lib/ext/github.com.codeskyblue.go-sh.model.yml
Lines changed: 3 additions & 3 deletions
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `subtypes` column has been set to true in all models-as-data models except some tests. This means that existing models will apply in some cases where they didn't before, which may lead to more alerts.
@@ -8,14 +8,14 @@ extensions:
       - ["fmt", "ScanState", True, "Token", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
       - ["fmt", "State", True, "Write", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"]
       - ["fmt", "Stringer", True, "String", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["fmt", "", True, "Append", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["fmt", "", True, "Append", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
-      - ["fmt", "", True, "Appendf", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["fmt", "", True, "Appendf", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
-      - ["fmt", "", True, "Appendf", "", "", "Argument[2].ArrayElement", "ReturnValue", "taint", "manual"]
-      - ["fmt", "", True, "Appendln", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["fmt", "", True, "Appendln", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
-      - ["fmt", "", True, "Sprint", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
-      - ["fmt", "", True, "Sprintf", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["fmt", "", True, "Sprintf", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
-      - ["fmt", "", True, "Sprintln", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["fmt", "", False, "Append", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["fmt", "", False, "Append", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["fmt", "", False, "Appendf", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["fmt", "", False, "Appendf", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["fmt", "", False, "Appendf", "", "", "Argument[2].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["fmt", "", False, "Appendln", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["fmt", "", False, "Appendln", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["fmt", "", False, "Sprint", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["fmt", "", False, "Sprintf", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["fmt", "", False, "Sprintf", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
+      - ["fmt", "", False, "Sprintln", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
@@ -3,7 +3,7 @@ extensions:
       pack: codeql/go-all
       extensible: sinkModel
     data:
-      - ["github.com/antchfx/htmlquery", "", True, "Find", "", "", "Argument[1]", "xpath-injection", "manual"]
-      - ["github.com/antchfx/htmlquery", "", True, "FindOne", "", "", "Argument[1]", "xpath-injection", "manual"]
-      - ["github.com/antchfx/htmlquery", "", True, "Query", "", "", "Argument[1]", "xpath-injection", "manual"]
-      - ["github.com/antchfx/htmlquery", "", True, "QueryAll", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/htmlquery", "", False, "Find", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/htmlquery", "", False, "FindOne", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/htmlquery", "", False, "Query", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/htmlquery", "", False, "QueryAll", "", "", "Argument[1]", "xpath-injection", "manual"]
@@ -3,7 +3,7 @@ extensions:
       pack: codeql/go-all
       extensible: sinkModel
     data:
-      - ["github.com/antchfx/jsonquery", "", True, "Find", "", "", "Argument[1]", "xpath-injection", "manual"]
-      - ["github.com/antchfx/jsonquery", "", True, "FindOne", "", "", "Argument[1]", "xpath-injection", "manual"]
-      - ["github.com/antchfx/jsonquery", "", True, "Query", "", "", "Argument[1]", "xpath-injection", "manual"]
-      - ["github.com/antchfx/jsonquery", "", True, "QueryAll", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/jsonquery", "", False, "Find", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/jsonquery", "", False, "FindOne", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/jsonquery", "", False, "Query", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/jsonquery", "", False, "QueryAll", "", "", "Argument[1]", "xpath-injection", "manual"]
@@ -3,11 +3,11 @@ extensions:
       pack: codeql/go-all
       extensible: sinkModel
     data:
-      - ["github.com/antchfx/xmlquery", "", True, "Find", "", "", "Argument[1]", "xpath-injection", "manual"]
-      - ["github.com/antchfx/xmlquery", "", True, "FindOne", "", "", "Argument[1]", "xpath-injection", "manual"]
-      - ["github.com/antchfx/xmlquery", "", True, "FindEach", "", "", "Argument[1]", "xpath-injection", "manual"]
-      - ["github.com/antchfx/xmlquery", "", True, "FindEachWithBreak", "", "", "Argument[1]", "xpath-injection", "manual"]
-      - ["github.com/antchfx/xmlquery", "", True, "Query", "", "", "Argument[1]", "xpath-injection", "manual"]
-      - ["github.com/antchfx/xmlquery", "", True, "QueryAll", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/xmlquery", "", False, "Find", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/xmlquery", "", False, "FindOne", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/xmlquery", "", False, "FindEach", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/xmlquery", "", False, "FindEachWithBreak", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/xmlquery", "", False, "Query", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/xmlquery", "", False, "QueryAll", "", "", "Argument[1]", "xpath-injection", "manual"]
       - ["github.com/antchfx/xmlquery", "Node", True, "SelectElement", "", "", "Argument[0]", "xpath-injection", "manual"]
       - ["github.com/antchfx/xmlquery", "Node", True, "SelectElements", "", "", "Argument[0]", "xpath-injection", "manual"]
@@ -3,7 +3,7 @@ extensions:
       pack: codeql/go-all
       extensible: sinkModel
     data:
-      - ["github.com/antchfx/xpath", "", True, "Compile", "", "", "Argument[0]", "xpath-injection", "manual"]
-      - ["github.com/antchfx/xpath", "", True, "CompileWithNS", "", "", "Argument[0]", "xpath-injection", "manual"]
-      - ["github.com/antchfx/xpath", "", True, "MustCompile", "", "", "Argument[0]", "xpath-injection", "manual"]
-      - ["github.com/antchfx/xpath", "", True, "Select", "", "", "Argument[1]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/xpath", "", False, "Compile", "", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/xpath", "", False, "CompileWithNS", "", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/xpath", "", False, "MustCompile", "", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["github.com/antchfx/xpath", "", False, "Select", "", "", "Argument[1]", "xpath-injection", "manual"]
@@ -11,7 +11,7 @@ extensions:
       extensible: sinkModel
     data:
       # path-injection
-      - ["group:beego-context", "BeegoOutput", False, "Download", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["group:beego-context", "BeegoOutput", True, "Download", "", "", "Argument[0]", "path-injection", "manual"]
       # url-redirection
       - ["group:beego-context", "Context", True, "Redirect", "", "", "Argument[1]", "url-redirection", "manual"]
   - addsTo:
 
@@ -12,9 +12,9 @@ extensions:
     data:
       # path-injection
       - ["group:beego", "", False, "Walk", "", "", "Argument[1]", "path-injection", "manual"]
-      - ["group:beego", "Controller", False, "SaveToFile", "", "", "Argument[1]", "path-injection", "manual"]
-      - ["group:beego", "Controller", False, "SaveToFileWithBuffer", "", "", "Argument[1]", "path-injection", "manual"] # only exists in v2
-      - ["group:beego", "FileSystem", False, "Open", "", "", "Argument[0]", "path-injection", "manual"]
+      - ["group:beego", "Controller", True, "SaveToFile", "", "", "Argument[1]", "path-injection", "manual"]
+      - ["group:beego", "Controller", True, "SaveToFileWithBuffer", "", "", "Argument[1]", "path-injection", "manual"] # only exists in v2
+      - ["group:beego", "FileSystem", True, "Open", "", "", "Argument[0]", "path-injection", "manual"]
       # url-redirection
       - ["group:beego", "Controller", True, "Redirect", "", "", "Argument[0]", "url-redirection", "manual"]
   - addsTo:
 
@@ -3,6 +3,6 @@ extensions:
       pack: codeql/go-all
       extensible: sinkModel
     data:
-      - ["github.com/ChrisTrenkamp/goxpath", "", True, "MustParse", "", "", "Argument[0]", "xpath-injection", "manual"]
-      - ["github.com/ChrisTrenkamp/goxpath", "", True, "Parse", "", "", "Argument[0]", "xpath-injection", "manual"]
-      - ["github.com/ChrisTrenkamp/goxpath", "", True, "ParseExec", "", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["github.com/ChrisTrenkamp/goxpath", "", False, "MustParse", "", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["github.com/ChrisTrenkamp/goxpath", "", False, "Parse", "", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["github.com/ChrisTrenkamp/goxpath", "", False, "ParseExec", "", "", "Argument[0]", "xpath-injection", "manual"]
@@ -4,6 +4,6 @@ extensions:
       extensible: sinkModel
     data:
       - ["github.com/codeskyblue/go-sh", "", False, "Command", "", "", "Argument[0]", "command-injection", "manual"]
-      - ["github.com/codeskyblue/go-sh", "Session", False, "Call", "", "", "Argument[0]", "command-injection", "manual"]
-      - ["github.com/codeskyblue/go-sh", "Session", False, "Command", "", "", "Argument[0]", "command-injection", "manual"]
-      - ["github.com/codeskyblue/go-sh", "Session", False, "Exec", "", "", "Argument[0]", "command-injection", "manual"]
+      - ["github.com/codeskyblue/go-sh", "Session", True, "Call", "", "", "Argument[0]", "command-injection", "manual"]
+      - ["github.com/codeskyblue/go-sh", "Session", True, "Command", "", "", "Argument[0]", "command-injection", "manual"]
+      - ["github.com/codeskyblue/go-sh", "Session", True, "Exec", "", "", "Argument[0]", "command-injection", "manual"]
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* The `subtypes` column has been set to true in all models-as-data models except some tests. This means that existing models will apply in some cases where they didn't before, which may lead to more alerts.