Skip to content

Commit ca1e9d7

Browse files
egregius313egregius313
committed
Revert "database/sql summary models for Row types"
This reverts commit 80ad349.
1 parent 0258ce7 commit ca1e9d7

File tree

3 files changed

+20
-3
lines changed

3 files changed

+20
-3
lines changed

go/ql/lib/ext/database.sql.driver.model.yml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,5 @@ extensions:
2323
data:
2424
- ["database/sql/driver", "Conn", True, "Prepare", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
2525
- ["database/sql/driver", "ConnPrepareContext", True, "PrepareContext", "", "", "Argument[1]", "ReturnValue[0]", "taint", "manual"]
26-
- ["database/sql/driver", "Rows", True, "Next", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
2726
- ["database/sql/driver", "ValueConverter", True, "ConvertValue", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
2827
- ["database/sql/driver", "Valuer", True, "Value", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]

go/ql/lib/ext/database.sql.model.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -53,8 +53,6 @@ extensions:
5353
- ["database/sql", "Conn", True, "PrepareContext", "", "", "Argument[1]", "ReturnValue[0]", "taint", "manual"]
5454
- ["database/sql", "DB", True, "Prepare", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
5555
- ["database/sql", "DB", True, "PrepareContext", "", "", "Argument[1]", "ReturnValue[0]", "taint", "manual"]
56-
- ["database/sql", "Row", True, "Scan", "", "", "Argument[receiver]", "Argument[0].ArrayElement", "taint", "manual"]
57-
- ["database/sql", "Rows", True, "Scan", "", "", "Argument[receiver]", "Argument[0].ArrayElement", "taint", "manual"]
5856
- ["database/sql", "Scanner", True, "Scan", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"]
5957
- ["database/sql", "Tx", True, "Prepare", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
6058
- ["database/sql", "Tx", True, "PrepareContext", "", "", "Argument[1]", "ReturnValue[0]", "taint", "manual"]

go/ql/lib/semmle/go/frameworks/stdlib/DatabaseSql.qll

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,4 +66,24 @@ module DatabaseSql {
6666
result = this.getReceiver().getAPredecessor*().(DataFlow::MethodCallNode).getAnArgument()
6767
}
6868
}
69+
70+
// These are expressed using TaintTracking::FunctionModel because varargs functions don't work with Models-as-Data sumamries yet.
71+
private class SqlMethodModels extends TaintTracking::FunctionModel, Method {
72+
FunctionInput inp;
73+
FunctionOutput outp;
74+
75+
SqlMethodModels() {
76+
// signature: func (*Row) Scan(dest ...interface{}) error
77+
this.hasQualifiedName("database/sql", "Row", "Scan") and
78+
(inp.isReceiver() and outp.isParameter(_))
79+
or
80+
// signature: func (*Rows) Scan(dest ...interface{}) error
81+
this.hasQualifiedName("database/sql", "Rows", "Scan") and
82+
(inp.isReceiver() and outp.isParameter(_))
83+
}
84+
85+
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
86+
input = inp and output = outp
87+
}
88+
}
6989
}

0 commit comments

Comments
 (0)