Convert Fasthttp::RequestHeader::RemoteFlowSource to MaD

Author: owen-mc

go/ql/lib/ext/github.com.valyala.fasthttp.model.yml

@@ -45,3 +45,21 @@ extensions:
       - ["github.com/valyala/fasthttp", "RequestCtx", True, "RequestURI", "", "", "ReturnValue[0]", "request", "manual"]
       - ["github.com/valyala/fasthttp", "RequestCtx", True, "String", "", "", "ReturnValue[0]", "request", "manual"]
       - ["github.com/valyala/fasthttp", "RequestCtx", True, "UserAgent", "", "", "ReturnValue[0]", "request", "manual"]
+      - ["github.com/valyala/fasthttp", "RequestHeader", True, "ContentEncoding", "", "", "ReturnValue[0]", "request", "manual"]
+      - ["github.com/valyala/fasthttp", "RequestHeader", True, "ContentType", "", "", "ReturnValue[0]", "request", "manual"]
+      - ["github.com/valyala/fasthttp", "RequestHeader", True, "Cookie", "", "", "ReturnValue[0]", "request", "manual"]
+      - ["github.com/valyala/fasthttp", "RequestHeader", True, "CookieBytes", "", "", "ReturnValue[0]", "request", "manual"]
+      - ["github.com/valyala/fasthttp", "RequestHeader", True, "Header", "", "", "ReturnValue[0]", "request", "manual"]
+      - ["github.com/valyala/fasthttp", "RequestHeader", True, "Host", "", "", "ReturnValue[0]", "request", "manual"]
+      - ["github.com/valyala/fasthttp", "RequestHeader", True, "MultipartFormBoundary", "", "", "ReturnValue[0]", "request", "manual"]
+      - ["github.com/valyala/fasthttp", "RequestHeader", True, "Peek", "", "", "ReturnValue[0]", "request", "manual"]
+      - ["github.com/valyala/fasthttp", "RequestHeader", True, "PeekAll", "", "", "ReturnValue[0]", "request", "manual"]
+      - ["github.com/valyala/fasthttp", "RequestHeader", True, "PeekBytes", "", "", "ReturnValue[0]", "request", "manual"]
+      - ["github.com/valyala/fasthttp", "RequestHeader", True, "PeekKeys", "", "", "ReturnValue[0]", "request", "manual"]
+      - ["github.com/valyala/fasthttp", "RequestHeader", True, "PeekTrailerKeys", "", "", "ReturnValue[0]", "request", "manual"]
+      - ["github.com/valyala/fasthttp", "RequestHeader", True, "RawHeaders", "", "", "ReturnValue[0]", "request", "manual"]
+      - ["github.com/valyala/fasthttp", "RequestHeader", True, "Referer", "", "", "ReturnValue[0]", "request", "manual"]
+      - ["github.com/valyala/fasthttp", "RequestHeader", True, "RequestURI", "", "", "ReturnValue[0]", "request", "manual"]
+      - ["github.com/valyala/fasthttp", "RequestHeader", True, "String", "", "", "ReturnValue[0]", "request", "manual"]
+      - ["github.com/valyala/fasthttp", "RequestHeader", True, "TrailerHeader", "", "", "ReturnValue[0]", "request", "manual"]
+      - ["github.com/valyala/fasthttp", "RequestHeader", True, "UserAgent", "", "", "ReturnValue[0]", "request", "manual"]

go/ql/lib/semmle/go/frameworks/Fasthttp.qll

@@ -515,20 +515,24 @@ module Fasthttp {
   }
 
   /**
+   * DEPRECATED
+   *
    * Provide Methods of fasthttp.RequestHeader which mostly used as remote user controlled sources.
    */
-  module RequestHeader {
+  deprecated module RequestHeader {
     /**
-     * DEPRECATED: Use `RemoteFlowSource` instead.
+     * DEPRECATED: Use `RemoteFlowSource::Range` instead.
      */
     deprecated class UntrustedFlowSource = RemoteFlowSource;
 
     /**
+     * DEPRECATED: Use `RemoteFlowSource::Range` instead.
+     *
      * The methods as Remote user controllable source which are mostly related to HTTP Request Headers.
      *
      * When support for lambdas has been implemented we should model "VisitAll", "VisitAllCookie", "VisitAllInOrder", "VisitAllTrailer".
      */
-    class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
+    deprecated class RemoteFlowSource extends RemoteFlowSource::Range instanceof DataFlow::Node {
       RemoteFlowSource() {
         exists(Method m |
           m.hasQualifiedName(packagePath(), "RequestHeader",