Convert GithubComGinGonicGinContextSource to MaD

Author: owen-mc

go/ql/lib/ext/github.com.gin-gonic.gin.model.yml

@@ -5,3 +5,35 @@ extensions:
     data:
       - ["github.com/gin-gonic/gin", "Params", True, "ByName", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
       - ["github.com/gin-gonic/gin", "Params", True, "Get", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sourceModel
+    data:
+      - ["github.com/gin-gonic/gin", "Context", True, "FullPath", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "GetHeader", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "QueryArray", "", "", "ReturnValue", "remote", "manual"] # TODO: should be .ArrayElement
+      - ["github.com/gin-gonic/gin", "Context", True, "Query", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "PostFormArray", "", "", "ReturnValue", "remote", "manual"] # TODO: should be .ArrayElement
+      - ["github.com/gin-gonic/gin", "Context", True, "PostForm", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "Param", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "GetStringSlice", "", "", "ReturnValue", "remote", "manual"] # TODO: should be .ArrayElement
+      - ["github.com/gin-gonic/gin", "Context", True, "GetString", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "GetRawData", "", "", "ReturnValue[0]", "remote", "manual"] # TODO: should be .ArrayElement
+      - ["github.com/gin-gonic/gin", "Context", True, "ClientIP", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "ContentType", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "Cookie", "", "", "ReturnValue[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "GetQueryArray", "", "", "ReturnValue[0]", "remote", "manual"] # TODO: should be .ArrayElement
+      - ["github.com/gin-gonic/gin", "Context", True, "GetQuery", "", "", "ReturnValue[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "GetPostFormArray", "", "", "ReturnValue[0]", "remote", "manual"] # TODO: should be .ArrayElement
+      - ["github.com/gin-gonic/gin", "Context", True, "GetPostForm", "", "", "ReturnValue[0]", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "DefaultPostForm", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "DefaultQuery", "", "", "ReturnValue", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "GetPostFormMap", "", "", "ReturnValue[0]", "remote", "manual"] # TODO: should be .MapValue (and .MapKey?)
+      - ["github.com/gin-gonic/gin", "Context", True, "GetQueryMap", "", "", "ReturnValue[0]", "remote", "manual"] # TODO: should be .MapValue (and .MapKey?)
+      - ["github.com/gin-gonic/gin", "Context", True, "GetStringMap", "", "", "ReturnValue", "remote", "manual"] # TODO: should be .MapValue (and .MapKey?)
+      - ["github.com/gin-gonic/gin", "Context", True, "GetStringMapString", "", "", "ReturnValue", "remote", "manual"] # TODO: should be .MapValue (and .MapKey?)
+      - ["github.com/gin-gonic/gin", "Context", True, "GetStringMapStringSlice", "", "", "ReturnValue", "remote", "manual"] # TODO: should be .MapValue.ArrayElement (and .MapKey?)
+      - ["github.com/gin-gonic/gin", "Context", True, "PostFormMap", "", "", "ReturnValue", "remote", "manual"] # TODO: should be .MapValue (and .MapKey?)
+      - ["github.com/gin-gonic/gin", "Context", True, "QueryMap", "", "", "ReturnValue", "remote", "manual"] # TODO: should be .MapValue (and .MapKey?)
+      - ["github.com/gin-gonic/gin", "Context", True, "Accepted", "", "", "", "remote", "manual"]
+      - ["github.com/gin-gonic/gin", "Context", True, "Params", "", "", "", "remote", "manual"]

go/ql/lib/semmle/go/frameworks/Gin.qll

@@ -9,33 +9,6 @@ private module Gin {
   /** Gets the package name `github.com/gin-gonic/gin`. */
   string packagePath() { result = package("github.com/gin-gonic/gin", "") }
 
-  /**
-   * Data from a `Context` struct, considered as a source of remote flow.
-   */
-  private class GithubComGinGonicGinContextSource extends RemoteFlowSource::Range {
-    GithubComGinGonicGinContextSource() {
-      // Method calls:
-      exists(DataFlow::MethodCallNode call, string methodName |
-        call.getTarget().hasQualifiedName(packagePath(), "Context", methodName) and
-        methodName in [
-            "FullPath", "GetHeader", "QueryArray", "Query", "PostFormArray", "PostForm", "Param",
-            "GetStringSlice", "GetString", "GetRawData", "ClientIP", "ContentType", "Cookie",
-            "GetQueryArray", "GetQuery", "GetPostFormArray", "GetPostForm", "DefaultPostForm",
-            "DefaultQuery", "GetPostFormMap", "GetQueryMap", "GetStringMap", "GetStringMapString",
-            "GetStringMapStringSlice", "PostFormMap", "QueryMap"
-          ]
-      |
-        this = call.getResult(0)
-      )
-      or
-      // Field reads:
-      exists(DataFlow::Field fld |
-        fld.hasQualifiedName(packagePath(), "Context", ["Accepted", "Params"]) and
-        this = fld.getARead()
-      )
-    }
-  }
-
   /**
    * A call to a method on `Context` struct that unmarshals data into a target.
    */

go/ql/test/library-tests/semmle/go/frameworks/Gin/TaintedPath.expected

@@ -1,8 +1,8 @@
 edges
-| Gin.go:24:15:24:33 | call to Query | Gin.go:25:10:25:17 | filepath | provenance |  |
-| Gin.go:24:15:24:33 | call to Query | Gin.go:26:39:26:46 | filepath | provenance |  |
-| Gin.go:24:15:24:33 | call to Query | Gin.go:27:20:27:27 | filepath | provenance |  |
-| Gin.go:24:15:24:33 | call to Query | Gin.go:29:32:29:39 | filepath | provenance |  |
+| Gin.go:24:15:24:33 | call to Query | Gin.go:25:10:25:17 | filepath | provenance | Src:MaD:342  |
+| Gin.go:24:15:24:33 | call to Query | Gin.go:26:39:26:46 | filepath | provenance | Src:MaD:342  |
+| Gin.go:24:15:24:33 | call to Query | Gin.go:27:20:27:27 | filepath | provenance | Src:MaD:342  |
+| Gin.go:24:15:24:33 | call to Query | Gin.go:29:32:29:39 | filepath | provenance | Src:MaD:342  |
 nodes
 | Gin.go:24:15:24:33 | call to Query | semmle.label | call to Query |
 | Gin.go:25:10:25:17 | filepath | semmle.label | filepath |