Merge pull request #683 from lyoung-confluent/patch-2

Match gopkg.in import of squirrel for SQLi query
2026-01-29 14:23:03 +01:00 · 2022-02-08 12:19:15 +00:00
parent e3feece94e 324f8f7eba
commit 034f3d5e76
1 changed files with 5 additions and 1 deletions
--- a/ql/lib/semmle/go/frameworks/SQL.qll
+++ b/ql/lib/semmle/go/frameworks/SQL.qll
@@ -83,7 +83,11 @@ module SQL {
      SquirrelQueryString() {
        exists(Function fn |
          exists(string sq |
-            sq = package(["github.com/Masterminds", "github.com/lann"], "squirrel")
+            sq =
+              package([
+                  "github.com/Masterminds/squirrel", "gopkg.in/Masterminds/squirrel",
+                  "github.com/lann/squirrel"
+                ], "")
          |
            // first argument to `squirrel.Expr`
            fn.hasQualifiedName(sq, "Expr")