From dea1959e218458a264f4358b820866de4ce93839 Mon Sep 17 00:00:00 2001
From: Luke Young <91491244+lyoung-confluent@users.noreply.github.com>
Date: Thu, 3 Feb 2022 13:29:38 -0800
Subject: [PATCH 1/3] Match gopkg.in import of squirrel for SQLi query

---
 ql/lib/semmle/go/frameworks/SQL.qll | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ql/lib/semmle/go/frameworks/SQL.qll b/ql/lib/semmle/go/frameworks/SQL.qll
index acf8be77d7f..0c91f02c5ad 100644
--- a/ql/lib/semmle/go/frameworks/SQL.qll
+++ b/ql/lib/semmle/go/frameworks/SQL.qll
@@ -83,7 +83,7 @@ module SQL {
       SquirrelQueryString() {
         exists(Function fn |
           exists(string sq |
-            sq = package(["github.com/Masterminds", "github.com/lann"], "squirrel")
+            sq = package(["github.com/Masterminds/squirrel", "gopkg.in/Masterminds/squirrel.v1", "github.com/lann/squirrel"], "")
           |
             // first argument to `squirrel.Expr`
             fn.hasQualifiedName(sq, "Expr")

From 3b32425567dfb56e5bd5a3ac895e977eea956900 Mon Sep 17 00:00:00 2001
From: Luke Young <91491244+lyoung-confluent@users.noreply.github.com>
Date: Thu, 3 Feb 2022 23:36:11 -0800
Subject: [PATCH 2/3] remove .v1 from gopkg.in

---
 ql/lib/semmle/go/frameworks/SQL.qll | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ql/lib/semmle/go/frameworks/SQL.qll b/ql/lib/semmle/go/frameworks/SQL.qll
index 0c91f02c5ad..4568fe5645e 100644
--- a/ql/lib/semmle/go/frameworks/SQL.qll
+++ b/ql/lib/semmle/go/frameworks/SQL.qll
@@ -83,7 +83,7 @@ module SQL {
       SquirrelQueryString() {
         exists(Function fn |
           exists(string sq |
-            sq = package(["github.com/Masterminds/squirrel", "gopkg.in/Masterminds/squirrel.v1", "github.com/lann/squirrel"], "")
+            sq = package(["github.com/Masterminds/squirrel", "gopkg.in/Masterminds/squirrel", "github.com/lann/squirrel"], "")
           |
             // first argument to `squirrel.Expr`
             fn.hasQualifiedName(sq, "Expr")

From 324f8f7eba43a2fbf2e4494253bb73f31c72c57e Mon Sep 17 00:00:00 2001
From: Luke Young <lyoung@confluent.io>
Date: Mon, 7 Feb 2022 11:24:02 -0800
Subject: [PATCH 3/3] codeql query format

---
 ql/lib/semmle/go/frameworks/SQL.qll | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ql/lib/semmle/go/frameworks/SQL.qll b/ql/lib/semmle/go/frameworks/SQL.qll
index 4568fe5645e..66566f7540c 100644
--- a/ql/lib/semmle/go/frameworks/SQL.qll
+++ b/ql/lib/semmle/go/frameworks/SQL.qll
@@ -83,7 +83,11 @@ module SQL {
       SquirrelQueryString() {
         exists(Function fn |
           exists(string sq |
-            sq = package(["github.com/Masterminds/squirrel", "gopkg.in/Masterminds/squirrel", "github.com/lann/squirrel"], "")
+            sq =
+              package([
+                  "github.com/Masterminds/squirrel", "gopkg.in/Masterminds/squirrel",
+                  "github.com/lann/squirrel"
+                ], "")
           |
             // first argument to `squirrel.Expr`
             fn.hasQualifiedName(sq, "Expr")