Restore old-style taint models for the unsafe package

These functions don't have proper signature types, so are not suited to MaD models

go/ql/lib/semmle/go/frameworks/Stdlib.qll

@@ -37,6 +37,7 @@ import semmle.go.frameworks.stdlib.Strconv
 import semmle.go.frameworks.stdlib.Syscall
 import semmle.go.frameworks.stdlib.TextTabwriter
 import semmle.go.frameworks.stdlib.TextTemplate
+import semmle.go.frameworks.stdlib.Unsafe
 
 /** Provides a class for modeling functions which convert strings into integers. */
 module IntegerParser {

go/ql/lib/semmle/go/frameworks/stdlib/Unsafe.qll

@@ -0,0 +1,22 @@
+/**
+ * Provides classes modeling security-relevant aspects of the `unsafe` package.
+ */
+
+ import go
+
+ /** Provides models of commonly used functions in the `unsafe` package. */
+ module Unsafe {
+   private class FunctionModels extends TaintTracking::FunctionModel {
+     FunctionInput inp;
+     FunctionOutput outp;
+
+     FunctionModels() {
+       hasQualifiedName("unsafe", ["String", "StringData", "Slice", "SliceData"]) and
+       (inp.isParameter(0) and outp.isResult())
+     }
+
+     override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
+       input = inp and output = outp
+     }
+   }
+ }