Add tests for Couchbase v1

ql/test/library-tests/semmle/go/frameworks/CouchbaseV1/go.mod

@@ -0,0 +1,17 @@
+go 1.14
+
+module test
+
+require (
+	github.com/golang/snappy v0.0.2 // indirect
+	github.com/google/uuid v1.1.4 // indirect
+	github.com/opentracing/opentracing-go v1.2.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	golang.org/x/net v0.0.0-20201224014010-6772e930b67b // indirect
+	golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9 // indirect
+	gopkg.in/couchbase/gocb.v1 v1.6.7
+	gopkg.in/couchbase/gocbcore.v7 v7.1.18 // indirect
+	gopkg.in/couchbaselabs/gocbconnstr.v1 v1.0.4 // indirect
+	gopkg.in/couchbaselabs/gojcbmock.v1 v1.0.4 // indirect
+	gopkg.in/couchbaselabs/jsonx.v1 v1.0.0 // indirect
+)

ql/test/library-tests/semmle/go/frameworks/CouchbaseV1/test.go

@@ -0,0 +1,40 @@
+package test
+
+//go:generate depstubber -vendor  gopkg.in/couchbase/gocb.v1 Bucket,Cluster NewAnalyticsQuery,NewN1qlQuery,QueryProfileNone,StatementPlus
+
+import (
+	"net/http"
+	"time"
+
+	"gopkg.in/couchbase/gocb.v1"
+)
+
+func analyticsQuery(bucket gocb.Bucket, untrustedSource *http.Request) {
+	untrusted := untrustedSource.UserAgent()
+	q0 := gocb.NewAnalyticsQuery(untrusted)
+	q1 := q0.ContextId("")
+	q2 := q1.Deferred(true)
+	q3 := q2.Pretty(true)
+	q4 := q3.Priority(true)
+	q5 := q4.RawParam("name", nil)
+	duration, _ := time.ParseDuration("300s")
+	q6 := q5.ServerSideTimeout(duration)
+	bucket.ExecuteAnalyticsQuery(q6, nil) // $sqlinjection=q6
+}
+
+func n1qlQuery(cluster gocb.Cluster, untrustedSource *http.Request) {
+	untrusted := untrustedSource.UserAgent()
+	q0 := gocb.NewN1qlQuery(untrusted)
+	q1 := q0.AdHoc(true)
+	q2 := q1.Consistency(gocb.StatementPlus)
+	q3 := q2.ConsistentWith(&gocb.MutationState{})
+	q4 := q3.Custom("name", nil)
+	q5 := q4.PipelineBatch(2)
+	q6 := q5.PipelineCap(5)
+	q7 := q6.Profile(gocb.QueryProfileNone)
+	q8 := q7.ReadOnly(false)
+	q9 := q8.ScanCap(10)
+	duration, _ := time.ParseDuration("300s")
+	q10 := q9.Timeout(duration)
+	cluster.ExecuteN1qlQuery(q10, nil) // $sqlinjection=q10
+}

ql/test/library-tests/semmle/go/frameworks/CouchbaseV1/test.ql

@@ -0,0 +1,18 @@
+import go
+import TestUtilities.InlineExpectationsTest
+import semmle.go.security.SqlInjection
+
+class SqlInjectionTest extends InlineExpectationsTest {
+  SqlInjectionTest() { this = "SqlInjectionTest" }
+
+  override string getARelevantTag() { result = "sqlinjection" }
+
+  override predicate hasActualResult(string file, int line, string element, string tag, string value) {
+    tag = "sqlinjection" and
+    exists(DataFlow::Node sink | any(SqlInjection::Configuration c).hasFlow(_, sink) |
+      element = sink.toString() and
+      value = sink.toString() and
+      sink.hasLocationInfo(file, line, _, _, _)
+    )
+  }
+}

ql/test/library-tests/semmle/go/frameworks/CouchbaseV1/vendor/modules.txt

@@ -0,0 +1,33 @@
+# github.com/golang/snappy v0.0.2
+## explicit
+github.com/golang/snappy
+# github.com/google/uuid v1.1.4
+## explicit
+github.com/google/uuid
+# github.com/opentracing/opentracing-go v1.2.0
+## explicit
+github.com/opentracing/opentracing-go
+# github.com/pkg/errors v0.9.1
+## explicit
+github.com/pkg/errors
+# golang.org/x/net v0.0.0-20201224014010-6772e930b67b
+## explicit
+golang.org/x/net
+# golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9
+## explicit
+golang.org/x/sync
+# gopkg.in/couchbase/gocb.v1 v1.6.7
+## explicit
+gopkg.in/couchbase/gocb.v1
+# gopkg.in/couchbase/gocbcore.v7 v7.1.18
+## explicit
+gopkg.in/couchbase/gocbcore.v7
+# gopkg.in/couchbaselabs/gocbconnstr.v1 v1.0.4
+## explicit
+gopkg.in/couchbaselabs/gocbconnstr.v1
+# gopkg.in/couchbaselabs/gojcbmock.v1 v1.0.4
+## explicit
+gopkg.in/couchbaselabs/gojcbmock.v1
+# gopkg.in/couchbaselabs/jsonx.v1 v1.0.0
+## explicit
+gopkg.in/couchbaselabs/jsonx.v1