diff --git a/ql/src/semmle/go/frameworks/SQL.qll b/ql/src/semmle/go/frameworks/SQL.qll index 173be722649..eb715ffdf3d 100644 --- a/ql/src/semmle/go/frameworks/SQL.qll +++ b/ql/src/semmle/go/frameworks/SQL.qll @@ -229,31 +229,30 @@ module Gorm { * Provides classes for working with the [XORM](https://xorm.io/) package. */ module Xorm { - /** Gets the package name for Xorm. */ - string packagePath() { result = package(["xorm.io/xorm", "github.com/go-xorm/xorm"], "") } - - /** A model for sinks of XORM. */ - private class XormSink extends SQL::QueryString::Range { - XormSink() { - exists(Method meth, string package, string type, string name, int n | - meth.hasQualifiedName(package, type, name) and - this = meth.getACall().getArgument(n) and - this.getType().getUnderlyingType() instanceof StringType and - package = Xorm::packagePath() and - type = ["Engine", "Session"] - | - name = - [ - "Query", "Exec", "QueryString", "QueryInterface", "SQL", "Where", "And", "Or", "Alias", - "NotIn", "In", "Select", "SetExpr", "OrderBy", "Having", "GroupBy" - ] and - n = 0 - or - name = ["SumInt", "Sum", "Sums", "SumsInt"] and n = 1 - or - name = "Join" and n = [0, 1, 2] - ) - } + /** Gets the package name for Xorm. */ + string packagePath() { result = package(["xorm.io/xorm", "github.com/go-xorm/xorm"], "") } + + /** A model for sinks of XORM. */ + private class XormSink extends SQL::QueryString::Range { + XormSink() { + exists(Method meth, string package, string type, string name, int n | + meth.hasQualifiedName(package, type, name) and + this = meth.getACall().getArgument(n) and + this.getType().getUnderlyingType() instanceof StringType and + package = Xorm::packagePath() and + type = ["Engine", "Session"] + | + name = + [ + "Query", "Exec", "QueryString", "QueryInterface", "SQL", "Where", "And", "Or", "Alias", + "NotIn", "In", "Select", "SetExpr", "OrderBy", "Having", "GroupBy" + ] and + n = 0 + or + name = ["SumInt", "Sum", "Sums", "SumsInt"] and n = 1 + or + name = "Join" and n = [0, 1, 2] + ) } } - \ No newline at end of file +}