Merge pull request #17336 from github/henrymercer/rc-3.15-mergeback

Merge `rc/3.15` back into `main`

cpp/ql/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.4.1
+
+No user-facing changes.
+
 ## 1.4.0
 
 ### New Features

cpp/ql/lib/change-notes/released/1.4.1.md

@@ -0,0 +1,3 @@
+## 1.4.1
+
+No user-facing changes.

cpp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.4.0
+lastReleaseVersion: 1.4.1

cpp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 1.4.1-dev
+version: 1.4.2-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp

cpp/ql/src/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 1.2.1
+
+### Minor Analysis Improvements
+
+* The `cpp/uncontrolled-allocation-size` ("Uncontrolled allocation size") query now considers arithmetic operations that might reduce the size of user input as a barrier. The query therefore produces fewer false positive results.
+
 ## 1.2.0
 
 ### Query Metadata Changes

cpp/ql/src/change-notes/released/1.2.1.md

@@ -1,4 +1,5 @@
----
-category: minorAnalysis
----
-* The `cpp/uncontrolled-allocation-size` ("Uncontrolled allocation size") query now considers arithmetic operations that might reduce the size of user input as a barrier. The query therefore produces fewer false positive results.
+## 1.2.1
+
+### Minor Analysis Improvements
+
+* The `cpp/uncontrolled-allocation-size` ("Uncontrolled allocation size") query now considers arithmetic operations that might reduce the size of user input as a barrier. The query therefore produces fewer false positive results.

cpp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.2.0
+lastReleaseVersion: 1.2.1

cpp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.2.1-dev
+version: 1.2.2-dev
 groups:
   - cpp
   - queries

csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.7.23
+
+No user-facing changes.
+
 ## 1.7.22
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.23.md

@@ -0,0 +1,3 @@
+## 1.7.23
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.22
+lastReleaseVersion: 1.7.23

csharp/ql/campaigns/Solorigate/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.23-dev
+version: 1.7.24-dev
 groups:
   - csharp
   - solorigate

csharp/ql/campaigns/Solorigate/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.7.23
+
+No user-facing changes.
+
 ## 1.7.22
 
 No user-facing changes.

csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.23.md

@@ -0,0 +1,3 @@
+## 1.7.23
+
+No user-facing changes.

csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.22
+lastReleaseVersion: 1.7.23

csharp/ql/campaigns/Solorigate/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.23-dev
+version: 1.7.24-dev
 groups:
   - csharp
   - solorigate

csharp/ql/lib/CHANGELOG.md

@@ -1,3 +1,14 @@
+## 1.1.0
+
+### Major Analysis Improvements
+
+* Added support for data flow through side-effects on static fields. For example, when a static field containing an array is updated.
+
+### Minor Analysis Improvements
+
+* Added some new `local` source models. Most prominently `System.IO.Path.GetTempPath` and `System.Environment.GetFolderPath`. This might produce more alerts, if the `local` threat model is enabled.
+* The extractor has been changed to not skip source files that have already been seen. This has an impact on source files that are compiled multiple times in the build process. Source files with conditional compilation preprocessor directives (such as `#if`) are now extracted for each set of preprocessor symbols that are used during the build process.
+
 ## 1.0.5
 
 No user-facing changes.

csharp/ql/lib/change-notes/2024-05-23-static-field-side-effect.md

@@ -1,4 +0,0 @@
----
-category: majorAnalysis
----
-* Added support for data flow through side-effects on static fields. For example, when a static field containing an array is updated.

csharp/ql/lib/change-notes/2024-07-10-conditional-compilation.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* The extractor has been changed to not skip source files that have already been seen. This has an impact on source files that are compiled multiple times in the build process. Source files with conditional compilation preprocessor directives (such as `#if`) are now extracted for each set of preprocessor symbols that are used during the build process.

csharp/ql/lib/change-notes/2024-07-19-added-sources.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Added some new `local` source models. Most prominently `System.IO.Path.GetTempPath` and `System.Environment.GetFolderPath`. This might produce more alerts, if the `local` threat model is enabled.

csharp/ql/lib/change-notes/released/1.1.0.md

@@ -0,0 +1,10 @@
+## 1.1.0
+
+### Major Analysis Improvements
+
+* Added support for data flow through side-effects on static fields. For example, when a static field containing an array is updated.
+
+### Minor Analysis Improvements
+
+* Added some new `local` source models. Most prominently `System.IO.Path.GetTempPath` and `System.Environment.GetFolderPath`. This might produce more alerts, if the `local` threat model is enabled.
+* The extractor has been changed to not skip source files that have already been seen. This has an impact on source files that are compiled multiple times in the build process. Source files with conditional compilation preprocessor directives (such as `#if`) are now extracted for each set of preprocessor symbols that are used during the build process.

csharp/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.5
+lastReleaseVersion: 1.1.0

csharp/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 1.0.6-dev
+version: 1.1.1-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp

csharp/ql/src/CHANGELOG.md

@@ -1,3 +1,10 @@
+## 1.0.6
+
+### Minor Analysis Improvements
+
+* Attributes in the `System.Runtime.CompilerServices` namespace are ignored when checking if a declaration requires documentation comments.
+* C# build-mode `none` analyses now report a warning on the CodeQL status page when there are significant analysis problems -- defined as 5% of expressions lacking a type, or 5% of call targets being unknown. Other messages reported on the status page are downgraded from warnings to notes and so are less prominent, but are still available for review.
+
 ## 1.0.5
 
 No user-facing changes.

csharp/ql/src/change-notes/2024-08-07-db-quality-diagnostic.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* C# build-mode `none` analyses now report a warning on the CodeQL status page when there are significant analysis problems-- defined as 5% of expressions lacking a type, or 5% of call targets being unknown. Other messages reported on the status page are downgraded from warnings to notes and so are less prominent, but are still available for review.

csharp/ql/src/change-notes/2024-08-12-doc-comments.md

@@ -1,4 +0,0 @@
----
-category: minorAnalysis
----
-* Attributes in the `System.Runtime.CompilerServices` namespace are ignored when checking if a declaration requires documentation comments.

csharp/ql/src/change-notes/released/1.0.6.md

@@ -0,0 +1,6 @@
+## 1.0.6
+
+### Minor Analysis Improvements
+
+* Attributes in the `System.Runtime.CompilerServices` namespace are ignored when checking if a declaration requires documentation comments.
+* C# build-mode `none` analyses now report a warning on the CodeQL status page when there are significant analysis problems -- defined as 5% of expressions lacking a type, or 5% of call targets being unknown. Other messages reported on the status page are downgraded from warnings to notes and so are less prominent, but are still available for review.

csharp/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.5
+lastReleaseVersion: 1.0.6

csharp/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.0.6-dev
+version: 1.0.7-dev
 groups:
   - csharp
   - queries

docs/codeql/codeql-language-guides/analyzing-data-flow-in-cpp-new.rst

@@ -0,0 +1,9 @@
+.. _analyzing-data-flow-in-cpp-new:
+
+:orphan:
+:nosearch:
+
+Analyzing data flow in C and C++
+================================
+
+This article has moved to a new location: https://codeql.github.com/docs/codeql-language-guides/analyzing-data-flow-in-cpp/.

docs/codeql/conf.py

@@ -67,7 +67,7 @@ def setup(sphinx):
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
-language = None
+language = 'en'
 
 # If true, `todo` and `todoList` produce output, else they produce nothing.
 todo_include_todos = False

go/ql/consistency-queries/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.0.6
+
+No user-facing changes.
+
 ## 1.0.5
 
 No user-facing changes.

go/ql/consistency-queries/change-notes/released/1.0.6.md

@@ -0,0 +1,3 @@
+## 1.0.6
+
+No user-facing changes.

go/ql/consistency-queries/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.5
+lastReleaseVersion: 1.0.6

go/ql/consistency-queries/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.6-dev
+version: 1.0.7-dev
 groups:
   - go
   - queries

go/ql/lib/CHANGELOG.md

@@ -1,3 +1,21 @@
+## 1.1.5
+
+### Minor Analysis Improvements
+
+* Local source models for reading and parsing environment variables have been added for the following libraries:
+  - os
+  - syscall
+  - github.com/caarlos0/env
+  - github.com/gobuffalo/envy
+  - github.com/hashicorp/go-envparse
+  - github.com/joho/godotenv
+  - github.com/kelseyhightower/envconfig
+* Local source models have been added for the APIs which open files in the `io/fs`, `io/ioutil` and `os` packages in the Go standard library. You can optionally include threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models).
+
+### Bug Fixes
+
+* Fixed an issue where `io/ioutil.WriteFile`'s non-path arguments incorrectly generated `go/path-injection` alerts when untrusted data was written to a file, or controlled the file's mode.
+
 ## 1.1.4
 
 No user-facing changes.

go/ql/lib/change-notes/2024-08-12-add-environment-models.md

@@ -1,11 +0,0 @@
----
-category: minorAnalysis
----
-* Local source models for reading and parsing environment variables have been added for the following libraries:
-  - os
-  - syscall
-  - github.com/caarlos0/env
-  - github.com/gobuffalo/envy
-  - github.com/hashicorp/go-envparse
-  - github.com/joho/godotenv
-  - github.com/kelseyhightower/envconfig

go/ql/lib/change-notes/released/1.1.5.md

@@ -1,4 +1,17 @@
----
-category: minorAnalysis
----
+## 1.1.5
+
+### Minor Analysis Improvements
+
+* Local source models for reading and parsing environment variables have been added for the following libraries:
+  - os
+  - syscall
+  - github.com/caarlos0/env
+  - github.com/gobuffalo/envy
+  - github.com/hashicorp/go-envparse
+  - github.com/joho/godotenv
+  - github.com/kelseyhightower/envconfig
 * Local source models have been added for the APIs which open files in the `io/fs`, `io/ioutil` and `os` packages in the Go standard library. You can optionally include threat models as appropriate when using the CodeQL CLI and in GitHub code scanning. For more information, see [Analyzing your code with CodeQL queries](https://docs.github.com/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries#including-model-packs-to-add-potential-sources-of-tainted-data>) and [Customizing your advanced setup for code scanning](https://docs.github.com/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-threat-models).
+
+### Bug Fixes
+
+* Fixed an issue where `io/ioutil.WriteFile`'s non-path arguments incorrectly generated `go/path-injection` alerts when untrusted data was written to a file, or controlled the file's mode.

go/ql/lib/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.1.4
+lastReleaseVersion: 1.1.5

go/ql/lib/ext/database.sql.driver.model.yml

@@ -1,14 +1,4 @@
 extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["database/sql/driver", "Execer", False, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql/driver", "ExecerContext", False, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql/driver", "Conn", False, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql/driver", "ConnPrepareContext", False, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql/driver", "Queryer", False, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql/driver", "QueryerContext", False, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel

go/ql/lib/ext/database.sql.model.yml

@@ -1,32 +1,4 @@
 extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["database/sql", "Conn", False, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "Conn", False, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql", "Conn", False, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "Conn", False, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql", "Conn", False, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "Conn", False, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql", "Conn", False, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "Conn", False, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql", "DB", False, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "DB", False, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql", "DB", False, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "DB", False, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql", "DB", False, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "DB", False, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql", "DB", False, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "DB", False, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql", "Tx", False, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "Tx", False, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql", "Tx", False, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "Tx", False, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql", "Tx", False, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "Tx", False, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["database/sql", "Tx", False, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["database/sql", "Tx", False, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel

go/ql/lib/ext/fmt.model.yml

@@ -1,11 +1,4 @@
 extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["fmt", "", False, "Print", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["fmt", "", False, "Printf",  "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["fmt", "", False, "Println", "", "", "Argument[0]", "log-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel

go/ql/lib/ext/github.com.beego.beego.client.orm.model.yml

@@ -1,42 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: packageGrouping
-    data:
-      - ["beego-orm", "github.com/beego/beego/client/orm"]
-      - ["beego-orm", "github.com/astaxie/beego/orm"]
-      - ["beego-orm", "github.com/beego/beego/orm"]
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["group:beego-orm", "Condition", False, "Raw", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:beego-orm", "DB", False, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:beego-orm", "DB", False, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:beego-orm", "DB", False, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:beego-orm", "DB", False, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:beego-orm", "DB", False, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:beego-orm", "DB", False, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:beego-orm", "DB", False, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:beego-orm", "DB", False, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:beego-orm", "Ormer", False, "Raw", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:beego-orm", "QueryBuilder", False, "And", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:beego-orm", "QueryBuilder", False, "Delete", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:beego-orm", "QueryBuilder", False, "From", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:beego-orm", "QueryBuilder", False, "GroupBy", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:beego-orm", "QueryBuilder", False, "Having", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:beego-orm", "QueryBuilder", False, "In", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:beego-orm", "QueryBuilder", False, "InnerJoin", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:beego-orm", "QueryBuilder", False, "InsertInto", "", "", "Argument[0..1]", "sql-injection", "manual"]
-      - ["group:beego-orm", "QueryBuilder", False, "LeftJoin", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:beego-orm", "QueryBuilder", False, "On", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:beego-orm", "QueryBuilder", False, "Or", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:beego-orm", "QueryBuilder", False, "OrderBy", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:beego-orm", "QueryBuilder", False, "RightJoin", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:beego-orm", "QueryBuilder", False, "Select", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:beego-orm", "QueryBuilder", False, "Set", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:beego-orm", "QueryBuilder", False, "Subquery", "", "", "Argument[0..1]", "sql-injection", "manual"]
-      - ["group:beego-orm", "QueryBuilder", False, "Update", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:beego-orm", "QueryBuilder", False, "Values", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:beego-orm", "QueryBuilder", False, "Where", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:beego-orm", "QuerySeter", False, "FilterRaw", "", "", "Argument[1]", "sql-injection", "manual"]

go/ql/lib/ext/github.com.beego.beego.core.logs.model.yml

@@ -1,34 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: packageGrouping
-    data:
-      - ["beego-logs", "github.com/astaxie/beego/logs"]
-      - ["beego-logs", "github.com/beego/beego/logs"]
-      - ["beego-logs", "github.com/beego/beego/core/logs"]
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["group:beego-logs", "", False, "Alert", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego-logs", "", False, "Critical", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego-logs", "", False, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego-logs", "", False, "Emergency", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego-logs", "", False, "Error", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego-logs", "", False, "Info", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego-logs", "", False, "Informational", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego-logs", "", False, "Notice", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego-logs", "", False, "Trace", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego-logs", "", False, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego-logs", "", False, "Warning", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego-logs", "BeeLogger", False, "Alert", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego-logs", "BeeLogger", False, "Critical", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego-logs", "BeeLogger", False, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego-logs", "BeeLogger", False, "Emergency", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego-logs", "BeeLogger", False, "Error", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego-logs", "BeeLogger", False, "Info", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego-logs", "BeeLogger", False, "Informational", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego-logs", "BeeLogger", False, "Notice", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego-logs", "BeeLogger", False, "Trace", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego-logs", "BeeLogger", False, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego-logs", "BeeLogger", False, "Warning", "", "", "Argument[0..1]", "log-injection", "manual"]

go/ql/lib/ext/github.com.beego.beego.core.utils.model.yml

@@ -6,11 +6,6 @@ extensions:
       - ["beego-utils", "github.com/astaxie/beego/utils"]
       - ["beego-utils", "github.com/beego/beego/utils"]
       - ["beego-utils", "github.com/beego/beego/core/utils"]
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["group:beego-utils", "", False, "Display", "", "", "Argument[0]", "log-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel

go/ql/lib/ext/github.com.beego.beego.server.web.model.yml

@@ -10,18 +10,6 @@ extensions:
       pack: codeql/go-all
       extensible: sinkModel
     data:
-      # log-injection
-      - ["group:beego", "", False, "Alert", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego", "", False, "Critical", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego", "", False, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego", "", False, "Emergency", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego", "", False, "Error", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego", "", False, "Info", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego", "", False, "Informational", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego", "", False, "Notice", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego", "", False, "Trace", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego", "", False, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:beego", "", False, "Warning", "", "", "Argument[0..1]", "log-injection", "manual"]
       # path-injection
       - ["group:beego", "", False, "Walk", "", "", "Argument[1]", "path-injection", "manual"]
       - ["group:beego", "Controller", False, "SaveToFile", "", "", "Argument[1]", "path-injection", "manual"]

go/ql/lib/ext/github.com.couchbase.gocb.model.yml

@@ -3,43 +3,28 @@ extensions:
       pack: codeql/go-all
       extensible: packageGrouping
     data:
-      - ["gocb1", "fixed-version:github.com/couchbase/gocb"]
-      - ["gocb1", "fixed-version:gopkg.in/couchbase/gocb.v1"]
-      - ["gocb1", "fixed-version:github.com/couchbaselabs/gocb"]
-      - ["gocb2", "github.com/couchbase/gocb/v2"]
-      - ["gocb2", "gopkg.in/couchbase/gocb.v2"]
-      - ["gocb2", "github.com/couchbaselabs/gocb/v2"]
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["group:gocb1", "Bucket", True, "ExecuteN1qlQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
-      - ["group:gocb1", "Bucket", True, "ExecuteAnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
-      - ["group:gocb1", "Cluster", True, "ExecuteN1qlQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
-      - ["group:gocb1", "Cluster", True, "ExecuteAnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
-      - ["group:gocb2", "Cluster", True, "AnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
-      - ["group:gocb2", "Cluster", True, "Query", "", "", "Argument[0]", "nosql-injection", "manual"]
-      - ["group:gocb2", "Scope", True, "AnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
-      - ["group:gocb2", "Scope", True, "Query", "", "", "Argument[0]", "nosql-injection", "manual"]
+      - ["gocb", "github.com/couchbase/gocb"]
+      - ["gocb", "gopkg.in/couchbase/gocb"]
+      - ["gocb", "github.com/couchbaselabs/gocb"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel
     data:
-      - ["group:gocb1", "", False, "NewAnalyticsQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "", False, "NewN1qlQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "AnalyticsQuery", True, "ContextId", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "AnalyticsQuery", True, "Deferred", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "AnalyticsQuery", True, "Pretty", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "AnalyticsQuery", True, "Priority", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "AnalyticsQuery", True, "RawParam", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "AnalyticsQuery", True, "ServerSideTimeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "N1qlQuery", True, "AdHoc", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "N1qlQuery", True, "Consistency", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "N1qlQuery", True, "ConsistentWith", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "N1qlQuery", True, "Custom", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "N1qlQuery", True, "PipelineBatch", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "N1qlQuery", True, "PipelineCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "N1qlQuery", True, "Profile", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "N1qlQuery", True, "ReadOnly", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "N1qlQuery", True, "ScanCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb1", "N1qlQuery", True, "Timeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "", False, "NewAnalyticsQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "", False, "NewN1qlQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "AnalyticsQuery", True, "ContextId", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "AnalyticsQuery", True, "Deferred", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "AnalyticsQuery", True, "Pretty", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "AnalyticsQuery", True, "Priority", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "AnalyticsQuery", True, "RawParam", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "AnalyticsQuery", True, "ServerSideTimeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "AdHoc", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "Consistency", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "ConsistentWith", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "Custom", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "PipelineBatch", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "PipelineCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "Profile", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "ReadOnly", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "ScanCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb", "N1qlQuery", True, "Timeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]

go/ql/lib/ext/github.com.davecgh.go-spew.spew.model.yml

@@ -1,14 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["github.com/davecgh/go-spew/spew", "", False, "Dump", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["github.com/davecgh/go-spew/spew", "", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["github.com/davecgh/go-spew/spew", "", False, "Fdump", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["github.com/davecgh/go-spew/spew", "", False, "Fprint", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["github.com/davecgh/go-spew/spew", "", False, "Fprintf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["github.com/davecgh/go-spew/spew", "", False, "Fprintln", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["github.com/davecgh/go-spew/spew", "", False, "Print", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["github.com/davecgh/go-spew/spew", "", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["github.com/davecgh/go-spew/spew", "", False, "Println", "", "", "Argument[0]", "log-injection", "manual"]

go/ql/lib/ext/github.com.elazarl.goproxy.model.yml

@@ -1,10 +1,4 @@
 extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["github.com/elazarl/goproxy", "ProxyCtx", False, "Logf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["github.com/elazarl/goproxy", "ProxyCtx", False, "Warnf", "", "", "Argument[0..1]", "log-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel

go/ql/lib/ext/github.com.gogf.gf.database.gdb.model.yml

@@ -1,57 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      # These models are for v1. Some of them hold for v2, but we should model v2 properly.
-      - ["github.com/gogf/gf/database/gdb", "Core", True, "DoCommit", "", "", "Argument[2]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Core", True, "DoExec", "", "", "Argument[2]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Core", True, "DoGetAll", "", "", "Argument[2]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Core", True, "DoQuery", "", "", "Argument[2]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Core", True, "DoPrepare", "", "", "Argument[2]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Core", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Core", True, "GetAll", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Core", True, "GetArray", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Core", True, "GetCount", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Core", True, "GetOne", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Core", True, "GetScan", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Core", True, "GetStruct", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Core", True, "GetStructs", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Core", True, "GetValue", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Core", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Core", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Core", True, "Raw", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "DB", True, "DoCommit", "", "", "Argument[2]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "DB", True, "DoExec", "", "", "Argument[2]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "DB", True, "DoGetAll", "", "", "Argument[2]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "DB", True, "DoQuery", "", "", "Argument[2]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "DB", True, "DoPrepare", "", "", "Argument[2]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "DB", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "DB", True, "GetAll", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "DB", True, "GetArray", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "DB", True, "GetCount", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "DB", True, "GetOne", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "DB", True, "GetScan", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "DB", True, "GetStruct", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "DB", True, "GetStructs", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "DB", True, "GetValue", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "DB", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "DB", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "DB", True, "Raw", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Tx", True, "DoCommit", "", "", "Argument[2]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Tx", True, "DoExec", "", "", "Argument[2]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Tx", True, "DoGetAll", "", "", "Argument[2]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Tx", True, "DoQuery", "", "", "Argument[2]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Tx", True, "DoPrepare", "", "", "Argument[2]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Tx", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Tx", True, "GetAll", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Tx", True, "GetArray", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Tx", True, "GetCount", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Tx", True, "GetOne", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Tx", True, "GetScan", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Tx", True, "GetStruct", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Tx", True, "GetStructs", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Tx", True, "GetValue", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Tx", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Tx", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/gogf/gf/database/gdb", "Tx", True, "Raw", "", "", "Argument[0]", "sql-injection", "manual"]

go/ql/lib/ext/github.com.golang.glog.model.yml

@@ -1,102 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: packageGrouping
-    data:
-      - ["glog", "github.com/golang/glog"]
-      - ["glog", "gopkg.in/glog"]
-      - ["glog", "k8s.io/klog"]
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["group:glog", "", False, "Error", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:glog", "", False, "ErrorContext", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:glog", "", False, "ErrorContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
-      - ["group:glog", "", False, "ErrorContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
-      - ["group:glog", "", False, "ErrorContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["group:glog", "", False, "ErrorDepth", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:glog", "", False, "ErrorDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["group:glog", "", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:glog", "", False, "Errorln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:glog", "", False, "Exit", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:glog", "", False, "ExitContext", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:glog", "", False, "ExitContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
-      - ["group:glog", "", False, "ExitContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
-      - ["group:glog", "", False, "ExitContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["group:glog", "", False, "ExitDepth", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:glog", "", False, "ExitDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["group:glog", "", False, "Exitf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:glog", "", False, "Exitln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:glog", "", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:glog", "", False, "FatalContext", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:glog", "", False, "FatalContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
-      - ["group:glog", "", False, "FatalContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
-      - ["group:glog", "", False, "FatalContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["group:glog", "", False, "FatalDepth", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:glog", "", False, "FatalDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["group:glog", "", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:glog", "", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:glog", "", False, "Info", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:glog", "", False, "InfoContext", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:glog", "", False, "InfoContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
-      - ["group:glog", "", False, "InfoContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
-      - ["group:glog", "", False, "InfoContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["group:glog", "", False, "InfoDepth", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:glog", "", False, "InfoDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["group:glog", "", False, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:glog", "", False, "Infoln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:glog", "", False, "Warning", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:glog", "", False, "WarningContext", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:glog", "", False, "WarningContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
-      - ["group:glog", "", False, "WarningContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
-      - ["group:glog", "", False, "WarningContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["group:glog", "", False, "WarningDepth", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:glog", "", False, "WarningDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["group:glog", "", False, "Warningf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:glog", "", False, "Warningln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "Error", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "ErrorContext", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "ErrorContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "ErrorContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "ErrorContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "ErrorDepth", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "ErrorDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "Errorln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "Exit", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "ExitContext", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "ExitContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "ExitContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "ExitContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "ExitDepth", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "ExitDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "Exitf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "Exitln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "FatalContext", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "FatalContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "FatalContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "FatalContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "FatalDepth", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "FatalDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "Info", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "InfoContext", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "InfoContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "InfoContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "InfoContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "InfoDepth", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "InfoDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "Infoln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "Warning", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "WarningContext", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "WarningContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "WarningContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "WarningContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "WarningDepth", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "WarningDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "Warningf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:glog", "Verbose", False, "Warningln", "", "", "Argument[0]", "log-injection", "manual"]

go/ql/lib/ext/github.com.jmoiron.sqlx.model.yml

@@ -1,17 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["github.com/jmoiron/sqlx", "DB", True, "Get", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/jmoiron/sqlx", "DB", True, "MustExec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/jmoiron/sqlx", "DB", True, "NamedExec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/jmoiron/sqlx", "DB", True, "NamedQuery", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/jmoiron/sqlx", "DB", True, "Queryx", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/jmoiron/sqlx", "DB", True, "Select", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/jmoiron/sqlx", "Tx", True, "Get", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/jmoiron/sqlx", "Tx", True, "MustExec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/jmoiron/sqlx", "Tx", True, "NamedExec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/jmoiron/sqlx", "Tx", True, "NamedQuery", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/jmoiron/sqlx", "Tx", True, "Queryx", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/jmoiron/sqlx", "Tx", True, "Select", "", "", "Argument[1]", "sql-injection", "manual"]

go/ql/lib/ext/github.com.mastermind.squirrel.model.yml

@@ -1,51 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: packageGrouping
-    data:
-      - ["squirrel", "github.com/Masterminds/squirrel"]
-      - ["squirrel", "gopkg.in/Masterminds/squirrel"]
-      - ["squirrel", "github.com/lann/squirrel"]
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["group:squirrel", "", True, "Delete", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:squirrel", "", True, "Expr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:squirrel", "", True, "Insert", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:squirrel", "", True, "Select", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement
-      - ["group:squirrel", "", True, "Update", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement
-
-      - ["group:squirrel", "DeleteBuilder", True, "From", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:squirrel", "DeleteBuilder", True, "OrderBy", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement
-      - ["group:squirrel", "DeleteBuilder", True, "Prefix", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:squirrel", "DeleteBuilder", True, "Suffix", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:squirrel", "DeleteBuilder", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]
-
-      - ["group:squirrel", "InsertBuilder", True, "Columns", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement
-      - ["group:squirrel", "InsertBuilder", True, "Into", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:squirrel", "InsertBuilder", True, "Options", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement
-      - ["group:squirrel", "InsertBuilder", True, "Prefix", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:squirrel", "InsertBuilder", True, "Suffix", "", "", "Argument[0]", "sql-injection", "manual"]
-
-      - ["group:squirrel", "SelectBuilder", True, "CrossJoin", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:squirrel", "SelectBuilder", True, "Column", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:squirrel", "SelectBuilder", True, "Columns", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement
-      - ["group:squirrel", "SelectBuilder", True, "From", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:squirrel", "SelectBuilder", True, "GroupBy", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:squirrel", "SelectBuilder", True, "InnerJoin", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:squirrel", "SelectBuilder", True, "LeftJoin", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:squirrel", "SelectBuilder", True, "Options", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement
-      - ["group:squirrel", "SelectBuilder", True, "OrderBy", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement
-      - ["group:squirrel", "SelectBuilder", True, "Prefix", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:squirrel", "SelectBuilder", True, "RightJoin", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:squirrel", "SelectBuilder", True, "Suffix", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:squirrel", "SelectBuilder", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]
-
-      - ["group:squirrel", "UpdateBuilder", True, "From", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:squirrel", "UpdateBuilder", True, "OrderBy", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement
-      - ["group:squirrel", "UpdateBuilder", True, "Prefix", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:squirrel", "UpdateBuilder", True, "Set", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:squirrel", "UpdateBuilder", True, "Suffix", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:squirrel", "UpdateBuilder", True, "Table", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:squirrel", "UpdateBuilder", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]

go/ql/lib/ext/github.com.rqlite.gorqlite.model.yml

@@ -1,35 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: packageGrouping
-    data:
-      - ["gorqlite", "github.com/rqlite/gorqlite"]
-      - ["gorqlite", "github.com/raindog308/gorqlite"]
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["group:gorqlite", "Connection", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "QueryOne", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "QueryOneContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "QueryOneParameterized", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "QueryOneParameterizedContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "QueryParameterized", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "QueryParameterizedContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "Queue", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "QueueContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "QueueOne", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "QueueOneContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "QueueOneParameterized", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "QueueOneParameterizedContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "QueueParameterized", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "QueueParameterizedContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "Write", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "WriteContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "WriteOne", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "WriteOneContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "WriteOneParameterized", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "WriteOneParameterizedContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "WriteParameterized", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorqlite", "Connection", True, "WriteParameterizedContext", "", "", "Argument[1]", "sql-injection", "manual"]

go/ql/lib/ext/github.com.sirupsen.logrus.model.yml

@@ -1,131 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: packageGrouping
-    data:
-      - ["logrus", "github.com/sirupsen/logrus"]
-      - ["logrus", "github.com/Sirupsen/logrus"]
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["group:logrus", "", False, "Debug", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "DebugFn", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Debugf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Debugln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Error", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "ErrorFn", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Errorln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "FatalFn", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Info", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "InfoFn", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Infoln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Panic", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "PanicFn", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Panicln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Print", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "PrintFn", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Println", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Trace", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "TraceFn", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Tracef", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Traceln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Warn", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "WarnFn", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Warnf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Warnln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Warning", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "WarningFn", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Warningf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "Warningln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "WithError", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "WithField", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "WithFields", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "", False, "WithTime", "", "", "Argument[0]", "log-injection", "manual"]
-
-      - ["group:logrus", "Entry", False, "Debug", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Debugf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Debugln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Error", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Errorln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Info", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Infoln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Log", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Logf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Logln", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Panic", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Panicln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Print", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Println", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Trace", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Tracef", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Traceln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Warn", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Warnf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Warnln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Warning", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Warningf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "Warningln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "WithError", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "WithField", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "WithFields", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Entry", False, "WithTime", "", "", "Argument[0]", "log-injection", "manual"]
-
-      - ["group:logrus", "Logger", False, "Debug", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "DebugFn", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Debugf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Debugln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Error", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "ErrorFn", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Errorln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "FatalFn", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Info", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "InfoFn", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Infoln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Log", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "LogFn", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Logf", "", "", "Argument[1..2]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Logln", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Panic", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "PanicFn", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Panicln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Print", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "PrintFn", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Println", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Trace", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "TraceFn", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Tracef", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Traceln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Warn", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "WarnFn", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Warnf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Warnln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Warning", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "WarningFn", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Warningf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "Warningln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "WithError", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "WithField", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "WithFields", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["group:logrus", "Logger", False, "WithTime", "", "", "Argument[0]", "log-injection", "manual"]

go/ql/lib/ext/github.com.uptrace.bun.model.yml

@@ -1,68 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["github.com/uptrace/bun", "", True, "NewRawQuery", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "AddColumnQuery", True, "ColumnExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "AddColumnQuery", True, "ModelTableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "AddColumnQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "Conn", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "Conn", True, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "Conn", True, "NewRaw", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "Conn", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "Conn", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "Conn", True, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "Conn", True, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "Conn", True, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "Conn", True, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "Conn", True, "Raw", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "CreateIndexQuery", True, "ColumnExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "CreateIndexQuery", True, "ModelTableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "CreateIndexQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "CreateIndexQuery", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "CreateIndexQuery", True, "WhereOr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "CreateTableQuery", True, "ColumnExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "CreateTableQuery", True, "ModelTableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "CreateTableQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "DB", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "DB", True, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "DB", True, "NewRaw", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "DB", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "DB", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "DB", True, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "DB", True, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "DB", True, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "DB", True, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "DB", True, "Raw", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "DeleteQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "DeleteQuery", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "DeleteQuery", True, "WhereOr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "DropColumnQuery", True, "ColumnExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "DropColumnQuery", True, "ModelTableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "DropColumnQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "DropTableQuery", True, "ModelTableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "DropTableQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "InsertQuery", True, "ColumnExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "InsertQuery", True, "ModelTableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "InsertQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "InsertQuery", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "InsertQuery", True, "WhereOr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "MergeQuery", True, "ModelTableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "MergeQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "RawQuery", True, "NewRaw", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "SelectQuery", True, "ColumnExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "SelectQuery", True, "DistinctOn", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "SelectQuery", True, "For", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "SelectQuery", True, "GroupExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "SelectQuery", True, "Having", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "SelectQuery", True, "ModelTableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "SelectQuery", True, "OrderExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "SelectQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "SelectQuery", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "SelectQuery", True, "WhereOr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "TruncateTableQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "UpdateQuery", True, "ModelTableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "UpdateQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "UpdateQuery", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/uptrace/bun", "UpdateQuery", True, "WhereOr", "", "", "Argument[0]", "sql-injection", "manual"]

go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml

@@ -1,19 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Aggregate", "", "", "Argument[1]", "nosql-injection", "manual"]
-      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "CountDocuments", "", "", "Argument[1]", "nosql-injection", "manual"]
-      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "DeleteMany", "", "", "Argument[1]", "nosql-injection", "manual"]
-      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "DeleteOne", "", "", "Argument[1]", "nosql-injection", "manual"]
-      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Distinct", "", "", "Argument[2]", "nosql-injection", "manual"]
-      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Find", "", "", "Argument[1]", "nosql-injection", "manual"]
-      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOne", "", "", "Argument[1]", "nosql-injection", "manual"]
-      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOneAndDelete", "", "", "Argument[1]", "nosql-injection", "manual"]
-      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOneAndReplace", "", "", "Argument[1]", "nosql-injection", "manual"]
-      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOneAndUpdate", "", "", "Argument[1]", "nosql-injection", "manual"]
-      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "ReplaceOne", "", "", "Argument[1]", "nosql-injection", "manual"]
-      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "UpdateMany", "", "", "Argument[1]", "nosql-injection", "manual"]
-      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "UpdateOne", "", "", "Argument[1]", "nosql-injection", "manual"]
-      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Watch", "", "", "Argument[1]", "nosql-injection", "manual"]

go/ql/lib/ext/go.uber.org.zap.model.yml

@@ -1,41 +1,4 @@
 extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["go.uber.org/zap", "Logger", False, "DPanic", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "Logger", False, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "Logger", False, "Error", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "Logger", False, "Fatal", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "Logger", False, "Info", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "Logger", False, "Named", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "Logger", False, "Panic", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "Logger", False, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "Logger", False, "With", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "Logger", False, "WithOptions", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "DPanic", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "DPanicf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "DPanicw", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "Debug", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "Debugf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "Debugw", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "Error", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "Errorw", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "Fatalw", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "Info", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "Infow", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "Named", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "Panic", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "Panicw", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "Warn", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "Warnf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "Warnw", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["go.uber.org/zap", "SugaredLogger", False, "With", "", "", "Argument[0]", "log-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel

go/ql/lib/ext/gorm.io.gorm.model.yml

@@ -1,25 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: packageGrouping
-    data:
-      - ["gorm", "gorm.io/gorm"]
-      - ["gorm", "github.com/jinzhu/gorm"]
-      - ["gorm", "github.com/go-gorm/gorm"]
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["group:gorm", "DB", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorm", "DB", True, "Raw", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorm", "DB", True, "Order", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorm", "DB", True, "Not", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorm", "DB", True, "Or", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorm", "DB", True, "Select", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorm", "DB", True, "Table", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorm", "DB", True, "Group", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorm", "DB", True, "Having", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorm", "DB", True, "Joins", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorm", "DB", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorm", "DB", True, "Distinct", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:gorm", "DB", True, "Pluck", "", "", "Argument[0]", "sql-injection", "manual"]

go/ql/lib/ext/log.model.yml

@@ -1,28 +1,4 @@
 extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["log", "", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["log", "", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["log", "", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["log", "", False, "Output", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["log", "", False, "Panic", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["log", "", False, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["log", "", False, "Panicln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["log", "", False, "Print", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["log", "", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["log", "", False, "Println", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["log", "Logger", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["log", "Logger", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["log", "Logger", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["log", "Logger", False, "Output", "", "", "Argument[1]", "log-injection", "manual"]
-      - ["log", "Logger", False, "Panic", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["log", "Logger", False, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["log", "Logger", False, "Panicln", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["log", "Logger", False, "Print", "", "", "Argument[0]", "log-injection", "manual"]
-      - ["log", "Logger", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
-      - ["log", "Logger", False, "Println", "", "", "Argument[0]", "log-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel

go/ql/lib/ext/xorm.io.xorm.model.yml

@@ -1,53 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: packageGrouping
-    data:
-      - ["xorm", "xorm.io/xorm"]
-      - ["xorm", "github.com/go-xorm/xorm"]
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["group:xorm", "Engine", True, "Alias", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Engine", True, "And", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Engine", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Engine", True, "GroupBy", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Engine", True, "Having", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Engine", True, "In", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Engine", True, "Join", "", "", "Argument[0..2]", "sql-injection", "manual"]
-      - ["group:xorm", "Engine", True, "NotIn", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Engine", True, "Or", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Engine", True, "OrderBy", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Engine", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Engine", True, "QueryString", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Engine", True, "QueryInterface", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Engine", True, "Select", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Engine", True, "SetExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Engine", True, "SQL", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Engine", True, "Sum", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:xorm", "Engine", True, "Sums", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:xorm", "Engine", True, "SumInt", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:xorm", "Engine", True, "SumsInt", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:xorm", "Engine", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Session", True, "Alias", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Session", True, "And", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Session", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Session", True, "GroupBy", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Session", True, "Having", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Session", True, "In", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Session", True, "Join", "", "", "Argument[0..2]", "sql-injection", "manual"]
-      - ["group:xorm", "Session", True, "NotIn", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Session", True, "Or", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Session", True, "OrderBy", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Session", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Session", True, "QueryString", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Session", True, "QueryInterface", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Session", True, "Select", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Session", True, "SetExpr", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Session", True, "SQL", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["group:xorm", "Session", True, "Sum", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:xorm", "Session", True, "Sums", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:xorm", "Session", True, "SumInt", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:xorm", "Session", True, "SumsInt", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["group:xorm", "Session", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]

go/ql/lib/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 1.1.5-dev
+version: 1.1.6-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go

go/ql/lib/semmle/go/Concepts.qll

@@ -373,19 +373,6 @@ module LoggerCall {
   }
 }
 
-private class DefaultLoggerCall extends LoggerCall::Range, DataFlow::CallNode {
-  DataFlow::ArgumentNode messageArgument;
-
-  DefaultLoggerCall() {
-    sinkNode(messageArgument, "log-injection") and
-    this = messageArgument.getCall()
-  }
-
-  override DataFlow::Node getAMessageComponent() {
-    result = messageArgument.getACorrespondingSyntacticArgument()
-  }
-}
-
 /**
  * A function that encodes data into a binary or textual format.
  *

go/ql/lib/semmle/go/frameworks/Beego.qll

@@ -33,6 +33,13 @@ module Beego {
     result = package(v2modulePath(), "server/web/context")
   }
 
+  /** Gets the path for the logs package of beego. */
+  string logsPackagePath() {
+    result = package(v1modulePath(), "logs")
+    or
+    result = package(v2modulePath(), "core/logs")
+  }
+
   /** Gets the path for the utils package of beego. */
   string utilsPackagePath() {
     result = package(v1modulePath(), "utils")
@@ -165,6 +172,36 @@ module Beego {
     override string getAContentType() { none() }
   }
 
+  private string getALogFunctionName() {
+    result =
+      [
+        "Alert", "Critical", "Debug", "Emergency", "Error", "Info", "Informational", "Notice",
+        "Trace", "Warn", "Warning"
+      ]
+  }
+
+  private class ToplevelBeegoLoggers extends LoggerCall::Range, DataFlow::CallNode {
+    ToplevelBeegoLoggers() {
+      this.getTarget().hasQualifiedName([packagePath(), logsPackagePath()], getALogFunctionName())
+    }
+
+    override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
+  }
+
+  private class BeegoLoggerMethods extends LoggerCall::Range, DataFlow::MethodCallNode {
+    BeegoLoggerMethods() {
+      this.getTarget().hasQualifiedName(logsPackagePath(), "BeeLogger", getALogFunctionName())
+    }
+
+    override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
+  }
+
+  private class UtilLoggers extends LoggerCall::Range, DataFlow::CallNode {
+    UtilLoggers() { this.getTarget().hasQualifiedName(utilsPackagePath(), "Display") }
+
+    override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
+  }
+
   private class HtmlQuoteSanitizer extends SharedXss::Sanitizer {
     HtmlQuoteSanitizer() {
       exists(DataFlow::CallNode c | c.getTarget().hasQualifiedName(packagePath(), "Htmlquote") |

go/ql/lib/semmle/go/frameworks/BeegoOrm.qll

@@ -14,6 +14,57 @@ module BeegoOrm {
   /** Gets the package name `github.com/astaxie/beego/orm`. */
   string packagePath() { result = package("github.com/astaxie/beego", "orm") }
 
+  private class DbSink extends SQL::QueryString::Range {
+    DbSink() {
+      exists(Method m, string methodName, int argNum |
+        m.hasQualifiedName(packagePath(), "DB", methodName) and
+        (
+          methodName = ["Exec", "Prepare", "Query", "QueryRow"] and
+          argNum = 0
+          or
+          methodName = ["ExecContext", "PrepareContext", "QueryContext", "QueryRowContext"] and
+          argNum = 1
+        )
+      |
+        this = m.getACall().getArgument(argNum)
+      )
+    }
+  }
+
+  private class QueryBuilderSink extends SQL::QueryString::Range {
+    // Note this class doesn't do any escaping, unlike the true ORM part of the package
+    QueryBuilderSink() {
+      exists(Method impl | impl.implements(packagePath(), "QueryBuilder", _) |
+        this = impl.getACall().getASyntacticArgument()
+      ) and
+      this.getType().getUnderlyingType() instanceof StringType
+    }
+  }
+
+  private class OrmerRawSink extends SQL::QueryString::Range {
+    OrmerRawSink() {
+      exists(Method impl | impl.implements(packagePath(), "Ormer", "Raw") |
+        this = impl.getACall().getArgument(0)
+      )
+    }
+  }
+
+  private class QuerySeterFilterRawSink extends SQL::QueryString::Range {
+    QuerySeterFilterRawSink() {
+      exists(Method impl | impl.implements(packagePath(), "QuerySeter", "FilterRaw") |
+        this = impl.getACall().getArgument(1)
+      )
+    }
+  }
+
+  private class ConditionRawSink extends SQL::QueryString::Range {
+    ConditionRawSink() {
+      exists(Method impl | impl.implements(packagePath(), "Condition", "Raw") |
+        this = impl.getACall().getArgument(1)
+      )
+    }
+  }
+
   private class OrmerSource extends StoredXss::Source {
     OrmerSource() {
       exists(Method impl |

go/ql/lib/semmle/go/frameworks/Couchbase.qll

@@ -5,23 +5,57 @@
 import go
 
 /**
- * DEPRECATED
- *
  * Provides models of commonly used functions in the official Couchbase Go SDK library.
  */
-deprecated module Couchbase {
+module Couchbase {
   /**
-   * DEPRECATED
-   *
    * Gets a package path for the official Couchbase Go SDK library.
    *
    * Note that v1 and v2 have different APIs, but the names are disjoint so there is no need to
    * distinguish between them.
    */
-  deprecated string packagePath() {
+  string packagePath() {
     result =
       package([
           "gopkg.in/couchbase/gocb", "github.com/couchbase/gocb", "github.com/couchbaselabs/gocb"
         ], "")
   }
+
+  /**
+   * A query used in an API function acting on a `Bucket` or `Cluster` struct of v1 of
+   * the official Couchbase Go library, gocb.
+   */
+  private class CouchbaseV1Query extends NoSql::Query::Range {
+    CouchbaseV1Query() {
+      // func (b *Bucket) ExecuteAnalyticsQuery(q *AnalyticsQuery, params interface{}) (AnalyticsResults, error)
+      // func (b *Bucket) ExecuteN1qlQuery(q *N1qlQuery, params interface{}) (QueryResults, error)
+      // func (c *Cluster) ExecuteAnalyticsQuery(q *AnalyticsQuery, params interface{}) (AnalyticsResults, error)
+      // func (c *Cluster) ExecuteN1qlQuery(q *N1qlQuery, params interface{}) (QueryResults, error)
+      exists(Method meth, string structName, string methodName |
+        structName in ["Bucket", "Cluster"] and
+        methodName in ["ExecuteN1qlQuery", "ExecuteAnalyticsQuery"] and
+        meth.hasQualifiedName(packagePath(), structName, methodName) and
+        this = meth.getACall().getArgument(0)
+      )
+    }
+  }
+
+  /**
+   * A query used in an API function acting on a `Bucket` or `Cluster` struct of v1 of
+   * the official Couchbase Go library, gocb.
+   */
+  private class CouchbaseV2Query extends NoSql::Query::Range {
+    CouchbaseV2Query() {
+      // func (c *Cluster) AnalyticsQuery(statement string, opts *AnalyticsOptions) (*AnalyticsResult, error)
+      // func (c *Cluster) Query(statement string, opts *QueryOptions) (*QueryResult, error)
+      // func (s *Scope) AnalyticsQuery(statement string, opts *AnalyticsOptions) (*AnalyticsResult, error)
+      // func (s *Scope) Query(statement string, opts *QueryOptions) (*QueryResult, error)
+      exists(Method meth, string structName, string methodName |
+        structName in ["Cluster", "Scope"] and
+        methodName in ["AnalyticsQuery", "Query"] and
+        meth.hasQualifiedName(packagePath(), structName, methodName) and
+        this = meth.getACall().getArgument(0)
+      )
+    }
+  }
 }

go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll

@@ -100,4 +100,10 @@ module ElazarlGoproxy {
 
     override int getFormatStringIndex() { result = 0 }
   }
+
+  private class ProxyLog extends LoggerCall::Range, DataFlow::MethodCallNode {
+    ProxyLog() { this.getTarget() instanceof ProxyLogFunction }
+
+    override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
+  }
 }

go/ql/lib/semmle/go/frameworks/Glog.qll

@@ -40,4 +40,14 @@ module Glog {
 
     override int getFormatStringIndex() { result = super.getFirstPrintedArg() }
   }
+
+  private class GlogCall extends LoggerCall::Range, DataFlow::CallNode {
+    GlogFunction callee;
+
+    GlogCall() { this = callee.getACall() }
+
+    override DataFlow::Node getAMessageComponent() {
+      result = this.getSyntacticArgument(any(int i | i >= callee.getFirstPrintedArg()))
+    }
+  }
 }

go/ql/lib/semmle/go/frameworks/Logrus.qll

@@ -28,6 +28,12 @@ module Logrus {
     }
   }
 
+  private class LogCall extends LoggerCall::Range, DataFlow::CallNode {
+    LogCall() { this = any(LogFunction f).getACall() }
+
+    override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
+  }
+
   private class StringFormatters extends StringOps::Formatting::Range instanceof LogFunction {
     int argOffset;
 

go/ql/lib/semmle/go/frameworks/NoSQL.qll

@@ -31,6 +31,84 @@ module NoSql {
         )
       }
     }
+
+    /**
+     * Holds if method `name` of struct `Collection` from package
+     * [go.mongodb.org/mongo-driver/mongo](https://pkg.go.dev/go.mongodb.org/mongo-driver/mongo)
+     * interprets parameter `n` as a query.
+     */
+    private predicate mongoDbCollectionMethod(string name, int n) {
+      // func (coll *Collection) CountDocuments(ctx context.Context, filter interface{},
+      //                                        opts ...*options.CountOptions) (int64, error)
+      name = "CountDocuments" and n = 1
+      or
+      // func (coll *Collection) DeleteMany(ctx context.Context, filter interface{},
+      //                                    opts ...*options.DeleteOptions) (*DeleteResult, error)
+      name = "DeleteMany" and n = 1
+      or
+      // func (coll *Collection) DeleteOne(ctx context.Context, filter interface{},
+      //                                   opts ...*options.DeleteOptions) (*DeleteResult, error)
+      name = "DeleteOne" and n = 1
+      or
+      // func (coll *Collection) Distinct(ctx context.Context, fieldName string, filter interface{},
+      //                                  ...) ([]interface{}, error)
+      name = "Distinct" and n = 2
+      or
+      // func (coll *Collection) Find(ctx context.Context, filter interface{},
+      //                              opts ...*options.FindOptions) (*Cursor, error)
+      name = "Find" and n = 1
+      or
+      // func (coll *Collection) FindOne(ctx context.Context, filter interface{},
+      //                                 opts ...*options.FindOneOptions) *SingleResult
+      name = "FindOne" and n = 1
+      or
+      // func (coll *Collection) FindOneAndDelete(ctx context.Context, filter interface{}, ...)
+      //                                         *SingleResult
+      name = "FindOneAndDelete" and n = 1
+      or
+      // func (coll *Collection) FindOneAndReplace(ctx context.Context, filter interface{},
+      //                                           replacement interface{}, ...) *SingleResult
+      name = "FindOneAndReplace" and n = 1
+      or
+      // func (coll *Collection) FindOneAndUpdate(ctx context.Context, filter interface{},
+      //                                          update interface{}, ...) *SingleResult
+      name = "FindOneAndUpdate" and n = 1
+      or
+      // func (coll *Collection) ReplaceOne(ctx context.Context, filter interface{},
+      //                                    replacement interface{}, ...) (*UpdateResult, error)
+      name = "ReplaceOne" and n = 1
+      or
+      // func (coll *Collection) UpdateMany(ctx context.Context, filter interface{},
+      //                                    update interface{}, ...) (*UpdateResult, error)
+      name = "UpdateMany" and n = 1
+      or
+      // func (coll *Collection) UpdateOne(ctx context.Context, filter interface{},
+      //                                   update interface{}, ...) (*UpdateResult, error)
+      name = "UpdateOne" and n = 1
+      or
+      // func (coll *Collection) Watch(ctx context.Context, pipeline interface{}, ...)
+      //                              (*ChangeStream, error)
+      name = "Watch" and n = 1
+      or
+      // func (coll *Collection) Aggregate(ctx context.Context, pipeline interface{},
+      //                                   opts ...*options.AggregateOptions) (*Cursor, error)
+      name = "Aggregate" and n = 1
+    }
+
+    /**
+     * A query used in an API function acting on a `Collection` struct of package
+     * [go.mongodb.org/mongo-driver/mongo](https://pkg.go.dev/go.mongodb.org/mongo-driver/mongo).
+     */
+    private class MongoDbCollectionQuery extends Range {
+      MongoDbCollectionQuery() {
+        exists(Method meth, string methodName, int n |
+          mongoDbCollectionMethod(methodName, n) and
+          meth.hasQualifiedName(package("go.mongodb.org/mongo-driver", "mongo"), "Collection",
+            methodName) and
+          this = meth.getACall().getArgument(n)
+        )
+      }
+    }
   }
 
   /**

go/ql/lib/semmle/go/frameworks/SQL.qll

@@ -67,10 +67,42 @@ module SQL {
      */
     abstract class Range extends DataFlow::Node { }
 
-    private class DefaultQueryString extends Range {
-      DefaultQueryString() {
-        exists(DataFlow::ArgumentNode arg | sinkNode(arg, "sql-injection") |
-          this = arg.getACorrespondingSyntacticArgument()
+    /**
+     * An argument to an API of the squirrel library that is directly interpreted as SQL without
+     * taking syntactic structure into account.
+     */
+    private class SquirrelQueryString extends Range {
+      SquirrelQueryString() {
+        exists(Function fn |
+          exists(string sq |
+            sq =
+              package([
+                  "github.com/Masterminds/squirrel", "gopkg.in/Masterminds/squirrel",
+                  "github.com/lann/squirrel"
+                ], "")
+          |
+            fn.hasQualifiedName(sq, ["Delete", "Expr", "Insert", "Select", "Update"])
+            or
+            exists(Method m, string builder | m = fn |
+              builder = ["DeleteBuilder", "InsertBuilder", "SelectBuilder", "UpdateBuilder"] and
+              m.hasQualifiedName(sq, builder,
+                ["Columns", "From", "Options", "OrderBy", "Prefix", "Suffix", "Where"])
+              or
+              builder = "InsertBuilder" and
+              m.hasQualifiedName(sq, builder, ["Replace", "Into"])
+              or
+              builder = "SelectBuilder" and
+              m.hasQualifiedName(sq, builder,
+                ["CrossJoin", "GroupBy", "InnerJoin", "LeftJoin", "RightJoin"])
+              or
+              builder = "UpdateBuilder" and
+              m.hasQualifiedName(sq, builder, ["Set", "Table"])
+            )
+          ) and
+          this = fn.getACall().getArgument(0)
+        |
+          this.getType().getUnderlyingType() instanceof StringType or
+          this.getType().getUnderlyingType().(SliceType).getElementType() instanceof StringType
         )
       }
     }
@@ -81,6 +113,14 @@ module SQL {
     /** A string that might identify package `go-pg/pg/orm` or a specific version of it. */
     private string gopgorm() { result = package("github.com/go-pg/pg", "orm") }
 
+    /** A string that might identify package `github.com/rqlite/gorqlite` or `github.com/raindog308/gorqlite` or a specific version of it. */
+    private string gorqlite() {
+      result = package(["github.com/rqlite/gorqlite", "github.com/raindog308/gorqlite"], "")
+    }
+
+    /** A string that might identify package `github.com/gogf/gf/database/gdb` or a specific version of it. */
+    private string gogf() { result = package("github.com/gogf/gf", "database/gdb") }
+
     /**
      * A string argument to an API of `go-pg/pg` that is directly interpreted as SQL without
      * taking syntactic structure into account.
@@ -145,6 +185,94 @@ module SQL {
         )
       }
     }
+
+    /**
+     * A string argument to an API of `github.com/rqlite/gorqlite`, or a specific version of it, that is directly interpreted as SQL without
+     * taking syntactic structure into account.
+     */
+    private class GorqliteQueryString extends Range {
+      GorqliteQueryString() {
+        // func (conn *Connection) Query(sqlStatements []string) (results []QueryResult, err error)
+        // func (conn *Connection) QueryOne(sqlStatement string) (qr QueryResult, err error)
+        // func (conn *Connection) Queue(sqlStatements []string) (seq int64, err error)
+        // func (conn *Connection) QueueOne(sqlStatement string) (seq int64, err error)
+        // func (conn *Connection) Write(sqlStatements []string) (results []WriteResult, err error)
+        // func (conn *Connection) WriteOne(sqlStatement string) (wr WriteResult, err error)
+        exists(Method m, string name | m.hasQualifiedName(gorqlite(), "Connection", name) |
+          name = ["Query", "QueryOne", "Queue", "QueueOne", "Write", "WriteOne"] and
+          this = m.getACall().getArgument(0)
+        )
+      }
+    }
+
+    /**
+     * A string argument to an API of `github.com/gogf/gf/database/gdb`, or a specific version of it, that is directly interpreted as SQL without
+     * taking syntactic structure into account.
+     */
+    private class GogfQueryString extends Range {
+      GogfQueryString() {
+        exists(Method m, string name | m.implements(gogf(), ["DB", "Core", "TX"], name) |
+          // func (c *Core) Exec(sql string, args ...interface{}) (result sql.Result, err error)
+          // func (c *Core) GetAll(sql string, args ...interface{}) (Result, error)
+          // func (c *Core) GetArray(sql string, args ...interface{}) ([]Value, error)
+          // func (c *Core) GetCount(sql string, args ...interface{}) (int, error)
+          // func (c *Core) GetOne(sql string, args ...interface{}) (Record, error)
+          // func (c *Core) GetValue(sql string, args ...interface{}) (Value, error)
+          // func (c *Core) Prepare(sql string, execOnMaster ...bool) (*Stmt, error)
+          // func (c *Core) Query(sql string, args ...interface{}) (rows *sql.Rows, err error)
+          // func (c *Core) Raw(rawSql string, args ...interface{}) *Model
+          name =
+            [
+              "Query", "Exec", "Prepare", "GetAll", "GetOne", "GetValue", "GetArray", "GetCount",
+              "Raw"
+            ] and
+          this = m.getACall().getArgument(0)
+          or
+          // func (c *Core) GetScan(pointer interface{}, sql string, args ...interface{}) error
+          // func (c *Core) GetStruct(pointer interface{}, sql string, args ...interface{}) error
+          // func (c *Core) GetStructs(pointer interface{}, sql string, args ...interface{}) error
+          name = ["GetScan", "GetStruct", "GetStructs"] and
+          this = m.getACall().getArgument(1)
+          or
+          // func (c *Core) DoCommit(ctx context.Context, link Link, sql string, args []interface{}) (newSql string, newArgs []interface{}, err error)
+          // func (c *Core) DoExec(ctx context.Context, link Link, sql string, args ...interface{}) (result sql.Result, err error)
+          // func (c *Core) DoGetAll(ctx context.Context, link Link, sql string, args ...interface{}) (result Result, err error)
+          // func (c *Core) DoPrepare(ctx context.Context, link Link, sql string) (*Stmt, error)
+          // func (c *Core) DoQuery(ctx context.Context, link Link, sql string, args ...interface{}) (rows *sql.Rows, err error)
+          name = ["DoGetAll", "DoQuery", "DoExec", "DoCommit", "DoPrepare"] and
+          this = m.getACall().getArgument(2)
+        )
+      }
+    }
+  }
+
+  /** A model for sinks of GORM. */
+  private class GormSink extends SQL::QueryString::Range {
+    GormSink() {
+      exists(Method meth, string package, string name |
+        meth.hasQualifiedName(package, "DB", name) and
+        this = meth.getACall().getSyntacticArgument(0) and
+        package = Gorm::packagePath() and
+        name in [
+            "Where", "Raw", "Order", "Not", "Or", "Select", "Table", "Group", "Having", "Joins",
+            "Exec", "Distinct", "Pluck"
+          ]
+      )
+    }
+  }
+
+  /** A model for sinks of github.com/jmoiron/sqlx. */
+  private class SqlxSink extends SQL::QueryString::Range {
+    SqlxSink() {
+      exists(Method meth, string name, int n |
+        meth.hasQualifiedName(package("github.com/jmoiron/sqlx", ""), ["DB", "Tx"], name) and
+        this = meth.getACall().getArgument(n)
+      |
+        name = ["Select", "Get"] and n = 1
+        or
+        name = ["MustExec", "Queryx", "NamedExec", "NamedQuery"] and n = 0
+      )
+    }
   }
 }
 
@@ -164,11 +292,70 @@ module Gorm {
 module Xorm {
   /** Gets the package name for Xorm. */
   string packagePath() { result = package(["xorm.io/xorm", "github.com/go-xorm/xorm"], "") }
+
+  /** A model for sinks of XORM. */
+  private class XormSink extends SQL::QueryString::Range {
+    XormSink() {
+      exists(Method meth, string type, string name, int n |
+        meth.hasQualifiedName(Xorm::packagePath(), type, name) and
+        this = meth.getACall().getSyntacticArgument(n) and
+        type = ["Engine", "Session"]
+      |
+        name =
+          [
+            "Query", "Exec", "QueryString", "QueryInterface", "SQL", "Where", "And", "Or", "Alias",
+            "NotIn", "In", "Select", "SetExpr", "OrderBy", "Having", "GroupBy"
+          ] and
+        n = 0
+        or
+        name = ["SumInt", "Sum", "Sums", "SumsInt"] and n = 1
+        or
+        name = "Join" and n = [0, 1, 2]
+      )
+    }
+  }
 }
 
 /**
- * DEPRECATED
- *
  * Provides classes for working with the [Bun](https://bun.uptrace.dev/) package.
  */
-deprecated module Bun { }
+module Bun {
+  /** Gets the package name for Bun package. */
+  private string packagePath() { result = package("github.com/uptrace/bun", "") }
+
+  /** A model for sinks of Bun. */
+  private class BunSink extends SQL::QueryString::Range {
+    BunSink() {
+      exists(Function f, string m, int arg | this = f.getACall().getArgument(arg) |
+        f.hasQualifiedName(packagePath(), m) and
+        m = "NewRawQuery" and
+        arg = 1
+      )
+      or
+      exists(Method f, string tp, string m, int arg | this = f.getACall().getArgument(arg) |
+        f.hasQualifiedName(packagePath(), tp, m) and
+        (
+          tp = ["DB", "Conn"] and
+          m = ["ExecContext", "PrepareContext", "QueryContext", "QueryRowContext"] and
+          arg = 1
+          or
+          tp = ["DB", "Conn"] and
+          m = ["Exec", "NewRaw", "Prepare", "Query", "QueryRow", "Raw"] and
+          arg = 0
+          or
+          tp.matches("%Query") and
+          m =
+            [
+              "ColumnExpr", "DistinctOn", "For", "GroupExpr", "Having", "ModelTableExpr",
+              "OrderExpr", "TableExpr", "Where", "WhereOr"
+            ] and
+          arg = 0
+          or
+          tp = "RawQuery" and
+          m = "NewRaw" and
+          arg = 0
+        )
+      )
+    }
+  }
+}

go/ql/lib/semmle/go/frameworks/Spew.qll

@@ -33,6 +33,16 @@ module Spew {
     override int getFormatStringIndex() { result = super.getFirstPrintedArg() }
   }
 
+  private class SpewCall extends LoggerCall::Range, DataFlow::CallNode {
+    SpewFunction target;
+
+    SpewCall() { this = target.getACall() }
+
+    override DataFlow::Node getAMessageComponent() {
+      result = this.getSyntacticArgument(any(int i | i >= target.getFirstPrintedArg()))
+    }
+  }
+
   // These are expressed using TaintTracking::FunctionModel because varargs functions don't work with Models-as-Data sumamries yet.
   /** The `Sprint` function or one of its variants. */
   class Sprinter extends TaintTracking::FunctionModel {

go/ql/lib/semmle/go/frameworks/Zap.qll

@@ -34,6 +34,18 @@ module Zap {
     override int getFormatStringIndex() { result = 0 }
   }
 
+  /**
+   * A call to a logger function in Zap.
+   *
+   * Functions which add data to be included the next time a direct logging
+   * function is called are included.
+   */
+  private class ZapCall extends LoggerCall::Range, DataFlow::MethodCallNode {
+    ZapCall() { this = any(ZapFunction f).getACall() }
+
+    override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
+  }
+
   // These are expressed using TaintTracking::FunctionModel because varargs functions don't work with Models-as-Data sumamries yet.
   /** The function `Fields` that creates an `Option` that can be added to the logger out of `Field`s. */
   class FieldsFunction extends TaintTracking::FunctionModel {

go/ql/lib/semmle/go/frameworks/stdlib/DatabaseSql.qll

@@ -26,7 +26,7 @@ module DatabaseSql {
     override DataFlow::Node getAResult() { result = this.getResult(0) }
 
     override SQL::QueryString getAQueryString() {
-      result = this.getASyntacticArgument()
+      result = this.getAnArgument()
       or
       // attempt to resolve a `QueryString` for `Stmt`s using local data flow.
       t = "Stmt" and
@@ -34,6 +34,24 @@ module DatabaseSql {
     }
   }
 
+  /** A query string used in an API function of the `database/sql` package. */
+  private class QueryString extends SQL::QueryString::Range {
+    QueryString() {
+      exists(Method meth, string base, string t, string m, int n |
+        t = ["DB", "Tx", "Conn"] and
+        meth.hasQualifiedName("database/sql", t, m) and
+        this = meth.getACall().getArgument(n)
+      |
+        base = ["Exec", "Prepare", "Query", "QueryRow"] and
+        (
+          m = base and n = 0
+          or
+          m = base + "Context" and n = 1
+        )
+      )
+    }
+  }
+
   /** A query in the standard `database/sql/driver` package. */
   private class DriverQuery extends SQL::Query::Range, DataFlow::MethodCallNode {
     DriverQuery() {
@@ -60,13 +78,36 @@ module DatabaseSql {
     override DataFlow::Node getAResult() { result = this.getResult(0) }
 
     override SQL::QueryString getAQueryString() {
-      result = this.getASyntacticArgument()
+      result = this.getAnArgument()
       or
       this.getTarget().hasQualifiedName("database/sql/driver", "Stmt") and
       result = this.getReceiver().getAPredecessor*().(DataFlow::MethodCallNode).getAnArgument()
     }
   }
 
+  /** A query string used in an API function of the standard `database/sql/driver` package. */
+  private class DriverQueryString extends SQL::QueryString::Range {
+    DriverQueryString() {
+      exists(Method meth, int n |
+        (
+          meth.hasQualifiedName("database/sql/driver", "Execer", "Exec") and n = 0
+          or
+          meth.hasQualifiedName("database/sql/driver", "ExecerContext", "ExecContext") and n = 1
+          or
+          meth.hasQualifiedName("database/sql/driver", "Conn", "Prepare") and n = 0
+          or
+          meth.hasQualifiedName("database/sql/driver", "ConnPrepareContext", "PrepareContext") and
+          n = 1
+          or
+          meth.hasQualifiedName("database/sql/driver", "Queryer", "Query") and n = 0
+          or
+          meth.hasQualifiedName("database/sql/driver", "QueryerContext", "QueryContext") and n = 1
+        ) and
+        this = meth.getACall().getArgument(n)
+      )
+    }
+  }
+
   // These are expressed using TaintTracking::FunctionModel because varargs functions don't work with Models-as-Data sumamries yet.
   private class SqlMethodModels extends TaintTracking::FunctionModel, Method {
     FunctionInput inp;

go/ql/lib/semmle/go/frameworks/stdlib/Fmt.qll

@@ -41,6 +41,13 @@ module Fmt {
     Printer() { this.hasQualifiedName("fmt", ["Print", "Printf", "Println"]) }
   }
 
+  /** A call to `Print` or similar. */
+  private class PrintCall extends LoggerCall::Range, DataFlow::CallNode {
+    PrintCall() { this.getTarget() instanceof Printer }
+
+    override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
+  }
+
   /** The `Fprint` function or one of its variants. */
   private class Fprinter extends TaintTracking::FunctionModel {
     Fprinter() {

go/ql/lib/semmle/go/frameworks/stdlib/Log.qll

@@ -32,6 +32,16 @@ module Log {
     override int getFormatStringIndex() { result = 0 }
   }
 
+  private class LogCall extends LoggerCall::Range, DataFlow::CallNode {
+    LogFunction target;
+
+    LogCall() { this = target.getACall() }
+
+    override DataFlow::Node getAMessageComponent() {
+      result = this.getSyntacticArgument(any(int i | i >= target.getFirstPrintedArg()))
+    }
+  }
+
   /** A fatal log function, which calls `os.Exit`. */
   private class FatalLogFunction extends Function {
     FatalLogFunction() { this.hasQualifiedName("log", ["Fatal", "Fatalf", "Fatalln"]) }

go/ql/src/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 1.0.6
+
+No user-facing changes.
+
 ## 1.0.5
 
 No user-facing changes.

go/ql/src/change-notes/released/1.0.6.md

@@ -0,0 +1,3 @@
+## 1.0.6
+
+No user-facing changes.

go/ql/src/codeql-pack.release.yml

@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.5
+lastReleaseVersion: 1.0.6

go/ql/src/qlpack.yml

@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.0.6-dev
+version: 1.0.7-dev
 groups:
   - go
   - queries

go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/SqlInjection.expected

@@ -32,61 +32,40 @@
 | test.go:59:31:59:39 | untrusted | test.go:57:15:57:41 | call to UserAgent | test.go:59:31:59:39 | untrusted | This query depends on a $@. | test.go:57:15:57:41 | call to UserAgent | user-provided value |
 | test.go:65:19:65:27 | untrusted | test.go:63:15:63:41 | call to UserAgent | test.go:65:19:65:27 | untrusted | This query depends on a $@. | test.go:63:15:63:41 | call to UserAgent | user-provided value |
 edges
-| test.go:11:15:11:41 | call to UserAgent | test.go:13:11:13:19 | untrusted | provenance | Src:MaD:22  Sink:MaD:2 |
-| test.go:11:15:11:41 | call to UserAgent | test.go:14:23:14:31 | untrusted | provenance | Src:MaD:22  Sink:MaD:3 |
-| test.go:11:15:11:41 | call to UserAgent | test.go:15:14:15:22 | untrusted | provenance | Src:MaD:22  Sink:MaD:4 |
-| test.go:11:15:11:41 | call to UserAgent | test.go:16:26:16:34 | untrusted | provenance | Src:MaD:22  Sink:MaD:5 |
-| test.go:11:15:11:41 | call to UserAgent | test.go:17:12:17:20 | untrusted | provenance | Src:MaD:22  Sink:MaD:6 |
-| test.go:11:15:11:41 | call to UserAgent | test.go:18:24:18:32 | untrusted | provenance | Src:MaD:22  Sink:MaD:7 |
-| test.go:11:15:11:41 | call to UserAgent | test.go:19:15:19:23 | untrusted | provenance | Src:MaD:22  Sink:MaD:8 |
-| test.go:11:15:11:41 | call to UserAgent | test.go:20:27:20:35 | untrusted | provenance | Src:MaD:22  Sink:MaD:9 |
-| test.go:25:15:25:41 | call to UserAgent | test.go:28:12:28:20 | untrusted | provenance | Src:MaD:22  |
-| test.go:25:15:25:41 | call to UserAgent | test.go:29:10:29:18 | untrusted | provenance | Src:MaD:22  |
-| test.go:25:15:25:41 | call to UserAgent | test.go:30:15:30:23 | untrusted | provenance | Src:MaD:22  Sink:MaD:13 |
-| test.go:25:15:25:41 | call to UserAgent | test.go:31:14:31:22 | untrusted | provenance | Src:MaD:22  Sink:MaD:15 |
-| test.go:25:15:25:41 | call to UserAgent | test.go:32:15:32:23 | untrusted | provenance | Src:MaD:22  Sink:MaD:18 |
-| test.go:25:15:25:41 | call to UserAgent | test.go:33:8:33:16 | untrusted | provenance | Src:MaD:22  Sink:MaD:16 |
-| test.go:25:15:25:41 | call to UserAgent | test.go:34:11:34:19 | untrusted | provenance | Src:MaD:22  Sink:MaD:20 |
-| test.go:25:15:25:41 | call to UserAgent | test.go:35:9:35:17 | untrusted | provenance | Src:MaD:22  Sink:MaD:11 |
-| test.go:25:15:25:41 | call to UserAgent | test.go:36:8:36:16 | untrusted | provenance | Src:MaD:22  Sink:MaD:17 |
-| test.go:25:15:25:41 | call to UserAgent | test.go:37:8:37:16 | untrusted | provenance | Src:MaD:22  |
-| test.go:25:15:25:41 | call to UserAgent | test.go:38:13:38:21 | untrusted | provenance | Src:MaD:22  |
-| test.go:25:15:25:41 | call to UserAgent | test.go:39:13:39:21 | untrusted | provenance | Src:MaD:22  |
-| test.go:25:15:25:41 | call to UserAgent | test.go:40:12:40:20 | untrusted | provenance | Src:MaD:22  Sink:MaD:12 |
-| test.go:25:15:25:41 | call to UserAgent | test.go:41:12:41:20 | untrusted | provenance | Src:MaD:22  |
-| test.go:25:15:25:41 | call to UserAgent | test.go:42:9:42:17 | untrusted | provenance | Src:MaD:22  |
-| test.go:25:15:25:41 | call to UserAgent | test.go:43:12:43:20 | untrusted | provenance | Src:MaD:22  |
-| test.go:25:15:25:41 | call to UserAgent | test.go:44:16:44:24 | untrusted | provenance | Src:MaD:22  Sink:MaD:14 |
-| test.go:25:15:25:41 | call to UserAgent | test.go:45:12:45:20 | untrusted | provenance | Src:MaD:22  |
-| test.go:25:15:25:41 | call to UserAgent | test.go:46:14:46:22 | untrusted | provenance | Src:MaD:22  Sink:MaD:19 |
-| test.go:26:16:26:42 | call to UserAgent | test.go:44:27:44:36 | untrusted2 | provenance | Src:MaD:22  |
-| test.go:26:16:26:42 | call to UserAgent | test.go:46:25:46:34 | untrusted2 | provenance | Src:MaD:22  Sink:MaD:19 |
-| test.go:50:15:50:41 | call to UserAgent | test.go:52:12:52:20 | untrusted | provenance | Src:MaD:22  Sink:MaD:10 |
-| test.go:57:15:57:41 | call to UserAgent | test.go:59:31:59:39 | untrusted | provenance | Src:MaD:22  Sink:MaD:21 |
-| test.go:63:15:63:41 | call to UserAgent | test.go:65:19:65:27 | untrusted | provenance | Src:MaD:22  Sink:MaD:1 |
+| test.go:11:15:11:41 | call to UserAgent | test.go:13:11:13:19 | untrusted | provenance | Src:MaD:1  |
+| test.go:11:15:11:41 | call to UserAgent | test.go:14:23:14:31 | untrusted | provenance | Src:MaD:1  |
+| test.go:11:15:11:41 | call to UserAgent | test.go:15:14:15:22 | untrusted | provenance | Src:MaD:1  |
+| test.go:11:15:11:41 | call to UserAgent | test.go:16:26:16:34 | untrusted | provenance | Src:MaD:1  |
+| test.go:11:15:11:41 | call to UserAgent | test.go:17:12:17:20 | untrusted | provenance | Src:MaD:1  |
+| test.go:11:15:11:41 | call to UserAgent | test.go:18:24:18:32 | untrusted | provenance | Src:MaD:1  |
+| test.go:11:15:11:41 | call to UserAgent | test.go:19:15:19:23 | untrusted | provenance | Src:MaD:1  |
+| test.go:11:15:11:41 | call to UserAgent | test.go:20:27:20:35 | untrusted | provenance | Src:MaD:1  |
+| test.go:25:15:25:41 | call to UserAgent | test.go:28:12:28:20 | untrusted | provenance | Src:MaD:1  |
+| test.go:25:15:25:41 | call to UserAgent | test.go:29:10:29:18 | untrusted | provenance | Src:MaD:1  |
+| test.go:25:15:25:41 | call to UserAgent | test.go:30:15:30:23 | untrusted | provenance | Src:MaD:1  |
+| test.go:25:15:25:41 | call to UserAgent | test.go:31:14:31:22 | untrusted | provenance | Src:MaD:1  |
+| test.go:25:15:25:41 | call to UserAgent | test.go:32:15:32:23 | untrusted | provenance | Src:MaD:1  |
+| test.go:25:15:25:41 | call to UserAgent | test.go:33:8:33:16 | untrusted | provenance | Src:MaD:1  |
+| test.go:25:15:25:41 | call to UserAgent | test.go:34:11:34:19 | untrusted | provenance | Src:MaD:1  |
+| test.go:25:15:25:41 | call to UserAgent | test.go:35:9:35:17 | untrusted | provenance | Src:MaD:1  |
+| test.go:25:15:25:41 | call to UserAgent | test.go:36:8:36:16 | untrusted | provenance | Src:MaD:1  |
+| test.go:25:15:25:41 | call to UserAgent | test.go:37:8:37:16 | untrusted | provenance | Src:MaD:1  |
+| test.go:25:15:25:41 | call to UserAgent | test.go:38:13:38:21 | untrusted | provenance | Src:MaD:1  |
+| test.go:25:15:25:41 | call to UserAgent | test.go:39:13:39:21 | untrusted | provenance | Src:MaD:1  |
+| test.go:25:15:25:41 | call to UserAgent | test.go:40:12:40:20 | untrusted | provenance | Src:MaD:1  |
+| test.go:25:15:25:41 | call to UserAgent | test.go:41:12:41:20 | untrusted | provenance | Src:MaD:1  |
+| test.go:25:15:25:41 | call to UserAgent | test.go:42:9:42:17 | untrusted | provenance | Src:MaD:1  |
+| test.go:25:15:25:41 | call to UserAgent | test.go:43:12:43:20 | untrusted | provenance | Src:MaD:1  |
+| test.go:25:15:25:41 | call to UserAgent | test.go:44:16:44:24 | untrusted | provenance | Src:MaD:1  |
+| test.go:25:15:25:41 | call to UserAgent | test.go:45:12:45:20 | untrusted | provenance | Src:MaD:1  |
+| test.go:25:15:25:41 | call to UserAgent | test.go:46:14:46:22 | untrusted | provenance | Src:MaD:1  |
+| test.go:26:16:26:42 | call to UserAgent | test.go:44:27:44:36 | untrusted2 | provenance | Src:MaD:1  |
+| test.go:26:16:26:42 | call to UserAgent | test.go:46:25:46:34 | untrusted2 | provenance | Src:MaD:1  |
+| test.go:50:15:50:41 | call to UserAgent | test.go:52:12:52:20 | untrusted | provenance | Src:MaD:1  |
+| test.go:57:15:57:41 | call to UserAgent | test.go:59:31:59:39 | untrusted | provenance | Src:MaD:1  |
+| test.go:63:15:63:41 | call to UserAgent | test.go:65:19:65:27 | untrusted | provenance | Src:MaD:1  |
 models
-| 1 | Sink: group:beego-orm; Condition; false; Raw; ; ; Argument[1]; sql-injection; manual |
-| 2 | Sink: group:beego-orm; DB; false; Exec; ; ; Argument[0]; sql-injection; manual |
-| 3 | Sink: group:beego-orm; DB; false; ExecContext; ; ; Argument[1]; sql-injection; manual |
-| 4 | Sink: group:beego-orm; DB; false; Prepare; ; ; Argument[0]; sql-injection; manual |
-| 5 | Sink: group:beego-orm; DB; false; PrepareContext; ; ; Argument[1]; sql-injection; manual |
-| 6 | Sink: group:beego-orm; DB; false; Query; ; ; Argument[0]; sql-injection; manual |
-| 7 | Sink: group:beego-orm; DB; false; QueryContext; ; ; Argument[1]; sql-injection; manual |
-| 8 | Sink: group:beego-orm; DB; false; QueryRow; ; ; Argument[0]; sql-injection; manual |
-| 9 | Sink: group:beego-orm; DB; false; QueryRowContext; ; ; Argument[1]; sql-injection; manual |
-| 10 | Sink: group:beego-orm; Ormer; false; Raw; ; ; Argument[0]; sql-injection; manual |
-| 11 | Sink: group:beego-orm; QueryBuilder; false; And; ; ; Argument[0]; sql-injection; manual |
-| 12 | Sink: group:beego-orm; QueryBuilder; false; Having; ; ; Argument[0]; sql-injection; manual |
-| 13 | Sink: group:beego-orm; QueryBuilder; false; InnerJoin; ; ; Argument[0]; sql-injection; manual |
-| 14 | Sink: group:beego-orm; QueryBuilder; false; InsertInto; ; ; Argument[0..1]; sql-injection; manual |
-| 15 | Sink: group:beego-orm; QueryBuilder; false; LeftJoin; ; ; Argument[0]; sql-injection; manual |
-| 16 | Sink: group:beego-orm; QueryBuilder; false; On; ; ; Argument[0]; sql-injection; manual |
-| 17 | Sink: group:beego-orm; QueryBuilder; false; Or; ; ; Argument[0]; sql-injection; manual |
-| 18 | Sink: group:beego-orm; QueryBuilder; false; RightJoin; ; ; Argument[0]; sql-injection; manual |
-| 19 | Sink: group:beego-orm; QueryBuilder; false; Subquery; ; ; Argument[0..1]; sql-injection; manual |
-| 20 | Sink: group:beego-orm; QueryBuilder; false; Where; ; ; Argument[0]; sql-injection; manual |
-| 21 | Sink: group:beego-orm; QuerySeter; false; FilterRaw; ; ; Argument[1]; sql-injection; manual |
-| 22 | Source: net/http; Request; true; UserAgent; ; ; ReturnValue; remote; manual |
+| 1 | Source: net/http; Request; true; UserAgent; ; ; ReturnValue; remote; manual |
 nodes
 | test.go:11:15:11:41 | call to UserAgent | semmle.label | call to UserAgent |
 | test.go:13:11:13:19 | untrusted | semmle.label | untrusted |

go/ql/test/library-tests/semmle/go/frameworks/SQL/Gorm/QueryString.expected

@@ -1,3 +0,0 @@
-testFailures
-invalidModelRow
-failures

go/ql/test/library-tests/semmle/go/frameworks/SQL/Gorm/QueryString.ql

@@ -1,60 +0,0 @@
-import go
-import semmle.go.dataflow.ExternalFlow
-import ModelValidation
-import TestUtilities.InlineExpectationsTest
-
-module SqlTest implements TestSig {
-  string getARelevantTag() { result = "query" }
-
-  predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "query" and
-    exists(SQL::Query q, SQL::QueryString qs | qs = q.getAQueryString() |
-      q.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
-        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
-      element = q.toString() and
-      value = qs.toString()
-    )
-  }
-}
-
-module QueryString implements TestSig {
-  string getARelevantTag() { result = "querystring" }
-
-  predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "querystring" and
-    element = "" and
-    exists(SQL::QueryString qs | not exists(SQL::Query q | qs = q.getAQueryString()) |
-      qs.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
-        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
-      value = qs.toString()
-    )
-  }
-}
-
-module Config implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node n) { n.asExpr() instanceof StringLit }
-
-  predicate isSink(DataFlow::Node n) {
-    n = any(DataFlow::CallNode cn | cn.getTarget().getName() = "sink").getAnArgument()
-  }
-}
-
-module Flow = TaintTracking::Global<Config>;
-
-module TaintFlow implements TestSig {
-  string getARelevantTag() { result = "flowfrom" }
-
-  predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "flowfrom" and
-    element = "" and
-    exists(DataFlow::Node fromNode, DataFlow::Node toNode |
-      toNode
-          .hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
-            location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
-      Flow::flow(fromNode, toNode) and
-      value = fromNode.asExpr().(StringLit).getValue()
-    )
-  }
-}
-
-import MakeTest<MergeTests3<SqlTest, QueryString, TaintFlow>>

go/ql/test/library-tests/semmle/go/frameworks/SQL/Gorm/gorm.expected

@@ -0,0 +1,25 @@
+| gorm.go:20:12:20:20 | untrusted | github.com/jinzhu/gorm | DB | Where |
+| gorm.go:21:10:21:18 | untrusted | github.com/jinzhu/gorm | DB | Raw |
+| gorm.go:22:10:22:18 | untrusted | github.com/jinzhu/gorm | DB | Not |
+| gorm.go:23:12:23:20 | untrusted | github.com/jinzhu/gorm | DB | Order |
+| gorm.go:24:9:24:17 | untrusted | github.com/jinzhu/gorm | DB | Or |
+| gorm.go:25:13:25:21 | untrusted | github.com/jinzhu/gorm | DB | Select |
+| gorm.go:26:12:26:20 | untrusted | github.com/jinzhu/gorm | DB | Table |
+| gorm.go:27:12:27:20 | untrusted | github.com/jinzhu/gorm | DB | Group |
+| gorm.go:28:13:28:21 | untrusted | github.com/jinzhu/gorm | DB | Having |
+| gorm.go:29:12:29:20 | untrusted | github.com/jinzhu/gorm | DB | Joins |
+| gorm.go:30:11:30:19 | untrusted | github.com/jinzhu/gorm | DB | Exec |
+| gorm.go:31:12:31:20 | untrusted | github.com/jinzhu/gorm | DB | Pluck |
+| gorm.go:34:12:34:20 | untrusted | gorm.io/gorm | DB | Where |
+| gorm.go:35:10:35:18 | untrusted | gorm.io/gorm | DB | Raw |
+| gorm.go:36:10:36:18 | untrusted | gorm.io/gorm | DB | Not |
+| gorm.go:37:12:37:20 | untrusted | gorm.io/gorm | DB | Order |
+| gorm.go:38:9:38:17 | untrusted | gorm.io/gorm | DB | Or |
+| gorm.go:39:13:39:21 | untrusted | gorm.io/gorm | DB | Select |
+| gorm.go:40:12:40:20 | untrusted | gorm.io/gorm | DB | Table |
+| gorm.go:41:12:41:20 | untrusted | gorm.io/gorm | DB | Group |
+| gorm.go:42:13:42:21 | untrusted | gorm.io/gorm | DB | Having |
+| gorm.go:43:12:43:20 | untrusted | gorm.io/gorm | DB | Joins |
+| gorm.go:44:11:44:19 | untrusted | gorm.io/gorm | DB | Exec |
+| gorm.go:45:15:45:23 | untrusted | gorm.io/gorm | DB | Distinct |
+| gorm.go:46:12:46:20 | untrusted | gorm.io/gorm | DB | Pluck |

go/ql/test/library-tests/semmle/go/frameworks/SQL/Gorm/gorm.go

@@ -13,35 +13,36 @@ func getUntrustedString() string {
 }
 
 func main() {
+
 	untrusted := getUntrustedString()
 
 	db1 := gorm1.DB{}
-	db1.Where(untrusted)      // $ querystring=untrusted
-	db1.Raw(untrusted)        // $ querystring=untrusted
-	db1.Not(untrusted)        // $ querystring=untrusted
-	db1.Order(untrusted)      // $ querystring=untrusted
-	db1.Or(untrusted)         // $ querystring=untrusted
-	db1.Select(untrusted)     // $ querystring=untrusted
-	db1.Table(untrusted)      // $ querystring=untrusted
-	db1.Group(untrusted)      // $ querystring=untrusted
-	db1.Having(untrusted)     // $ querystring=untrusted
-	db1.Joins(untrusted)      // $ querystring=untrusted
-	db1.Exec(untrusted)       // $ querystring=untrusted
-	db1.Pluck(untrusted, nil) // $ querystring=untrusted
+	db1.Where(untrusted)
+	db1.Raw(untrusted)
+	db1.Not(untrusted)
+	db1.Order(untrusted)
+	db1.Or(untrusted)
+	db1.Select(untrusted)
+	db1.Table(untrusted)
+	db1.Group(untrusted)
+	db1.Having(untrusted)
+	db1.Joins(untrusted)
+	db1.Exec(untrusted)
+	db1.Pluck(untrusted, nil)
 
 	db2 := gorm2.DB{}
-	db2.Where(untrusted)      // $ querystring=untrusted
-	db2.Raw(untrusted)        // $ querystring=untrusted
-	db2.Not(untrusted)        // $ querystring=untrusted
-	db2.Order(untrusted)      // $ querystring=untrusted
-	db2.Or(untrusted)         // $ querystring=untrusted
-	db2.Select(untrusted)     // $ querystring=untrusted
-	db2.Table(untrusted)      // $ querystring=untrusted
-	db2.Group(untrusted)      // $ querystring=untrusted
-	db2.Having(untrusted)     // $ querystring=untrusted
-	db2.Joins(untrusted)      // $ querystring=untrusted
-	db2.Exec(untrusted)       // $ querystring=untrusted
-	db2.Distinct(untrusted)   // $ querystring=untrusted
-	db2.Pluck(untrusted, nil) // $ querystring=untrusted
+	db2.Where(untrusted)
+	db2.Raw(untrusted)
+	db2.Not(untrusted)
+	db2.Order(untrusted)
+	db2.Or(untrusted)
+	db2.Select(untrusted)
+	db2.Table(untrusted)
+	db2.Group(untrusted)
+	db2.Having(untrusted)
+	db2.Joins(untrusted)
+	db2.Exec(untrusted)
+	db2.Distinct(untrusted)
+	db2.Pluck(untrusted, nil)
 
 }

go/ql/test/library-tests/semmle/go/frameworks/SQL/Gorm/gorm.ql

@@ -0,0 +1,5 @@
+import go
+
+from SQL::QueryString qs, Method meth, string a, string b, string c
+where meth.hasQualifiedName(a, b, c) and qs = meth.getACall().getSyntacticArgument(0)
+select qs, a, b, c

go/ql/test/library-tests/semmle/go/frameworks/SQL/Sqlx/QueryString.expected

@@ -1,3 +0,0 @@
-testFailures
-invalidModelRow
-failures

go/ql/test/library-tests/semmle/go/frameworks/SQL/Sqlx/QueryString.ql

@@ -1,60 +0,0 @@
-import go
-import semmle.go.dataflow.ExternalFlow
-import ModelValidation
-import TestUtilities.InlineExpectationsTest
-
-module SqlTest implements TestSig {
-  string getARelevantTag() { result = "query" }
-
-  predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "query" and
-    exists(SQL::Query q, SQL::QueryString qs | qs = q.getAQueryString() |
-      q.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
-        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
-      element = q.toString() and
-      value = qs.toString()
-    )
-  }
-}
-
-module QueryString implements TestSig {
-  string getARelevantTag() { result = "querystring" }
-
-  predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "querystring" and
-    element = "" and
-    exists(SQL::QueryString qs | not exists(SQL::Query q | qs = q.getAQueryString()) |
-      qs.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
-        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
-      value = qs.toString()
-    )
-  }
-}
-
-module Config implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node n) { n.asExpr() instanceof StringLit }
-
-  predicate isSink(DataFlow::Node n) {
-    n = any(DataFlow::CallNode cn | cn.getTarget().getName() = "sink").getAnArgument()
-  }
-}
-
-module Flow = TaintTracking::Global<Config>;
-
-module TaintFlow implements TestSig {
-  string getARelevantTag() { result = "flowfrom" }
-
-  predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "flowfrom" and
-    element = "" and
-    exists(DataFlow::Node fromNode, DataFlow::Node toNode |
-      toNode
-          .hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
-            location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
-      Flow::flow(fromNode, toNode) and
-      value = fromNode.asExpr().(StringLit).getValue()
-    )
-  }
-}
-
-import MakeTest<MergeTests3<SqlTest, QueryString, TaintFlow>>

go/ql/test/library-tests/semmle/go/frameworks/SQL/Sqlx/sqlx.expected

@@ -0,0 +1,12 @@
+| sqlx.go:15:17:15:25 | untrusted |
+| sqlx.go:16:14:16:22 | untrusted |
+| sqlx.go:17:14:17:22 | untrusted |
+| sqlx.go:18:12:18:20 | untrusted |
+| sqlx.go:19:15:19:23 | untrusted |
+| sqlx.go:20:16:20:24 | untrusted |
+| sqlx.go:23:17:23:25 | untrusted |
+| sqlx.go:24:14:24:22 | untrusted |
+| sqlx.go:25:14:25:22 | untrusted |
+| sqlx.go:26:12:26:20 | untrusted |
+| sqlx.go:27:15:27:23 | untrusted |
+| sqlx.go:28:16:28:24 | untrusted |

go/ql/test/library-tests/semmle/go/frameworks/SQL/Sqlx/sqlx.go

@@ -12,19 +12,19 @@ func main() {
 
 	db := sqlx.DB{}
 	untrusted := getUntrustedString()
-	db.Select(nil, untrusted)     // $ querystring=untrusted
-	db.Get(nil, untrusted)        // $ querystring=untrusted
-	db.MustExec(untrusted)        // $ querystring=untrusted
-	db.Queryx(untrusted)          // $ querystring=untrusted
-	db.NamedExec(untrusted, nil)  // $ querystring=untrusted
-	db.NamedQuery(untrusted, nil) // $ querystring=untrusted
+	db.Select(nil, untrusted)
+	db.Get(nil, untrusted)
+	db.MustExec(untrusted)
+	db.Queryx(untrusted)
+	db.NamedExec(untrusted, nil)
+	db.NamedQuery(untrusted, nil)
 
 	tx := sqlx.Tx{}
-	tx.Select(nil, untrusted)     // $ querystring=untrusted
-	tx.Get(nil, untrusted)        // $ querystring=untrusted
-	tx.MustExec(untrusted)        // $ querystring=untrusted
-	tx.Queryx(untrusted)          // $ querystring=untrusted
-	tx.NamedExec(untrusted, nil)  // $ querystring=untrusted
-	tx.NamedQuery(untrusted, nil) // $ querystring=untrusted
+	tx.Select(nil, untrusted)
+	tx.Get(nil, untrusted)
+	tx.MustExec(untrusted)
+	tx.Queryx(untrusted)
+	tx.NamedExec(untrusted, nil)
+	tx.NamedQuery(untrusted, nil)
 
 }

go/ql/test/library-tests/semmle/go/frameworks/SQL/Sqlx/sqlx.ql

@@ -0,0 +1,4 @@
+import go
+
+from SQL::QueryString qs
+select qs

go/ql/test/library-tests/semmle/go/frameworks/SQL/bun/QueryString.expected

@@ -1,3 +0,0 @@
-failures
-invalidModelRow
-testFailures

go/ql/test/library-tests/semmle/go/frameworks/SQL/bun/QueryString.ql

@@ -1,60 +0,0 @@
-import go
-import semmle.go.dataflow.ExternalFlow
-import ModelValidation
-import TestUtilities.InlineExpectationsTest
-
-module SqlTest implements TestSig {
-  string getARelevantTag() { result = "query" }
-
-  predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "query" and
-    exists(SQL::Query q, SQL::QueryString qs | qs = q.getAQueryString() |
-      q.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
-        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
-      element = q.toString() and
-      value = qs.toString()
-    )
-  }
-}
-
-module QueryString implements TestSig {
-  string getARelevantTag() { result = "querystring" }
-
-  predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "querystring" and
-    element = "" and
-    exists(SQL::QueryString qs | not exists(SQL::Query q | qs = q.getAQueryString()) |
-      qs.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
-        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
-      value = qs.toString()
-    )
-  }
-}
-
-module Config implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node n) { n.asExpr() instanceof StringLit }
-
-  predicate isSink(DataFlow::Node n) {
-    n = any(DataFlow::CallNode cn | cn.getTarget().getName() = "sink").getAnArgument()
-  }
-}
-
-module Flow = TaintTracking::Global<Config>;
-
-module TaintFlow implements TestSig {
-  string getARelevantTag() { result = "flowfrom" }
-
-  predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "flowfrom" and
-    element = "" and
-    exists(DataFlow::Node fromNode, DataFlow::Node toNode |
-      toNode
-          .hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
-            location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
-      Flow::flow(fromNode, toNode) and
-      value = fromNode.asExpr().(StringLit).getValue()
-    )
-  }
-}
-
-import MakeTest<MergeTests3<SqlTest, QueryString, TaintFlow>>

go/ql/test/library-tests/semmle/go/frameworks/SQL/bun/bun.go

@@ -22,28 +22,28 @@ func main() {
 		panic(err)
 	}
 	db := bun.NewDB(sqlite, sqlitedialect.New())
-	bun.NewRawQuery(db, untrusted) // $ querystring=untrusted
+	bun.NewRawQuery(db, untrusted)
 
-	db.ExecContext(ctx, untrusted)     // $ querystring=untrusted
-	db.PrepareContext(ctx, untrusted)  // $ querystring=untrusted
-	db.QueryContext(ctx, untrusted)    // $ querystring=untrusted
-	db.QueryRowContext(ctx, untrusted) // $ querystring=untrusted
+	db.ExecContext(ctx, untrusted)
+	db.PrepareContext(ctx, untrusted)
+	db.QueryContext(ctx, untrusted)
+	db.QueryRowContext(ctx, untrusted)
 
-	db.Exec(untrusted)     // $ querystring=untrusted
-	db.NewRaw(untrusted)   // $ querystring=untrusted
-	db.Prepare(untrusted)  // $ querystring=untrusted
-	db.Query(untrusted)    // $ querystring=untrusted
-	db.QueryRow(untrusted) // $ querystring=untrusted
-	db.Raw(untrusted)      // $ querystring=untrusted
+	db.Exec(untrusted)
+	db.NewRaw(untrusted)
+	db.Prepare(untrusted)
+	db.Query(untrusted)
+	db.QueryRow(untrusted)
+	db.Raw(untrusted)
 
-	db.NewSelect().ColumnExpr(untrusted)     // $ querystring=untrusted
-	db.NewSelect().DistinctOn(untrusted)     // $ querystring=untrusted
-	db.NewSelect().For(untrusted)            // $ querystring=untrusted
-	db.NewSelect().GroupExpr(untrusted)      // $ querystring=untrusted
-	db.NewSelect().Having(untrusted)         // $ querystring=untrusted
-	db.NewSelect().ModelTableExpr(untrusted) // $ querystring=untrusted
-	db.NewSelect().OrderExpr(untrusted)      // $ querystring=untrusted
-	db.NewSelect().TableExpr(untrusted)      // $ querystring=untrusted
-	db.NewSelect().Where(untrusted)          // $ querystring=untrusted
-	db.NewSelect().WhereOr(untrusted)        // $ querystring=untrusted
+	db.NewSelect().ColumnExpr(untrusted)
+	db.NewSelect().DistinctOn(untrusted)
+	db.NewSelect().For(untrusted)
+	db.NewSelect().GroupExpr(untrusted)
+	db.NewSelect().Having(untrusted)
+	db.NewSelect().ModelTableExpr(untrusted)
+	db.NewSelect().OrderExpr(untrusted)
+	db.NewSelect().TableExpr(untrusted)
+	db.NewSelect().Where(untrusted)
+	db.NewSelect().WhereOr(untrusted)
 }

go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/QueryString.expected

@@ -1,3 +0,0 @@
-testFailures
-invalidModelRow
-failures

go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/QueryString.ql

@@ -1,60 +0,0 @@
-import go
-import semmle.go.dataflow.ExternalFlow
-import ModelValidation
-import TestUtilities.InlineExpectationsTest
-
-module SqlTest implements TestSig {
-  string getARelevantTag() { result = "query" }
-
-  predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "query" and
-    exists(SQL::Query q, SQL::QueryString qs | qs = q.getAQueryString() |
-      q.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
-        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
-      element = q.toString() and
-      value = qs.toString()
-    )
-  }
-}
-
-module QueryString implements TestSig {
-  string getARelevantTag() { result = "querystring" }
-
-  predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "querystring" and
-    element = "" and
-    exists(SQL::QueryString qs | not exists(SQL::Query q | qs = q.getAQueryString()) |
-      qs.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
-        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
-      value = qs.toString()
-    )
-  }
-}
-
-module Config implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node n) { n.asExpr() instanceof StringLit }
-
-  predicate isSink(DataFlow::Node n) {
-    n = any(DataFlow::CallNode cn | cn.getTarget().getName() = "sink").getAnArgument()
-  }
-}
-
-module Flow = TaintTracking::Global<Config>;
-
-module TaintFlow implements TestSig {
-  string getARelevantTag() { result = "flowfrom" }
-
-  predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "flowfrom" and
-    element = "" and
-    exists(DataFlow::Node fromNode, DataFlow::Node toNode |
-      toNode
-          .hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
-            location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
-      Flow::flow(fromNode, toNode) and
-      value = fromNode.asExpr().(StringLit).getValue()
-    )
-  }
-}
-
-import MakeTest<MergeTests3<SqlTest, QueryString, TaintFlow>>

go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/gogf.expected

@@ -0,0 +1,47 @@
+| gogf.go:12:9:12:11 | sql |
+| gogf.go:13:11:13:13 | sql |
+| gogf.go:14:13:14:15 | sql |
+| gogf.go:15:13:15:15 | sql |
+| gogf.go:16:11:16:13 | sql |
+| gogf.go:17:13:17:15 | sql |
+| gogf.go:18:12:18:14 | sql |
+| gogf.go:19:10:19:12 | sql |
+| gogf.go:20:8:20:10 | sql |
+| gogf.go:21:17:21:19 | sql |
+| gogf.go:22:19:22:21 | sql |
+| gogf.go:23:20:23:22 | sql |
+| gogf.go:24:23:24:25 | sql |
+| gogf.go:25:21:25:23 | sql |
+| gogf.go:26:23:26:25 | sql |
+| gogf.go:27:22:27:24 | sql |
+| gogf.go:28:24:28:26 | sql |
+| gogf.go:32:9:32:11 | sql |
+| gogf.go:33:11:33:13 | sql |
+| gogf.go:34:13:34:15 | sql |
+| gogf.go:35:13:35:15 | sql |
+| gogf.go:36:11:36:13 | sql |
+| gogf.go:37:13:37:15 | sql |
+| gogf.go:38:12:38:14 | sql |
+| gogf.go:39:10:39:12 | sql |
+| gogf.go:40:8:40:10 | sql |
+| gogf.go:41:17:41:19 | sql |
+| gogf.go:42:23:42:25 | sql |
+| gogf.go:43:21:43:23 | sql |
+| gogf.go:44:23:44:25 | sql |
+| gogf.go:45:22:45:24 | sql |
+| gogf.go:46:24:46:26 | sql |
+| gogf.go:51:9:51:11 | sql |
+| gogf.go:52:11:52:13 | sql |
+| gogf.go:53:13:53:15 | sql |
+| gogf.go:54:13:54:15 | sql |
+| gogf.go:55:11:55:13 | sql |
+| gogf.go:56:13:56:15 | sql |
+| gogf.go:57:12:57:14 | sql |
+| gogf.go:58:10:58:12 | sql |
+| gogf.go:59:8:59:10 | sql |
+| gogf.go:60:17:60:19 | sql |
+| gogf.go:61:23:61:25 | sql |
+| gogf.go:62:21:62:23 | sql |
+| gogf.go:63:23:63:25 | sql |
+| gogf.go:64:22:64:24 | sql |
+| gogf.go:65:24:65:26 | sql |

go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/gogf.go

@@ -4,13 +4,11 @@ package main
 //go:generate depstubber -vendor github.com/gogf/gf/database/gdb DB,Core,TX ""
 
 import (
-	"context"
-
 	"github.com/gogf/gf/database/gdb"
 	"github.com/gogf/gf/frame/g"
 )
 
-func gogfCoreTest(sql string, c *gdb.Core, ctx context.Context) {
+func gogfCoreTest(sql string, c *gdb.Core) {
 	c.Exec(sql, nil)               // $ querystring=sql
 	c.GetAll(sql, nil)             // $ querystring=sql
 	c.GetArray(sql, nil)           // $ querystring=sql
@@ -23,14 +21,14 @@ func gogfCoreTest(sql string, c *gdb.Core, ctx context.Context) {
 	c.GetScan(nil, sql, nil)       // $ querystring=sql
 	c.GetStruct(nil, sql, nil)     // $ querystring=sql
 	c.GetStructs(nil, sql, nil)    // $ querystring=sql
-	c.DoCommit(ctx, nil, sql, nil) // $ querystring=sql
-	c.DoExec(ctx, nil, sql, nil)   // $ querystring=sql
-	c.DoGetAll(ctx, nil, sql, nil) // $ querystring=sql
-	c.DoQuery(ctx, nil, sql, nil)  // $ querystring=sql
-	c.DoPrepare(ctx, nil, sql)     // $ querystring=sql
+	c.DoCommit(nil, nil, sql, nil) // $ querystring=sql
+	c.DoExec(nil, nil, sql, nil)   // $ querystring=sql
+	c.DoGetAll(nil, nil, sql, nil) // $ querystring=sql
+	c.DoQuery(nil, nil, sql, nil)  // $ querystring=sql
+	c.DoPrepare(nil, nil, sql)     // $ querystring=sql
 }
 
-func gogfDbtest(sql string, c gdb.DB, ctx context.Context) {
+func gogfDbtest(sql string, c gdb.DB) {
 	c.Exec(sql, nil)               // $ querystring=sql
 	c.GetAll(sql, nil)             // $ querystring=sql
 	c.GetArray(sql, nil)           // $ querystring=sql
@@ -41,14 +39,14 @@ func gogfDbtest(sql string, c gdb.DB, ctx context.Context) {
 	c.Query(sql, nil)              // $ querystring=sql
 	c.Raw(sql, nil)                // $ querystring=sql
 	c.GetScan(nil, sql, nil)       // $ querystring=sql
-	c.DoCommit(ctx, nil, sql, nil) // $ querystring=sql
-	c.DoExec(ctx, nil, sql, nil)   // $ querystring=sql
-	c.DoGetAll(ctx, nil, sql, nil) // $ querystring=sql
-	c.DoQuery(ctx, nil, sql, nil)  // $ querystring=sql
-	c.DoPrepare(ctx, nil, sql)     // $ querystring=sql
+	c.DoCommit(nil, nil, sql, nil) // $ querystring=sql
+	c.DoExec(nil, nil, sql, nil)   // $ querystring=sql
+	c.DoGetAll(nil, nil, sql, nil) // $ querystring=sql
+	c.DoQuery(nil, nil, sql, nil)  // $ querystring=sql
+	c.DoPrepare(nil, nil, sql)     // $ querystring=sql
 }
 
-func gogfGTest(sql string, ctx context.Context) {
+func gogfGTest(sql string) {
 	c := g.DB("ad")
 	c.Exec(sql, nil)               // $ querystring=sql
 	c.GetAll(sql, nil)             // $ querystring=sql
@@ -60,11 +58,11 @@ func gogfGTest(sql string, ctx context.Context) {
 	c.Query(sql, nil)              // $ querystring=sql
 	c.Raw(sql, nil)                // $ querystring=sql
 	c.GetScan(nil, sql, nil)       // $ querystring=sql
-	c.DoCommit(ctx, nil, sql, nil) // $ querystring=sql
-	c.DoExec(ctx, nil, sql, nil)   // $ querystring=sql
-	c.DoGetAll(ctx, nil, sql, nil) // $ querystring=sql
-	c.DoQuery(ctx, nil, sql, nil)  // $ querystring=sql
-	c.DoPrepare(ctx, nil, sql)     // $ querystring=sql
+	c.DoCommit(nil, nil, sql, nil) // $ querystring=sql
+	c.DoExec(nil, nil, sql, nil)   // $ querystring=sql
+	c.DoGetAll(nil, nil, sql, nil) // $ querystring=sql
+	c.DoQuery(nil, nil, sql, nil)  // $ querystring=sql
+	c.DoPrepare(nil, nil, sql)     // $ querystring=sql
 }
 
 func main() {

go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/gogf.ql

@@ -0,0 +1,4 @@
+import go
+
+from SQL::QueryString qs
+select qs

go/ql/test/library-tests/semmle/go/frameworks/SQL/gorqlite/QueryString.expected

@@ -1,3 +0,0 @@
-testFailures
-invalidModelRow
-failures