hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into path-sanitizers

Browse Source
This commit is contained in:
Kevin Stubbings
2025-02-14 01:11:39 -08:00
committed by GitHub
parent a94ba25ebe 8fca15036e
commit 74f16ee866
8082 changed files with 445215 additions and 172835 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
go/BUILD.bazel
View File

@@ -1,5 +1,6 @@
load("@gazelle//:def.bzl", "gazelle")
load("@rules_pkg//pkg:mappings.bzl", "pkg_files")
load("@rules_python//python:defs.bzl", "py_binary")
load("//misc/bazel:pkg.bzl", "codeql_pack", "codeql_pkg_files")
gazelle(

2
go/Makefile
View File

@@ -61,7 +61,7 @@ test: all build/testdb/check-upgrade-path
.PHONY: build/testdb/check-upgrade-path
build/testdb/check-upgrade-path : build/testdb/go.dbscheme ql/lib/go.dbscheme
codeql dataset upgrade build/testdb --search-path ql/lib
diff -q build/testdb/go.dbscheme ql/lib/go.dbscheme
diff -u build/testdb/go.dbscheme ql/lib/go.dbscheme
.PHONY: build/testdb/go.dbscheme
build/testdb/go.dbscheme: ql/lib/upgrades/initial/go.dbscheme

4
go/actions/test/action.yml
View File

@@ -4,7 +4,7 @@ inputs:
go-test-version:
description: Which Go version to use for running the tests
required: false
default: "~1.23.1"
default: "~1.24.0"
run-code-checks:
description: Whether to run formatting, code and qhelp generation checks
required: false
@@ -59,7 +59,7 @@ runs:
- name: Upload qhelp markdown
if: inputs.run-code-checks == 'true' && !cancelled()
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: qhelp-markdown
path: go/qhelp-out/**/*.md

122
go/docs/language/learn-ql/go/library-modeling-go.rst
View File

@@ -1,122 +0,0 @@
Modeling data flow in Go libraries
==================================
When analyzing a Go program, CodeQL does not examine the source code for
external packages. To track the flow of untrusted data through a library, you
can create a model of the library.
You can find existing models in the ``go/ql/lib/semmle/go/frameworks/`` folder of the
`CodeQL repository <https://github.com/github/codeql/tree/main/go/ql/lib/semmle/go/frameworks>`__.
To add a new model, you should make a new file in that folder, named after the library.
Sources
-------
To mark a source of data that is controlled by an untrusted user, we
create a class extending ``RemoteFlowSource::Range``. Inheritance and
the characteristic predicate of the class should be used to specify
exactly the dataflow node that introduces the data. Here is a short
example from ``Mux.qll``.
.. code-block:: ql
class RequestVars extends DataFlow::RemoteFlowSource::Range, DataFlow::CallNode {
RequestVars() { this.getTarget().hasQualifiedName("github.com/gorilla/mux", "Vars") }
}
This has the effect that all calls to `the function Vars from the
package mux <http://www.gorillatoolkit.org/pkg/mux#Vars>`__ are
treated as sources of untrusted data.
Flow propagation
----------------
By default, we assume that all functions in libraries do not have
any data flow. To indicate that a particular function does have data flow,
create a class extending ``TaintTracking::FunctionModel`` (or
``DataFlow::FunctionModel`` if the untrusted user data is passed on
without being modified).
Inheritance and the characteristic predicate of the class should specify
the function. The class should also have a member predicate with the signature
``override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp)``
(or
``override predicate hasDataFlow(FunctionInput inp, FunctionOutput outp)``
if extending ``DataFlow::FunctionModel``). The body should constrain
``inp`` and ``outp``.
``FunctionInput`` is an abstract representation of the inputs to a
function. The options are:
* the receiver (``inp.isReceiver()``)
* one of the parameters (``inp.isParameter(i)``)
* one of the results (``inp.isResult(i)``, or ``inp.isResult`` if there is only one result)
Note that it may seem strange that the result of a function could be
considered as a function input, but it is needed in some cases. For
instance, the function ``bufio.NewWriter`` returns a writer ``bw`` that
buffers write operations to an underlying writer ``w``. If tainted data
is written to ``bw``, then it makes sense to propagate that taint back
to the underlying writer ``w``, which can be modeled by saying that
``bufio.NewWriter`` propagates taint from its result to its first
argument.
Similarly, ``FunctionOutput`` is an abstract representation of the
outputs to a function. The options are:
* the receiver (``outp.isReceiver()``)
* one of the parameters (``outp.isParameter(i)``)
* one of the results (``outp.isResult(i)``, or ``outp.isResult`` if there is only one result)
Here is an example from ``Gin.qll``, which has been slightly simplified.
.. code-block:: ql
private class ParamsGet extends TaintTracking::FunctionModel, Method {
ParamsGet() { this.hasQualifiedName("github.com/gin-gonic/gin", "Params", "Get") }
override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
inp.isReceiver() and outp.isResult(0)
}
}
This has the effect that calls to the ``Get`` method with receiver type
``Params`` from the ``gin-gonic/gin`` package allow taint to flow from
the receiver to the first result. In other words, if ``p`` has type
``Params`` and taint can flow to it, then after the line
``x := p.Get("foo")`` taint can also flow to ``x``.
Sanitizers
----------
It is not necessary to indicate that library functions are sanitizers.
Their bodies are not analyzed, so it is assumed that data does not
flow through them.
Sinks
-----
Data-flow sinks are specified by queries rather than by library models.
However, you can use library models to indicate when functions belong to
special categories. Queries can then use these categories when specifying
sinks. Classes representing these special categories are contained in
``go/ql/lib/semmle/go/Concepts.qll`` in the `CodeQL for Go repository
<https://github.com/github/codeql/blob/main/go/ql/lib/semmle/go/Concepts.qll>`__.
``Concepts.qll`` includes classes for logger mechanisms,
HTTP response writers, HTTP redirects, and marshaling and unmarshaling
functions.
Here is a short example from ``Stdlib.qll``, which has been slightly simplified.
.. code-block:: ql
private class PrintfCall extends LoggerCall::Range, DataFlow::CallNode {
PrintfCall() { this.getTarget().hasQualifiedName("fmt", ["Print", "Printf", "Println"]) }
override DataFlow::Node getAMessageComponent() { result = this.getAnArgument() }
}
This has the effect that any call to ``Print``, ``Printf``, or
``Println`` in the package ``fmt`` is recognized as a logger call.
Any query that uses logger calls as a sink will then identify when tainted data
has been passed as an argument to ``Print``, ``Printf``, or ``Println``.

264
go/documentation/library-coverage/coverage.csv
View File

@@ -1,121 +1,143 @@
package,sink,source,summary,sink:command-injection,sink:credentials-key,sink:jwt,sink:path-injection,sink:regex-use[0],sink:regex-use[1],sink:regex-use[c],sink:request-forgery,sink:request-forgery[TCP Addr + Port],sink:url-redirection,sink:url-redirection[0],sink:url-redirection[receiver],sink:xpath-injection,source:environment,source:file,source:remote,summary:taint,summary:value
,,,8,,,,,,,,,,,,,,,,,3,5
archive/tar,,,5,,,,,,,,,,,,,,,,,5,
archive/zip,,,6,,,,,,,,,,,,,,,,,6,
bufio,,,17,,,,,,,,,,,,,,,,,17,
bytes,,,43,,,,,,,,,,,,,,,,,43,
clevergo.tech/clevergo,1,,,,,,,,,,,,,,1,,,,,,
compress/bzip2,,,1,,,,,,,,,,,,,,,,,1,
compress/flate,,,4,,,,,,,,,,,,,,,,,4,
compress/gzip,,,3,,,,,,,,,,,,,,,,,3,
compress/lzw,,,1,,,,,,,,,,,,,,,,,1,
compress/zlib,,,4,,,,,,,,,,,,,,,,,4,
container/heap,,,5,,,,,,,,,,,,,,,,,5,
container/list,,,20,,,,,,,,,,,,,,,,,20,
container/ring,,,5,,,,,,,,,,,,,,,,,5,
context,,,5,,,,,,,,,,,,,,,,,5,
crypto,,,10,,,,,,,,,,,,,,,,,10,
database/sql,,,11,,,,,,,,,,,,,,,,,11,
encoding,,,77,,,,,,,,,,,,,,,,,77,
errors,,,3,,,,,,,,,,,,,,,,,3,
expvar,,,6,,,,,,,,,,,,,,,,,6,
fmt,,,16,,,,,,,,,,,,,,,,,16,
github.com/ChrisTrenkamp/goxpath,3,,,,,,,,,,,,,,,3,,,,,
github.com/antchfx/htmlquery,4,,,,,,,,,,,,,,,4,,,,,
github.com/antchfx/jsonquery,4,,,,,,,,,,,,,,,4,,,,,
github.com/antchfx/xmlquery,8,,,,,,,,,,,,,,,8,,,,,
github.com/antchfx/xpath,4,,,,,,,,,,,,,,,4,,,,,
github.com/appleboy/gin-jwt,1,,,,1,,,,,,,,,,,,,,,,
github.com/astaxie/beego,7,21,21,,,,5,,,,,,2,,,,,,21,21,
github.com/beego/beego,14,42,42,,,,10,,,,,,4,,,,,,42,42,
github.com/caarlos0/env,,5,2,,,,,,,,,,,,,,5,,,1,1
github.com/clevergo/clevergo,1,,,,,,,,,,,,,,1,,,,,,
github.com/codeskyblue/go-sh,4,,,4,,,,,,,,,,,,,,,,,
github.com/couchbase/gocb,,,18,,,,,,,,,,,,,,,,,18,
github.com/couchbaselabs/gocb,,,18,,,,,,,,,,,,,,,,,18,
github.com/crankycoder/xmlpath,2,,,,,,,,,,,,,,,2,,,,,
github.com/cristalhq/jwt,1,,,,1,,,,,,,,,,,,,,,,
github.com/dgrijalva/jwt-go,3,,9,,2,1,,,,,,,,,,,,,,9,
github.com/elazarl/goproxy,,2,2,,,,,,,,,,,,,,,,2,2,
github.com/emicklei/go-restful,,7,,,,,,,,,,,,,,,,,7,,
github.com/evanphx/json-patch,,,12,,,,,,,,,,,,,,,,,12,
github.com/form3tech-oss/jwt-go,2,,,,2,,,,,,,,,,,,,,,,
github.com/gin-gonic/gin,3,46,2,,,,3,,,,,,,,,,,,46,2,
github.com/go-chi/chi,,3,,,,,,,,,,,,,,,,,3,,
github.com/go-chi/jwtauth,1,,,,1,,,,,,,,,,,,,,,,
github.com/go-jose/go-jose,3,,4,,2,1,,,,,,,,,,,,,,4,
github.com/go-kit/kit/auth/jwt,1,,,,1,,,,,,,,,,,,,,,,
github.com/go-pg/pg/orm,,,6,,,,,,,,,,,,,,,,,6,
github.com/go-xmlpath/xmlpath,2,,,,,,,,,,,,,,,2,,,,,
github.com/gobuffalo/envy,,7,,,,,,,,,,,,,,,7,,,,
github.com/gobwas/ws,,2,,,,,,,,,,,,,,,,,2,,
github.com/gofiber/fiber,5,,,,,,4,,,,,,,,1,,,,,,
github.com/gogf/gf-jwt,1,,,,1,,,,,,,,,,,,,,,,
github.com/going/toolkit/xmlpath,2,,,,,,,,,,,,,,,2,,,,,
github.com/golang-jwt/jwt,3,,11,,2,1,,,,,,,,,,,,,,11,
github.com/golang/protobuf/proto,,,4,,,,,,,,,,,,,,,,,4,
github.com/gorilla/mux,,1,,,,,,,,,,,,,,,,,1,,
github.com/gorilla/websocket,,3,,,,,,,,,,,,,,,,,3,,
github.com/hashicorp/go-envparse,,1,,,,,,,,,,,,,,,1,,,,
github.com/jbowtie/gokogiri/xml,4,,,,,,,,,,,,,,,4,,,,,
github.com/jbowtie/gokogiri/xpath,1,,,,,,,,,,,,,,,1,,,,,
github.com/joho/godotenv,,4,,,,,,,,,,,,,,,4,,,,
github.com/json-iterator/go,,,4,,,,,,,,,,,,,,,,,4,
github.com/kataras/iris/context,6,,,,,,6,,,,,,,,,,,,,,
github.com/kataras/iris/middleware/jwt,2,,,,2,,,,,,,,,,,,,,,,
github.com/kataras/iris/server/web/context,6,,,,,,6,,,,,,,,,,,,,,
github.com/kataras/jwt,5,,,,5,,,,,,,,,,,,,,,,
github.com/kelseyhightower/envconfig,,6,,,,,,,,,,,,,,,6,,,,
github.com/labstack/echo,3,12,2,,,,2,,,,,,1,,,,,,12,2,
github.com/lestrrat-go/jwx,2,,,,2,,,,,,,,,,,,,,,,
github.com/lestrrat-go/libxml2/parser,3,,,,,,,,,,,,,,,3,,,,,
github.com/lestrrat/go-jwx/jwk,1,,,,1,,,,,,,,,,,,,,,,
github.com/masterzen/xmlpath,2,,,,,,,,,,,,,,,2,,,,,
github.com/moovweb/gokogiri/xml,4,,,,,,,,,,,,,,,4,,,,,
github.com/moovweb/gokogiri/xpath,1,,,,,,,,,,,,,,,1,,,,,
github.com/ory/fosite/token/jwt,2,,,,2,,,,,,,,,,,,,,,,
github.com/revel/revel,2,23,10,,,,1,,,,,,1,,,,,,23,10,
github.com/robfig/revel,2,23,10,,,,1,,,,,,1,,,,,,23,10,
github.com/santhosh-tekuri/xpathparser,2,,,,,,,,,,,,,,,2,,,,,
github.com/sendgrid/sendgrid-go/helpers/mail,,,1,,,,,,,,,,,,,,,,,1,
github.com/spf13/afero,34,,,,,,34,,,,,,,,,,,,,,
github.com/square/go-jose,3,,4,,2,1,,,,,,,,,,,,,,4,
github.com/valyala/fasthttp,35,50,5,,,,8,,,,17,8,2,,,,,,50,5,
go.uber.org/zap,,,11,,,,,,,,,,,,,,,,,11,
golang.org/x/crypto/ssh,4,,,4,,,,,,,,,,,,,,,,,
golang.org/x/net/context,,,5,,,,,,,,,,,,,,,,,5,
golang.org/x/net/html,,,16,,,,,,,,,,,,,,,,,16,
golang.org/x/net/websocket,,2,,,,,,,,,,,,,,,,,2,,
google.golang.org/protobuf/internal/encoding/text,,,1,,,,,,,,,,,,,,,,,1,
google.golang.org/protobuf/internal/impl,,,2,,,,,,,,,,,,,,,,,2,
google.golang.org/protobuf/proto,,,8,,,,,,,,,,,,,,,,,8,
google.golang.org/protobuf/reflect/protoreflect,,,1,,,,,,,,,,,,,,,,,1,
gopkg.in/couchbase/gocb,,,18,,,,,,,,,,,,,,,,,18,
gopkg.in/go-jose/go-jose,3,,4,,2,1,,,,,,,,,,,,,,4,
gopkg.in/go-xmlpath/xmlpath,2,,,,,,,,,,,,,,,2,,,,,
gopkg.in/macaron,1,12,1,,,,,,,,,,,,1,,,,12,1,
gopkg.in/square/go-jose,3,,4,,2,1,,,,,,,,,,,,,,4,
gopkg.in/xmlpath,2,,,,,,,,,,,,,,,2,,,,,
gopkg.in/yaml,,,9,,,,,,,,,,,,,,,,,9,
html,,,8,,,,,,,,,,,,,,,,,8,
io,5,4,34,,,,5,,,,,,,,,,,4,,34,
k8s.io/api/core,,,10,,,,,,,,,,,,,,,,,10,
k8s.io/apimachinery/pkg/runtime,,,47,,,,,,,,,,,,,,,,,47,
launchpad.net/xmlpath,2,,,,,,,,,,,,,,,2,,,,,
log,,,3,,,,,,,,,,,,,,,,,3,
math/big,,,1,,,,,,,,,,,,,,,,,1,
mime,,,14,,,,,,,,,,,,,,,,,14,
net,2,16,100,,,,1,,,,,,,1,,,,,16,100,
nhooyr.io/websocket,,2,,,,,,,,,,,,,,,,,2,,
os,29,10,6,3,,,26,,,,,,,,,,7,3,,6,
path,,,18,,,,,,,,,,,,,,,,,18,
reflect,,,37,,,,,,,,,,,,,,,,,37,
regexp,10,,20,,,,,3,3,4,,,,,,,,,,20,
sort,,,1,,,,,,,,,,,,,,,,,1,
strconv,,,9,,,,,,,,,,,,,,,,,9,
strings,,,34,,,,,,,,,,,,,,,,,34,
sync,,,34,,,,,,,,,,,,,,,,,34,
syscall,5,2,8,5,,,,,,,,,,,,,2,,,8,
text/scanner,,,3,,,,,,,,,,,,,,,,,3,
text/tabwriter,,,1,,,,,,,,,,,,,,,,,1,
text/template,,,6,,,,,,,,,,,,,,,,,6,
package,sink,source,summary,sink:command-injection,sink:credentials-key,sink:jwt,sink:log-injection,sink:nosql-injection,sink:path-injection,sink:regex-use[0],sink:regex-use[1],sink:regex-use[c],sink:request-forgery,sink:request-forgery[TCP Addr + Port],sink:sql-injection,sink:url-redirection,sink:url-redirection[0],sink:url-redirection[receiver],sink:xpath-injection,source:commandargs,source:database,source:environment,source:file,source:remote,source:stdin,summary:taint,summary:value
,,,8,,,,,,,,,,,,,,,,,,,,,,,3,5
archive/tar,,,5,,,,,,,,,,,,,,,,,,,,,,,5,
archive/zip,,,6,,,,,,,,,,,,,,,,,,,,,,,6,
bufio,,,17,,,,,,,,,,,,,,,,,,,,,,,17,
bytes,,,43,,,,,,,,,,,,,,,,,,,,,,,43,
clevergo.tech/clevergo,1,,,,,,,,,,,,,,,,,1,,,,,,,,,
compress/bzip2,,,1,,,,,,,,,,,,,,,,,,,,,,,1,
compress/flate,,,4,,,,,,,,,,,,,,,,,,,,,,,4,
compress/gzip,,,3,,,,,,,,,,,,,,,,,,,,,,,3,
compress/lzw,,,1,,,,,,,,,,,,,,,,,,,,,,,1,
compress/zlib,,,4,,,,,,,,,,,,,,,,,,,,,,,4,
container/heap,,,5,,,,,,,,,,,,,,,,,,,,,,,5,
container/list,,,20,,,,,,,,,,,,,,,,,,,,,,,20,
container/ring,,,5,,,,,,,,,,,,,,,,,,,,,,,5,
context,,,5,,,,,,,,,,,,,,,,,,,,,,,5,
crypto,,,10,,,,,,,,,,,,,,,,,,,,,,,10,
database/sql,30,18,12,,,,,,,,,,,,30,,,,,,18,,,,,12,
encoding,,,81,,,,,,,,,,,,,,,,,,,,,,,81,
errors,,,3,,,,,,,,,,,,,,,,,,,,,,,3,
expvar,,,6,,,,,,,,,,,,,,,,,,,,,,,6,
fmt,3,,16,,,,3,,,,,,,,,,,,,,,,,,,16,
github.com/ChrisTrenkamp/goxpath,3,,,,,,,,,,,,,,,,,,3,,,,,,,,
github.com/Masterminds/squirrel,32,,,,,,,,,,,,,,32,,,,,,,,,,,,
github.com/Sirupsen/logrus,145,,,,,,145,,,,,,,,,,,,,,,,,,,,
github.com/antchfx/htmlquery,4,,,,,,,,,,,,,,,,,,4,,,,,,,,
github.com/antchfx/jsonquery,4,,,,,,,,,,,,,,,,,,4,,,,,,,,
github.com/antchfx/xmlquery,8,,,,,,,,,,,,,,,,,,8,,,,,,,,
github.com/antchfx/xpath,4,,,,,,,,,,,,,,,,,,4,,,,,,,,
github.com/appleboy/gin-jwt,1,,,,1,,,,,,,,,,,,,,,,,,,,,,
github.com/astaxie/beego,71,34,21,,,,34,,5,,,,,,30,2,,,,,13,,,21,,21,
github.com/beego/beego,142,68,42,,,,68,,10,,,,,,60,4,,,,,26,,,42,,42,
github.com/caarlos0/env,,5,2,,,,,,,,,,,,,,,,,,,5,,,,1,1
github.com/clevergo/clevergo,1,,,,,,,,,,,,,,,,,1,,,,,,,,,
github.com/codeskyblue/go-sh,4,,,4,,,,,,,,,,,,,,,,,,,,,,,
github.com/couchbase/gocb,8,,18,,,,,8,,,,,,,,,,,,,,,,,,18,
github.com/couchbaselabs/gocb,8,,18,,,,,8,,,,,,,,,,,,,,,,,,18,
github.com/crankycoder/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,,,
github.com/cristalhq/jwt,1,,,,1,,,,,,,,,,,,,,,,,,,,,,
github.com/davecgh/go-spew/spew,9,,,,,,9,,,,,,,,,,,,,,,,,,,,
github.com/dgrijalva/jwt-go,3,,9,,2,1,,,,,,,,,,,,,,,,,,,,9,
github.com/elazarl/goproxy,2,2,2,,,,2,,,,,,,,,,,,,,,,,2,,2,
github.com/emicklei/go-restful,,7,,,,,,,,,,,,,,,,,,,,,,7,,,
github.com/evanphx/json-patch,,,12,,,,,,,,,,,,,,,,,,,,,,,12,
github.com/form3tech-oss/jwt-go,2,,,,2,,,,,,,,,,,,,,,,,,,,,,
github.com/gin-gonic/gin,3,46,2,,,,,,3,,,,,,,,,,,,,,,46,,2,
github.com/go-chi/chi,,3,,,,,,,,,,,,,,,,,,,,,,3,,,
github.com/go-chi/jwtauth,1,,,,1,,,,,,,,,,,,,,,,,,,,,,
github.com/go-gorm/gorm,13,15,1,,,,,,,,,,,,13,,,,,,15,,,,,1,
github.com/go-jose/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,,,,,,4,
github.com/go-kit/kit/auth/jwt,1,,,,1,,,,,,,,,,,,,,,,,,,,,,
github.com/go-pg/pg/orm,,,6,,,,,,,,,,,,,,,,,,,,,,,6,
github.com/go-xmlpath/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,,,
github.com/go-xorm/xorm,34,,,,,,,,,,,,,,34,,,,,,,,,,,,
github.com/gobuffalo/envy,,7,,,,,,,,,,,,,,,,,,,,7,,,,,
github.com/gobwas/ws,,2,,,,,,,,,,,,,,,,,,,,,,2,,,
github.com/gofiber/fiber,5,,,,,,,,4,,,,,,,,,1,,,,,,,,,
github.com/gogf/gf-jwt,1,,,,1,,,,,,,,,,,,,,,,,,,,,,
github.com/gogf/gf/database/gdb,51,,,,,,,,,,,,,,51,,,,,,,,,,,,
github.com/going/toolkit/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,,,
github.com/golang-jwt/jwt,3,,11,,2,1,,,,,,,,,,,,,,,,,,,,11,
github.com/golang/glog,90,,,,,,90,,,,,,,,,,,,,,,,,,,,
github.com/golang/protobuf/proto,,,4,,,,,,,,,,,,,,,,,,,,,,,4,
github.com/gorilla/mux,,1,,,,,,,,,,,,,,,,,,,,,,1,,,
github.com/gorilla/websocket,,3,,,,,,,,,,,,,,,,,,,,,,3,,,
github.com/hashicorp/go-envparse,,1,,,,,,,,,,,,,,,,,,,,1,,,,,
github.com/jbowtie/gokogiri/xml,4,,,,,,,,,,,,,,,,,,4,,,,,,,,
github.com/jbowtie/gokogiri/xpath,1,,,,,,,,,,,,,,,,,,1,,,,,,,,
github.com/jinzhu/gorm,13,15,1,,,,,,,,,,,,13,,,,,,15,,,,,1,
github.com/jmoiron/sqlx,12,49,11,,,,,,,,,,,,12,,,,,,49,,,,,11,
github.com/joho/godotenv,,4,,,,,,,,,,,,,,,,,,,,4,,,,,
github.com/json-iterator/go,,,4,,,,,,,,,,,,,,,,,,,,,,,4,
github.com/kataras/iris/context,6,,,,,,,,6,,,,,,,,,,,,,,,,,,
github.com/kataras/iris/middleware/jwt,2,,,,2,,,,,,,,,,,,,,,,,,,,,,
github.com/kataras/iris/server/web/context,6,,,,,,,,6,,,,,,,,,,,,,,,,,,
github.com/kataras/jwt,5,,,,5,,,,,,,,,,,,,,,,,,,,,,
github.com/kelseyhightower/envconfig,,6,,,,,,,,,,,,,,,,,,,,6,,,,,
github.com/labstack/echo,3,12,2,,,,,,2,,,,,,,1,,,,,,,,12,,2,
github.com/lann/squirrel,32,,,,,,,,,,,,,,32,,,,,,,,,,,,
github.com/lestrrat-go/jwx,2,,,,2,,,,,,,,,,,,,,,,,,,,,,
github.com/lestrrat-go/libxml2/parser,3,,,,,,,,,,,,,,,,,,3,,,,,,,,
github.com/lestrrat/go-jwx/jwk,1,,,,1,,,,,,,,,,,,,,,,,,,,,,
github.com/masterzen/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,,,
github.com/moovweb/gokogiri/xml,4,,,,,,,,,,,,,,,,,,4,,,,,,,,
github.com/moovweb/gokogiri/xpath,1,,,,,,,,,,,,,,,,,,1,,,,,,,,
github.com/ory/fosite/token/jwt,2,,,,2,,,,,,,,,,,,,,,,,,,,,,
github.com/raindog308/gorqlite,24,,,,,,,,,,,,,,24,,,,,,,,,,,,
github.com/revel/revel,2,23,10,,,,,,1,,,,,,,1,,,,,,,,23,,10,
github.com/robfig/revel,2,23,10,,,,,,1,,,,,,,1,,,,,,,,23,,10,
github.com/rqlite/gorqlite,24,,,,,,,,,,,,,,24,,,,,,,,,,,,
github.com/santhosh-tekuri/xpathparser,2,,,,,,,,,,,,,,,,,,2,,,,,,,,
github.com/sendgrid/sendgrid-go/helpers/mail,,,1,,,,,,,,,,,,,,,,,,,,,,,1,
github.com/sirupsen/logrus,145,,,,,,145,,,,,,,,,,,,,,,,,,,,
github.com/spf13/afero,34,,,,,,,,34,,,,,,,,,,,,,,,,,,
github.com/square/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,,,,,,4,
github.com/uptrace/bun,63,,,,,,,,,,,,,,63,,,,,,,,,,,,
github.com/valyala/fasthttp,35,50,5,,,,,,8,,,,17,8,,2,,,,,,,,50,,5,
go.mongodb.org/mongo-driver/mongo,14,,,,,,,14,,,,,,,,,,,,,,,,,,,
go.uber.org/zap,33,,11,,,,33,,,,,,,,,,,,,,,,,,,11,
golang.org/x/crypto/ssh,4,,,4,,,,,,,,,,,,,,,,,,,,,,,
golang.org/x/net/context,,,5,,,,,,,,,,,,,,,,,,,,,,,5,
golang.org/x/net/html,,,16,,,,,,,,,,,,,,,,,,,,,,,16,
golang.org/x/net/websocket,,2,,,,,,,,,,,,,,,,,,,,,,2,,,
google.golang.org/protobuf/internal/encoding/text,,,1,,,,,,,,,,,,,,,,,,,,,,,1,
google.golang.org/protobuf/internal/impl,,,2,,,,,,,,,,,,,,,,,,,,,,,2,
google.golang.org/protobuf/proto,,,8,,,,,,,,,,,,,,,,,,,,,,,8,
google.golang.org/protobuf/reflect/protoreflect,,,1,,,,,,,,,,,,,,,,,,,,,,,1,
gopkg.in/Masterminds/squirrel,32,,,,,,,,,,,,,,32,,,,,,,,,,,,
gopkg.in/couchbase/gocb,8,,18,,,,,8,,,,,,,,,,,,,,,,,,18,
gopkg.in/glog,90,,,,,,90,,,,,,,,,,,,,,,,,,,,
gopkg.in/go-jose/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,,,,,,4,
gopkg.in/go-xmlpath/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,,,
gopkg.in/macaron,1,12,1,,,,,,,,,,,,,,,1,,,,,,12,,1,
gopkg.in/square/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,,,,,,4,
gopkg.in/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,,,
gopkg.in/yaml,,,9,,,,,,,,,,,,,,,,,,,,,,,9,
gorm.io/gorm,13,15,1,,,,,,,,,,,,13,,,,,,15,,,,,1,
html,,,8,,,,,,,,,,,,,,,,,,,,,,,8,
io,5,4,34,,,,,,5,,,,,,,,,,,,,,4,,,34,
k8s.io/api/core,,,10,,,,,,,,,,,,,,,,,,,,,,,10,
k8s.io/apimachinery/pkg/runtime,,,47,,,,,,,,,,,,,,,,,,,,,,,47,
k8s.io/klog,90,,,,,,90,,,,,,,,,,,,,,,,,,,,
launchpad.net/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,,,
log,20,,3,,,,20,,,,,,,,,,,,,,,,,,,3,
math/big,,,1,,,,,,,,,,,,,,,,,,,,,,,1,
mime,,,14,,,,,,,,,,,,,,,,,,,,,,,14,
net,2,16,100,,,,,,1,,,,,,,,1,,,,,,,16,,100,
nhooyr.io/websocket,,2,,,,,,,,,,,,,,,,,,,,,,2,,,
os,29,12,6,3,,,,,26,,,,,,,,,,,1,,7,3,,1,6,
path,,,18,,,,,,,,,,,,,,,,,,,,,,,18,
reflect,,,37,,,,,,,,,,,,,,,,,,,,,,,37,
regexp,10,,20,,,,,,,3,3,4,,,,,,,,,,,,,,20,
slices,,,17,,,,,,,,,,,,,,,,,,,,,,,,17
sort,,,1,,,,,,,,,,,,,,,,,,,,,,,1,
strconv,,,9,,,,,,,,,,,,,,,,,,,,,,,9,
strings,,,34,,,,,,,,,,,,,,,,,,,,,,,34,
sync,,,34,,,,,,,,,,,,,,,,,,,,,,,34,
syscall,5,2,8,5,,,,,,,,,,,,,,,,,,2,,,,8,
text/scanner,,,3,,,,,,,,,,,,,,,,,,,,,,,3,
text/tabwriter,,,1,,,,,,,,,,,,,,,,,,,,,,,1,
text/template,,,4,,,,,,,,,,,,,,,,,,,,,,,4,
weak,,,2,,,,,,,,,,,,,,,,,,,,,,,2,
xorm.io/xorm,34,,,,,,,,,,,,,,34,,,,,,,,,,,,
1 package sink source summary sink:command-injection sink:credentials-key sink:jwt sink:log-injection sink:nosql-injection sink:path-injection sink:regex-use[0] sink:regex-use[1] sink:regex-use[c] sink:request-forgery sink:request-forgery[TCP Addr + Port] sink:sql-injection sink:url-redirection sink:url-redirection[0] sink:url-redirection[receiver] sink:xpath-injection source:commandargs source:database source:environment source:file source:remote source:stdin summary:taint summary:value
2 8 3 5
3 archive/tar 5 5
4 archive/zip 6 6
5 bufio 17 17
6 bytes 43 43
7 clevergo.tech/clevergo 1 1
8 compress/bzip2 1 1
9 compress/flate 4 4
10 compress/gzip 3 3
11 compress/lzw 1 1
12 compress/zlib 4 4
13 container/heap 5 5
14 container/list 20 20
15 container/ring 5 5
16 context 5 5
17 crypto 10 10
18 database/sql 30 18 11 12 30 18 11 12
19 encoding 77 81 77 81
20 errors 3 3
21 expvar 6 6
22 fmt 3 16 3 16
23 github.com/ChrisTrenkamp/goxpath 3 3
24 github.com/antchfx/htmlquery github.com/Masterminds/squirrel 4 32 32 4
25 github.com/antchfx/jsonquery github.com/Sirupsen/logrus 4 145 145 4
26 github.com/antchfx/xmlquery github.com/antchfx/htmlquery 8 4 8 4
27 github.com/antchfx/xpath github.com/antchfx/jsonquery 4 4
28 github.com/appleboy/gin-jwt github.com/antchfx/xmlquery 1 8 1 8
29 github.com/astaxie/beego github.com/antchfx/xpath 7 4 21 21 5 2 4 21 21
30 github.com/beego/beego github.com/appleboy/gin-jwt 14 1 42 42 1 10 4 42 42
31 github.com/caarlos0/env github.com/astaxie/beego 71 5 34 2 21 34 5 30 2 13 5 21 1 21 1
32 github.com/clevergo/clevergo github.com/beego/beego 1 142 68 42 68 10 60 4 1 26 42 42
33 github.com/codeskyblue/go-sh github.com/caarlos0/env 4 5 2 4 5 1 1
34 github.com/couchbase/gocb github.com/clevergo/clevergo 1 18 1 18
35 github.com/couchbaselabs/gocb github.com/codeskyblue/go-sh 4 18 4 18
36 github.com/crankycoder/xmlpath github.com/couchbase/gocb 2 8 18 8 2 18
37 github.com/cristalhq/jwt github.com/couchbaselabs/gocb 1 8 18 1 8 18
38 github.com/dgrijalva/jwt-go github.com/crankycoder/xmlpath 3 2 9 2 1 2 9
39 github.com/elazarl/goproxy github.com/cristalhq/jwt 1 2 2 1 2 2
40 github.com/emicklei/go-restful github.com/davecgh/go-spew/spew 9 7 9 7
41 github.com/evanphx/json-patch github.com/dgrijalva/jwt-go 3 12 9 2 1 12 9
42 github.com/form3tech-oss/jwt-go github.com/elazarl/goproxy 2 2 2 2 2 2 2
43 github.com/gin-gonic/gin github.com/emicklei/go-restful 3 46 7 2 3 46 7 2
44 github.com/go-chi/chi github.com/evanphx/json-patch 3 12 3 12
45 github.com/go-chi/jwtauth github.com/form3tech-oss/jwt-go 1 2 1 2
46 github.com/go-jose/go-jose github.com/gin-gonic/gin 3 46 4 2 2 1 3 46 4 2
47 github.com/go-kit/kit/auth/jwt github.com/go-chi/chi 1 3 1 3
48 github.com/go-pg/pg/orm github.com/go-chi/jwtauth 1 6 1 6
49 github.com/go-xmlpath/xmlpath github.com/go-gorm/gorm 2 13 15 1 13 2 15 1
50 github.com/gobuffalo/envy github.com/go-jose/go-jose 3 7 4 2 1 7 4
51 github.com/gobwas/ws github.com/go-kit/kit/auth/jwt 1 2 1 2
52 github.com/gofiber/fiber github.com/go-pg/pg/orm 5 6 4 1 6
53 github.com/gogf/gf-jwt github.com/go-xmlpath/xmlpath 1 2 1 2
54 github.com/going/toolkit/xmlpath github.com/go-xorm/xorm 2 34 34 2
55 github.com/golang-jwt/jwt github.com/gobuffalo/envy 3 7 11 2 1 7 11
56 github.com/golang/protobuf/proto github.com/gobwas/ws 2 4 2 4
57 github.com/gorilla/mux github.com/gofiber/fiber 5 1 4 1 1
58 github.com/gorilla/websocket github.com/gogf/gf-jwt 1 3 1 3
59 github.com/hashicorp/go-envparse github.com/gogf/gf/database/gdb 51 1 51 1
60 github.com/jbowtie/gokogiri/xml github.com/going/toolkit/xmlpath 4 2 4 2
61 github.com/jbowtie/gokogiri/xpath github.com/golang-jwt/jwt 1 3 11 2 1 1 11
62 github.com/joho/godotenv github.com/golang/glog 90 4 90 4
63 github.com/json-iterator/go github.com/golang/protobuf/proto 4 4
64 github.com/kataras/iris/context github.com/gorilla/mux 6 1 6 1
65 github.com/kataras/iris/middleware/jwt github.com/gorilla/websocket 2 3 2 3
66 github.com/kataras/iris/server/web/context github.com/hashicorp/go-envparse 6 1 6 1
67 github.com/kataras/jwt github.com/jbowtie/gokogiri/xml 5 4 5 4
68 github.com/kelseyhightower/envconfig github.com/jbowtie/gokogiri/xpath 1 6 1 6
69 github.com/labstack/echo github.com/jinzhu/gorm 3 13 12 15 2 1 2 13 1 15 12 2 1
70 github.com/lestrrat-go/jwx github.com/jmoiron/sqlx 2 12 49 11 2 12 49 11
71 github.com/lestrrat-go/libxml2/parser github.com/joho/godotenv 3 4 3 4
72 github.com/lestrrat/go-jwx/jwk github.com/json-iterator/go 1 4 1 4
73 github.com/masterzen/xmlpath github.com/kataras/iris/context 2 6 6 2
74 github.com/moovweb/gokogiri/xml github.com/kataras/iris/middleware/jwt 4 2 2 4
75 github.com/moovweb/gokogiri/xpath github.com/kataras/iris/server/web/context 1 6 6 1
76 github.com/ory/fosite/token/jwt github.com/kataras/jwt 2 5 2 5
77 github.com/revel/revel github.com/kelseyhightower/envconfig 2 23 6 10 1 1 6 23 10
78 github.com/robfig/revel github.com/labstack/echo 2 3 23 12 10 2 1 2 1 23 12 10 2
79 github.com/santhosh-tekuri/xpathparser github.com/lann/squirrel 2 32 32 2
80 github.com/sendgrid/sendgrid-go/helpers/mail github.com/lestrrat-go/jwx 2 1 2 1
81 github.com/spf13/afero github.com/lestrrat-go/libxml2/parser 34 3 34 3
82 github.com/square/go-jose github.com/lestrrat/go-jwx/jwk 3 1 4 2 1 1 4
83 github.com/valyala/fasthttp github.com/masterzen/xmlpath 35 2 50 5 8 17 8 2 2 50 5
84 go.uber.org/zap github.com/moovweb/gokogiri/xml 4 11 4 11
85 golang.org/x/crypto/ssh github.com/moovweb/gokogiri/xpath 4 1 4 1
86 golang.org/x/net/context github.com/ory/fosite/token/jwt 2 5 2 5
87 golang.org/x/net/html github.com/raindog308/gorqlite 24 16 24 16
88 golang.org/x/net/websocket github.com/revel/revel 2 2 23 10 1 1 2 23 10
89 google.golang.org/protobuf/internal/encoding/text github.com/robfig/revel 2 23 1 10 1 1 23 1 10
90 google.golang.org/protobuf/internal/impl github.com/rqlite/gorqlite 24 2 24 2
91 google.golang.org/protobuf/proto github.com/santhosh-tekuri/xpathparser 2 8 2 8
92 google.golang.org/protobuf/reflect/protoreflect github.com/sendgrid/sendgrid-go/helpers/mail 1 1
93 gopkg.in/couchbase/gocb github.com/sirupsen/logrus 145 18 145 18
94 gopkg.in/go-jose/go-jose github.com/spf13/afero 3 34 4 2 1 34 4
95 gopkg.in/go-xmlpath/xmlpath github.com/square/go-jose 2 3 4 2 1 2 4
96 gopkg.in/macaron github.com/uptrace/bun 1 63 12 1 63 1 12 1
97 gopkg.in/square/go-jose github.com/valyala/fasthttp 3 35 50 4 5 2 1 8 17 8 2 50 4 5
98 gopkg.in/xmlpath go.mongodb.org/mongo-driver/mongo 2 14 14 2
99 gopkg.in/yaml go.uber.org/zap 33 9 11 33 9 11
100 html golang.org/x/crypto/ssh 4 8 4 8
101 io golang.org/x/net/context 5 4 34 5 5 4 34 5
102 k8s.io/api/core golang.org/x/net/html 10 16 10 16
103 k8s.io/apimachinery/pkg/runtime golang.org/x/net/websocket 2 47 2 47
104 launchpad.net/xmlpath google.golang.org/protobuf/internal/encoding/text 2 1 2 1
105 log google.golang.org/protobuf/internal/impl 3 2 3 2
106 math/big google.golang.org/protobuf/proto 1 8 1 8
107 mime google.golang.org/protobuf/reflect/protoreflect 14 1 14 1
108 net gopkg.in/Masterminds/squirrel 2 32 16 100 1 32 1 16 100
109 nhooyr.io/websocket gopkg.in/couchbase/gocb 8 2 18 8 2 18
110 os gopkg.in/glog 29 90 10 6 3 90 26 7 3 6
111 path gopkg.in/go-jose/go-jose 3 18 4 2 1 18 4
112 reflect gopkg.in/go-xmlpath/xmlpath 2 37 2 37
113 regexp gopkg.in/macaron 10 1 12 20 1 3 3 4 1 12 20 1
114 sort gopkg.in/square/go-jose 3 1 4 2 1 1 4
115 strconv gopkg.in/xmlpath 2 9 2 9
116 strings gopkg.in/yaml 34 9 34 9
117 sync gorm.io/gorm 13 15 34 1 13 15 34 1
118 syscall html 5 2 8 5 2 8
119 text/scanner io 5 4 3 34 5 4 3 34
120 text/tabwriter k8s.io/api/core 1 10 1 10
121 text/template k8s.io/apimachinery/pkg/runtime 6 47 6 47
122 k8s.io/klog 90 90
123 launchpad.net/xmlpath 2 2
124 log 20 3 20 3
125 math/big 1 1
126 mime 14 14
127 net 2 16 100 1 1 16 100
128 nhooyr.io/websocket 2 2
129 os 29 12 6 3 26 1 7 3 1 6
130 path 18 18
131 reflect 37 37
132 regexp 10 20 3 3 4 20
133 slices 17 17
134 sort 1 1
135 strconv 9 9
136 strings 34 34
137 sync 34 34
138 syscall 5 2 8 5 2 8
139 text/scanner 3 3
140 text/tabwriter 1 1
141 text/template 4 4
142 weak 2 2
143 xorm.io/xorm 34 34

22
go/documentation/library-coverage/coverage.rst
View File

@@ -9,27 +9,27 @@ Go framework & library support
Framework / library,Package,Flow sources,Taint & value steps,Sinks (total)
`Afero <https://github.com/spf13/afero>`_,``github.com/spf13/afero*``,,,34
`CleverGo <https://github.com/clevergo/clevergo>`_,"``clevergo.tech/clevergo*``, ``github.com/clevergo/clevergo*``",,,2
`Couchbase official client(gocb) <https://github.com/couchbase/gocb>`_,"``github.com/couchbase/gocb*``, ``gopkg.in/couchbase/gocb*``",,36,
`Couchbase unofficial client <http://www.github.com/couchbase/go-couchbase>`_,``github.com/couchbaselabs/gocb*``,,18,
`Couchbase official client(gocb) <https://github.com/couchbase/gocb>`_,"``github.com/couchbase/gocb*``, ``gopkg.in/couchbase/gocb*``",,36,16
`Couchbase unofficial client <http://www.github.com/couchbase/go-couchbase>`_,``github.com/couchbaselabs/gocb*``,,18,8
`Echo <https://echo.labstack.com/>`_,``github.com/labstack/echo*``,12,2,3
`Fiber <https://github.com/gofiber/fiber>`_,``github.com/gofiber/fiber*``,,,5
`Fosite <https://github.com/ory/fosite>`_,``github.com/ory/fosite*``,,,2
`Gin <https://github.com/gin-gonic/gin>`_,``github.com/gin-gonic/gin*``,46,2,3
`Glog <https://github.com/golang/glog>`_,"``github.com/golang/glog*``, ``gopkg.in/glog*``, ``k8s.io/klog*``",,,
`Glog <https://github.com/golang/glog>`_,"``github.com/golang/glog*``, ``gopkg.in/glog*``, ``k8s.io/klog*``",,,270
`Go JOSE <https://github.com/go-jose/go-jose>`_,"``github.com/go-jose/go-jose*``, ``github.com/square/go-jose*``, ``gopkg.in/square/go-jose*``, ``gopkg.in/go-jose/go-jose*``",,16,12
`Go kit <https://gokit.io/>`_,``github.com/go-kit/kit*``,,,1
`Go-spew <https://github.com/davecgh/go-spew>`_,``github.com/davecgh/go-spew/spew*``,,,
`Go-spew <https://github.com/davecgh/go-spew>`_,``github.com/davecgh/go-spew/spew*``,,,9
`Gokogiri <https://github.com/moovweb/gokogiri>`_,"``github.com/jbowtie/gokogiri*``, ``github.com/moovweb/gokogiri*``",,,10
`Iris <https://www.iris-go.com/>`_,``github.com/kataras/iris*``,,,14
`Kubernetes <https://kubernetes.io/>`_,"``k8s.io/api*``, ``k8s.io/apimachinery*``",,57,
`Logrus <https://github.com/sirupsen/logrus>`_,"``github.com/Sirupsen/logrus*``, ``github.com/sirupsen/logrus*``",,,
`Logrus <https://github.com/sirupsen/logrus>`_,"``github.com/Sirupsen/logrus*``, ``github.com/sirupsen/logrus*``",,,290
`Macaron <https://gopkg.in/macaron.v1>`_,``gopkg.in/macaron*``,12,1,1
`Revel <http://revel.github.io/>`_,"``github.com/revel/revel*``, ``github.com/robfig/revel*``",46,20,4
`SendGrid <https://github.com/sendgrid/sendgrid-go>`_,``github.com/sendgrid/sendgrid-go*``,,1,
`Standard library <https://pkg.go.dev/std>`_,"````, ``archive/*``, ``bufio``, ``bytes``, ``cmp``, ``compress/*``, ``container/*``, ``context``, ``crypto``, ``crypto/*``, ``database/*``, ``debug/*``, ``embed``, ``encoding``, ``encoding/*``, ``errors``, ``expvar``, ``flag``, ``fmt``, ``go/*``, ``hash``, ``hash/*``, ``html``, ``html/*``, ``image``, ``image/*``, ``index/*``, ``io``, ``io/*``, ``log``, ``log/*``, ``maps``, ``math``, ``math/*``, ``mime``, ``mime/*``, ``net``, ``net/*``, ``os``, ``os/*``, ``path``, ``path/*``, ``plugin``, ``reflect``, ``reflect/*``, ``regexp``, ``regexp/*``, ``slices``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/*``, ``syscall``, ``syscall/*``, ``testing``, ``testing/*``, ``text/*``, ``time``, ``time/*``, ``unicode``, ``unicode/*``, ``unsafe``",32,587,51
`Standard library <https://pkg.go.dev/std>`_,"````, ``archive/*``, ``bufio``, ``bytes``, ``cmp``, ``compress/*``, ``container/*``, ``context``, ``crypto``, ``crypto/*``, ``database/*``, ``debug/*``, ``embed``, ``encoding``, ``encoding/*``, ``errors``, ``expvar``, ``flag``, ``fmt``, ``go/*``, ``hash``, ``hash/*``, ``html``, ``html/*``, ``image``, ``image/*``, ``index/*``, ``io``, ``io/*``, ``log``, ``log/*``, ``maps``, ``math``, ``math/*``, ``mime``, ``mime/*``, ``net``, ``net/*``, ``os``, ``os/*``, ``path``, ``path/*``, ``plugin``, ``reflect``, ``reflect/*``, ``regexp``, ``regexp/*``, ``slices``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/*``, ``syscall``, ``syscall/*``, ``testing``, ``testing/*``, ``text/*``, ``time``, ``time/*``, ``unicode``, ``unicode/*``, ``unsafe``",52,607,104
`XPath <https://github.com/antchfx/xpath>`_,``github.com/antchfx/xpath*``,,,4
`appleboy/gin-jwt <https://github.com/appleboy/gin-jwt>`_,``github.com/appleboy/gin-jwt*``,,,1
`beego <https://beego.me/>`_,"``github.com/astaxie/beego*``, ``github.com/beego/beego*``",63,63,21
`beego <https://beego.me/>`_,"``github.com/astaxie/beego*``, ``github.com/beego/beego*``",102,63,213
`chi <https://go-chi.io/>`_,``github.com/go-chi/chi*``,3,,
`cristalhq/jwt <https://github.com/cristalhq/jwt>`_,``github.com/cristalhq/jwt*``,,,1
`fasthttp <https://github.com/valyala/fasthttp>`_,``github.com/valyala/fasthttp*``,50,5,35
@@ -39,7 +39,7 @@ Go framework & library support
`go-sh <https://github.com/codeskyblue/go-sh>`_,``github.com/codeskyblue/go-sh*``,,,4
`golang.org/x/crypto/ssh <https://pkg.go.dev/golang.org/x/crypto/ssh>`_,``golang.org/x/crypto/ssh*``,,,4
`golang.org/x/net <https://pkg.go.dev/golang.org/x/net>`_,``golang.org/x/net*``,2,21,
`goproxy <https://github.com/elazarl/goproxy>`_,``github.com/elazarl/goproxy*``,2,2,
`goproxy <https://github.com/elazarl/goproxy>`_,``github.com/elazarl/goproxy*``,2,2,2
`gorilla/mux <https://github.com/gorilla/mux>`_,``github.com/gorilla/mux*``,1,,
`gorilla/websocket <https://github.com/gorilla/websocket>`_,``github.com/gorilla/websocket*``,3,,
`goxpath <https://github.com/ChrisTrenkamp/goxpath/wiki>`_,``github.com/ChrisTrenkamp/goxpath*``,,,3
@@ -59,7 +59,7 @@ Go framework & library support
`xmlquery <https://github.com/antchfx/xmlquery>`_,``github.com/antchfx/xmlquery*``,,,8
`xpathparser <https://github.com/santhosh-tekuri/xpathparser>`_,``github.com/santhosh-tekuri/xpathparser*``,,,2
`yaml <https://gopkg.in/yaml.v3>`_,``gopkg.in/yaml*``,,9,
`zap <https://go.uber.org/zap>`_,``go.uber.org/zap*``,,11,
Others,"``github.com/caarlos0/env``, ``github.com/gobuffalo/envy``, ``github.com/hashicorp/go-envparse``, ``github.com/joho/godotenv``, ``github.com/kelseyhightower/envconfig``",23,2,
Totals,,306,911,268
`zap <https://go.uber.org/zap>`_,``go.uber.org/zap*``,,11,33
Others,"``github.com/Masterminds/squirrel``, ``github.com/caarlos0/env``, ``github.com/go-gorm/gorm``, ``github.com/go-xorm/xorm``, ``github.com/gobuffalo/envy``, ``github.com/gogf/gf/database/gdb``, ``github.com/hashicorp/go-envparse``, ``github.com/jinzhu/gorm``, ``github.com/jmoiron/sqlx``, ``github.com/joho/godotenv``, ``github.com/kelseyhightower/envconfig``, ``github.com/lann/squirrel``, ``github.com/raindog308/gorqlite``, ``github.com/rqlite/gorqlite``, ``github.com/uptrace/bun``, ``go.mongodb.org/mongo-driver/mongo``, ``gopkg.in/Masterminds/squirrel``, ``gorm.io/gorm``, ``weak``, ``xorm.io/xorm``",117,18,391
Totals,,459,947,1532

2
go/extractor/autobuilder/build-environment.go
View File

@@ -12,7 +12,7 @@ import (
)
var minGoVersion = util.NewSemVer("1.11")
var maxGoVersion = util.NewSemVer("1.23")
var maxGoVersion = util.NewSemVer("1.24")
type versionInfo struct {
goModVersion util.SemVer // The version of Go found in the go directive in the `go.mod` file.

16
go/extractor/extractor.go
View File

@@ -475,11 +475,17 @@ func extractObjects(tw *trap.Writer, scope *types.Scope, scopeLabel trap.Label)
populateTypeParamParents(funcObj.Type().(*types.Signature).TypeParams(), obj)
populateTypeParamParents(funcObj.Type().(*types.Signature).RecvTypeParams(), obj)
}
// Populate type parameter parents for named types. Note that we
// skip type aliases as the original type should be the parent
// of any type parameters.
if typeNameObj, ok := obj.(*types.TypeName); ok && !typeNameObj.IsAlias() {
if tp, ok := typeNameObj.Type().(*types.Named); ok {
// Populate type parameter parents for named types.
if typeNameObj, ok := obj.(*types.TypeName); ok {
// `types.TypeName` represents a type with a name: a defined
// type, an alias type, a type parameter, or a predeclared
// type such as `int` or `error`. We can distinguish these
// using `typeNameObj.Type()`, except that we need to be
// careful with alias types because before Go 1.24 they would
// return the underlying type.
if tp, ok := typeNameObj.Type().(*types.Named); ok && !typeNameObj.IsAlias() {
populateTypeParamParents(tp.TypeParams(), obj)
} else if tp, ok := typeNameObj.Type().(*types.Alias); ok {
populateTypeParamParents(tp.TypeParams(), obj)
}
}

10
go/extractor/go.mod
View File

@@ -1,16 +1,16 @@
module github.com/github/codeql-go/extractor
go 1.23
go 1.24
toolchain go1.23.1
toolchain go1.24.0
// when updating this, run
// bazel run @rules_go//go -- mod tidy
// when adding or removing dependencies, run
// bazel mod tidy
require (
golang.org/x/mod v0.22.0
golang.org/x/tools v0.27.0
golang.org/x/mod v0.23.0
golang.org/x/tools v0.30.0
)
require golang.org/x/sync v0.9.0 // indirect
require golang.org/x/sync v0.11.0 // indirect

14
go/extractor/go.sum
View File

@@ -1,6 +1,8 @@
golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ=
golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o=
golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM=
golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY=
golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY=

2
go/extractor/project/project.go
View File

@@ -193,7 +193,7 @@ func findGoModFiles(root string) []string {
}
// A regular expression for the Go toolchain version syntax.
var toolchainVersionRe *regexp.Regexp = regexp.MustCompile(`(?m)^([0-9]+\.[0-9]+\.[0-9]+)$`)
var toolchainVersionRe *regexp.Regexp = regexp.MustCompile(`(?m)^([0-9]+\.[0-9]+(\.[0-9]+|rc[0-9]+))$`)
// Returns true if the `go.mod` file specifies a Go language version, that version is `1.21` or greater, and
// there is no `toolchain` directive, and the Go language version is not a valid toolchain version.

20
go/ql/consistency-queries/CHANGELOG.md
View File

@@ -1,3 +1,23 @@
## 1.0.16
No user-facing changes.
## 1.0.15
No user-facing changes.
## 1.0.14
No user-facing changes.
## 1.0.13
No user-facing changes.
## 1.0.12
No user-facing changes.
## 1.0.11
No user-facing changes.

3
go/ql/consistency-queries/change-notes/released/1.0.12.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.0.12
No user-facing changes.

3
go/ql/consistency-queries/change-notes/released/1.0.13.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.0.13
No user-facing changes.

3
go/ql/consistency-queries/change-notes/released/1.0.14.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.0.14
No user-facing changes.

3
go/ql/consistency-queries/change-notes/released/1.0.15.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.0.15
No user-facing changes.

3
go/ql/consistency-queries/change-notes/released/1.0.16.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.0.16
No user-facing changes.

2
go/ql/consistency-queries/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.11
lastReleaseVersion: 1.0.16

2
go/ql/consistency-queries/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql-go-consistency-queries
version: 1.0.12-dev
version: 1.0.17-dev
groups:
- go
- queries

53
go/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,56 @@
## 4.0.0
### Breaking Changes
* Deleted the deprecated `describeBitSize` predicate from `IncorrectIntegerConversionLib.qll`
### Minor Analysis Improvements
* Models-as-data models using "Parameter", "Parameter[n]" or "Parameter[n1..n2]" as the output now work correctly.
* By implementing `ImplicitFieldReadNode` it is now possible to declare a dataflow node that reads any content (fields, array members, map keys and values). For example, this is appropriate for modelling a serialization method that flattens a potentially deep data structure into a string or byte array.
* The `Template.Execute[Template]` methods of the `text/template` package now correctly convey taint from any nested fields to their result. This may produce more results from any taint-tracking query when the `text/template` package is in use.
* Added the [rs cors](https://github.com/rs/cors) library to the CorsMisconfiguration.ql query
## 3.0.2
### Minor Analysis Improvements
* `database` local source models have been added for the Beego ORM package.
* `database` local source models have been added for the `github.com/jmoiron/sqlx` package.
* Added `database` source models for database methods from the `gorm.io/gorm` package.
* `database` local source models have been added for the `database/sql` and `database/sql/driver` packages.
## 3.0.1
### Minor Analysis Improvements
* Added a `commandargs` local source model for the `os.Args` variable.
## 3.0.0
### Breaking Changes
* Deleted the old deprecated data flow API that was based on extending a configuration class. See https://github.blog/changelog/2023-08-14-new-dataflow-api-for-writing-custom-codeql-queries for instructions on migrating your queries to use the new API.
### Minor Analysis Improvements
* A call to a method whose name starts with "Debug", "Error", "Fatal", "Info", "Log", "Output", "Panic", "Print", "Trace", "Warn" or "With" defined on an interface whose name ends in "logger" or "Logger" is now considered a LoggerCall. In particular, it is a sink for `go/clear-text-logging` and `go/log-injection`. This may lead to some more alerts in those queries.
### Bug Fixes
* Fixed a bug which meant that promoted fields and methods were missing when the embedded parent was not promoted due to a name clash.
## 2.1.3
### Minor Analysis Improvements
* The `subtypes` column has been set to true in all models-as-data models except some tests. This means that existing models will apply in some cases where they didn't before, which may lead to more alerts.
### Bug Fixes
* The behaviour of the `subtypes` column in models-as-data now matches other languages more closely.
* Fixed a bug which meant that some qualified names for promoted methods were not being recognised in some very specific circumstances.
## 2.1.2
### Minor Analysis Improvements

4
go/ql/lib/change-notes/2024-11-07-fix-missing-qualified-names-for-methods.md
View File

@@ -1,4 +0,0 @@
---
category: fix
---
* Fixed a bug which meant that some qualified names for promoted methods were not being recognised in some very specific circumstances.

4
go/ql/lib/change-notes/2024-11-11-models-as-data-subtypes-column.md
View File

@@ -1,4 +0,0 @@
---
category: fix
---
* The behaviour of the `subtypes` column in models-as-data now matches other languages more closely.

5
go/ql/lib/change-notes/2025-01-09-model-stdlib-1.24.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
---
* Taint models have been added for the `weak` package, which was added in Go 1.24.
* Taint models have been added for the interfaces `TextAppender` and `BinaryAppender` in the `encoding` package, which were added in Go 1.24.

10
go/ql/lib/change-notes/released/2.1.3.md Normal file
View File

@@ -0,0 +1,10 @@
## 2.1.3
### Minor Analysis Improvements
* The `subtypes` column has been set to true in all models-as-data models except some tests. This means that existing models will apply in some cases where they didn't before, which may lead to more alerts.
### Bug Fixes
* The behaviour of the `subtypes` column in models-as-data now matches other languages more closely.
* Fixed a bug which meant that some qualified names for promoted methods were not being recognised in some very specific circumstances.

13
go/ql/lib/change-notes/released/3.0.0.md Normal file
View File

@@ -0,0 +1,13 @@
## 3.0.0
### Breaking Changes
* Deleted the old deprecated data flow API that was based on extending a configuration class. See https://github.blog/changelog/2023-08-14-new-dataflow-api-for-writing-custom-codeql-queries for instructions on migrating your queries to use the new API.
### Minor Analysis Improvements
* A call to a method whose name starts with "Debug", "Error", "Fatal", "Info", "Log", "Output", "Panic", "Print", "Trace", "Warn" or "With" defined on an interface whose name ends in "logger" or "Logger" is now considered a LoggerCall. In particular, it is a sink for `go/clear-text-logging` and `go/log-injection`. This may lead to some more alerts in those queries.
### Bug Fixes
* Fixed a bug which meant that promoted fields and methods were missing when the embedded parent was not promoted due to a name clash.

5
go/ql/lib/change-notes/released/3.0.1.md Normal file
View File

@@ -0,0 +1,5 @@
## 3.0.1
### Minor Analysis Improvements
* Added a `commandargs` local source model for the `os.Args` variable.

8
go/ql/lib/change-notes/released/3.0.2.md Normal file
View File

@@ -0,0 +1,8 @@
## 3.0.2
### Minor Analysis Improvements
* `database` local source models have been added for the Beego ORM package.
* `database` local source models have been added for the `github.com/jmoiron/sqlx` package.
* Added `database` source models for database methods from the `gorm.io/gorm` package.
* `database` local source models have been added for the `database/sql` and `database/sql/driver` packages.

12
go/ql/lib/change-notes/released/4.0.0.md Normal file
View File

@@ -0,0 +1,12 @@
## 4.0.0
### Breaking Changes
* Deleted the deprecated `describeBitSize` predicate from `IncorrectIntegerConversionLib.qll`
### Minor Analysis Improvements
* Models-as-data models using "Parameter", "Parameter[n]" or "Parameter[n1..n2]" as the output now work correctly.
* By implementing `ImplicitFieldReadNode` it is now possible to declare a dataflow node that reads any content (fields, array members, map keys and values). For example, this is appropriate for modelling a serialization method that flattens a potentially deep data structure into a string or byte array.
* The `Template.Execute[Template]` methods of the `text/template` package now correctly convey taint from any nested fields to their result. This may produce more results from any taint-tracking query when the `text/template` package is in use.
* Added the [rs cors](https://github.com/rs/cors) library to the CorsMisconfiguration.ql query

2
go/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 2.1.2
lastReleaseVersion: 4.0.0

19
go/ql/lib/ext/database.sql.driver.model.yml
View File

@@ -1,9 +1,28 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: sourceModel
data:
- ["database/sql/driver", "Queryer", True, "Query", "", "", "ReturnValue[0]", "database", "manual"]
- ["database/sql/driver", "QueryerContext", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["database/sql/driver", "Stmt", True, "Query", "", "", "ReturnValue[0]", "database", "manual"]
- ["database/sql/driver", "StmtQueryContext", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["database/sql/driver", "Execer", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql/driver", "ExecerContext", True, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql/driver", "Conn", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql/driver", "ConnPrepareContext", True, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql/driver", "Queryer", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql/driver", "QueryerContext", True, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["database/sql/driver", "Conn", True, "Prepare", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["database/sql/driver", "ConnPrepareContext", True, "PrepareContext", "", "", "Argument[1]", "ReturnValue[0]", "taint", "manual"]
- ["database/sql/driver", "Rows", True, "Next", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
- ["database/sql/driver", "ValueConverter", True, "ConvertValue", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["database/sql/driver", "Valuer", True, "Value", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]

46
go/ql/lib/ext/database.sql.model.yml
View File

@@ -1,4 +1,50 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: sourceModel
data:
- ["database/sql", "Conn", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["database/sql", "Conn", True, "QueryRowContext", "", "", "ReturnValue", "database", "manual"]
- ["database/sql", "DB", True, "Query", "", "", "ReturnValue[0]", "database", "manual"]
- ["database/sql", "DB", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["database/sql", "DB", True, "QueryRow", "", "", "ReturnValue", "database", "manual"]
- ["database/sql", "DB", True, "QueryRowContext", "", "", "ReturnValue", "database", "manual"]
- ["database/sql", "Stmt", True, "Query", "", "", "ReturnValue[0]", "database", "manual"]
- ["database/sql", "Stmt", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["database/sql", "Stmt", True, "QueryRow", "", "", "ReturnValue", "database", "manual"]
- ["database/sql", "Stmt", True, "QueryRowContext", "", "", "ReturnValue", "database", "manual"]
- ["database/sql", "Tx", True, "Query", "", "", "ReturnValue[0]", "database", "manual"]
- ["database/sql", "Tx", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["database/sql", "Tx", True, "QueryRow", "", "", "ReturnValue", "database", "manual"]
- ["database/sql", "Tx", True, "QueryRowContext", "", "", "ReturnValue", "database", "manual"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["database/sql", "Conn", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "Conn", True, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql", "Conn", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "Conn", True, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql", "Conn", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "Conn", True, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql", "Conn", True, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "Conn", True, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql", "DB", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "DB", True, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql", "DB", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "DB", True, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql", "DB", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "DB", True, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql", "DB", True, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "DB", True, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql", "Tx", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "Tx", True, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql", "Tx", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "Tx", True, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql", "Tx", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "Tx", True, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["database/sql", "Tx", True, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
- ["database/sql", "Tx", True, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel

4
go/ql/lib/ext/encoding.model.yml
View File

@@ -3,7 +3,11 @@ extensions:
pack: codeql/go-all
extensible: summaryModel
data:
- ["encoding", "BinaryAppender", True, "AppendBinary", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
- ["encoding", "BinaryAppender", True, "AppendBinary", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["encoding", "BinaryMarshaler", True, "MarshalBinary", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
- ["encoding", "BinaryUnmarshaler", True, "UnmarshalBinary", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"]
- ["encoding", "TextAppender", True, "AppendText", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
- ["encoding", "TextAppender", True, "AppendText", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["encoding", "TextMarshaler", True, "MarshalText", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
- ["encoding", "TextUnmarshaler", True, "UnmarshalText", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"]

29
go/ql/lib/ext/fmt.model.yml
View File

@@ -1,4 +1,11 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["fmt", "", False, "Print", "", "", "Argument[0]", "log-injection", "manual"]
- ["fmt", "", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["fmt", "", False, "Println", "", "", "Argument[0]", "log-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel
@@ -8,14 +15,14 @@ extensions:
- ["fmt", "ScanState", True, "Token", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
- ["fmt", "State", True, "Write", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"]
- ["fmt", "Stringer", True, "String", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["fmt", "", True, "Append", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["fmt", "", True, "Append", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
- ["fmt", "", True, "Appendf", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["fmt", "", True, "Appendf", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
- ["fmt", "", True, "Appendf", "", "", "Argument[2].ArrayElement", "ReturnValue", "taint", "manual"]
- ["fmt", "", True, "Appendln", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["fmt", "", True, "Appendln", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
- ["fmt", "", True, "Sprint", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
- ["fmt", "", True, "Sprintf", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["fmt", "", True, "Sprintf", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
- ["fmt", "", True, "Sprintln", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
- ["fmt", "", False, "Append", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["fmt", "", False, "Append", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
- ["fmt", "", False, "Appendf", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["fmt", "", False, "Appendf", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
- ["fmt", "", False, "Appendf", "", "", "Argument[2].ArrayElement", "ReturnValue", "taint", "manual"]
- ["fmt", "", False, "Appendln", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["fmt", "", False, "Appendln", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
- ["fmt", "", False, "Sprint", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
- ["fmt", "", False, "Sprintf", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["fmt", "", False, "Sprintf", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
- ["fmt", "", False, "Sprintln", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]

8
go/ql/lib/ext/github.com.antchfx.htmlquery.model.yml
View File

@@ -3,7 +3,7 @@ extensions:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/antchfx/htmlquery", "", True, "Find", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/htmlquery", "", True, "FindOne", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/htmlquery", "", True, "Query", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/htmlquery", "", True, "QueryAll", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/htmlquery", "", False, "Find", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/htmlquery", "", False, "FindOne", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/htmlquery", "", False, "Query", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/htmlquery", "", False, "QueryAll", "", "", "Argument[1]", "xpath-injection", "manual"]

8
go/ql/lib/ext/github.com.antchfx.jsonquery.model.yml
View File

@@ -3,7 +3,7 @@ extensions:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/antchfx/jsonquery", "", True, "Find", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/jsonquery", "", True, "FindOne", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/jsonquery", "", True, "Query", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/jsonquery", "", True, "QueryAll", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/jsonquery", "", False, "Find", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/jsonquery", "", False, "FindOne", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/jsonquery", "", False, "Query", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/jsonquery", "", False, "QueryAll", "", "", "Argument[1]", "xpath-injection", "manual"]

12
go/ql/lib/ext/github.com.antchfx.xmlquery.model.yml
View File

@@ -3,11 +3,11 @@ extensions:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/antchfx/xmlquery", "", True, "Find", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/xmlquery", "", True, "FindOne", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/xmlquery", "", True, "FindEach", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/xmlquery", "", True, "FindEachWithBreak", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/xmlquery", "", True, "Query", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/xmlquery", "", True, "QueryAll", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/xmlquery", "", False, "Find", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/xmlquery", "", False, "FindOne", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/xmlquery", "", False, "FindEach", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/xmlquery", "", False, "FindEachWithBreak", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/xmlquery", "", False, "Query", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/xmlquery", "", False, "QueryAll", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/xmlquery", "Node", True, "SelectElement", "", "", "Argument[0]", "xpath-injection", "manual"]
- ["github.com/antchfx/xmlquery", "Node", True, "SelectElements", "", "", "Argument[0]", "xpath-injection", "manual"]

8
go/ql/lib/ext/github.com.antchfx.xpath.model.yml
View File

@@ -3,7 +3,7 @@ extensions:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/antchfx/xpath", "", True, "Compile", "", "", "Argument[0]", "xpath-injection", "manual"]
- ["github.com/antchfx/xpath", "", True, "CompileWithNS", "", "", "Argument[0]", "xpath-injection", "manual"]
- ["github.com/antchfx/xpath", "", True, "MustCompile", "", "", "Argument[0]", "xpath-injection", "manual"]
- ["github.com/antchfx/xpath", "", True, "Select", "", "", "Argument[1]", "xpath-injection", "manual"]
- ["github.com/antchfx/xpath", "", False, "Compile", "", "", "Argument[0]", "xpath-injection", "manual"]
- ["github.com/antchfx/xpath", "", False, "CompileWithNS", "", "", "Argument[0]", "xpath-injection", "manual"]
- ["github.com/antchfx/xpath", "", False, "MustCompile", "", "", "Argument[0]", "xpath-injection", "manual"]
- ["github.com/antchfx/xpath", "", False, "Select", "", "", "Argument[1]", "xpath-injection", "manual"]

60
go/ql/lib/ext/github.com.beego.beego.client.orm.model.yml Normal file
View File

@@ -0,0 +1,60 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: packageGrouping
data:
- ["beego-orm", "github.com/beego/beego/client/orm"]
- ["beego-orm", "github.com/astaxie/beego/orm"]
- ["beego-orm", "github.com/beego/beego/orm"]
- addsTo:
pack: codeql/go-all
extensible: sourceModel
data:
- ["group:beego-orm", "DB", True, "Query", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:beego-orm", "DB", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:beego-orm", "DB", True, "QueryRow", "", "", "ReturnValue", "database", "manual"]
- ["group:beego-orm", "DB", True, "QueryRowContext", "", "", "ReturnValue", "database", "manual"]
- ["group:beego-orm", "DQL", True, "Read", "", "", "Argument[0]", "database", "manual"]
- ["group:beego-orm", "DQL", True, "ReadWithCtx", "", "", "Argument[1]", "database", "manual"]
- ["group:beego-orm", "DQL", True, "ReadForUpdate", "", "", "Argument[0]", "database", "manual"]
- ["group:beego-orm", "DQL", True, "ReadForUpdateWithCtx", "", "", "Argument[1]", "database", "manual"]
- ["group:beego-orm", "DQL", True, "ReadOrCreate", "", "", "Argument[0]", "database", "manual"]
- ["group:beego-orm", "DQL", True, "ReadOrCreateWithCtx", "", "", "Argument[1]", "database", "manual"]
- ["group:beego-orm", "Ormer", True, "Read", "", "", "Argument[0]", "database", "manual"]
- ["group:beego-orm", "Ormer", True, "ReadForUpdate", "", "", "Argument[0]", "database", "manual"]
- ["group:beego-orm", "Ormer", True, "ReadOrCreate", "", "", "Argument[0]", "database", "manual"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["group:beego-orm", "Condition", True, "Raw", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:beego-orm", "DB", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "DB", True, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:beego-orm", "DB", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "DB", True, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:beego-orm", "DB", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "DB", True, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:beego-orm", "DB", True, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "DB", True, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:beego-orm", "Ormer", True, "Raw", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "And", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "Delete", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "From", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "GroupBy", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "Having", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "In", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "InnerJoin", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "InsertInto", "", "", "Argument[0..1]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "LeftJoin", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "On", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "Or", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "OrderBy", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "RightJoin", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "Select", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "Set", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "Subquery", "", "", "Argument[0..1]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "Update", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "Values", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QueryBuilder", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:beego-orm", "QuerySeter", True, "FilterRaw", "", "", "Argument[1]", "sql-injection", "manual"]

34
go/ql/lib/ext/github.com.beego.beego.core.logs.model.yml Normal file
View File

@@ -0,0 +1,34 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: packageGrouping
data:
- ["beego-logs", "github.com/astaxie/beego/logs"]
- ["beego-logs", "github.com/beego/beego/logs"]
- ["beego-logs", "github.com/beego/beego/core/logs"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["group:beego-logs", "", False, "Alert", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", False, "Critical", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", False, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", False, "Emergency", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", False, "Error", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", False, "Info", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", False, "Informational", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", False, "Notice", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", False, "Trace", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", False, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "", False, "Warning", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", True, "Alert", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", True, "Critical", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", True, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", True, "Emergency", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", True, "Error", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", True, "Info", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", True, "Informational", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", True, "Notice", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", True, "Trace", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", True, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego-logs", "BeeLogger", True, "Warning", "", "", "Argument[0..1]", "log-injection", "manual"]

5
go/ql/lib/ext/github.com.beego.beego.core.utils.model.yml
View File

@@ -6,6 +6,11 @@ extensions:
- ["beego-utils", "github.com/astaxie/beego/utils"]
- ["beego-utils", "github.com/beego/beego/utils"]
- ["beego-utils", "github.com/beego/beego/core/utils"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["group:beego-utils", "", False, "Display", "", "", "Argument[0]", "log-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel

2
go/ql/lib/ext/github.com.beego.beego.server.web.context.model.yml
View File

@@ -11,7 +11,7 @@ extensions:
extensible: sinkModel
data:
# path-injection
- ["group:beego-context", "BeegoOutput", False, "Download", "", "", "Argument[0]", "path-injection", "manual"]
- ["group:beego-context", "BeegoOutput", True, "Download", "", "", "Argument[0]", "path-injection", "manual"]
# url-redirection
- ["group:beego-context", "Context", True, "Redirect", "", "", "Argument[1]", "url-redirection", "manual"]
- addsTo:

18
go/ql/lib/ext/github.com.beego.beego.server.web.model.yml
View File

@@ -10,11 +10,23 @@ extensions:
pack: codeql/go-all
extensible: sinkModel
data:
# log-injection
- ["group:beego", "", False, "Alert", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", False, "Critical", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", False, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", False, "Emergency", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", False, "Error", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", False, "Info", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", False, "Informational", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", False, "Notice", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", False, "Trace", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", False, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:beego", "", False, "Warning", "", "", "Argument[0..1]", "log-injection", "manual"]
# path-injection
- ["group:beego", "", False, "Walk", "", "", "Argument[1]", "path-injection", "manual"]
- ["group:beego", "Controller", False, "SaveToFile", "", "", "Argument[1]", "path-injection", "manual"]
- ["group:beego", "Controller", False, "SaveToFileWithBuffer", "", "", "Argument[1]", "path-injection", "manual"] # only exists in v2
- ["group:beego", "FileSystem", False, "Open", "", "", "Argument[0]", "path-injection", "manual"]
- ["group:beego", "Controller", True, "SaveToFile", "", "", "Argument[1]", "path-injection", "manual"]
- ["group:beego", "Controller", True, "SaveToFileWithBuffer", "", "", "Argument[1]", "path-injection", "manual"] # only exists in v2
- ["group:beego", "FileSystem", True, "Open", "", "", "Argument[0]", "path-injection", "manual"]
# url-redirection
- ["group:beego", "Controller", True, "Redirect", "", "", "Argument[0]", "url-redirection", "manual"]
- addsTo:

6
go/ql/lib/ext/github.com.christrenkamp.goxpath.model.yml
View File

@@ -3,6 +3,6 @@ extensions:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/ChrisTrenkamp/goxpath", "", True, "MustParse", "", "", "Argument[0]", "xpath-injection", "manual"]
- ["github.com/ChrisTrenkamp/goxpath", "", True, "Parse", "", "", "Argument[0]", "xpath-injection", "manual"]
- ["github.com/ChrisTrenkamp/goxpath", "", True, "ParseExec", "", "", "Argument[0]", "xpath-injection", "manual"]
- ["github.com/ChrisTrenkamp/goxpath", "", False, "MustParse", "", "", "Argument[0]", "xpath-injection", "manual"]
- ["github.com/ChrisTrenkamp/goxpath", "", False, "Parse", "", "", "Argument[0]", "xpath-injection", "manual"]
- ["github.com/ChrisTrenkamp/goxpath", "", False, "ParseExec", "", "", "Argument[0]", "xpath-injection", "manual"]

6
go/ql/lib/ext/github.com.codeskyblue.go-sh.model.yml
View File

@@ -4,6 +4,6 @@ extensions:
extensible: sinkModel
data:
- ["github.com/codeskyblue/go-sh", "", False, "Command", "", "", "Argument[0]", "command-injection", "manual"]
- ["github.com/codeskyblue/go-sh", "Session", False, "Call", "", "", "Argument[0]", "command-injection", "manual"]
- ["github.com/codeskyblue/go-sh", "Session", False, "Command", "", "", "Argument[0]", "command-injection", "manual"]
- ["github.com/codeskyblue/go-sh", "Session", False, "Exec", "", "", "Argument[0]", "command-injection", "manual"]
- ["github.com/codeskyblue/go-sh", "Session", True, "Call", "", "", "Argument[0]", "command-injection", "manual"]
- ["github.com/codeskyblue/go-sh", "Session", True, "Command", "", "", "Argument[0]", "command-injection", "manual"]
- ["github.com/codeskyblue/go-sh", "Session", True, "Exec", "", "", "Argument[0]", "command-injection", "manual"]

57
go/ql/lib/ext/github.com.couchbase.gocb.model.yml
View File

@@ -3,28 +3,43 @@ extensions:
pack: codeql/go-all
extensible: packageGrouping
data:
- ["gocb", "github.com/couchbase/gocb"]
- ["gocb", "gopkg.in/couchbase/gocb"]
- ["gocb", "github.com/couchbaselabs/gocb"]
- ["gocb1", "fixed-version:github.com/couchbase/gocb"]
- ["gocb1", "fixed-version:gopkg.in/couchbase/gocb.v1"]
- ["gocb1", "fixed-version:github.com/couchbaselabs/gocb"]
- ["gocb2", "github.com/couchbase/gocb/v2"]
- ["gocb2", "gopkg.in/couchbase/gocb.v2"]
- ["gocb2", "github.com/couchbaselabs/gocb/v2"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["group:gocb1", "Bucket", True, "ExecuteN1qlQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
- ["group:gocb1", "Bucket", True, "ExecuteAnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
- ["group:gocb1", "Cluster", True, "ExecuteN1qlQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
- ["group:gocb1", "Cluster", True, "ExecuteAnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
- ["group:gocb2", "Cluster", True, "AnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
- ["group:gocb2", "Cluster", True, "Query", "", "", "Argument[0]", "nosql-injection", "manual"]
- ["group:gocb2", "Scope", True, "AnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
- ["group:gocb2", "Scope", True, "Query", "", "", "Argument[0]", "nosql-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["group:gocb", "", False, "NewAnalyticsQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "", False, "NewN1qlQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "AnalyticsQuery", True, "ContextId", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "AnalyticsQuery", True, "Deferred", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "AnalyticsQuery", True, "Pretty", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "AnalyticsQuery", True, "Priority", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "AnalyticsQuery", True, "RawParam", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "AnalyticsQuery", True, "ServerSideTimeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "N1qlQuery", True, "AdHoc", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "N1qlQuery", True, "Consistency", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "N1qlQuery", True, "ConsistentWith", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "N1qlQuery", True, "Custom", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "N1qlQuery", True, "PipelineBatch", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "N1qlQuery", True, "PipelineCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "N1qlQuery", True, "Profile", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "N1qlQuery", True, "ReadOnly", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "N1qlQuery", True, "ScanCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb", "N1qlQuery", True, "Timeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb1", "", False, "NewAnalyticsQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:gocb1", "", False, "NewN1qlQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["group:gocb1", "AnalyticsQuery", True, "ContextId", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb1", "AnalyticsQuery", True, "Deferred", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb1", "AnalyticsQuery", True, "Pretty", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb1", "AnalyticsQuery", True, "Priority", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb1", "AnalyticsQuery", True, "RawParam", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb1", "AnalyticsQuery", True, "ServerSideTimeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb1", "N1qlQuery", True, "AdHoc", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb1", "N1qlQuery", True, "Consistency", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb1", "N1qlQuery", True, "ConsistentWith", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb1", "N1qlQuery", True, "Custom", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb1", "N1qlQuery", True, "PipelineBatch", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb1", "N1qlQuery", True, "PipelineCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb1", "N1qlQuery", True, "Profile", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb1", "N1qlQuery", True, "ReadOnly", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb1", "N1qlQuery", True, "ScanCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
- ["group:gocb1", "N1qlQuery", True, "Timeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]

2
go/ql/lib/ext/github.com.cristalhq.jwt.model.yml
View File

@@ -3,4 +3,4 @@ extensions:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/cristalhq/jwt", "", True, "NewSignerHS", "", "", "Argument[1]", "credentials-key", "manual"]
- ["github.com/cristalhq/jwt", "", False, "NewSignerHS", "", "", "Argument[1]", "credentials-key", "manual"]

14
go/ql/lib/ext/github.com.davecgh.go-spew.spew.model.yml Normal file
View File

@@ -0,0 +1,14 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/davecgh/go-spew/spew", "", False, "Dump", "", "", "Argument[0]", "log-injection", "manual"]
- ["github.com/davecgh/go-spew/spew", "", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["github.com/davecgh/go-spew/spew", "", False, "Fdump", "", "", "Argument[1]", "log-injection", "manual"]
- ["github.com/davecgh/go-spew/spew", "", False, "Fprint", "", "", "Argument[1]", "log-injection", "manual"]
- ["github.com/davecgh/go-spew/spew", "", False, "Fprintf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["github.com/davecgh/go-spew/spew", "", False, "Fprintln", "", "", "Argument[1]", "log-injection", "manual"]
- ["github.com/davecgh/go-spew/spew", "", False, "Print", "", "", "Argument[0]", "log-injection", "manual"]
- ["github.com/davecgh/go-spew/spew", "", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["github.com/davecgh/go-spew/spew", "", False, "Println", "", "", "Argument[0]", "log-injection", "manual"]

14
go/ql/lib/ext/github.com.dgrijalva.jwt-go.model.yml
View File

@@ -10,12 +10,12 @@ extensions:
pack: codeql/go-all
extensible: summaryModel
data:
- ["github.com/dgrijalva/jwt-go", "", True, "Parse", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/dgrijalva/jwt-go", "", False, "Parse", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/dgrijalva/jwt-go", "Parser", True, "Parse", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/dgrijalva/jwt-go", "", True, "ParseWithClaims", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/dgrijalva/jwt-go", "", False, "ParseWithClaims", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/dgrijalva/jwt-go", "Parser", True, "ParseWithClaims", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/dgrijalva/jwt-go", "", True, "ParseECPrivateKeyFromPEM", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/dgrijalva/jwt-go", "", True, "ParseECPublicKeyFromPEM", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/dgrijalva/jwt-go", "", True, "ParseRSAPrivateKeyFromPEM", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/dgrijalva/jwt-go", "", True, "ParseRSAPrivateKeyFromPEMWithPassword", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/dgrijalva/jwt-go", "", True, "ParseRSAPublicKeyFromPEM", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/dgrijalva/jwt-go", "", False, "ParseECPrivateKeyFromPEM", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/dgrijalva/jwt-go", "", False, "ParseECPublicKeyFromPEM", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/dgrijalva/jwt-go", "", False, "ParseRSAPrivateKeyFromPEM", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/dgrijalva/jwt-go", "", False, "ParseRSAPrivateKeyFromPEMWithPassword", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/dgrijalva/jwt-go", "", False, "ParseRSAPublicKeyFromPEM", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]

6
go/ql/lib/ext/github.com.elazarl.goproxy.model.yml
View File

@@ -1,4 +1,10 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/elazarl/goproxy", "ProxyCtx", True, "Logf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["github.com/elazarl/goproxy", "ProxyCtx", True, "Warnf", "", "", "Argument[0..1]", "log-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel

6
go/ql/lib/ext/github.com.gin-gonic.gin.model.yml
View File

@@ -3,9 +3,9 @@ extensions:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/gin-gonic/gin", "Context", False, "File", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/gin-gonic/gin", "Context", False, "FileAttachment", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/gin-gonic/gin", "Context", False, "SaveUploadedFile", "", "", "Argument[1]", "path-injection", "manual"]
- ["github.com/gin-gonic/gin", "Context", True, "File", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/gin-gonic/gin", "Context", True, "FileAttachment", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/gin-gonic/gin", "Context", True, "SaveUploadedFile", "", "", "Argument[1]", "path-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel

4
go/ql/lib/ext/github.com.go-chi.chi.model.yml
View File

@@ -3,6 +3,6 @@ extensions:
pack: codeql/go-all
extensible: sourceModel
data:
- ["github.com/go-chi/chi", "", True, "URLParam", "", "", "ReturnValue", "remote", "manual"]
- ["github.com/go-chi/chi", "", True, "URLParamFromCtx", "", "", "ReturnValue", "remote", "manual"]
- ["github.com/go-chi/chi", "", False, "URLParam", "", "", "ReturnValue", "remote", "manual"]
- ["github.com/go-chi/chi", "", False, "URLParamFromCtx", "", "", "ReturnValue", "remote", "manual"]
- ["github.com/go-chi/chi", "Context", True, "URLParam", "", "", "ReturnValue", "remote", "manual"]

2
go/ql/lib/ext/github.com.go-chi.jwtauth.model.yml
View File

@@ -3,4 +3,4 @@ extensions:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/go-chi/jwtauth", "", True, "New", "", "", "Argument[1]", "credentials-key", "manual"]
- ["github.com/go-chi/jwtauth", "", False, "New", "", "", "Argument[1]", "credentials-key", "manual"]

4
go/ql/lib/ext/github.com.go-jose.go-jose.jwt.model.yml
View File

@@ -16,7 +16,7 @@ extensions:
pack: codeql/go-all
extensible: summaryModel
data:
- ["group:go-jose/jwt", "", True, "ParseEncrypted", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["group:go-jose/jwt", "", True, "ParseSigned", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["group:go-jose/jwt", "", False, "ParseEncrypted", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["group:go-jose/jwt", "", False, "ParseSigned", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["group:go-jose/jwt", "NestedJSONWebToken", True, "ParseSignedAndEncrypted", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["group:go-jose/jwt", "NestedJSONWebToken", True, "Decrypt", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]

2
go/ql/lib/ext/github.com.go-kit.kit.auth.jwt.model.yml
View File

@@ -3,4 +3,4 @@ extensions:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/go-kit/kit/auth/jwt", "", True, "NewSigner", "", "", "Argument[1]", "credentials-key", "manual"]
- ["github.com/go-kit/kit/auth/jwt", "", False, "NewSigner", "", "", "Argument[1]", "credentials-key", "manual"]

4
go/ql/lib/ext/github.com.go-xmlpath.xmlpath.model.yml
View File

@@ -14,5 +14,5 @@ extensions:
pack: codeql/go-all
extensible: sinkModel
data:
- ["group:xmlpath", "", True, "Compile", "", "", "Argument[0]", "xpath-injection", "manual"]
- ["group:xmlpath", "", True, "MustCompile", "", "", "Argument[0]", "xpath-injection", "manual"]
- ["group:xmlpath", "", False, "Compile", "", "", "Argument[0]", "xpath-injection", "manual"]
- ["group:xmlpath", "", False, "MustCompile", "", "", "Argument[0]", "xpath-injection", "manual"]

4
go/ql/lib/ext/github.com.gobwas.ws.model.yml
View File

@@ -3,5 +3,5 @@ extensions:
pack: codeql/go-all
extensible: sourceModel
data:
- ["github.com/gobwas/ws", "", True, "ReadFrame", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/gobwas/ws", "", True, "ReadHeader", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/gobwas/ws", "", False, "ReadFrame", "", "", "ReturnValue[0]", "remote", "manual"]
- ["github.com/gobwas/ws", "", False, "ReadHeader", "", "", "ReturnValue[0]", "remote", "manual"]

8
go/ql/lib/ext/github.com.gofiber.fiber.model.yml
View File

@@ -4,9 +4,9 @@ extensions:
extensible: sinkModel
data:
# path-injection
- ["github.com/gofiber/fiber", "Ctx", False, "SendFile", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/gofiber/fiber", "Ctx", False, "Download", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/gofiber/fiber", "Ctx", False, "SaveFile", "", "", "Argument[1]", "path-injection", "manual"]
- ["github.com/gofiber/fiber", "Ctx", False, "SaveFileToStorage", "", "", "Argument[1]", "path-injection", "manual"] # does not exist in v1
- ["github.com/gofiber/fiber", "Ctx", True, "SendFile", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/gofiber/fiber", "Ctx", True, "Download", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/gofiber/fiber", "Ctx", True, "SaveFile", "", "", "Argument[1]", "path-injection", "manual"]
- ["github.com/gofiber/fiber", "Ctx", True, "SaveFileToStorage", "", "", "Argument[1]", "path-injection", "manual"] # does not exist in v1
# url-redirection
- ["github.com/gofiber/fiber", "Ctx", True, "Redirect", "", "", "Argument[0]", "url-redirection[receiver]", "manual"]

57
go/ql/lib/ext/github.com.gogf.gf.database.gdb.model.yml Normal file
View File

@@ -0,0 +1,57 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
# These models are for v1. Some of them hold for v2, but we should model v2 properly.
- ["github.com/gogf/gf/database/gdb", "Core", True, "DoCommit", "", "", "Argument[2]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Core", True, "DoExec", "", "", "Argument[2]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Core", True, "DoGetAll", "", "", "Argument[2]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Core", True, "DoQuery", "", "", "Argument[2]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Core", True, "DoPrepare", "", "", "Argument[2]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Core", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Core", True, "GetAll", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Core", True, "GetArray", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Core", True, "GetCount", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Core", True, "GetOne", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Core", True, "GetScan", "", "", "Argument[1]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Core", True, "GetStruct", "", "", "Argument[1]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Core", True, "GetStructs", "", "", "Argument[1]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Core", True, "GetValue", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Core", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Core", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Core", True, "Raw", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "DB", True, "DoCommit", "", "", "Argument[2]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "DB", True, "DoExec", "", "", "Argument[2]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "DB", True, "DoGetAll", "", "", "Argument[2]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "DB", True, "DoQuery", "", "", "Argument[2]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "DB", True, "DoPrepare", "", "", "Argument[2]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "DB", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "DB", True, "GetAll", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "DB", True, "GetArray", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "DB", True, "GetCount", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "DB", True, "GetOne", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "DB", True, "GetScan", "", "", "Argument[1]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "DB", True, "GetStruct", "", "", "Argument[1]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "DB", True, "GetStructs", "", "", "Argument[1]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "DB", True, "GetValue", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "DB", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "DB", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "DB", True, "Raw", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Tx", True, "DoCommit", "", "", "Argument[2]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Tx", True, "DoExec", "", "", "Argument[2]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Tx", True, "DoGetAll", "", "", "Argument[2]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Tx", True, "DoQuery", "", "", "Argument[2]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Tx", True, "DoPrepare", "", "", "Argument[2]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Tx", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Tx", True, "GetAll", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Tx", True, "GetArray", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Tx", True, "GetCount", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Tx", True, "GetOne", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Tx", True, "GetScan", "", "", "Argument[1]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Tx", True, "GetStruct", "", "", "Argument[1]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Tx", True, "GetStructs", "", "", "Argument[1]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Tx", True, "GetValue", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Tx", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Tx", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/gogf/gf/database/gdb", "Tx", True, "Raw", "", "", "Argument[0]", "sql-injection", "manual"]

18
go/ql/lib/ext/github.com.golang-jwt.jwt.model.yml
View File

@@ -10,14 +10,14 @@ extensions:
pack: codeql/go-all
extensible: summaryModel
data:
- ["github.com/golang-jwt/jwt", "", True, "Parse", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/golang-jwt/jwt", "", False, "Parse", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/golang-jwt/jwt", "Parser", True, "Parse", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/golang-jwt/jwt", "", True, "ParseWithClaims", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/golang-jwt/jwt", "", False, "ParseWithClaims", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/golang-jwt/jwt", "Parser", True, "ParseWithClaims", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/golang-jwt/jwt", "", True, "ParseECPrivateKeyFromPEM", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/golang-jwt/jwt", "", True, "ParseECPublicKeyFromPEM", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/golang-jwt/jwt", "", True, "ParseEdPrivateKeyFromPEM", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/golang-jwt/jwt", "", True, "ParseEdPublicKeyFromPEM", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/golang-jwt/jwt", "", True, "ParseRSAPrivateKeyFromPEM", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/golang-jwt/jwt", "", True, "ParseRSAPublicKeyFromPEM", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/golang-jwt/jwt", "", True, "RegisterSigningMethod", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/golang-jwt/jwt", "", False, "ParseECPrivateKeyFromPEM", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/golang-jwt/jwt", "", False, "ParseECPublicKeyFromPEM", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/golang-jwt/jwt", "", False, "ParseEdPrivateKeyFromPEM", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/golang-jwt/jwt", "", False, "ParseEdPublicKeyFromPEM", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/golang-jwt/jwt", "", False, "ParseRSAPrivateKeyFromPEM", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/golang-jwt/jwt", "", False, "ParseRSAPublicKeyFromPEM", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/golang-jwt/jwt", "", False, "RegisterSigningMethod", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]

102
go/ql/lib/ext/github.com.golang.glog.model.yml Normal file
View File

@@ -0,0 +1,102 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: packageGrouping
data:
- ["glog", "github.com/golang/glog"]
- ["glog", "gopkg.in/glog"]
- ["glog", "k8s.io/klog"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["group:glog", "", False, "Error", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "", False, "ErrorContext", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "", False, "ErrorContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
- ["group:glog", "", False, "ErrorContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
- ["group:glog", "", False, "ErrorContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "", False, "ErrorDepth", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "", False, "ErrorDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:glog", "", False, "Errorln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "", False, "Exit", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "", False, "ExitContext", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "", False, "ExitContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
- ["group:glog", "", False, "ExitContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
- ["group:glog", "", False, "ExitContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "", False, "ExitDepth", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "", False, "ExitDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "", False, "Exitf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:glog", "", False, "Exitln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "", False, "FatalContext", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "", False, "FatalContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
- ["group:glog", "", False, "FatalContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
- ["group:glog", "", False, "FatalContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "", False, "FatalDepth", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "", False, "FatalDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:glog", "", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "", False, "Info", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "", False, "InfoContext", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "", False, "InfoContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
- ["group:glog", "", False, "InfoContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
- ["group:glog", "", False, "InfoContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "", False, "InfoDepth", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "", False, "InfoDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "", False, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:glog", "", False, "Infoln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "", False, "Warning", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "", False, "WarningContext", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "", False, "WarningContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
- ["group:glog", "", False, "WarningContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
- ["group:glog", "", False, "WarningContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "", False, "WarningDepth", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "", False, "WarningDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "", False, "Warningf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:glog", "", False, "Warningln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "Error", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "ErrorContext", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "ErrorContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "ErrorContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "ErrorContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "ErrorDepth", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "ErrorDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "Errorln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "Exit", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "ExitContext", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "ExitContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "ExitContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "ExitContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "ExitDepth", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "ExitDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "Exitf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "Exitln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "FatalContext", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "FatalContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "FatalContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "FatalContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "FatalDepth", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "FatalDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "Info", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "InfoContext", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "InfoContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "InfoContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "InfoContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "InfoDepth", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "InfoDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "Infoln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "Warning", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "WarningContext", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "WarningContextDepth", "", "", "Argument[2]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "WarningContextDepthf", "", "", "Argument[2..3]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "WarningContextf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "WarningDepth", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "WarningDepthf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "Warningf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:glog", "Verbose", True, "Warningln", "", "", "Argument[0]", "log-injection", "manual"]

2
go/ql/lib/ext/github.com.gorilla.mux.model.yml
View File

@@ -3,4 +3,4 @@ extensions:
pack: codeql/go-all
extensible: sourceModel
data:
- ["github.com/gorilla/mux", "", True, "Vars", "", "", "ReturnValue", "remote", "manual"] # TODO: when sources can have access paths, use .MapValue (and .MapKey?)
- ["github.com/gorilla/mux", "", False, "Vars", "", "", "ReturnValue", "remote", "manual"] # TODO: when sources can have access paths, use .MapValue (and .MapKey?)

2
go/ql/lib/ext/github.com.gorilla.websocket.model.yml
View File

@@ -3,6 +3,6 @@ extensions:
pack: codeql/go-all
extensible: sourceModel
data:
- ["github.com/gorilla/websocket", "", True, "ReadJSON", "", "", "Argument[1]", "remote", "manual"]
- ["github.com/gorilla/websocket", "", False, "ReadJSON", "", "", "Argument[1]", "remote", "manual"]
- ["github.com/gorilla/websocket", "Conn", True, "ReadJSON", "", "", "Argument[0]", "remote", "manual"]
- ["github.com/gorilla/websocket", "Conn", True, "ReadMessage", "", "", "ReturnValue[1]", "remote", "manual"]

85
go/ql/lib/ext/github.com.jmoiron.sqlx.model.yml Normal file
View File

@@ -0,0 +1,85 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: sourceModel
data:
- ["github.com/jmoiron/sqlx", "", True, "Get", "", "", "Argument[1]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "", True, "GetContext", "", "", "Argument[2]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "", True, "NamedQuery", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "", True, "NamedQueryContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "", True, "Select", "", "", "Argument[1]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "", True, "SelectContext", "", "", "Argument[2]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "Conn", True, "GetContext", "", "", "Argument[1]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "Conn", True, "QueryRowxContext", "", "", "ReturnValue", "database", "manual"]
- ["github.com/jmoiron/sqlx", "Conn", True, "QueryxContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "Conn", True, "SelectContext", "", "", "Argument[1]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "DB", True, "Get", "", "", "Argument[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "DB", True, "GetContext", "", "", "Argument[1]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "DB", True, "NamedQuery", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "DB", True, "NamedQueryContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "DB", True, "QueryRowx", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "DB", True, "QueryRowxContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "DB", True, "Queryx", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "DB", True, "QueryxContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "DB", True, "Select", "", "", "Argument[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "DB", True, "SelectContext", "", "", "Argument[1]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "NamedStmt", True, "Get", "", "", "Argument[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "NamedStmt", True, "GetContext", "", "", "Argument[1]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "NamedStmt", True, "QueryRow", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "NamedStmt", True, "QueryRowContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "NamedStmt", True, "Query", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "NamedStmt", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "NamedStmt", True, "QueryRowx", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "NamedStmt", True, "QueryRowxContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "NamedStmt", True, "Queryx", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "NamedStmt", True, "QueryxContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "NamedStmt", True, "Select", "", "", "Argument[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "NamedStmt", True, "SelectContext", "", "", "Argument[1]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "Stmt", True, "Get", "", "", "Argument[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "Stmt", True, "GetContext", "", "", "Argument[1]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "Stmt", True, "QueryRowx", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "Stmt", True, "QueryRowxContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "Stmt", True, "Queryx", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "Stmt", True, "QueryxContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "Stmt", True, "Select", "", "", "Argument[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "Stmt", True, "SelectContext", "", "", "Argument[1]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "Tx", True, "Get", "", "", "Argument[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "Tx", True, "GetContext", "", "", "Argument[1]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "Tx", True, "NamedQuery", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "Tx", True, "QueryRowx", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "Tx", True, "QueryRowxContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "Tx", True, "Queryx", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "Tx", True, "QueryxContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "Tx", True, "Select", "", "", "Argument[0]", "database", "manual"]
- ["github.com/jmoiron/sqlx", "Tx", True, "SelectContext", "", "", "Argument[1]", "database", "manual"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/jmoiron/sqlx", "DB", True, "Get", "", "", "Argument[1]", "sql-injection", "manual"]
- ["github.com/jmoiron/sqlx", "DB", True, "MustExec", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/jmoiron/sqlx", "DB", True, "NamedExec", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/jmoiron/sqlx", "DB", True, "NamedQuery", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/jmoiron/sqlx", "DB", True, "Queryx", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/jmoiron/sqlx", "DB", True, "Select", "", "", "Argument[1]", "sql-injection", "manual"]
- ["github.com/jmoiron/sqlx", "Tx", True, "Get", "", "", "Argument[1]", "sql-injection", "manual"]
- ["github.com/jmoiron/sqlx", "Tx", True, "MustExec", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/jmoiron/sqlx", "Tx", True, "NamedExec", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/jmoiron/sqlx", "Tx", True, "NamedQuery", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/jmoiron/sqlx", "Tx", True, "Queryx", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/jmoiron/sqlx", "Tx", True, "Select", "", "", "Argument[1]", "sql-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["github.com/jmoiron/sqlx", "", True, "MapScan", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["github.com/jmoiron/sqlx", "", True, "SliceScan", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/jmoiron/sqlx", "", True, "StructScan", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
- ["github.com/jmoiron/sqlx", "ColScanner", True, "Scan", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
- ["github.com/jmoiron/sqlx", "Row", True, "MapScan", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
- ["github.com/jmoiron/sqlx", "Row", True, "Scan", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
- ["github.com/jmoiron/sqlx", "Row", True, "SliceScan", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/jmoiron/sqlx", "Row", True, "StructScan", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
- ["github.com/jmoiron/sqlx", "Rows", True, "MapScan", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
- ["github.com/jmoiron/sqlx", "Rows", True, "SliceScan", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
- ["github.com/jmoiron/sqlx", "Rows", True, "StructScan", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]

2
go/ql/lib/ext/github.com.kataras.iris.middleware.jwt.model.yml
View File

@@ -3,5 +3,5 @@ extensions:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/kataras/iris/middleware/jwt", "", True, "NewSigner", "", "", "Argument[1]", "credentials-key", "manual"]
- ["github.com/kataras/iris/middleware/jwt", "", False, "NewSigner", "", "", "Argument[1]", "credentials-key", "manual"]
- ["github.com/kataras/iris/middleware/jwt", "Signer", True, "Key", "", "", "", "credentials-key", "manual"]

8
go/ql/lib/ext/github.com.kataras.jwt.model.yml
View File

@@ -4,7 +4,7 @@ extensions:
extensible: sinkModel
data:
- ["github.com/kataras/jwt", "Keys", True, "Register", "", "", "Argument[3]", "credentials-key", "manual"]
- ["github.com/kataras/jwt", "", True, "Sign", "", "", "Argument[1]", "credentials-key", "manual"]
- ["github.com/kataras/jwt", "", True, "SignEncrypted", "", "", "Argument[1]", "credentials-key", "manual"]
- ["github.com/kataras/jwt", "", True, "SignEncryptedWithHeader", "", "", "Argument[1]", "credentials-key", "manual"]
- ["github.com/kataras/jwt", "", True, "SignWithHeader", "", "", "Argument[1]", "credentials-key", "manual"]
- ["github.com/kataras/jwt", "", False, "Sign", "", "", "Argument[1]", "credentials-key", "manual"]
- ["github.com/kataras/jwt", "", False, "SignEncrypted", "", "", "Argument[1]", "credentials-key", "manual"]
- ["github.com/kataras/jwt", "", False, "SignEncryptedWithHeader", "", "", "Argument[1]", "credentials-key", "manual"]
- ["github.com/kataras/jwt", "", False, "SignWithHeader", "", "", "Argument[1]", "credentials-key", "manual"]

2
go/ql/lib/ext/github.com.kelseyhightower.envconfig.model.yml
View File

@@ -8,4 +8,4 @@ extensions:
- ["github.com/kelseyhightower/envconfig", "", False, "Process", "", "", "Argument[1]", "environment", "manual"]
- ["github.com/kelseyhightower/envconfig", "", False, "Usage", "", "", "Argument[1]", "environment", "manual"]
- ["github.com/kelseyhightower/envconfig", "", False, "Usagef", "", "", "Argument[1]", "environment", "manual"]
- ["github.com/kelseyhightower/envconfig", "", False, "Usaget", "", "", "Argument[1]", "environment", "manual"]
- ["github.com/kelseyhightower/envconfig", "", False, "Usaget", "", "", "Argument[1]", "environment", "manual"]

4
go/ql/lib/ext/github.com.labstack.echo.model.yml
View File

@@ -4,8 +4,8 @@ extensions:
extensible: sinkModel
data:
# path-injection
- ["github.com/labstack/echo", "Context", False, "Attachment", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/labstack/echo", "Context", False, "File", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/labstack/echo", "Context", True, "Attachment", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/labstack/echo", "Context", True, "File", "", "", "Argument[0]", "path-injection", "manual"]
# url-redirection
- ["github.com/labstack/echo", "Context", True, "Redirect", "", "", "Argument[1]", "url-redirection", "manual"]
- addsTo:

2
go/ql/lib/ext/github.com.lestrrat-go.jwx.jwk.model.yml
View File

@@ -3,4 +3,4 @@ extensions:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/lestrrat-go/jwx/jwk", "", True, "New", "", "", "Argument[0]", "credentials-key", "manual"]
- ["github.com/lestrrat-go/jwx/jwk", "", False, "New", "", "", "Argument[0]", "credentials-key", "manual"]

2
go/ql/lib/ext/github.com.lestrrat-go.jwx.model.yml
View File

@@ -3,4 +3,4 @@ extensions:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/lestrrat-go/jwx", "", True, "New", "", "", "Argument[0]", "credentials-key", "manual"]
- ["github.com/lestrrat-go/jwx", "", False, "New", "", "", "Argument[0]", "credentials-key", "manual"]

2
go/ql/lib/ext/github.com.lestrrat.go-jwx.jwk.model.yml
View File

@@ -3,4 +3,4 @@ extensions:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/lestrrat/go-jwx/jwk", "", True, "New", "", "", "Argument[0]", "credentials-key", "manual"]
- ["github.com/lestrrat/go-jwx/jwk", "", False, "New", "", "", "Argument[0]", "credentials-key", "manual"]

51
go/ql/lib/ext/github.com.mastermind.squirrel.model.yml Normal file
View File

@@ -0,0 +1,51 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: packageGrouping
data:
- ["squirrel", "github.com/Masterminds/squirrel"]
- ["squirrel", "gopkg.in/Masterminds/squirrel"]
- ["squirrel", "github.com/lann/squirrel"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["group:squirrel", "", False, "Delete", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:squirrel", "", False, "Expr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:squirrel", "", False, "Insert", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:squirrel", "", False, "Select", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement
- ["group:squirrel", "", False, "Update", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement
- ["group:squirrel", "DeleteBuilder", True, "From", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:squirrel", "DeleteBuilder", True, "OrderBy", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement
- ["group:squirrel", "DeleteBuilder", True, "Prefix", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:squirrel", "DeleteBuilder", True, "Suffix", "", "", "Argument[0]", "sql-injection", "manual"]
# DeleteBuilder.Where has to be modeled in QL to avoid FPs when a non-string argument is used
- ["group:squirrel", "InsertBuilder", True, "Columns", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement
- ["group:squirrel", "InsertBuilder", True, "Into", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:squirrel", "InsertBuilder", True, "Options", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement
- ["group:squirrel", "InsertBuilder", True, "Prefix", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:squirrel", "InsertBuilder", True, "Suffix", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:squirrel", "SelectBuilder", True, "CrossJoin", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:squirrel", "SelectBuilder", True, "Column", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:squirrel", "SelectBuilder", True, "Columns", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement
- ["group:squirrel", "SelectBuilder", True, "From", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:squirrel", "SelectBuilder", True, "GroupBy", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:squirrel", "SelectBuilder", True, "InnerJoin", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:squirrel", "SelectBuilder", True, "LeftJoin", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:squirrel", "SelectBuilder", True, "Options", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement
- ["group:squirrel", "SelectBuilder", True, "OrderBy", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement
- ["group:squirrel", "SelectBuilder", True, "Prefix", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:squirrel", "SelectBuilder", True, "RightJoin", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:squirrel", "SelectBuilder", True, "Suffix", "", "", "Argument[0]", "sql-injection", "manual"]
# SelectBuilder.Where has to be modeled in QL to avoid FPs when a non-string argument is used
- ["group:squirrel", "UpdateBuilder", True, "From", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:squirrel", "UpdateBuilder", True, "OrderBy", "", "", "Argument[0]", "sql-injection", "manual"] # TODO: when sources can have access paths, use .ArrayElement
- ["group:squirrel", "UpdateBuilder", True, "Prefix", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:squirrel", "UpdateBuilder", True, "Set", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:squirrel", "UpdateBuilder", True, "Suffix", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:squirrel", "UpdateBuilder", True, "Table", "", "", "Argument[0]", "sql-injection", "manual"]
# UpdateBuilder.Where has to be modeled in QL to avoid FPs when a non-string argument is used

2
go/ql/lib/ext/github.com.moovweb.gokogiri.xpath.model.yml
View File

@@ -9,4 +9,4 @@ extensions:
pack: codeql/go-all
extensible: sinkModel
data:
- ["group:gokogiri/xpath", "", True, "Compile", "", "", "Argument[0]", "xpath-injection", "manual"]
- ["group:gokogiri/xpath", "", False, "Compile", "", "", "Argument[0]", "xpath-injection", "manual"]

35
go/ql/lib/ext/github.com.rqlite.gorqlite.model.yml Normal file
View File

@@ -0,0 +1,35 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: packageGrouping
data:
- ["gorqlite", "github.com/rqlite/gorqlite"]
- ["gorqlite", "github.com/raindog308/gorqlite"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["group:gorqlite", "Connection", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "QueryOne", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "QueryOneContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "QueryOneParameterized", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "QueryOneParameterizedContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "QueryParameterized", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "QueryParameterizedContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "Queue", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "QueueContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "QueueOne", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "QueueOneContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "QueueOneParameterized", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "QueueOneParameterizedContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "QueueParameterized", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "QueueParameterizedContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "Write", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "WriteContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "WriteOne", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "WriteOneContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "WriteOneParameterized", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "WriteOneParameterizedContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "WriteParameterized", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorqlite", "Connection", True, "WriteParameterizedContext", "", "", "Argument[1]", "sql-injection", "manual"]

4
go/ql/lib/ext/github.com.santhosh-tekuri.xpathparser.model.yml
View File

@@ -3,5 +3,5 @@ extensions:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/santhosh-tekuri/xpathparser", "", True, "Parse", "", "", "Argument[0]", "xpath-injection", "manual"]
- ["github.com/santhosh-tekuri/xpathparser", "", True, "MustParse", "", "", "Argument[0]", "xpath-injection", "manual"]
- ["github.com/santhosh-tekuri/xpathparser", "", False, "Parse", "", "", "Argument[0]", "xpath-injection", "manual"]
- ["github.com/santhosh-tekuri/xpathparser", "", False, "MustParse", "", "", "Argument[0]", "xpath-injection", "manual"]

159
go/ql/lib/ext/github.com.sirupsen.logrus.model.yml Normal file
View File

@@ -0,0 +1,159 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: packageGrouping
data:
- ["logrus", "github.com/sirupsen/logrus"]
- ["logrus", "github.com/Sirupsen/logrus"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["group:logrus", "", False, "Debug", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "DebugFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Debugf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "", False, "Debugln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Error", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "ErrorFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "", False, "Errorln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "FatalFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Info", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "InfoFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "", False, "Infoln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Panic", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "PanicFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "", False, "Panicln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Print", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "PrintFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "", False, "Println", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Trace", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "TraceFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Tracef", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "", False, "Traceln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Warn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "WarnFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Warnf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "", False, "Warnln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Warning", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "WarningFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "Warningf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "", False, "Warningln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "WithError", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "WithField", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "", False, "WithFields", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "", False, "WithTime", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Debug", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Debugf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Debugln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Error", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Errorln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Info", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Infoln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Log", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Logf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Logln", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Panic", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Panicln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Print", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Println", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Trace", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Tracef", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Traceln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Warn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Warnf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Warnln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Warning", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Warningf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "Warningln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "WithError", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "WithField", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "WithFields", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Entry", True, "WithTime", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Debug", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Debugf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Debugln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Error", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Errorln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Info", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Infoln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Panic", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Panicln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Print", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Println", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Warn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Warnf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Warnln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Warning", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Warningf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "Warningln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "WithError", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "WithField", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "FieldLogger", True, "WithFields", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Debug", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "DebugFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Debugf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Debugln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Error", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "ErrorFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Errorln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "FatalFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Info", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "InfoFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Infoln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Log", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "LogFn", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Logf", "", "", "Argument[1..2]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Logln", "", "", "Argument[1]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Panic", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "PanicFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Panicln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Print", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "PrintFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Println", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Trace", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "TraceFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Tracef", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Traceln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Warn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "WarnFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Warnf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Warnln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Warning", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "WarningFn", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Warningf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "Warningln", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "WithError", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "WithField", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "WithFields", "", "", "Argument[0]", "log-injection", "manual"]
- ["group:logrus", "Logger", True, "WithTime", "", "", "Argument[0]", "log-injection", "manual"]

68
go/ql/lib/ext/github.com.spf13.afero.model.yml
View File

@@ -3,37 +3,37 @@ extensions:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/spf13/afero", "HttpFs", False, "Create", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "HttpFs", False, "Open", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "HttpFs", False, "OpenFile", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "HttpFs", False, "Remove", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "HttpFs", False, "RemoveAll", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "MemMapFs", False, "Create", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "MemMapFs", False, "Open", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "MemMapFs", False, "OpenFile", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "MemMapFs", False, "Remove", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "MemMapFs", False, "RemoveAll", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "MemMapFs", False, "Mkdir", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "MemMapFs", False, "MkdirAll", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "OsFs", False, "Create", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "OsFs", False, "Open", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "OsFs", False, "OpenFile", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "OsFs", False, "ReadlinkIfPossible", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "OsFs", False, "Remove", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "OsFs", False, "RemoveAll", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "OsFs", False, "Mkdir", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "OsFs", False, "MkdirAll", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "ReadOnlyFs", False, "Create", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "ReadOnlyFs", False, "Open", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "ReadOnlyFs", False, "OpenFile", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "ReadOnlyFs", False, "ReadDir", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "ReadOnlyFs", False, "ReadlinkIfPossible", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "ReadOnlyFs", False, "Mkdir", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "ReadOnlyFs", False, "MkdirAll", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "RegexpFs", False, "Create", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "RegexpFs", False, "Open", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "RegexpFs", False, "OpenFile", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "RegexpFs", False, "Remove", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "RegexpFs", False, "RemoveAll", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "RegexpFs", False, "Mkdir", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "RegexpFs", False, "MkdirAll", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "HttpFs", True, "Create", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "HttpFs", True, "Open", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "HttpFs", True, "OpenFile", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "HttpFs", True, "Remove", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "HttpFs", True, "RemoveAll", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "MemMapFs", True, "Create", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "MemMapFs", True, "Open", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "MemMapFs", True, "OpenFile", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "MemMapFs", True, "Remove", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "MemMapFs", True, "RemoveAll", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "MemMapFs", True, "Mkdir", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "MemMapFs", True, "MkdirAll", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "OsFs", True, "Create", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "OsFs", True, "Open", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "OsFs", True, "OpenFile", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "OsFs", True, "ReadlinkIfPossible", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "OsFs", True, "Remove", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "OsFs", True, "RemoveAll", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "OsFs", True, "Mkdir", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "OsFs", True, "MkdirAll", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "ReadOnlyFs", True, "Create", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "ReadOnlyFs", True, "Open", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "ReadOnlyFs", True, "OpenFile", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "ReadOnlyFs", True, "ReadDir", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "ReadOnlyFs", True, "ReadlinkIfPossible", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "ReadOnlyFs", True, "Mkdir", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "ReadOnlyFs", True, "MkdirAll", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "RegexpFs", True, "Create", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "RegexpFs", True, "Open", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "RegexpFs", True, "OpenFile", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "RegexpFs", True, "Remove", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "RegexpFs", True, "RemoveAll", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "RegexpFs", True, "Mkdir", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/spf13/afero", "RegexpFs", True, "MkdirAll", "", "", "Argument[0]", "path-injection", "manual"]

68
go/ql/lib/ext/github.com.uptrace.bun.model.yml Normal file
View File

@@ -0,0 +1,68 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["github.com/uptrace/bun", "", False, "NewRawQuery", "", "", "Argument[1]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "AddColumnQuery", True, "ColumnExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "AddColumnQuery", True, "ModelTableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "AddColumnQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "Conn", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "Conn", True, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "Conn", True, "NewRaw", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "Conn", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "Conn", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "Conn", True, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "Conn", True, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "Conn", True, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "Conn", True, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "Conn", True, "Raw", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "CreateIndexQuery", True, "ColumnExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "CreateIndexQuery", True, "ModelTableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "CreateIndexQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "CreateIndexQuery", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "CreateIndexQuery", True, "WhereOr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "CreateTableQuery", True, "ColumnExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "CreateTableQuery", True, "ModelTableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "CreateTableQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "DB", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "DB", True, "ExecContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "DB", True, "NewRaw", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "DB", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "DB", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "DB", True, "QueryRow", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "DB", True, "PrepareContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "DB", True, "QueryContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "DB", True, "QueryRowContext", "", "", "Argument[1]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "DB", True, "Raw", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "DeleteQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "DeleteQuery", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "DeleteQuery", True, "WhereOr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "DropColumnQuery", True, "ColumnExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "DropColumnQuery", True, "ModelTableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "DropColumnQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "DropTableQuery", True, "ModelTableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "DropTableQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "InsertQuery", True, "ColumnExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "InsertQuery", True, "ModelTableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "InsertQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "InsertQuery", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "InsertQuery", True, "WhereOr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "MergeQuery", True, "ModelTableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "MergeQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "RawQuery", True, "NewRaw", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "SelectQuery", True, "ColumnExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "SelectQuery", True, "DistinctOn", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "SelectQuery", True, "For", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "SelectQuery", True, "GroupExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "SelectQuery", True, "Having", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "SelectQuery", True, "ModelTableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "SelectQuery", True, "OrderExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "SelectQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "SelectQuery", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "SelectQuery", True, "WhereOr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "TruncateTableQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "UpdateQuery", True, "ModelTableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "UpdateQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "UpdateQuery", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]
- ["github.com/uptrace/bun", "UpdateQuery", True, "WhereOr", "", "", "Argument[0]", "sql-injection", "manual"]

32
go/ql/lib/ext/github.com.valyala.fasthttp.model.yml
View File

@@ -4,14 +4,14 @@ extensions:
extensible: sinkModel
data:
# request-forgery
- ["github.com/valyala/fasthttp", "", True, "Get", "", "", "Argument[1]", "request-forgery", "manual"]
- ["github.com/valyala/fasthttp", "", True, "GetDeadline", "", "", "Argument[1]", "request-forgery", "manual"]
- ["github.com/valyala/fasthttp", "", True, "GetTimeout", "", "", "Argument[1]", "request-forgery", "manual"]
- ["github.com/valyala/fasthttp", "", True, "Post", "", "", "Argument[1]", "request-forgery", "manual"]
- ["github.com/valyala/fasthttp", "", True, "Dial", "", "", "Argument[0]", "request-forgery[TCP Addr + Port]", "manual"]
- ["github.com/valyala/fasthttp", "", True, "DialDualStack", "", "", "Argument[0]", "request-forgery[TCP Addr + Port]", "manual"]
- ["github.com/valyala/fasthttp", "", True, "DialDualStackTimeout", "", "", "Argument[0]", "request-forgery[TCP Addr + Port]", "manual"]
- ["github.com/valyala/fasthttp", "", True, "DialTimeout", "", "", "Argument[0]", "request-forgery[TCP Addr + Port]", "manual"]
- ["github.com/valyala/fasthttp", "", False, "Get", "", "", "Argument[1]", "request-forgery", "manual"]
- ["github.com/valyala/fasthttp", "", False, "GetDeadline", "", "", "Argument[1]", "request-forgery", "manual"]
- ["github.com/valyala/fasthttp", "", False, "GetTimeout", "", "", "Argument[1]", "request-forgery", "manual"]
- ["github.com/valyala/fasthttp", "", False, "Post", "", "", "Argument[1]", "request-forgery", "manual"]
- ["github.com/valyala/fasthttp", "", False, "Dial", "", "", "Argument[0]", "request-forgery[TCP Addr + Port]", "manual"]
- ["github.com/valyala/fasthttp", "", False, "DialDualStack", "", "", "Argument[0]", "request-forgery[TCP Addr + Port]", "manual"]
- ["github.com/valyala/fasthttp", "", False, "DialDualStackTimeout", "", "", "Argument[0]", "request-forgery[TCP Addr + Port]", "manual"]
- ["github.com/valyala/fasthttp", "", False, "DialTimeout", "", "", "Argument[0]", "request-forgery[TCP Addr + Port]", "manual"]
- ["github.com/valyala/fasthttp", "Client", True, "Get", "", "", "Argument[1]", "request-forgery", "manual"]
- ["github.com/valyala/fasthttp", "Client", True, "GetDeadline", "", "", "Argument[1]", "request-forgery", "manual"]
- ["github.com/valyala/fasthttp", "Client", True, "GetTimeout", "", "", "Argument[1]", "request-forgery", "manual"]
@@ -35,9 +35,9 @@ extensions:
- ["github.com/valyala/fasthttp", "", False, "ServeFileBytes", "", "", "Argument[1]", "path-injection", "manual"]
- ["github.com/valyala/fasthttp", "", False, "ServeFileBytesUncompressed", "", "", "Argument[1]", "path-injection", "manual"]
- ["github.com/valyala/fasthttp", "", False, "ServeFileUncompressed", "", "", "Argument[1]", "path-injection", "manual"]
- ["github.com/valyala/fasthttp", "RequestCtx", False, "SendFile", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/valyala/fasthttp", "RequestCtx", False, "SendFileBytes", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/valyala/fasthttp", "Response", False, "SendFile", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/valyala/fasthttp", "RequestCtx", True, "SendFile", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/valyala/fasthttp", "RequestCtx", True, "SendFileBytes", "", "", "Argument[0]", "path-injection", "manual"]
- ["github.com/valyala/fasthttp", "Response", True, "SendFile", "", "", "Argument[0]", "path-injection", "manual"]
# url-redirection
- ["github.com/valyala/fasthttp", "RequestCtx", True, "Redirect", "", "", "Argument[0]", "url-redirection", "manual"]
- ["github.com/valyala/fasthttp", "RequestCtx", True, "RedirectBytes", "", "", "Argument[0]", "url-redirection", "manual"]
@@ -45,11 +45,11 @@ extensions:
pack: codeql/go-all
extensible: summaryModel
data:
- ["github.com/valyala/fasthttp", "URI", False, "SetHost", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"]
- ["github.com/valyala/fasthttp", "URI", False, "SetHostBytes", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"]
- ["github.com/valyala/fasthttp", "URI", False, "Update", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"]
- ["github.com/valyala/fasthttp", "URI", False, "UpdateBytes", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"]
- ["github.com/valyala/fasthttp", "URI", False, "Parse", "", "", "Argument[0..1]", "Argument[receiver]", "taint", "manual"]
- ["github.com/valyala/fasthttp", "URI", True, "SetHost", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"]
- ["github.com/valyala/fasthttp", "URI", True, "SetHostBytes", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"]
- ["github.com/valyala/fasthttp", "URI", True, "Update", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"]
- ["github.com/valyala/fasthttp", "URI", True, "UpdateBytes", "", "", "Argument[0]", "Argument[receiver]", "taint", "manual"]
- ["github.com/valyala/fasthttp", "URI", True, "Parse", "", "", "Argument[0..1]", "Argument[receiver]", "taint", "manual"]
- addsTo:
pack: codeql/go-all
extensible: sourceModel

19
go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml Normal file
View File

@@ -0,0 +1,19 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Aggregate", "", "", "Argument[1]", "nosql-injection", "manual"]
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "CountDocuments", "", "", "Argument[1]", "nosql-injection", "manual"]
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "DeleteMany", "", "", "Argument[1]", "nosql-injection", "manual"]
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "DeleteOne", "", "", "Argument[1]", "nosql-injection", "manual"]
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Distinct", "", "", "Argument[2]", "nosql-injection", "manual"]
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Find", "", "", "Argument[1]", "nosql-injection", "manual"]
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOne", "", "", "Argument[1]", "nosql-injection", "manual"]
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOneAndDelete", "", "", "Argument[1]", "nosql-injection", "manual"]
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOneAndReplace", "", "", "Argument[1]", "nosql-injection", "manual"]
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOneAndUpdate", "", "", "Argument[1]", "nosql-injection", "manual"]
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "ReplaceOne", "", "", "Argument[1]", "nosql-injection", "manual"]
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "UpdateMany", "", "", "Argument[1]", "nosql-injection", "manual"]
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "UpdateOne", "", "", "Argument[1]", "nosql-injection", "manual"]
- ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Watch", "", "", "Argument[1]", "nosql-injection", "manual"]

37
go/ql/lib/ext/go.uber.org.zap.model.yml
View File

@@ -1,4 +1,41 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["go.uber.org/zap", "Logger", True, "DPanic", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "Logger", True, "Debug", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "Logger", True, "Error", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "Logger", True, "Fatal", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "Logger", True, "Info", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "Logger", True, "Named", "", "", "Argument[0]", "log-injection", "manual"]
- ["go.uber.org/zap", "Logger", True, "Panic", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "Logger", True, "Warn", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "Logger", True, "With", "", "", "Argument[0]", "log-injection", "manual"]
- ["go.uber.org/zap", "Logger", True, "WithOptions", "", "", "Argument[0]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "DPanic", "", "", "Argument[0]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "DPanicf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "DPanicw", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "Debug", "", "", "Argument[0]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "Debugf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "Debugw", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "Error", "", "", "Argument[0]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "Errorf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "Errorw", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "Fatalw", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "Info", "", "", "Argument[0]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "Infof", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "Infow", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "Named", "", "", "Argument[0]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "Panic", "", "", "Argument[0]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "Panicw", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "Warn", "", "", "Argument[0]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "Warnf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "Warnw", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["go.uber.org/zap", "SugaredLogger", True, "With", "", "", "Argument[0]", "log-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel

8
go/ql/lib/ext/golang.org.x.crypto.ssh.model.yml
View File

@@ -3,7 +3,7 @@ extensions:
pack: codeql/go-all
extensible: sinkModel
data:
- ["golang.org/x/crypto/ssh", "Session", False, "CombinedOutput", "", "", "Argument[0]", "command-injection", "manual"]
- ["golang.org/x/crypto/ssh", "Session", False, "Output", "", "", "Argument[0]", "command-injection", "manual"]
- ["golang.org/x/crypto/ssh", "Session", False, "Run", "", "", "Argument[0]", "command-injection", "manual"]
- ["golang.org/x/crypto/ssh", "Session", False, "Start", "", "", "Argument[0]", "command-injection", "manual"]
- ["golang.org/x/crypto/ssh", "Session", True, "CombinedOutput", "", "", "Argument[0]", "command-injection", "manual"]
- ["golang.org/x/crypto/ssh", "Session", True, "Output", "", "", "Argument[0]", "command-injection", "manual"]
- ["golang.org/x/crypto/ssh", "Session", True, "Run", "", "", "Argument[0]", "command-injection", "manual"]
- ["golang.org/x/crypto/ssh", "Session", True, "Start", "", "", "Argument[0]", "command-injection", "manual"]

49
go/ql/lib/ext/gorm.io.gorm.model.yml Normal file
View File

@@ -0,0 +1,49 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: packageGrouping
data:
- ["gorm", "gorm.io/gorm"]
- ["gorm", "github.com/jinzhu/gorm"]
- ["gorm", "github.com/go-gorm/gorm"]
- addsTo:
pack: codeql/go-all
extensible: sourceModel
data:
- ["group:gorm", "Association", True, "Find", "", "", "Argument[0]", "database", "manual"]
- ["group:gorm", "ConnPool", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:gorm", "ConnPool", True, "QueryRowContext", "", "", "ReturnValue", "database", "manual"]
- ["group:gorm", "DB", True, "Find", "", "", "Argument[0]", "database", "manual"]
- ["group:gorm", "DB", True, "FindInBatches", "", "", "Argument[0]", "database", "manual"]
- ["group:gorm", "DB", True, "First", "", "", "Argument[0]", "database", "manual"]
- ["group:gorm", "DB", True, "FirstOrCreate", "", "", "Argument[0]", "database", "manual"]
- ["group:gorm", "DB", True, "FirstOrInit", "", "", "Argument[0]", "database", "manual"]
- ["group:gorm", "DB", True, "Last", "", "", "Argument[0]", "database", "manual"]
- ["group:gorm", "DB", True, "Model", "", "", "Argument[0]", "database", "manual"]
- ["group:gorm", "DB", True, "Pluck", "", "", "Argument[1]", "database", "manual"]
- ["group:gorm", "DB", True, "Row", "", "", "ReturnValue", "database", "manual"]
- ["group:gorm", "DB", True, "Rows", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:gorm", "DB", True, "Scan", "", "", "Argument[0]", "database", "manual"]
- ["group:gorm", "DB", True, "Take", "", "", "Argument[0]", "database", "manual"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["group:gorm", "DB", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorm", "DB", True, "Raw", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorm", "DB", True, "Order", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorm", "DB", True, "Not", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorm", "DB", True, "Or", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorm", "DB", True, "Select", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorm", "DB", True, "Table", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorm", "DB", True, "Group", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorm", "DB", True, "Having", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorm", "DB", True, "Joins", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorm", "DB", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorm", "DB", True, "Distinct", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:gorm", "DB", True, "Pluck", "", "", "Argument[0]", "sql-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["group:gorm", "DB", True, "ScanRows", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]

2
go/ql/lib/ext/io.fs.model.yml
View File

@@ -22,4 +22,4 @@ extensions:
data:
- ["io/fs", "", False, "ReadFile", "", "", "ReturnValue[0]", "file", "manual"]
- ["io/fs", "ReadFileFS", True, "ReadFile", "", "", "ReturnValue[0]", "file", "manual"]
- ["io/fs", "FS", True, "Open", "", "", "ReturnValue[0]", "file", "manual"]
- ["io/fs", "FS", True, "Open", "", "", "ReturnValue[0]", "file", "manual"]

2
go/ql/lib/ext/io.ioutil.model.yml
View File

@@ -18,4 +18,4 @@ extensions:
pack: codeql/go-all
extensible: sourceModel
data:
- ["io/ioutil", "", False, "ReadFile", "", "", "ReturnValue[0]", "file", "manual"]
- ["io/ioutil", "", False, "ReadFile", "", "", "ReturnValue[0]", "file", "manual"]

24
go/ql/lib/ext/log.model.yml
View File

@@ -1,4 +1,28 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["log", "", False, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
- ["log", "", False, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["log", "", False, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"]
- ["log", "", False, "Output", "", "", "Argument[1]", "log-injection", "manual"]
- ["log", "", False, "Panic", "", "", "Argument[0]", "log-injection", "manual"]
- ["log", "", False, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["log", "", False, "Panicln", "", "", "Argument[0]", "log-injection", "manual"]
- ["log", "", False, "Print", "", "", "Argument[0]", "log-injection", "manual"]
- ["log", "", False, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["log", "", False, "Println", "", "", "Argument[0]", "log-injection", "manual"]
- ["log", "Logger", True, "Fatal", "", "", "Argument[0]", "log-injection", "manual"]
- ["log", "Logger", True, "Fatalf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["log", "Logger", True, "Fatalln", "", "", "Argument[0]", "log-injection", "manual"]
- ["log", "Logger", True, "Output", "", "", "Argument[1]", "log-injection", "manual"]
- ["log", "Logger", True, "Panic", "", "", "Argument[0]", "log-injection", "manual"]
- ["log", "Logger", True, "Panicf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["log", "Logger", True, "Panicln", "", "", "Argument[0]", "log-injection", "manual"]
- ["log", "Logger", True, "Print", "", "", "Argument[0]", "log-injection", "manual"]
- ["log", "Logger", True, "Printf", "", "", "Argument[0..1]", "log-injection", "manual"]
- ["log", "Logger", True, "Println", "", "", "Argument[0]", "log-injection", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel

2
go/ql/lib/ext/math.big.model.yml
View File

@@ -3,4 +3,4 @@ extensions:
pack: codeql/go-all
extensible: summaryModel
data:
- ["math/big", "Int", False, "Int64", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
- ["math/big", "Int", True, "Int64", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]

2
go/ql/lib/ext/net.http.model.yml
View File

@@ -6,7 +6,7 @@ extensions:
# path-injection
- ["net/http", "", False, "ServeFile", "", "", "Argument[2]", "path-injection", "manual"]
# url-redirection
- ["net/http", "", True, "Redirect", "", "", "Argument[2]", "url-redirection[0]", "manual"]
- ["net/http", "", False, "Redirect", "", "", "Argument[2]", "url-redirection[0]", "manual"]
- addsTo:
pack: codeql/go-all
extensible: summaryModel

2
go/ql/lib/ext/os.model.yml
View File

@@ -46,6 +46,7 @@ extensions:
pack: codeql/go-all
extensible: sourceModel
data:
- ["os", "", False, "Args", "", "", "", "commandargs", "manual"]
- ["os", "", False, "Environ", "", "", "ReturnValue", "environment", "manual"] # TODO: when sources can have access paths, use .ArrayElement
- ["os", "", False, "ExpandEnv", "", "", "ReturnValue", "environment", "manual"]
- ["os", "", False, "Getenv", "", "", "ReturnValue", "environment", "manual"]
@@ -53,6 +54,7 @@ extensions:
- ["os", "", False, "Open", "", "", "ReturnValue[0]", "file", "manual"]
- ["os", "", False, "OpenFile", "", "", "ReturnValue[0]", "file", "manual"]
- ["os", "", False, "ReadFile", "", "", "ReturnValue[0]", "file", "manual"]
- ["os", "", False, "Stdin", "", "", "", "stdin", "manual"]
- ["os", "", False, "UserCacheDir", "", "", "ReturnValue[0]", "environment", "manual"]
- ["os", "", False, "UserConfigDir", "", "", "ReturnValue[0]", "environment", "manual"]
- ["os", "", False, "UserHomeDir", "", "", "ReturnValue[0]", "environment", "manual"]

14
go/ql/lib/ext/regexp.model.yml
View File

@@ -3,13 +3,13 @@ extensions:
pack: codeql/go-all
extensible: sinkModel
data:
- ["regexp", "", True, "Compile", "", "", "Argument[0]", "regex-use[c]", "manual"]
- ["regexp", "", True, "CompilePOSIX", "", "", "Argument[0]", "regex-use[c]", "manual"]
- ["regexp", "", True, "MustCompile", "", "", "Argument[0]", "regex-use[c]", "manual"]
- ["regexp", "", True, "MustCompilePOSIX", "", "", "Argument[0]", "regex-use[c]", "manual"]
- ["regexp", "", True, "Match", "", "", "Argument[0]", "regex-use[1]", "manual"]
- ["regexp", "", True, "MatchReader", "", "", "Argument[0]", "regex-use[1]", "manual"]
- ["regexp", "", True, "MatchString", "", "", "Argument[0]", "regex-use[1]", "manual"]
- ["regexp", "", False, "Compile", "", "", "Argument[0]", "regex-use[c]", "manual"]
- ["regexp", "", False, "CompilePOSIX", "", "", "Argument[0]", "regex-use[c]", "manual"]
- ["regexp", "", False, "MustCompile", "", "", "Argument[0]", "regex-use[c]", "manual"]
- ["regexp", "", False, "MustCompilePOSIX", "", "", "Argument[0]", "regex-use[c]", "manual"]
- ["regexp", "", False, "Match", "", "", "Argument[0]", "regex-use[1]", "manual"]
- ["regexp", "", False, "MatchReader", "", "", "Argument[0]", "regex-use[1]", "manual"]
- ["regexp", "", False, "MatchString", "", "", "Argument[0]", "regex-use[1]", "manual"]
- ["regexp", "Regexp", True, "Match", "", "", "Argument[receiver]", "regex-use[0]", "manual"]
- ["regexp", "Regexp", True, "MatchReader", "", "", "Argument[receiver]", "regex-use[0]", "manual"]
- ["regexp", "Regexp", True, "MatchString", "", "", "Argument[receiver]", "regex-use[0]", "manual"]

31
go/ql/lib/ext/slices.model.yml Normal file
View File

@@ -0,0 +1,31 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
# All should be modeled when we have a way to model iterators
# AppendSec should be modeled when we have a way to model iterators
# Backward should be modeled when we have a way to model iterators
# Chunk should be modeled when we have a way to model iterators
- ["slices", "", False, "Clip", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
- ["slices", "", False, "Clone", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
# Collect should be modeled when we have a way to model iterators
- ["slices", "", False, "Compact", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
- ["slices", "", False, "CompactFunc", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
- ["slices", "", False, "Concat", "", "", "Argument[0].ArrayElement.ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
- ["slices", "", False, "Delete", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
- ["slices", "", False, "DeleteFunc", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
- ["slices", "", False, "Grow", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
- ["slices", "", False, "Insert", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
- ["slices", "", False, "Insert", "", "", "Argument[2].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
- ["slices", "", False, "Max", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
- ["slices", "", False, "MaxFunc", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
- ["slices", "", False, "Min", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
- ["slices", "", False, "MinFunc", "", "", "Argument[0].ArrayElement", "ReturnValue", "value", "manual"]
- ["slices", "", False, "Repeat", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
- ["slices", "", False, "Replace", "", "", "Argument[0].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
- ["slices", "", False, "Replace", "", "", "Argument[3].ArrayElement", "ReturnValue.ArrayElement", "value", "manual"]
# Sorted should be modeled when we have a way to model iterators
# SortedFunc should be modeled when we have a way to model iterators
# SortedStableFunc should be modeled when we have a way to model iterators
# Values should be modeled when we have a way to model iterators

2
go/ql/lib/ext/syscall.model.yml
View File

@@ -25,4 +25,4 @@ extensions:
extensible: sourceModel
data:
- ["syscall", "", False, "Environ", "", "", "ReturnValue", "environment", "manual"]
- ["syscall", "", False, "Getenv", "", "", "ReturnValue[0]", "environment", "manual"]
- ["syscall", "", False, "Getenv", "", "", "ReturnValue[0]", "environment", "manual"]

4
go/ql/lib/ext/text.template.model.yml
View File

@@ -7,5 +7,5 @@ extensions:
- ["text/template", "", False, "HTMLEscapeString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["text/template", "", False, "JSEscape", "", "", "Argument[1]", "Argument[0]", "taint", "manual"]
- ["text/template", "", False, "JSEscapeString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["text/template", "Template", True, "Execute", "", "", "Argument[1]", "Argument[0]", "taint", "manual"]
- ["text/template", "Template", True, "ExecuteTemplate", "", "", "Argument[2]", "Argument[0]", "taint", "manual"]
# - ["text/template", "Template", True, "Execute", "", "", "Argument[1]", "Argument[0]", "taint", "manual"] # Implemented in QL to provide an arbitrary content read from the input.
# - ["text/template", "Template", True, "ExecuteTemplate", "", "", "Argument[2]", "Argument[0]", "taint", "manual"] # Implemented in QL to provide an arbitrary content read from the input.

7
go/ql/lib/ext/weak.model.yml Normal file
View File

@@ -0,0 +1,7 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: summaryModel
data:
- ["weak", "", False, "Make", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
- ["weak", "Pointer", False, "Value", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]

49
go/ql/lib/ext/xorm.io.xorm.model.yml Normal file
View File

@@ -0,0 +1,49 @@
extensions:
- addsTo:
pack: codeql/go-all
extensible: packageGrouping
data:
- ["xorm", "xorm.io/xorm"]
- ["xorm", "github.com/go-xorm/xorm"]
- addsTo:
pack: codeql/go-all
extensible: sinkModel
data:
- ["group:xorm", "Engine", True, "Alias", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:xorm", "Engine", True, "And", "", "", "Argument[0]", "sql-injection", "manual"]
# Engine.Exec has to be modeled in QL to select only the first syntactic argument
- ["group:xorm", "Engine", True, "GroupBy", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:xorm", "Engine", True, "Having", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:xorm", "Engine", True, "In", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:xorm", "Engine", True, "Join", "", "", "Argument[0..2]", "sql-injection", "manual"]
- ["group:xorm", "Engine", True, "NotIn", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:xorm", "Engine", True, "Or", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:xorm", "Engine", True, "OrderBy", "", "", "Argument[0]", "sql-injection", "manual"]
# Engine.Query, Engine.QueryInterface and Engine.QueryString have to be modeled in QL to select only the first syntactic argument
- ["group:xorm", "Engine", True, "Select", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:xorm", "Engine", True, "SetExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:xorm", "Engine", True, "SQL", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:xorm", "Engine", True, "Sum", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:xorm", "Engine", True, "Sums", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:xorm", "Engine", True, "SumInt", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:xorm", "Engine", True, "SumsInt", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:xorm", "Engine", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:xorm", "Session", True, "Alias", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:xorm", "Session", True, "And", "", "", "Argument[0]", "sql-injection", "manual"]
# Session.Exec has to be modeled in QL to select only the first syntactic argument
- ["group:xorm", "Session", True, "GroupBy", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:xorm", "Session", True, "Having", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:xorm", "Session", True, "In", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:xorm", "Session", True, "Join", "", "", "Argument[0..2]", "sql-injection", "manual"]
- ["group:xorm", "Session", True, "NotIn", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:xorm", "Session", True, "Or", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:xorm", "Session", True, "OrderBy", "", "", "Argument[0]", "sql-injection", "manual"]
# Session.Query, Session.QueryInterface and Session.QueryString have to be modeled in QL to select only the first syntactic argument
- ["group:xorm", "Session", True, "Select", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:xorm", "Session", True, "SetExpr", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:xorm", "Session", True, "SQL", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:xorm", "Session", True, "Sum", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:xorm", "Session", True, "Sums", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:xorm", "Session", True, "SumInt", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:xorm", "Session", True, "SumsInt", "", "", "Argument[1]", "sql-injection", "manual"]
- ["group:xorm", "Session", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]

3
go/ql/lib/go.qll
View File

@@ -25,15 +25,14 @@ import semmle.go.controlflow.BasicBlocks
import semmle.go.controlflow.ControlFlowGraph
import semmle.go.controlflow.IR
import semmle.go.dataflow.DataFlow
import semmle.go.dataflow.DataFlow2
import semmle.go.dataflow.GlobalValueNumbering
import semmle.go.dataflow.SSA
import semmle.go.dataflow.TaintTracking
import semmle.go.dataflow.TaintTracking2
import semmle.go.frameworks.Afero
import semmle.go.frameworks.AwsLambda
import semmle.go.frameworks.Beego
import semmle.go.frameworks.BeegoOrm
import semmle.go.frameworks.RsCors
import semmle.go.frameworks.Couchbase
import semmle.go.frameworks.Echo
import semmle.go.frameworks.ElazarlGoproxy

2
go/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/go-all
version: 2.1.3-dev
version: 4.0.1-dev
groups: go
dbscheme: go.dbscheme
extractor: go

42
go/ql/lib/semmle/go/Concepts.qll
View File

@@ -373,6 +373,48 @@ module LoggerCall {
}
}
private class DefaultLoggerCall extends LoggerCall::Range, DataFlow::CallNode {
DataFlow::ArgumentNode messageComponent;
DefaultLoggerCall() {
sinkNode(messageComponent, "log-injection") and
this = messageComponent.getCall()
}
override DataFlow::Node getAMessageComponent() {
not messageComponent instanceof DataFlow::ImplicitVarargsSlice and
result = messageComponent
or
messageComponent instanceof DataFlow::ImplicitVarargsSlice and
result = this.getAnImplicitVarargsArgument()
}
}
/**
* A call to an interface that looks like a logger. It is common to use a
* locally-defined interface for logging to make it easy to changing logging
* library.
*/
private class HeuristicLoggerCall extends LoggerCall::Range, DataFlow::CallNode {
HeuristicLoggerCall() {
exists(Method m, string tp, string logFunctionPrefix, string name |
m = this.getTarget() and
m.hasQualifiedName(_, tp, name) and
m.getReceiverBaseType().getUnderlyingType() instanceof InterfaceType
|
tp.regexpMatch(".*[lL]ogger") and
logFunctionPrefix =
[
"Debug", "Error", "Fatal", "Info", "Log", "Output", "Panic", "Print", "Trace", "Warn",
"With"
] and
name.matches(logFunctionPrefix + "%")
)
}
override DataFlow::Node getAMessageComponent() { result = this.getASyntacticArgument() }
}
/**
* A function that encodes data into a binary or textual format.
*

2
go/ql/lib/semmle/go/Scopes.qll
View File

@@ -472,7 +472,7 @@ class Function extends ValueEntity, @functionobject {
/** Gets a parameter of this function. */
Parameter getAParameter() { result = this.getParameter(_) }
/** Gets the `i`th reslt variable of this function. */
/** Gets the `i`th result variable of this function. */
ResultVariable getResult(int i) { result.isResultOf(this.getFuncDecl(), i) }
/** Gets a result variable of this function. */

41
go/ql/lib/semmle/go/Types.qll
View File

@@ -496,14 +496,15 @@ class StructType extends @structtype, CompositeType {
Field getFieldOfEmbedded(Field embeddedParent, string name, int depth, boolean isEmbedded) {
// embeddedParent is a field of 'this' at depth 'depth - 1'
this.hasFieldCand(_, embeddedParent, depth - 1, true) and
// embeddedParent's type has the result field
exists(StructType embeddedType, Type fieldType |
fieldType = embeddedParent.getType().getUnderlyingType() and
pragma[only_bind_into](embeddedType) =
[fieldType, fieldType.(PointerType).getBaseType().getUnderlyingType()]
|
result = embeddedType.getOwnField(name, isEmbedded)
)
// embeddedParent's type has the result field. Note that it is invalid Go
// to have an embedded field with a named type whose underlying type is a
// pointer, so we don't have to have
// `lookThroughPointerType(embeddedParent.getType().getUnderlyingType())`.
result =
lookThroughPointerType(embeddedParent.getType())
.getUnderlyingType()
.(StructType)
.getOwnField(name, isEmbedded)
}
/**
@@ -523,8 +524,12 @@ class StructType extends @structtype, CompositeType {
private predicate hasFieldCand(string name, Field f, int depth, boolean isEmbedded) {
f = this.getOwnField(name, isEmbedded) and depth = 0
or
not this.hasOwnField(_, name, _, _) and
f = this.getFieldOfEmbedded(_, name, depth, isEmbedded)
f = this.getFieldOfEmbedded(_, name, depth, isEmbedded) and
// If this is a cyclic field and this is not the first time we see this embedded field
// then don't include it as a field candidate to avoid non-termination.
not exists(Type t | lookThroughPointerType(t) = lookThroughPointerType(f.getType()) |
this.hasOwnField(_, name, t, _)
)
}
private predicate hasMethodCand(string name, Method m, int depth) {
@@ -541,15 +546,7 @@ class StructType extends @structtype, CompositeType {
predicate hasField(string name, Type tp) {
exists(int mindepth |
mindepth = min(int depth | this.hasFieldCand(name, _, depth, _)) and
tp = unique(Field f | f = this.getFieldCand(name, mindepth, _)).getType()
)
}
private Field getFieldCand(string name, int depth, boolean isEmbedded) {
result = this.getOwnField(name, isEmbedded) and depth = 0
or
exists(Type embedded | this.hasEmbeddedField(embedded, depth - 1) |
result = embedded.getUnderlyingType().(StructType).getOwnField(name, isEmbedded)
tp = unique(Field f | this.hasFieldCand(name, f, mindepth, _)).getType()
)
}
@@ -564,9 +561,9 @@ class StructType extends @structtype, CompositeType {
* The depth of a field `f` declared in this type is zero.
*/
Field getFieldAtDepth(string name, int depth) {
depth = min(int depthCand | exists(this.getFieldCand(name, depthCand, _))) and
result = this.getFieldCand(name, depth, _) and
strictcount(this.getFieldCand(name, depth, _)) = 1
depth = min(int depthCand | this.hasFieldCand(name, _, depthCand, _)) and
this.hasFieldCand(name, result, depth, _) and
strictcount(Field f | this.hasFieldCand(name, f, depth, _)) = 1
}
Method getMethodAtDepth(string name, int depth) {

2
go/ql/lib/semmle/go/dataflow/DataFlow.qll
View File

@@ -25,7 +25,7 @@ module DataFlow {
private import semmle.go.dataflow.internal.DataFlowImplSpecific
private import codeql.dataflow.DataFlow
import DataFlowMake<Location, GoDataFlow>
import semmle.go.dataflow.internal.DataFlowImpl1
import Public
import Properties
}

Some files were not shown because too many files have changed in this diff Show More