From a6e0dcaefcea30f946bca356e032be7a3dc801e1 Mon Sep 17 00:00:00 2001
From: Ricter Zheng <RicterZheng@gmail.com>
Date: Mon, 13 Jan 2020 15:17:55 +0800
Subject: [PATCH] Add sql.Tx.Exec/Query... support

Ref: https://golang.org/pkg/database/sql/#Tx.ExecContext
---
 ql/src/semmle/go/frameworks/SQL.qll | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ql/src/semmle/go/frameworks/SQL.qll b/ql/src/semmle/go/frameworks/SQL.qll
index 172d1590be2..9206d7b7dda 100644
--- a/ql/src/semmle/go/frameworks/SQL.qll
+++ b/ql/src/semmle/go/frameworks/SQL.qll
@@ -30,7 +30,10 @@ module SQL {
     private class StandardQueryString extends Range {
       StandardQueryString() {
         exists(Method meth, string base, string m, int n |
-          meth.hasQualifiedName("database/sql", "DB", m) and
+          (
+           meth.hasQualifiedName("database/sql", "DB", m) or
+           meth.hasQualifiedName("database/sql", "Tx", m)
+          ) and
           this = meth.getACall().getArgument(n)
         |
           (base = "Exec" or base = "Prepare" or base = "Query" or base = "QueryRow") and