Merge pull request #18426 from egregius313/egregius313/go/mad/database/sqlx

Go: Add `database` source models for the `jmoiron/sqlx` package

go/ql/lib/change-notes/2025-01-07-sqlx-source-models.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* `database` local source models have been added for the `github.com/jmoiron/sqlx` package.

go/ql/lib/ext/github.com.jmoiron.sqlx.model.yml

@@ -1,4 +1,57 @@
 extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sourceModel
+    data:
+      - ["github.com/jmoiron/sqlx", "", True, "Get", "", "", "Argument[1]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "", True, "GetContext", "", "", "Argument[2]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "", True, "NamedQuery", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "", True, "NamedQueryContext", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "", True, "Select", "", "", "Argument[1]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "", True, "SelectContext", "", "", "Argument[2]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "Conn", True, "GetContext", "", "", "Argument[1]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "Conn", True, "QueryRowxContext", "", "", "ReturnValue", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "Conn", True, "QueryxContext", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "Conn", True, "SelectContext", "", "", "Argument[1]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "DB", True, "Get", "", "", "Argument[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "DB", True, "GetContext", "", "", "Argument[1]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "DB", True, "NamedQuery", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "DB", True, "NamedQueryContext", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "DB", True, "QueryRowx", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "DB", True, "QueryRowxContext", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "DB", True, "Queryx", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "DB", True, "QueryxContext", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "DB", True, "Select", "", "", "Argument[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "DB", True, "SelectContext", "", "", "Argument[1]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "NamedStmt", True, "Get", "", "", "Argument[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "NamedStmt", True, "GetContext", "", "", "Argument[1]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "NamedStmt", True, "QueryRow", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "NamedStmt", True, "QueryRowContext", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "NamedStmt", True, "Query", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "NamedStmt", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "NamedStmt", True, "QueryRowx", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "NamedStmt", True, "QueryRowxContext", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "NamedStmt", True, "Queryx", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "NamedStmt", True, "QueryxContext", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "NamedStmt", True, "Select", "", "", "Argument[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "NamedStmt", True, "SelectContext", "", "", "Argument[1]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "Stmt", True, "Get", "", "", "Argument[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "Stmt", True, "GetContext", "", "", "Argument[1]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "Stmt", True, "QueryRowx", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "Stmt", True, "QueryRowxContext", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "Stmt", True, "Queryx", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "Stmt", True, "QueryxContext", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "Stmt", True, "Select", "", "", "Argument[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "Stmt", True, "SelectContext", "", "", "Argument[1]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "Tx", True, "Get", "", "", "Argument[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "Tx", True, "GetContext", "", "", "Argument[1]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "Tx", True, "NamedQuery", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "Tx", True, "QueryRowx", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "Tx", True, "QueryRowxContext", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "Tx", True, "Queryx", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "Tx", True, "QueryxContext", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "Tx", True, "Select", "", "", "Argument[0]", "database", "manual"]
+      - ["github.com/jmoiron/sqlx", "Tx", True, "SelectContext", "", "", "Argument[1]", "database", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: sinkModel
@@ -15,3 +68,18 @@ extensions:
       - ["github.com/jmoiron/sqlx", "Tx", True, "NamedQuery", "", "", "Argument[0]", "sql-injection", "manual"]
       - ["github.com/jmoiron/sqlx", "Tx", True, "Queryx", "", "", "Argument[0]", "sql-injection", "manual"]
       - ["github.com/jmoiron/sqlx", "Tx", True, "Select", "", "", "Argument[1]", "sql-injection", "manual"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: summaryModel
+    data:
+      - ["github.com/jmoiron/sqlx", "", True, "MapScan", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["github.com/jmoiron/sqlx", "", True, "SliceScan", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
+      - ["github.com/jmoiron/sqlx", "", True, "StructScan", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["github.com/jmoiron/sqlx", "ColScanner", True, "Scan", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
+      - ["github.com/jmoiron/sqlx", "Row", True, "MapScan", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
+      - ["github.com/jmoiron/sqlx", "Row", True, "Scan", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
+      - ["github.com/jmoiron/sqlx", "Row", True, "SliceScan", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
+      - ["github.com/jmoiron/sqlx", "Row", True, "StructScan", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
+      - ["github.com/jmoiron/sqlx", "Rows", True, "MapScan", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
+      - ["github.com/jmoiron/sqlx", "Rows", True, "SliceScan", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
+      - ["github.com/jmoiron/sqlx", "Rows", True, "StructScan", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod

@@ -4,4 +4,5 @@ go 1.22.5
 
 require (
 	gorm.io/gorm v1.23.0
+	github.com/jmoiron/sqlx v1.4.0
 )

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_jmoiron_sqlx.go

@@ -0,0 +1,311 @@
+package test
+
+import (
+	"context"
+
+	"github.com/jmoiron/sqlx"
+)
+
+func test_sqlx(q sqlx.Ext) {
+	var user User
+
+	err := sqlx.Get(q, &user, "SELECT * FROM users WHERE id = 1") // $ source
+	ignore(err)
+
+	err = sqlx.Select(q, &user, "SELECT * FROM users WHERE id = 1") // $ source
+	ignore(err)
+
+	rows, err := sqlx.NamedQuery(q, "SELECT * FROM users WHERE id = :id", map[string]any{"id": 1}) // $ source
+	ignore(err)
+
+	var user2 User
+
+	rows.StructScan(&user2)
+
+	sink(user2) // $ hasTaintFlow="user2"
+}
+
+func test_sqlx_ctx(ctx context.Context, q sqlx.ExtContext) {
+	var user User
+
+	err := sqlx.GetContext(ctx, q, &user, "SELECT * FROM users WHERE id = 1") // $ source
+	ignore(err)
+
+	err = sqlx.SelectContext(ctx, q, &user, "SELECT * FROM users WHERE id = 1") // $ source
+	ignore(err)
+
+	rows, err := sqlx.NamedQueryContext(ctx, q, "SELECT * FROM users WHERE id = :id", map[string]any{"id": 1}) // $ source
+	ignore(err)
+
+	var user2 User
+
+	rows.StructScan(&user2)
+
+	sink(user2) // $ hasTaintFlow="user2"
+}
+
+func test_sqlx_Conn(conn *sqlx.Conn) {
+	var user User
+	conn.GetContext(nil, &user, "SELECT * FROM users WHERE id = 1") // $ source
+
+	var user2 User
+	conn.SelectContext(nil, &user2, "SELECT * FROM users WHERE id = 1") // $ source
+
+	row := conn.QueryRowxContext(nil, "SELECT * FROM users WHERE id = 1") // $ source
+
+	userMap := make(map[string]interface{})
+	row.MapScan(userMap)
+	id := userMap["id"].(int)
+	sink(id) // $ hasTaintFlow="id"
+
+	rows, err := conn.QueryxContext(nil, "SELECT * FROM users WHERE id = 1") // $ source
+	ignore(err)
+
+	for rows.Next() {
+		var id int
+		var name string
+		err = rows.Scan(&id, &name)
+
+		if err != nil {
+			return
+		}
+
+		sink(id, name) // $ hasTaintFlow="id" hasTaintFlow="name"
+	}
+}
+
+func test_sqlx_DB(db *sqlx.DB) {
+	example, err := db.Query("SELECT * FROM users") // $ source
+	ignore(example, err)
+
+	rows, err := db.Queryx("SELECT * FROM users") // $ source
+
+	if err != nil {
+		return
+	}
+
+	defer rows.Close()
+
+	for rows.Next() {
+		var id int
+		var name string
+		err = rows.Scan(&id, &name)
+
+		if err != nil {
+			return
+		}
+
+		sink(id, name) // $ hasTaintFlow="id" hasTaintFlow="name"
+
+		valmap := make(map[string]interface{})
+		rows.MapScan(valmap)
+
+		id = valmap["id"].(int)
+		sink(id) // $ hasTaintFlow="id"
+
+		var user User
+		rows.StructScan(&user)
+		sink(user) // $ hasTaintFlow="user"
+	}
+
+	row := db.QueryRowx("SELECT * FROM users WHERE id = 1") // $ source
+
+	userMap := make(map[string]interface{})
+	row.MapScan(userMap)
+
+	id := userMap["id"].(int)
+	sink(id) // $ hasTaintFlow="id"
+
+	var user User
+	row.StructScan(&user)
+	sink(user) // $ hasTaintFlow="user"
+
+	var user2 User
+	db.Get(&user2, "SELECT * FROM users WHERE id = 1") // $ source
+
+	var user3 User
+	db.GetContext(nil, &user3, "SELECT * FROM users WHERE id = 1") // $ source
+
+	var user4 User
+	rows, err = db.NamedQueryContext(nil, "SELECT * FROM users WHERE id = :id", map[string]any{"id": 1}) // $ source
+	ignore(err)
+	rows.StructScan(&user4)
+	sink(user4) // $ hasTaintFlow="user4"
+
+	var user5 User
+	db.Select(&user5, "SELECT * FROM users WHERE id = 1") // $ source
+}
+
+func test_sqlx_NamedStmt(stmt *sqlx.NamedStmt) {
+	example, err := stmt.Query("SELECT * FROM users") // $ source
+	ignore(example, err)
+
+	rows, err := stmt.Queryx("SELECT * FROM users") // $ source
+
+	if err != nil {
+		return
+	}
+
+	defer rows.Close()
+
+	for rows.Next() {
+		var id int
+		var name string
+		err = rows.Scan(&id, &name)
+
+		if err != nil {
+			return
+		}
+
+		sink(id, name) // $ hasTaintFlow="id" hasTaintFlow="name"
+
+		valmap := make(map[string]interface{})
+		rows.MapScan(valmap)
+
+		id = valmap["id"].(int)
+		sink(id) // $ hasTaintFlow="id"
+
+		var user User
+		rows.StructScan(&user)
+		sink(user) // $ hasTaintFlow="user"
+	}
+
+	row := stmt.QueryRowx("SELECT * FROM users WHERE id = 1") // $ source
+
+	userMap := make(map[string]interface{})
+	row.MapScan(userMap)
+
+	id := userMap["id"].(int)
+	sink(id) // $ hasTaintFlow="id"
+
+	var user User
+	row.StructScan(&user)
+	sink(user) // $ hasTaintFlow="user"
+
+	var user2 User
+	stmt.Get(&user2, "SELECT * FROM users WHERE id = 1") // $ source
+
+	var user3 User
+	stmt.GetContext(nil, &user3, "SELECT * FROM users WHERE id = 1") // $ source
+
+	var user4 User
+	stmt.Select(&user4, "SELECT * FROM users WHERE id = 1") // $ source
+}
+
+func test_sqlx_Stmt(stmt *sqlx.Stmt) {
+	example, err := stmt.Query("SELECT * FROM users") // $ source
+	ignore(example, err)
+
+	rows, err := stmt.Queryx("SELECT * FROM users") // $ source
+
+	if err != nil {
+		return
+	}
+
+	defer rows.Close()
+
+	for rows.Next() {
+		var id int
+		var name string
+		err = rows.Scan(&id, &name)
+
+		if err != nil {
+			return
+		}
+
+		sink(id, name) // $ hasTaintFlow="id" hasTaintFlow="name"
+
+		valmap := make(map[string]interface{})
+		rows.MapScan(valmap)
+
+		id = valmap["id"].(int)
+		sink(id) // $ hasTaintFlow="id"
+
+		var user User
+		rows.StructScan(&user)
+		sink(user) // $ hasTaintFlow="user"
+	}
+
+	row := stmt.QueryRowx("SELECT * FROM users WHERE id = 1") // $ source
+
+	userMap := make(map[string]interface{})
+	row.MapScan(userMap)
+
+	id := userMap["id"].(int)
+	sink(id) // $ hasTaintFlow="id"
+
+	var user User
+	row.StructScan(&user)
+	sink(user) // $ hasTaintFlow="user"
+
+	var user2 User
+	stmt.Get(&user2, "SELECT * FROM users WHERE id = 1") // $ source
+
+	var user3 User
+	stmt.GetContext(nil, &user3, "SELECT * FROM users WHERE id = 1") // $ source
+
+	var user4 User
+	stmt.Select(&user4, "SELECT * FROM users WHERE id = 1") // $ source
+}
+
+func test_sqlx_Tx(tx *sqlx.Tx) {
+	example, err := tx.Query("SELECT * FROM users") // $ source
+	ignore(example, err)
+
+	rows, err := tx.Queryx("SELECT * FROM users") // $ source
+
+	if err != nil {
+		return
+	}
+
+	defer rows.Close()
+
+	for rows.Next() {
+		var id int
+		var name string
+		err = rows.Scan(&id, &name)
+
+		if err != nil {
+			return
+		}
+
+		sink(id, name) // $ hasTaintFlow="id" hasTaintFlow="name"
+
+		valmap := make(map[string]interface{})
+		rows.MapScan(valmap)
+
+		id = valmap["id"].(int)
+		sink(id) // $ hasTaintFlow="id"
+
+		var user User
+		rows.StructScan(&user)
+		sink(user) // $ hasTaintFlow="user"
+	}
+
+	row := tx.QueryRowx("SELECT * FROM users WHERE id = 1") // $ source
+
+	userMap := make(map[string]interface{})
+	row.MapScan(userMap)
+
+	id := userMap["id"].(int)
+	sink(id) // $ hasTaintFlow="id"
+
+	var user User
+	row.StructScan(&user)
+	sink(user) // $ hasTaintFlow="user"
+
+	var user2 User
+	tx.Get(&user2, "SELECT * FROM users WHERE id = 1") // $ source
+
+	var user3 User
+	tx.GetContext(nil, &user3, "SELECT * FROM users WHERE id = 1") // $ source
+
+	var user4 User
+	rows, err = tx.NamedQuery("SELECT * FROM users WHERE id = :id", map[string]any{"id": 1}) // $ source
+	ignore(err)
+	rows.StructScan(&user4)
+	sink(user4) // $ hasTaintFlow="user4"
+
+	var user5 User
+	tx.Select(&user5, "SELECT * FROM users WHERE id = 1") // $ source
+}

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/conn.go

@@ -0,0 +1,26 @@
+package sqlx
+
+import (
+	"context"
+	"database/sql"
+)
+
+type Conn struct {
+	*sql.Conn
+}
+
+func (c *Conn) GetContext(ctx context.Context, dest interface{}, query string, args ...interface{}) error {
+	return nil
+}
+
+func (c *Conn) SelectContext(ctx context.Context, dest interface{}, query string, args ...interface{}) error {
+	return nil
+}
+
+func (c *Conn) QueryRowxContext(ctx context.Context, query string, args ...interface{}) *Row {
+	return nil
+}
+
+func (c *Conn) QueryxContext(ctx context.Context, query string, args ...interface{}) (*Rows, error) {
+	return nil, nil
+}

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/db.go

@@ -0,0 +1,52 @@
+package sqlx
+
+import (
+	"context"
+	"database/sql"
+)
+
+type DB struct {
+	*sql.DB
+
+	// Mapper *reflectx.Mapper
+}
+
+func (db *DB) Get(dest interface{}, query string, args ...interface{}) error {
+	return nil
+}
+
+func (db *DB) GetContext(ctx context.Context, dest interface{}, query string, args ...interface{}) error {
+	return nil
+}
+
+func (db *DB) QueryRowx(query string, args ...interface{}) *Row {
+	return nil
+}
+
+func (db *DB) QueryRowxContext(ctx context.Context, query string, args ...interface{}) *Row {
+	return nil
+}
+
+func (db *DB) Queryx(query string, args ...interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (db *DB) QueryxContext(ctx context.Context, query string, args ...interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (db *DB) Select(dest interface{}, query string, args ...interface{}) error {
+	return nil
+}
+
+func (db *DB) SelectContext(ctx context.Context, dest interface{}, query string, args ...interface{}) error {
+	return nil
+}
+
+func (db *DB) NamedQuery(query string, arg interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (db *DB) NamedQueryContext(ctx context.Context, query string, arg interface{}) (*Rows, error) {
+	return nil, nil
+}

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/namedstmt.go

@@ -0,0 +1,60 @@
+package sqlx
+
+import (
+	"context"
+	"database/sql"
+)
+
+type NamedStmt struct {
+	Params      []string
+	QueryString string
+	Stmt        *sql.Stmt
+}
+
+func (s *NamedStmt) Get(dest interface{}, args ...interface{}) error {
+	return nil
+}
+
+func (s *NamedStmt) GetContext(ctx context.Context, dest interface{}, args ...interface{}) error {
+	return nil
+}
+
+func (s *NamedStmt) QueryRow(args ...interface{}) *Row {
+	return nil
+}
+
+func (s *NamedStmt) QueryRowContext(ctx context.Context, args ...interface{}) *Row {
+	return nil
+}
+
+func (s *NamedStmt) Query(args ...interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (s *NamedStmt) QueryContext(ctx context.Context, args ...interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (s *NamedStmt) QueryRowx(args ...interface{}) *Row {
+	return nil
+}
+
+func (s *NamedStmt) QueryRowxContext(ctx context.Context, args ...interface{}) *Row {
+	return nil
+}
+
+func (s *NamedStmt) Queryx(args ...interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (s *NamedStmt) QueryxContext(ctx context.Context, args ...interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (s *NamedStmt) Select(dest interface{}, args ...interface{}) error {
+	return nil
+}
+
+func (s *NamedStmt) SelectContext(ctx context.Context, dest interface{}, args ...interface{}) error {
+	return nil
+}

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/row.go

@@ -0,0 +1,21 @@
+package sqlx
+
+type Row struct {
+	// Mapper *reflectx.Mapper
+}
+
+func (r *Row) MapScan(dest map[string]interface{}) error {
+	return nil
+}
+
+func (r *Row) StructScan(dest interface{}) error {
+	return nil
+}
+
+func (r *Row) SliceScan(dest []interface{}) error {
+	return nil
+}
+
+func (r *Row) Scan(dest ...interface{}) error {
+	return nil
+}

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/rows.go

@@ -0,0 +1,26 @@
+package sqlx
+
+import "database/sql"
+
+type Rows struct {
+	*sql.Rows
+
+	// Mapper *reflectx.Mapper
+	// contains filtered or unexported fields
+}
+
+func (r *Rows) MapScan(dest map[string]interface{}) error {
+	return nil
+}
+
+func (r *Rows) StructScan(dest interface{}) error {
+	return nil
+}
+
+func (r *Rows) SliceScan(dest []interface{}) error {
+	return nil
+}
+
+func (r *Rows) Scan(dest ...interface{}) error {
+	return nil
+}

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/stmt.go

@@ -0,0 +1,42 @@
+package sqlx
+
+import (
+	"context"
+	"database/sql"
+)
+
+type Stmt struct {
+	*sql.Stmt
+}
+
+func (s *Stmt) Get(dest interface{}, args ...interface{}) error {
+	return nil
+}
+
+func (s *Stmt) GetContext(ctx context.Context, dest interface{}, args ...interface{}) error {
+	return nil
+}
+
+func (s *Stmt) QueryRowx(args ...interface{}) *Row {
+	return nil
+}
+
+func (s *Stmt) QueryRowxContext(ctx context.Context, args ...interface{}) *Row {
+	return nil
+}
+
+func (s *Stmt) Queryx(args ...interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (s *Stmt) QueryxContext(ctx context.Context, args ...interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (s *Stmt) Select(dest interface{}, args ...interface{}) error {
+	return nil
+}
+
+func (s *Stmt) SelectContext(ctx context.Context, dest interface{}, args ...interface{}) error {
+	return nil
+}

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/stub.go

@@ -0,0 +1,67 @@
+package sqlx
+
+import (
+	"context"
+	"database/sql"
+)
+
+type ColScanner interface {
+	Columns() ([]string, error)
+	Scan(dest ...interface{}) error
+	Err() error
+}
+
+type Execer interface {
+	Exec(query string, args ...interface{}) (sql.Result, error)
+}
+
+type ExecerContext interface {
+	ExecContext(ctx context.Context, query string, args ...interface{}) (sql.Result, error)
+}
+
+type Ext interface {
+	Queryer
+	Execer
+}
+
+type ExtContext interface {
+	QueryerContext
+	ExecerContext
+	// contains filtered or unexported methods
+}
+
+type Queryer interface {
+	Query(query string, args ...interface{}) (*sql.Rows, error)
+	Queryx(query string, args ...interface{}) (*Rows, error)
+	QueryRowx(query string, args ...interface{}) *Row
+}
+
+type QueryerContext interface {
+	QueryContext(ctx context.Context, query string, args ...interface{}) (*sql.Rows, error)
+	QueryxContext(ctx context.Context, query string, args ...interface{}) (*Rows, error)
+	QueryRowxContext(ctx context.Context, query string, args ...interface{}) *Row
+}
+
+func NamedQuery(e Ext, query string, arg interface{}) (*Rows, error) {
+	return e.Queryx(query, arg)
+}
+
+func NamedQueryContext(ctx context.Context, e ExtContext, query string, arg interface{}) (*Rows, error) {
+	return e.QueryxContext(ctx, query, arg)
+}
+
+func Get(q Queryer, dest interface{}, query string, args ...interface{}) error {
+	return nil
+}
+
+func GetContext(ctx context.Context, q QueryerContext, dest interface{}, query string, args ...interface{}) error {
+	return nil
+}
+
+func Select(q Queryer, dest interface{}, query string, args ...interface{}) error {
+	return nil
+}
+
+func SelectContext(ctx context.Context, q QueryerContext, dest interface{}, query string, args ...interface{}) error {
+	return nil
+}

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/tx.go

@@ -0,0 +1,47 @@
+package sqlx
+
+import (
+	"context"
+	"database/sql"
+)
+
+type Tx struct {
+	*sql.Tx
+}
+
+func (tx *Tx) Get(dest interface{}, args ...interface{}) error {
+	return nil
+}
+
+func (tx *Tx) GetContext(ctx context.Context, dest interface{}, args ...interface{}) error {
+	return nil
+}
+
+func (tx *Tx) QueryRowx(args ...interface{}) *Row {
+	return nil
+}
+
+func (tx *Tx) QueryRowxContext(ctx context.Context, args ...interface{}) *Row {
+
+	return nil
+}
+
+func (tx *Tx) Queryx(args ...interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (tx *Tx) QueryxContext(ctx context.Context, args ...interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (tx *Tx) Select(dest interface{}, args ...interface{}) error {
+	return nil
+}
+
+func (tx *Tx) SelectContext(ctx context.Context, dest interface{}, args ...interface{}) error {
+	return nil
+}
+
+func (tx *Tx) NamedQuery(query string, arg interface{}) (*Rows, error) {
+	return nil, nil
+}

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt

@@ -1,3 +1,6 @@
 # gorm.io/gorm v1.23.0
 ## explicit
-gorm.io/gorm
+gorm.io/gorm
+# github.com/jmoiron/sqlx v1.4.0
+## explicit
+github.com/jmoiron/sqlx