Merge pull request #18493 from egregius313/egregius313/go/mad/database/mongodb

Go: `database` local sources for MongoDB
2025-12-17 01:03:14 +01:00 · 2025-02-21 09:32:15 -05:00
parent 4ef64cdf9f 8aa9dd7092
commit c93fb4cbc9
6 changed files with 650 additions and 0 deletions
--- a/go/ql/lib/change-notes/2025-01-14-mongodb-models.md
+++ b/go/ql/lib/change-notes/2025-01-14-mongodb-models.md
@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* Added `database` source models for database methods from the `go.mongodb.org/mongo-driver/mongo` package.
+
--- a/go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml
+++ b/go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml
@@ -1,4 +1,19 @@
 extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sourceModel
+    data:
+      - ["go.mongodb.org/mongo-driver/mongo", "Client", True, "Watch", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Aggregate", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Distinct", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Find", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOne", "", "", "ReturnValue", "database", "manual"]
+      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOneAndDelete", "", "", "ReturnValue", "database", "manual"]
+      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOneAndReplace", "", "", "ReturnValue", "database", "manual"]
+      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOneAndUpdate", "", "", "ReturnValue", "database", "manual"]
+      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Watch", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["go.mongodb.org/mongo-driver/mongo", "Database", True, "Aggregate", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["go.mongodb.org/mongo-driver/mongo", "Database", True, "Watch", "", "", "ReturnValue[0]", "database", "manual"]
  - addsTo:
      pack: codeql/go-all
      extensible: sinkModel
@@ -17,3 +32,12 @@ extensions:
      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "UpdateMany", "", "", "Argument[1]", "nosql-injection", "manual"]
      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "UpdateOne", "", "", "Argument[1]", "nosql-injection", "manual"]
      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Watch", "", "", "Argument[1]", "nosql-injection", "manual"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: summaryModel
+    data:
+      - ["go.mongodb.org/mongo-driver/mongo", "ChangeStream", True, "Decode", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
+      - ["go.mongodb.org/mongo-driver/mongo", "Cursor", True, "All", "", "", "Argument[receiver]", "Argument[1]", "taint", "manual"]
+      - ["go.mongodb.org/mongo-driver/mongo", "Cursor", True, "Decode", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
+      - ["go.mongodb.org/mongo-driver/mongo", "SingleResult", True, "Decode", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
+      - ["go.mongodb.org/mongo-driver/mongo", "SingleResult", True, "Raw", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
--- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod
+++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod
@@ -5,4 +5,5 @@ go 1.22.5
 require (
 	gorm.io/gorm v1.23.0
 	github.com/jmoiron/sqlx v1.4.0
+	go.mongodb.org/mongo-driver/mongo v1.17.2
 )
--- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_mongo_driver_mongo.go
+++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_mongo_driver_mongo.go
@@ -0,0 +1,121 @@
+package test
+
+//go:generate depstubber -vendor go.mongodb.org/mongo-driver/mongo Client,Collection,Database
+
+import (
+	"context"
+
+	"go.mongodb.org/mongo-driver/mongo"
+)
+
+func test_mongo_driver_mongo_collection(coll *mongo.Collection, ctx context.Context, pipeline any) {
+	cursor, err := coll.Aggregate(ctx, pipeline) // $ source
+	if err != nil {
+		return
+	}
+
+	var users []User
+
+	err = cursor.All(ctx, &users)
+
+	sink(users) // $ hasTaintFlow="users"
+
+	distinct, err := coll.Distinct(ctx, "name", nil) // $ source
+	if err != nil {
+		return
+	}
+
+	sink(distinct) // $ hasTaintFlow="distinct"
+
+	cursor2, err := coll.Find(ctx, nil) // $ source
+	if err != nil {
+		return
+	}
+
+	sink(cursor2) // $ hasTaintFlow="cursor2"
+
+	var user1, user2, user3, user4 User
+
+	single1 := coll.FindOne(ctx, nil) // $ source
+	if err != nil {
+		return
+	}
+
+	single1.Decode(&user1)
+
+	sink(user1) // $ hasTaintFlow="user1"
+
+	single2 := coll.FindOneAndDelete(ctx, nil) // $ source
+	if err != nil {
+		return
+	}
+
+	single2.Decode(&user2)
+
+	sink(user2) // $ hasTaintFlow="user2"
+
+	single3 := coll.FindOneAndReplace(ctx, nil, nil) // $ source
+	if err != nil {
+		return
+	}
+
+	single3.Decode(&user3)
+
+	sink(user3) // $ hasTaintFlow="user3"
+
+	single4 := coll.FindOneAndUpdate(ctx, nil, nil) // $ source
+	if err != nil {
+		return
+	}
+
+	single4.Decode(&user4)
+
+	sink(user4) // $ hasTaintFlow="user4"
+
+	changeStream, err := coll.Watch(ctx, pipeline) // $ source
+	if err != nil {
+		return
+	}
+
+	for changeStream.Next(ctx) {
+		var userCs User
+		changeStream.Decode(&userCs)
+		sink(userCs) // $ hasTaintFlow="userCs"
+	}
+}
+
+func test_mongo_driver_mongo_database(db *mongo.Database, ctx context.Context, pipeline any) {
+	agg, err := db.Aggregate(ctx, pipeline) // $ source
+
+	if err != nil {
+		return
+	}
+
+	var user User
+	agg.Decode(&user)
+	sink(user) // $ hasTaintFlow="user"
+
+	changeStream, err := db.Watch(ctx, pipeline) // $ source
+	if err != nil {
+		return
+	}
+
+	for changeStream.Next(ctx) {
+		var userCs User
+		changeStream.Decode(&userCs)
+		sink(userCs) // $ hasTaintFlow="userCs"
+	}
+}
+
+func test_mongo_driver_mongo_Client(client *mongo.Client, ctx context.Context) {
+	changestream, err := client.Watch(ctx, nil) // $ source
+	if err != nil {
+		return
+	}
+
+	for changestream.Next(ctx) {
+		var user User
+		changestream.Decode(&user)
+		sink(user) // $ hasTaintFlow="user"
+	}
+}
--- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/go.mongodb.org/mongo-driver/mongo/stub.go
+++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/go.mongodb.org/mongo-driver/mongo/stub.go
@@ -0,0 +1,496 @@
+// Code generated by depstubber. DO NOT EDIT.
+// This is a simple stub for go.mongodb.org/mongo-driver/mongo, strictly for use in testing.
+
+// See the LICENSE file for information about the licensing of the original library.
+// Source: go.mongodb.org/mongo-driver/mongo (exports: Client,Collection,Database; functions: )
+
+// Package mongo is a stub of go.mongodb.org/mongo-driver/mongo, generated by depstubber.
+package mongo
+
+import (
+	context "context"
+	time "time"
+)
+
+type BulkWriteResult struct {
+	InsertedCount int64
+	MatchedCount  int64
+	ModifiedCount int64
+	DeletedCount  int64
+	UpsertedCount int64
+	UpsertedIDs   map[int64]interface{}
+}
+
+type ChangeStream struct {
+	Current interface{}
+}
+
+func (_ *ChangeStream) Close(_ context.Context) error {
+	return nil
+}
+
+func (_ *ChangeStream) Decode(_ interface{}) error {
+	return nil
+}
+
+func (_ *ChangeStream) Err() error {
+	return nil
+}
+
+func (_ *ChangeStream) ID() int64 {
+	return 0
+}
+
+func (_ *ChangeStream) Next(_ context.Context) bool {
+	return false
+}
+
+func (_ *ChangeStream) RemainingBatchLength() int {
+	return 0
+}
+
+func (_ *ChangeStream) ResumeToken() interface{} {
+	return nil
+}
+
+func (_ *ChangeStream) SetBatchSize(_ int32) {}
+
+func (_ *ChangeStream) TryNext(_ context.Context) bool {
+	return false
+}
+
+type Client struct{}
+
+func (_ *Client) Connect(_ context.Context) error {
+	return nil
+}
+
+func (_ *Client) Database(_ string, _ ...interface{}) *Database {
+	return nil
+}
+
+func (_ *Client) Disconnect(_ context.Context) error {
+	return nil
+}
+
+func (_ *Client) ListDatabaseNames(_ context.Context, _ interface{}, _ ...interface{}) ([]string, error) {
+	return nil, nil
+}
+
+func (_ *Client) ListDatabases(_ context.Context, _ interface{}, _ ...interface{}) (ListDatabasesResult, error) {
+	return ListDatabasesResult{}, nil
+}
+
+func (_ *Client) NumberSessionsInProgress() int {
+	return 0
+}
+
+func (_ *Client) Ping(_ context.Context, _ interface{}) error {
+	return nil
+}
+
+func (_ *Client) StartSession(_ ...interface{}) (Session, error) {
+	return nil, nil
+}
+
+func (_ *Client) Timeout() *time.Duration {
+	return nil
+}
+
+func (_ *Client) UseSession(_ context.Context, _ func(SessionContext) error) error {
+	return nil
+}
+
+func (_ *Client) UseSessionWithOptions(_ context.Context, _ interface{}, _ func(SessionContext) error) error {
+	return nil
+}
+
+func (_ *Client) Watch(_ context.Context, _ interface{}, _ ...interface{}) (*ChangeStream, error) {
+	return nil, nil
+}
+
+type Collection struct{}
+
+func (_ *Collection) Aggregate(_ context.Context, _ interface{}, _ ...interface{}) (*Cursor, error) {
+	return nil, nil
+}
+
+func (_ *Collection) BulkWrite(_ context.Context, _ []WriteModel, _ ...interface{}) (*BulkWriteResult, error) {
+	return nil, nil
+}
+
+func (_ *Collection) Clone(_ ...interface{}) (*Collection, error) {
+	return nil, nil
+}
+
+func (_ *Collection) CountDocuments(_ context.Context, _ interface{}, _ ...interface{}) (int64, error) {
+	return 0, nil
+}
+
+func (_ *Collection) Database() *Database {
+	return nil
+}
+
+func (_ *Collection) DeleteMany(_ context.Context, _ interface{}, _ ...interface{}) (*DeleteResult, error) {
+	return nil, nil
+}
+
+func (_ *Collection) DeleteOne(_ context.Context, _ interface{}, _ ...interface{}) (*DeleteResult, error) {
+	return nil, nil
+}
+
+func (_ *Collection) Distinct(_ context.Context, _ string, _ interface{}, _ ...interface{}) ([]interface{}, error) {
+	return nil, nil
+}
+
+func (_ *Collection) Drop(_ context.Context) error {
+	return nil
+}
+
+func (_ *Collection) EstimatedDocumentCount(_ context.Context, _ ...interface{}) (int64, error) {
+	return 0, nil
+}
+
+func (_ *Collection) Find(_ context.Context, _ interface{}, _ ...interface{}) (*Cursor, error) {
+	return nil, nil
+}
+
+func (_ *Collection) FindOne(_ context.Context, _ interface{}, _ ...interface{}) *SingleResult {
+	return nil
+}
+
+func (_ *Collection) FindOneAndDelete(_ context.Context, _ interface{}, _ ...interface{}) *SingleResult {
+	return nil
+}
+
+func (_ *Collection) FindOneAndReplace(_ context.Context, _ interface{}, _ interface{}, _ ...interface{}) *SingleResult {
+	return nil
+}
+
+func (_ *Collection) FindOneAndUpdate(_ context.Context, _ interface{}, _ interface{}, _ ...interface{}) *SingleResult {
+	return nil
+}
+
+func (_ *Collection) Indexes() IndexView {
+	return IndexView{}
+}
+
+func (_ *Collection) InsertMany(_ context.Context, _ []interface{}, _ ...interface{}) (*InsertManyResult, error) {
+	return nil, nil
+}
+
+func (_ *Collection) InsertOne(_ context.Context, _ interface{}, _ ...interface{}) (*InsertOneResult, error) {
+	return nil, nil
+}
+
+func (_ *Collection) Name() string {
+	return ""
+}
+
+func (_ *Collection) ReplaceOne(_ context.Context, _ interface{}, _ interface{}, _ ...interface{}) (*UpdateResult, error) {
+	return nil, nil
+}
+
+func (_ *Collection) SearchIndexes() SearchIndexView {
+	return SearchIndexView{}
+}
+
+func (_ *Collection) UpdateByID(_ context.Context, _ interface{}, _ interface{}, _ ...interface{}) (*UpdateResult, error) {
+	return nil, nil
+}
+
+func (_ *Collection) UpdateMany(_ context.Context, _ interface{}, _ interface{}, _ ...interface{}) (*UpdateResult, error) {
+	return nil, nil
+}
+
+func (_ *Collection) UpdateOne(_ context.Context, _ interface{}, _ interface{}, _ ...interface{}) (*UpdateResult, error) {
+	return nil, nil
+}
+
+func (_ *Collection) Watch(_ context.Context, _ interface{}, _ ...interface{}) (*ChangeStream, error) {
+	return nil, nil
+}
+
+type CollectionSpecification struct {
+	Name     string
+	Type     string
+	ReadOnly bool
+	UUID     interface{}
+	Options  interface{}
+	IDIndex  *IndexSpecification
+}
+
+func (_ *CollectionSpecification) UnmarshalBSON(_ []byte) error {
+	return nil
+}
+
+type Cursor struct {
+	Current interface{}
+}
+
+func (_ *Cursor) All(_ context.Context, _ interface{}) error {
+	return nil
+}
+
+func (_ *Cursor) Close(_ context.Context) error {
+	return nil
+}
+
+func (_ *Cursor) Decode(_ interface{}) error {
+	return nil
+}
+
+func (_ *Cursor) Err() error {
+	return nil
+}
+
+func (_ *Cursor) ID() int64 {
+	return 0
+}
+
+func (_ *Cursor) Next(_ context.Context) bool {
+	return false
+}
+
+func (_ *Cursor) RemainingBatchLength() int {
+	return 0
+}
+
+func (_ *Cursor) SetBatchSize(_ int32) {}
+
+func (_ *Cursor) SetComment(_ interface{}) {}
+
+func (_ *Cursor) SetMaxTime(_ time.Duration) {}
+
+func (_ *Cursor) TryNext(_ context.Context) bool {
+	return false
+}
+
+type Database struct{}
+
+func (_ *Database) Aggregate(_ context.Context, _ interface{}, _ ...interface{}) (*Cursor, error) {
+	return nil, nil
+}
+
+func (_ *Database) Client() *Client {
+	return nil
+}
+
+func (_ *Database) Collection(_ string, _ ...interface{}) *Collection {
+	return nil
+}
+
+func (_ *Database) CreateCollection(_ context.Context, _ string, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *Database) CreateView(_ context.Context, _ string, _ string, _ interface{}, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *Database) Drop(_ context.Context) error {
+	return nil
+}
+
+func (_ *Database) ListCollectionNames(_ context.Context, _ interface{}, _ ...interface{}) ([]string, error) {
+	return nil, nil
+}
+
+func (_ *Database) ListCollectionSpecifications(_ context.Context, _ interface{}, _ ...interface{}) ([]*CollectionSpecification, error) {
+	return nil, nil
+}
+
+func (_ *Database) ListCollections(_ context.Context, _ interface{}, _ ...interface{}) (*Cursor, error) {
+	return nil, nil
+}
+
+func (_ *Database) Name() string {
+	return ""
+}
+
+func (_ *Database) ReadConcern() interface{} {
+	return nil
+}
+
+func (_ *Database) ReadPreference() interface{} {
+	return nil
+}
+
+func (_ *Database) RunCommand(_ context.Context, _ interface{}, _ ...interface{}) *SingleResult {
+	return nil
+}
+
+func (_ *Database) RunCommandCursor(_ context.Context, _ interface{}, _ ...interface{}) (*Cursor, error) {
+	return nil, nil
+}
+
+func (_ *Database) Watch(_ context.Context, _ interface{}, _ ...interface{}) (*ChangeStream, error) {
+	return nil, nil
+}
+
+func (_ *Database) WriteConcern() interface{} {
+	return nil
+}
+
+type DatabaseSpecification struct {
+	Name       string
+	SizeOnDisk int64
+	Empty      bool
+}
+
+type DeleteResult struct {
+	DeletedCount int64
+}
+
+type IndexModel struct {
+	Keys    interface{}
+	Options interface{}
+}
+
+type IndexSpecification struct {
+	Name               string
+	Namespace          string
+	KeysDocument       interface{}
+	Version            int32
+	ExpireAfterSeconds *int32
+	Sparse             *bool
+	Unique             *bool
+	Clustered          *bool
+}
+
+func (_ *IndexSpecification) UnmarshalBSON(_ []byte) error {
+	return nil
+}
+
+type IndexView struct{}
+
+func (_ IndexView) CreateMany(_ context.Context, _ []IndexModel, _ ...interface{}) ([]string, error) {
+	return nil, nil
+}
+
+func (_ IndexView) CreateOne(_ context.Context, _ IndexModel, _ ...interface{}) (string, error) {
+	return "", nil
+}
+
+func (_ IndexView) DropAll(_ context.Context, _ ...interface{}) (interface{}, error) {
+	return nil, nil
+}
+
+func (_ IndexView) DropOne(_ context.Context, _ string, _ ...interface{}) (interface{}, error) {
+	return nil, nil
+}
+
+func (_ IndexView) DropOneWithKey(_ context.Context, _ interface{}, _ ...interface{}) (interface{}, error) {
+	return nil, nil
+}
+
+func (_ IndexView) List(_ context.Context, _ ...interface{}) (*Cursor, error) {
+	return nil, nil
+}
+
+func (_ IndexView) ListSpecifications(_ context.Context, _ ...interface{}) ([]*IndexSpecification, error) {
+	return nil, nil
+}
+
+type InsertManyResult struct {
+	InsertedIDs []interface{}
+}
+
+type InsertOneResult struct {
+	InsertedID interface{}
+}
+
+type ListDatabasesResult struct {
+	Databases []DatabaseSpecification
+	TotalSize int64
+}
+
+type SearchIndexModel struct {
+	Definition interface{}
+	Options    interface{}
+}
+
+type SearchIndexView struct{}
+
+func (_ SearchIndexView) CreateMany(_ context.Context, _ []SearchIndexModel, _ ...interface{}) ([]string, error) {
+	return nil, nil
+}
+
+func (_ SearchIndexView) CreateOne(_ context.Context, _ SearchIndexModel, _ ...interface{}) (string, error) {
+	return "", nil
+}
+
+func (_ SearchIndexView) DropOne(_ context.Context, _ string, _ ...interface{}) error {
+	return nil
+}
+
+func (_ SearchIndexView) List(_ context.Context, _ interface{}, _ ...interface{}) (*Cursor, error) {
+	return nil, nil
+}
+
+func (_ SearchIndexView) UpdateOne(_ context.Context, _ string, _ interface{}, _ ...interface{}) error {
+	return nil
+}
+
+type Session interface {
+	AbortTransaction(_ context.Context) error
+	AdvanceClusterTime(_ interface{}) error
+	AdvanceOperationTime(_ interface{}) error
+	Client() *Client
+	ClusterTime() interface{}
+	CommitTransaction(_ context.Context) error
+	EndSession(_ context.Context)
+	ID() interface{}
+	OperationTime() interface{}
+	StartTransaction(_ ...interface{}) error
+	WithTransaction(_ context.Context, _ func(SessionContext) (interface{}, error), _ ...interface{}) (interface{}, error)
+}
+
+type SessionContext interface {
+	AbortTransaction(_ context.Context) error
+	AdvanceClusterTime(_ interface{}) error
+	AdvanceOperationTime(_ interface{}) error
+	Client() *Client
+	ClusterTime() interface{}
+	CommitTransaction(_ context.Context) error
+	Deadline() (time.Time, bool)
+	Done() <-chan struct{}
+	EndSession(_ context.Context)
+	Err() error
+	ID() interface{}
+	OperationTime() interface{}
+	StartTransaction(_ ...interface{}) error
+	Value(_ interface{}) interface{}
+	WithTransaction(_ context.Context, _ func(SessionContext) (interface{}, error), _ ...interface{}) (interface{}, error)
+}
+
+type SingleResult struct{}
+
+func (_ *SingleResult) Decode(_ interface{}) error {
+	return nil
+}
+
+func (_ *SingleResult) DecodeBytes() (interface{}, error) {
+	return nil, nil
+}
+
+func (_ *SingleResult) Err() error {
+	return nil
+}
+
+func (_ *SingleResult) Raw() (interface{}, error) {
+	return nil, nil
+}
+
+type UpdateResult struct {
+	MatchedCount  int64
+	ModifiedCount int64
+	UpsertedCount int64
+	UpsertedID    interface{}
+}
+
+func (_ *UpdateResult) UnmarshalBSON(_ []byte) error {
+	return nil
+}
+
+type WriteModel interface{}
--- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt
+++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt
@@ -4,3 +4,6 @@ gorm.io/gorm
 # github.com/jmoiron/sqlx v1.4.0
 ## explicit
 github.com/jmoiron/sqlx
+# go.mongodb.org/mongo-driver/mongo v1.17.2
+## explicit
+go.mongodb.org/mongo-driver/mongo