From d807e8de75ac945ad8b035db2271fc5a759bfeff Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Wed, 9 Sep 2020 14:01:55 +0100
Subject: [PATCH] Add more methods from GORM as sinks

Cf. https://gorm.io/docs/security.html
---
 ql/src/semmle/go/frameworks/SQL.qll | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ql/src/semmle/go/frameworks/SQL.qll b/ql/src/semmle/go/frameworks/SQL.qll
index d338ddbcf57..ecb5becdfca 100644
--- a/ql/src/semmle/go/frameworks/SQL.qll
+++ b/ql/src/semmle/go/frameworks/SQL.qll
@@ -168,7 +168,8 @@ module SQL {
         meth.hasQualifiedName(package, "DB", name) and
         this = meth.getACall().getArgument(0) and
         package in ["github.com/jinzhu/gorm", "github.com/go-gorm/gorm", "gorm.io/gorm"] and
-        name in ["Where", "Raw", "Order", "Not", "Or", "Select", "Table", "Group", "Having", "Joins"]
+        name in ["Where", "Raw", "Order", "Not", "Or", "Select", "Table", "Group", "Having",
+              "Joins", "Exec", "Distinct", "Pluck"]
       )
     }
   }