From dea1959e218458a264f4358b820866de4ce93839 Mon Sep 17 00:00:00 2001
From: Luke Young <91491244+lyoung-confluent@users.noreply.github.com>
Date: Thu, 3 Feb 2022 13:29:38 -0800
Subject: [PATCH] Match gopkg.in import of squirrel for SQLi query

---
 ql/lib/semmle/go/frameworks/SQL.qll | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ql/lib/semmle/go/frameworks/SQL.qll b/ql/lib/semmle/go/frameworks/SQL.qll
index acf8be77d7f..0c91f02c5ad 100644
--- a/ql/lib/semmle/go/frameworks/SQL.qll
+++ b/ql/lib/semmle/go/frameworks/SQL.qll
@@ -83,7 +83,7 @@ module SQL {
       SquirrelQueryString() {
         exists(Function fn |
           exists(string sq |
-            sq = package(["github.com/Masterminds", "github.com/lann"], "squirrel")
+            sq = package(["github.com/Masterminds/squirrel", "gopkg.in/Masterminds/squirrel.v1", "github.com/lann/squirrel"], "")
           |
             // first argument to `squirrel.Expr`
             fn.hasQualifiedName(sq, "Expr")