Revert "Convert sqlx sql-injection sinks to MaD"

This reverts commit 7ad63fc3e6.

go/ql/lib/ext/github.com.jmoiron.sqlx.model.yml

@@ -1,17 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/go-all
-      extensible: sinkModel
-    data:
-      - ["github.com/jmoiron/sqlx", "DB", True, "Get", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/jmoiron/sqlx", "DB", True, "MustExec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/jmoiron/sqlx", "DB", True, "NamedExec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/jmoiron/sqlx", "DB", True, "NamedQuery", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/jmoiron/sqlx", "DB", True, "Queryx", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/jmoiron/sqlx", "DB", True, "Select", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/jmoiron/sqlx", "Tx", True, "Get", "", "", "Argument[1]", "sql-injection", "manual"]
-      - ["github.com/jmoiron/sqlx", "Tx", True, "MustExec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/jmoiron/sqlx", "Tx", True, "NamedExec", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/jmoiron/sqlx", "Tx", True, "NamedQuery", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/jmoiron/sqlx", "Tx", True, "Queryx", "", "", "Argument[0]", "sql-injection", "manual"]
-      - ["github.com/jmoiron/sqlx", "Tx", True, "Select", "", "", "Argument[1]", "sql-injection", "manual"]

go/ql/lib/semmle/go/frameworks/SQL.qll

@@ -161,6 +161,20 @@ module SQL {
       )
     }
   }
+
+  /** A model for sinks of github.com/jmoiron/sqlx. */
+  private class SqlxSink extends SQL::QueryString::Range {
+    SqlxSink() {
+      exists(Method meth, string name, int n |
+        meth.hasQualifiedName(package("github.com/jmoiron/sqlx", ""), ["DB", "Tx"], name) and
+        this = meth.getACall().getArgument(n)
+      |
+        name = ["Select", "Get"] and n = 1
+        or
+        name = ["MustExec", "Queryx", "NamedExec", "NamedQuery"] and n = 0
+      )
+    }
+  }
 }
 
 /**

go/ql/test/library-tests/semmle/go/frameworks/SQL/Sqlx/QueryString.expected

@@ -1,3 +0,0 @@
-testFailures
-invalidModelRow
-failures

go/ql/test/library-tests/semmle/go/frameworks/SQL/Sqlx/QueryString.ql

@@ -1,60 +0,0 @@
-import go
-import semmle.go.dataflow.ExternalFlow
-import ModelValidation
-import TestUtilities.InlineExpectationsTest
-
-module SqlTest implements TestSig {
-  string getARelevantTag() { result = "query" }
-
-  predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "query" and
-    exists(SQL::Query q, SQL::QueryString qs | qs = q.getAQueryString() |
-      q.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
-        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
-      element = q.toString() and
-      value = qs.toString()
-    )
-  }
-}
-
-module QueryString implements TestSig {
-  string getARelevantTag() { result = "querystring" }
-
-  predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "querystring" and
-    element = "" and
-    exists(SQL::QueryString qs | not exists(SQL::Query q | qs = q.getAQueryString()) |
-      qs.hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
-        location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
-      value = qs.toString()
-    )
-  }
-}
-
-module Config implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node n) { n.asExpr() instanceof StringLit }
-
-  predicate isSink(DataFlow::Node n) {
-    n = any(DataFlow::CallNode cn | cn.getTarget().getName() = "sink").getAnArgument()
-  }
-}
-
-module Flow = TaintTracking::Global<Config>;
-
-module TaintFlow implements TestSig {
-  string getARelevantTag() { result = "flowfrom" }
-
-  predicate hasActualResult(Location location, string element, string tag, string value) {
-    tag = "flowfrom" and
-    element = "" and
-    exists(DataFlow::Node fromNode, DataFlow::Node toNode |
-      toNode
-          .hasLocationInfo(location.getFile().getAbsolutePath(), location.getStartLine(),
-            location.getStartColumn(), location.getEndLine(), location.getEndColumn()) and
-      Flow::flow(fromNode, toNode) and
-      value = fromNode.asExpr().(StringLit).getValue()
-    )
-  }
-}
-
-import MakeTest<MergeTests3<SqlTest, QueryString, TaintFlow>>

go/ql/test/library-tests/semmle/go/frameworks/SQL/Sqlx/sqlx.expected

@@ -0,0 +1,12 @@
+| sqlx.go:15:17:15:25 | untrusted |
+| sqlx.go:16:14:16:22 | untrusted |
+| sqlx.go:17:14:17:22 | untrusted |
+| sqlx.go:18:12:18:20 | untrusted |
+| sqlx.go:19:15:19:23 | untrusted |
+| sqlx.go:20:16:20:24 | untrusted |
+| sqlx.go:23:17:23:25 | untrusted |
+| sqlx.go:24:14:24:22 | untrusted |
+| sqlx.go:25:14:25:22 | untrusted |
+| sqlx.go:26:12:26:20 | untrusted |
+| sqlx.go:27:15:27:23 | untrusted |
+| sqlx.go:28:16:28:24 | untrusted |

go/ql/test/library-tests/semmle/go/frameworks/SQL/Sqlx/sqlx.go

@@ -12,19 +12,19 @@ func main() {
 
 	db := sqlx.DB{}
 	untrusted := getUntrustedString()
-	db.Select(nil, untrusted)     // $ querystring=untrusted
-	db.Get(nil, untrusted)        // $ querystring=untrusted
-	db.MustExec(untrusted)        // $ querystring=untrusted
-	db.Queryx(untrusted)          // $ querystring=untrusted
-	db.NamedExec(untrusted, nil)  // $ querystring=untrusted
-	db.NamedQuery(untrusted, nil) // $ querystring=untrusted
+	db.Select(nil, untrusted)
+	db.Get(nil, untrusted)
+	db.MustExec(untrusted)
+	db.Queryx(untrusted)
+	db.NamedExec(untrusted, nil)
+	db.NamedQuery(untrusted, nil)
 
 	tx := sqlx.Tx{}
-	tx.Select(nil, untrusted)     // $ querystring=untrusted
-	tx.Get(nil, untrusted)        // $ querystring=untrusted
-	tx.MustExec(untrusted)        // $ querystring=untrusted
-	tx.Queryx(untrusted)          // $ querystring=untrusted
-	tx.NamedExec(untrusted, nil)  // $ querystring=untrusted
-	tx.NamedQuery(untrusted, nil) // $ querystring=untrusted
+	tx.Select(nil, untrusted)
+	tx.Get(nil, untrusted)
+	tx.MustExec(untrusted)
+	tx.Queryx(untrusted)
+	tx.NamedExec(untrusted, nil)
+	tx.NamedQuery(untrusted, nil)
 
 }

go/ql/test/library-tests/semmle/go/frameworks/SQL/Sqlx/sqlx.ql

@@ -0,0 +1,4 @@
+import go
+
+from SQL::QueryString qs
+select qs