diff --git a/go/ql/lib/change-notes/2025-01-07-sqlx-source-models.md b/go/ql/lib/change-notes/2025-01-07-sqlx-source-models.md new file mode 100644 index 000000000000..820c255194c4 --- /dev/null +++ b/go/ql/lib/change-notes/2025-01-07-sqlx-source-models.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* `database` local source models have been added for the `github.com/jmoiron/sqlx` package. diff --git a/go/ql/lib/ext/github.com.jmoiron.sqlx.model.yml b/go/ql/lib/ext/github.com.jmoiron.sqlx.model.yml index 8c9d19b4b85b..4936bfd95d9f 100644 --- a/go/ql/lib/ext/github.com.jmoiron.sqlx.model.yml +++ b/go/ql/lib/ext/github.com.jmoiron.sqlx.model.yml @@ -1,4 +1,57 @@ extensions: + - addsTo: + pack: codeql/go-all + extensible: sourceModel + data: + - ["github.com/jmoiron/sqlx", "", True, "Get", "", "", "Argument[1]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "", True, "GetContext", "", "", "Argument[2]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "", True, "NamedQuery", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "", True, "NamedQueryContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "", True, "Select", "", "", "Argument[1]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "", True, "SelectContext", "", "", "Argument[2]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "Conn", True, "GetContext", "", "", "Argument[1]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "Conn", True, "QueryRowxContext", "", "", "ReturnValue", "database", "manual"] + - ["github.com/jmoiron/sqlx", "Conn", True, "QueryxContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "Conn", True, "SelectContext", "", "", "Argument[1]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "DB", True, "Get", "", "", "Argument[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "DB", True, "GetContext", "", "", "Argument[1]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "DB", True, "NamedQuery", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "DB", True, "NamedQueryContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "DB", True, "QueryRowx", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "DB", True, "QueryRowxContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "DB", True, "Queryx", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "DB", True, "QueryxContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "DB", True, "Select", "", "", "Argument[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "DB", True, "SelectContext", "", "", "Argument[1]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "NamedStmt", True, "Get", "", "", "Argument[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "NamedStmt", True, "GetContext", "", "", "Argument[1]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "NamedStmt", True, "QueryRow", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "NamedStmt", True, "QueryRowContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "NamedStmt", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "NamedStmt", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "NamedStmt", True, "QueryRowx", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "NamedStmt", True, "QueryRowxContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "NamedStmt", True, "Queryx", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "NamedStmt", True, "QueryxContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "NamedStmt", True, "Select", "", "", "Argument[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "NamedStmt", True, "SelectContext", "", "", "Argument[1]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "Stmt", True, "Get", "", "", "Argument[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "Stmt", True, "GetContext", "", "", "Argument[1]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "Stmt", True, "QueryRowx", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "Stmt", True, "QueryRowxContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "Stmt", True, "Queryx", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "Stmt", True, "QueryxContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "Stmt", True, "Select", "", "", "Argument[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "Stmt", True, "SelectContext", "", "", "Argument[1]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "Tx", True, "Get", "", "", "Argument[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "Tx", True, "GetContext", "", "", "Argument[1]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "Tx", True, "NamedQuery", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "Tx", True, "QueryRowx", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "Tx", True, "QueryRowxContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "Tx", True, "Queryx", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "Tx", True, "QueryxContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "Tx", True, "Select", "", "", "Argument[0]", "database", "manual"] + - ["github.com/jmoiron/sqlx", "Tx", True, "SelectContext", "", "", "Argument[1]", "database", "manual"] - addsTo: pack: codeql/go-all extensible: sinkModel @@ -15,3 +68,18 @@ extensions: - ["github.com/jmoiron/sqlx", "Tx", True, "NamedQuery", "", "", "Argument[0]", "sql-injection", "manual"] - ["github.com/jmoiron/sqlx", "Tx", True, "Queryx", "", "", "Argument[0]", "sql-injection", "manual"] - ["github.com/jmoiron/sqlx", "Tx", True, "Select", "", "", "Argument[1]", "sql-injection", "manual"] + - addsTo: + pack: codeql/go-all + extensible: summaryModel + data: + - ["github.com/jmoiron/sqlx", "", True, "MapScan", "", "", "Argument[0]", "Argument[1]", "taint", "manual"] + - ["github.com/jmoiron/sqlx", "", True, "SliceScan", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"] + - ["github.com/jmoiron/sqlx", "", True, "StructScan", "", "", "Argument[0]", "Argument[1]", "taint", "manual"] + - ["github.com/jmoiron/sqlx", "ColScanner", True, "Scan", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["github.com/jmoiron/sqlx", "Row", True, "MapScan", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["github.com/jmoiron/sqlx", "Row", True, "Scan", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["github.com/jmoiron/sqlx", "Row", True, "SliceScan", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] + - ["github.com/jmoiron/sqlx", "Row", True, "StructScan", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["github.com/jmoiron/sqlx", "Rows", True, "MapScan", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["github.com/jmoiron/sqlx", "Rows", True, "SliceScan", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] + - ["github.com/jmoiron/sqlx", "Rows", True, "StructScan", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod index d9fb9e8f9870..156f9593dadd 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod @@ -4,4 +4,5 @@ go 1.22.5 require ( gorm.io/gorm v1.23.0 + github.com/jmoiron/sqlx v1.4.0 ) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_jmoiron_sqlx.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_jmoiron_sqlx.go new file mode 100644 index 000000000000..ce3dea5b532c --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_jmoiron_sqlx.go @@ -0,0 +1,311 @@ +package test + +import ( + "context" + + "github.com/jmoiron/sqlx" +) + +func test_sqlx(q sqlx.Ext) { + var user User + + err := sqlx.Get(q, &user, "SELECT * FROM users WHERE id = 1") // $ source + ignore(err) + + err = sqlx.Select(q, &user, "SELECT * FROM users WHERE id = 1") // $ source + ignore(err) + + rows, err := sqlx.NamedQuery(q, "SELECT * FROM users WHERE id = :id", map[string]any{"id": 1}) // $ source + ignore(err) + + var user2 User + + rows.StructScan(&user2) + + sink(user2) // $ hasTaintFlow="user2" +} + +func test_sqlx_ctx(ctx context.Context, q sqlx.ExtContext) { + var user User + + err := sqlx.GetContext(ctx, q, &user, "SELECT * FROM users WHERE id = 1") // $ source + ignore(err) + + err = sqlx.SelectContext(ctx, q, &user, "SELECT * FROM users WHERE id = 1") // $ source + ignore(err) + + rows, err := sqlx.NamedQueryContext(ctx, q, "SELECT * FROM users WHERE id = :id", map[string]any{"id": 1}) // $ source + ignore(err) + + var user2 User + + rows.StructScan(&user2) + + sink(user2) // $ hasTaintFlow="user2" +} + +func test_sqlx_Conn(conn *sqlx.Conn) { + var user User + conn.GetContext(nil, &user, "SELECT * FROM users WHERE id = 1") // $ source + + var user2 User + conn.SelectContext(nil, &user2, "SELECT * FROM users WHERE id = 1") // $ source + + row := conn.QueryRowxContext(nil, "SELECT * FROM users WHERE id = 1") // $ source + + userMap := make(map[string]interface{}) + row.MapScan(userMap) + id := userMap["id"].(int) + sink(id) // $ hasTaintFlow="id" + + rows, err := conn.QueryxContext(nil, "SELECT * FROM users WHERE id = 1") // $ source + ignore(err) + + for rows.Next() { + var id int + var name string + err = rows.Scan(&id, &name) + + if err != nil { + return + } + + sink(id, name) // $ hasTaintFlow="id" hasTaintFlow="name" + } +} + +func test_sqlx_DB(db *sqlx.DB) { + example, err := db.Query("SELECT * FROM users") // $ source + ignore(example, err) + + rows, err := db.Queryx("SELECT * FROM users") // $ source + + if err != nil { + return + } + + defer rows.Close() + + for rows.Next() { + var id int + var name string + err = rows.Scan(&id, &name) + + if err != nil { + return + } + + sink(id, name) // $ hasTaintFlow="id" hasTaintFlow="name" + + valmap := make(map[string]interface{}) + rows.MapScan(valmap) + + id = valmap["id"].(int) + sink(id) // $ hasTaintFlow="id" + + var user User + rows.StructScan(&user) + sink(user) // $ hasTaintFlow="user" + } + + row := db.QueryRowx("SELECT * FROM users WHERE id = 1") // $ source + + userMap := make(map[string]interface{}) + row.MapScan(userMap) + + id := userMap["id"].(int) + sink(id) // $ hasTaintFlow="id" + + var user User + row.StructScan(&user) + sink(user) // $ hasTaintFlow="user" + + var user2 User + db.Get(&user2, "SELECT * FROM users WHERE id = 1") // $ source + + var user3 User + db.GetContext(nil, &user3, "SELECT * FROM users WHERE id = 1") // $ source + + var user4 User + rows, err = db.NamedQueryContext(nil, "SELECT * FROM users WHERE id = :id", map[string]any{"id": 1}) // $ source + ignore(err) + rows.StructScan(&user4) + sink(user4) // $ hasTaintFlow="user4" + + var user5 User + db.Select(&user5, "SELECT * FROM users WHERE id = 1") // $ source +} + +func test_sqlx_NamedStmt(stmt *sqlx.NamedStmt) { + example, err := stmt.Query("SELECT * FROM users") // $ source + ignore(example, err) + + rows, err := stmt.Queryx("SELECT * FROM users") // $ source + + if err != nil { + return + } + + defer rows.Close() + + for rows.Next() { + var id int + var name string + err = rows.Scan(&id, &name) + + if err != nil { + return + } + + sink(id, name) // $ hasTaintFlow="id" hasTaintFlow="name" + + valmap := make(map[string]interface{}) + rows.MapScan(valmap) + + id = valmap["id"].(int) + sink(id) // $ hasTaintFlow="id" + + var user User + rows.StructScan(&user) + sink(user) // $ hasTaintFlow="user" + } + + row := stmt.QueryRowx("SELECT * FROM users WHERE id = 1") // $ source + + userMap := make(map[string]interface{}) + row.MapScan(userMap) + + id := userMap["id"].(int) + sink(id) // $ hasTaintFlow="id" + + var user User + row.StructScan(&user) + sink(user) // $ hasTaintFlow="user" + + var user2 User + stmt.Get(&user2, "SELECT * FROM users WHERE id = 1") // $ source + + var user3 User + stmt.GetContext(nil, &user3, "SELECT * FROM users WHERE id = 1") // $ source + + var user4 User + stmt.Select(&user4, "SELECT * FROM users WHERE id = 1") // $ source +} + +func test_sqlx_Stmt(stmt *sqlx.Stmt) { + example, err := stmt.Query("SELECT * FROM users") // $ source + ignore(example, err) + + rows, err := stmt.Queryx("SELECT * FROM users") // $ source + + if err != nil { + return + } + + defer rows.Close() + + for rows.Next() { + var id int + var name string + err = rows.Scan(&id, &name) + + if err != nil { + return + } + + sink(id, name) // $ hasTaintFlow="id" hasTaintFlow="name" + + valmap := make(map[string]interface{}) + rows.MapScan(valmap) + + id = valmap["id"].(int) + sink(id) // $ hasTaintFlow="id" + + var user User + rows.StructScan(&user) + sink(user) // $ hasTaintFlow="user" + } + + row := stmt.QueryRowx("SELECT * FROM users WHERE id = 1") // $ source + + userMap := make(map[string]interface{}) + row.MapScan(userMap) + + id := userMap["id"].(int) + sink(id) // $ hasTaintFlow="id" + + var user User + row.StructScan(&user) + sink(user) // $ hasTaintFlow="user" + + var user2 User + stmt.Get(&user2, "SELECT * FROM users WHERE id = 1") // $ source + + var user3 User + stmt.GetContext(nil, &user3, "SELECT * FROM users WHERE id = 1") // $ source + + var user4 User + stmt.Select(&user4, "SELECT * FROM users WHERE id = 1") // $ source +} + +func test_sqlx_Tx(tx *sqlx.Tx) { + example, err := tx.Query("SELECT * FROM users") // $ source + ignore(example, err) + + rows, err := tx.Queryx("SELECT * FROM users") // $ source + + if err != nil { + return + } + + defer rows.Close() + + for rows.Next() { + var id int + var name string + err = rows.Scan(&id, &name) + + if err != nil { + return + } + + sink(id, name) // $ hasTaintFlow="id" hasTaintFlow="name" + + valmap := make(map[string]interface{}) + rows.MapScan(valmap) + + id = valmap["id"].(int) + sink(id) // $ hasTaintFlow="id" + + var user User + rows.StructScan(&user) + sink(user) // $ hasTaintFlow="user" + } + + row := tx.QueryRowx("SELECT * FROM users WHERE id = 1") // $ source + + userMap := make(map[string]interface{}) + row.MapScan(userMap) + + id := userMap["id"].(int) + sink(id) // $ hasTaintFlow="id" + + var user User + row.StructScan(&user) + sink(user) // $ hasTaintFlow="user" + + var user2 User + tx.Get(&user2, "SELECT * FROM users WHERE id = 1") // $ source + + var user3 User + tx.GetContext(nil, &user3, "SELECT * FROM users WHERE id = 1") // $ source + + var user4 User + rows, err = tx.NamedQuery("SELECT * FROM users WHERE id = :id", map[string]any{"id": 1}) // $ source + ignore(err) + rows.StructScan(&user4) + sink(user4) // $ hasTaintFlow="user4" + + var user5 User + tx.Select(&user5, "SELECT * FROM users WHERE id = 1") // $ source +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/conn.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/conn.go new file mode 100644 index 000000000000..28a0f913062f --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/conn.go @@ -0,0 +1,26 @@ +package sqlx + +import ( + "context" + "database/sql" +) + +type Conn struct { + *sql.Conn +} + +func (c *Conn) GetContext(ctx context.Context, dest interface{}, query string, args ...interface{}) error { + return nil +} + +func (c *Conn) SelectContext(ctx context.Context, dest interface{}, query string, args ...interface{}) error { + return nil +} + +func (c *Conn) QueryRowxContext(ctx context.Context, query string, args ...interface{}) *Row { + return nil +} + +func (c *Conn) QueryxContext(ctx context.Context, query string, args ...interface{}) (*Rows, error) { + return nil, nil +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/db.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/db.go new file mode 100644 index 000000000000..4d50616a732f --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/db.go @@ -0,0 +1,52 @@ +package sqlx + +import ( + "context" + "database/sql" +) + +type DB struct { + *sql.DB + + // Mapper *reflectx.Mapper +} + +func (db *DB) Get(dest interface{}, query string, args ...interface{}) error { + return nil +} + +func (db *DB) GetContext(ctx context.Context, dest interface{}, query string, args ...interface{}) error { + return nil +} + +func (db *DB) QueryRowx(query string, args ...interface{}) *Row { + return nil +} + +func (db *DB) QueryRowxContext(ctx context.Context, query string, args ...interface{}) *Row { + return nil +} + +func (db *DB) Queryx(query string, args ...interface{}) (*Rows, error) { + return nil, nil +} + +func (db *DB) QueryxContext(ctx context.Context, query string, args ...interface{}) (*Rows, error) { + return nil, nil +} + +func (db *DB) Select(dest interface{}, query string, args ...interface{}) error { + return nil +} + +func (db *DB) SelectContext(ctx context.Context, dest interface{}, query string, args ...interface{}) error { + return nil +} + +func (db *DB) NamedQuery(query string, arg interface{}) (*Rows, error) { + return nil, nil +} + +func (db *DB) NamedQueryContext(ctx context.Context, query string, arg interface{}) (*Rows, error) { + return nil, nil +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/namedstmt.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/namedstmt.go new file mode 100644 index 000000000000..59b647ff48e6 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/namedstmt.go @@ -0,0 +1,60 @@ +package sqlx + +import ( + "context" + "database/sql" +) + +type NamedStmt struct { + Params []string + QueryString string + Stmt *sql.Stmt +} + +func (s *NamedStmt) Get(dest interface{}, args ...interface{}) error { + return nil +} + +func (s *NamedStmt) GetContext(ctx context.Context, dest interface{}, args ...interface{}) error { + return nil +} + +func (s *NamedStmt) QueryRow(args ...interface{}) *Row { + return nil +} + +func (s *NamedStmt) QueryRowContext(ctx context.Context, args ...interface{}) *Row { + return nil +} + +func (s *NamedStmt) Query(args ...interface{}) (*Rows, error) { + return nil, nil +} + +func (s *NamedStmt) QueryContext(ctx context.Context, args ...interface{}) (*Rows, error) { + return nil, nil +} + +func (s *NamedStmt) QueryRowx(args ...interface{}) *Row { + return nil +} + +func (s *NamedStmt) QueryRowxContext(ctx context.Context, args ...interface{}) *Row { + return nil +} + +func (s *NamedStmt) Queryx(args ...interface{}) (*Rows, error) { + return nil, nil +} + +func (s *NamedStmt) QueryxContext(ctx context.Context, args ...interface{}) (*Rows, error) { + return nil, nil +} + +func (s *NamedStmt) Select(dest interface{}, args ...interface{}) error { + return nil +} + +func (s *NamedStmt) SelectContext(ctx context.Context, dest interface{}, args ...interface{}) error { + return nil +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/row.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/row.go new file mode 100644 index 000000000000..fb427e8f6579 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/row.go @@ -0,0 +1,21 @@ +package sqlx + +type Row struct { + // Mapper *reflectx.Mapper +} + +func (r *Row) MapScan(dest map[string]interface{}) error { + return nil +} + +func (r *Row) StructScan(dest interface{}) error { + return nil +} + +func (r *Row) SliceScan(dest []interface{}) error { + return nil +} + +func (r *Row) Scan(dest ...interface{}) error { + return nil +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/rows.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/rows.go new file mode 100644 index 000000000000..484dc7709e93 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/rows.go @@ -0,0 +1,26 @@ +package sqlx + +import "database/sql" + +type Rows struct { + *sql.Rows + + // Mapper *reflectx.Mapper + // contains filtered or unexported fields +} + +func (r *Rows) MapScan(dest map[string]interface{}) error { + return nil +} + +func (r *Rows) StructScan(dest interface{}) error { + return nil +} + +func (r *Rows) SliceScan(dest []interface{}) error { + return nil +} + +func (r *Rows) Scan(dest ...interface{}) error { + return nil +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/stmt.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/stmt.go new file mode 100644 index 000000000000..c634566d3ea8 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/stmt.go @@ -0,0 +1,42 @@ +package sqlx + +import ( + "context" + "database/sql" +) + +type Stmt struct { + *sql.Stmt +} + +func (s *Stmt) Get(dest interface{}, args ...interface{}) error { + return nil +} + +func (s *Stmt) GetContext(ctx context.Context, dest interface{}, args ...interface{}) error { + return nil +} + +func (s *Stmt) QueryRowx(args ...interface{}) *Row { + return nil +} + +func (s *Stmt) QueryRowxContext(ctx context.Context, args ...interface{}) *Row { + return nil +} + +func (s *Stmt) Queryx(args ...interface{}) (*Rows, error) { + return nil, nil +} + +func (s *Stmt) QueryxContext(ctx context.Context, args ...interface{}) (*Rows, error) { + return nil, nil +} + +func (s *Stmt) Select(dest interface{}, args ...interface{}) error { + return nil +} + +func (s *Stmt) SelectContext(ctx context.Context, dest interface{}, args ...interface{}) error { + return nil +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/stub.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/stub.go new file mode 100644 index 000000000000..888df0079618 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/stub.go @@ -0,0 +1,67 @@ +package sqlx + +import ( + "context" + "database/sql" +) + +type ColScanner interface { + Columns() ([]string, error) + Scan(dest ...interface{}) error + Err() error +} + +type Execer interface { + Exec(query string, args ...interface{}) (sql.Result, error) +} + +type ExecerContext interface { + ExecContext(ctx context.Context, query string, args ...interface{}) (sql.Result, error) +} + +type Ext interface { + Queryer + Execer +} + +type ExtContext interface { + QueryerContext + ExecerContext + // contains filtered or unexported methods +} + +type Queryer interface { + Query(query string, args ...interface{}) (*sql.Rows, error) + Queryx(query string, args ...interface{}) (*Rows, error) + QueryRowx(query string, args ...interface{}) *Row +} + +type QueryerContext interface { + QueryContext(ctx context.Context, query string, args ...interface{}) (*sql.Rows, error) + QueryxContext(ctx context.Context, query string, args ...interface{}) (*Rows, error) + QueryRowxContext(ctx context.Context, query string, args ...interface{}) *Row +} + +func NamedQuery(e Ext, query string, arg interface{}) (*Rows, error) { + return e.Queryx(query, arg) +} + +func NamedQueryContext(ctx context.Context, e ExtContext, query string, arg interface{}) (*Rows, error) { + return e.QueryxContext(ctx, query, arg) +} + +func Get(q Queryer, dest interface{}, query string, args ...interface{}) error { + return nil +} + +func GetContext(ctx context.Context, q QueryerContext, dest interface{}, query string, args ...interface{}) error { + return nil +} + +func Select(q Queryer, dest interface{}, query string, args ...interface{}) error { + return nil +} + +func SelectContext(ctx context.Context, q QueryerContext, dest interface{}, query string, args ...interface{}) error { + return nil +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/tx.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/tx.go new file mode 100644 index 000000000000..38ca8b535314 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/tx.go @@ -0,0 +1,47 @@ +package sqlx + +import ( + "context" + "database/sql" +) + +type Tx struct { + *sql.Tx +} + +func (tx *Tx) Get(dest interface{}, args ...interface{}) error { + return nil +} + +func (tx *Tx) GetContext(ctx context.Context, dest interface{}, args ...interface{}) error { + return nil +} + +func (tx *Tx) QueryRowx(args ...interface{}) *Row { + return nil +} + +func (tx *Tx) QueryRowxContext(ctx context.Context, args ...interface{}) *Row { + + return nil +} + +func (tx *Tx) Queryx(args ...interface{}) (*Rows, error) { + return nil, nil +} + +func (tx *Tx) QueryxContext(ctx context.Context, args ...interface{}) (*Rows, error) { + return nil, nil +} + +func (tx *Tx) Select(dest interface{}, args ...interface{}) error { + return nil +} + +func (tx *Tx) SelectContext(ctx context.Context, dest interface{}, args ...interface{}) error { + return nil +} + +func (tx *Tx) NamedQuery(query string, arg interface{}) (*Rows, error) { + return nil, nil +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt index ff139a75895e..c2d59db51216 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt @@ -1,3 +1,6 @@ # gorm.io/gorm v1.23.0 ## explicit -gorm.io/gorm \ No newline at end of file +gorm.io/gorm +# github.com/jmoiron/sqlx v1.4.0 +## explicit +github.com/jmoiron/sqlx