Skip to content

Go: Add database source models for the squirrel package (#2) #19090

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
owen-mc merged 10 commits into from
Mar 27, 2025
Merged

Go: Add database source models for the squirrel package (#2) #19090

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
a8c3ef9
Add squirrel models
egregius313 Mar 3, 2025
4ab5d34
Add fake `Source` function and models
egregius313 Mar 3, 2025
c5f5427
Add test for `squirrel` package
egregius313 Mar 3, 2025
59ad30d
Change note
egregius313 Mar 3, 2025
1de15ec
Fix signatures in comments
owen-mc Mar 21, 2025
09d6929
Fix package name in stub
owen-mc Mar 21, 2025
bbed79c
Add squirrel to go.mod
owen-mc Mar 21, 2025
bf82a87
Rename model file to fix typo
owen-mc Mar 21, 2025
0fbeef8
Remove model for method that doesn't exist
owen-mc Mar 21, 2025
8bc70be
Address review comments
owen-mc Mar 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Address review comments
  • Loading branch information
@owen-mc
owen-mc committed Mar 27, 2025
commit 8bc70be3c78a2282ee992f113a89863b7205c649
2 changes: 2 additions & 0 deletions go/ql/lib/ext/github.com.masterminds.squirrel.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,3 +80,5 @@ extensions:
- ["group:squirrel", "UpdateBuilder", True, "Suffix", "", "", "Argument[0]", "sql-injection", "manual"]
- ["group:squirrel", "UpdateBuilder", True, "Table", "", "", "Argument[0]", "sql-injection", "manual"]
# UpdateBuilder.Where has to be modeled in QL to avoid FPs when a non-string argument is used

# There are summary models for Row.Scan, RowScanner.Scan, {Insert,Delete,Select,Update}Builder.Scan and {Insert,Delete,Select,Update}Builder.ScanContext modeled in QL
4 changes: 2 additions & 2 deletions go/ql/lib/semmle/go/frameworks/Squirrel.qll
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ module Squirrel {
FunctionOutput outp;

BuilderScan() {
// signature: func (b InsertBuilder) Scan(dest ...interface{}) error
// signature: func (b {Insert,Delete,Select,Update}Builder) Scan(dest ...interface{}) error
this.hasQualifiedName(packagePath(),
["DeleteBuilder", "InsertBuilder", "SelectBuilder", "UpdateBuilder"], "Scan") and
inp.isReceiver() and
Expand All @@ -71,7 +71,7 @@ module Squirrel {
FunctionOutput outp;

BuilderScanContext() {
// signature: func (b InsertBuilder) ScanContext(ctx context.Context, dest ...interface{}) error
// signature: func (b {Insert,Delete,Select,Update}Builder) ScanContext(ctx context.Context, dest ...interface{}) error
this.hasQualifiedName(packagePath(),
["DeleteBuilder", "InsertBuilder", "SelectBuilder", "UpdateBuilder"], "ScanContext") and
inp.isReceiver() and
Expand Down