Convert Xorm sql-injection sinks to MaD

go/ql/lib/ext/xorm.io.xorm.model.yml

@@ -0,0 +1,53 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: packageGrouping
+    data:
+      - ["xorm", "xorm.io/xorm"]
+      - ["xorm", "github.com/go-xorm/xorm"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["group:xorm", "Engine", True, "Alias", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Engine", True, "And", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Engine", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Engine", True, "GroupBy", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Engine", True, "Having", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Engine", True, "In", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Engine", True, "Join", "", "", "Argument[0..2]", "sql-injection", "manual"]
+      - ["group:xorm", "Engine", True, "NotIn", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Engine", True, "Or", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Engine", True, "OrderBy", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Engine", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Engine", True, "QueryString", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Engine", True, "QueryInterface", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Engine", True, "Select", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Engine", True, "SetExpr", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Engine", True, "SQL", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Engine", True, "Sum", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["group:xorm", "Engine", True, "Sums", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["group:xorm", "Engine", True, "SumInt", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["group:xorm", "Engine", True, "SumsInt", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["group:xorm", "Engine", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Session", True, "Alias", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Session", True, "And", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Session", True, "Exec", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Session", True, "GroupBy", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Session", True, "Having", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Session", True, "In", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Session", True, "Join", "", "", "Argument[0..2]", "sql-injection", "manual"]
+      - ["group:xorm", "Session", True, "NotIn", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Session", True, "Or", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Session", True, "OrderBy", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Session", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Session", True, "QueryString", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Session", True, "QueryInterface", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Session", True, "Select", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Session", True, "SetExpr", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Session", True, "SQL", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["group:xorm", "Session", True, "Sum", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["group:xorm", "Session", True, "Sums", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["group:xorm", "Session", True, "SumInt", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["group:xorm", "Session", True, "SumsInt", "", "", "Argument[1]", "sql-injection", "manual"]
+      - ["group:xorm", "Session", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]

go/ql/lib/semmle/go/frameworks/SQL.qll

@@ -168,28 +168,6 @@ module Gorm {
 module Xorm {
   /** Gets the package name for Xorm. */
   string packagePath() { result = package(["xorm.io/xorm", "github.com/go-xorm/xorm"], "") }
-
-  /** A model for sinks of XORM. */
-  private class XormSink extends SQL::QueryString::Range {
-    XormSink() {
-      exists(Method meth, string type, string name, int n |
-        meth.hasQualifiedName(Xorm::packagePath(), type, name) and
-        this = meth.getACall().getSyntacticArgument(n) and
-        type = ["Engine", "Session"]
-      |
-        name =
-          [
-            "Query", "Exec", "QueryString", "QueryInterface", "SQL", "Where", "And", "Or", "Alias",
-            "NotIn", "In", "Select", "SetExpr", "OrderBy", "Having", "GroupBy"
-          ] and
-        n = 0
-        or
-        name = ["SumInt", "Sum", "Sums", "SumsInt"] and n = 1
-        or
-        name = "Join" and n = [0, 1, 2]
-      )
-    }
-  }
 }
 
 /**