Convert gocb nosql-injection sinks to MaD

owen-mc · owen-mc · commit a33977331f78 · 2024-08-16T08:00:40.000+01:00
diff --git a/go/ql/lib/ext/github.com.couchbase.gocb.model.yml b/go/ql/lib/ext/github.com.couchbase.gocb.model.yml
@@ -3,28 +3,43 @@ extensions:
       pack: codeql/go-all
       extensible: packageGrouping
     data:
-      - ["gocb", "github.com/couchbase/gocb"]
-      - ["gocb", "gopkg.in/couchbase/gocb"]
-      - ["gocb", "github.com/couchbaselabs/gocb"]
+      - ["gocb1", "fixed-version:github.com/couchbase/gocb"]
+      - ["gocb1", "fixed-version:gopkg.in/couchbase/gocb.v1"]
+      - ["gocb1", "fixed-version:github.com/couchbaselabs/gocb"]
+      - ["gocb2", "github.com/couchbase/gocb/v2"]
+      - ["gocb2", "gopkg.in/couchbase/gocb.v2"]
+      - ["gocb2", "github.com/couchbaselabs/gocb/v2"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["group:gocb1", "Bucket", True, "ExecuteN1qlQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
+      - ["group:gocb1", "Bucket", True, "ExecuteAnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
+      - ["group:gocb1", "Cluster", True, "ExecuteN1qlQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
+      - ["group:gocb1", "Cluster", True, "ExecuteAnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
+      - ["group:gocb2", "Cluster", True, "AnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
+      - ["group:gocb2", "Cluster", True, "Query", "", "", "Argument[0]", "nosql-injection", "manual"]
+      - ["group:gocb2", "Scope", True, "AnalyticsQuery", "", "", "Argument[0]", "nosql-injection", "manual"]
+      - ["group:gocb2", "Scope", True, "Query", "", "", "Argument[0]", "nosql-injection", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: summaryModel
     data:
-      - ["group:gocb", "", False, "NewAnalyticsQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "", False, "NewN1qlQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "AnalyticsQuery", True, "ContextId", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "AnalyticsQuery", True, "Deferred", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "AnalyticsQuery", True, "Pretty", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "AnalyticsQuery", True, "Priority", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "AnalyticsQuery", True, "RawParam", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "AnalyticsQuery", True, "ServerSideTimeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "N1qlQuery", True, "AdHoc", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "N1qlQuery", True, "Consistency", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "N1qlQuery", True, "ConsistentWith", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "N1qlQuery", True, "Custom", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "N1qlQuery", True, "PipelineBatch", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "N1qlQuery", True, "PipelineCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "N1qlQuery", True, "Profile", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "N1qlQuery", True, "ReadOnly", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "N1qlQuery", True, "ScanCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
-      - ["group:gocb", "N1qlQuery", True, "Timeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "", False, "NewAnalyticsQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "", False, "NewN1qlQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "AnalyticsQuery", True, "ContextId", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "AnalyticsQuery", True, "Deferred", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "AnalyticsQuery", True, "Pretty", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "AnalyticsQuery", True, "Priority", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "AnalyticsQuery", True, "RawParam", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "AnalyticsQuery", True, "ServerSideTimeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "N1qlQuery", True, "AdHoc", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "N1qlQuery", True, "Consistency", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "N1qlQuery", True, "ConsistentWith", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "N1qlQuery", True, "Custom", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "N1qlQuery", True, "PipelineBatch", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "N1qlQuery", True, "PipelineCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "N1qlQuery", True, "Profile", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "N1qlQuery", True, "ReadOnly", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "N1qlQuery", True, "ScanCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "N1qlQuery", True, "Timeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
diff --git a/go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml b/go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml
@@ -3,6 +3,7 @@ extensions:
       pack: codeql/go-all
       extensible: sinkModel
     data:
+      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Aggregate", "", "", "Argument[1]", "nosql-injection", "manual"]
       - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "CountDocuments", "", "", "Argument[1]", "nosql-injection", "manual"]
       - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "DeleteMany", "", "", "Argument[1]", "nosql-injection", "manual"]
       - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "DeleteOne", "", "", "Argument[1]", "nosql-injection", "manual"]
@@ -16,4 +17,3 @@ extensions:
       - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "UpdateMany", "", "", "Argument[1]", "nosql-injection", "manual"]
       - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "UpdateOne", "", "", "Argument[1]", "nosql-injection", "manual"]
       - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Watch", "", "", "Argument[1]", "nosql-injection", "manual"]
-      - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Aggregate", "", "", "Argument[1]", "nosql-injection", "manual"]
diff --git a/go/ql/lib/semmle/go/frameworks/Couchbase.qll b/go/ql/lib/semmle/go/frameworks/Couchbase.qll
@@ -5,57 +5,23 @@
 import go
 
 /**
+ * DEPRECATED
+ *
  * Provides models of commonly used functions in the official Couchbase Go SDK library.
  */
-module Couchbase {
+deprecated module Couchbase {
   /**
+   * DEPRECATED
+   *
    * Gets a package path for the official Couchbase Go SDK library.
    *
    * Note that v1 and v2 have different APIs, but the names are disjoint so there is no need to
    * distinguish between them.
    */
-  string packagePath() {
+  deprecated string packagePath() {
     result =
       package([
           "gopkg.in/couchbase/gocb", "github.com/couchbase/gocb", "github.com/couchbaselabs/gocb"
         ], "")
   }
-
-  /**
-   * A query used in an API function acting on a `Bucket` or `Cluster` struct of v1 of
-   * the official Couchbase Go library, gocb.
-   */
-  private class CouchbaseV1Query extends NoSql::Query::Range {
-    CouchbaseV1Query() {
-      // func (b *Bucket) ExecuteAnalyticsQuery(q *AnalyticsQuery, params interface{}) (AnalyticsResults, error)
-      // func (b *Bucket) ExecuteN1qlQuery(q *N1qlQuery, params interface{}) (QueryResults, error)
-      // func (c *Cluster) ExecuteAnalyticsQuery(q *AnalyticsQuery, params interface{}) (AnalyticsResults, error)
-      // func (c *Cluster) ExecuteN1qlQuery(q *N1qlQuery, params interface{}) (QueryResults, error)
-      exists(Method meth, string structName, string methodName |
-        structName in ["Bucket", "Cluster"] and
-        methodName in ["ExecuteN1qlQuery", "ExecuteAnalyticsQuery"] and
-        meth.hasQualifiedName(packagePath(), structName, methodName) and
-        this = meth.getACall().getArgument(0)
-      )
-    }
-  }
-
-  /**
-   * A query used in an API function acting on a `Bucket` or `Cluster` struct of v1 of
-   * the official Couchbase Go library, gocb.
-   */
-  private class CouchbaseV2Query extends NoSql::Query::Range {
-    CouchbaseV2Query() {
-      // func (c *Cluster) AnalyticsQuery(statement string, opts *AnalyticsOptions) (*AnalyticsResult, error)
-      // func (c *Cluster) Query(statement string, opts *QueryOptions) (*QueryResult, error)
-      // func (s *Scope) AnalyticsQuery(statement string, opts *AnalyticsOptions) (*AnalyticsResult, error)
-      // func (s *Scope) Query(statement string, opts *QueryOptions) (*QueryResult, error)
-      exists(Method meth, string structName, string methodName |
-        structName in ["Cluster", "Scope"] and
-        methodName in ["AnalyticsQuery", "Query"] and
-        meth.hasQualifiedName(packagePath(), structName, methodName) and
-        this = meth.getACall().getArgument(0)
-      )
-    }
-  }
 }
diff --git a/go/ql/lib/semmle/go/frameworks/NoSQL.qll b/go/ql/lib/semmle/go/frameworks/NoSQL.qll
@@ -31,82 +31,6 @@ module NoSql {
         )
       }
     }
-    //   /**
-    //    * Holds if method `name` of struct `Collection` from package
-    //    * [go.mongodb.org/mongo-driver/mongo](https://pkg.go.dev/go.mongodb.org/mongo-driver/mongo)
-    //    * interprets parameter `n` as a query.
-    //    */
-    //   private predicate mongoDbCollectionMethod(string name, int n) {
-    //     // func (coll *Collection) CountDocuments(ctx context.Context, filter interface{},
-    //     //                                        opts ...*options.CountOptions) (int64, error)
-    //     name = "CountDocuments" and n = 1
-    //     or
-    //     // func (coll *Collection) DeleteMany(ctx context.Context, filter interface{},
-    //     //                                    opts ...*options.DeleteOptions) (*DeleteResult, error)
-    //     name = "DeleteMany" and n = 1
-    //     or
-    //     // func (coll *Collection) DeleteOne(ctx context.Context, filter interface{},
-    //     //                                   opts ...*options.DeleteOptions) (*DeleteResult, error)
-    //     name = "DeleteOne" and n = 1
-    //     or
-    //     // func (coll *Collection) Distinct(ctx context.Context, fieldName string, filter interface{},
-    //     //                                  ...) ([]interface{}, error)
-    //     name = "Distinct" and n = 2
-    //     or
-    //     // func (coll *Collection) Find(ctx context.Context, filter interface{},
-    //     //                              opts ...*options.FindOptions) (*Cursor, error)
-    //     name = "Find" and n = 1
-    //     or
-    //     // func (coll *Collection) FindOne(ctx context.Context, filter interface{},
-    //     //                                 opts ...*options.FindOneOptions) *SingleResult
-    //     name = "FindOne" and n = 1
-    //     or
-    //     // func (coll *Collection) FindOneAndDelete(ctx context.Context, filter interface{}, ...)
-    //     //                                         *SingleResult
-    //     name = "FindOneAndDelete" and n = 1
-    //     or
-    //     // func (coll *Collection) FindOneAndReplace(ctx context.Context, filter interface{},
-    //     //                                           replacement interface{}, ...) *SingleResult
-    //     name = "FindOneAndReplace" and n = 1
-    //     or
-    //     // func (coll *Collection) FindOneAndUpdate(ctx context.Context, filter interface{},
-    //     //                                          update interface{}, ...) *SingleResult
-    //     name = "FindOneAndUpdate" and n = 1
-    //     or
-    //     // func (coll *Collection) ReplaceOne(ctx context.Context, filter interface{},
-    //     //                                    replacement interface{}, ...) (*UpdateResult, error)
-    //     name = "ReplaceOne" and n = 1
-    //     or
-    //     // func (coll *Collection) UpdateMany(ctx context.Context, filter interface{},
-    //     //                                    update interface{}, ...) (*UpdateResult, error)
-    //     name = "UpdateMany" and n = 1
-    //     or
-    //     // func (coll *Collection) UpdateOne(ctx context.Context, filter interface{},
-    //     //                                   update interface{}, ...) (*UpdateResult, error)
-    //     name = "UpdateOne" and n = 1
-    //     or
-    //     // func (coll *Collection) Watch(ctx context.Context, pipeline interface{}, ...)
-    //     //                              (*ChangeStream, error)
-    //     name = "Watch" and n = 1
-    //     or
-    //     // func (coll *Collection) Aggregate(ctx context.Context, pipeline interface{},
-    //     //                                   opts ...*options.AggregateOptions) (*Cursor, error)
-    //     name = "Aggregate" and n = 1
-    //   }
-    //   /**
-    //    * A query used in an API function acting on a `Collection` struct of package
-    //    * [go.mongodb.org/mongo-driver/mongo](https://pkg.go.dev/go.mongodb.org/mongo-driver/mongo).
-    //    */
-    //   private class MongoDbCollectionQuery extends Range {
-    //     MongoDbCollectionQuery() {
-    //       exists(Method meth, string methodName, int n |
-    //         mongoDbCollectionMethod(methodName, n) and
-    //         meth.hasQualifiedName(package("go.mongodb.org/mongo-driver", "mongo"), "Collection",
-    //           methodName) and
-    //         this = meth.getACall().getArgument(n)
-    //       )
-    //     }
-    //   }
   }
 
   /**
