Go: Add database source models for the squirrel package (#2)#19090
Merged
owen-mc merged 10 commits intogithub:mainfrom Mar 27, 2025
Merged
Go: Add database source models for the squirrel package (#2)#19090owen-mc merged 10 commits intogithub:mainfrom
database source models for the squirrel package (#2)#19090owen-mc merged 10 commits intogithub:mainfrom
Conversation
Contributor
Click to show differences in coveragegoGenerated file changes for go
- `Squirrel <https://github.com/Masterminds/squirrel>`_,"``github.com/Masterminds/squirrel*``, ``github.com/lann/squirrel*``, ``gopkg.in/Masterminds/squirrel``",,,96
+ `Squirrel <https://github.com/Masterminds/squirrel>`_,"``github.com/Masterminds/squirrel*``, ``github.com/lann/squirrel*``, ``gopkg.in/Masterminds/squirrel``",81,,96
- Totals,,560,1048,1556
+ Totals,,641,1048,1556
- github.com/Masterminds/squirrel,32,,,,,,,,,,,,,,32,,,,,,,,,,,,
+ github.com/Masterminds/squirrel,32,27,,,,,,,,,,,,,32,,,,,,27,,,,,,
- github.com/lann/squirrel,32,,,,,,,,,,,,,,32,,,,,,,,,,,,
+ github.com/lann/squirrel,32,27,,,,,,,,,,,,,32,,,,,,27,,,,,,
- gopkg.in/Masterminds/squirrel,32,,,,,,,,,,,,,,32,,,,,,,,,,,,
+ gopkg.in/Masterminds/squirrel,32,27,,,,,,,,,,,,,32,,,,,,27,,,,,, |
owen-mc
force-pushed
the
review/egregius313/18902
branch
from
ab53cd9 to
0fbeef8
Compare
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR adds database source models for the github.com/Masterminds/squirrel ORM package along with corresponding tests and YAML configuration updates.
- Introduces new test functions in Go to validate taint flows from various squirrel methods.
- Updates YAML extension files (test and source) with new source model configurations.
- Adds change notes to document the introduction of the database source models.
Reviewed Changes
Copilot reviewed 8 out of 11 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_Masterminds_squirrel.go | New test functions for database flows using squirrel methods |
| go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test.ext.yml | Added source model configuration for the database flows |
| go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/source.ext.yml | Added source model configuration for the database flows |
| go/ql/lib/ext/github.com.masterminds.squirrel.model.yml | Extended the model with new source model entries for squirrel |
| go/ql/lib/change-notes/2025-03-02-squirrel-source-models.md | Added change notes for the new database source models |
Files not reviewed (3)
- go/ql/lib/go.qll: Language not supported
- go/ql/lib/semmle/go/frameworks/Squirrel.qll: Language not supported
- go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod: Language not supported
Tip: Copilot code review supports C#, Go, Java, JavaScript, Markdown, Python, Ruby and TypeScript, with more languages coming soon. Learn more
Comment on lines
+97
to
+99
| if err != nil { | ||
| return | ||
| } |
There was a problem hiding this comment.
The error check after calling std.QueryRow("") is invalid since QueryRow does not return an error. Remove the error check on line 97.
Suggested change
| if err != nil { | |
| return | |
| } |
smowton
previously approved these changes
Mar 27, 2025
Contributor
smowton
left a comment
smowton
left a comment
There was a problem hiding this comment.
Looks plausible. Haven't trawled the godoc of the library for other modelling candidates.
| FunctionOutput outp; | ||
|
|
||
| BuilderScan() { | ||
| // signature: func (b InsertBuilder) Scan(dest ...interface{}) error |
Contributor
There was a problem hiding this comment.
Suggested change
| // signature: func (b InsertBuilder) Scan(dest ...interface{}) error | |
| // signature: func (b {Insert,Delete,Select,Update}Builder) Scan(dest ...interface{}) error |
| FunctionOutput outp; | ||
|
|
||
| BuilderScanContext() { | ||
| // signature: func (b InsertBuilder) ScanContext(ctx context.Context, dest ...interface{}) error |
Contributor
There was a problem hiding this comment.
Suggested change
| // signature: func (b InsertBuilder) ScanContext(ctx context.Context, dest ...interface{}) error | |
| // signature: func (b {Insert,Delete,Select,Update}Builder) ScanContext(ctx context.Context, dest ...interface{}) error |
smowton
reviewed
Mar 27, 2025
| - ["group:squirrel", "", True, "QueryRowContextWith", "", "", "ReturnValue", "database", "manual"] | ||
| - ["group:squirrel", "", True, "QueryRowWith", "", "", "ReturnValue", "database", "manual"] | ||
| - ["group:squirrel", "", True, "QueryWith", "", "", "ReturnValue[0]", "database", "manual"] | ||
| - ["group:squirrel", "DeleteBuilder", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] |
Contributor
There was a problem hiding this comment.
Consider adding a comment to the yml models pointing out there are also QL models and vice versa
smowton
approved these changes
Mar 27, 2025
This was referenced Mar 27, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Copy of #18902 with some reviews applied that were more easily done on the command line.