Skip to content

Commit 4df8fac

Browse files
author
Sauyon Lee
authored
Merge pull request #559 from sauyon/xorm
Add Xorm support
2 parents 647bc51 + dc00a17 commit 4df8fac

7 files changed

Lines changed: 1882 additions & 0 deletions

File tree

change-notes/2021-05-06-xorm.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
lgtm,codescanning
2+
* Added support for the `xorm.io/xorm` package

ql/src/semmle/go/frameworks/SQL.qll

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -224,3 +224,33 @@ module Gorm {
224224
result = package(["github.com/jinzhu/gorm", "github.com/go-gorm/gorm", "gorm.io/gorm"], "")
225225
}
226226
}
227+
228+
/**
229+
* Provides classes for working with the [XORM](https://xorm.io/) package.
230+
*/
231+
module Xorm {
232+
/** Gets the package name for Xorm. */
233+
string packagePath() { result = package(["xorm.io/xorm", "github.com/go-xorm/xorm"], "") }
234+
235+
/** A model for sinks of XORM. */
236+
private class XormSink extends SQL::QueryString::Range {
237+
XormSink() {
238+
exists(Method meth, string type, string name, int n |
239+
meth.hasQualifiedName(Xorm::packagePath(), type, name) and
240+
this = meth.getACall().getArgument(n) and
241+
type = ["Engine", "Session"]
242+
|
243+
name =
244+
[
245+
"Query", "Exec", "QueryString", "QueryInterface", "SQL", "Where", "And", "Or", "Alias",
246+
"NotIn", "In", "Select", "SetExpr", "OrderBy", "Having", "GroupBy"
247+
] and
248+
n = 0
249+
or
250+
name = ["SumInt", "Sum", "Sums", "SumsInt"] and n = 1
251+
or
252+
name = "Join" and n = [0, 1, 2]
253+
)
254+
}
255+
}
256+
}

ql/test/library-tests/semmle/go/frameworks/SQL/go.mod

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,4 +6,9 @@ require (
66
github.com/Masterminds/squirrel v1.1.0
77
github.com/go-pg/pg v8.0.6+incompatible
88
github.com/go-pg/pg/v9 v9.1.3
9+
github.com/go-sql-driver/mysql v1.6.0 // indirect
10+
github.com/go-xorm/xorm v0.7.9
11+
github.com/lib/pq v1.10.2 // indirect
12+
github.com/mattn/go-sqlite3 v1.14.7 // indirect
13+
xorm.io/xorm v1.1.0
914
)

0 commit comments

Comments
 (0)