Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Go: Add database source models for the squirrel package (#2) #19090

Merged
merged 10 commits into from
Mar 27, 2025
Merged

Go: Add database source models for the squirrel package (#2) #19090

merged 10 commits into from
Mar 27, 2025

Conversation

owen-mc
Copy link
Contributor

@owen-mc owen-mc commented Mar 21, 2025
edited
Loading

Copy of #18902 with some reviews applied that were more easily done on the command line.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 21, 2025
edited
Loading

⚠️ The head of this PR and the base branch were compared for differences in the framework coverage reports. The generated reports are available in the artifacts of this workflow run. The differences will be picked up by the nightly job after the PR gets merged.

Click to show differences in coverage

go

Generated file changes for go

  • Changes to framework-coverage-go.rst:
-    `Squirrel <https://github.com/Masterminds/squirrel>`_,"``github.com/Masterminds/squirrel*``, ``github.com/lann/squirrel*``, ``gopkg.in/Masterminds/squirrel``",,,96
+    `Squirrel <https://github.com/Masterminds/squirrel>`_,"``github.com/Masterminds/squirrel*``, ``github.com/lann/squirrel*``, ``gopkg.in/Masterminds/squirrel``",81,,96
-    Totals,,560,1048,1556
+    Totals,,641,1048,1556
  • Changes to framework-coverage-go.csv:
- github.com/Masterminds/squirrel,32,,,,,,,,,,,,,,32,,,,,,,,,,,,
+ github.com/Masterminds/squirrel,32,27,,,,,,,,,,,,,32,,,,,,27,,,,,,
- github.com/lann/squirrel,32,,,,,,,,,,,,,,32,,,,,,,,,,,,
+ github.com/lann/squirrel,32,27,,,,,,,,,,,,,32,,,,,,27,,,,,,
- gopkg.in/Masterminds/squirrel,32,,,,,,,,,,,,,,32,,,,,,,,,,,,
+ gopkg.in/Masterminds/squirrel,32,27,,,,,,,,,,,,,32,,,,,,27,,,,,,

@owen-mc owen-mc force-pushed the review/egregius313/18902 branch from ab53cd9 to 0fbeef8 Compare March 25, 2025 10:33
@owen-mc owen-mc marked this pull request as ready for review March 25, 2025 10:52
@Copilot Copilot bot review requested due to automatic review settings March 25, 2025 10:52
@owen-mc owen-mc requested a review from a team as a code owner March 25, 2025 10:52
Copilot
Copilot AI reviewed Mar 25, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds database source models for the github.com/Masterminds/squirrel ORM package along with corresponding tests and YAML configuration updates.

  • Introduces new test functions in Go to validate taint flows from various squirrel methods.
  • Updates YAML extension files (test and source) with new source model configurations.
  • Adds change notes to document the introduction of the database source models.

Reviewed Changes

Copilot reviewed 8 out of 11 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_Masterminds_squirrel.go New test functions for database flows using squirrel methods
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test.ext.yml Added source model configuration for the database flows
go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/source.ext.yml Added source model configuration for the database flows
go/ql/lib/ext/github.com.masterminds.squirrel.model.yml Extended the model with new source model entries for squirrel
go/ql/lib/change-notes/2025-03-02-squirrel-source-models.md Added change notes for the new database source models
Files not reviewed (3)
  • go/ql/lib/go.qll: Language not supported
  • go/ql/lib/semmle/go/frameworks/Squirrel.qll: Language not supported
  • go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod: Language not supported

Tip: Copilot code review supports C#, Go, Java, JavaScript, Markdown, Python, Ruby and TypeScript, with more languages coming soon. Learn more

...est/library-tests/semmle/go/dataflow/flowsources/local/database/test_Masterminds_squirrel.go
Comment on lines +97 to +99
if err != nil {
return
}
Copy link
Preview

Copilot AI Mar 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The error check after calling std.QueryRow("") is invalid since QueryRow does not return an error. Remove the error check on line 97.

Suggested change
if err != nil {
return
}

Copilot is powered by AI, so mistakes are possible. Review output carefully before use.

@owen-mc owen-mc requested a review from smowton March 27, 2025 11:37
smowton
smowton previously approved these changes Mar 27, 2025
View reviewed changes
Copy link
Contributor

@smowton smowton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks plausible. Haven't trawled the godoc of the library for other modelling candidates.

go/ql/lib/semmle/go/frameworks/Squirrel.qll Outdated
FunctionOutput outp;

BuilderScan() {
// signature: func (b InsertBuilder) Scan(dest ...interface{}) error
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// signature: func (b InsertBuilder) Scan(dest ...interface{}) error
// signature: func (b {Insert,Delete,Select,Update}Builder) Scan(dest ...interface{}) error

go/ql/lib/semmle/go/frameworks/Squirrel.qll Outdated
FunctionOutput outp;

BuilderScanContext() {
// signature: func (b InsertBuilder) ScanContext(ctx context.Context, dest ...interface{}) error
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// signature: func (b InsertBuilder) ScanContext(ctx context.Context, dest ...interface{}) error
// signature: func (b {Insert,Delete,Select,Update}Builder) ScanContext(ctx context.Context, dest ...interface{}) error

smowton
smowton reviewed Mar 27, 2025
View reviewed changes
go/ql/lib/ext/github.com.masterminds.squirrel.model.yml
- ["group:squirrel", "", True, "QueryRowContextWith", "", "", "ReturnValue", "database", "manual"]
- ["group:squirrel", "", True, "QueryRowWith", "", "", "ReturnValue", "database", "manual"]
- ["group:squirrel", "", True, "QueryWith", "", "", "ReturnValue[0]", "database", "manual"]
- ["group:squirrel", "DeleteBuilder", True, "Query", "", "", "ReturnValue[0]", "database", "manual"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider adding a comment to the yml models pointing out there are also QL models and vice versa

@owen-mc owen-mc requested a review from smowton March 27, 2025 13:54
@owen-mc owen-mc merged commit dc242da into github:main Mar 27, 2025
15 checks passed
@owen-mc owen-mc deleted the review/egregius313/18902 branch March 27, 2025 15:54
This was referenced Mar 27, 2025
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@smowton smowton smowton approved these changes

Assignees
No one assigned
Labels
documentation Go
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@owen-mc @smowton @egregius313