Go: database source models for github.com/beego/beego/client/orm

go/ql/lib/change-notes/2025-01-09-beego-orm-models.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* `database` local source models have been added for the Beego ORM package.

go/ql/lib/ext/github.com.beego.beego.client.orm.model.yml

@@ -6,6 +6,23 @@ extensions:
       - ["beego-orm", "github.com/beego/beego/client/orm"]
       - ["beego-orm", "github.com/astaxie/beego/orm"]
       - ["beego-orm", "github.com/beego/beego/orm"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sourceModel
+    data:
+      - ["group:beego-orm", "DB", True, "Query", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:beego-orm", "DB", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:beego-orm", "DB", True, "QueryRow", "", "", "ReturnValue", "database", "manual"]
+      - ["group:beego-orm", "DB", True, "QueryRowContext", "", "", "ReturnValue", "database", "manual"]
+      - ["group:beego-orm", "DQL", True, "Read", "", "", "Argument[0]", "database", "manual"]
+      - ["group:beego-orm", "DQL", True, "ReadWithCtx", "", "", "Argument[1]", "database", "manual"]
+      - ["group:beego-orm", "DQL", True, "ReadForUpdate", "", "", "Argument[0]", "database", "manual"]
+      - ["group:beego-orm", "DQL", True, "ReadForUpdateWithCtx", "", "", "Argument[1]", "database", "manual"]
+      - ["group:beego-orm", "DQL", True, "ReadOrCreate", "", "", "Argument[0]", "database", "manual"]
+      - ["group:beego-orm", "DQL", True, "ReadOrCreateWithCtx", "", "", "Argument[1]", "database", "manual"]
+      - ["group:beego-orm", "Ormer", True, "Read", "", "", "Argument[0]", "database", "manual"]
+      - ["group:beego-orm", "Ormer", True, "ReadForUpdate", "", "", "Argument[0]", "database", "manual"]
+      - ["group:beego-orm", "Ormer", True, "ReadOrCreate", "", "", "Argument[0]", "database", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: sinkModel
@@ -40,3 +57,4 @@ extensions:
       - ["group:beego-orm", "QueryBuilder", True, "Values", "", "", "Argument[0]", "sql-injection", "manual"]
       - ["group:beego-orm", "QueryBuilder", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"]
       - ["group:beego-orm", "QuerySeter", True, "FilterRaw", "", "", "Argument[1]", "sql-injection", "manual"]
+

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_beego_orm.go

@@ -0,0 +1,37 @@
+package test
+
+import (
+	oldOrm "github.com/astaxie/beego/orm"
+	"github.com/beego/beego/v2/client/orm"
+)
+
+func test_beego_DB(db orm.DB) {
+	rows, err := db.Query("SELECT * FROM users") // $ source
+	ignore(rows, err)
+
+	rows, err = db.QueryContext(nil, "SELECT * FROM users") // $ source
+	ignore(rows, err)
+
+	row := db.QueryRow("SELECT * FROM users") // $ source
+	ignore(row)
+
+	row = db.QueryRowContext(nil, "SELECT * FROM users") // $ source
+	ignore(row)
+}
+
+func test_beego_Ormer() {
+	o := oldOrm.NewOrm()
+	o.Read(&User{})                 // $ source
+	o.ReadForUpdate(&User{})        // $ source
+	o.ReadOrCreate(&User{}, "name") // $ source
+}
+
+func test_beego_DQL() {
+	o := orm.NewOrm()
+	o.Read(&User{})                             // $ source
+	o.ReadWithCtx(nil, &User{})                 // $ source
+	o.ReadForUpdate(&User{})                    // $ source
+	o.ReadForUpdateWithCtx(nil, &User{})        // $ source
+	o.ReadOrCreate(&User{}, "name")             // $ source
+	o.ReadOrCreateWithCtx(nil, &User{}, "name") // $ source
+}