From 831cea663bb9d6f3e1f091c81b65e1198250496f Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Tue, 7 Jan 2025 20:48:59 -0500 Subject: [PATCH 1/6] mongodb models --- ...o.mongodb.org.mongo-driver.mongo.model.yml | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml b/go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml index 6c2d4afdeae2..7b69087b3aa2 100644 --- a/go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml +++ b/go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml @@ -1,4 +1,15 @@ extensions: + - addsTo: + pack: codeql/go-all + extensible: sourceModel + data: + - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Distinct", "", "", "ReturnValue[0]", "database", "manual"] + - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Find", "", "", "ReturnValue[0]", "database", "manual"] + - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOne", "", "", "ReturnValue", "database", "manual"] + - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOneAndDelete", "", "", "ReturnValue", "database", "manual"] + - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOneAndReplace", "", "", "ReturnValue", "database", "manual"] + - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOneAndUpdate", "", "", "ReturnValue", "database", "manual"] + - ["go.mongodb.org/mongo-driver/mongo", "Database", True, "Aggregate", "", "", "ReturnValue[0]", "database", "manual"] - addsTo: pack: codeql/go-all extensible: sinkModel @@ -17,3 +28,12 @@ extensions: - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "UpdateMany", "", "", "Argument[1]", "nosql-injection", "manual"] - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "UpdateOne", "", "", "Argument[1]", "nosql-injection", "manual"] - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Watch", "", "", "Argument[1]", "nosql-injection", "manual"] + - addsTo: + pack: codeql/go-all + extensible: summaryModel + data: + - ["go.mongodb.org/mongo-driver/mongo", "Cursor", True, "All", "", "", "Argument[receiver]", "Argument[1]", "taint", "manual"] + - ["go.mongodb.org/mongo-driver/mongo", "ChangeStream", True, "Decode", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["go.mongodb.org/mongo-driver/mongo", "Cursor", True, "Decode", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["go.mongodb.org/mongo-driver/mongo", "SingleResult", True, "Decode", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["go.mongodb.org/mongo-driver/mongo", "SingleResult", True, "Raw", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] From 6a8945c55df66ce029f887057aa4186773547ad1 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Tue, 7 Jan 2025 22:37:41 -0500 Subject: [PATCH 2/6] Add missing models --- go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml b/go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml index 7b69087b3aa2..cd57507f6e74 100644 --- a/go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml +++ b/go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml @@ -3,12 +3,14 @@ extensions: pack: codeql/go-all extensible: sourceModel data: + - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Aggregate", "", "", "ReturnValue[0]", "database", "manual"] - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Distinct", "", "", "ReturnValue[0]", "database", "manual"] - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Find", "", "", "ReturnValue[0]", "database", "manual"] - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOne", "", "", "ReturnValue", "database", "manual"] - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOneAndDelete", "", "", "ReturnValue", "database", "manual"] - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOneAndReplace", "", "", "ReturnValue", "database", "manual"] - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOneAndUpdate", "", "", "ReturnValue", "database", "manual"] + - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Watch", "", "", "ReturnValue[0]", "database", "manual"] - ["go.mongodb.org/mongo-driver/mongo", "Database", True, "Aggregate", "", "", "ReturnValue[0]", "database", "manual"] - addsTo: pack: codeql/go-all From 68ab7671895c591a7ab5d354c72f15464a5ee2b0 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Tue, 7 Jan 2025 22:37:57 -0500 Subject: [PATCH 3/6] Sort models in alphabetical order --- go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml b/go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml index cd57507f6e74..414b8bf24d5f 100644 --- a/go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml +++ b/go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml @@ -34,8 +34,8 @@ extensions: pack: codeql/go-all extensible: summaryModel data: - - ["go.mongodb.org/mongo-driver/mongo", "Cursor", True, "All", "", "", "Argument[receiver]", "Argument[1]", "taint", "manual"] - ["go.mongodb.org/mongo-driver/mongo", "ChangeStream", True, "Decode", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["go.mongodb.org/mongo-driver/mongo", "Cursor", True, "All", "", "", "Argument[receiver]", "Argument[1]", "taint", "manual"] - ["go.mongodb.org/mongo-driver/mongo", "Cursor", True, "Decode", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] - ["go.mongodb.org/mongo-driver/mongo", "SingleResult", True, "Decode", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] - ["go.mongodb.org/mongo-driver/mongo", "SingleResult", True, "Raw", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] From 9a7f14f71725b71d167e858b03f0671cd9e4c8b1 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Tue, 14 Jan 2025 22:35:34 -0500 Subject: [PATCH 4/6] Add Database::Watch --- go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml b/go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml index 414b8bf24d5f..c958c2250ede 100644 --- a/go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml +++ b/go/ql/lib/ext/go.mongodb.org.mongo-driver.mongo.model.yml @@ -12,6 +12,7 @@ extensions: - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "FindOneAndUpdate", "", "", "ReturnValue", "database", "manual"] - ["go.mongodb.org/mongo-driver/mongo", "Collection", True, "Watch", "", "", "ReturnValue[0]", "database", "manual"] - ["go.mongodb.org/mongo-driver/mongo", "Database", True, "Aggregate", "", "", "ReturnValue[0]", "database", "manual"] + - ["go.mongodb.org/mongo-driver/mongo", "Database", True, "Watch", "", "", "ReturnValue[0]", "database", "manual"] - addsTo: pack: codeql/go-all extensible: sinkModel From 55422d27fb5166cbd0ab8855c4407cc0191bc348 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Tue, 14 Jan 2025 22:36:13 -0500 Subject: [PATCH 5/6] mongodb tests --- .../flowsources/local/database/go.mod | 1 + .../local/database/test_mongo_driver_mongo.go | 106 ++++ .../go.mongodb.org/mongo-driver/mongo/stub.go | 496 ++++++++++++++++++ .../local/database/vendor/modules.txt | 3 + 4 files changed, 606 insertions(+) create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_mongo_driver_mongo.go create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/go.mongodb.org/mongo-driver/mongo/stub.go diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod index 156f9593dadd..36491d136fac 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod @@ -5,4 +5,5 @@ go 1.22.5 require ( gorm.io/gorm v1.23.0 github.com/jmoiron/sqlx v1.4.0 + go.mongodb.org/mongo-driver/mongo v1.17.2 ) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_mongo_driver_mongo.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_mongo_driver_mongo.go new file mode 100644 index 000000000000..9444208ca0b7 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_mongo_driver_mongo.go @@ -0,0 +1,106 @@ +package test + +import ( + "context" + + "go.mongodb.org/mongo-driver/mongo" +) + +func test_mongo_driver_mongo_collection(coll *mongo.Collection, ctx context.Context, pipeline any) { + cursor, err := coll.Aggregate(ctx, pipeline) // $ source + if err != nil { + return + } + + var users []User + + err = cursor.All(ctx, &users) + + sink(users) // $ hasTaintFlow="users" + + distinct, err := coll.Distinct(ctx, "name", nil) // $ source + if err != nil { + return + } + + sink(distinct) // $ hasTaintFlow="distinct" + + cursor2, err := coll.Find(ctx, nil) // $ source + if err != nil { + return + } + + sink(cursor2) // $ hasTaintFlow="cursor2" + + var user1, user2, user3, user4 User + + single1 := coll.FindOne(ctx, nil) // $ source + if err != nil { + return + } + + single1.Decode(&user1) + + sink(user1) // $ hasTaintFlow="user1" + + single2 := coll.FindOneAndDelete(ctx, nil) // $ source + if err != nil { + return + } + + single2.Decode(&user2) + + sink(user2) // $ hasTaintFlow="user2" + + single3 := coll.FindOneAndReplace(ctx, nil) // $ source + if err != nil { + return + } + + single3.Decode(&user3) + + sink(user3) // $ hasTaintFlow="user3" + + single4 := coll.FindOneAndUpdate(ctx, nil, nil) // $ source + if err != nil { + return + } + + single4.Decode(&user4) + + sink(user4) // $ hasTaintFlow="user4" + + changeStream, err := coll.Watch(ctx, pipeline) // $ source + if err != nil { + return + } + + for changeStream.Next(ctx) { + var userCs User + changeStream.Decode(&userCs) + sink(userCs) // $ hasTaintFlow="userCs" + } +} + +func test_mongo_driver_mongo_database(db *mongo.Database, ctx context.Context, pipeline any) { + agg, err := db.Aggregate(ctx, pipeline) // $ source + + if err != nil { + return + } + + var user User + agg.Decode(&user) + sink(user) // $ hasTaintFlow="user" + + changeStream, err := db.Watch(ctx, pipeline) // $ source + if err != nil { + return + } + + for changeStream.Next(ctx) { + var userCs User + changeStream.Decode(&userCs) + sink(userCs) // $ hasTaintFlow="userCs" + } +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/go.mongodb.org/mongo-driver/mongo/stub.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/go.mongodb.org/mongo-driver/mongo/stub.go new file mode 100644 index 000000000000..de7cd2404c2a --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/go.mongodb.org/mongo-driver/mongo/stub.go @@ -0,0 +1,496 @@ +// Code generated by depstubber. DO NOT EDIT. +// This is a simple stub for go.mongodb.org/mongo-driver/mongo, strictly for use in testing. + +// See the LICENSE file for information about the licensing of the original library. +// Source: go.mongodb.org/mongo-driver/mongo (exports: Collection,Database; functions: ) + +// Package mongo is a stub of go.mongodb.org/mongo-driver/mongo, generated by depstubber. +package mongo + +import ( + context "context" + time "time" +) + +type BulkWriteResult struct { + InsertedCount int64 + MatchedCount int64 + ModifiedCount int64 + DeletedCount int64 + UpsertedCount int64 + UpsertedIDs map[int64]interface{} +} + +type ChangeStream struct { + Current interface{} +} + +func (_ *ChangeStream) Close(_ context.Context) error { + return nil +} + +func (_ *ChangeStream) Decode(_ interface{}) error { + return nil +} + +func (_ *ChangeStream) Err() error { + return nil +} + +func (_ *ChangeStream) ID() int64 { + return 0 +} + +func (_ *ChangeStream) Next(_ context.Context) bool { + return false +} + +func (_ *ChangeStream) RemainingBatchLength() int { + return 0 +} + +func (_ *ChangeStream) ResumeToken() interface{} { + return nil +} + +func (_ *ChangeStream) SetBatchSize(_ int32) {} + +func (_ *ChangeStream) TryNext(_ context.Context) bool { + return false +} + +type Client struct{} + +func (_ *Client) Connect(_ context.Context) error { + return nil +} + +func (_ *Client) Database(_ string, _ ...interface{}) *Database { + return nil +} + +func (_ *Client) Disconnect(_ context.Context) error { + return nil +} + +func (_ *Client) ListDatabaseNames(_ context.Context, _ interface{}, _ ...interface{}) ([]string, error) { + return nil, nil +} + +func (_ *Client) ListDatabases(_ context.Context, _ interface{}, _ ...interface{}) (ListDatabasesResult, error) { + return ListDatabasesResult{}, nil +} + +func (_ *Client) NumberSessionsInProgress() int { + return 0 +} + +func (_ *Client) Ping(_ context.Context, _ interface{}) error { + return nil +} + +func (_ *Client) StartSession(_ ...interface{}) (Session, error) { + return nil, nil +} + +func (_ *Client) Timeout() *time.Duration { + return nil +} + +func (_ *Client) UseSession(_ context.Context, _ func(SessionContext) error) error { + return nil +} + +func (_ *Client) UseSessionWithOptions(_ context.Context, _ interface{}, _ func(SessionContext) error) error { + return nil +} + +func (_ *Client) Watch(_ context.Context, _ interface{}, _ ...interface{}) (*ChangeStream, error) { + return nil, nil +} + +type Collection struct{} + +func (_ *Collection) Aggregate(_ context.Context, _ interface{}, _ ...interface{}) (*Cursor, error) { + return nil, nil +} + +func (_ *Collection) BulkWrite(_ context.Context, _ []WriteModel, _ ...interface{}) (*BulkWriteResult, error) { + return nil, nil +} + +func (_ *Collection) Clone(_ ...interface{}) (*Collection, error) { + return nil, nil +} + +func (_ *Collection) CountDocuments(_ context.Context, _ interface{}, _ ...interface{}) (int64, error) { + return 0, nil +} + +func (_ *Collection) Database() *Database { + return nil +} + +func (_ *Collection) DeleteMany(_ context.Context, _ interface{}, _ ...interface{}) (*DeleteResult, error) { + return nil, nil +} + +func (_ *Collection) DeleteOne(_ context.Context, _ interface{}, _ ...interface{}) (*DeleteResult, error) { + return nil, nil +} + +func (_ *Collection) Distinct(_ context.Context, _ string, _ interface{}, _ ...interface{}) ([]interface{}, error) { + return nil, nil +} + +func (_ *Collection) Drop(_ context.Context) error { + return nil +} + +func (_ *Collection) EstimatedDocumentCount(_ context.Context, _ ...interface{}) (int64, error) { + return 0, nil +} + +func (_ *Collection) Find(_ context.Context, _ interface{}, _ ...interface{}) (*Cursor, error) { + return nil, nil +} + +func (_ *Collection) FindOne(_ context.Context, _ interface{}, _ ...interface{}) *SingleResult { + return nil +} + +func (_ *Collection) FindOneAndDelete(_ context.Context, _ interface{}, _ ...interface{}) *SingleResult { + return nil +} + +func (_ *Collection) FindOneAndReplace(_ context.Context, _ interface{}, _ interface{}, _ ...interface{}) *SingleResult { + return nil +} + +func (_ *Collection) FindOneAndUpdate(_ context.Context, _ interface{}, _ interface{}, _ ...interface{}) *SingleResult { + return nil +} + +func (_ *Collection) Indexes() IndexView { + return IndexView{} +} + +func (_ *Collection) InsertMany(_ context.Context, _ []interface{}, _ ...interface{}) (*InsertManyResult, error) { + return nil, nil +} + +func (_ *Collection) InsertOne(_ context.Context, _ interface{}, _ ...interface{}) (*InsertOneResult, error) { + return nil, nil +} + +func (_ *Collection) Name() string { + return "" +} + +func (_ *Collection) ReplaceOne(_ context.Context, _ interface{}, _ interface{}, _ ...interface{}) (*UpdateResult, error) { + return nil, nil +} + +func (_ *Collection) SearchIndexes() SearchIndexView { + return SearchIndexView{} +} + +func (_ *Collection) UpdateByID(_ context.Context, _ interface{}, _ interface{}, _ ...interface{}) (*UpdateResult, error) { + return nil, nil +} + +func (_ *Collection) UpdateMany(_ context.Context, _ interface{}, _ interface{}, _ ...interface{}) (*UpdateResult, error) { + return nil, nil +} + +func (_ *Collection) UpdateOne(_ context.Context, _ interface{}, _ interface{}, _ ...interface{}) (*UpdateResult, error) { + return nil, nil +} + +func (_ *Collection) Watch(_ context.Context, _ interface{}, _ ...interface{}) (*ChangeStream, error) { + return nil, nil +} + +type CollectionSpecification struct { + Name string + Type string + ReadOnly bool + UUID interface{} + Options interface{} + IDIndex *IndexSpecification +} + +func (_ *CollectionSpecification) UnmarshalBSON(_ []byte) error { + return nil +} + +type Cursor struct { + Current interface{} +} + +func (_ *Cursor) All(_ context.Context, _ interface{}) error { + return nil +} + +func (_ *Cursor) Close(_ context.Context) error { + return nil +} + +func (_ *Cursor) Decode(_ interface{}) error { + return nil +} + +func (_ *Cursor) Err() error { + return nil +} + +func (_ *Cursor) ID() int64 { + return 0 +} + +func (_ *Cursor) Next(_ context.Context) bool { + return false +} + +func (_ *Cursor) RemainingBatchLength() int { + return 0 +} + +func (_ *Cursor) SetBatchSize(_ int32) {} + +func (_ *Cursor) SetComment(_ interface{}) {} + +func (_ *Cursor) SetMaxTime(_ time.Duration) {} + +func (_ *Cursor) TryNext(_ context.Context) bool { + return false +} + +type Database struct{} + +func (_ *Database) Aggregate(_ context.Context, _ interface{}, _ ...interface{}) (*Cursor, error) { + return nil, nil +} + +func (_ *Database) Client() *Client { + return nil +} + +func (_ *Database) Collection(_ string, _ ...interface{}) *Collection { + return nil +} + +func (_ *Database) CreateCollection(_ context.Context, _ string, _ ...interface{}) error { + return nil +} + +func (_ *Database) CreateView(_ context.Context, _ string, _ string, _ interface{}, _ ...interface{}) error { + return nil +} + +func (_ *Database) Drop(_ context.Context) error { + return nil +} + +func (_ *Database) ListCollectionNames(_ context.Context, _ interface{}, _ ...interface{}) ([]string, error) { + return nil, nil +} + +func (_ *Database) ListCollectionSpecifications(_ context.Context, _ interface{}, _ ...interface{}) ([]*CollectionSpecification, error) { + return nil, nil +} + +func (_ *Database) ListCollections(_ context.Context, _ interface{}, _ ...interface{}) (*Cursor, error) { + return nil, nil +} + +func (_ *Database) Name() string { + return "" +} + +func (_ *Database) ReadConcern() interface{} { + return nil +} + +func (_ *Database) ReadPreference() interface{} { + return nil +} + +func (_ *Database) RunCommand(_ context.Context, _ interface{}, _ ...interface{}) *SingleResult { + return nil +} + +func (_ *Database) RunCommandCursor(_ context.Context, _ interface{}, _ ...interface{}) (*Cursor, error) { + return nil, nil +} + +func (_ *Database) Watch(_ context.Context, _ interface{}, _ ...interface{}) (*ChangeStream, error) { + return nil, nil +} + +func (_ *Database) WriteConcern() interface{} { + return nil +} + +type DatabaseSpecification struct { + Name string + SizeOnDisk int64 + Empty bool +} + +type DeleteResult struct { + DeletedCount int64 +} + +type IndexModel struct { + Keys interface{} + Options interface{} +} + +type IndexSpecification struct { + Name string + Namespace string + KeysDocument interface{} + Version int32 + ExpireAfterSeconds *int32 + Sparse *bool + Unique *bool + Clustered *bool +} + +func (_ *IndexSpecification) UnmarshalBSON(_ []byte) error { + return nil +} + +type IndexView struct{} + +func (_ IndexView) CreateMany(_ context.Context, _ []IndexModel, _ ...interface{}) ([]string, error) { + return nil, nil +} + +func (_ IndexView) CreateOne(_ context.Context, _ IndexModel, _ ...interface{}) (string, error) { + return "", nil +} + +func (_ IndexView) DropAll(_ context.Context, _ ...interface{}) (interface{}, error) { + return nil, nil +} + +func (_ IndexView) DropOne(_ context.Context, _ string, _ ...interface{}) (interface{}, error) { + return nil, nil +} + +func (_ IndexView) DropOneWithKey(_ context.Context, _ interface{}, _ ...interface{}) (interface{}, error) { + return nil, nil +} + +func (_ IndexView) List(_ context.Context, _ ...interface{}) (*Cursor, error) { + return nil, nil +} + +func (_ IndexView) ListSpecifications(_ context.Context, _ ...interface{}) ([]*IndexSpecification, error) { + return nil, nil +} + +type InsertManyResult struct { + InsertedIDs []interface{} +} + +type InsertOneResult struct { + InsertedID interface{} +} + +type ListDatabasesResult struct { + Databases []DatabaseSpecification + TotalSize int64 +} + +type SearchIndexModel struct { + Definition interface{} + Options interface{} +} + +type SearchIndexView struct{} + +func (_ SearchIndexView) CreateMany(_ context.Context, _ []SearchIndexModel, _ ...interface{}) ([]string, error) { + return nil, nil +} + +func (_ SearchIndexView) CreateOne(_ context.Context, _ SearchIndexModel, _ ...interface{}) (string, error) { + return "", nil +} + +func (_ SearchIndexView) DropOne(_ context.Context, _ string, _ ...interface{}) error { + return nil +} + +func (_ SearchIndexView) List(_ context.Context, _ interface{}, _ ...interface{}) (*Cursor, error) { + return nil, nil +} + +func (_ SearchIndexView) UpdateOne(_ context.Context, _ string, _ interface{}, _ ...interface{}) error { + return nil +} + +type Session interface { + AbortTransaction(_ context.Context) error + AdvanceClusterTime(_ interface{}) error + AdvanceOperationTime(_ interface{}) error + Client() *Client + ClusterTime() interface{} + CommitTransaction(_ context.Context) error + EndSession(_ context.Context) + ID() interface{} + OperationTime() interface{} + StartTransaction(_ ...interface{}) error + WithTransaction(_ context.Context, _ func(SessionContext) (interface{}, error), _ ...interface{}) (interface{}, error) +} + +type SessionContext interface { + AbortTransaction(_ context.Context) error + AdvanceClusterTime(_ interface{}) error + AdvanceOperationTime(_ interface{}) error + Client() *Client + ClusterTime() interface{} + CommitTransaction(_ context.Context) error + Deadline() (time.Time, bool) + Done() <-chan struct{} + EndSession(_ context.Context) + Err() error + ID() interface{} + OperationTime() interface{} + StartTransaction(_ ...interface{}) error + Value(_ interface{}) interface{} + WithTransaction(_ context.Context, _ func(SessionContext) (interface{}, error), _ ...interface{}) (interface{}, error) +} + +type SingleResult struct{} + +func (_ *SingleResult) Decode(_ interface{}) error { + return nil +} + +func (_ *SingleResult) DecodeBytes() (interface{}, error) { + return nil, nil +} + +func (_ *SingleResult) Err() error { + return nil +} + +func (_ *SingleResult) Raw() (interface{}, error) { + return nil, nil +} + +type UpdateResult struct { + MatchedCount int64 + ModifiedCount int64 + UpsertedCount int64 + UpsertedID interface{} +} + +func (_ *UpdateResult) UnmarshalBSON(_ []byte) error { + return nil +} + +type WriteModel interface{} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt index c2d59db51216..333381508d66 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt @@ -4,3 +4,6 @@ gorm.io/gorm # github.com/jmoiron/sqlx v1.4.0 ## explicit github.com/jmoiron/sqlx +# go.mongodb.org/mongo-driver/mongo v1.17.2 +## explicit +go.mongodb.org/mongo-driver/mongo From 4ac59795b9cd275cfcee2c38886373ba281e39b0 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Tue, 14 Jan 2025 22:41:49 -0500 Subject: [PATCH 6/6] Change note --- go/ql/lib/change-notes/2025-01-14-mongodb-models.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 go/ql/lib/change-notes/2025-01-14-mongodb-models.md diff --git a/go/ql/lib/change-notes/2025-01-14-mongodb-models.md b/go/ql/lib/change-notes/2025-01-14-mongodb-models.md new file mode 100644 index 000000000000..22b22d0b856c --- /dev/null +++ b/go/ql/lib/change-notes/2025-01-14-mongodb-models.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +--- +* Added `database` source models for database methods from the `go.mongodb.org/mongo-driver/mongo` package. +