Merge pull request #17157 from owen-mc/go/mad/change-provenance-for-p…

…ackage-grouping

Go: Change provenance for MaD models that use package grouping

go/ql/lib/semmle/go/dataflow/ExternalFlow.qll

@@ -183,7 +183,8 @@ predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) {
     string package, string type, boolean subtypes, string name, string signature, string ext,
     string output, string kind, string provenance
   |
-    sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance, madId) and
+    FlowExtensions::sourceModel(package, type, subtypes, name, signature, ext, output, kind,
+      provenance, madId) and
     model =
       "Source: " + package + "; " + type + "; " + subtypes + "; " + name + "; " + signature + "; " +
         ext + "; " + output + "; " + kind + "; " + provenance
@@ -193,7 +194,8 @@ predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) {
     string package, string type, boolean subtypes, string name, string signature, string ext,
     string input, string kind, string provenance
   |
-    sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance, madId) and
+    FlowExtensions::sinkModel(package, type, subtypes, name, signature, ext, input, kind,
+      provenance, madId) and
     model =
       "Sink: " + package + "; " + type + "; " + subtypes + "; " + name + "; " + signature + "; " +
         ext + "; " + input + "; " + kind + "; " + provenance
@@ -203,8 +205,8 @@ predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) {
     string package, string type, boolean subtypes, string name, string signature, string ext,
     string input, string output, string kind, string provenance
   |
-    summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance,
-      madId) and
+    FlowExtensions::summaryModel(package, type, subtypes, name, signature, ext, input, output, kind,
+      provenance, madId) and
     model =
       "Summary: " + package + "; " + type + "; " + subtypes + "; " + name + "; " + signature + "; " +
         ext + "; " + input + "; " + output + "; " + kind + "; " + provenance

go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected

@@ -17,12 +17,8 @@ edges
 | test.go:340:15:340:26 | call to Data | test.go:344:23:344:31 | untrusted | provenance | Src:MaD:2  |
 models
 | 1 | Summary: encoding/json; ; false; Unmarshal; ; ; Argument[0]; Argument[1]; taint; manual |
-| 2 | Source: github.com/astaxie/beego/context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual |
-| 2 | Source: github.com/beego/beego/context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual |
-| 2 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual |
-| 3 | Source: github.com/astaxie/beego/context; BeegoInput; true; RequestBody; ; ; ; remote; manual |
-| 3 | Source: github.com/beego/beego/context; BeegoInput; true; RequestBody; ; ; ; remote; manual |
-| 3 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; RequestBody; ; ; ; remote; manual |
+| 2 | Source: group:beego-context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual |
+| 3 | Source: group:beego-context; BeegoInput; true; RequestBody; ; ; ; remote; manual |
 nodes
 | test.go:215:15:215:26 | call to Data | semmle.label | call to Data |
 | test.go:216:18:216:26 | untrusted | semmle.label | untrusted |

go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected

@@ -7,8 +7,7 @@ edges
 | EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Src:MaD:1 Config |
 | EndToEnd.go:94:20:94:32 | selection of Form | EndToEnd.go:94:20:94:49 | call to Get | provenance | Config |
 models
-| 1 | Source: github.com/revel/revel; Controller; true; Params; ; ; ; remote; manual |
-| 1 | Source: github.com/robfig/revel; Controller; true; Params; ; ; ; remote; manual |
+| 1 | Source: group:revel; Controller; true; Params; ; ; ; remote; manual |
 nodes
 | EndToEnd.go:94:20:94:27 | implicit dereference | semmle.label | implicit dereference |
 | EndToEnd.go:94:20:94:27 | selection of Params | semmle.label | selection of Params |

go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected

@@ -15,8 +15,7 @@ edges
 | examples/booking/app/init.go:36:44:36:48 | selection of URL | examples/booking/app/init.go:36:44:36:53 | selection of Path | provenance | Src:MaD:3  |
 | examples/booking/app/init.go:40:49:40:53 | selection of URL | examples/booking/app/init.go:40:49:40:58 | selection of Path | provenance | Src:MaD:3  |
 models
-| 1 | Source: github.com/revel/revel; Controller; true; Params; ; ; ; remote; manual |
-| 1 | Source: github.com/robfig/revel; Controller; true; Params; ; ; ; remote; manual |
+| 1 | Source: group:revel; Controller; true; Params; ; ; ; remote; manual |
 | 2 | Summary: io; StringWriter; true; WriteString; ; ; Argument[0]; Argument[receiver]; taint; manual |
 | 3 | Source: net/http; Request; true; URL; ; ; ; remote; manual |
 | 4 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |

go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected

@@ -7,8 +7,7 @@ edges
 | EndToEnd.go:64:26:64:33 | selection of Params | EndToEnd.go:64:26:64:38 | selection of Form | provenance | Src:MaD:1  |
 | EndToEnd.go:64:26:64:38 | selection of Form | EndToEnd.go:64:26:64:55 | call to Get | provenance | MaD:2 |
 models
-| 1 | Source: github.com/revel/revel; Controller; true; Params; ; ; ; remote; manual |
-| 1 | Source: github.com/robfig/revel; Controller; true; Params; ; ; ; remote; manual |
+| 1 | Source: group:revel; Controller; true; Params; ; ; ; remote; manual |
 | 2 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
 nodes
 | EndToEnd.go:58:18:58:25 | selection of Params | semmle.label | selection of Params |

go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected

@@ -15,14 +15,8 @@ edges
 | golang-jwt-v5.go:29:25:29:35 | signedToken | golang-jwt-v5.go:32:29:32:39 | definition of signedToken | provenance |  |
 | golang-jwt-v5.go:32:29:32:39 | definition of signedToken | golang-jwt-v5.go:34:58:34:68 | signedToken | provenance |  Sink:MaD:3 |
 models
-| 1 | Sink: github.com/go-jose/go-jose/jwt; JSONWebToken; true; UnsafeClaimsWithoutVerification; ; ; Argument[receiver]; jwt; manual |
-| 1 | Sink: github.com/square/go-jose/jwt; JSONWebToken; true; UnsafeClaimsWithoutVerification; ; ; Argument[receiver]; jwt; manual |
-| 1 | Sink: gopkg.in/go-jose/go-jose/jwt; JSONWebToken; true; UnsafeClaimsWithoutVerification; ; ; Argument[receiver]; jwt; manual |
-| 1 | Sink: gopkg.in/square/go-jose/jwt; JSONWebToken; true; UnsafeClaimsWithoutVerification; ; ; Argument[receiver]; jwt; manual |
-| 2 | Summary: github.com/go-jose/go-jose/jwt; ; true; ParseSigned; ; ; Argument[0]; ReturnValue[0]; taint; manual |
-| 2 | Summary: github.com/square/go-jose/jwt; ; true; ParseSigned; ; ; Argument[0]; ReturnValue[0]; taint; manual |
-| 2 | Summary: gopkg.in/go-jose/go-jose/jwt; ; true; ParseSigned; ; ; Argument[0]; ReturnValue[0]; taint; manual |
-| 2 | Summary: gopkg.in/square/go-jose/jwt; ; true; ParseSigned; ; ; Argument[0]; ReturnValue[0]; taint; manual |
+| 1 | Sink: group:go-jose/jwt; JSONWebToken; true; UnsafeClaimsWithoutVerification; ; ; Argument[receiver]; jwt; manual |
+| 2 | Summary: group:go-jose/jwt; ; true; ParseSigned; ; ; Argument[0]; ReturnValue[0]; taint; manual |
 | 3 | Sink: github.com/golang-jwt/jwt; Parser; true; ParseUnverified; ; ; Argument[0]; jwt; manual |
 | 4 | Source: net/http; Request; true; URL; ; ; ; remote; manual |
 | 5 | Summary: net/url; URL; true; Query; ; ; Argument[receiver]; ReturnValue; taint; manual |

go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected

@@ -124,33 +124,16 @@ models
 | 21 | Sink: github.com/ChrisTrenkamp/goxpath; ; true; MustParse; ; ; Argument[0]; xpath-injection; manual |
 | 22 | Sink: github.com/ChrisTrenkamp/goxpath; ; true; Parse; ; ; Argument[0]; xpath-injection; manual |
 | 23 | Sink: github.com/ChrisTrenkamp/goxpath; ; true; ParseExec; ; ; Argument[0]; xpath-injection; manual |
-| 24 | Sink: github.com/crankycoder/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
-| 24 | Sink: github.com/go-xmlpath/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
-| 24 | Sink: github.com/going/toolkit/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
-| 24 | Sink: github.com/masterzen/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
-| 24 | Sink: gopkg.in/go-xmlpath/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
-| 24 | Sink: gopkg.in/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
-| 24 | Sink: launchpad.net/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
-| 25 | Sink: github.com/crankycoder/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
-| 25 | Sink: github.com/go-xmlpath/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
-| 25 | Sink: github.com/going/toolkit/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
-| 25 | Sink: github.com/masterzen/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
-| 25 | Sink: gopkg.in/go-xmlpath/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
-| 25 | Sink: gopkg.in/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
-| 25 | Sink: launchpad.net/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
+| 24 | Sink: group:xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
+| 25 | Sink: group:xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
 | 26 | Sink: github.com/lestrrat-go/libxml2/parser; Parser; true; Parse; ; ; Argument[0]; xpath-injection; manual |
 | 27 | Sink: github.com/lestrrat-go/libxml2/parser; Parser; true; ParseReader; ; ; Argument[0]; xpath-injection; manual |
 | 28 | Sink: github.com/lestrrat-go/libxml2/parser; Parser; true; ParseString; ; ; Argument[0]; xpath-injection; manual |
-| 29 | Sink: github.com/jbowtie/gokogiri/xml; Node; true; Search; ; ; Argument[0]; xpath-injection; manual |
-| 29 | Sink: github.com/moovweb/gokogiri/xml; Node; true; Search; ; ; Argument[0]; xpath-injection; manual |
-| 30 | Sink: github.com/jbowtie/gokogiri/xml; Node; true; SearchWithVariables; ; ; Argument[0]; xpath-injection; manual |
-| 30 | Sink: github.com/moovweb/gokogiri/xml; Node; true; SearchWithVariables; ; ; Argument[0]; xpath-injection; manual |
-| 31 | Sink: github.com/jbowtie/gokogiri/xml; Node; true; EvalXPath; ; ; Argument[0]; xpath-injection; manual |
-| 31 | Sink: github.com/moovweb/gokogiri/xml; Node; true; EvalXPath; ; ; Argument[0]; xpath-injection; manual |
-| 32 | Sink: github.com/jbowtie/gokogiri/xml; Node; true; EvalXPathAsBoolean; ; ; Argument[0]; xpath-injection; manual |
-| 32 | Sink: github.com/moovweb/gokogiri/xml; Node; true; EvalXPathAsBoolean; ; ; Argument[0]; xpath-injection; manual |
-| 33 | Sink: github.com/jbowtie/gokogiri/xpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
-| 33 | Sink: github.com/moovweb/gokogiri/xpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
+| 29 | Sink: group:gokogiri/xml; Node; true; Search; ; ; Argument[0]; xpath-injection; manual |
+| 30 | Sink: group:gokogiri/xml; Node; true; SearchWithVariables; ; ; Argument[0]; xpath-injection; manual |
+| 31 | Sink: group:gokogiri/xml; Node; true; EvalXPath; ; ; Argument[0]; xpath-injection; manual |
+| 32 | Sink: group:gokogiri/xml; Node; true; EvalXPathAsBoolean; ; ; Argument[0]; xpath-injection; manual |
+| 33 | Sink: group:gokogiri/xpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
 | 34 | Sink: github.com/santhosh-tekuri/xpathparser; ; true; Parse; ; ; Argument[0]; xpath-injection; manual |
 | 35 | Sink: github.com/santhosh-tekuri/xpathparser; ; true; MustParse; ; ; Argument[0]; xpath-injection; manual |
 | 36 | Source: net/http; Request; true; Form; ; ; ; remote; manual |