From 572c773345314f4d4de6b80ea975f6d4e4838590 Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Tue, 6 Aug 2024 13:13:39 +0100
Subject: [PATCH 1/2] Change provenance for MaD models that use package
 grouping

---
 go/ql/lib/semmle/go/dataflow/ExternalFlow.qll | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll b/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll
index 94b5dd708b2c..0c346b3f9e09 100644
--- a/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll
+++ b/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll
@@ -183,7 +183,8 @@ predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) {
     string package, string type, boolean subtypes, string name, string signature, string ext,
     string output, string kind, string provenance
   |
-    sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance, madId) and
+    FlowExtensions::sourceModel(package, type, subtypes, name, signature, ext, output, kind,
+      provenance, madId) and
     model =
       "Source: " + package + "; " + type + "; " + subtypes + "; " + name + "; " + signature + "; " +
         ext + "; " + output + "; " + kind + "; " + provenance
@@ -193,7 +194,8 @@ predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) {
     string package, string type, boolean subtypes, string name, string signature, string ext,
     string input, string kind, string provenance
   |
-    sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance, madId) and
+    FlowExtensions::sinkModel(package, type, subtypes, name, signature, ext, input, kind,
+      provenance, madId) and
     model =
       "Sink: " + package + "; " + type + "; " + subtypes + "; " + name + "; " + signature + "; " +
         ext + "; " + input + "; " + kind + "; " + provenance
@@ -203,8 +205,8 @@ predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) {
     string package, string type, boolean subtypes, string name, string signature, string ext,
     string input, string output, string kind, string provenance
   |
-    summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance,
-      madId) and
+    FlowExtensions::summaryModel(package, type, subtypes, name, signature, ext, input, output, kind,
+      provenance, madId) and
     model =
       "Summary: " + package + "; " + type + "; " + subtypes + "; " + name + "; " + signature + "; " +
         ext + "; " + input + "; " + output + "; " + kind + "; " + provenance

From f0d1740ff8c1c20d29f83b1efa578865b1857744 Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Tue, 6 Aug 2024 13:48:45 +0100
Subject: [PATCH 2/2] Update text expectations

---
 .../go/frameworks/Beego/ReflectedXss.expected | 156 +++++-------------
 .../go/frameworks/Beego/TaintedPath.expected  |   8 +-
 .../go/frameworks/Revel/OpenRedirect.expected |   3 +-
 .../go/frameworks/Revel/ReflectedXss.expected |   3 +-
 .../go/frameworks/Revel/TaintedPath.expected  |   3 +-
 .../CWE-347/MissingJwtSignatureCheck.expected |  10 +-
 .../Security/CWE-643/XPathInjection.expected  |  31 +---
 7 files changed, 53 insertions(+), 161 deletions(-)

diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected
index 4ec7a2210fd4..be6bc68e8777 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected
@@ -155,123 +155,45 @@ edges
 | test.go:312:21:312:24 | bMap | test.go:312:21:312:32 | call to Items | provenance | MaD:12 |
 | test.go:312:21:312:32 | call to Items | test.go:312:21:312:52 | type assertion | provenance |  |
 models
-| 1 | Summary: github.com/astaxie/beego/utils; ; false; SliceChunk; ; ; Argument[0]; ReturnValue; taint; manual |
-| 1 | Summary: github.com/beego/beego/core/utils; ; false; SliceChunk; ; ; Argument[0]; ReturnValue; taint; manual |
-| 1 | Summary: github.com/beego/beego/utils; ; false; SliceChunk; ; ; Argument[0]; ReturnValue; taint; manual |
-| 2 | Summary: github.com/astaxie/beego/utils; ; false; SliceDiff; ; ; Argument[0]; ReturnValue; taint; manual |
-| 2 | Summary: github.com/beego/beego/core/utils; ; false; SliceDiff; ; ; Argument[0]; ReturnValue; taint; manual |
-| 2 | Summary: github.com/beego/beego/utils; ; false; SliceDiff; ; ; Argument[0]; ReturnValue; taint; manual |
-| 3 | Summary: github.com/astaxie/beego/utils; ; false; SliceFilter; ; ; Argument[0]; ReturnValue; taint; manual |
-| 3 | Summary: github.com/beego/beego/core/utils; ; false; SliceFilter; ; ; Argument[0]; ReturnValue; taint; manual |
-| 3 | Summary: github.com/beego/beego/utils; ; false; SliceFilter; ; ; Argument[0]; ReturnValue; taint; manual |
-| 4 | Summary: github.com/astaxie/beego/utils; ; false; SliceIntersect; ; ; Argument[0..1]; ReturnValue; taint; manual |
-| 4 | Summary: github.com/beego/beego/core/utils; ; false; SliceIntersect; ; ; Argument[0..1]; ReturnValue; taint; manual |
-| 4 | Summary: github.com/beego/beego/utils; ; false; SliceIntersect; ; ; Argument[0..1]; ReturnValue; taint; manual |
-| 5 | Summary: github.com/astaxie/beego/utils; ; false; SliceMerge; ; ; Argument[0..1]; ReturnValue; taint; manual |
-| 5 | Summary: github.com/beego/beego/core/utils; ; false; SliceMerge; ; ; Argument[0..1]; ReturnValue; taint; manual |
-| 5 | Summary: github.com/beego/beego/utils; ; false; SliceMerge; ; ; Argument[0..1]; ReturnValue; taint; manual |
-| 6 | Summary: github.com/astaxie/beego/utils; ; false; SlicePad; ; ; Argument[0..2]; ReturnValue; taint; manual |
-| 6 | Summary: github.com/beego/beego/core/utils; ; false; SlicePad; ; ; Argument[0..2]; ReturnValue; taint; manual |
-| 6 | Summary: github.com/beego/beego/utils; ; false; SlicePad; ; ; Argument[0..2]; ReturnValue; taint; manual |
-| 7 | Summary: github.com/astaxie/beego/utils; ; false; SliceRand; ; ; Argument[0]; ReturnValue; taint; manual |
-| 7 | Summary: github.com/beego/beego/core/utils; ; false; SliceRand; ; ; Argument[0]; ReturnValue; taint; manual |
-| 7 | Summary: github.com/beego/beego/utils; ; false; SliceRand; ; ; Argument[0]; ReturnValue; taint; manual |
-| 8 | Summary: github.com/astaxie/beego/utils; ; false; SliceReduce; ; ; Argument[0]; ReturnValue; taint; manual |
-| 8 | Summary: github.com/beego/beego/core/utils; ; false; SliceReduce; ; ; Argument[0]; ReturnValue; taint; manual |
-| 8 | Summary: github.com/beego/beego/utils; ; false; SliceReduce; ; ; Argument[0]; ReturnValue; taint; manual |
-| 9 | Summary: github.com/astaxie/beego/utils; ; false; SliceShuffle; ; ; Argument[0]; ReturnValue; taint; manual |
-| 9 | Summary: github.com/beego/beego/core/utils; ; false; SliceShuffle; ; ; Argument[0]; ReturnValue; taint; manual |
-| 9 | Summary: github.com/beego/beego/utils; ; false; SliceShuffle; ; ; Argument[0]; ReturnValue; taint; manual |
-| 10 | Summary: github.com/astaxie/beego/utils; ; false; SliceUnique; ; ; Argument[0]; ReturnValue; taint; manual |
-| 10 | Summary: github.com/beego/beego/core/utils; ; false; SliceUnique; ; ; Argument[0]; ReturnValue; taint; manual |
-| 10 | Summary: github.com/beego/beego/utils; ; false; SliceUnique; ; ; Argument[0]; ReturnValue; taint; manual |
-| 11 | Summary: github.com/astaxie/beego/utils; BeeMap; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
-| 11 | Summary: github.com/beego/beego/core/utils; BeeMap; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
-| 11 | Summary: github.com/beego/beego/utils; BeeMap; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
-| 12 | Summary: github.com/astaxie/beego/utils; BeeMap; true; Items; ; ; Argument[receiver]; ReturnValue; taint; manual |
-| 12 | Summary: github.com/beego/beego/core/utils; BeeMap; true; Items; ; ; Argument[receiver]; ReturnValue; taint; manual |
-| 12 | Summary: github.com/beego/beego/utils; BeeMap; true; Items; ; ; Argument[receiver]; ReturnValue; taint; manual |
-| 13 | Summary: github.com/astaxie/beego/utils; BeeMap; true; Set; ; ; Argument[1]; Argument[receiver]; taint; manual |
-| 13 | Summary: github.com/beego/beego/core/utils; BeeMap; true; Set; ; ; Argument[1]; Argument[receiver]; taint; manual |
-| 13 | Summary: github.com/beego/beego/utils; BeeMap; true; Set; ; ; Argument[1]; Argument[receiver]; taint; manual |
-| 14 | Source: github.com/astaxie/beego/context; BeegoInput; true; Bind; ; ; Argument[0]; remote; manual |
-| 14 | Source: github.com/beego/beego/context; BeegoInput; true; Bind; ; ; Argument[0]; remote; manual |
-| 14 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Bind; ; ; Argument[0]; remote; manual |
-| 15 | Source: github.com/astaxie/beego/context; BeegoInput; true; Cookie; ; ; ReturnValue[0]; remote; manual |
-| 15 | Source: github.com/beego/beego/context; BeegoInput; true; Cookie; ; ; ReturnValue[0]; remote; manual |
-| 15 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Cookie; ; ; ReturnValue[0]; remote; manual |
-| 16 | Source: github.com/astaxie/beego/context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual |
-| 16 | Source: github.com/beego/beego/context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual |
-| 16 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual |
-| 17 | Source: github.com/astaxie/beego/context; BeegoInput; true; GetData; ; ; ReturnValue[0]; remote; manual |
-| 17 | Source: github.com/beego/beego/context; BeegoInput; true; GetData; ; ; ReturnValue[0]; remote; manual |
-| 17 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; GetData; ; ; ReturnValue[0]; remote; manual |
-| 18 | Source: github.com/astaxie/beego/context; BeegoInput; true; Header; ; ; ReturnValue[0]; remote; manual |
-| 18 | Source: github.com/beego/beego/context; BeegoInput; true; Header; ; ; ReturnValue[0]; remote; manual |
-| 18 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Header; ; ; ReturnValue[0]; remote; manual |
-| 19 | Source: github.com/astaxie/beego/context; BeegoInput; true; Param; ; ; ReturnValue[0]; remote; manual |
-| 19 | Source: github.com/beego/beego/context; BeegoInput; true; Param; ; ; ReturnValue[0]; remote; manual |
-| 19 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Param; ; ; ReturnValue[0]; remote; manual |
-| 20 | Source: github.com/astaxie/beego/context; BeegoInput; true; Params; ; ; ReturnValue[0]; remote; manual |
-| 20 | Source: github.com/beego/beego/context; BeegoInput; true; Params; ; ; ReturnValue[0]; remote; manual |
-| 20 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Params; ; ; ReturnValue[0]; remote; manual |
-| 21 | Source: github.com/astaxie/beego/context; BeegoInput; true; Query; ; ; ReturnValue[0]; remote; manual |
-| 21 | Source: github.com/beego/beego/context; BeegoInput; true; Query; ; ; ReturnValue[0]; remote; manual |
-| 21 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Query; ; ; ReturnValue[0]; remote; manual |
-| 22 | Source: github.com/astaxie/beego/context; BeegoInput; true; Refer; ; ; ReturnValue[0]; remote; manual |
-| 22 | Source: github.com/beego/beego/context; BeegoInput; true; Refer; ; ; ReturnValue[0]; remote; manual |
-| 22 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Refer; ; ; ReturnValue[0]; remote; manual |
-| 23 | Source: github.com/astaxie/beego/context; BeegoInput; true; Referer; ; ; ReturnValue[0]; remote; manual |
-| 23 | Source: github.com/beego/beego/context; BeegoInput; true; Referer; ; ; ReturnValue[0]; remote; manual |
-| 23 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Referer; ; ; ReturnValue[0]; remote; manual |
-| 24 | Source: github.com/astaxie/beego/context; BeegoInput; true; URI; ; ; ReturnValue[0]; remote; manual |
-| 24 | Source: github.com/beego/beego/context; BeegoInput; true; URI; ; ; ReturnValue[0]; remote; manual |
-| 24 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; URI; ; ; ReturnValue[0]; remote; manual |
-| 25 | Source: github.com/astaxie/beego/context; BeegoInput; true; URL; ; ; ReturnValue[0]; remote; manual |
-| 25 | Source: github.com/beego/beego/context; BeegoInput; true; URL; ; ; ReturnValue[0]; remote; manual |
-| 25 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; URL; ; ; ReturnValue[0]; remote; manual |
-| 26 | Source: github.com/astaxie/beego/context; BeegoInput; true; UserAgent; ; ; ReturnValue[0]; remote; manual |
-| 26 | Source: github.com/beego/beego/context; BeegoInput; true; UserAgent; ; ; ReturnValue[0]; remote; manual |
-| 26 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; UserAgent; ; ; ReturnValue[0]; remote; manual |
-| 27 | Source: github.com/astaxie/beego/context; Context; true; GetCookie; ; ; ReturnValue; remote; manual |
-| 27 | Source: github.com/beego/beego/context; Context; true; GetCookie; ; ; ReturnValue; remote; manual |
-| 27 | Source: github.com/beego/beego/server/web/context; Context; true; GetCookie; ; ; ReturnValue; remote; manual |
-| 28 | Summary: github.com/astaxie/beego; ; false; HTML2str; ; ; Argument[0]; ReturnValue; taint; manual |
-| 28 | Summary: github.com/beego/beego/server/web; ; false; HTML2str; ; ; Argument[0]; ReturnValue; taint; manual |
-| 28 | Summary: github.com/beego/beego; ; false; HTML2str; ; ; Argument[0]; ReturnValue; taint; manual |
-| 29 | Summary: github.com/astaxie/beego; ; false; Htmlunquote; ; ; Argument[0]; ReturnValue; taint; manual |
-| 29 | Summary: github.com/beego/beego/server/web; ; false; Htmlunquote; ; ; Argument[0]; ReturnValue; taint; manual |
-| 29 | Summary: github.com/beego/beego; ; false; Htmlunquote; ; ; Argument[0]; ReturnValue; taint; manual |
-| 30 | Summary: github.com/astaxie/beego; ; false; MapGet; ; ; Argument[0]; ReturnValue[0]; taint; manual |
-| 30 | Summary: github.com/beego/beego/server/web; ; false; MapGet; ; ; Argument[0]; ReturnValue[0]; taint; manual |
-| 30 | Summary: github.com/beego/beego; ; false; MapGet; ; ; Argument[0]; ReturnValue[0]; taint; manual |
-| 31 | Summary: github.com/astaxie/beego; ; false; ParseForm; ; ; Argument[0]; Argument[1]; taint; manual |
-| 31 | Summary: github.com/beego/beego/server/web; ; false; ParseForm; ; ; Argument[0]; Argument[1]; taint; manual |
-| 31 | Summary: github.com/beego/beego; ; false; ParseForm; ; ; Argument[0]; Argument[1]; taint; manual |
-| 32 | Summary: github.com/astaxie/beego; ; false; Str2html; ; ; Argument[0]; ReturnValue; taint; manual |
-| 32 | Summary: github.com/beego/beego/server/web; ; false; Str2html; ; ; Argument[0]; ReturnValue; taint; manual |
-| 32 | Summary: github.com/beego/beego; ; false; Str2html; ; ; Argument[0]; ReturnValue; taint; manual |
-| 33 | Summary: github.com/astaxie/beego; ; false; Substr; ; ; Argument[0]; ReturnValue; taint; manual |
-| 33 | Summary: github.com/beego/beego/server/web; ; false; Substr; ; ; Argument[0]; ReturnValue; taint; manual |
-| 33 | Summary: github.com/beego/beego; ; false; Substr; ; ; Argument[0]; ReturnValue; taint; manual |
-| 34 | Source: github.com/astaxie/beego; Controller; true; ParseForm; ; ; Argument[0]; remote; manual |
-| 34 | Source: github.com/beego/beego/server/web; Controller; true; ParseForm; ; ; Argument[0]; remote; manual |
-| 34 | Source: github.com/beego/beego; Controller; true; ParseForm; ; ; Argument[0]; remote; manual |
-| 35 | Source: github.com/astaxie/beego; Controller; true; GetFile; ; ; ReturnValue[0..1]; remote; manual |
-| 35 | Source: github.com/beego/beego/server/web; Controller; true; GetFile; ; ; ReturnValue[0..1]; remote; manual |
-| 35 | Source: github.com/beego/beego; Controller; true; GetFile; ; ; ReturnValue[0..1]; remote; manual |
-| 36 | Source: github.com/astaxie/beego; Controller; true; GetFiles; ; ; ReturnValue[0]; remote; manual |
-| 36 | Source: github.com/beego/beego/server/web; Controller; true; GetFiles; ; ; ReturnValue[0]; remote; manual |
-| 36 | Source: github.com/beego/beego; Controller; true; GetFiles; ; ; ReturnValue[0]; remote; manual |
-| 37 | Source: github.com/astaxie/beego; Controller; true; GetString; ; ; ReturnValue[0]; remote; manual |
-| 37 | Source: github.com/beego/beego/server/web; Controller; true; GetString; ; ; ReturnValue[0]; remote; manual |
-| 37 | Source: github.com/beego/beego; Controller; true; GetString; ; ; ReturnValue[0]; remote; manual |
-| 38 | Source: github.com/astaxie/beego; Controller; true; GetStrings; ; ; ReturnValue[0]; remote; manual |
-| 38 | Source: github.com/beego/beego/server/web; Controller; true; GetStrings; ; ; ReturnValue[0]; remote; manual |
-| 38 | Source: github.com/beego/beego; Controller; true; GetStrings; ; ; ReturnValue[0]; remote; manual |
-| 39 | Source: github.com/astaxie/beego; Controller; true; Input; ; ; ReturnValue[0]; remote; manual |
-| 39 | Source: github.com/beego/beego/server/web; Controller; true; Input; ; ; ReturnValue[0]; remote; manual |
-| 39 | Source: github.com/beego/beego; Controller; true; Input; ; ; ReturnValue[0]; remote; manual |
+| 1 | Summary: group:beego-utils; ; false; SliceChunk; ; ; Argument[0]; ReturnValue; taint; manual |
+| 2 | Summary: group:beego-utils; ; false; SliceDiff; ; ; Argument[0]; ReturnValue; taint; manual |
+| 3 | Summary: group:beego-utils; ; false; SliceFilter; ; ; Argument[0]; ReturnValue; taint; manual |
+| 4 | Summary: group:beego-utils; ; false; SliceIntersect; ; ; Argument[0..1]; ReturnValue; taint; manual |
+| 5 | Summary: group:beego-utils; ; false; SliceMerge; ; ; Argument[0..1]; ReturnValue; taint; manual |
+| 6 | Summary: group:beego-utils; ; false; SlicePad; ; ; Argument[0..2]; ReturnValue; taint; manual |
+| 7 | Summary: group:beego-utils; ; false; SliceRand; ; ; Argument[0]; ReturnValue; taint; manual |
+| 8 | Summary: group:beego-utils; ; false; SliceReduce; ; ; Argument[0]; ReturnValue; taint; manual |
+| 9 | Summary: group:beego-utils; ; false; SliceShuffle; ; ; Argument[0]; ReturnValue; taint; manual |
+| 10 | Summary: group:beego-utils; ; false; SliceUnique; ; ; Argument[0]; ReturnValue; taint; manual |
+| 11 | Summary: group:beego-utils; BeeMap; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
+| 12 | Summary: group:beego-utils; BeeMap; true; Items; ; ; Argument[receiver]; ReturnValue; taint; manual |
+| 13 | Summary: group:beego-utils; BeeMap; true; Set; ; ; Argument[1]; Argument[receiver]; taint; manual |
+| 14 | Source: group:beego-context; BeegoInput; true; Bind; ; ; Argument[0]; remote; manual |
+| 15 | Source: group:beego-context; BeegoInput; true; Cookie; ; ; ReturnValue[0]; remote; manual |
+| 16 | Source: group:beego-context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual |
+| 17 | Source: group:beego-context; BeegoInput; true; GetData; ; ; ReturnValue[0]; remote; manual |
+| 18 | Source: group:beego-context; BeegoInput; true; Header; ; ; ReturnValue[0]; remote; manual |
+| 19 | Source: group:beego-context; BeegoInput; true; Param; ; ; ReturnValue[0]; remote; manual |
+| 20 | Source: group:beego-context; BeegoInput; true; Params; ; ; ReturnValue[0]; remote; manual |
+| 21 | Source: group:beego-context; BeegoInput; true; Query; ; ; ReturnValue[0]; remote; manual |
+| 22 | Source: group:beego-context; BeegoInput; true; Refer; ; ; ReturnValue[0]; remote; manual |
+| 23 | Source: group:beego-context; BeegoInput; true; Referer; ; ; ReturnValue[0]; remote; manual |
+| 24 | Source: group:beego-context; BeegoInput; true; URI; ; ; ReturnValue[0]; remote; manual |
+| 25 | Source: group:beego-context; BeegoInput; true; URL; ; ; ReturnValue[0]; remote; manual |
+| 26 | Source: group:beego-context; BeegoInput; true; UserAgent; ; ; ReturnValue[0]; remote; manual |
+| 27 | Source: group:beego-context; Context; true; GetCookie; ; ; ReturnValue; remote; manual |
+| 28 | Summary: group:beego; ; false; HTML2str; ; ; Argument[0]; ReturnValue; taint; manual |
+| 29 | Summary: group:beego; ; false; Htmlunquote; ; ; Argument[0]; ReturnValue; taint; manual |
+| 30 | Summary: group:beego; ; false; MapGet; ; ; Argument[0]; ReturnValue[0]; taint; manual |
+| 31 | Summary: group:beego; ; false; ParseForm; ; ; Argument[0]; Argument[1]; taint; manual |
+| 32 | Summary: group:beego; ; false; Str2html; ; ; Argument[0]; ReturnValue; taint; manual |
+| 33 | Summary: group:beego; ; false; Substr; ; ; Argument[0]; ReturnValue; taint; manual |
+| 34 | Source: group:beego; Controller; true; ParseForm; ; ; Argument[0]; remote; manual |
+| 35 | Source: group:beego; Controller; true; GetFile; ; ; ReturnValue[0..1]; remote; manual |
+| 36 | Source: group:beego; Controller; true; GetFiles; ; ; ReturnValue[0]; remote; manual |
+| 37 | Source: group:beego; Controller; true; GetString; ; ; ReturnValue[0]; remote; manual |
+| 38 | Source: group:beego; Controller; true; GetStrings; ; ; ReturnValue[0]; remote; manual |
+| 39 | Source: group:beego; Controller; true; Input; ; ; ReturnValue[0]; remote; manual |
 | 40 | Summary: io/ioutil; ; false; ReadAll; ; ; Argument[0]; ReturnValue[0]; taint; manual |
 | 41 | Source: net/http; Request; true; Form; ; ; ; remote; manual |
 nodes
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected
index 5b6213e6e857..420f2105dce2 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected
@@ -17,12 +17,8 @@ edges
 | test.go:340:15:340:26 | call to Data | test.go:344:23:344:31 | untrusted | provenance | Src:MaD:2  |
 models
 | 1 | Summary: encoding/json; ; false; Unmarshal; ; ; Argument[0]; Argument[1]; taint; manual |
-| 2 | Source: github.com/astaxie/beego/context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual |
-| 2 | Source: github.com/beego/beego/context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual |
-| 2 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual |
-| 3 | Source: github.com/astaxie/beego/context; BeegoInput; true; RequestBody; ; ; ; remote; manual |
-| 3 | Source: github.com/beego/beego/context; BeegoInput; true; RequestBody; ; ; ; remote; manual |
-| 3 | Source: github.com/beego/beego/server/web/context; BeegoInput; true; RequestBody; ; ; ; remote; manual |
+| 2 | Source: group:beego-context; BeegoInput; true; Data; ; ; ReturnValue[0]; remote; manual |
+| 3 | Source: group:beego-context; BeegoInput; true; RequestBody; ; ; ; remote; manual |
 nodes
 | test.go:215:15:215:26 | call to Data | semmle.label | call to Data |
 | test.go:216:18:216:26 | untrusted | semmle.label | untrusted |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected
index 0312e5cdeee6..41ec583b6e0c 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected
@@ -7,8 +7,7 @@ edges
 | EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Src:MaD:1 Config |
 | EndToEnd.go:94:20:94:32 | selection of Form | EndToEnd.go:94:20:94:49 | call to Get | provenance | Config |
 models
-| 1 | Source: github.com/revel/revel; Controller; true; Params; ; ; ; remote; manual |
-| 1 | Source: github.com/robfig/revel; Controller; true; Params; ; ; ; remote; manual |
+| 1 | Source: group:revel; Controller; true; Params; ; ; ; remote; manual |
 nodes
 | EndToEnd.go:94:20:94:27 | implicit dereference | semmle.label | implicit dereference |
 | EndToEnd.go:94:20:94:27 | selection of Params | semmle.label | selection of Params |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected
index 418e722e2ac4..a53d2914fd1a 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected
@@ -15,8 +15,7 @@ edges
 | examples/booking/app/init.go:36:44:36:48 | selection of URL | examples/booking/app/init.go:36:44:36:53 | selection of Path | provenance | Src:MaD:3  |
 | examples/booking/app/init.go:40:49:40:53 | selection of URL | examples/booking/app/init.go:40:49:40:58 | selection of Path | provenance | Src:MaD:3  |
 models
-| 1 | Source: github.com/revel/revel; Controller; true; Params; ; ; ; remote; manual |
-| 1 | Source: github.com/robfig/revel; Controller; true; Params; ; ; ; remote; manual |
+| 1 | Source: group:revel; Controller; true; Params; ; ; ; remote; manual |
 | 2 | Summary: io; StringWriter; true; WriteString; ; ; Argument[0]; Argument[receiver]; taint; manual |
 | 3 | Source: net/http; Request; true; URL; ; ; ; remote; manual |
 | 4 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected
index 977b90affab9..1dd758c931ac 100644
--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/TaintedPath.expected
@@ -7,8 +7,7 @@ edges
 | EndToEnd.go:64:26:64:33 | selection of Params | EndToEnd.go:64:26:64:38 | selection of Form | provenance | Src:MaD:1  |
 | EndToEnd.go:64:26:64:38 | selection of Form | EndToEnd.go:64:26:64:55 | call to Get | provenance | MaD:2 |
 models
-| 1 | Source: github.com/revel/revel; Controller; true; Params; ; ; ; remote; manual |
-| 1 | Source: github.com/robfig/revel; Controller; true; Params; ; ; ; remote; manual |
+| 1 | Source: group:revel; Controller; true; Params; ; ; ; remote; manual |
 | 2 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual |
 nodes
 | EndToEnd.go:58:18:58:25 | selection of Params | semmle.label | selection of Params |
diff --git a/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected b/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected
index 2b5c40da258f..3d3321f09477 100644
--- a/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected
+++ b/go/ql/test/query-tests/Security/CWE-347/MissingJwtSignatureCheck.expected
@@ -15,14 +15,8 @@ edges
 | golang-jwt-v5.go:29:25:29:35 | signedToken | golang-jwt-v5.go:32:29:32:39 | definition of signedToken | provenance |  |
 | golang-jwt-v5.go:32:29:32:39 | definition of signedToken | golang-jwt-v5.go:34:58:34:68 | signedToken | provenance |  Sink:MaD:3 |
 models
-| 1 | Sink: github.com/go-jose/go-jose/jwt; JSONWebToken; true; UnsafeClaimsWithoutVerification; ; ; Argument[receiver]; jwt; manual |
-| 1 | Sink: github.com/square/go-jose/jwt; JSONWebToken; true; UnsafeClaimsWithoutVerification; ; ; Argument[receiver]; jwt; manual |
-| 1 | Sink: gopkg.in/go-jose/go-jose/jwt; JSONWebToken; true; UnsafeClaimsWithoutVerification; ; ; Argument[receiver]; jwt; manual |
-| 1 | Sink: gopkg.in/square/go-jose/jwt; JSONWebToken; true; UnsafeClaimsWithoutVerification; ; ; Argument[receiver]; jwt; manual |
-| 2 | Summary: github.com/go-jose/go-jose/jwt; ; true; ParseSigned; ; ; Argument[0]; ReturnValue[0]; taint; manual |
-| 2 | Summary: github.com/square/go-jose/jwt; ; true; ParseSigned; ; ; Argument[0]; ReturnValue[0]; taint; manual |
-| 2 | Summary: gopkg.in/go-jose/go-jose/jwt; ; true; ParseSigned; ; ; Argument[0]; ReturnValue[0]; taint; manual |
-| 2 | Summary: gopkg.in/square/go-jose/jwt; ; true; ParseSigned; ; ; Argument[0]; ReturnValue[0]; taint; manual |
+| 1 | Sink: group:go-jose/jwt; JSONWebToken; true; UnsafeClaimsWithoutVerification; ; ; Argument[receiver]; jwt; manual |
+| 2 | Summary: group:go-jose/jwt; ; true; ParseSigned; ; ; Argument[0]; ReturnValue[0]; taint; manual |
 | 3 | Sink: github.com/golang-jwt/jwt; Parser; true; ParseUnverified; ; ; Argument[0]; jwt; manual |
 | 4 | Source: net/http; Request; true; URL; ; ; ; remote; manual |
 | 5 | Summary: net/url; URL; true; Query; ; ; Argument[receiver]; ReturnValue; taint; manual |
diff --git a/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected b/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected
index 157c1b65222a..ae3c205ead67 100644
--- a/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected
+++ b/go/ql/test/query-tests/Security/CWE-643/XPathInjection.expected
@@ -124,33 +124,16 @@ models
 | 21 | Sink: github.com/ChrisTrenkamp/goxpath; ; true; MustParse; ; ; Argument[0]; xpath-injection; manual |
 | 22 | Sink: github.com/ChrisTrenkamp/goxpath; ; true; Parse; ; ; Argument[0]; xpath-injection; manual |
 | 23 | Sink: github.com/ChrisTrenkamp/goxpath; ; true; ParseExec; ; ; Argument[0]; xpath-injection; manual |
-| 24 | Sink: github.com/crankycoder/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
-| 24 | Sink: github.com/go-xmlpath/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
-| 24 | Sink: github.com/going/toolkit/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
-| 24 | Sink: github.com/masterzen/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
-| 24 | Sink: gopkg.in/go-xmlpath/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
-| 24 | Sink: gopkg.in/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
-| 24 | Sink: launchpad.net/xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
-| 25 | Sink: github.com/crankycoder/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
-| 25 | Sink: github.com/go-xmlpath/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
-| 25 | Sink: github.com/going/toolkit/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
-| 25 | Sink: github.com/masterzen/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
-| 25 | Sink: gopkg.in/go-xmlpath/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
-| 25 | Sink: gopkg.in/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
-| 25 | Sink: launchpad.net/xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
+| 24 | Sink: group:xmlpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
+| 25 | Sink: group:xmlpath; ; true; MustCompile; ; ; Argument[0]; xpath-injection; manual |
 | 26 | Sink: github.com/lestrrat-go/libxml2/parser; Parser; true; Parse; ; ; Argument[0]; xpath-injection; manual |
 | 27 | Sink: github.com/lestrrat-go/libxml2/parser; Parser; true; ParseReader; ; ; Argument[0]; xpath-injection; manual |
 | 28 | Sink: github.com/lestrrat-go/libxml2/parser; Parser; true; ParseString; ; ; Argument[0]; xpath-injection; manual |
-| 29 | Sink: github.com/jbowtie/gokogiri/xml; Node; true; Search; ; ; Argument[0]; xpath-injection; manual |
-| 29 | Sink: github.com/moovweb/gokogiri/xml; Node; true; Search; ; ; Argument[0]; xpath-injection; manual |
-| 30 | Sink: github.com/jbowtie/gokogiri/xml; Node; true; SearchWithVariables; ; ; Argument[0]; xpath-injection; manual |
-| 30 | Sink: github.com/moovweb/gokogiri/xml; Node; true; SearchWithVariables; ; ; Argument[0]; xpath-injection; manual |
-| 31 | Sink: github.com/jbowtie/gokogiri/xml; Node; true; EvalXPath; ; ; Argument[0]; xpath-injection; manual |
-| 31 | Sink: github.com/moovweb/gokogiri/xml; Node; true; EvalXPath; ; ; Argument[0]; xpath-injection; manual |
-| 32 | Sink: github.com/jbowtie/gokogiri/xml; Node; true; EvalXPathAsBoolean; ; ; Argument[0]; xpath-injection; manual |
-| 32 | Sink: github.com/moovweb/gokogiri/xml; Node; true; EvalXPathAsBoolean; ; ; Argument[0]; xpath-injection; manual |
-| 33 | Sink: github.com/jbowtie/gokogiri/xpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
-| 33 | Sink: github.com/moovweb/gokogiri/xpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
+| 29 | Sink: group:gokogiri/xml; Node; true; Search; ; ; Argument[0]; xpath-injection; manual |
+| 30 | Sink: group:gokogiri/xml; Node; true; SearchWithVariables; ; ; Argument[0]; xpath-injection; manual |
+| 31 | Sink: group:gokogiri/xml; Node; true; EvalXPath; ; ; Argument[0]; xpath-injection; manual |
+| 32 | Sink: group:gokogiri/xml; Node; true; EvalXPathAsBoolean; ; ; Argument[0]; xpath-injection; manual |
+| 33 | Sink: group:gokogiri/xpath; ; true; Compile; ; ; Argument[0]; xpath-injection; manual |
 | 34 | Sink: github.com/santhosh-tekuri/xpathparser; ; true; Parse; ; ; Argument[0]; xpath-injection; manual |
 | 35 | Sink: github.com/santhosh-tekuri/xpathparser; ; true; MustParse; ; ; Argument[0]; xpath-injection; manual |
 | 36 | Source: net/http; Request; true; Form; ; ; ; remote; manual |