Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Go: reinstate models-as-data sink conversions with fixes #17494

Merged
merged 30 commits into from
Nov 20, 2024

Conversation

owen-mc
Copy link
Contributor

@owen-mc owen-mc commented Sep 17, 2024

The first 14 commits are reinstating commits that were reverted in #17296. Then there are some commits fixing things: reverting some models back to QL and adding some models-as-data models for logrus.FieldLogger. Then there are some commits adding tests that would have caught the problems in the first place. Finally, there are some commits adding a heuristic for logger calls to replace results that we now miss because we have converted all logging models to MaD (because QL models normally use Method.getACall(), which is too broad and matches any interface method which the modeled method implements).

@github-actions github-actions bot added the Go label Sep 17, 2024
Copy link
Contributor

github-actions bot commented Sep 17, 2024

⚠️ The head of this PR and the base branch were compared for differences in the framework coverage reports. The generated reports are available in the artifacts of this workflow run. The differences will be picked up by the nightly job after the PR gets merged.

Click to show differences in coverage

go

Generated file changes for go

  • Changes to framework-coverage-go.rst:
-    `Couchbase official client(gocb) <https://github.com/couchbase/gocb>`_,"``github.com/couchbase/gocb*``, ``gopkg.in/couchbase/gocb*``",,36,
+    `Couchbase official client(gocb) <https://github.com/couchbase/gocb>`_,"``github.com/couchbase/gocb*``, ``gopkg.in/couchbase/gocb*``",,36,16
-    `Couchbase unofficial client <http://www.github.com/couchbase/go-couchbase>`_,``github.com/couchbaselabs/gocb*``,,18,
+    `Couchbase unofficial client <http://www.github.com/couchbase/go-couchbase>`_,``github.com/couchbaselabs/gocb*``,,18,8
-    `Glog <https://github.com/golang/glog>`_,"``github.com/golang/glog*``, ``gopkg.in/glog*``, ``k8s.io/klog*``",,,
+    `Glog <https://github.com/golang/glog>`_,"``github.com/golang/glog*``, ``gopkg.in/glog*``, ``k8s.io/klog*``",,,270
-    `Go-spew <https://github.com/davecgh/go-spew>`_,``github.com/davecgh/go-spew/spew*``,,,
+    `Go-spew <https://github.com/davecgh/go-spew>`_,``github.com/davecgh/go-spew/spew*``,,,9
-    `Logrus <https://github.com/sirupsen/logrus>`_,"``github.com/Sirupsen/logrus*``, ``github.com/sirupsen/logrus*``",,,
+    `Logrus <https://github.com/sirupsen/logrus>`_,"``github.com/Sirupsen/logrus*``, ``github.com/sirupsen/logrus*``",,,290
-    `Standard library <https://pkg.go.dev/std>`_,"````, ``archive/*``, ``bufio``, ``bytes``, ``cmp``, ``compress/*``, ``container/*``, ``context``, ``crypto``, ``crypto/*``, ``database/*``, ``debug/*``, ``embed``, ``encoding``, ``encoding/*``, ``errors``, ``expvar``, ``flag``, ``fmt``, ``go/*``, ``hash``, ``hash/*``, ``html``, ``html/*``, ``image``, ``image/*``, ``index/*``, ``io``, ``io/*``, ``log``, ``log/*``, ``maps``, ``math``, ``math/*``, ``mime``, ``mime/*``, ``net``, ``net/*``, ``os``, ``os/*``, ``path``, ``path/*``, ``plugin``, ``reflect``, ``reflect/*``, ``regexp``, ``regexp/*``, ``slices``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/*``, ``syscall``, ``syscall/*``, ``testing``, ``testing/*``, ``text/*``, ``time``, ``time/*``, ``unicode``, ``unicode/*``, ``unsafe``",33,587,51
+    `Standard library <https://pkg.go.dev/std>`_,"````, ``archive/*``, ``bufio``, ``bytes``, ``cmp``, ``compress/*``, ``container/*``, ``context``, ``crypto``, ``crypto/*``, ``database/*``, ``debug/*``, ``embed``, ``encoding``, ``encoding/*``, ``errors``, ``expvar``, ``flag``, ``fmt``, ``go/*``, ``hash``, ``hash/*``, ``html``, ``html/*``, ``image``, ``image/*``, ``index/*``, ``io``, ``io/*``, ``log``, ``log/*``, ``maps``, ``math``, ``math/*``, ``mime``, ``mime/*``, ``net``, ``net/*``, ``os``, ``os/*``, ``path``, ``path/*``, ``plugin``, ``reflect``, ``reflect/*``, ``regexp``, ``regexp/*``, ``slices``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/*``, ``syscall``, ``syscall/*``, ``testing``, ``testing/*``, ``text/*``, ``time``, ``time/*``, ``unicode``, ``unicode/*``, ``unsafe``",33,587,104
-    `beego <https://beego.me/>`_,"``github.com/astaxie/beego*``, ``github.com/beego/beego*``",63,63,21
+    `beego <https://beego.me/>`_,"``github.com/astaxie/beego*``, ``github.com/beego/beego*``",63,63,213
-    `goproxy <https://github.com/elazarl/goproxy>`_,``github.com/elazarl/goproxy*``,2,2,
+    `goproxy <https://github.com/elazarl/goproxy>`_,``github.com/elazarl/goproxy*``,2,2,2
-    `zap <https://go.uber.org/zap>`_,``go.uber.org/zap*``,,11,
+    `zap <https://go.uber.org/zap>`_,``go.uber.org/zap*``,,11,33
-    Others,"``github.com/caarlos0/env``, ``github.com/gobuffalo/envy``, ``github.com/hashicorp/go-envparse``, ``github.com/joho/godotenv``, ``github.com/kelseyhightower/envconfig``",23,2,
+    Others,"``github.com/Masterminds/squirrel``, ``github.com/caarlos0/env``, ``github.com/go-gorm/gorm``, ``github.com/go-xorm/xorm``, ``github.com/gobuffalo/envy``, ``github.com/gogf/gf/database/gdb``, ``github.com/hashicorp/go-envparse``, ``github.com/jinzhu/gorm``, ``github.com/jmoiron/sqlx``, ``github.com/joho/godotenv``, ``github.com/kelseyhightower/envconfig``, ``github.com/lann/squirrel``, ``github.com/raindog308/gorqlite``, ``github.com/rqlite/gorqlite``, ``github.com/uptrace/bun``, ``go.mongodb.org/mongo-driver/mongo``, ``gopkg.in/Masterminds/squirrel``, ``gorm.io/gorm``, ``xorm.io/xorm``",23,2,391
-    Totals,,307,911,268
+    Totals,,307,911,1532
  • Changes to framework-coverage-go.csv:
- package,sink,source,summary,sink:command-injection,sink:credentials-key,sink:jwt,sink:path-injection,sink:regex-use[0],sink:regex-use[1],sink:regex-use[c],sink:request-forgery,sink:request-forgery[TCP Addr + Port],sink:url-redirection,sink:url-redirection[0],sink:url-redirection[receiver],sink:xpath-injection,source:environment,source:file,source:remote,source:stdin,summary:taint,summary:value
+ package,sink,source,summary,sink:command-injection,sink:credentials-key,sink:jwt,sink:log-injection,sink:nosql-injection,sink:path-injection,sink:regex-use[0],sink:regex-use[1],sink:regex-use[c],sink:request-forgery,sink:request-forgery[TCP Addr + Port],sink:sql-injection,sink:url-redirection,sink:url-redirection[0],sink:url-redirection[receiver],sink:xpath-injection,source:environment,source:file,source:remote,source:stdin,summary:taint,summary:value
- ,,,8,,,,,,,,,,,,,,,,,,3,5
+ ,,,8,,,,,,,,,,,,,,,,,,,,,3,5
- archive/tar,,,5,,,,,,,,,,,,,,,,,,5,
+ archive/tar,,,5,,,,,,,,,,,,,,,,,,,,,5,
- archive/zip,,,6,,,,,,,,,,,,,,,,,,6,
+ archive/zip,,,6,,,,,,,,,,,,,,,,,,,,,6,
- bufio,,,17,,,,,,,,,,,,,,,,,,17,
+ bufio,,,17,,,,,,,,,,,,,,,,,,,,,17,
- bytes,,,43,,,,,,,,,,,,,,,,,,43,
+ bytes,,,43,,,,,,,,,,,,,,,,,,,,,43,
- clevergo.tech/clevergo,1,,,,,,,,,,,,,,1,,,,,,,
+ clevergo.tech/clevergo,1,,,,,,,,,,,,,,,,,1,,,,,,,
- compress/bzip2,,,1,,,,,,,,,,,,,,,,,,1,
+ compress/bzip2,,,1,,,,,,,,,,,,,,,,,,,,,1,
- compress/flate,,,4,,,,,,,,,,,,,,,,,,4,
+ compress/flate,,,4,,,,,,,,,,,,,,,,,,,,,4,
- compress/gzip,,,3,,,,,,,,,,,,,,,,,,3,
+ compress/gzip,,,3,,,,,,,,,,,,,,,,,,,,,3,
- compress/lzw,,,1,,,,,,,,,,,,,,,,,,1,
+ compress/lzw,,,1,,,,,,,,,,,,,,,,,,,,,1,
- compress/zlib,,,4,,,,,,,,,,,,,,,,,,4,
+ compress/zlib,,,4,,,,,,,,,,,,,,,,,,,,,4,
- container/heap,,,5,,,,,,,,,,,,,,,,,,5,
+ container/heap,,,5,,,,,,,,,,,,,,,,,,,,,5,
- container/list,,,20,,,,,,,,,,,,,,,,,,20,
+ container/list,,,20,,,,,,,,,,,,,,,,,,,,,20,
- container/ring,,,5,,,,,,,,,,,,,,,,,,5,
+ container/ring,,,5,,,,,,,,,,,,,,,,,,,,,5,
- context,,,5,,,,,,,,,,,,,,,,,,5,
+ context,,,5,,,,,,,,,,,,,,,,,,,,,5,
- crypto,,,10,,,,,,,,,,,,,,,,,,10,
+ crypto,,,10,,,,,,,,,,,,,,,,,,,,,10,
- database/sql,,,11,,,,,,,,,,,,,,,,,,11,
+ database/sql,30,,11,,,,,,,,,,,,30,,,,,,,,,11,
- encoding,,,77,,,,,,,,,,,,,,,,,,77,
+ encoding,,,77,,,,,,,,,,,,,,,,,,,,,77,
- errors,,,3,,,,,,,,,,,,,,,,,,3,
+ errors,,,3,,,,,,,,,,,,,,,,,,,,,3,
- expvar,,,6,,,,,,,,,,,,,,,,,,6,
+ expvar,,,6,,,,,,,,,,,,,,,,,,,,,6,
- fmt,,,16,,,,,,,,,,,,,,,,,,16,
+ fmt,3,,16,,,,3,,,,,,,,,,,,,,,,,16,
- github.com/ChrisTrenkamp/goxpath,3,,,,,,,,,,,,,,,3,,,,,,
+ github.com/ChrisTrenkamp/goxpath,3,,,,,,,,,,,,,,,,,,3,,,,,,
+ github.com/Masterminds/squirrel,32,,,,,,,,,,,,,,32,,,,,,,,,,
+ github.com/Sirupsen/logrus,145,,,,,,145,,,,,,,,,,,,,,,,,,
- github.com/antchfx/htmlquery,4,,,,,,,,,,,,,,,4,,,,,,
+ github.com/antchfx/htmlquery,4,,,,,,,,,,,,,,,,,,4,,,,,,
- github.com/antchfx/jsonquery,4,,,,,,,,,,,,,,,4,,,,,,
+ github.com/antchfx/jsonquery,4,,,,,,,,,,,,,,,,,,4,,,,,,
- github.com/antchfx/xmlquery,8,,,,,,,,,,,,,,,8,,,,,,
+ github.com/antchfx/xmlquery,8,,,,,,,,,,,,,,,,,,8,,,,,,
- github.com/antchfx/xpath,4,,,,,,,,,,,,,,,4,,,,,,
+ github.com/antchfx/xpath,4,,,,,,,,,,,,,,,,,,4,,,,,,
- github.com/appleboy/gin-jwt,1,,,,1,,,,,,,,,,,,,,,,,
+ github.com/appleboy/gin-jwt,1,,,,1,,,,,,,,,,,,,,,,,,,,
- github.com/astaxie/beego,7,21,21,,,,5,,,,,,2,,,,,,21,,21,
+ github.com/astaxie/beego,71,21,21,,,,34,,5,,,,,,30,2,,,,,,21,,21,
- github.com/beego/beego,14,42,42,,,,10,,,,,,4,,,,,,42,,42,
+ github.com/beego/beego,142,42,42,,,,68,,10,,,,,,60,4,,,,,,42,,42,
- github.com/caarlos0/env,,5,2,,,,,,,,,,,,,,5,,,,1,1
+ github.com/caarlos0/env,,5,2,,,,,,,,,,,,,,,,,5,,,,1,1
- github.com/clevergo/clevergo,1,,,,,,,,,,,,,,1,,,,,,,
+ github.com/clevergo/clevergo,1,,,,,,,,,,,,,,,,,1,,,,,,,
- github.com/codeskyblue/go-sh,4,,,4,,,,,,,,,,,,,,,,,,
+ github.com/codeskyblue/go-sh,4,,,4,,,,,,,,,,,,,,,,,,,,,
- github.com/couchbase/gocb,,,18,,,,,,,,,,,,,,,,,,18,
+ github.com/couchbase/gocb,8,,18,,,,,8,,,,,,,,,,,,,,,,18,
- github.com/couchbaselabs/gocb,,,18,,,,,,,,,,,,,,,,,,18,
+ github.com/couchbaselabs/gocb,8,,18,,,,,8,,,,,,,,,,,,,,,,18,
- github.com/crankycoder/xmlpath,2,,,,,,,,,,,,,,,2,,,,,,
+ github.com/crankycoder/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,
- github.com/cristalhq/jwt,1,,,,1,,,,,,,,,,,,,,,,,
+ github.com/cristalhq/jwt,1,,,,1,,,,,,,,,,,,,,,,,,,,
+ github.com/davecgh/go-spew/spew,9,,,,,,9,,,,,,,,,,,,,,,,,,
- github.com/dgrijalva/jwt-go,3,,9,,2,1,,,,,,,,,,,,,,,9,
+ github.com/dgrijalva/jwt-go,3,,9,,2,1,,,,,,,,,,,,,,,,,,9,
- github.com/elazarl/goproxy,,2,2,,,,,,,,,,,,,,,,2,,2,
+ github.com/elazarl/goproxy,2,2,2,,,,2,,,,,,,,,,,,,,,2,,2,
- github.com/emicklei/go-restful,,7,,,,,,,,,,,,,,,,,7,,,
+ github.com/emicklei/go-restful,,7,,,,,,,,,,,,,,,,,,,,7,,,
- github.com/evanphx/json-patch,,,12,,,,,,,,,,,,,,,,,,12,
+ github.com/evanphx/json-patch,,,12,,,,,,,,,,,,,,,,,,,,,12,
- github.com/form3tech-oss/jwt-go,2,,,,2,,,,,,,,,,,,,,,,,
+ github.com/form3tech-oss/jwt-go,2,,,,2,,,,,,,,,,,,,,,,,,,,
- github.com/gin-gonic/gin,3,46,2,,,,3,,,,,,,,,,,,46,,2,
+ github.com/gin-gonic/gin,3,46,2,,,,,,3,,,,,,,,,,,,,46,,2,
- github.com/go-chi/chi,,3,,,,,,,,,,,,,,,,,3,,,
+ github.com/go-chi/chi,,3,,,,,,,,,,,,,,,,,,,,3,,,
- github.com/go-chi/jwtauth,1,,,,1,,,,,,,,,,,,,,,,,
+ github.com/go-chi/jwtauth,1,,,,1,,,,,,,,,,,,,,,,,,,,
+ github.com/go-gorm/gorm,13,,,,,,,,,,,,,,13,,,,,,,,,,
- github.com/go-jose/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,4,
+ github.com/go-jose/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,,,,4,
- github.com/go-kit/kit/auth/jwt,1,,,,1,,,,,,,,,,,,,,,,,
+ github.com/go-kit/kit/auth/jwt,1,,,,1,,,,,,,,,,,,,,,,,,,,
- github.com/go-pg/pg/orm,,,6,,,,,,,,,,,,,,,,,,6,
+ github.com/go-pg/pg/orm,,,6,,,,,,,,,,,,,,,,,,,,,6,
- github.com/go-xmlpath/xmlpath,2,,,,,,,,,,,,,,,2,,,,,,
+ github.com/go-xmlpath/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,
+ github.com/go-xorm/xorm,34,,,,,,,,,,,,,,34,,,,,,,,,,
- github.com/gobuffalo/envy,,7,,,,,,,,,,,,,,,7,,,,,
+ github.com/gobuffalo/envy,,7,,,,,,,,,,,,,,,,,,7,,,,,
- github.com/gobwas/ws,,2,,,,,,,,,,,,,,,,,2,,,
+ github.com/gobwas/ws,,2,,,,,,,,,,,,,,,,,,,,2,,,
- github.com/gofiber/fiber,5,,,,,,4,,,,,,,,1,,,,,,,
+ github.com/gofiber/fiber,5,,,,,,,,4,,,,,,,,,1,,,,,,,
- github.com/gogf/gf-jwt,1,,,,1,,,,,,,,,,,,,,,,,
+ github.com/gogf/gf-jwt,1,,,,1,,,,,,,,,,,,,,,,,,,,
+ github.com/gogf/gf/database/gdb,51,,,,,,,,,,,,,,51,,,,,,,,,,
- github.com/going/toolkit/xmlpath,2,,,,,,,,,,,,,,,2,,,,,,
+ github.com/going/toolkit/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,
- github.com/golang-jwt/jwt,3,,11,,2,1,,,,,,,,,,,,,,,11,
+ github.com/golang-jwt/jwt,3,,11,,2,1,,,,,,,,,,,,,,,,,,11,
+ github.com/golang/glog,90,,,,,,90,,,,,,,,,,,,,,,,,,
- github.com/golang/protobuf/proto,,,4,,,,,,,,,,,,,,,,,,4,
+ github.com/golang/protobuf/proto,,,4,,,,,,,,,,,,,,,,,,,,,4,
- github.com/gorilla/mux,,1,,,,,,,,,,,,,,,,,1,,,
+ github.com/gorilla/mux,,1,,,,,,,,,,,,,,,,,,,,1,,,
- github.com/gorilla/websocket,,3,,,,,,,,,,,,,,,,,3,,,
+ github.com/gorilla/websocket,,3,,,,,,,,,,,,,,,,,,,,3,,,
- github.com/hashicorp/go-envparse,,1,,,,,,,,,,,,,,,1,,,,,
+ github.com/hashicorp/go-envparse,,1,,,,,,,,,,,,,,,,,,1,,,,,
- github.com/jbowtie/gokogiri/xml,4,,,,,,,,,,,,,,,4,,,,,,
+ github.com/jbowtie/gokogiri/xml,4,,,,,,,,,,,,,,,,,,4,,,,,,
- github.com/jbowtie/gokogiri/xpath,1,,,,,,,,,,,,,,,1,,,,,,
+ github.com/jbowtie/gokogiri/xpath,1,,,,,,,,,,,,,,,,,,1,,,,,,
+ github.com/jinzhu/gorm,13,,,,,,,,,,,,,,13,,,,,,,,,,
+ github.com/jmoiron/sqlx,12,,,,,,,,,,,,,,12,,,,,,,,,,
- github.com/joho/godotenv,,4,,,,,,,,,,,,,,,4,,,,,
+ github.com/joho/godotenv,,4,,,,,,,,,,,,,,,,,,4,,,,,
- github.com/json-iterator/go,,,4,,,,,,,,,,,,,,,,,,4,
+ github.com/json-iterator/go,,,4,,,,,,,,,,,,,,,,,,,,,4,
- github.com/kataras/iris/context,6,,,,,,6,,,,,,,,,,,,,,,
+ github.com/kataras/iris/context,6,,,,,,,,6,,,,,,,,,,,,,,,,
- github.com/kataras/iris/middleware/jwt,2,,,,2,,,,,,,,,,,,,,,,,
+ github.com/kataras/iris/middleware/jwt,2,,,,2,,,,,,,,,,,,,,,,,,,,
- github.com/kataras/iris/server/web/context,6,,,,,,6,,,,,,,,,,,,,,,
+ github.com/kataras/iris/server/web/context,6,,,,,,,,6,,,,,,,,,,,,,,,,
- github.com/kataras/jwt,5,,,,5,,,,,,,,,,,,,,,,,
+ github.com/kataras/jwt,5,,,,5,,,,,,,,,,,,,,,,,,,,
- github.com/kelseyhightower/envconfig,,6,,,,,,,,,,,,,,,6,,,,,
+ github.com/kelseyhightower/envconfig,,6,,,,,,,,,,,,,,,,,,6,,,,,
- github.com/labstack/echo,3,12,2,,,,2,,,,,,1,,,,,,12,,2,
+ github.com/labstack/echo,3,12,2,,,,,,2,,,,,,,1,,,,,,12,,2,
+ github.com/lann/squirrel,32,,,,,,,,,,,,,,32,,,,,,,,,,
- github.com/lestrrat-go/jwx,2,,,,2,,,,,,,,,,,,,,,,,
+ github.com/lestrrat-go/jwx,2,,,,2,,,,,,,,,,,,,,,,,,,,
- github.com/lestrrat-go/libxml2/parser,3,,,,,,,,,,,,,,,3,,,,,,
+ github.com/lestrrat-go/libxml2/parser,3,,,,,,,,,,,,,,,,,,3,,,,,,
- github.com/lestrrat/go-jwx/jwk,1,,,,1,,,,,,,,,,,,,,,,,
+ github.com/lestrrat/go-jwx/jwk,1,,,,1,,,,,,,,,,,,,,,,,,,,
- github.com/masterzen/xmlpath,2,,,,,,,,,,,,,,,2,,,,,,
+ github.com/masterzen/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,
- github.com/moovweb/gokogiri/xml,4,,,,,,,,,,,,,,,4,,,,,,
+ github.com/moovweb/gokogiri/xml,4,,,,,,,,,,,,,,,,,,4,,,,,,
- github.com/moovweb/gokogiri/xpath,1,,,,,,,,,,,,,,,1,,,,,,
+ github.com/moovweb/gokogiri/xpath,1,,,,,,,,,,,,,,,,,,1,,,,,,
- github.com/ory/fosite/token/jwt,2,,,,2,,,,,,,,,,,,,,,,,
+ github.com/ory/fosite/token/jwt,2,,,,2,,,,,,,,,,,,,,,,,,,,
+ github.com/raindog308/gorqlite,24,,,,,,,,,,,,,,24,,,,,,,,,,
- github.com/revel/revel,2,23,10,,,,1,,,,,,1,,,,,,23,,10,
+ github.com/revel/revel,2,23,10,,,,,,1,,,,,,,1,,,,,,23,,10,
- github.com/robfig/revel,2,23,10,,,,1,,,,,,1,,,,,,23,,10,
+ github.com/robfig/revel,2,23,10,,,,,,1,,,,,,,1,,,,,,23,,10,
+ github.com/rqlite/gorqlite,24,,,,,,,,,,,,,,24,,,,,,,,,,
- github.com/santhosh-tekuri/xpathparser,2,,,,,,,,,,,,,,,2,,,,,,
+ github.com/santhosh-tekuri/xpathparser,2,,,,,,,,,,,,,,,,,,2,,,,,,
- github.com/sendgrid/sendgrid-go/helpers/mail,,,1,,,,,,,,,,,,,,,,,,1,
+ github.com/sendgrid/sendgrid-go/helpers/mail,,,1,,,,,,,,,,,,,,,,,,,,,1,
+ github.com/sirupsen/logrus,145,,,,,,145,,,,,,,,,,,,,,,,,,
- github.com/spf13/afero,34,,,,,,34,,,,,,,,,,,,,,,
+ github.com/spf13/afero,34,,,,,,,,34,,,,,,,,,,,,,,,,
- github.com/square/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,4,
+ github.com/square/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,,,,4,
+ github.com/uptrace/bun,63,,,,,,,,,,,,,,63,,,,,,,,,,
- github.com/valyala/fasthttp,35,50,5,,,,8,,,,17,8,2,,,,,,50,,5,
+ github.com/valyala/fasthttp,35,50,5,,,,,,8,,,,17,8,,2,,,,,,50,,5,
+ go.mongodb.org/mongo-driver/mongo,14,,,,,,,14,,,,,,,,,,,,,,,,,
- go.uber.org/zap,,,11,,,,,,,,,,,,,,,,,,11,
+ go.uber.org/zap,33,,11,,,,33,,,,,,,,,,,,,,,,,11,
- golang.org/x/crypto/ssh,4,,,4,,,,,,,,,,,,,,,,,,
+ golang.org/x/crypto/ssh,4,,,4,,,,,,,,,,,,,,,,,,,,,
- golang.org/x/net/context,,,5,,,,,,,,,,,,,,,,,,5,
+ golang.org/x/net/context,,,5,,,,,,,,,,,,,,,,,,,,,5,
- golang.org/x/net/html,,,16,,,,,,,,,,,,,,,,,,16,
+ golang.org/x/net/html,,,16,,,,,,,,,,,,,,,,,,,,,16,
- golang.org/x/net/websocket,,2,,,,,,,,,,,,,,,,,2,,,
+ golang.org/x/net/websocket,,2,,,,,,,,,,,,,,,,,,,,2,,,
- google.golang.org/protobuf/internal/encoding/text,,,1,,,,,,,,,,,,,,,,,,1,
+ google.golang.org/protobuf/internal/encoding/text,,,1,,,,,,,,,,,,,,,,,,,,,1,
- google.golang.org/protobuf/internal/impl,,,2,,,,,,,,,,,,,,,,,,2,
+ google.golang.org/protobuf/internal/impl,,,2,,,,,,,,,,,,,,,,,,,,,2,
- google.golang.org/protobuf/proto,,,8,,,,,,,,,,,,,,,,,,8,
+ google.golang.org/protobuf/proto,,,8,,,,,,,,,,,,,,,,,,,,,8,
- google.golang.org/protobuf/reflect/protoreflect,,,1,,,,,,,,,,,,,,,,,,1,
+ google.golang.org/protobuf/reflect/protoreflect,,,1,,,,,,,,,,,,,,,,,,,,,1,
+ gopkg.in/Masterminds/squirrel,32,,,,,,,,,,,,,,32,,,,,,,,,,
- gopkg.in/couchbase/gocb,,,18,,,,,,,,,,,,,,,,,,18,
+ gopkg.in/couchbase/gocb,8,,18,,,,,8,,,,,,,,,,,,,,,,18,
+ gopkg.in/glog,90,,,,,,90,,,,,,,,,,,,,,,,,,
- gopkg.in/go-jose/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,4,
+ gopkg.in/go-jose/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,,,,4,
- gopkg.in/go-xmlpath/xmlpath,2,,,,,,,,,,,,,,,2,,,,,,
+ gopkg.in/go-xmlpath/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,
- gopkg.in/macaron,1,12,1,,,,,,,,,,,,1,,,,12,,1,
+ gopkg.in/macaron,1,12,1,,,,,,,,,,,,,,,1,,,,12,,1,
- gopkg.in/square/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,4,
+ gopkg.in/square/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,,,,4,
- gopkg.in/xmlpath,2,,,,,,,,,,,,,,,2,,,,,,
+ gopkg.in/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,
- gopkg.in/yaml,,,9,,,,,,,,,,,,,,,,,,9,
+ gopkg.in/yaml,,,9,,,,,,,,,,,,,,,,,,,,,9,
+ gorm.io/gorm,13,,,,,,,,,,,,,,13,,,,,,,,,,
- html,,,8,,,,,,,,,,,,,,,,,,8,
+ html,,,8,,,,,,,,,,,,,,,,,,,,,8,
- io,5,4,34,,,,5,,,,,,,,,,,4,,,34,
+ io,5,4,34,,,,,,5,,,,,,,,,,,,4,,,34,
- k8s.io/api/core,,,10,,,,,,,,,,,,,,,,,,10,
+ k8s.io/api/core,,,10,,,,,,,,,,,,,,,,,,,,,10,
- k8s.io/apimachinery/pkg/runtime,,,47,,,,,,,,,,,,,,,,,,47,
+ k8s.io/apimachinery/pkg/runtime,,,47,,,,,,,,,,,,,,,,,,,,,47,
+ k8s.io/klog,90,,,,,,90,,,,,,,,,,,,,,,,,,
- launchpad.net/xmlpath,2,,,,,,,,,,,,,,,2,,,,,,
+ launchpad.net/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,
- log,,,3,,,,,,,,,,,,,,,,,,3,
+ log,20,,3,,,,20,,,,,,,,,,,,,,,,,3,
- math/big,,,1,,,,,,,,,,,,,,,,,,1,
+ math/big,,,1,,,,,,,,,,,,,,,,,,,,,1,
- mime,,,14,,,,,,,,,,,,,,,,,,14,
+ mime,,,14,,,,,,,,,,,,,,,,,,,,,14,
- net,2,16,100,,,,1,,,,,,,1,,,,,16,,100,
+ net,2,16,100,,,,,,1,,,,,,,,1,,,,,16,,100,
- nhooyr.io/websocket,,2,,,,,,,,,,,,,,,,,2,,,
+ nhooyr.io/websocket,,2,,,,,,,,,,,,,,,,,,,,2,,,
- os,29,11,6,3,,,26,,,,,,,,,,7,3,,1,6,
+ os,29,11,6,3,,,,,26,,,,,,,,,,,7,3,,1,6,
- path,,,18,,,,,,,,,,,,,,,,,,18,
+ path,,,18,,,,,,,,,,,,,,,,,,,,,18,
- reflect,,,37,,,,,,,,,,,,,,,,,,37,
+ reflect,,,37,,,,,,,,,,,,,,,,,,,,,37,
- regexp,10,,20,,,,,3,3,4,,,,,,,,,,,20,
+ regexp,10,,20,,,,,,,3,3,4,,,,,,,,,,,,20,
- sort,,,1,,,,,,,,,,,,,,,,,,1,
+ sort,,,1,,,,,,,,,,,,,,,,,,,,,1,
- strconv,,,9,,,,,,,,,,,,,,,,,,9,
+ strconv,,,9,,,,,,,,,,,,,,,,,,,,,9,
- strings,,,34,,,,,,,,,,,,,,,,,,34,
+ strings,,,34,,,,,,,,,,,,,,,,,,,,,34,
- sync,,,34,,,,,,,,,,,,,,,,,,34,
+ sync,,,34,,,,,,,,,,,,,,,,,,,,,34,
- syscall,5,2,8,5,,,,,,,,,,,,,2,,,,8,
+ syscall,5,2,8,5,,,,,,,,,,,,,,,,2,,,,8,
- text/scanner,,,3,,,,,,,,,,,,,,,,,,3,
+ text/scanner,,,3,,,,,,,,,,,,,,,,,,,,,3,
- text/tabwriter,,,1,,,,,,,,,,,,,,,,,,1,
+ text/tabwriter,,,1,,,,,,,,,,,,,,,,,,,,,1,
- text/template,,,6,,,,,,,,,,,,,,,,,,6,
+ text/template,,,6,,,,,,,,,,,,,,,,,,,,,6,
+ xorm.io/xorm,34,,,,,,,,,,,,,,34,,,,,,,,,,

@owen-mc owen-mc force-pushed the go/reinstate-mad-with-fixes branch 3 times, most recently from 23bb353 to e0f6acc Compare September 19, 2024 16:02
owen-mc and others added 24 commits November 19, 2024 11:13
…oved)

Various non-existent methods were modeled, and I couldn't find any
evidence that they used to exist. They aren't in the stubs or tests. I
have removed them.
Co-authored-by: Edward Minnix III <[email protected]>
We need to put a restriction on the type of the argument.
We set it to False when it has no meaning and True otherwise.
@owen-mc owen-mc marked this pull request as ready for review November 20, 2024 00:01
@owen-mc owen-mc requested a review from a team as a code owner November 20, 2024 00:01
@owen-mc
Copy link
Contributor Author

owen-mc commented Nov 20, 2024

I put the change note in the src folder because it changes query output, but now I think about it I'm actually changing the library, so it should go into the lib folder, shouldn't it?

@owen-mc owen-mc requested a review from a team as a code owner November 20, 2024 13:52
@github-actions github-actions bot added the C# label Nov 20, 2024
---
category: minorAnalysis
---
* A call to a method whose name starts with "Debug", "Error", "Fatal", "Info", "Log", "Output", "Panic", "Print", "Trace", "Warn" or "With" defined on an interface whose name ends in "logger" or "Logger" is now considered a LoggerCall. In particular, it is a sink for `go/clear-text-logging` and `go/log-injection`. This may lead to some more alerts in those queries.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this the right location for the change note?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For some reason VS code is always trying to recommend this directory for change notes, and I finally fell for it 🤦🏻 .

@owen-mc
Copy link
Contributor Author

owen-mc commented Nov 20, 2024

I've now looked through the QA results from ~5,000 repos. We get a lot of extra results for log injection (~1,500) and cleartext logging (~300). I sampled them and they all seem to be valid results from us adding a heuristic for local logger interfaces. I looked in detail at all the repos where we lost results. (We lost ~40 results in total.) Some were because they are calling logger functions using a variable, which isn't currently supported. I shouldn't be too hard but there may be a performance penalty. I will file a follow-up issue to look into that. I also found a bug in my recent work to fix models-as-data inheritance, which I will fix as a follow-up. There are also a handful of lost alerts because we were previously matching something we hadn't actually modeled because of the known issue where Function.getACall() (which is routinely used in QL models) also matches calls to an interface method which the function implements. This means that we are accidentally matching some libraries that we haven't modeled, just because they have similarities with libraries that we have modelled.

Overall I think these results are very good, and the handful of lost alerts shouldn't stop this PR from being merged.

@smowton
Copy link
Contributor

smowton commented Nov 20, 2024

Change note needs moving as @michaelnebel notes; then happy to merge per that description.

@github-actions github-actions bot removed the C# label Nov 20, 2024
Copy link
Contributor

@smowton smowton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks plausible

@owen-mc owen-mc merged commit 9aede5f into github:main Nov 20, 2024
14 checks passed
@owen-mc owen-mc deleted the go/reinstate-mad-with-fixes branch November 20, 2024 14:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants