-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Go: reinstate models-as-data sink conversions with fixes #17494
Conversation
Click to show differences in coveragegoGenerated file changes for go
- `Couchbase official client(gocb) <https://github.com/couchbase/gocb>`_,"``github.com/couchbase/gocb*``, ``gopkg.in/couchbase/gocb*``",,36,
+ `Couchbase official client(gocb) <https://github.com/couchbase/gocb>`_,"``github.com/couchbase/gocb*``, ``gopkg.in/couchbase/gocb*``",,36,16
- `Couchbase unofficial client <http://www.github.com/couchbase/go-couchbase>`_,``github.com/couchbaselabs/gocb*``,,18,
+ `Couchbase unofficial client <http://www.github.com/couchbase/go-couchbase>`_,``github.com/couchbaselabs/gocb*``,,18,8
- `Glog <https://github.com/golang/glog>`_,"``github.com/golang/glog*``, ``gopkg.in/glog*``, ``k8s.io/klog*``",,,
+ `Glog <https://github.com/golang/glog>`_,"``github.com/golang/glog*``, ``gopkg.in/glog*``, ``k8s.io/klog*``",,,270
- `Go-spew <https://github.com/davecgh/go-spew>`_,``github.com/davecgh/go-spew/spew*``,,,
+ `Go-spew <https://github.com/davecgh/go-spew>`_,``github.com/davecgh/go-spew/spew*``,,,9
- `Logrus <https://github.com/sirupsen/logrus>`_,"``github.com/Sirupsen/logrus*``, ``github.com/sirupsen/logrus*``",,,
+ `Logrus <https://github.com/sirupsen/logrus>`_,"``github.com/Sirupsen/logrus*``, ``github.com/sirupsen/logrus*``",,,290
- `Standard library <https://pkg.go.dev/std>`_,"````, ``archive/*``, ``bufio``, ``bytes``, ``cmp``, ``compress/*``, ``container/*``, ``context``, ``crypto``, ``crypto/*``, ``database/*``, ``debug/*``, ``embed``, ``encoding``, ``encoding/*``, ``errors``, ``expvar``, ``flag``, ``fmt``, ``go/*``, ``hash``, ``hash/*``, ``html``, ``html/*``, ``image``, ``image/*``, ``index/*``, ``io``, ``io/*``, ``log``, ``log/*``, ``maps``, ``math``, ``math/*``, ``mime``, ``mime/*``, ``net``, ``net/*``, ``os``, ``os/*``, ``path``, ``path/*``, ``plugin``, ``reflect``, ``reflect/*``, ``regexp``, ``regexp/*``, ``slices``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/*``, ``syscall``, ``syscall/*``, ``testing``, ``testing/*``, ``text/*``, ``time``, ``time/*``, ``unicode``, ``unicode/*``, ``unsafe``",33,587,51
+ `Standard library <https://pkg.go.dev/std>`_,"````, ``archive/*``, ``bufio``, ``bytes``, ``cmp``, ``compress/*``, ``container/*``, ``context``, ``crypto``, ``crypto/*``, ``database/*``, ``debug/*``, ``embed``, ``encoding``, ``encoding/*``, ``errors``, ``expvar``, ``flag``, ``fmt``, ``go/*``, ``hash``, ``hash/*``, ``html``, ``html/*``, ``image``, ``image/*``, ``index/*``, ``io``, ``io/*``, ``log``, ``log/*``, ``maps``, ``math``, ``math/*``, ``mime``, ``mime/*``, ``net``, ``net/*``, ``os``, ``os/*``, ``path``, ``path/*``, ``plugin``, ``reflect``, ``reflect/*``, ``regexp``, ``regexp/*``, ``slices``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/*``, ``syscall``, ``syscall/*``, ``testing``, ``testing/*``, ``text/*``, ``time``, ``time/*``, ``unicode``, ``unicode/*``, ``unsafe``",33,587,104
- `beego <https://beego.me/>`_,"``github.com/astaxie/beego*``, ``github.com/beego/beego*``",63,63,21
+ `beego <https://beego.me/>`_,"``github.com/astaxie/beego*``, ``github.com/beego/beego*``",63,63,213
- `goproxy <https://github.com/elazarl/goproxy>`_,``github.com/elazarl/goproxy*``,2,2,
+ `goproxy <https://github.com/elazarl/goproxy>`_,``github.com/elazarl/goproxy*``,2,2,2
- `zap <https://go.uber.org/zap>`_,``go.uber.org/zap*``,,11,
+ `zap <https://go.uber.org/zap>`_,``go.uber.org/zap*``,,11,33
- Others,"``github.com/caarlos0/env``, ``github.com/gobuffalo/envy``, ``github.com/hashicorp/go-envparse``, ``github.com/joho/godotenv``, ``github.com/kelseyhightower/envconfig``",23,2,
+ Others,"``github.com/Masterminds/squirrel``, ``github.com/caarlos0/env``, ``github.com/go-gorm/gorm``, ``github.com/go-xorm/xorm``, ``github.com/gobuffalo/envy``, ``github.com/gogf/gf/database/gdb``, ``github.com/hashicorp/go-envparse``, ``github.com/jinzhu/gorm``, ``github.com/jmoiron/sqlx``, ``github.com/joho/godotenv``, ``github.com/kelseyhightower/envconfig``, ``github.com/lann/squirrel``, ``github.com/raindog308/gorqlite``, ``github.com/rqlite/gorqlite``, ``github.com/uptrace/bun``, ``go.mongodb.org/mongo-driver/mongo``, ``gopkg.in/Masterminds/squirrel``, ``gorm.io/gorm``, ``xorm.io/xorm``",23,2,391
- Totals,,307,911,268
+ Totals,,307,911,1532
- package,sink,source,summary,sink:command-injection,sink:credentials-key,sink:jwt,sink:path-injection,sink:regex-use[0],sink:regex-use[1],sink:regex-use[c],sink:request-forgery,sink:request-forgery[TCP Addr + Port],sink:url-redirection,sink:url-redirection[0],sink:url-redirection[receiver],sink:xpath-injection,source:environment,source:file,source:remote,source:stdin,summary:taint,summary:value
+ package,sink,source,summary,sink:command-injection,sink:credentials-key,sink:jwt,sink:log-injection,sink:nosql-injection,sink:path-injection,sink:regex-use[0],sink:regex-use[1],sink:regex-use[c],sink:request-forgery,sink:request-forgery[TCP Addr + Port],sink:sql-injection,sink:url-redirection,sink:url-redirection[0],sink:url-redirection[receiver],sink:xpath-injection,source:environment,source:file,source:remote,source:stdin,summary:taint,summary:value
- ,,,8,,,,,,,,,,,,,,,,,,3,5
+ ,,,8,,,,,,,,,,,,,,,,,,,,,3,5
- archive/tar,,,5,,,,,,,,,,,,,,,,,,5,
+ archive/tar,,,5,,,,,,,,,,,,,,,,,,,,,5,
- archive/zip,,,6,,,,,,,,,,,,,,,,,,6,
+ archive/zip,,,6,,,,,,,,,,,,,,,,,,,,,6,
- bufio,,,17,,,,,,,,,,,,,,,,,,17,
+ bufio,,,17,,,,,,,,,,,,,,,,,,,,,17,
- bytes,,,43,,,,,,,,,,,,,,,,,,43,
+ bytes,,,43,,,,,,,,,,,,,,,,,,,,,43,
- clevergo.tech/clevergo,1,,,,,,,,,,,,,,1,,,,,,,
+ clevergo.tech/clevergo,1,,,,,,,,,,,,,,,,,1,,,,,,,
- compress/bzip2,,,1,,,,,,,,,,,,,,,,,,1,
+ compress/bzip2,,,1,,,,,,,,,,,,,,,,,,,,,1,
- compress/flate,,,4,,,,,,,,,,,,,,,,,,4,
+ compress/flate,,,4,,,,,,,,,,,,,,,,,,,,,4,
- compress/gzip,,,3,,,,,,,,,,,,,,,,,,3,
+ compress/gzip,,,3,,,,,,,,,,,,,,,,,,,,,3,
- compress/lzw,,,1,,,,,,,,,,,,,,,,,,1,
+ compress/lzw,,,1,,,,,,,,,,,,,,,,,,,,,1,
- compress/zlib,,,4,,,,,,,,,,,,,,,,,,4,
+ compress/zlib,,,4,,,,,,,,,,,,,,,,,,,,,4,
- container/heap,,,5,,,,,,,,,,,,,,,,,,5,
+ container/heap,,,5,,,,,,,,,,,,,,,,,,,,,5,
- container/list,,,20,,,,,,,,,,,,,,,,,,20,
+ container/list,,,20,,,,,,,,,,,,,,,,,,,,,20,
- container/ring,,,5,,,,,,,,,,,,,,,,,,5,
+ container/ring,,,5,,,,,,,,,,,,,,,,,,,,,5,
- context,,,5,,,,,,,,,,,,,,,,,,5,
+ context,,,5,,,,,,,,,,,,,,,,,,,,,5,
- crypto,,,10,,,,,,,,,,,,,,,,,,10,
+ crypto,,,10,,,,,,,,,,,,,,,,,,,,,10,
- database/sql,,,11,,,,,,,,,,,,,,,,,,11,
+ database/sql,30,,11,,,,,,,,,,,,30,,,,,,,,,11,
- encoding,,,77,,,,,,,,,,,,,,,,,,77,
+ encoding,,,77,,,,,,,,,,,,,,,,,,,,,77,
- errors,,,3,,,,,,,,,,,,,,,,,,3,
+ errors,,,3,,,,,,,,,,,,,,,,,,,,,3,
- expvar,,,6,,,,,,,,,,,,,,,,,,6,
+ expvar,,,6,,,,,,,,,,,,,,,,,,,,,6,
- fmt,,,16,,,,,,,,,,,,,,,,,,16,
+ fmt,3,,16,,,,3,,,,,,,,,,,,,,,,,16,
- github.com/ChrisTrenkamp/goxpath,3,,,,,,,,,,,,,,,3,,,,,,
+ github.com/ChrisTrenkamp/goxpath,3,,,,,,,,,,,,,,,,,,3,,,,,,
+ github.com/Masterminds/squirrel,32,,,,,,,,,,,,,,32,,,,,,,,,,
+ github.com/Sirupsen/logrus,145,,,,,,145,,,,,,,,,,,,,,,,,,
- github.com/antchfx/htmlquery,4,,,,,,,,,,,,,,,4,,,,,,
+ github.com/antchfx/htmlquery,4,,,,,,,,,,,,,,,,,,4,,,,,,
- github.com/antchfx/jsonquery,4,,,,,,,,,,,,,,,4,,,,,,
+ github.com/antchfx/jsonquery,4,,,,,,,,,,,,,,,,,,4,,,,,,
- github.com/antchfx/xmlquery,8,,,,,,,,,,,,,,,8,,,,,,
+ github.com/antchfx/xmlquery,8,,,,,,,,,,,,,,,,,,8,,,,,,
- github.com/antchfx/xpath,4,,,,,,,,,,,,,,,4,,,,,,
+ github.com/antchfx/xpath,4,,,,,,,,,,,,,,,,,,4,,,,,,
- github.com/appleboy/gin-jwt,1,,,,1,,,,,,,,,,,,,,,,,
+ github.com/appleboy/gin-jwt,1,,,,1,,,,,,,,,,,,,,,,,,,,
- github.com/astaxie/beego,7,21,21,,,,5,,,,,,2,,,,,,21,,21,
+ github.com/astaxie/beego,71,21,21,,,,34,,5,,,,,,30,2,,,,,,21,,21,
- github.com/beego/beego,14,42,42,,,,10,,,,,,4,,,,,,42,,42,
+ github.com/beego/beego,142,42,42,,,,68,,10,,,,,,60,4,,,,,,42,,42,
- github.com/caarlos0/env,,5,2,,,,,,,,,,,,,,5,,,,1,1
+ github.com/caarlos0/env,,5,2,,,,,,,,,,,,,,,,,5,,,,1,1
- github.com/clevergo/clevergo,1,,,,,,,,,,,,,,1,,,,,,,
+ github.com/clevergo/clevergo,1,,,,,,,,,,,,,,,,,1,,,,,,,
- github.com/codeskyblue/go-sh,4,,,4,,,,,,,,,,,,,,,,,,
+ github.com/codeskyblue/go-sh,4,,,4,,,,,,,,,,,,,,,,,,,,,
- github.com/couchbase/gocb,,,18,,,,,,,,,,,,,,,,,,18,
+ github.com/couchbase/gocb,8,,18,,,,,8,,,,,,,,,,,,,,,,18,
- github.com/couchbaselabs/gocb,,,18,,,,,,,,,,,,,,,,,,18,
+ github.com/couchbaselabs/gocb,8,,18,,,,,8,,,,,,,,,,,,,,,,18,
- github.com/crankycoder/xmlpath,2,,,,,,,,,,,,,,,2,,,,,,
+ github.com/crankycoder/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,
- github.com/cristalhq/jwt,1,,,,1,,,,,,,,,,,,,,,,,
+ github.com/cristalhq/jwt,1,,,,1,,,,,,,,,,,,,,,,,,,,
+ github.com/davecgh/go-spew/spew,9,,,,,,9,,,,,,,,,,,,,,,,,,
- github.com/dgrijalva/jwt-go,3,,9,,2,1,,,,,,,,,,,,,,,9,
+ github.com/dgrijalva/jwt-go,3,,9,,2,1,,,,,,,,,,,,,,,,,,9,
- github.com/elazarl/goproxy,,2,2,,,,,,,,,,,,,,,,2,,2,
+ github.com/elazarl/goproxy,2,2,2,,,,2,,,,,,,,,,,,,,,2,,2,
- github.com/emicklei/go-restful,,7,,,,,,,,,,,,,,,,,7,,,
+ github.com/emicklei/go-restful,,7,,,,,,,,,,,,,,,,,,,,7,,,
- github.com/evanphx/json-patch,,,12,,,,,,,,,,,,,,,,,,12,
+ github.com/evanphx/json-patch,,,12,,,,,,,,,,,,,,,,,,,,,12,
- github.com/form3tech-oss/jwt-go,2,,,,2,,,,,,,,,,,,,,,,,
+ github.com/form3tech-oss/jwt-go,2,,,,2,,,,,,,,,,,,,,,,,,,,
- github.com/gin-gonic/gin,3,46,2,,,,3,,,,,,,,,,,,46,,2,
+ github.com/gin-gonic/gin,3,46,2,,,,,,3,,,,,,,,,,,,,46,,2,
- github.com/go-chi/chi,,3,,,,,,,,,,,,,,,,,3,,,
+ github.com/go-chi/chi,,3,,,,,,,,,,,,,,,,,,,,3,,,
- github.com/go-chi/jwtauth,1,,,,1,,,,,,,,,,,,,,,,,
+ github.com/go-chi/jwtauth,1,,,,1,,,,,,,,,,,,,,,,,,,,
+ github.com/go-gorm/gorm,13,,,,,,,,,,,,,,13,,,,,,,,,,
- github.com/go-jose/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,4,
+ github.com/go-jose/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,,,,4,
- github.com/go-kit/kit/auth/jwt,1,,,,1,,,,,,,,,,,,,,,,,
+ github.com/go-kit/kit/auth/jwt,1,,,,1,,,,,,,,,,,,,,,,,,,,
- github.com/go-pg/pg/orm,,,6,,,,,,,,,,,,,,,,,,6,
+ github.com/go-pg/pg/orm,,,6,,,,,,,,,,,,,,,,,,,,,6,
- github.com/go-xmlpath/xmlpath,2,,,,,,,,,,,,,,,2,,,,,,
+ github.com/go-xmlpath/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,
+ github.com/go-xorm/xorm,34,,,,,,,,,,,,,,34,,,,,,,,,,
- github.com/gobuffalo/envy,,7,,,,,,,,,,,,,,,7,,,,,
+ github.com/gobuffalo/envy,,7,,,,,,,,,,,,,,,,,,7,,,,,
- github.com/gobwas/ws,,2,,,,,,,,,,,,,,,,,2,,,
+ github.com/gobwas/ws,,2,,,,,,,,,,,,,,,,,,,,2,,,
- github.com/gofiber/fiber,5,,,,,,4,,,,,,,,1,,,,,,,
+ github.com/gofiber/fiber,5,,,,,,,,4,,,,,,,,,1,,,,,,,
- github.com/gogf/gf-jwt,1,,,,1,,,,,,,,,,,,,,,,,
+ github.com/gogf/gf-jwt,1,,,,1,,,,,,,,,,,,,,,,,,,,
+ github.com/gogf/gf/database/gdb,51,,,,,,,,,,,,,,51,,,,,,,,,,
- github.com/going/toolkit/xmlpath,2,,,,,,,,,,,,,,,2,,,,,,
+ github.com/going/toolkit/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,
- github.com/golang-jwt/jwt,3,,11,,2,1,,,,,,,,,,,,,,,11,
+ github.com/golang-jwt/jwt,3,,11,,2,1,,,,,,,,,,,,,,,,,,11,
+ github.com/golang/glog,90,,,,,,90,,,,,,,,,,,,,,,,,,
- github.com/golang/protobuf/proto,,,4,,,,,,,,,,,,,,,,,,4,
+ github.com/golang/protobuf/proto,,,4,,,,,,,,,,,,,,,,,,,,,4,
- github.com/gorilla/mux,,1,,,,,,,,,,,,,,,,,1,,,
+ github.com/gorilla/mux,,1,,,,,,,,,,,,,,,,,,,,1,,,
- github.com/gorilla/websocket,,3,,,,,,,,,,,,,,,,,3,,,
+ github.com/gorilla/websocket,,3,,,,,,,,,,,,,,,,,,,,3,,,
- github.com/hashicorp/go-envparse,,1,,,,,,,,,,,,,,,1,,,,,
+ github.com/hashicorp/go-envparse,,1,,,,,,,,,,,,,,,,,,1,,,,,
- github.com/jbowtie/gokogiri/xml,4,,,,,,,,,,,,,,,4,,,,,,
+ github.com/jbowtie/gokogiri/xml,4,,,,,,,,,,,,,,,,,,4,,,,,,
- github.com/jbowtie/gokogiri/xpath,1,,,,,,,,,,,,,,,1,,,,,,
+ github.com/jbowtie/gokogiri/xpath,1,,,,,,,,,,,,,,,,,,1,,,,,,
+ github.com/jinzhu/gorm,13,,,,,,,,,,,,,,13,,,,,,,,,,
+ github.com/jmoiron/sqlx,12,,,,,,,,,,,,,,12,,,,,,,,,,
- github.com/joho/godotenv,,4,,,,,,,,,,,,,,,4,,,,,
+ github.com/joho/godotenv,,4,,,,,,,,,,,,,,,,,,4,,,,,
- github.com/json-iterator/go,,,4,,,,,,,,,,,,,,,,,,4,
+ github.com/json-iterator/go,,,4,,,,,,,,,,,,,,,,,,,,,4,
- github.com/kataras/iris/context,6,,,,,,6,,,,,,,,,,,,,,,
+ github.com/kataras/iris/context,6,,,,,,,,6,,,,,,,,,,,,,,,,
- github.com/kataras/iris/middleware/jwt,2,,,,2,,,,,,,,,,,,,,,,,
+ github.com/kataras/iris/middleware/jwt,2,,,,2,,,,,,,,,,,,,,,,,,,,
- github.com/kataras/iris/server/web/context,6,,,,,,6,,,,,,,,,,,,,,,
+ github.com/kataras/iris/server/web/context,6,,,,,,,,6,,,,,,,,,,,,,,,,
- github.com/kataras/jwt,5,,,,5,,,,,,,,,,,,,,,,,
+ github.com/kataras/jwt,5,,,,5,,,,,,,,,,,,,,,,,,,,
- github.com/kelseyhightower/envconfig,,6,,,,,,,,,,,,,,,6,,,,,
+ github.com/kelseyhightower/envconfig,,6,,,,,,,,,,,,,,,,,,6,,,,,
- github.com/labstack/echo,3,12,2,,,,2,,,,,,1,,,,,,12,,2,
+ github.com/labstack/echo,3,12,2,,,,,,2,,,,,,,1,,,,,,12,,2,
+ github.com/lann/squirrel,32,,,,,,,,,,,,,,32,,,,,,,,,,
- github.com/lestrrat-go/jwx,2,,,,2,,,,,,,,,,,,,,,,,
+ github.com/lestrrat-go/jwx,2,,,,2,,,,,,,,,,,,,,,,,,,,
- github.com/lestrrat-go/libxml2/parser,3,,,,,,,,,,,,,,,3,,,,,,
+ github.com/lestrrat-go/libxml2/parser,3,,,,,,,,,,,,,,,,,,3,,,,,,
- github.com/lestrrat/go-jwx/jwk,1,,,,1,,,,,,,,,,,,,,,,,
+ github.com/lestrrat/go-jwx/jwk,1,,,,1,,,,,,,,,,,,,,,,,,,,
- github.com/masterzen/xmlpath,2,,,,,,,,,,,,,,,2,,,,,,
+ github.com/masterzen/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,
- github.com/moovweb/gokogiri/xml,4,,,,,,,,,,,,,,,4,,,,,,
+ github.com/moovweb/gokogiri/xml,4,,,,,,,,,,,,,,,,,,4,,,,,,
- github.com/moovweb/gokogiri/xpath,1,,,,,,,,,,,,,,,1,,,,,,
+ github.com/moovweb/gokogiri/xpath,1,,,,,,,,,,,,,,,,,,1,,,,,,
- github.com/ory/fosite/token/jwt,2,,,,2,,,,,,,,,,,,,,,,,
+ github.com/ory/fosite/token/jwt,2,,,,2,,,,,,,,,,,,,,,,,,,,
+ github.com/raindog308/gorqlite,24,,,,,,,,,,,,,,24,,,,,,,,,,
- github.com/revel/revel,2,23,10,,,,1,,,,,,1,,,,,,23,,10,
+ github.com/revel/revel,2,23,10,,,,,,1,,,,,,,1,,,,,,23,,10,
- github.com/robfig/revel,2,23,10,,,,1,,,,,,1,,,,,,23,,10,
+ github.com/robfig/revel,2,23,10,,,,,,1,,,,,,,1,,,,,,23,,10,
+ github.com/rqlite/gorqlite,24,,,,,,,,,,,,,,24,,,,,,,,,,
- github.com/santhosh-tekuri/xpathparser,2,,,,,,,,,,,,,,,2,,,,,,
+ github.com/santhosh-tekuri/xpathparser,2,,,,,,,,,,,,,,,,,,2,,,,,,
- github.com/sendgrid/sendgrid-go/helpers/mail,,,1,,,,,,,,,,,,,,,,,,1,
+ github.com/sendgrid/sendgrid-go/helpers/mail,,,1,,,,,,,,,,,,,,,,,,,,,1,
+ github.com/sirupsen/logrus,145,,,,,,145,,,,,,,,,,,,,,,,,,
- github.com/spf13/afero,34,,,,,,34,,,,,,,,,,,,,,,
+ github.com/spf13/afero,34,,,,,,,,34,,,,,,,,,,,,,,,,
- github.com/square/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,4,
+ github.com/square/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,,,,4,
+ github.com/uptrace/bun,63,,,,,,,,,,,,,,63,,,,,,,,,,
- github.com/valyala/fasthttp,35,50,5,,,,8,,,,17,8,2,,,,,,50,,5,
+ github.com/valyala/fasthttp,35,50,5,,,,,,8,,,,17,8,,2,,,,,,50,,5,
+ go.mongodb.org/mongo-driver/mongo,14,,,,,,,14,,,,,,,,,,,,,,,,,
- go.uber.org/zap,,,11,,,,,,,,,,,,,,,,,,11,
+ go.uber.org/zap,33,,11,,,,33,,,,,,,,,,,,,,,,,11,
- golang.org/x/crypto/ssh,4,,,4,,,,,,,,,,,,,,,,,,
+ golang.org/x/crypto/ssh,4,,,4,,,,,,,,,,,,,,,,,,,,,
- golang.org/x/net/context,,,5,,,,,,,,,,,,,,,,,,5,
+ golang.org/x/net/context,,,5,,,,,,,,,,,,,,,,,,,,,5,
- golang.org/x/net/html,,,16,,,,,,,,,,,,,,,,,,16,
+ golang.org/x/net/html,,,16,,,,,,,,,,,,,,,,,,,,,16,
- golang.org/x/net/websocket,,2,,,,,,,,,,,,,,,,,2,,,
+ golang.org/x/net/websocket,,2,,,,,,,,,,,,,,,,,,,,2,,,
- google.golang.org/protobuf/internal/encoding/text,,,1,,,,,,,,,,,,,,,,,,1,
+ google.golang.org/protobuf/internal/encoding/text,,,1,,,,,,,,,,,,,,,,,,,,,1,
- google.golang.org/protobuf/internal/impl,,,2,,,,,,,,,,,,,,,,,,2,
+ google.golang.org/protobuf/internal/impl,,,2,,,,,,,,,,,,,,,,,,,,,2,
- google.golang.org/protobuf/proto,,,8,,,,,,,,,,,,,,,,,,8,
+ google.golang.org/protobuf/proto,,,8,,,,,,,,,,,,,,,,,,,,,8,
- google.golang.org/protobuf/reflect/protoreflect,,,1,,,,,,,,,,,,,,,,,,1,
+ google.golang.org/protobuf/reflect/protoreflect,,,1,,,,,,,,,,,,,,,,,,,,,1,
+ gopkg.in/Masterminds/squirrel,32,,,,,,,,,,,,,,32,,,,,,,,,,
- gopkg.in/couchbase/gocb,,,18,,,,,,,,,,,,,,,,,,18,
+ gopkg.in/couchbase/gocb,8,,18,,,,,8,,,,,,,,,,,,,,,,18,
+ gopkg.in/glog,90,,,,,,90,,,,,,,,,,,,,,,,,,
- gopkg.in/go-jose/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,4,
+ gopkg.in/go-jose/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,,,,4,
- gopkg.in/go-xmlpath/xmlpath,2,,,,,,,,,,,,,,,2,,,,,,
+ gopkg.in/go-xmlpath/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,
- gopkg.in/macaron,1,12,1,,,,,,,,,,,,1,,,,12,,1,
+ gopkg.in/macaron,1,12,1,,,,,,,,,,,,,,,1,,,,12,,1,
- gopkg.in/square/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,4,
+ gopkg.in/square/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,,,,4,
- gopkg.in/xmlpath,2,,,,,,,,,,,,,,,2,,,,,,
+ gopkg.in/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,
- gopkg.in/yaml,,,9,,,,,,,,,,,,,,,,,,9,
+ gopkg.in/yaml,,,9,,,,,,,,,,,,,,,,,,,,,9,
+ gorm.io/gorm,13,,,,,,,,,,,,,,13,,,,,,,,,,
- html,,,8,,,,,,,,,,,,,,,,,,8,
+ html,,,8,,,,,,,,,,,,,,,,,,,,,8,
- io,5,4,34,,,,5,,,,,,,,,,,4,,,34,
+ io,5,4,34,,,,,,5,,,,,,,,,,,,4,,,34,
- k8s.io/api/core,,,10,,,,,,,,,,,,,,,,,,10,
+ k8s.io/api/core,,,10,,,,,,,,,,,,,,,,,,,,,10,
- k8s.io/apimachinery/pkg/runtime,,,47,,,,,,,,,,,,,,,,,,47,
+ k8s.io/apimachinery/pkg/runtime,,,47,,,,,,,,,,,,,,,,,,,,,47,
+ k8s.io/klog,90,,,,,,90,,,,,,,,,,,,,,,,,,
- launchpad.net/xmlpath,2,,,,,,,,,,,,,,,2,,,,,,
+ launchpad.net/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,
- log,,,3,,,,,,,,,,,,,,,,,,3,
+ log,20,,3,,,,20,,,,,,,,,,,,,,,,,3,
- math/big,,,1,,,,,,,,,,,,,,,,,,1,
+ math/big,,,1,,,,,,,,,,,,,,,,,,,,,1,
- mime,,,14,,,,,,,,,,,,,,,,,,14,
+ mime,,,14,,,,,,,,,,,,,,,,,,,,,14,
- net,2,16,100,,,,1,,,,,,,1,,,,,16,,100,
+ net,2,16,100,,,,,,1,,,,,,,,1,,,,,16,,100,
- nhooyr.io/websocket,,2,,,,,,,,,,,,,,,,,2,,,
+ nhooyr.io/websocket,,2,,,,,,,,,,,,,,,,,,,,2,,,
- os,29,11,6,3,,,26,,,,,,,,,,7,3,,1,6,
+ os,29,11,6,3,,,,,26,,,,,,,,,,,7,3,,1,6,
- path,,,18,,,,,,,,,,,,,,,,,,18,
+ path,,,18,,,,,,,,,,,,,,,,,,,,,18,
- reflect,,,37,,,,,,,,,,,,,,,,,,37,
+ reflect,,,37,,,,,,,,,,,,,,,,,,,,,37,
- regexp,10,,20,,,,,3,3,4,,,,,,,,,,,20,
+ regexp,10,,20,,,,,,,3,3,4,,,,,,,,,,,,20,
- sort,,,1,,,,,,,,,,,,,,,,,,1,
+ sort,,,1,,,,,,,,,,,,,,,,,,,,,1,
- strconv,,,9,,,,,,,,,,,,,,,,,,9,
+ strconv,,,9,,,,,,,,,,,,,,,,,,,,,9,
- strings,,,34,,,,,,,,,,,,,,,,,,34,
+ strings,,,34,,,,,,,,,,,,,,,,,,,,,34,
- sync,,,34,,,,,,,,,,,,,,,,,,34,
+ sync,,,34,,,,,,,,,,,,,,,,,,,,,34,
- syscall,5,2,8,5,,,,,,,,,,,,,2,,,,8,
+ syscall,5,2,8,5,,,,,,,,,,,,,,,,2,,,,8,
- text/scanner,,,3,,,,,,,,,,,,,,,,,,3,
+ text/scanner,,,3,,,,,,,,,,,,,,,,,,,,,3,
- text/tabwriter,,,1,,,,,,,,,,,,,,,,,,1,
+ text/tabwriter,,,1,,,,,,,,,,,,,,,,,,,,,1,
- text/template,,,6,,,,,,,,,,,,,,,,,,6,
+ text/template,,,6,,,,,,,,,,,,,,,,,,,,,6,
+ xorm.io/xorm,34,,,,,,,,,,,,,,34,,,,,,,,,, |
23bb353
to
e0f6acc
Compare
…oved) Various non-existent methods were modeled, and I couldn't find any evidence that they used to exist. They aren't in the stubs or tests. I have removed them.
Co-authored-by: Edward Minnix III <[email protected]>
We need to put a restriction on the type of the argument.
We set it to False when it has no meaning and True otherwise.
e0f6acc
to
307fdc0
Compare
I put the change note in the src folder because it changes query output, but now I think about it I'm actually changing the library, so it should go into the lib folder, shouldn't it? |
--- | ||
category: minorAnalysis | ||
--- | ||
* A call to a method whose name starts with "Debug", "Error", "Fatal", "Info", "Log", "Output", "Panic", "Print", "Trace", "Warn" or "With" defined on an interface whose name ends in "logger" or "Logger" is now considered a LoggerCall. In particular, it is a sink for `go/clear-text-logging` and `go/log-injection`. This may lead to some more alerts in those queries. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this the right location for the change note?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For some reason VS code is always trying to recommend this directory for change notes, and I finally fell for it 🤦🏻 .
I've now looked through the QA results from ~5,000 repos. We get a lot of extra results for log injection (~1,500) and cleartext logging (~300). I sampled them and they all seem to be valid results from us adding a heuristic for local logger interfaces. I looked in detail at all the repos where we lost results. (We lost ~40 results in total.) Some were because they are calling logger functions using a variable, which isn't currently supported. I shouldn't be too hard but there may be a performance penalty. I will file a follow-up issue to look into that. I also found a bug in my recent work to fix models-as-data inheritance, which I will fix as a follow-up. There are also a handful of lost alerts because we were previously matching something we hadn't actually modeled because of the known issue where Overall I think these results are very good, and the handful of lost alerts shouldn't stop this PR from being merged. |
Change note needs moving as @michaelnebel notes; then happy to merge per that description. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks plausible
The first 14 commits are reinstating commits that were reverted in #17296. Then there are some commits fixing things: reverting some models back to QL and adding some models-as-data models for
logrus.FieldLogger
. Then there are some commits adding tests that would have caught the problems in the first place. Finally, there are some commits adding a heuristic for logger calls to replace results that we now miss because we have converted all logging models to MaD (because QL models normally useMethod.getACall()
, which is too broad and matches any interface method which the modeled method implements).