Add BigQuery to the SQL frameworks so that it

JordyZomer · JordyZomer · commit 0163d5a7fc51 · 2025-01-09T14:31:09.000+01:00
Can be used as a sink for SQL injection queries.

Signed-off-by: Jordy Zomer &lt;jordy@pwning.systems&gt;
diff --git a/go/ql/lib/semmle/go/frameworks/SQL.qll b/go/ql/lib/semmle/go/frameworks/SQL.qll
@@ -100,12 +100,28 @@ module SQL {
       }
     }
 
+    /** A string that might identify package `go/bigquery` */
+    string gobigquery() { result = "cloud.google.com/go/bigquery.Client" }
+
     /** A string that might identify package `go-pg/pg` or a specific version of it. */
     private string gopg() { result = package("github.com/go-pg/pg", "") }
 
     /** A string that might identify package `go-pg/pg/orm` or a specific version of it. */
     private string gopgorm() { result = package("github.com/go-pg/pg", "orm") }
 
+    /**
+     * A string argument to an api of `go/bigquery` that is directly interpreted as SQL
+     * without taking syntactic structure in account
+     */
+    class BigQueryString extends Range {
+      BigQueryString() {
+        exists(Function f |
+          f.hasQualifiedName(gobigquery(), "Query") and
+          this = f.getACall().getArgument(0)
+        )
+      }
+    }
+
     /**
      * A string argument to an API of `go-pg/pg` that is directly interpreted as SQL without
      * taking syntactic structure into account.
