Go: Revert MaD models for database/sql to use QL instead

[egregius313]

There have been some issues with variable arguments in source models in MaD. This reverts some models back to being modeled in QL.

Copilot reviewed 2 out of 3 changed files in this pull request and generated no comments.

Files not reviewed (1)

• go/ql/lib/semmle/go/frameworks/stdlib/DatabaseSql.qll: Language not supported

Comments suppressed due to low confidence (1)

go/ql/lib/ext/database.sql.driver.model.yml:26

• The taint propagation for the Next method of Rows has been changed from Argument[0] to ReturnValue[0]. Ensure that this change is correct and does not introduce unintended behavior.

-      - ["database/sql/driver", "Rows", True, "Next", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]

Tip: Copilot only keeps its highest confidence comments to reduce noise and keep you focused. Learn more

[github-actions]

⚠️ The head of this PR and the base branch were compared for differences in the framework coverage reports. The generated reports are available in the artifacts of this workflow run. The differences will be picked up by the nightly job after the PR gets merged.

Click to show differences in coverage

go

Generated file changes for go

• Changes to framework-coverage-go.rst:

-    `Standard library <https://pkg.go.dev/std>`_,"````, ``archive/*``, ``bufio``, ``bytes``, ``cmp``, ``compress/*``, ``container/*``, ``context``, ``crypto``, ``crypto/*``, ``database/*``, ``debug/*``, ``embed``, ``encoding``, ``encoding/*``, ``errors``, ``expvar``, ``flag``, ``fmt``, ``go/*``, ``hash``, ``hash/*``, ``html``, ``html/*``, ``image``, ``image/*``, ``index/*``, ``io``, ``io/*``, ``log``, ``log/*``, ``maps``, ``math``, ``math/*``, ``mime``, ``mime/*``, ``net``, ``net/*``, ``os``, ``os/*``, ``path``, ``path/*``, ``plugin``, ``reflect``, ``reflect/*``, ``regexp``, ``regexp/*``, ``slices``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/*``, ``syscall``, ``syscall/*``, ``testing``, ``testing/*``, ``text/*``, ``time``, ``time/*``, ``unicode``, ``unicode/*``, ``unsafe``",52,607,104
+    `Standard library <https://pkg.go.dev/std>`_,"````, ``archive/*``, ``bufio``, ``bytes``, ``cmp``, ``compress/*``, ``container/*``, ``context``, ``crypto``, ``crypto/*``, ``database/*``, ``debug/*``, ``embed``, ``encoding``, ``encoding/*``, ``errors``, ``expvar``, ``flag``, ``fmt``, ``go/*``, ``hash``, ``hash/*``, ``html``, ``html/*``, ``image``, ``image/*``, ``index/*``, ``io``, ``io/*``, ``log``, ``log/*``, ``maps``, ``math``, ``math/*``, ``mime``, ``mime/*``, ``net``, ``net/*``, ``os``, ``os/*``, ``path``, ``path/*``, ``plugin``, ``reflect``, ``reflect/*``, ``regexp``, ``regexp/*``, ``slices``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/*``, ``syscall``, ``syscall/*``, ``testing``, ``testing/*``, ``text/*``, ``time``, ``time/*``, ``unicode``, ``unicode/*``, ``unsafe``",52,605,104
-    Totals,,371,934,1532
+    Totals,,371,932,1532

• Changes to framework-coverage-go.csv:

- database/sql,30,18,14,,,,,,,,,,,,30,,,,,,18,,,,,14,
+ database/sql,30,18,12,,,,,,,,,,,,30,,,,,,18,,,,,12,

[owen-mc]

The test changes are expected - slightly different nodes and edges because modelling with MaD and modelling with function models works a bit differently. You can just accept them (the excellent misc/scripts/accept-expected-changes-from-ci.py does it all for you, in case you haven't come across it).