From a527e728784a1c77d6e680657347357a41ad6da4 Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Sun, 23 Jun 2024 07:36:15 +0100
Subject: [PATCH] Convert ElazarlGoproxy::UserControlledRequestData to MaD

---
 go/ql/lib/ext/github.com.elazarl.goproxy.model.yml |  7 +++++++
 go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll  | 13 -------------
 2 files changed, 7 insertions(+), 13 deletions(-)

diff --git a/go/ql/lib/ext/github.com.elazarl.goproxy.model.yml b/go/ql/lib/ext/github.com.elazarl.goproxy.model.yml
index 28fe818ff67ba..20e4a26f1cdba 100644
--- a/go/ql/lib/ext/github.com.elazarl.goproxy.model.yml
+++ b/go/ql/lib/ext/github.com.elazarl.goproxy.model.yml
@@ -5,3 +5,10 @@ extensions:
     data:
       - ["github.com/elazarl/goproxy", "CertStorage", True, "Fetch", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]
       - ["github.com/elazarl/goproxy", "CertStorage", True, "Fetch", "", "", "Argument[1]", "ReturnValue[0]", "taint", "manual"]
+
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sourceModel
+    data:
+      - ["github.com/elazarl/goproxy", "ProxyCtx", True, "UserData", "", "", "", "remote", "manual"]
+      - ["github.com/elazarl/goproxy", "ProxyCtx", True, "Charset", "", "", "ReturnValue", "remote", "manual"]
diff --git a/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll b/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll
index 007ea56a81c89..4d10c8af312d6 100644
--- a/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll
+++ b/go/ql/lib/semmle/go/frameworks/ElazarlGoproxy.qll
@@ -95,19 +95,6 @@ module ElazarlGoproxy {
     }
   }
 
-  private class UserControlledRequestData extends RemoteFlowSource::Range {
-    UserControlledRequestData() {
-      exists(DataFlow::FieldReadNode frn | this = frn |
-        // liberally consider ProxyCtx.UserData to be untrusted; it's a data field set by a request handler
-        frn.getField().hasQualifiedName(packagePath(), "ProxyCtx", "UserData")
-      )
-      or
-      exists(DataFlow::MethodCallNode call | this = call |
-        call.getTarget().hasQualifiedName(packagePath(), "ProxyCtx", "Charset")
-      )
-    }
-  }
-
   private class ProxyLogFunction extends StringOps::Formatting::Range, Method {
     ProxyLogFunction() { this.hasQualifiedName(packagePath(), "ProxyCtx", ["Logf", "Warnf"]) }