Extend documentation for package and use it in two more places.

Max Schaefer · Max Schaefer · commit adc3ce827447 · 2020-05-22T11:11:58.000+01:00
The predicate now works with an empty package path.

The way this is implemented is perhaps slightly non-obvious: the `($|/)\\Q" + path + "\\E"` part of the regular expression either matches the end of the string (and `path` must then be empty), or a slash followed by `path` (which may or may not be empty).

We do allow non-canonical import paths ending in `/`, which the compiler rejects. We could disallow that by putting a `(?!$)` assertion after the `/`, but that seems overkill.
diff --git a/ql/src/semmle/go/Packages.qll b/ql/src/semmle/go/Packages.qll
@@ -26,10 +26,13 @@ class Package extends @package {
 }
 
 /**
- * Gets the Go import string that may identify a package in module `mod` with the given path,
- * possibly modulo semantic import versioning.
+ * Gets an import path that identifies a package in module `mod` with the given path,
+ * possibly modulo [semantic import versioning](https://github.com/golang/go/wiki/Modules#semantic-import-versioning).
+ *
+ * For example, `package("github.com/go-pg/pg", "types")` gets an import path that can
+ * refer to `"github.com/go-pg/pg/types"`, but also to `"github.com/go-pg/pg/v10/types"`.
  */
 bindingset[result, mod, path]
 string package(string mod, string path) {
-  result.regexpMatch("\\Q" + mod + "\\E([/.]v[^/]+)?/\\Q" + path + "\\E")
+  result.regexpMatch("\\Q" + mod + "\\E([/.]v[^/]+)?($|/)\\Q" + path + "\\E")
 }
diff --git a/ql/src/semmle/go/frameworks/SQL.qll b/ql/src/semmle/go/frameworks/SQL.qll
@@ -76,11 +76,11 @@ module SQL {
 
     /** A string that might identify package `go-pg/pg` or a specific version of it. */
     bindingset[result]
-    private string gopg() { result.regexpMatch("github.com/go-pg/pg(/v[^/]+)?") }
+    private string gopg() { result = package("github.com/go-pg/pg", "") }
 
     /** A string that might identify package `go-pg/pg/orm` or a specific version of it. */
     bindingset[result]
-    private string gopgorm() { result.regexpMatch("github.com/go-pg/pg(/v[^/]+)?/orm") }
+    private string gopgorm() { result = package("github.com/go-pg/pg", "orm") }
 
     /**
      * A string argument to an API of `go-pg/pg` that is directly interpreted as SQL without
