From d361ca998f711b935282bc7f6fb05a2c0e1c4846 Mon Sep 17 00:00:00 2001
From: Edward Minnix III <egregius313@gmail.com>
Date: Tue, 17 Jun 2025 17:20:54 -0400
Subject: [PATCH] `hashicorp/hcl` models

---
 go/ql/lib/ext/github.com.hashicorp.model.yml | 26 ++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 go/ql/lib/ext/github.com.hashicorp.model.yml

diff --git a/go/ql/lib/ext/github.com.hashicorp.model.yml b/go/ql/lib/ext/github.com.hashicorp.model.yml
new file mode 100644
index 000000000000..344b7a239300
--- /dev/null
+++ b/go/ql/lib/ext/github.com.hashicorp.model.yml
@@ -0,0 +1,26 @@
+extensions:
+  - addsTo:
+      pack: codeql/go-all
+      extensible: packageGrouping
+    data:
+      - ["hcl1", "github.com/hashicorp/hcl"]
+      - ["hclsimple", "github.com/hashicorp/hcl/v2/hclsimple"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sourceModel
+    data:
+      - ["group:hcl1", "", False, "Decode", "", "", "Argument[0]", "file", "manual"]
+      - ["group:hclsimple", "", False, "DecodeFile", "", "", "Argument[2]", "file", "manual"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sinkModel
+    data:
+      - ["group:hclsimple", "", False, "DecodeFile", "", "", "Argument[0]", "path-injection", "manual"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: summaryModel
+    data:
+      - ["group:hcl1", "", False, "Parse", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
+      - ["group:hcl1", "", False, "ParseBytes", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
+      - ["group:hcl1", "", False, "ParseString", "", "", "Argument[0]", "ReturnValue[0]", "taint", "manual"]
+      - ["group:hclsimple", "", False, "Decode", "", "", "Argument[1]", "Argument[3]", "taint", "manual"]