From 32631e2332a695305e672341011a8f009760336f Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 1 Oct 2024 10:16:55 +0100 Subject: [PATCH] Fix getCallTarget() --- .../go/dataflow/internal/FlowSummaryImpl.qll | 80 ++++++++++--------- 1 file changed, 41 insertions(+), 39 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll index 758a618bc03d1..0a9fa95dea7f8 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll @@ -229,50 +229,52 @@ module SourceSinkInterpretationInput implements /** Gets the target of this call, if any. */ SourceOrSinkElement getCallTarget() { - exists( - DataFlow::CallNode cn, Method m, string pkg, string name, boolean subtypes, - DataFlow::Node syntacticRecv, Type syntacticRecvType, Type syntacticRecvBaseType - | - cn = this.asCall().getNode() and - result.asEntity() = cn.getTarget() and - // result.asEntity().getName() = "Source" and + exists(DataFlow::CallNode cn | + // result.asEntity().getName() = "Command" and cn = this.asCall().getNode() and result.asEntity() = cn.getTarget() and - m = cn.getTarget() and - result.hasReceiverInfo(pkg, name, subtypes) and - syntacticRecv = skipImplicitFieldReads(cn.getReceiver()) and - syntacticRecvType = syntacticRecv.getType() and - ( - if syntacticRecvType instanceof PointerType - then syntacticRecvBaseType = syntacticRecvType.(PointerType).getBaseType() - else syntacticRecvBaseType = syntacticRecvType - ) and ( - syntacticRecvBaseType.hasQualifiedName(pkg, name) + not cn.getTarget() instanceof Method or - subtypes = true and - ( - // `syntacticRecvBaseType`'s underlying type might be a struct type and `result` - // might relate to a promoted method. - exists(string ppm, StructType st, string ppst, Field embeddedParent, int depth | - ppm = m.getQualifiedName() and - st = syntacticRecvBaseType.getUnderlyingType() and - ppst = st.pp() and - m = st.getMethodOfEmbedded(embeddedParent, _, depth) and - receiverInfoHelper(m, embeddedParent, st, depth, pkg, name) - // and - // //redundant - // syntacticRecvBaseType = cn.getReceiver().getType() and - // m = cn.getTarget() - ) + exists( + Method m, string pkg, string name, boolean subtypes, DataFlow::Node syntacticRecv, + Type syntacticRecvType, Type syntacticRecvBaseType + | + m = cn.getTarget() and + result.hasReceiverInfo(pkg, name, subtypes) and + syntacticRecv = skipImplicitFieldReads(cn.getReceiver()) and + syntacticRecvType = syntacticRecv.getType() and + if syntacticRecvType instanceof PointerType + then syntacticRecvBaseType = syntacticRecvType.(PointerType).getBaseType() + else syntacticRecvBaseType = syntacticRecvType + | + syntacticRecvBaseType.hasQualifiedName(pkg, name) or - // `syntacticRecvBaseType`'s underlying type might be an interface type and `result` - // might relate to an embedded interface. - exists(Type t, string pprecv | - pprecv = syntacticRecvBaseType.pp() and - t = syntacticRecvBaseType.getUnderlyingType().(InterfaceType).getAnEmbeddedInterface() and - t.hasQualifiedName(pkg, name) and - m.hasQualifiedName(pkg, name, _) + subtypes = true and + ( + // `syntacticRecvBaseType`'s underlying type might be a struct type and `result` + // might relate to a promoted method. + exists(string ppm, StructType st, string ppst, Field embeddedParent, int depth | + ppm = m.getQualifiedName() and + st = syntacticRecvBaseType.getUnderlyingType() and + ppst = st.pp() and + m = st.getMethodOfEmbedded(embeddedParent, _, depth) and + receiverInfoHelper(m, embeddedParent, st, depth, pkg, name) + // and + // //redundant + // syntacticRecvBaseType = cn.getReceiver().getType() and + // m = cn.getTarget() + ) + or + // `syntacticRecvBaseType`'s underlying type might be an interface type and `result` + // might relate to an embedded interface. + exists(Type t, string pprecv | + pprecv = syntacticRecvBaseType.pp() and + t = + syntacticRecvBaseType.getUnderlyingType().(InterfaceType).getAnEmbeddedInterface() and + t.hasQualifiedName(pkg, name) and + m.(Method).hasQualifiedName(pkg, name, _) + ) ) ) )