Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit a3ba74a

Browse files
owen-mcowen-mc
committed
Cast to MethodCallNode before calling getReceiver()
This is not required, because getReceiver is still defined on CallNode, but is done for consistency.
1 parent de8794e commit a3ba74a

12 files changed

Lines changed: 31 additions & 28 deletions

File tree

go/ql/lib/semmle/go/dataflow/internal/DataFlowDispatch.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ private import DataFlowPrivate
88
private predicate isInterfaceCallReceiver(
99
DataFlow::CallNode call, DataFlow::Node recv, InterfaceType tp, string m
1010
) {
11-
call.getReceiver() = recv and
11+
call.(DataFlow::MethodCallNode).getReceiver() = recv and
1212
recv.getType().getUnderlyingType() = tp and
1313
m = call.getACalleeIncludingExternals().asFunction().getName()
1414
}

go/ql/lib/semmle/go/frameworks/Gqlgen.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ module Gqlgen {
77
/** An autogenerated file containing gqlgen code. */
88
private class GqlgenGeneratedFile extends File {
99
GqlgenGeneratedFile() {
10-
exists(DataFlow::CallNode call |
10+
exists(DataFlow::MethodCallNode call |
1111
call.getReceiver().getType().hasQualifiedName("github.com/99designs/gqlgen/graphql", _) and
1212
call.getFile() = this
1313
)

go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -131,7 +131,7 @@ module NetHttp {
131131
)
132132
or
133133
stack = SummaryComponentStack::argument(-1) and
134-
result = call.getReceiver()
134+
result = call.(DataFlow::MethodCallNode).getReceiver()
135135
}
136136

137137
private class ResponseBody extends Http::ResponseBody::Range {

go/ql/lib/semmle/go/security/ExternalAPIs.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -86,7 +86,7 @@ class ExternalApiDataNode extends DataFlow::Node {
8686
this = call.getArgument(i)
8787
or
8888
// Receiver to a call to a method which returns non trivial value
89-
this = call.getReceiver() and
89+
this = call.(DataFlow::MethodCallNode).getReceiver() and
9090
i = -1
9191
) and
9292
// Not defined in the code that is being analyzed

go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,9 @@ module SafeUrlFlow {
3333

3434
/** A function model step using `UnsafeUrlMethod`, considered as a sanitizer for safe URL flow. */
3535
private class UnsafeUrlMethodEdge extends SanitizerEdge {
36-
UnsafeUrlMethodEdge() { this = any(UnsafeUrlMethod um).getACall().getReceiver() }
36+
UnsafeUrlMethodEdge() {
37+
this = any(UnsafeUrlMethod um).getACall().(DataFlow::MethodCallNode).getReceiver()
38+
}
3739
}
3840

3941
/** Any slicing of the URL, considered as a sanitizer for safe URL flow. */

go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -90,7 +90,7 @@ predicate isWritableFileHandle(DataFlow::Node source, DataFlow::CallNode call) {
9090
/**
9191
* Holds if `os.File.Close` is called on `sink`.
9292
*/
93-
predicate isCloseSink(DataFlow::Node sink, DataFlow::CallNode closeCall) {
93+
predicate isCloseSink(DataFlow::Node sink, DataFlow::MethodCallNode closeCall) {
9494
// find calls to the os.File.Close function
9595
closeCall = any(CloseFileFun f).getACall() and
9696
// that are unhandled
@@ -115,7 +115,7 @@ predicate isCloseSink(DataFlow::Node sink, DataFlow::CallNode closeCall) {
115115
* Holds if `os.File.Sync` is called on `sink` and the result of the call is neither
116116
* deferred nor discarded.
117117
*/
118-
predicate isHandledSync(DataFlow::Node sink, DataFlow::CallNode syncCall) {
118+
predicate isHandledSync(DataFlow::Node sink, DataFlow::MethodCallNode syncCall) {
119119
// find a call of the `os.File.Sync` function
120120
syncCall = any(SyncFileFun f).getACall() and
121121
// match the sink with the object on which the method is called

go/ql/src/Security/CWE-352/ConstantOauth2State.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -113,7 +113,7 @@ class PrivateUrlFlowsToAuthCodeUrlCall extends DataFlow::Configuration {
113113
)
114114
}
115115

116-
predicate isSinkCall(DataFlow::Node sink, DataFlow::CallNode call) {
116+
predicate isSinkCall(DataFlow::Node sink, DataFlow::MethodCallNode call) {
117117
exists(AuthCodeUrl m | call = m.getACall() | sink = call.getReceiver())
118118
}
119119

go/ql/src/experimental/CWE-1004/AuthCookie.qll

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -189,11 +189,11 @@ class GorillaCookieStoreSaveTrackingConfiguration extends DataFlow::Configuratio
189189
}
190190

191191
override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
192-
exists(DataFlow::MethodCallNode cn |
193-
cn.getTarget()
192+
exists(DataFlow::MethodCallNode mcn |
193+
mcn.getTarget()
194194
.hasQualifiedName(package("github.com/gorilla/sessions", ""), "CookieStore", "Get") and
195-
pred = cn.getReceiver() and
196-
succ = cn.getResult(0)
195+
pred = mcn.getReceiver() and
196+
succ = mcn.getResult(0)
197197
)
198198
}
199199
}

go/ql/src/experimental/CWE-285/PamAuthBypass.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ class PamStartToAcctMgmtConfig extends TaintTracking::Configuration {
4141
}
4242

4343
override predicate isSink(DataFlow::Node sink) {
44-
exists(PamAcctMgmt p | p.getACall().getReceiver() = sink)
44+
exists(PamAcctMgmt p | p.getACall().(DataFlow::MethodCallNode).getReceiver() = sink)
4545
}
4646
}
4747

@@ -53,7 +53,7 @@ class PamStartToAuthenticateConfig extends TaintTracking::Configuration {
5353
}
5454

5555
override predicate isSink(DataFlow::Node sink) {
56-
exists(PamAuthenticate p | p.getACall().getReceiver() = sink)
56+
exists(PamAuthenticate p | p.getACall().(DataFlow::MethodCallNode).getReceiver() = sink)
5757
}
5858
}
5959

go/ql/src/experimental/frameworks/CleverGo.qll

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -174,7 +174,7 @@ private module CleverGo {
174174
/**
175175
* Models HTTP redirects.
176176
*/
177-
private class HttpRedirect extends Http::Redirect::Range, DataFlow::CallNode {
177+
private class HttpRedirect extends Http::Redirect::Range, DataFlow::MethodCallNode {
178178
DataFlow::Node urlNode;
179179

180180
HttpRedirect() {
@@ -211,7 +211,7 @@ private module CleverGo {
211211
string package, string receiverName, DataFlow::Node bodyNode, string contentTypeString,
212212
DataFlow::Node receiverNode
213213
) {
214-
exists(string methodName, Method met, DataFlow::CallNode bodySetterCall |
214+
exists(string methodName, Method met, DataFlow::MethodCallNode bodySetterCall |
215215
met.hasQualifiedName(package, receiverName, methodName) and
216216
bodySetterCall = met.getACall() and
217217
receiverNode = bodySetterCall.getReceiver()
@@ -317,7 +317,7 @@ private module CleverGo {
317317
string package, string receiverName, DataFlow::Node bodyNode, DataFlow::Node contentTypeNode,
318318
DataFlow::Node receiverNode
319319
) {
320-
exists(string methodName, Method met, DataFlow::CallNode bodySetterCall |
320+
exists(string methodName, Method met, DataFlow::MethodCallNode bodySetterCall |
321321
met.hasQualifiedName(package, receiverName, methodName) and
322322
bodySetterCall = met.getACall() and
323323
receiverNode = bodySetterCall.getReceiver()
@@ -356,7 +356,7 @@ private module CleverGo {
356356
private predicate setsBody(
357357
string package, string receiverName, DataFlow::Node receiverNode, DataFlow::Node bodyNode
358358
) {
359-
exists(string methodName, Method met, DataFlow::CallNode bodySetterCall |
359+
exists(string methodName, Method met, DataFlow::MethodCallNode bodySetterCall |
360360
met.hasQualifiedName(package, receiverName, methodName) and
361361
bodySetterCall = met.getACall() and
362362
receiverNode = bodySetterCall.getReceiver()
@@ -400,7 +400,7 @@ private module CleverGo {
400400

401401
// Holds for a call that sets a header with a key-value combination.
402402
private predicate setsHeaderDynamicKeyValue(
403-
string package, string receiverName, DataFlow::CallNode headerSetterCall,
403+
string package, string receiverName, DataFlow::MethodCallNode headerSetterCall,
404404
DataFlow::Node headerNameNode, DataFlow::Node headerValueNode, DataFlow::Node receiverNode
405405
) {
406406
exists(string methodName, Method met |
@@ -446,7 +446,7 @@ private module CleverGo {
446446

447447
// Holds for a call that sets the content-type header (implicit).
448448
private predicate setsStaticHeaderContentType(
449-
string package, string receiverName, DataFlow::CallNode setterCall, string valueString,
449+
string package, string receiverName, DataFlow::MethodCallNode setterCall, string valueString,
450450
DataFlow::Node receiverNode
451451
) {
452452
exists(string methodName, Method met |
@@ -501,8 +501,8 @@ private module CleverGo {
501501

502502
// Holds for a call that sets the content-type header via a parameter.
503503
private predicate setsDynamicHeaderContentType(
504-
string package, string receiverName, DataFlow::CallNode setterCall, DataFlow::Node valueNode,
505-
DataFlow::Node receiverNode
504+
string package, string receiverName, DataFlow::MethodCallNode setterCall,
505+
DataFlow::Node valueNode, DataFlow::Node receiverNode
506506
) {
507507
exists(string methodName, Method met |
508508
met.hasQualifiedName(package, receiverName, methodName) and

0 commit comments

Comments
 (0)