Skip to content

Commit e9dcd69

Browse files
committed
Add readStep back to local taint flow
1 parent 3a3e053 commit e9dcd69

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -37,8 +37,7 @@ predicate localTaintStep(DataFlow::Node src, DataFlow::Node sink) {
3737
or
3838
// Treat container flow as taint for the local taint flow relation
3939
exists(DataFlow::Content c | DataFlowPrivate::containerContent(c) |
40-
// `DataFlowPrivate::readStep` has already been included in
41-
// `localAdditionalTaintStep`.
40+
DataFlowPrivate::readStep(src, c, sink) or
4241
DataFlowPrivate::storeStep(src, c, sink) or
4342
FlowSummaryImpl::Private::Steps::summaryGetterStep(src, c, sink, _) or
4443
FlowSummaryImpl::Private::Steps::summarySetterStep(src, c, sink, _)

go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
| main.go:47:20:47:21 | next key-value pair in range | main.go:47:2:50:2 | range statement[1] |
1616
| main.go:47:20:47:21 | xs | main.go:47:2:50:2 | range statement[1] |
1717
| main.go:56:8:56:11 | true | main.go:56:2:56:3 | ch |
18+
| main.go:57:4:57:5 | ch | main.go:57:2:57:5 | <-... |
1819
| strings.go:9:24:9:24 | s | strings.go:9:8:9:38 | call to Replace |
1920
| strings.go:9:32:9:34 | "_" | strings.go:9:8:9:38 | call to Replace |
2021
| strings.go:10:27:10:27 | s | strings.go:10:8:10:42 | call to ReplaceAll |

0 commit comments

Comments
 (0)