From d9faee1609f9699f5ad7c2417db651ed85b263cb Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Wed, 14 Jun 2023 14:22:39 +0100
Subject: [PATCH] add "Dereference" content for PointerContent

---
 go/ql/lib/semmle/go/dataflow/ExternalFlow.qll                 | 2 ++
 .../semmle/go/dataflow/ExternalFlow/completetest.ext.yml      | 4 ++--
 .../library-tests/semmle/go/dataflow/ExternalFlow/test.go     | 4 ++--
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll b/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll
index 0c6ee1c313474..f04ce00579496 100644
--- a/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll
+++ b/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll
@@ -342,6 +342,8 @@ predicate parseContent(string component, DataFlow::Content content) {
   component = "MapKey" and content instanceof DataFlow::MapKeyContent
   or
   component = "MapValue" and content instanceof DataFlow::MapValueContent
+  or
+  component = "Dereference" and content instanceof DataFlow::PointerContent
 }
 
 cached
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/completetest.ext.yml b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/completetest.ext.yml
index 4ec8602daafef..47e51e573f015 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/completetest.ext.yml
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/completetest.ext.yml
@@ -22,9 +22,9 @@ extensions:
       - ["github.com/nonexistent/test", "", False, "GetMapKey", "", "", "Argument[0].MapKey", "ReturnValue", "value", "manual"]
       - ["github.com/nonexistent/test", "", False, "SetElement", "", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]
       - ["github.com/nonexistent/test", "C", False, "Get", "", "", "Argument[-1].Field[github.com/nonexistent/test.C.F]", "ReturnValue", "value", "manual"]
-      - ["github.com/nonexistent/test", "C", False, "GetThroughPointer", "", "", "Argument[-1].Field[github.com/nonexistent/test.C.F]", "ReturnValue", "value", "manual"]
+      - ["github.com/nonexistent/test", "C", False, "GetThroughPointer", "", "", "Argument[-1].Dereference.Field[github.com/nonexistent/test.C.F]", "ReturnValue", "value", "manual"]
       - ["github.com/nonexistent/test", "C", False, "Set", "", "", "Argument[0]", "Argument[-1].Field[github.com/nonexistent/test.C.F]", "value", "manual"]
-      - ["github.com/nonexistent/test", "C", False, "SetThroughPointer", "", "", "Argument[0]", "Argument[-1].Field[github.com/nonexistent/test.C.F]", "value", "manual"]
+      - ["github.com/nonexistent/test", "C", False, "SetThroughPointer", "", "", "Argument[0]", "Argument[-1].Dereference.Field[github.com/nonexistent/test.C.F]", "value", "manual"]
 
   - addsTo:
       pack: codeql/go-all
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/test.go b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/test.go
index 0d92787b65c80..35da086a8886e 100644
--- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/test.go
+++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/test.go
@@ -143,10 +143,10 @@ func simpleflow() {
 
 	cp1 := &test.C{""}
 	cp1.SetThroughPointer(a.Src1().(string))
-	b.Sink1(cp1.F) // $ MISSING: hasTaintFlow="selection of F"
+	b.Sink1(cp1.F) // $ hasTaintFlow="selection of F"
 
 	cp2 := &test.C{a.Src1().(string)}
-	b.Sink1(cp2.GetThroughPointer()) // $ MISSING: hasTaintFlow="call to GetThroughPointer"
+	b.Sink1(cp2.GetThroughPointer()) // $ hasTaintFlow="call to GetThroughPointer"
 
 	cp3 := &test.C{""}
 	cp3.SetThroughPointer(a.Src1().(string))