diff --git a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll index 35887d076c03..67f18f6ed3f1 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll @@ -377,7 +377,8 @@ module SourceSinkInterpretationInput implements or n2.asExpr() = n.asInstruction().(IR::EvalImplicitDerefInstruction).getOperand() | - result = lookThroughPointerType(skipImplicitFieldReads(n2).getType()) + result = + maybeLookThroughNamedType(lookThroughPointerType(skipImplicitFieldReads(n2).getType())) ) } @@ -395,6 +396,12 @@ module SourceSinkInterpretationInput implements .getBaseInstruction() } + private DefinedType maybeLookThroughNamedType(DefinedType t) { + // We do not have information on what a defined type is defined to be, only + // the underlying type, so we have to be a bit imprecise. + result.getBaseType() = t.getBaseType() + } + /** Provides additional sink specification logic. */ bindingset[c] predicate interpretOutput(string c, InterpretNode mid, InterpretNode node) { diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/test_fields.go b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/test_fields.go index e58d937fae3c..b95e5c6acd6e 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/test_fields.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/test_fields.go @@ -83,3 +83,13 @@ func TestFieldsSEmbedS1AndSEmbedS1(t test.SEmbedS1AndSEmbedS1) { a := t.SourceField t.SinkField = a // $ S1[t] ql_S1 } + +func TestFieldsRedefinedP1(t test.RedefinedP1) { + a := t.SourceField + t.SinkField = a // $ P1[f] P1[t] ql_P1 +} + +func TestFieldsRedefinedS1(t test.RedefinedS1) { + a := t.SourceField + t.SinkField = a // $ S1[f] S1[t] ql_S1 +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/test_methods.go b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/test_methods.go index 8d4c592e0cd1..f57f62da7833 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/test_methods.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/test_methods.go @@ -171,3 +171,9 @@ func TestMethodsSEmbedS1AndSEmbedS1(t test.SEmbedS1AndSEmbedS1) { y := t.Step(x) t.Sink(y) // $ I1[t] S1[t] ql_S1 } + +func TestMethodsRedefinedI1(t test.RedefinedI1) { + x := t.Source() + y := t.Step(x) + t.Sink(y) // $ I1[f] I1[t] ql_I1 SPURIOUS: ql_P1 ql_S1 +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/vendor/github.com/nonexistent/test/stub.go b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/vendor/github.com/nonexistent/test/stub.go index 663bb5fedde0..93d1536d0f32 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/vendor/github.com/nonexistent/test/stub.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/vendor/github.com/nonexistent/test/stub.go @@ -265,3 +265,7 @@ type SEmbedS1AndSEmbedS1 struct { SEmbedS1 UniqueFieldSEmbedS1AndSEmbedS1 int // this only exists to make this struct type different from other struct types } + +type RedefinedP1 P1 +type RedefinedS1 S1 +type RedefinedI1 I1