Merge pull request #252 from gagliardetto/patch-3

taint-tracking: String() must return a string type
2026-01-29 06:12:58 +01:00 · 2020-07-08 12:01:20 +01:00
parent bc778b5899 59071732a8
commit 26eeb3c658
1 changed files with 5 additions and 1 deletions
--- a/ql/src/semmle/go/frameworks/Stdlib.qll
+++ b/ql/src/semmle/go/frameworks/Stdlib.qll
@@ -6,7 +6,11 @@ import go

 /** A `String()` method. */
 class StringMethod extends TaintTracking::FunctionModel, Method {
-  StringMethod() { getName() = "String" and getNumParameter() = 0 }
+  StringMethod() {
+    getName() = "String" and
+    getNumParameter() = 0 and
+    getResultType(0) = Builtin::string_().getType()
+  }

  override predicate hasTaintFlow(FunctionInput inp, FunctionOutput outp) {
    inp.isReceiver() and outp.isResult()