diff --git a/ql/lib/semmle/go/security/InsecureRandomnessCustomizations.qll b/ql/lib/semmle/go/security/InsecureRandomnessCustomizations.qll index db8ff731fbc..e3185b5f3dd 100644 --- a/ql/lib/semmle/go/security/InsecureRandomnessCustomizations.qll +++ b/ql/lib/semmle/go/security/InsecureRandomnessCustomizations.qll @@ -72,11 +72,9 @@ module InsecureRandomness { */ class PasswordFnSink extends Sink { PasswordFnSink() { - exists(FuncDecl passwordFn | - passwordFn.getName().regexpMatch("(?i).*(gen(erate)?|salt|make|mk)Password.*") - | - this.getEnclosingCallable() = passwordFn - ) + this.getEnclosingCallable() + .getName() + .regexpMatch("(?i).*(gen(erate)?|salt|make|mk)Password.*") } override string getKind() { result = "a password-related function" } diff --git a/ql/src/InconsistentCode/MissingErrorCheck.ql b/ql/src/InconsistentCode/MissingErrorCheck.ql index 604d4c7f8a9..97cdc8cdcce 100644 --- a/ql/src/InconsistentCode/MissingErrorCheck.ql +++ b/ql/src/InconsistentCode/MissingErrorCheck.ql @@ -26,9 +26,9 @@ predicate isNil(DataFlow::Node node) { node = Builtin::nil().getARead() } * `nil` for the pointer return value at some return site. */ predicate calleeMayReturnNilWithError(DataFlow::CallNode call) { - not exists(call.getACallee()) + not exists(call.getACallee().getFuncDef()) or - exists(FuncDef callee | callee = call.getACallee() | + exists(FuncDef callee | callee = call.getACallee().getFuncDef() | not exists(callee.getBody()) or exists(IR::ReturnInstruction ret, DataFlow::Node ptrReturn, DataFlow::Node errReturn | diff --git a/ql/src/RedundantCode/RedundantRecover.ql b/ql/src/RedundantCode/RedundantRecover.ql index 7e509bc4862..e34ad4dda69 100644 --- a/ql/src/RedundantCode/RedundantRecover.ql +++ b/ql/src/RedundantCode/RedundantRecover.ql @@ -20,7 +20,7 @@ predicate isDeferred(DataFlow::CallNode call) { from DataFlow::CallNode recoverCall, FuncDef f, string msg where recoverCall.getTarget() = Builtin::recover() and - f = recoverCall.getEnclosingCallable() and + f = recoverCall.getEnclosingCallable().getFuncDef() and ( isDeferred(recoverCall) and msg = "Deferred calls to 'recover' have no effect." diff --git a/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql b/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql index f27ca8b9042..3309ce1e5c4 100644 --- a/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql +++ b/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql @@ -31,7 +31,7 @@ class HostKeyCallbackFunc extends DataFlow::Node { ( this instanceof DataFlow::FunctionNode or - exists(DataFlow::CallNode call | not exists(call.getACallee().getBody()) | + exists(DataFlow::CallNode call | not exists(call.getACallee().getFuncDef().getBody()) | this = call.getAResult() ) ) diff --git a/ql/src/Security/CWE-601/BadRedirectCheck.ql b/ql/src/Security/CWE-601/BadRedirectCheck.ql index a35d78519bb..22cfcbe96db 100644 --- a/ql/src/Security/CWE-601/BadRedirectCheck.ql +++ b/ql/src/Security/CWE-601/BadRedirectCheck.ql @@ -54,7 +54,9 @@ predicate isCleaned(DataFlow::Node nd) { isCleaned(nd.getAPredecessor()) or exists(FuncDef f, FunctionInput inp | nd = inp.getExitNode(f) | - forex(DataFlow::CallNode call | call.getACallee() = f | isCleaned(inp.getEntryNode(call))) + forex(DataFlow::CallNode call | call.getACallee().getFuncDef() = f | + isCleaned(inp.getEntryNode(call)) + ) ) } @@ -87,7 +89,9 @@ predicate urlPath(DataFlow::Node nd) { urlPath(nd.getAPredecessor()) or exists(FuncDef f, FunctionInput inp | nd = inp.getExitNode(f) | - forex(DataFlow::CallNode call | call.getACallee() = f | urlPath(inp.getEntryNode(call))) + forex(DataFlow::CallNode call | call.getACallee().getFuncDef() = f | + urlPath(inp.getEntryNode(call)) + ) ) } diff --git a/ql/test/library-tests/semmle/go/dataflow/CallGraph/getACall.ql b/ql/test/library-tests/semmle/go/dataflow/CallGraph/getACall.ql index 82e50120d5e..b509a2e839f 100644 --- a/ql/test/library-tests/semmle/go/dataflow/CallGraph/getACall.ql +++ b/ql/test/library-tests/semmle/go/dataflow/CallGraph/getACall.ql @@ -1,11 +1,11 @@ import go query predicate missingCall(DeclaredFunction f, DataFlow::CallNode call) { - call.getACallee() = f.getFuncDecl() and + call.getACallee().asFunction() = f and not call = f.getACall() } query predicate spuriousCall(DeclaredFunction f, DataFlow::CallNode call) { call = f.getACall() and - exists(FuncDecl fd | fd = f.getFuncDecl() | not call.getACallee() = fd) + not call.getACallee().asFunction() = f } diff --git a/ql/test/library-tests/semmle/go/dataflow/CallGraph/getACallee.ql b/ql/test/library-tests/semmle/go/dataflow/CallGraph/getACallee.ql index 99e85587d55..5399c0cfebc 100644 --- a/ql/test/library-tests/semmle/go/dataflow/CallGraph/getACallee.ql +++ b/ql/test/library-tests/semmle/go/dataflow/CallGraph/getACallee.ql @@ -16,10 +16,10 @@ string metadata(Locatable l, string key) { query predicate missingCallee(DataFlow::CallNode call, FuncDef callee) { metadata(call.asExpr(), "callee") = metadata(callee, "name") and - not call.getACallee() = callee + not call.getACallee().getFuncDef() = callee } query predicate spuriousCallee(DataFlow::CallNode call, FuncDef callee) { - call.getACallee() = callee and + call.getACallee().getFuncDef() = callee and not metadata(call.asExpr(), "callee") = metadata(callee, "name") } diff --git a/ql/test/library-tests/semmle/go/dataflow/CallGraph/viableCallee.ql b/ql/test/library-tests/semmle/go/dataflow/CallGraph/viableCallee.ql index 132cbf36e4e..e258145d2d1 100644 --- a/ql/test/library-tests/semmle/go/dataflow/CallGraph/viableCallee.ql +++ b/ql/test/library-tests/semmle/go/dataflow/CallGraph/viableCallee.ql @@ -17,10 +17,10 @@ string metadata(Locatable l, string key) { query predicate missingCallee(DataFlow::CallNode call, FuncDef callee) { metadata(call.asExpr(), "callee") = metadata(callee, "name") and - not viableCallable(call.asExpr()) = callee + not viableCallable(call.asExpr()).getFuncDef() = callee } query predicate spuriousCallee(DataFlow::CallNode call, FuncDef callee) { - viableCallable(call.asExpr()) = callee and + viableCallable(call.asExpr()).getFuncDef() = callee and not metadata(call.asExpr(), "callee") = metadata(callee, "name") }