Fix bug in UnsafeFieldReadSanitizer

2025-12-16 16:53:25 +01:00 · 2025-09-30 12:05:06 +01:00
parent b5fda88bd3
commit 5b07e8c9c4
1 changed files with 1 additions and 1 deletions
--- a/go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll
@@ -49,7 +49,7 @@ module SafeUrlFlow {
    UnsafeFieldReadSanitizer() {
      exists(DataFlow::FieldReadNode frn, string name |
        name = ["Fragment", "RawQuery", "User"] and
-        frn.getField().hasQualifiedName("net/url", "URL")
+        frn.getField().hasQualifiedName("net/url", "URL", name)
      |
        this = frn.getBase()
      )