From 5fbae15d0e3ef1bc069f54cf1e7eca48a781dadb Mon Sep 17 00:00:00 2001
From: Max Schaefer <max@semmle.com>
Date: Thu, 20 Feb 2020 14:52:01 +0000
Subject: [PATCH] Don't track receivers into virtual calls.

---
 ql/src/semmle/go/dataflow/internal/DataFlowUtil.qll | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/ql/src/semmle/go/dataflow/internal/DataFlowUtil.qll b/ql/src/semmle/go/dataflow/internal/DataFlowUtil.qll
index 8215e6d20d3..ba8edbe5561 100644
--- a/ql/src/semmle/go/dataflow/internal/DataFlowUtil.qll
+++ b/ql/src/semmle/go/dataflow/internal/DataFlowUtil.qll
@@ -430,10 +430,17 @@ class ArgumentNode extends Node {
    * Holds if this argument occurs at the given position in the given call.
    *
    * The receiver argument is considered to have index `-1`.
+   *
+   * Note that we currently do not track receiver arguments into calls to interface methods.
    */
   predicate argumentOf(CallExpr call, int pos) {
     call = c.asExpr() and
-    pos = i
+    pos = i and
+    (
+      i != -1
+      or
+      exists(c.(MethodCallNode).getTarget().getBody())
+    )
   }
 
   /**