Be more specific to avoid CP

2025-12-16 16:53:25 +01:00 · 2025-11-26 14:39:58 +00:00
parent 9481fc9451
commit 6fbed9037f
1 changed files with 2 additions and 1 deletions
--- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowImplConsistency.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowImplConsistency.qll
@@ -5,6 +5,7 @@

 private import go
 private import DataFlowImplSpecific as Impl
+private import DataFlowUtil
 private import TaintTrackingImplSpecific
 private import codeql.dataflow.internal.DataFlowImplConsistency
 private import semmle.go.dataflow.internal.DataFlowNodes
@@ -17,7 +18,7 @@ private module Input implements InputSig<Location, Impl::GoDataFlow> {
  predicate uniqueNodeLocationExclude(DataFlow::Node n) { missingLocationExclude(n) }

  predicate localFlowIsLocalExclude(DataFlow::Node n1, DataFlow::Node n2) {
-    n1 instanceof DataFlow::FunctionNode and exists(n2)
+    n1 instanceof DataFlow::FunctionNode and simpleLocalFlowStep(n1, n2, _)
  }

  predicate argHasPostUpdateExclude(DataFlow::ArgumentNode n) {