From 754c838cc05292e3f0b716cccdaf1c759673df9e Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Wed, 8 Dec 2021 10:42:55 -0500
Subject: [PATCH] Fix accidental cartesian product

PointerContent needs to have the PointerType specified as well
---
 ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll b/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll
index 9be6c4b8722..081228ea782 100644
--- a/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll
+++ b/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll
@@ -50,8 +50,7 @@ predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::Content c) {
     container instanceof ArrayType and
     c instanceof DataFlow::ArrayContent
     or
-    container instanceof PointerType and
-    c instanceof DataFlow::PointerContent
+    c.(DataFlow::PointerContent).getPointerType() = container
     or
     container instanceof MapType and
     c instanceof DataFlow::MapValueContent