From 78239accd5dd79ea0341d8691710b4dfa7c7983a Mon Sep 17 00:00:00 2001
From: Sauyon Lee <sauyon@github.com>
Date: Thu, 5 Mar 2020 02:52:13 -0800
Subject: [PATCH] Dependencies: Make getAnImport() more precise

In particular, ensure that the go file importing the dependency is under
the directory of the file where the dependency is declared.

Co-authored-by: Max Schaefer <max-schaefer@github.com>
---
 ql/src/semmle/go/dependencies/Dependencies.qll | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ql/src/semmle/go/dependencies/Dependencies.qll b/ql/src/semmle/go/dependencies/Dependencies.qll
index ad09b62e0e5..5b1afa6cda6 100644
--- a/ql/src/semmle/go/dependencies/Dependencies.qll
+++ b/ql/src/semmle/go/dependencies/Dependencies.qll
@@ -26,7 +26,12 @@ abstract class Dependency extends Locatable {
   /**
    * An import of this dependency.
    */
-  ImportSpec getAnImport() { result.getPath() = this.getDepPath() }
+  ImportSpec getAnImport() {
+    result.getPath() = this.getDepPath() and
+    exists(Folder parent | parent.getAFile() = this.getFile() |
+      parent.getAFolder*().getAFile() = result.getFile()
+    )
+  }
 }
 
 /**