From 873f4960385a741f75256992f5d21c1dbbfadfd3 Mon Sep 17 00:00:00 2001
From: Sauyon Lee <sauyon@github.com>
Date: Fri, 8 Oct 2021 02:31:27 -0700
Subject: [PATCH] Use basicLocalFlowStep instead of .getASuccessor

This prevents non-monotonic recursion through summary post-update nodes
---
 ql/lib/semmle/go/dataflow/internal/DataFlowDispatch.qll | 6 ++++--
 ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll    | 2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/ql/lib/semmle/go/dataflow/internal/DataFlowDispatch.qll b/ql/lib/semmle/go/dataflow/internal/DataFlowDispatch.qll
index 59efe2fe3e3..4371d0221ea 100644
--- a/ql/lib/semmle/go/dataflow/internal/DataFlowDispatch.qll
+++ b/ql/lib/semmle/go/dataflow/internal/DataFlowDispatch.qll
@@ -15,7 +15,9 @@ private predicate isInterfaceCallReceiver(
 
 /** Gets a data-flow node that may flow into the receiver value of `call`, which is an interface value. */
 private DataFlow::Node getInterfaceCallReceiverSource(DataFlow::CallNode call) {
-  isInterfaceCallReceiver(call, result.getASuccessor*(), _, _)
+  exists(DataFlow::Node succ | basicLocalFlowStep*(result, succ) |
+    isInterfaceCallReceiver(call, succ, _, _)
+  )
 }
 
 /** Gets the type of `nd`, which must be a valid type and not an interface type. */
@@ -37,7 +39,7 @@ private predicate isConcreteValue(DataFlow::Node nd) {
   (
     exists(getConcreteType(nd))
     or
-    forex(DataFlow::Node pred | pred = nd.getAPredecessor() | isConcreteValue(pred))
+    forex(DataFlow::Node pred | basicLocalFlowStep(pred, nd) | isConcreteValue(pred))
   )
 }
 
diff --git a/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll b/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll
index 52cd5ebf1cb..1e0fa7e6221 100644
--- a/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll
+++ b/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll
@@ -428,7 +428,7 @@ module Public {
    */
   private DataFlow::Node getACalleeSource(DataFlow::CallNode cn) {
     result = cn.getCalleeNode() or
-    result.getASuccessor() = getACalleeSource(cn)
+    basicLocalFlowStep(result, getACalleeSource(cn))
   }
 
   /** A data flow node that represents a call. */