From 932840b0a39e8374ba034b0791afc11ef50b7006 Mon Sep 17 00:00:00 2001
From: Sauyon Lee <sauyon@github.com>
Date: Fri, 20 Mar 2020 04:22:28 -0700
Subject: [PATCH] Address review comments.

---
 ql/src/semmle/go/security/OpenUrlRedirect.qll | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ql/src/semmle/go/security/OpenUrlRedirect.qll b/ql/src/semmle/go/security/OpenUrlRedirect.qll
index e353f60ab2f..5bff76793d2 100644
--- a/ql/src/semmle/go/security/OpenUrlRedirect.qll
+++ b/ql/src/semmle/go/security/OpenUrlRedirect.qll
@@ -82,17 +82,17 @@ module OpenUrlRedirect {
         (frn.getFieldName() = "Host" or frn.getFieldName() = "Path")
       )
       or
-      exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Path") |
+      // propagate to a URL when its host is assigned to
+      exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") |
         w.writesField(v.getAUse(), f, pred) and succ = v.getAUse()
       )
     }
 
     override predicate isBarrierOut(DataFlow::Node node) {
-      exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Path") |
+      // block propagation of this safe value when its host is overwritten
+      exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") |
         w.writesField(node.getASuccessor(), f, _)
       )
     }
-
-    override int explorationLimit() { result = 30 }
   }
 }