From 9ea8b34e47a4f78df0dfeaae07572157a2197464 Mon Sep 17 00:00:00 2001
From: Chris Smowton <smowton@github.com>
Date: Fri, 16 Apr 2021 15:19:06 +0100
Subject: [PATCH] HTTP ResponseBody: support HeaderWrites with hard-coded
 header values.

---
 ql/src/semmle/go/concepts/HTTP.qll | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/ql/src/semmle/go/concepts/HTTP.qll b/ql/src/semmle/go/concepts/HTTP.qll
index 6763b6e29cb..3624060ffbd 100644
--- a/ql/src/semmle/go/concepts/HTTP.qll
+++ b/ql/src/semmle/go/concepts/HTTP.qll
@@ -190,7 +190,14 @@ module HTTP {
       abstract ResponseWriter getResponseWriter();
 
       /** Gets a content-type associated with this body. */
-      string getAContentType() { result = getAContentTypeNode().getStringValue() }
+      string getAContentType() {
+        exists(HTTP::HeaderWrite hw | hw = getResponseWriter().getAHeaderWrite() |
+          hw.getHeaderName() = "content-type" and
+          result = hw.getHeaderValue()
+        )
+        or
+        result = getAContentTypeNode().getStringValue()
+      }
 
       /** Gets a dataflow node for a content-type associated with this body. */
       DataFlow::Node getAContentTypeNode() {