Cast to MethodCallNode before calling getReceiver()

This is not required, because getReceiver is still defined on CallNode, but is done for consistency.
2025-12-17 01:03:14 +01:00 · 2023-07-19 10:36:36 +01:00
parent de8794e9ba
commit a3ba74a6a6
12 changed files with 31 additions and 28 deletions
--- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowDispatch.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowDispatch.qll
@@ -8,7 +8,7 @@ private import DataFlowPrivate
 private predicate isInterfaceCallReceiver(
  DataFlow::CallNode call, DataFlow::Node recv, InterfaceType tp, string m
 ) {
-  call.getReceiver() = recv and
+  call.(DataFlow::MethodCallNode).getReceiver() = recv and
  recv.getType().getUnderlyingType() = tp and
  m = call.getACalleeIncludingExternals().asFunction().getName()
 }
--- a/go/ql/lib/semmle/go/frameworks/Gqlgen.qll
+++ b/go/ql/lib/semmle/go/frameworks/Gqlgen.qll
@@ -7,7 +7,7 @@ module Gqlgen {
  /** An autogenerated file containing gqlgen code. */
  private class GqlgenGeneratedFile extends File {
    GqlgenGeneratedFile() {
-      exists(DataFlow::CallNode call |
+      exists(DataFlow::MethodCallNode call |
        call.getReceiver().getType().hasQualifiedName("github.com/99designs/gqlgen/graphql", _) and
        call.getFile() = this
      )
--- a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
+++ b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
@@ -131,7 +131,7 @@ module NetHttp {
    )
    or
    stack = SummaryComponentStack::argument(-1) and
-    result = call.getReceiver()
+    result = call.(DataFlow::MethodCallNode).getReceiver()
  }

  private class ResponseBody extends Http::ResponseBody::Range {
--- a/go/ql/lib/semmle/go/security/ExternalAPIs.qll
+++ b/go/ql/lib/semmle/go/security/ExternalAPIs.qll
@@ -86,7 +86,7 @@ class ExternalApiDataNode extends DataFlow::Node {
      this = call.getArgument(i)
      or
      // Receiver to a call to a method which returns non trivial value
-      this = call.getReceiver() and
+      this = call.(DataFlow::MethodCallNode).getReceiver() and
      i = -1
    ) and
    // Not defined in the code that is being analyzed
--- a/go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll
@@ -33,7 +33,9 @@ module SafeUrlFlow {

  /** A function model step using `UnsafeUrlMethod`, considered as a sanitizer for safe URL flow. */
  private class UnsafeUrlMethodEdge extends SanitizerEdge {
-    UnsafeUrlMethodEdge() { this = any(UnsafeUrlMethod um).getACall().getReceiver() }
+    UnsafeUrlMethodEdge() {
+      this = any(UnsafeUrlMethod um).getACall().(DataFlow::MethodCallNode).getReceiver()
+    }
  }

  /** Any slicing of the URL, considered as a sanitizer for safe URL flow. */
--- a/go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql
+++ b/go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql
@@ -90,7 +90,7 @@ predicate isWritableFileHandle(DataFlow::Node source, DataFlow::CallNode call) {
 /**
 * Holds if `os.File.Close` is called on `sink`.
 */
-predicate isCloseSink(DataFlow::Node sink, DataFlow::CallNode closeCall) {
+predicate isCloseSink(DataFlow::Node sink, DataFlow::MethodCallNode closeCall) {
  // find calls to the os.File.Close function
  closeCall = any(CloseFileFun f).getACall() and
  // that are unhandled
@@ -115,7 +115,7 @@ predicate isCloseSink(DataFlow::Node sink, DataFlow::CallNode closeCall) {
 * Holds if `os.File.Sync` is called on `sink` and the result of the call is neither
 * deferred nor discarded.
 */
-predicate isHandledSync(DataFlow::Node sink, DataFlow::CallNode syncCall) {
+predicate isHandledSync(DataFlow::Node sink, DataFlow::MethodCallNode syncCall) {
  // find a call of the `os.File.Sync` function
  syncCall = any(SyncFileFun f).getACall() and
  // match the sink with the object on which the method is called
--- a/go/ql/src/Security/CWE-352/ConstantOauth2State.ql
+++ b/go/ql/src/Security/CWE-352/ConstantOauth2State.ql
@@ -113,7 +113,7 @@ class PrivateUrlFlowsToAuthCodeUrlCall extends DataFlow::Configuration {
    )
  }

-  predicate isSinkCall(DataFlow::Node sink, DataFlow::CallNode call) {
+  predicate isSinkCall(DataFlow::Node sink, DataFlow::MethodCallNode call) {
    exists(AuthCodeUrl m | call = m.getACall() | sink = call.getReceiver())
  }

--- a/go/ql/src/experimental/CWE-1004/AuthCookie.qll
+++ b/go/ql/src/experimental/CWE-1004/AuthCookie.qll
@@ -189,11 +189,11 @@ class GorillaCookieStoreSaveTrackingConfiguration extends DataFlow::Configuratio
  }

  override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-    exists(DataFlow::MethodCallNode cn |
-      cn.getTarget()
+    exists(DataFlow::MethodCallNode mcn |
+      mcn.getTarget()
          .hasQualifiedName(package("github.com/gorilla/sessions", ""), "CookieStore", "Get") and
-      pred = cn.getReceiver() and
-      succ = cn.getResult(0)
+      pred = mcn.getReceiver() and
+      succ = mcn.getResult(0)
    )
  }
 }
--- a/go/ql/src/experimental/CWE-285/PamAuthBypass.ql
+++ b/go/ql/src/experimental/CWE-285/PamAuthBypass.ql
@@ -41,7 +41,7 @@ class PamStartToAcctMgmtConfig extends TaintTracking::Configuration {
  }

  override predicate isSink(DataFlow::Node sink) {
-    exists(PamAcctMgmt p | p.getACall().getReceiver() = sink)
+    exists(PamAcctMgmt p | p.getACall().(DataFlow::MethodCallNode).getReceiver() = sink)
  }
 }

@@ -53,7 +53,7 @@ class PamStartToAuthenticateConfig extends TaintTracking::Configuration {
  }

  override predicate isSink(DataFlow::Node sink) {
-    exists(PamAuthenticate p | p.getACall().getReceiver() = sink)
+    exists(PamAuthenticate p | p.getACall().(DataFlow::MethodCallNode).getReceiver() = sink)
  }
 }

--- a/go/ql/src/experimental/frameworks/CleverGo.qll
+++ b/go/ql/src/experimental/frameworks/CleverGo.qll
@@ -174,7 +174,7 @@ private module CleverGo {
  /**
   * Models HTTP redirects.
   */
-  private class HttpRedirect extends Http::Redirect::Range, DataFlow::CallNode {
+  private class HttpRedirect extends Http::Redirect::Range, DataFlow::MethodCallNode {
    DataFlow::Node urlNode;

    HttpRedirect() {
@@ -211,7 +211,7 @@ private module CleverGo {
    string package, string receiverName, DataFlow::Node bodyNode, string contentTypeString,
    DataFlow::Node receiverNode
  ) {
-    exists(string methodName, Method met, DataFlow::CallNode bodySetterCall |
+    exists(string methodName, Method met, DataFlow::MethodCallNode bodySetterCall |
      met.hasQualifiedName(package, receiverName, methodName) and
      bodySetterCall = met.getACall() and
      receiverNode = bodySetterCall.getReceiver()
@@ -317,7 +317,7 @@ private module CleverGo {
    string package, string receiverName, DataFlow::Node bodyNode, DataFlow::Node contentTypeNode,
    DataFlow::Node receiverNode
  ) {
-    exists(string methodName, Method met, DataFlow::CallNode bodySetterCall |
+    exists(string methodName, Method met, DataFlow::MethodCallNode bodySetterCall |
      met.hasQualifiedName(package, receiverName, methodName) and
      bodySetterCall = met.getACall() and
      receiverNode = bodySetterCall.getReceiver()
@@ -356,7 +356,7 @@ private module CleverGo {
  private predicate setsBody(
    string package, string receiverName, DataFlow::Node receiverNode, DataFlow::Node bodyNode
  ) {
-    exists(string methodName, Method met, DataFlow::CallNode bodySetterCall |
+    exists(string methodName, Method met, DataFlow::MethodCallNode bodySetterCall |
      met.hasQualifiedName(package, receiverName, methodName) and
      bodySetterCall = met.getACall() and
      receiverNode = bodySetterCall.getReceiver()
@@ -400,7 +400,7 @@ private module CleverGo {

  // Holds for a call that sets a header with a key-value combination.
  private predicate setsHeaderDynamicKeyValue(
-    string package, string receiverName, DataFlow::CallNode headerSetterCall,
+    string package, string receiverName, DataFlow::MethodCallNode headerSetterCall,
    DataFlow::Node headerNameNode, DataFlow::Node headerValueNode, DataFlow::Node receiverNode
  ) {
    exists(string methodName, Method met |
@@ -446,7 +446,7 @@ private module CleverGo {

  // Holds for a call that sets the content-type header (implicit).
  private predicate setsStaticHeaderContentType(
-    string package, string receiverName, DataFlow::CallNode setterCall, string valueString,
+    string package, string receiverName, DataFlow::MethodCallNode setterCall, string valueString,
    DataFlow::Node receiverNode
  ) {
    exists(string methodName, Method met |
@@ -501,8 +501,8 @@ private module CleverGo {

  // Holds for a call that sets the content-type header via a parameter.
  private predicate setsDynamicHeaderContentType(
-    string package, string receiverName, DataFlow::CallNode setterCall, DataFlow::Node valueNode,
-    DataFlow::Node receiverNode
+    string package, string receiverName, DataFlow::MethodCallNode setterCall,
+    DataFlow::Node valueNode, DataFlow::Node receiverNode
  ) {
    exists(string methodName, Method met |
      met.hasQualifiedName(package, receiverName, methodName) and
--- a/go/ql/src/experimental/frameworks/Fiber.qll
+++ b/go/ql/src/experimental/frameworks/Fiber.qll
@@ -129,7 +129,7 @@ private module Fiber {
  /**
   * Models HTTP redirects.
   */
-  private class Redirect extends Http::Redirect::Range, DataFlow::CallNode {
+  private class Redirect extends Http::Redirect::Range, DataFlow::MethodCallNode {
    DataFlow::Node urlNode;

    Redirect() {
@@ -167,7 +167,7 @@ private module Fiber {

  // Holds for a call that sets a header with a key-value combination.
  private predicate setsHeaderDynamicKeyValue(
-    string package, string receiverName, DataFlow::CallNode headerSetterCall,
+    string package, string receiverName, DataFlow::MethodCallNode headerSetterCall,
    DataFlow::Node headerNameNode, DataFlow::Node headerValueNode, DataFlow::Node receiverNode
  ) {
    exists(string methodName, Method met |
@@ -215,7 +215,7 @@ private module Fiber {
    string package, string receiverName, DataFlow::Node bodyNode, string contentTypeString,
    DataFlow::Node receiverNode
  ) {
-    exists(string methodName, Method met, DataFlow::CallNode bodySetterCall |
+    exists(string methodName, Method met, DataFlow::MethodCallNode bodySetterCall |
      met.hasQualifiedName(package, receiverName, methodName) and
      bodySetterCall = met.getACall() and
      receiverNode = bodySetterCall.getReceiver()
@@ -254,7 +254,7 @@ private module Fiber {
  private predicate setsBody(
    string package, string receiverName, DataFlow::Node receiverNode, DataFlow::Node bodyNode
  ) {
-    exists(string methodName, Method met, DataFlow::CallNode bodySetterCall |
+    exists(string methodName, Method met, DataFlow::MethodCallNode bodySetterCall |
      met.hasQualifiedName(package, receiverName, methodName) and
      bodySetterCall = met.getACall() and
      receiverNode = bodySetterCall.getReceiver()
--- a/go/ql/test/library-tests/semmle/go/frameworks/Yaml/tests.ql
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Yaml/tests.ql
@@ -13,9 +13,10 @@ DataFlow::CallNode getAYamlCall() {

 predicate isSourceSinkPair(DataFlow::Node inNode, DataFlow::Node outNode) {
  exists(DataFlow::CallNode cn | cn = getAYamlCall() |
-    inNode = [cn.getAnArgument(), cn.getReceiver()] and
+    inNode = [cn.getAnArgument(), cn.(DataFlow::MethodCallNode).getReceiver()] and
    (
-      outNode.(DataFlow::PostUpdateNode).getPreUpdateNode() = [cn.getAnArgument(), cn.getReceiver()]
+      outNode.(DataFlow::PostUpdateNode).getPreUpdateNode() =
+        [cn.getAnArgument(), cn.(DataFlow::MethodCallNode).getReceiver()]
      or
      outNode = cn.getAResult()
    )