Simplify net/http ResponseBody logic

2026-01-29 14:23:03 +01:00 · 2020-11-05 21:38:52 -08:00
parent 8a306af77b
commit a78c35b95e
1 changed files with 2 additions and 8 deletions
--- a/ql/src/semmle/go/frameworks/stdlib/NetHttp.qll
+++ b/ql/src/semmle/go/frameworks/stdlib/NetHttp.qll
@@ -145,16 +145,10 @@ module NetHttp {
        responseWriter = call.(DataFlow::MethodCallNode).getReceiver()
      )
      or
-      exists(
-        TaintTracking::FunctionModel model, FunctionOutput modelOutput, FunctionInput modelInput,
-        DataFlow::CallNode call
-      |
+      exists(TaintTracking::FunctionModel model |
        // A modelled function conveying taint from some input to the response writer,
        // e.g. `io.Copy(responseWriter, someTaintedReader)`
-        call = model.getACall() and
-        model.hasTaintFlow(modelInput, modelOutput) and
-        this = modelInput.getNode(call) and
-        responseWriter = modelOutput.getNode(call).(DataFlow::PostUpdateNode).getPreUpdateNode() and
+        model.taintStep(this, responseWriter) and
        responseWriter.getType().implements("net/http", "ResponseWriter")
      )
    }