Remove restriction on void and boolean-returning methods

When the taint was in the receiver, we were excluding methods which return nothing or a boolean.
2026-01-30 06:42:57 +01:00 · 2020-11-27 16:51:24 +00:00
parent 7730d66d76
commit bfbf102408
1 changed files with 1 additions and 7 deletions
--- a/ql/src/semmle/go/security/ExternalAPIs.qll
+++ b/ql/src/semmle/go/security/ExternalAPIs.qll
@@ -64,13 +64,7 @@ class ExternalAPIDataNode extends DataFlow::Node {
      or
      // Receiver to a call to a method which returns non trivial value
      this = call.getReceiver() and
-      i = -1 and
-      (
-        call.getTarget().getNumResult() >= 2
-        or
-        call.getTarget().getNumResult() = 1 and
-        not call.getTarget().getResultType(0) instanceof BoolType
-      )
+      i = -1
    ) and
    // Not defined in the code that is being analysed
    not exists(call.getACallee().getBody()) and