From bfbf1024087b47f91cdb21f0b3d29259b15a6d5a Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Fri, 27 Nov 2020 16:51:24 +0000
Subject: [PATCH] Remove restriction on void and boolean-returning methods

When the taint was in the receiver, we were excluding methods which
return nothing or a boolean.
---
 ql/src/semmle/go/security/ExternalAPIs.qll | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/ql/src/semmle/go/security/ExternalAPIs.qll b/ql/src/semmle/go/security/ExternalAPIs.qll
index 31a9eba3925..43c0d8a3264 100644
--- a/ql/src/semmle/go/security/ExternalAPIs.qll
+++ b/ql/src/semmle/go/security/ExternalAPIs.qll
@@ -64,13 +64,7 @@ class ExternalAPIDataNode extends DataFlow::Node {
       or
       // Receiver to a call to a method which returns non trivial value
       this = call.getReceiver() and
-      i = -1 and
-      (
-        call.getTarget().getNumResult() >= 2
-        or
-        call.getTarget().getNumResult() = 1 and
-        not call.getTarget().getResultType(0) instanceof BoolType
-      )
+      i = -1
     ) and
     // Not defined in the code that is being analysed
     not exists(call.getACallee().getBody()) and