From c006777714409119d256be5ba076cef0aa3904b4 Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Wed, 1 Oct 2025 13:06:24 +0100
Subject: [PATCH] Simplify PathAssignmentBarrier

---
 .../OpenUrlRedirectCustomizations.qll         | 19 ++++++-------------
 1 file changed, 6 insertions(+), 13 deletions(-)

diff --git a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll
index da5110a2ef5..248276ba396 100644
--- a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll
@@ -75,25 +75,18 @@ module OpenUrlRedirect {
     }
   }
 
-  bindingset[var, w]
-  pragma[inline_late]
-  private predicate useIsDominated(SsaWithFields var, Write w, DataFlow::ReadNode sanitizedRead) {
-    w.dominatesNode(sanitizedRead.asInstruction()) and
-    sanitizedRead = var.getAUse()
-  }
-
   /**
-   * An access to a variable that is preceded by an assignment to its `Path` field.
+   * An assignment of a safe value to the field `Path`, considered as a barrier for sanitizing
+   * untrusted URLs.
    *
    * This is overapproximate; this will currently remove flow through all `Url.Path` assignments
    * which contain a substring that could sanitize data.
    */
-  class PathAssignmentBarrier extends Barrier, Read {
+  class PathAssignmentBarrier extends Barrier {
     PathAssignmentBarrier() {
-      exists(Write w, SsaWithFields var |
-        hasHostnameSanitizingSubstring(w.getRhs()) and
-        w.writesFieldPreUpdate(var.getAUse(), any(Field f | f.getName() = "Path"), _) and
-        useIsDominated(var, w, this)
+      exists(Write w, DataFlow::Node rhs |
+        hasHostnameSanitizingSubstring(rhs) and
+        w.writesFieldPreUpdate(this, any(Field f | f.getName() = "Path"), rhs)
       )
     }
   }