From d704b753c8fdd36d2efa180dfdef8fb37d44012b Mon Sep 17 00:00:00 2001
From: Tom Hvitved <hvitved@github.com>
Date: Thu, 9 Apr 2026 09:18:08 +0200
Subject: [PATCH] Fix CP in `typeFlowParamType`

Forgot to link `p` with `c` using `nodeEnclosingCallable(p, c)`.
---
 .../codeql/dataflow/internal/DataFlowImplCommon.qll  | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll
index b2d4d13b07d..962a58c26f9 100644
--- a/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll
+++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll
@@ -2115,11 +2115,13 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {
      * context.
      */
     private predicate typeFlowParamType(ParamNode p, Type t, boolean cc) {
-      exists(Callable c |
-        Input::dataFlowNonCallEntry(c, cc) and
-        if cc = true and exists(getSourceContextParameterNodeType(p))
-        then t = getSourceContextParameterNodeType(p)
-        else trackedParamWithType(p, t, c)
+      exists(Callable c | Input::dataFlowNonCallEntry(c, cc) |
+        cc = true and
+        nodeEnclosingCallable(p, c) and
+        t = getSourceContextParameterNodeType(p)
+        or
+        (cc = false or not exists(getSourceContextParameterNodeType(p))) and
+        trackedParamWithType(p, t, c)
       )
       or
       exists(Type t1, Type t2 |