From 71d52500f789768287609b3242432458da93a229 Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Mon, 25 Jan 2021 15:02:01 +0000
Subject: [PATCH] Make PathContainmentCheck more specific

Recent changes to Property.checkOn mean that in the code
  err == nil && <unrelated-condition>
PathContainmentCheck matches the first condition and the whole &&
expression. Originally it would have only matched the first condition,
and this commit restores that behaviour. This pattern appears 3 times in
the tests, which all still pass.
---
 ql/src/semmle/go/security/TaintedPathCustomizations.qll | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ql/src/semmle/go/security/TaintedPathCustomizations.qll b/ql/src/semmle/go/security/TaintedPathCustomizations.qll
index 8430b6b0153..a05775479fa 100644
--- a/ql/src/semmle/go/security/TaintedPathCustomizations.qll
+++ b/ql/src/semmle/go/security/TaintedPathCustomizations.qll
@@ -85,7 +85,7 @@ module TaintedPath {
    * }
    * ```
    */
-  class PathContainmentCheck extends SanitizerGuard {
+  class PathContainmentCheck extends SanitizerGuard, DataFlow::EqualityTestNode {
     DataFlow::Node path;
     boolean outcome;