From 3b39f5c2e1cacfdbff9adb07870e782c814169ec Mon Sep 17 00:00:00 2001
From: Sauyon Lee <sauyon@github.com>
Date: Thu, 7 Nov 2019 12:32:11 -0800
Subject: [PATCH] OpenUrlRedirect: Use the regexp library for RegexpCheck

---
 .../go/security/OpenUrlRedirectCustomizations.qll    | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/ql/src/semmle/go/security/OpenUrlRedirectCustomizations.qll b/ql/src/semmle/go/security/OpenUrlRedirectCustomizations.qll
index 5eb463f152c..96c0567053a 100644
--- a/ql/src/semmle/go/security/OpenUrlRedirectCustomizations.qll
+++ b/ql/src/semmle/go/security/OpenUrlRedirectCustomizations.qll
@@ -93,20 +93,16 @@ module OpenUrlRedirect {
    * This is overapproximate: we do not attempt to reason about the correctness of the regexp.
    */
   class RegexpCheck extends BarrierGuard {
+    RegexpMatchFunction matchfn;
     DataFlow::CallNode call;
 
     RegexpCheck() {
-      exists(string fn | fn.matches("Match%") |
-        call.getTarget().hasQualifiedName("regexp", fn) and
-        this = DataFlow::extractTupleElement(call, 0).getASuccessor*()
-        or
-        call.getTarget().(Method).hasQualifiedName("regexp", "Regexp", fn) and
-        this = call.getASuccessor*()
-      )
+      matchfn.getACall() = call and
+      this = matchfn.getResult().getNode(call).getASuccessor*()
     }
 
     override predicate checks(Expr e, boolean branch) {
-      e = call.getAnArgument().asExpr() and
+      e = matchfn.getValue().getNode(call).asExpr() and
       (branch = false or branch = true)
     }
   }