stash

Author: am0o0

go/ql/src/experimental/frameworks/DecompressionBombs.qll

@@ -605,19 +605,31 @@ module DecompressionBombs {
         none()
       }
     }
+
+    class TheSink extends Sink {
+      TheSink() {
+        exists(Method m |
+          m.hasQualifiedName("github.com/klauspost/compress/s2", "Reader",
+            ["DecodeConcurrent", "ReadByte", "Read"])
+        |
+          this = m.getACall().getReceiver()
+        )
+      }
+    }
   }
 
   /**
    * Provides Decompression Sinks and additional taint steps for `github.com/klauspost/compress/s2` package
    */
   module KlauspostS2 {
-    class TheSink extends Sink {
+    class TheSink extends DataFlow::Node {
       TheSink() {
         exists(Method m |
-          m.hasQualifiedName("github.com/klauspost/compress/s2", "Reader",
-            ["DecodeConcurrent", "ReadByte", "Read"])
+          m.getType()
+              .getUnderlyingType()
+              .hasQualifiedName("github.com/klauspost/compress/s2", "Reader")
         |
-          this = m.getACall().getReceiver()
+          this = m.getACall()
         )
       }
     }