Add support for flow through content of global variables

smowton · smowton · commit 822f6eebfbef · 2024-06-17T16:42:23.000+01:00
diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll
@@ -102,10 +102,14 @@ private Field getASparselyUsedChannelTypedField() {
  * global or static variable.
  */
 predicate jumpStep(Node n1, Node n2) {
-  exists(ValueEntity v, Write w |
+  exists(ValueEntity v |
     not v instanceof SsaSourceVariable and
     not v instanceof Field and
-    w.writes(v, n1) and
+    (
+      any(Write w).writes(v, n1)
+      or
+      n1.(DataFlow::PostUpdateNode).getPreUpdateNode() = v.getARead()
+    ) and
     n2 = v.getARead()
   )
   or
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/GlobalVariableSideEffects/globalVariable.go b/go/ql/test/library-tests/semmle/go/dataflow/GlobalVariableSideEffects/globalVariable.go
@@ -14,13 +14,13 @@ func main() {
 	test1()
 	test2()
 	sink(globalScalar)   // $ hasValueFlow="globalScalar (from source 0)" MISSING: hasValueFlow="globalScalar (from source 10)"
-	sink(globalArray[0]) // $ MISSING: hasValueFlow="index expression (from source 1)" hasValueFlow="index expression (from source 11)"
-	sink(globalSlice[0]) // $ MISSING: hasValueFlow="index expression (from source 2)" hasValueFlow="index expression (from source 12)"
+	sink(globalArray[0]) // $ hasValueFlow="index expression (from source 1)" hasValueFlow="index expression (from source 11)"
+	sink(globalSlice[0]) // $ hasValueFlow="index expression (from source 2)" hasValueFlow="index expression (from source 12)"
 	for val := range globalMap1 {
-		sink(val) // $ MISSING: hasValueFlow="val (from source 3)" hasValueFlow="val (from source 13)"
+		sink(val) // $ hasValueFlow="val (from source 3)" hasValueFlow="val (from source 13)"
 	}
 	for _, val := range globalMap2 {
-		sink(val) // $ MISSING: hasValueFlow="val (from source 4)" hasValueFlow="val (from source 14)"
+		sink(val) // $ hasValueFlow="val (from source 4)" hasValueFlow="val (from source 14)"
 	}
 }
 
@@ -33,29 +33,29 @@ func test1() {
 }
 
 func test2() {
-	taintScalar(&globalScalar, 10)
-	taintArray(globalArray, 11)
-	taintSlice(globalSlice, 12)
-	taintMapKey(globalMap1, 13)
-	taintMapValue(globalMap2, 14)
+	taintScalar(&globalScalar)
+	taintArray(globalArray)
+	taintSlice(globalSlice)
+	taintMapKey(globalMap1)
+	taintMapValue(globalMap2)
 }
 
-func taintScalar(x *any, n int) {
-	*x = source(n)
+func taintScalar(x *any) {
+	*x = source(10)
 }
 
-func taintArray(x [1]any, n int) {
-	x[0] = source(n)
+func taintArray(x [1]any) {
+	x[0] = source(11)
 }
 
-func taintSlice(x []any, n int) {
-	x[0] = source(n)
+func taintSlice(x []any) {
+	x[0] = source(12)
 }
 
-func taintMapKey(x map[any]any, n int) {
-	x[source(n)] = ""
+func taintMapKey(x map[any]any) {
+	x[source(13)] = ""
 }
 
-func taintMapValue(x map[any]any, n int) {
-	x[""] = source(n)
+func taintMapValue(x map[any]any) {
+	x[""] = source(14)
 }
