Fix input nodes for results that are not assigned to an SSA variable.

Max Schaefer · Max Schaefer · commit 4b565811223b · 2020-09-22T09:06:16.000+01:00
diff --git a/ql/src/semmle/go/dataflow/FunctionInputsAndOutputs.qll b/ql/src/semmle/go/dataflow/FunctionInputsAndOutputs.qll
@@ -107,15 +107,20 @@ private class ResultInput extends FunctionInput, TInResult {
   }
 
   override DataFlow::Node getEntryNode(DataFlow::CallNode c) {
-    exists(DataFlow::PostUpdateNode pun, DataFlow::Node init |
-      pun = result and
-      init = pun.(DataFlow::SsaNode).getInit()
-    |
+    exists(DataFlow::Node pred |
       index = -1 and
-      init = c.getResult()
+      pred = c.getResult()
       or
       index >= 0 and
-      init = c.getResult(index)
+      pred = c.getResult(index)
+    |
+      // if the result is assigned to an SSA variable, we want to propagate mutations backwards
+      // through that variable
+      exists(DataFlow::SsaNode ssa | ssa.getInit() = pred | result = ssa.(DataFlow::PostUpdateNode))
+      or
+      // otherwise the entry node is simply the result
+      not exists(DataFlow::SsaNode ssa | ssa.getInit() = pred) and
+      result = pred
     )
   }
 
diff --git a/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionInput_getEntryNode.expected b/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionInput_getEntryNode.expected
@@ -21,5 +21,13 @@
 | receiver | reset.go:12:2:12:21 | call to Reset | reset.go:12:2:12:7 | reader |
 | receiver | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:9:10:26 | call to NewEncoder |
 | receiver | tst.go:10:2:10:29 | call to ReadFrom | tst.go:10:2:10:12 | bytesBuffer |
+| result | main.go:51:2:51:14 | call to op | main.go:51:2:51:14 | call to op |
+| result | main.go:53:2:53:22 | call to op2 | main.go:53:2:53:22 | call to op2 |
+| result | main.go:53:14:53:21 | call to bump | main.go:53:14:53:21 | call to bump |
+| result | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:10:9:10:26 | call to NewEncoder |
 | result | tst.go:9:17:9:33 | call to new | tst.go:9:2:9:12 | definition of bytesBuffer |
+| result 0 | main.go:51:2:51:14 | call to op | main.go:51:2:51:14 | call to op |
+| result 0 | main.go:53:2:53:22 | call to op2 | main.go:53:2:53:22 | call to op2 |
+| result 0 | main.go:53:14:53:21 | call to bump | main.go:53:14:53:21 | call to bump |
+| result 0 | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:10:9:10:26 | call to NewEncoder |
 | result 0 | tst.go:9:17:9:33 | call to new | tst.go:9:2:9:12 | definition of bytesBuffer |
diff --git a/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionModelStep.expected b/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionModelStep.expected
@@ -1,3 +1,4 @@
 | file://:0:0:0:0 | Encode | tst2.go:10:35:10:38 | data | tst2.go:10:9:10:26 | call to NewEncoder |
+| file://:0:0:0:0 | NewEncoder | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:9:6:9:6 | definition of w |
 | file://:0:0:0:0 | ReadFrom | tst.go:10:23:10:28 | reader | tst.go:9:2:9:12 | definition of bytesBuffer |
 | file://:0:0:0:0 | Reset | reset.go:12:15:12:20 | source | reset.go:11:6:11:11 | definition of reader |
