Different approach to avoiding getTarget()

Author: owen-mc

go/ql/lib/semmle/go/dataflow/internal/DataFlowDispatch.qll

@@ -134,6 +134,10 @@ class ArgumentPosition extends int {
 pragma[inline]
 predicate parameterMatch(ParameterPosition ppos, ArgumentPosition apos) { ppos = apos }
 
+private predicate isInterfaceMethod(Method c) {
+  c.getReceiverBaseType().getUnderlyingType() instanceof InterfaceType
+}
+
 /**
  * Holds if `call` is passing `arg` to param `p` in any circumstance except passing
  * a receiver parameter to a concrete method.
@@ -147,6 +151,17 @@ predicate golangSpecificParamArgFilter(
   or
   p instanceof DataFlow::SummarizedParameterNode
   or
-  not call.getNode().(DataFlow::CallNode).getReceiver().getType().getUnderlyingType() instanceof
-    InterfaceType
+  not isInterfaceMethod(call.getNode()
+        .(DataFlow::CallNode)
+        .getACalleeWithoutVirtualDispatch()
+        .asFunction())
+}
+
+predicate foo(DataFlowCall call, DataFlow::Node rec0) {
+  exists(DataFlow::Node rec | rec = call.getNode().(DataFlow::CallNode).getReceiver() |
+    rec = rec0 and rec.getType().getUnderlyingType() instanceof InterfaceType
+  ) and
+  not exists(Function callTarget | callTarget = call.getNode().(DataFlow::CallNode).getTarget() |
+    not isInterfaceMethod(callTarget)
+  )
 }

go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll

@@ -489,13 +489,9 @@ module Public {
      * interface type.
      */
     Callable getACalleeIncludingExternals() {
-      result.asFunction() = this.getTarget()
+      result = this.getACalleeWithoutVirtualDispatch()
       or
       exists(DataFlow::Node calleeSource | calleeSource = this.getACalleeSource() |
-        result.asFuncLit() = calleeSource.asExpr()
-        or
-        calleeSource = result.asFunction().getARead()
-        or
         exists(Method declared, Method actual |
           calleeSource = declared.getARead() and
           actual.implements(declared) and
@@ -510,6 +506,20 @@ module Public {
      */
     FuncDef getACallee() { result = this.getACalleeIncludingExternals().getFuncDef() }
 
+    /**
+     * As `getACalleeIncludingExternals`, except excluding external functions (those for which
+     * we lack a definition, such as standard library functions).
+     */
+    Callable getACalleeWithoutVirtualDispatch() {
+      result.asFunction() = this.getTarget()
+      or
+      exists(DataFlow::Node calleeSource | calleeSource = this.getACalleeSource() |
+        result.asFuncLit() = calleeSource.asExpr()
+        or
+        calleeSource = result.asFunction().getARead()
+      )
+    }
+
     /**
      * Gets the name of the function, method or variable that is being called.
      *