Add missing conjunct in PostgreSqlEscapeFunction's 'escapesSqlArgument' predicate.

MathiasVP · MathiasVP · commit dfe932d0534a · 2021-09-21T12:14:45.000+01:00
diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/PostgreSql.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/PostgreSql.qll
@@ -87,7 +87,8 @@ private class PostgreSqlEscapeFunction extends SqlEscapeFunction {
   override predicate escapesSqlArgument(FunctionInput input, FunctionOutput output) {
     exists(int argIndex |
       input.isParameterDeref(argIndex) and
-      output.isReturnValueDeref()
+      output.isReturnValueDeref() and
+      pqxxEscapeArgument(this.getName(), argIndex)
     )
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,8 @@ private class PostgreSqlEscapeFunction extends SqlEscapeFunction {`
`87`	`87`	`override predicate escapesSqlArgument(FunctionInput input, FunctionOutput output) {`
`88`	`88`	`exists(int argIndex \|`
`89`	`89`	`input.isParameterDeref(argIndex) and`
`90`		`- output.isReturnValueDeref()`
	`90`	`+ output.isReturnValueDeref() and`
	`91`	`+ pqxxEscapeArgument(this.getName(), argIndex)`
`91`	`92`	`)`
`92`	`93`	`}`
`93`	`94`	`}`