Go: Fix query.

aschackmull · aschackmull · commit a498ab241be5 · 2023-03-02T13:53:37.000+01:00
diff --git a/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll b/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll
@@ -134,11 +134,11 @@ class ConversionWithoutBoundsCheckConfig extends TaintTracking::Configuration {
       node = DataFlow::BarrierGuard<upperBoundCheckGuard/3>::getABarrierNodeForGuard(g) and
       g.isBoundFor(bitSize, sinkIsSigned)
     )
-  }
-
-  override predicate isSanitizerOut(DataFlow::Node node) {
-    exists(int bitSize | isIncorrectIntegerConversion(sourceBitSize, bitSize) |
-      this.isSinkWithBitSize(node, bitSize)
+    or
+    exists(DataFlow::Node sink, int bitSize |
+      isIncorrectIntegerConversion(sourceBitSize, bitSize) and
+      this.isSinkWithBitSize(sink, bitSize) and
+      TaintTracking::localTaintStep(sink, node)
     )
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -134,11 +134,11 @@ class ConversionWithoutBoundsCheckConfig extends TaintTracking::Configuration {`
`134`	`134`	`node = DataFlow::BarrierGuard<upperBoundCheckGuard/3>::getABarrierNodeForGuard(g) and`
`135`	`135`	`g.isBoundFor(bitSize, sinkIsSigned)`
`136`	`136`	`)`
`137`		`- }`
`138`		`-`
`139`		`- override predicate isSanitizerOut(DataFlow::Node node) {`
`140`		`- exists(int bitSize \| isIncorrectIntegerConversion(sourceBitSize, bitSize) \|`
`141`		`- this.isSinkWithBitSize(node, bitSize)`
	`137`	`+ or`
	`138`	`+ exists(DataFlow::Node sink, int bitSize \|`
	`139`	`+ isIncorrectIntegerConversion(sourceBitSize, bitSize) and`
	`140`	`+ this.isSinkWithBitSize(sink, bitSize) and`
	`141`	`+ TaintTracking::localTaintStep(sink, node)`
`142`	`142`	`)`
`143`	`143`	`}`
`144`	`144`	`}`