Change definition of BeegoInputSafeUrlSource

owen-mc · owen-mc · commit 2bbd9ab4ebc5 · 2024-07-01T16:13:36.000+01:00
diff --git a/go/ql/lib/semmle/go/frameworks/Beego.qll b/go/ql/lib/semmle/go/frameworks/Beego.qll
@@ -69,13 +69,15 @@ module Beego {
         )
       )
     }
-
-    predicate isSafeUrlSource() { methodName in ["URI", "URL"] }
   }
 
   /** `BeegoInput` sources that are safe to use for redirection. */
   private class BeegoInputSafeUrlSource extends SafeUrlFlow::Source {
-    BeegoInputSafeUrlSource() { this.(BeegoInputSource).isSafeUrlSource() }
+    BeegoInputSafeUrlSource() {
+      exists(Method m | m.hasQualifiedName(contextPackagePath(), "BeegoInput", ["URI", "URL"]) |
+        this = m.getACall().getResult(0)
+      )
+    }
   }
 
   /**

Original file line number	Diff line number	Diff line change
`@@ -69,13 +69,15 @@ module Beego {`
`69`	`69`	`)`
`70`	`70`	`)`
`71`	`71`	`}`
`72`		`-`
`73`		`- predicate isSafeUrlSource() { methodName in ["URI", "URL"] }`
`74`	`72`	`}`
`75`	`73`
`76`	`74`	/** `BeegoInput` sources that are safe to use for redirection. */
`77`	`75`	`private class BeegoInputSafeUrlSource extends SafeUrlFlow::Source {`
`78`		`- BeegoInputSafeUrlSource() { this.(BeegoInputSource).isSafeUrlSource() }`
	`76`	`+ BeegoInputSafeUrlSource() {`
	`77`	`+ exists(Method m \| m.hasQualifiedName(contextPackagePath(), "BeegoInput", ["URI", "URL"]) \|`
	`78`	`+ this = m.getACall().getResult(0)`
	`79`	`+ )`
	`80`	`+ }`
`79`	`81`	`}`
`80`	`82`
`81`	`83`	`/**`