Update for recent changes to DsnInjection

owen-mc · owen-mc · commit 36b1a0dc54fd · 2023-08-10T15:50:03.000+01:00
diff --git a/go/ql/src/experimental/CWE-74/DsnInjectionCustomizations.qll b/go/ql/src/experimental/CWE-74/DsnInjectionCustomizations.qll
@@ -32,8 +32,11 @@ private module DsnInjectionConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof Source }
 
   predicate isSink(DataFlow::Node sink) {
-    exists(Function f | f.hasQualifiedName("database/sql", "Open") |
-      sink = f.getACall().getArgument(1)
+    exists(DataFlow::CallNode c |
+      c.getTarget().hasQualifiedName("database/sql", "Open") and
+      c.getArgument(0).getStringValue() = "mysql"
+    |
+      sink = c.getArgument(1)
     )
   }
 

Original file line number	Diff line number	Diff line change
`@@ -32,8 +32,11 @@ private module DsnInjectionConfig implements DataFlow::ConfigSig {`
`32`	`32`	`predicate isSource(DataFlow::Node source) { source instanceof Source }`
`33`	`33`
`34`	`34`	`predicate isSink(DataFlow::Node sink) {`
`35`		`- exists(Function f \| f.hasQualifiedName("database/sql", "Open") \|`
`36`		`- sink = f.getACall().getArgument(1)`
	`35`	`+ exists(DataFlow::CallNode c \|`
	`36`	`+ c.getTarget().hasQualifiedName("database/sql", "Open") and`
	`37`	`+ c.getArgument(0).getStringValue() = "mysql"`
	`38`	`+ \|`
	`39`	`+ sink = c.getArgument(1)`
`37`	`40`	`)`
`38`	`41`	`}`
`39`	`42`