Cast to MethodCallNode before calling getReceiver()

owen-mc · owen-mc · commit a3ba74a6a6c1 · 2023-07-19T11:17:38.000+01:00
This is not required, because getReceiver is still defined on CallNode,
but is done for consistency.
diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowDispatch.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowDispatch.qll
@@ -8,7 +8,7 @@ private import DataFlowPrivate
 private predicate isInterfaceCallReceiver(
   DataFlow::CallNode call, DataFlow::Node recv, InterfaceType tp, string m
 ) {
-  call.getReceiver() = recv and
+  call.(DataFlow::MethodCallNode).getReceiver() = recv and
   recv.getType().getUnderlyingType() = tp and
   m = call.getACalleeIncludingExternals().asFunction().getName()
 }
diff --git a/go/ql/lib/semmle/go/frameworks/Gqlgen.qll b/go/ql/lib/semmle/go/frameworks/Gqlgen.qll
@@ -7,7 +7,7 @@ module Gqlgen {
   /** An autogenerated file containing gqlgen code. */
   private class GqlgenGeneratedFile extends File {
     GqlgenGeneratedFile() {
-      exists(DataFlow::CallNode call |
+      exists(DataFlow::MethodCallNode call |
         call.getReceiver().getType().hasQualifiedName("github.com/99designs/gqlgen/graphql", _) and
         call.getFile() = this
       )
diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
@@ -131,7 +131,7 @@ module NetHttp {
     )
     or
     stack = SummaryComponentStack::argument(-1) and
-    result = call.getReceiver()
+    result = call.(DataFlow::MethodCallNode).getReceiver()
   }
 
   private class ResponseBody extends Http::ResponseBody::Range {
diff --git a/go/ql/lib/semmle/go/security/ExternalAPIs.qll b/go/ql/lib/semmle/go/security/ExternalAPIs.qll
@@ -86,7 +86,7 @@ class ExternalApiDataNode extends DataFlow::Node {
       this = call.getArgument(i)
       or
       // Receiver to a call to a method which returns non trivial value
-      this = call.getReceiver() and
+      this = call.(DataFlow::MethodCallNode).getReceiver() and
       i = -1
     ) and
     // Not defined in the code that is being analyzed
diff --git a/go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll b/go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll
@@ -33,7 +33,9 @@ module SafeUrlFlow {
 
   /** A function model step using `UnsafeUrlMethod`, considered as a sanitizer for safe URL flow. */
   private class UnsafeUrlMethodEdge extends SanitizerEdge {
-    UnsafeUrlMethodEdge() { this = any(UnsafeUrlMethod um).getACall().getReceiver() }
+    UnsafeUrlMethodEdge() {
+      this = any(UnsafeUrlMethod um).getACall().(DataFlow::MethodCallNode).getReceiver()
+    }
   }
 
   /** Any slicing of the URL, considered as a sanitizer for safe URL flow. */
diff --git a/go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql b/go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql
@@ -90,7 +90,7 @@ predicate isWritableFileHandle(DataFlow::Node source, DataFlow::CallNode call) {
 /**
  * Holds if `os.File.Close` is called on `sink`.
  */
-predicate isCloseSink(DataFlow::Node sink, DataFlow::CallNode closeCall) {
+predicate isCloseSink(DataFlow::Node sink, DataFlow::MethodCallNode closeCall) {
   // find calls to the os.File.Close function
   closeCall = any(CloseFileFun f).getACall() and
   // that are unhandled
@@ -115,7 +115,7 @@ predicate isCloseSink(DataFlow::Node sink, DataFlow::CallNode closeCall) {
  * Holds if `os.File.Sync` is called on `sink` and the result of the call is neither
  * deferred nor discarded.
  */
-predicate isHandledSync(DataFlow::Node sink, DataFlow::CallNode syncCall) {
+predicate isHandledSync(DataFlow::Node sink, DataFlow::MethodCallNode syncCall) {
   // find a call of the `os.File.Sync` function
   syncCall = any(SyncFileFun f).getACall() and
   // match the sink with the object on which the method is called
diff --git a/go/ql/src/Security/CWE-352/ConstantOauth2State.ql b/go/ql/src/Security/CWE-352/ConstantOauth2State.ql
@@ -113,7 +113,7 @@ class PrivateUrlFlowsToAuthCodeUrlCall extends DataFlow::Configuration {
     )
   }
 
-  predicate isSinkCall(DataFlow::Node sink, DataFlow::CallNode call) {
+  predicate isSinkCall(DataFlow::Node sink, DataFlow::MethodCallNode call) {
     exists(AuthCodeUrl m | call = m.getACall() | sink = call.getReceiver())
   }
 
diff --git a/go/ql/src/experimental/CWE-1004/AuthCookie.qll b/go/ql/src/experimental/CWE-1004/AuthCookie.qll
@@ -189,11 +189,11 @@ class GorillaCookieStoreSaveTrackingConfiguration extends DataFlow::Configuratio
   }
 
   override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
-    exists(DataFlow::MethodCallNode cn |
-      cn.getTarget()
+    exists(DataFlow::MethodCallNode mcn |
+      mcn.getTarget()
           .hasQualifiedName(package("github.com/gorilla/sessions", ""), "CookieStore", "Get") and
-      pred = cn.getReceiver() and
-      succ = cn.getResult(0)
+      pred = mcn.getReceiver() and
+      succ = mcn.getResult(0)
     )
   }
 }
diff --git a/go/ql/src/experimental/CWE-285/PamAuthBypass.ql b/go/ql/src/experimental/CWE-285/PamAuthBypass.ql
@@ -41,7 +41,7 @@ class PamStartToAcctMgmtConfig extends TaintTracking::Configuration {
   }
 
   override predicate isSink(DataFlow::Node sink) {
-    exists(PamAcctMgmt p | p.getACall().getReceiver() = sink)
+    exists(PamAcctMgmt p | p.getACall().(DataFlow::MethodCallNode).getReceiver() = sink)
   }
 }
 
@@ -53,7 +53,7 @@ class PamStartToAuthenticateConfig extends TaintTracking::Configuration {
   }
 
   override predicate isSink(DataFlow::Node sink) {
-    exists(PamAuthenticate p | p.getACall().getReceiver() = sink)
+    exists(PamAuthenticate p | p.getACall().(DataFlow::MethodCallNode).getReceiver() = sink)
   }
 }
 
diff --git a/go/ql/src/experimental/frameworks/CleverGo.qll b/go/ql/src/experimental/frameworks/CleverGo.qll
@@ -174,7 +174,7 @@ private module CleverGo {
   /**
    * Models HTTP redirects.
    */
-  private class HttpRedirect extends Http::Redirect::Range, DataFlow::CallNode {
+  private class HttpRedirect extends Http::Redirect::Range, DataFlow::MethodCallNode {
     DataFlow::Node urlNode;
 
     HttpRedirect() {
@@ -211,7 +211,7 @@ private module CleverGo {
     string package, string receiverName, DataFlow::Node bodyNode, string contentTypeString,
     DataFlow::Node receiverNode
   ) {
-    exists(string methodName, Method met, DataFlow::CallNode bodySetterCall |
+    exists(string methodName, Method met, DataFlow::MethodCallNode bodySetterCall |
       met.hasQualifiedName(package, receiverName, methodName) and
       bodySetterCall = met.getACall() and
       receiverNode = bodySetterCall.getReceiver()
@@ -317,7 +317,7 @@ private module CleverGo {
     string package, string receiverName, DataFlow::Node bodyNode, DataFlow::Node contentTypeNode,
     DataFlow::Node receiverNode
   ) {
-    exists(string methodName, Method met, DataFlow::CallNode bodySetterCall |
+    exists(string methodName, Method met, DataFlow::MethodCallNode bodySetterCall |
       met.hasQualifiedName(package, receiverName, methodName) and
       bodySetterCall = met.getACall() and
       receiverNode = bodySetterCall.getReceiver()
@@ -356,7 +356,7 @@ private module CleverGo {
   private predicate setsBody(
     string package, string receiverName, DataFlow::Node receiverNode, DataFlow::Node bodyNode
   ) {
-    exists(string methodName, Method met, DataFlow::CallNode bodySetterCall |
+    exists(string methodName, Method met, DataFlow::MethodCallNode bodySetterCall |
       met.hasQualifiedName(package, receiverName, methodName) and
       bodySetterCall = met.getACall() and
       receiverNode = bodySetterCall.getReceiver()
@@ -400,7 +400,7 @@ private module CleverGo {
 
   // Holds for a call that sets a header with a key-value combination.
   private predicate setsHeaderDynamicKeyValue(
-    string package, string receiverName, DataFlow::CallNode headerSetterCall,
+    string package, string receiverName, DataFlow::MethodCallNode headerSetterCall,
     DataFlow::Node headerNameNode, DataFlow::Node headerValueNode, DataFlow::Node receiverNode
   ) {
     exists(string methodName, Method met |
@@ -446,7 +446,7 @@ private module CleverGo {
 
   // Holds for a call that sets the content-type header (implicit).
   private predicate setsStaticHeaderContentType(
-    string package, string receiverName, DataFlow::CallNode setterCall, string valueString,
+    string package, string receiverName, DataFlow::MethodCallNode setterCall, string valueString,
     DataFlow::Node receiverNode
   ) {
     exists(string methodName, Method met |
@@ -501,8 +501,8 @@ private module CleverGo {
 
   // Holds for a call that sets the content-type header via a parameter.
   private predicate setsDynamicHeaderContentType(
-    string package, string receiverName, DataFlow::CallNode setterCall, DataFlow::Node valueNode,
-    DataFlow::Node receiverNode
+    string package, string receiverName, DataFlow::MethodCallNode setterCall,
+    DataFlow::Node valueNode, DataFlow::Node receiverNode
   ) {
     exists(string methodName, Method met |
       met.hasQualifiedName(package, receiverName, methodName) and
diff --git a/go/ql/src/experimental/frameworks/Fiber.qll b/go/ql/src/experimental/frameworks/Fiber.qll
@@ -129,7 +129,7 @@ private module Fiber {
   /**
    * Models HTTP redirects.
    */
-  private class Redirect extends Http::Redirect::Range, DataFlow::CallNode {
+  private class Redirect extends Http::Redirect::Range, DataFlow::MethodCallNode {
     DataFlow::Node urlNode;
 
     Redirect() {
@@ -167,7 +167,7 @@ private module Fiber {
 
   // Holds for a call that sets a header with a key-value combination.
   private predicate setsHeaderDynamicKeyValue(
-    string package, string receiverName, DataFlow::CallNode headerSetterCall,
+    string package, string receiverName, DataFlow::MethodCallNode headerSetterCall,
     DataFlow::Node headerNameNode, DataFlow::Node headerValueNode, DataFlow::Node receiverNode
   ) {
     exists(string methodName, Method met |
@@ -215,7 +215,7 @@ private module Fiber {
     string package, string receiverName, DataFlow::Node bodyNode, string contentTypeString,
     DataFlow::Node receiverNode
   ) {
-    exists(string methodName, Method met, DataFlow::CallNode bodySetterCall |
+    exists(string methodName, Method met, DataFlow::MethodCallNode bodySetterCall |
       met.hasQualifiedName(package, receiverName, methodName) and
       bodySetterCall = met.getACall() and
       receiverNode = bodySetterCall.getReceiver()
@@ -254,7 +254,7 @@ private module Fiber {
   private predicate setsBody(
     string package, string receiverName, DataFlow::Node receiverNode, DataFlow::Node bodyNode
   ) {
-    exists(string methodName, Method met, DataFlow::CallNode bodySetterCall |
+    exists(string methodName, Method met, DataFlow::MethodCallNode bodySetterCall |
       met.hasQualifiedName(package, receiverName, methodName) and
       bodySetterCall = met.getACall() and
       receiverNode = bodySetterCall.getReceiver()
diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Yaml/tests.ql b/go/ql/test/library-tests/semmle/go/frameworks/Yaml/tests.ql
@@ -13,9 +13,10 @@ DataFlow::CallNode getAYamlCall() {
 
 predicate isSourceSinkPair(DataFlow::Node inNode, DataFlow::Node outNode) {
   exists(DataFlow::CallNode cn | cn = getAYamlCall() |
-    inNode = [cn.getAnArgument(), cn.getReceiver()] and
+    inNode = [cn.getAnArgument(), cn.(DataFlow::MethodCallNode).getReceiver()] and
     (
-      outNode.(DataFlow::PostUpdateNode).getPreUpdateNode() = [cn.getAnArgument(), cn.getReceiver()]
+      outNode.(DataFlow::PostUpdateNode).getPreUpdateNode() =
+        [cn.getAnArgument(), cn.(DataFlow::MethodCallNode).getReceiver()]
       or
       outNode = cn.getAResult()
     )

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@ private import DataFlowPrivate`
`8`	`8`	`private predicate isInterfaceCallReceiver(`
`9`	`9`	`DataFlow::CallNode call, DataFlow::Node recv, InterfaceType tp, string m`
`10`	`10`	`) {`
`11`		`- call.getReceiver() = recv and`
	`11`	`+ call.(DataFlow::MethodCallNode).getReceiver() = recv and`
`12`	`12`	`recv.getType().getUnderlyingType() = tp and`
`13`	`13`	`m = call.getACalleeIncludingExternals().asFunction().getName()`
`14`	`14`	`}`
Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ module Gqlgen {`
`7`	`7`	`/** An autogenerated file containing gqlgen code. */`
`8`	`8`	`private class GqlgenGeneratedFile extends File {`
`9`	`9`	`GqlgenGeneratedFile() {`
`10`		`- exists(DataFlow::CallNode call \|`
	`10`	`+ exists(DataFlow::MethodCallNode call \|`
`11`	`11`	`call.getReceiver().getType().hasQualifiedName("github.com/99designs/gqlgen/graphql", _) and`
`12`	`12`	`call.getFile() = this`
`13`	`13`	`)`
Original file line number	Diff line number	Diff line change
`@@ -131,7 +131,7 @@ module NetHttp {`
`131`	`131`	`)`
`132`	`132`	`or`
`133`	`133`	`stack = SummaryComponentStack::argument(-1) and`
`134`		`- result = call.getReceiver()`
	`134`	`+ result = call.(DataFlow::MethodCallNode).getReceiver()`
`135`	`135`	`}`
`136`	`136`
`137`	`137`	`private class ResponseBody extends Http::ResponseBody::Range {`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,9 @@ module SafeUrlFlow {`
`33`	`33`
`34`	`34`	/** A function model step using `UnsafeUrlMethod`, considered as a sanitizer for safe URL flow. */
`35`	`35`	`private class UnsafeUrlMethodEdge extends SanitizerEdge {`
`36`		`- UnsafeUrlMethodEdge() { this = any(UnsafeUrlMethod um).getACall().getReceiver() }`
	`36`	`+ UnsafeUrlMethodEdge() {`
	`37`	`+ this = any(UnsafeUrlMethod um).getACall().(DataFlow::MethodCallNode).getReceiver()`
	`38`	`+ }`
`37`	`39`	`}`
`38`	`40`
`39`	`41`	`/** Any slicing of the URL, considered as a sanitizer for safe URL flow. */`
Original file line number	Diff line number	Diff line change
`@@ -113,7 +113,7 @@ class PrivateUrlFlowsToAuthCodeUrlCall extends DataFlow::Configuration {`
`113`	`113`	`)`
`114`	`114`	`}`
`115`	`115`
`116`		`- predicate isSinkCall(DataFlow::Node sink, DataFlow::CallNode call) {`
	`116`	`+ predicate isSinkCall(DataFlow::Node sink, DataFlow::MethodCallNode call) {`
`117`	`117`	`exists(AuthCodeUrl m \| call = m.getACall() \| sink = call.getReceiver())`
`118`	`118`	`}`
`119`	`119`
Original file line number	Diff line number	Diff line change
`@@ -189,11 +189,11 @@ class GorillaCookieStoreSaveTrackingConfiguration extends DataFlow::Configuratio`
`189`	`189`	`}`
`190`	`190`
`191`	`191`	`override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {`
`192`		`- exists(DataFlow::MethodCallNode cn \|`
`193`		`- cn.getTarget()`
	`192`	`+ exists(DataFlow::MethodCallNode mcn \|`
	`193`	`+ mcn.getTarget()`
`194`	`194`	`.hasQualifiedName(package("github.com/gorilla/sessions", ""), "CookieStore", "Get") and`
`195`		`- pred = cn.getReceiver() and`
`196`		`- succ = cn.getResult(0)`
	`195`	`+ pred = mcn.getReceiver() and`
	`196`	`+ succ = mcn.getResult(0)`
`197`	`197`	`)`
`198`	`198`	`}`
`199`	`199`	`}`
Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ class PamStartToAcctMgmtConfig extends TaintTracking::Configuration {`
`41`	`41`	`}`
`42`	`42`
`43`	`43`	`override predicate isSink(DataFlow::Node sink) {`
`44`		`- exists(PamAcctMgmt p \| p.getACall().getReceiver() = sink)`
	`44`	`+ exists(PamAcctMgmt p \| p.getACall().(DataFlow::MethodCallNode).getReceiver() = sink)`
`45`	`45`	`}`
`46`	`46`	`}`
`47`	`47`
`@@ -53,7 +53,7 @@ class PamStartToAuthenticateConfig extends TaintTracking::Configuration {`
`53`	`53`	`}`
`54`	`54`
`55`	`55`	`override predicate isSink(DataFlow::Node sink) {`
`56`		`- exists(PamAuthenticate p \| p.getACall().getReceiver() = sink)`
	`56`	`+ exists(PamAuthenticate p \| p.getACall().(DataFlow::MethodCallNode).getReceiver() = sink)`
`57`	`57`	`}`
`58`	`58`	`}`
`59`	`59`