Fix Mongodb additional taint step

smowton · smowton · commit 5aa9b080fca0 · 2024-08-29T14:23:28.000+01:00
diff --git a/go/ql/lib/semmle/go/frameworks/NoSQL.qll b/go/ql/lib/semmle/go/frameworks/NoSQL.qll
@@ -40,7 +40,8 @@ module NoSql {
     // Taint an entry if the `Value` is tainted
     exists(Write w, DataFlow::Node base, Field f | w.writesField(base, f, pred) |
       base = succ.(DataFlow::PostUpdateNode).getPreUpdateNode() and
-      base.getType().hasQualifiedName(package("go.mongodb.org/mongo-driver", "bson/primitive"), "E") and
+      unalias(base.getType())
+          .hasQualifiedName(package("go.mongodb.org/mongo-driver", "bson/primitive"), "E") and
       f.getName() = "Value"
     )
   }

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,8 @@ module NoSql {`
`40`	`40`	// Taint an entry if the `Value` is tainted
`41`	`41`	`exists(Write w, DataFlow::Node base, Field f \| w.writesField(base, f, pred) \|`
`42`	`42`	`base = succ.(DataFlow::PostUpdateNode).getPreUpdateNode() and`
`43`		`- base.getType().hasQualifiedName(package("go.mongodb.org/mongo-driver", "bson/primitive"), "E") and`
	`43`	`+ unalias(base.getType())`
	`44`	`+ .hasQualifiedName(package("go.mongodb.org/mongo-driver", "bson/primitive"), "E") and`
`44`	`45`	`f.getName() = "Value"`
`45`	`46`	`)`
`46`	`47`	`}`