Fix containerStoreStep and containerReadStep

owen-mc · owen-mc · commit 12058a262182 · 2021-12-08T11:20:29.000-05:00
diff --git a/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll b/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll
@@ -34,15 +34,17 @@ predicate containerStoreStep(Node node1, Node node2, Content c) {
   )
   or
   c instanceof CollectionContent and
-  exists(BinaryOperationNode send | send.hasOperands(node1, node2) | send.getOperator() = "<-")
+  exists(SendStmt send |
+    send.getChannel() = node2.(ExprNode).asExpr() and send.getValue() = node1.(ExprNode).asExpr()
+  )
   or
   c instanceof MapKeyContent and
-  node1.getType() instanceof MapType and
-  exists(Write w | w.writesElement(node1, node2, _))
+  node2.getType() instanceof MapType and
+  exists(Write w | w.writesElement(node2, node1, _))
   or
   c instanceof MapValueContent and
-  node1.getType() instanceof MapType and
-  exists(Write w | w.writesElement(node1, _, node2))
+  node2.getType() instanceof MapType and
+  exists(Write w | w.writesElement(node2, _, node1))
 }
 
 /**
@@ -65,7 +67,7 @@ predicate containerReadStep(Node node1, Node node2, Content c) {
   or
   c instanceof CollectionContent and
   exists(UnaryOperationNode recv | recv = node2 |
-    node2 = recv.getOperand() and
+    node1 = recv.getOperand() and
     recv.getOperator() = "<-"
   )
   or
diff --git a/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/test.go b/ql/test/library-tests/semmle/go/dataflow/ExternalFlow/test.go
@@ -92,7 +92,7 @@ func simpleflow() {
 
 	taint10 := test.StepArgResCollectionContent(a.Src1()).(chan interface{})
 	b.Sink1(test.GetElement(taint10)) // $ hasTaintFlow="call to GetElement"
-	b.Sink1(<-taint10)                // $ MISSING: hasTaintFlow="<-..."
+	b.Sink1(<-taint10)                // $ hasTaintFlow="<-..."
 
 	srcCollection := test.SetElement(a.Src1())
 	taint11 := test.StepArgCollectionContentRes(srcCollection)
@@ -109,14 +109,14 @@ func simpleflow() {
 
 	srcMap13 := map[string]string{src.(string): ""}
 	taint13 := test.StepArgMapKeyContentRes(srcMap13)
-	b.Sink1(taint13) // $ MISSING: hasTaintFlow="taint13"
+	b.Sink1(taint13) // $ hasTaintFlow="taint13"
 
 	taint14 := test.StepArgResMapValueContent(src).(map[string]string)
 	b.Sink1(taint14[""]) // $ hasTaintFlow="index expression"
 
 	srcMap15 := map[string]string{"": src.(string)}
 	taint15 := test.StepArgMapValueContentRes(srcMap15)
-	b.Sink1(taint15) // $ MISSING: hasTaintFlow="taint15"
+	b.Sink1(taint15) // $ hasTaintFlow="taint15"
 
 	slice := make([]interface{}, 0)
 	slice = append(slice, src)
