Fix bug in UnsafeFieldReadSanitizer

owen-mc · owen-mc · commit d4178ffbfc11 · 2025-10-01T12:02:12.000+01:00
diff --git a/go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll b/go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll
@@ -49,7 +49,7 @@ module SafeUrlFlow {
     UnsafeFieldReadSanitizer() {
       exists(DataFlow::FieldReadNode frn, string name |
         name = ["Fragment", "RawQuery", "User"] and
-        frn.getField().hasQualifiedName("net/url", "URL")
+        frn.getField().hasQualifiedName("net/url", "URL", name)
       |
         this = frn.getBase()
       )

Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,7 @@ module SafeUrlFlow {`
`49`	`49`	`UnsafeFieldReadSanitizer() {`
`50`	`50`	`exists(DataFlow::FieldReadNode frn, string name \|`
`51`	`51`	`name = ["Fragment", "RawQuery", "User"] and`
`52`		`- frn.getField().hasQualifiedName("net/url", "URL")`
	`52`	`+ frn.getField().hasQualifiedName("net/url", "URL", name)`
`53`	`53`	`\|`
`54`	`54`	`this = frn.getBase()`
`55`	`55`	`)`