--taint-intrafile: false positive when two functions share the same name #615
Description
Reproduction
taint-func-param.yaml:
rules:
- id: taint-func-param
message: Tainted data reaches sink
languages: [go]
severity: ERROR
mode: taint
pattern-sources:
- patterns:
- focus-metavariable: $SOURCE
- pattern: func (..., $SOURCE $TYPE, ...) { ... }
pattern-sinks:
- pattern: sink($X)taint-func-param.test.go:
package main
func test(input string) {
var fn = func(s string) {
// ruleid: taint-func-param
sink(s)
}
fn("")
}
func test(input string) {
var fn = func(s string) {
// ok: taint-func-param
sink(s)
}
}opengrep --test . --taint-intrafile
Expected
Line 6: finding. Line 14: no finding.
Actual
Both line 6 and line 14 are flagged. Calling fn("") in the first test function causes a finding in the second test function where fn is never called.