G704: false positive on constant source

This code currently triggers the taint analysis and reports G704, even though there is no concrete tainted source for the sink:
```go
type HTTPDoer interface {
	Do(req *http.Request) (*http.Response, error)
}

type NamedClient struct {
	HTTPClient *http.Client
}

func (c *NamedClient) Do(req *http.Request) (*http.Response, error) {
	req.Header.Set("User-Agent", "test-agent")
	return c.HTTPClient.Do(req) // <-- 💥
}

func doImport(httpDoer HTTPDoer) error {
	ctx := context.Background()
	req, err := http.NewRequestWithContext(ctx, http.MethodPost, "/import", http.NoBody)
	if err != nil {
		return fmt.Errorf("creating import POST: %w", err)
	}
	resp, err := httpDoer.Do(req)
	if err != nil {
		return fmt.Errorf("performing import POST: %w", err)
	}
	defer resp.Body.Close()
	return nil
}
```



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

G704: false positive on constant source #1629

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

G704: false positive on constant source #1629

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions