Handle type assertions (`*ssa.TypeAssert`)

[picatz]

Following up on challenges faced in #9:

package main

import (
    "fmt"
    "io"
    "net/http"
)

func echo(r any) error {
    ior, ok := r.(io.Reader)
    if !ok {
        return fmt.Errorf("failed to cast to io.Reader")
    }

    b, err := io.ReadAll(ior)
    if err != nil {
        return fmt.Errorf("failed to read all bytes from io.Reader: %w", err)
    }

    fmt.Println(string(b)) // want "potential XSS"

    return nil
}

func handler(w http.ResponseWriter, r *http.Request) {
    err := echo(r)
    if err != nil {
        panic(err)
    }
}

func main() {
    http.HandleFunc("/mirror-safe", handler)

    http.ListenAndServe(":8080", nil)
}

☝️ echo's param r being an empty interface that is type asserted (*ssa.TypeAssert) seems to obscure the call to (http.ResponseWriter).Write.

[picatz]

I don't know what I was thinking. I must've been lost in the SSA stuff, because I didn't see that the example I was trying to match on didn't make sense.

The echo(r) call isn't correct. I would need to access the r.Body, and that never even makes its way back into the response. So, this is a total non-issue. I failed to accurately describe the real problem, trying to handle SSA type assertions.

Similar (actually working) examples seem to be caught by the xss command 👍