From 36c265d4c38681fe5b9c2e4183ea512cc3ae2181 Mon Sep 17 00:00:00 2001
From: Michael Hohn <hohn@github.com>
Date: Wed, 21 May 2025 11:32:24 -0700
Subject: [PATCH] source predicate

---
 trivial.ql | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 trivial.ql

diff --git a/trivial.ql b/trivial.ql
new file mode 100644
index 0000000..ffbd9b2
--- /dev/null
+++ b/trivial.ql
@@ -0,0 +1,39 @@
+import cpp
+
+// 1. source: count = read(STDIN_FILENO, buf, BUFSIZE);
+// want buf
+// from VariableAccess buf, FunctionCall read
+// where read.getArgument(1) = buf and
+// read.getTarget().getName() = "read"
+// select read, buf
+// predicate findBuf(VariableAccess buf, FunctionCall read) {
+//     read.getArgument(1) = buf and
+//     read.getTarget().getName() = "read"
+// }
+// from VariableAccess buf, FunctionCall read
+// where findBuf(buf, read)
+// select read, buf
+// predicate findBuf(VariableAccess buf) {
+//     exists(FunctionCall read |
+//     read.getArgument(1) = buf and
+//     read.getTarget().getName() = "read"
+//     )
+// }
+// from VariableAccess buf
+// where findBuf(buf)
+// select buf
+
+class FindBuf extends VariableAccess {
+  FindBuf() {
+    exists(FunctionCall read |
+      read.getArgument(1) = this and
+      read.getTarget().getName() = "read"
+    )
+  }
+}
+
+from FindBuf buf
+select buf
+
+// 2. sink:  rc = sqlite3_exec(db, query, NULL, 0, &zErrMsg);
+// 3. dataflow between them