mirror of
https://github.com/hohn/codeql-c-sqli.git
synced 2025-12-16 10:33:03 +01:00
44 lines
1.3 KiB
Plaintext
44 lines
1.3 KiB
Plaintext
import cpp
|
|
|
|
import semmle.code.cpp.models.Models
|
|
import semmle.code.cpp.commons.Scanf
|
|
|
|
import semmle.code.cpp.models.implementations.Strcpy
|
|
|
|
|
|
/*
|
|
* sources. To use this QL library, create a QL class extending `DataFlowFunction` with a
|
|
* characteristic predicate that selects the function or set of functions you
|
|
* are modeling. Within that class, override the predicates provided by
|
|
* `RemoteFlowSourceFunction` or `RemoteFlowSinkFunction` to match the flow within that
|
|
*/
|
|
class SDF extends DataFlowFunction {
|
|
// see import semmle.code.cpp.models.implementations.Strcpy
|
|
SDF () { any() }
|
|
|
|
override predicate hasDataFlow(FunctionInput input, FunctionOutput output) { any()}
|
|
|
|
}
|
|
|
|
|
|
import semmle.code.cpp.models.implementations.Fread
|
|
// Fread extends RemoteFlowSourceFunction
|
|
|
|
import semmle.code.cpp.models.interfaces.DataFlow
|
|
import semmle.code.cpp.models.interfaces.FlowSource
|
|
import semmle.code.cpp.models.implementations.Recv
|
|
// See
|
|
// private class Recv extends AliasFunction, ArrayFunction, SideEffectFunction,
|
|
// RemoteFlowSourceFunction
|
|
// for "read"
|
|
|
|
// // Find all *definitions*
|
|
// from DataFlowFunction dff
|
|
// select dff
|
|
|
|
// Find *uses* (via Call)
|
|
from DataFlowFunction dff, Call cl
|
|
where cl.getTarget() = dff
|
|
select cl.getLocation().getFile(), cl, dff
|
|
|