From c91db6a653bbb857a90180b694b4b407a03ff986 Mon Sep 17 00:00:00 2001
From: Michael Hohn <hohn@github.com>
Date: Mon, 20 Jul 2020 14:10:36 -0700
Subject: [PATCH] Summary: sql injection: move source identification to
 configuration

---
 SqlInjection.ql | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/SqlInjection.ql b/SqlInjection.ql
index d61334b..d6d982b 100644
--- a/SqlInjection.ql
+++ b/SqlInjection.ql
@@ -12,7 +12,12 @@ import semmle.code.cpp.dataflow.TaintTracking
 class SqliFlowConfig extends TaintTracking::Configuration {
     SqliFlowConfig() { this = "SqliFlow" }
 
-    override predicate isSource(DataFlow::Node source) { any() }
+    override predicate isSource(DataFlow::Node source) {
+        exists(FunctionCall read |
+            read.getTarget().getName() = "read" and
+            read.getArgument(1) = source.asExpr()
+        )
+    }
 
     override predicate isSanitizer(DataFlow::Node sanitizer) { none() }