hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Model secure_getenv and _wgetenv as local flow sources

Browse Source
This commit is contained in:
Jeroen Ketema
2022-12-07 13:37:12 +01:00
parent 2ed8d5d798
commit 01d8ad98f6
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
cpp/ql/lib/semmle/code/cpp/models/implementations/Getenv.qll
View File

@@ -1,15 +1,19 @@
/**
* Provides an implementation class modeling the POSIX function `getenv`.
* Provides an implementation class modeling the POSIX function `getenv` and
* various similar functions.
*/
import cpp
import semmle.code.cpp.models.interfaces.FlowSource
/**
* The POSIX function `getenv`.
* The POSIX function `getenv`, the GNU function `secure_getenv`, and the
* Windows function `_wgetenv`.
*/
class Getenv extends LocalFlowSourceFunction {
Getenv() { this.hasGlobalOrStdOrBslName("getenv") }
Getenv() {
this.hasGlobalOrStdOrBslName("getenv") or this.hasGlobalName(["secure_getenv", "_wgetenv"])
}
override predicate hasLocalFlowSource(FunctionOutput output, string description) {
(