C++: Handle 'isSink' without states in the backwards-compatibility code and in taint-tracking

2025-12-22 19:56:32 +01:00 · 2023-08-02 14:33:04 +02:00
parent b953c4a1cf
commit 096eeeb549
2 changed files with 3 additions and 0 deletions
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl1.qll
@@ -276,6 +276,8 @@ private module Config implements FullStateConfigSig {
    getConfig(state).isSource(source) and getState(state) instanceof FlowStateEmpty
  }

+  predicate isSink(Node sink) { none() }
+
  predicate isSink(Node sink, FlowState state) {
    getConfig(state).isSink(sink, getState(state))
    or
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTracking.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/tainttracking1/TaintTracking.qll
@@ -24,6 +24,7 @@ private module AddTaintDefaults<DataFlowInternal::FullStateConfigSig Config> imp
    Config::allowImplicitRead(node, c)
    or
    (
+      Config::isSink(node) or
      Config::isSink(node, _) or
      Config::isAdditionalFlowStep(node, _) or
      Config::isAdditionalFlowStep(node, _, _, _)