hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

[DIFF-INFORMED] C++: UnsafeDaclSecurityDescriptor

Browse Source
This commit is contained in:
Nora Dimitrijević
2025-07-16 10:35:12 +02:00
parent 194d9a9f44
commit 0c636dd400
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql
View File

@@ -37,6 +37,16 @@ module NullDaclConfig implements DataFlow::ConfigSig {
val = call.getArgument(2) val = call.getArgument(2)
) )
} }
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSourceLocation(DataFlow::Node source) { none() }
Location getASelectedSinkLocation(DataFlow::Node sink) {
exists(SetSecurityDescriptorDaclFunctionCall call | result = call.getLocation() |
sink.asExpr() = call.getArgument(2)
)
}
} }
module NullDaclFlow = DataFlow::Global<NullDaclConfig>; module NullDaclFlow = DataFlow::Global<NullDaclConfig>;
@@ -68,6 +78,10 @@ module NonNullDaclConfig implements DataFlow::ConfigSig {
predicate isSink(DataFlow::Node sink) { predicate isSink(DataFlow::Node sink) {
exists(SetSecurityDescriptorDaclFunctionCall call | sink.asExpr() = call.getArgument(2)) exists(SetSecurityDescriptorDaclFunctionCall call | sink.asExpr() = call.getArgument(2))
} }
predicate observeDiffInformedIncrementalMode() {
none() // only used negatively
}
} }
module NonNullDaclFlow = DataFlow::Global<NonNullDaclConfig>; module NonNullDaclFlow = DataFlow::Global<NonNullDaclConfig>;