hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-23 15:55:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add barriers and barrier guards to MaD format explanations

Browse Source
This commit is contained in:
Owen Mansel-Chan
2026-03-26 11:40:11 +00:00
parent 73360eefb3
commit 10fddc7b96
8 changed files with 63 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll
View File

@@ -10,6 +10,10 @@
* `namespace; type; subtypes; name; signature; ext; input; kind`
* - Summaries:
* `namespace; type; subtypes; name; signature; ext; input; output; kind`
* - Barriers:
* `namespace; type; subtypes; name; signature; ext; output; kind; provenance`
* - BarrierGuards:
* `namespace; type; subtypes; name; signature; ext; input; acceptingvalue; kind; provenance`
*
* The interpretation of a row is similar to API-graphs with a left-to-right
* reading.
@@ -86,7 +90,11 @@
* value, and
* - flow from the _second_ indirection of the 0th argument to the first
* indirection of the return value, etc.
* 8. The `kind` column is a tag that can be referenced from QL to determine to
* 8. The `acceptingvalue` column of barrier guard models specifies the condition
* under which the guard accepts or blocks flow. It can be one of "true" or
* "false". In the future "no-exception", "not-zero", "null", "not-null" may be
* supported.
* 9. The `kind` column is a tag that can be referenced from QL to determine to
* which classes the interpreted elements should be added. For example, for
* sources "remote" indicates a default remote flow source, and for summaries
* "taint" indicates a default additional taint step and "value" indicates a