hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Add a definition of taint to the models library.

Browse Source
This commit is contained in:
Geoffrey White
2020-05-26 17:24:00 +01:00
parent 965d4829b5
commit 1baf14461d
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cpp/ql/src/semmle/code/cpp/models/interfaces/Taint.qll
View File

@@ -15,6 +15,9 @@ import semmle.code.cpp.models.Models
* A library function for which a taint-tracking library should propagate taint
* from a parameter or qualifier to an output buffer, return value, or qualifier.
*
* An expression is tainted if it could be influenced by an attacker to have
* an unusual value.
*
* Note that this does not include direct copying of values; that is covered by
* DataFlowModel.qll. If a value is sometimes copied in full, and sometimes
* altered (for example copying a string with `strncpy`), this is also considered
@@ -22,4 +25,4 @@ import semmle.code.cpp.models.Models
*/
abstract class TaintFunction extends Function {
abstract predicate hasTaintFlow(FunctionInput input, FunctionOutput output);
}
}