hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rust: switch the query to taint flow so that we get taint through conversions (without needing a special case).

Browse Source
This commit is contained in:
Geoffrey White
2025-04-01 17:40:34 +01:00
parent 4a76b5b3db
commit 1d7dac485e
4 changed files with 22 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql
View File

@@ -14,6 +14,7 @@
import rust
import codeql.rust.dataflow.DataFlow
import codeql.rust.dataflow.TaintTracking
import codeql.rust.security.AccessInvalidPointerExtensions
import AccessInvalidPointerFlow::PathGraph
@@ -33,7 +34,7 @@ module AccessInvalidPointerConfig implements DataFlow::ConfigSig {
}
}
module AccessInvalidPointerFlow = DataFlow::Global<AccessInvalidPointerConfig>;
module AccessInvalidPointerFlow = TaintTracking::Global<AccessInvalidPointerConfig>;
from AccessInvalidPointerFlow::PathNode sourceNode, AccessInvalidPointerFlow::PathNode sinkNode
where AccessInvalidPointerFlow::flowPath(sourceNode, sinkNode)