hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Generalize new case in adjustedSink to all AssignOperations

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2020-02-11 17:15:42 +01:00
parent bcd84efe8d
commit 1dd5926f41
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
View File

@@ -339,8 +339,8 @@ private Element adjustedSink(DataFlow::Node sink) {
// Taint `e--` and `e++` when `e` is tainted.
result.(PostfixCrementOperation).getAnOperand() = sink.asExpr()
or
// Taint `e1 += e2` when `e1` or `e2` is tainted.
result.(AssignArithmeticOperation).getAnOperand() = sink.asExpr()
// Taint `e1 += e2`, `e &= e2` and friends when `e1` or `e2` is tainted.
result.(AssignOperation).getAnOperand() = sink.asExpr()
}
predicate tainted(Expr source, Element tainted) {