From 26e8701ae3fc5b7b41d9adce1e5221b7b9b4e2cd Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 27 Feb 2026 12:08:58 +0000 Subject: [PATCH] C++: Fix a few qualifiers. --- .../code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll | 2 +- cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql | 6 +++--- cpp/ql/src/utils/modelgenerator/internal/CaptureModels.qll | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll index d1e1c6a4165..7cb67caa77c 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll @@ -208,7 +208,7 @@ predicate modeledTaintStep(DataFlow::Node nodeIn, DataFlow::Node nodeOut, string // Taint flow from a pointer argument to an output, when the model specifies flow from the deref // to that output, but the deref is not modeled in the IR for the caller. exists( - CallInstruction call, DataFlow::SideEffectOperandNode indirectArgument, Function func, + CallInstruction call, SideEffectOperandNode indirectArgument, Function func, FunctionInput modelIn, FunctionOutput modelOut | indirectArgument = callInput(call, modelIn) and diff --git a/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql b/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql index 905512ab8ea..c85b33a9727 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql @@ -46,9 +46,9 @@ private Expr getExpr(DataFlow::Node node) { or result = node.asOperand().getUse().getAst() or - result = node.(DataFlow::RawIndirectInstruction).getInstruction().getAst() + result = node.(RawIndirectInstruction).getInstruction().getAst() or - result = node.(DataFlow::RawIndirectOperand).getOperand().getUse().getAst() + result = node.(RawIndirectOperand).getOperand().getUse().getAst() } /** @@ -209,7 +209,7 @@ class LoopWithAlloca extends Stmt { this.conditionRequiresInequality(va, _, _) and DataFlow::localFlow(result, DataFlow::exprNode(va)) and // Phi nodes will be preceded by nodes that represent actual definitions - not result instanceof DataFlow::SsaSynthNode and + not result instanceof SsaSynthNode and // A source is outside the loop if it's not inside the loop not exists(Expr e | e = getExpr(result) | this = getAnEnclosingLoopOfExpr(e)) ) diff --git a/cpp/ql/src/utils/modelgenerator/internal/CaptureModels.qll b/cpp/ql/src/utils/modelgenerator/internal/CaptureModels.qll index 59d69c515a1..90160df3c21 100644 --- a/cpp/ql/src/utils/modelgenerator/internal/CaptureModels.qll +++ b/cpp/ql/src/utils/modelgenerator/internal/CaptureModels.qll @@ -404,7 +404,7 @@ private module SinkModelGeneratorInput implements SinkModelGeneratorInputSig { } predicate apiSource(DataFlow::Node source) { - DataFlowPrivate::nodeHasOperand(source, any(DataFlow::FieldAddress fa), 1) + DataFlowPrivate::nodeHasOperand(source, any(DataFlowNodes::FieldAddress fa), 1) or source instanceof DataFlow::ParameterNode } @@ -417,7 +417,7 @@ private module SinkModelGeneratorInput implements SinkModelGeneratorInputSig { result = "Argument[" + DataFlow::repeatStars(indirectionIndex) + argumentIndex + "]" ) or - DataFlowPrivate::nodeHasOperand(source, any(DataFlow::FieldAddress fa), 1) and + DataFlowPrivate::nodeHasOperand(source, any(DataFlowNodes::FieldAddress fa), 1) and result = qualifierString() }