mirror of
https://github.com/github/codeql.git
synced 2026-05-01 19:55:15 +02:00
Refactor DataFlow configurations to use "Config" naming convention
This commit is contained in:
Ed Minnix
@@ -132,7 +132,7 @@ predicate isSinkImpl(DataFlow::Node sink, Expr formatString) {
|
||||
exists(FormattingFunctionCall fc | formatString = fc.getArgument(fc.getFormatParameterIndex()))
|
||||
}
|
||||
|
||||
module NonConstFlowConfiguration implements DataFlow::ConfigSig {
|
||||
module NonConstFlowConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) {
|
||||
exists(boolean isIndirect, Type t |
|
||||
isNonConst(source, isIndirect) and
|
||||
@@ -146,7 +146,7 @@ module NonConstFlowConfiguration implements DataFlow::ConfigSig {
|
||||
predicate isBarrier(DataFlow::Node node) { isBarrierNode(node) }
|
||||
}
|
||||
|
||||
module NonConstFlow = TaintTracking::Make<NonConstFlowConfiguration>;
|
||||
module NonConstFlow = TaintTracking::Make<NonConstFlowConfig>;
|
||||
|
||||
from FormattingFunctionCall call, Expr formatString
|
||||
where
|
||||
|
||||
@@ -223,7 +223,7 @@ deprecated class LeapYearCheckConfiguration extends DataFlow::Configuration {
|
||||
* Data flow configuration for finding a variable access that would flow into
|
||||
* a function call that includes an operation to check for leap year.
|
||||
*/
|
||||
private module LeapYearCheckConfiguration implements DataFlow::ConfigSig {
|
||||
private module LeapYearCheckConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source.asExpr() instanceof VariableAccess }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) {
|
||||
@@ -231,7 +231,7 @@ private module LeapYearCheckConfiguration implements DataFlow::ConfigSig {
|
||||
}
|
||||
}
|
||||
|
||||
module LeapYearCheckFlow = DataFlow::Make<LeapYearCheckConfiguration>;
|
||||
module LeapYearCheckFlow = DataFlow::Make<LeapYearCheckConfig>;
|
||||
|
||||
/**
|
||||
* Data flow configuration for finding an operation with hardcoded 365 that will flow into
|
||||
@@ -264,7 +264,7 @@ deprecated class FiletimeYearArithmeticOperationCheckConfiguration extends DataF
|
||||
* Data flow configuration for finding an operation with hardcoded 365 that will flow into
|
||||
* a `FILEINFO` field.
|
||||
*/
|
||||
private module FiletimeYearArithmeticOperationCheckConfiguration implements DataFlow::ConfigSig {
|
||||
private module FiletimeYearArithmeticOperationCheckConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) {
|
||||
exists(Expr e, Operation op | e = source.asExpr() |
|
||||
op.getAChild*().getValue().toInt() = 365 and
|
||||
@@ -284,7 +284,7 @@ private module FiletimeYearArithmeticOperationCheckConfiguration implements Data
|
||||
}
|
||||
|
||||
module FiletimeYearArithmeticOperationCheckFlow =
|
||||
DataFlow::Make<FiletimeYearArithmeticOperationCheckConfiguration>;
|
||||
DataFlow::Make<FiletimeYearArithmeticOperationCheckConfig>;
|
||||
|
||||
/**
|
||||
* Taint configuration for finding an operation with hardcoded 365 that will flow into any known date/time field.
|
||||
@@ -334,7 +334,7 @@ deprecated class PossibleYearArithmeticOperationCheckConfiguration extends Taint
|
||||
/**
|
||||
* Taint configuration for finding an operation with hardcoded 365 that will flow into any known date/time field.
|
||||
*/
|
||||
private module PossibleYearArithmeticOperationCheckConfiguration implements DataFlow::ConfigSig {
|
||||
private module PossibleYearArithmeticOperationCheckConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) {
|
||||
exists(Operation op | op = source.asConvertedExpr() |
|
||||
op.getAChild*().getValue().toInt() = 365 and
|
||||
@@ -372,4 +372,4 @@ private module PossibleYearArithmeticOperationCheckConfiguration implements Data
|
||||
}
|
||||
|
||||
module PossibleYearArithmeticOperationCheckFlow =
|
||||
TaintTracking::Make<PossibleYearArithmeticOperationCheckConfiguration>;
|
||||
TaintTracking::Make<PossibleYearArithmeticOperationCheckConfig>;
|
||||
|
||||
@@ -147,7 +147,7 @@ deprecated class NetworkToBufferSizeConfiguration extends DataFlow::Configuratio
|
||||
}
|
||||
}
|
||||
|
||||
private module NetworkToBufferSizeConfiguration implements DataFlow::ConfigSig {
|
||||
private module NetworkToBufferSizeConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node node) { node.asExpr() instanceof NetworkFunctionCall }
|
||||
|
||||
predicate isSink(DataFlow::Node node) { node.asExpr() = any(BufferAccess ba).getAccessedLength() }
|
||||
@@ -161,4 +161,4 @@ private module NetworkToBufferSizeConfiguration implements DataFlow::ConfigSig {
|
||||
}
|
||||
}
|
||||
|
||||
module NetworkToBufferSizeFlow = DataFlow::Make<NetworkToBufferSizeConfiguration>;
|
||||
module NetworkToBufferSizeFlow = DataFlow::Make<NetworkToBufferSizeConfig>;
|
||||
|
||||
@@ -70,7 +70,7 @@ predicate hasUpperBoundsCheck(Variable var) {
|
||||
)
|
||||
}
|
||||
|
||||
module TaintedPathConfiguration implements DataFlow::ConfigSig {
|
||||
module TaintedPathConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node node) { node instanceof FlowSource }
|
||||
|
||||
predicate isSink(DataFlow::Node node) {
|
||||
@@ -90,7 +90,7 @@ module TaintedPathConfiguration implements DataFlow::ConfigSig {
|
||||
}
|
||||
}
|
||||
|
||||
module TaintedPath = TaintTracking::Make<TaintedPathConfiguration>;
|
||||
module TaintedPath = TaintTracking::Make<TaintedPathConfig>;
|
||||
|
||||
from
|
||||
FileFunction fileFunction, Expr taintedArg, FlowSource taintSource,
|
||||
|
||||
@@ -97,7 +97,7 @@ predicate isBarrierImpl(DataFlow::Node node) {
|
||||
* given sink. This avoids a cartesian product between all sinks and all `ExecState`s in
|
||||
* `ExecTaintConfiguration::isSink`.
|
||||
*/
|
||||
module ExecStateConfiguration implements DataFlow::ConfigSig {
|
||||
module ExecStateConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { any(ExecState state).getOutgoingNode() = source }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { isSinkImpl(sink, _, _) }
|
||||
@@ -109,9 +109,9 @@ module ExecStateConfiguration implements DataFlow::ConfigSig {
|
||||
}
|
||||
}
|
||||
|
||||
module ExecState = TaintTracking::Make<ExecStateConfiguration>;
|
||||
module ExecState = TaintTracking::Make<ExecStateConfig>;
|
||||
|
||||
module ExecTaintConfiguration implements DataFlow::StateConfigSig {
|
||||
module ExecTaintConfig implements DataFlow::StateConfigSig {
|
||||
class FlowState = TState;
|
||||
|
||||
predicate isSource(DataFlow::Node source, FlowState state) {
|
||||
@@ -120,7 +120,7 @@ module ExecTaintConfiguration implements DataFlow::StateConfigSig {
|
||||
}
|
||||
|
||||
predicate isSink(DataFlow::Node sink, FlowState state) {
|
||||
ExecStateConfiguration::isSink(sink) and
|
||||
ExecStateConfig::isSink(sink) and
|
||||
state.(ExecState).isFeasibleForSink(sink)
|
||||
}
|
||||
|
||||
@@ -141,7 +141,7 @@ module ExecTaintConfiguration implements DataFlow::StateConfigSig {
|
||||
}
|
||||
}
|
||||
|
||||
module ExecTaint = TaintTracking::MakeWithState<ExecTaintConfiguration>;
|
||||
module ExecTaint = TaintTracking::MakeWithState<ExecTaintConfig>;
|
||||
|
||||
from
|
||||
ExecTaint::PathNode sourceNode, ExecTaint::PathNode sinkNode, string taintCause, string callChain,
|
||||
|
||||
@@ -90,7 +90,7 @@ predicate missingGuard(VariableAccess va, string effect) {
|
||||
)
|
||||
}
|
||||
|
||||
module UncontrolledArithConfiguration implements DataFlow::ConfigSig {
|
||||
module UncontrolledArithConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) {
|
||||
exists(RandomFunction rand, Call call | call.getTarget() = rand |
|
||||
rand.getFunctionOutput().isReturnValue() and
|
||||
@@ -122,7 +122,7 @@ module UncontrolledArithConfiguration implements DataFlow::ConfigSig {
|
||||
}
|
||||
}
|
||||
|
||||
module UncontrolledArith = TaintTracking::Make<UncontrolledArithConfiguration>;
|
||||
module UncontrolledArith = TaintTracking::Make<UncontrolledArithConfig>;
|
||||
|
||||
/** Gets the expression that corresponds to `node`, if any. */
|
||||
Expr getExpr(DataFlow::Node node) { result = [node.asExpr(), node.asDefiningArgument()] }
|
||||
|
||||
@@ -54,7 +54,7 @@ predicate nodeIsBarrierEqualityCandidate(DataFlow::Node node, Operand access, Va
|
||||
|
||||
predicate isFlowSource(FlowSource source, string sourceType) { sourceType = source.getSourceType() }
|
||||
|
||||
module TaintedAllocationSizeConfiguration implements DataFlow::ConfigSig {
|
||||
module TaintedAllocationSizeConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { isFlowSource(source, _) }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { allocSink(_, sink) }
|
||||
@@ -95,7 +95,7 @@ module TaintedAllocationSizeConfiguration implements DataFlow::ConfigSig {
|
||||
}
|
||||
}
|
||||
|
||||
module TaintedAllocationSize = TaintTracking::Make<TaintedAllocationSizeConfiguration>;
|
||||
module TaintedAllocationSize = TaintTracking::Make<TaintedAllocationSizeConfig>;
|
||||
|
||||
from
|
||||
Expr alloc, TaintedAllocationSize::PathNode source, TaintedAllocationSize::PathNode sink,
|
||||
|
||||
@@ -39,7 +39,7 @@ class SensitiveBufferWrite extends Expr instanceof BufferWrite::BufferWrite {
|
||||
* A taint flow configuration for flow from user input to a buffer write
|
||||
* into a sensitive expression.
|
||||
*/
|
||||
module ToBufferConfiguration implements DataFlow::ConfigSig {
|
||||
module ToBufferConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof FlowSource }
|
||||
|
||||
predicate isBarrier(DataFlow::Node node) {
|
||||
@@ -49,7 +49,7 @@ module ToBufferConfiguration implements DataFlow::ConfigSig {
|
||||
predicate isSink(DataFlow::Node sink) { isSinkImpl(sink, _) }
|
||||
}
|
||||
|
||||
module ToBufferFlow = TaintTracking::Make<ToBufferConfiguration>;
|
||||
module ToBufferFlow = TaintTracking::Make<ToBufferConfig>;
|
||||
|
||||
predicate isSinkImpl(DataFlow::Node sink, SensitiveBufferWrite w) {
|
||||
w.getASource() = sink.asIndirectExpr()
|
||||
|
||||
@@ -23,7 +23,7 @@ import FromSensitiveFlow::PathGraph
|
||||
/**
|
||||
* A taint flow configuration for flow from a sensitive expression to a `FileWrite` sink.
|
||||
*/
|
||||
module FromSensitiveConfiguration implements DataFlow::ConfigSig {
|
||||
module FromSensitiveConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { isSourceImpl(source, _) }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { isSinkImpl(sink, _, _) }
|
||||
@@ -33,7 +33,7 @@ module FromSensitiveConfiguration implements DataFlow::ConfigSig {
|
||||
}
|
||||
}
|
||||
|
||||
module FromSensitiveFlow = TaintTracking::Make<FromSensitiveConfiguration>;
|
||||
module FromSensitiveFlow = TaintTracking::Make<FromSensitiveConfig>;
|
||||
|
||||
predicate isSinkImpl(DataFlow::Node sink, FileWrite w, Expr dest) {
|
||||
exists(Expr e |
|
||||
|
||||
@@ -234,7 +234,7 @@ predicate isSourceImpl(DataFlow::Node source) {
|
||||
* A taint flow configuration for flow from a sensitive expression to a network
|
||||
* operation.
|
||||
*/
|
||||
module FromSensitiveConfiguration implements DataFlow::ConfigSig {
|
||||
module FromSensitiveConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { isSourceImpl(source) }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { isSinkSendRecv(sink, _) }
|
||||
@@ -250,12 +250,12 @@ module FromSensitiveConfiguration implements DataFlow::ConfigSig {
|
||||
}
|
||||
}
|
||||
|
||||
module FromSensitiveFlow = TaintTracking::Make<FromSensitiveConfiguration>;
|
||||
module FromSensitiveFlow = TaintTracking::Make<FromSensitiveConfig>;
|
||||
|
||||
/**
|
||||
* A taint flow configuration for flow from a sensitive expression to an encryption operation.
|
||||
*/
|
||||
module ToEncryptionConfiguration implements DataFlow::ConfigSig {
|
||||
module ToEncryptionConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { FromSensitiveFlow::hasFlow(source, _) }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { isSinkEncrypt(sink, _) }
|
||||
@@ -271,12 +271,12 @@ module ToEncryptionConfiguration implements DataFlow::ConfigSig {
|
||||
}
|
||||
}
|
||||
|
||||
module ToEncryptionFlow = TaintTracking::Make<ToEncryptionConfiguration>;
|
||||
module ToEncryptionFlow = TaintTracking::Make<ToEncryptionConfig>;
|
||||
|
||||
/**
|
||||
* A taint flow configuration for flow from an encryption operation to a network operation.
|
||||
*/
|
||||
module FromEncryptionConfiguration implements DataFlow::ConfigSig {
|
||||
module FromEncryptionConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { isSinkEncrypt(source, _) }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { FromSensitiveFlow::hasFlowTo(sink) }
|
||||
@@ -286,7 +286,7 @@ module FromEncryptionConfiguration implements DataFlow::ConfigSig {
|
||||
}
|
||||
}
|
||||
|
||||
module FromEncryptionFlow = TaintTracking::Make<FromEncryptionConfiguration>;
|
||||
module FromEncryptionFlow = TaintTracking::Make<FromEncryptionConfig>;
|
||||
|
||||
from
|
||||
FromSensitiveFlow::PathNode source, FromSensitiveFlow::PathNode sink,
|
||||
|
||||
@@ -100,7 +100,7 @@ predicate isSinkImpl(DataFlow::Node sink, SqliteFunctionCall c, Type t) {
|
||||
/**
|
||||
* A taint flow configuration for flow from a sensitive expression to a `SqliteFunctionCall` sink.
|
||||
*/
|
||||
module FromSensitiveConfiguration implements DataFlow::ConfigSig {
|
||||
module FromSensitiveConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) {
|
||||
isSourceImpl(source, _) and not sqlite_encryption_used()
|
||||
}
|
||||
@@ -125,7 +125,7 @@ module FromSensitiveConfiguration implements DataFlow::ConfigSig {
|
||||
}
|
||||
}
|
||||
|
||||
module FromSensitiveFlow = TaintTracking::Make<FromSensitiveConfiguration>;
|
||||
module FromSensitiveFlow = TaintTracking::Make<FromSensitiveConfig>;
|
||||
|
||||
from
|
||||
SensitiveExpr sensitive, FromSensitiveFlow::PathNode source, FromSensitiveFlow::PathNode sink,
|
||||
|
||||
@@ -28,7 +28,7 @@ int getMinimumKeyStrength(string func, int paramIndex) {
|
||||
result = 2048
|
||||
}
|
||||
|
||||
module KeyStrengthFlowConfiguration implements DataFlow::ConfigSig {
|
||||
module KeyStrengthFlowConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node node) {
|
||||
exists(int bits |
|
||||
node.asInstruction().(IntegerConstantInstruction).getValue().toInt() = bits and
|
||||
@@ -46,7 +46,7 @@ module KeyStrengthFlowConfiguration implements DataFlow::ConfigSig {
|
||||
}
|
||||
}
|
||||
|
||||
module KeyStrengthFlow = DataFlow::Make<KeyStrengthFlowConfiguration>;
|
||||
module KeyStrengthFlow = DataFlow::Make<KeyStrengthFlowConfig>;
|
||||
|
||||
from
|
||||
KeyStrengthFlow::PathNode source, KeyStrengthFlow::PathNode sink, FunctionCall fc, int param,
|
||||
|
||||
@@ -54,7 +54,7 @@ class CreateProcessFunctionCall extends FunctionCall {
|
||||
/**
|
||||
* Dataflow that detects a call to CreateProcess with a NULL value for lpApplicationName argument
|
||||
*/
|
||||
module NullAppNameCreateProcessFunctionConfiguration implements DataFlow::ConfigSig {
|
||||
module NullAppNameCreateProcessFunctionConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source.asExpr() instanceof NullValue }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) {
|
||||
@@ -64,13 +64,12 @@ module NullAppNameCreateProcessFunctionConfiguration implements DataFlow::Config
|
||||
}
|
||||
}
|
||||
|
||||
module NullAppNameCreateProcessFunction =
|
||||
DataFlow::Make<NullAppNameCreateProcessFunctionConfiguration>;
|
||||
module NullAppNameCreateProcessFunction = DataFlow::Make<NullAppNameCreateProcessFunctionConfig>;
|
||||
|
||||
/**
|
||||
* Dataflow that detects a call to CreateProcess with an unquoted commandLine argument
|
||||
*/
|
||||
module QuotedCommandInCreateProcessFunctionConfiguration implements DataFlow::ConfigSig {
|
||||
module QuotedCommandInCreateProcessFunctionConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) {
|
||||
exists(string s |
|
||||
s = source.asExpr().getValue().toString() and
|
||||
@@ -86,7 +85,7 @@ module QuotedCommandInCreateProcessFunctionConfiguration implements DataFlow::Co
|
||||
}
|
||||
|
||||
module QuotedCommandInCreateProcessFunction =
|
||||
DataFlow::Make<QuotedCommandInCreateProcessFunctionConfiguration>;
|
||||
DataFlow::Make<QuotedCommandInCreateProcessFunctionConfig>;
|
||||
|
||||
bindingset[s]
|
||||
predicate isQuotedOrNoSpaceApplicationNameOnCmd(string s) {
|
||||
|
||||
@@ -18,7 +18,7 @@ import semmle.code.cpp.models.interfaces.FlowSource
|
||||
import ExposedSystemData::PathGraph
|
||||
import SystemData
|
||||
|
||||
module ExposedSystemDataConfiguration implements DataFlow::ConfigSig {
|
||||
module ExposedSystemDataConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source = any(SystemData sd).getAnExpr() }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) {
|
||||
@@ -30,7 +30,7 @@ module ExposedSystemDataConfiguration implements DataFlow::ConfigSig {
|
||||
}
|
||||
}
|
||||
|
||||
module ExposedSystemData = TaintTracking::Make<ExposedSystemDataConfiguration>;
|
||||
module ExposedSystemData = TaintTracking::Make<ExposedSystemDataConfig>;
|
||||
|
||||
from ExposedSystemData::PathNode source, ExposedSystemData::PathNode sink
|
||||
where
|
||||
|
||||
@@ -31,7 +31,7 @@ import semmle.code.cpp.security.OutputWrite
|
||||
import PotentiallyExposedSystemData::PathGraph
|
||||
import SystemData
|
||||
|
||||
module PotentiallyExposedSystemDataConfiguration implements DataFlow::ConfigSig {
|
||||
module PotentiallyExposedSystemDataConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) {
|
||||
source = any(SystemData sd | sd.isSensitive()).getAnExpr()
|
||||
}
|
||||
@@ -51,8 +51,7 @@ module PotentiallyExposedSystemDataConfiguration implements DataFlow::ConfigSig
|
||||
}
|
||||
}
|
||||
|
||||
module PotentiallyExposedSystemData =
|
||||
TaintTracking::Make<PotentiallyExposedSystemDataConfiguration>;
|
||||
module PotentiallyExposedSystemData = TaintTracking::Make<PotentiallyExposedSystemDataConfig>;
|
||||
|
||||
from PotentiallyExposedSystemData::PathNode source, PotentiallyExposedSystemData::PathNode sink
|
||||
where PotentiallyExposedSystemData::hasFlowPath(source, sink)
|
||||
|
||||
@@ -19,7 +19,7 @@ import XxeFlow::PathGraph
|
||||
/**
|
||||
* A configuration for tracking XML objects and their states.
|
||||
*/
|
||||
module XxeConfiguration implements DataFlow::StateConfigSig {
|
||||
module XxeConfig implements DataFlow::StateConfigSig {
|
||||
class FlowState = TXxeFlowState;
|
||||
|
||||
predicate isSource(DataFlow::Node node, FlowState flowstate) {
|
||||
@@ -45,7 +45,7 @@ module XxeConfiguration implements DataFlow::StateConfigSig {
|
||||
}
|
||||
}
|
||||
|
||||
module XxeFlow = DataFlow::MakeWithState<XxeConfiguration>;
|
||||
module XxeFlow = DataFlow::MakeWithState<XxeConfig>;
|
||||
|
||||
from XxeFlow::PathNode source, XxeFlow::PathNode sink
|
||||
where XxeFlow::hasFlowPath(source, sink)
|
||||
|
||||
@@ -35,7 +35,7 @@ private predicate isCommandSubstitutionDisabled(FunctionCall fc) {
|
||||
/**
|
||||
* A configuration to track user-supplied data to the `wordexp` function.
|
||||
*/
|
||||
module WordexpTaintConfiguration implements DataFlow::ConfigSig {
|
||||
module WordexpTaintConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof FlowSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) {
|
||||
@@ -50,7 +50,7 @@ module WordexpTaintConfiguration implements DataFlow::ConfigSig {
|
||||
}
|
||||
}
|
||||
|
||||
module WordexpTaint = TaintTracking::Make<WordexpTaintConfiguration>;
|
||||
module WordexpTaint = TaintTracking::Make<WordexpTaintConfig>;
|
||||
|
||||
from WordexpTaint::PathNode sourceNode, WordexpTaint::PathNode sinkNode
|
||||
where WordexpTaint::hasFlowPath(sourceNode, sinkNode)
|
||||
|
||||
Reference in New Issue
Block a user