hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Make wordexp take an indirect argument.

Browse Source
This commit is contained in:
Alex Eyers-Taylor
2023-08-21 18:38:48 +01:00
parent a2f2b6c33f
commit 45ddb4832c
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql
View File

@@ -40,7 +40,7 @@ module WordexpTaintConfig implements DataFlow::ConfigSig {
predicate isSink(DataFlow::Node sink) {
exists(FunctionCall fc | fc.getTarget() instanceof WordexpFunction |
fc.getArgument(0) = sink.asExpr() and
fc.getArgument(0) = sink.asIndirectArgument(1) and
not isCommandSubstitutionDisabled(fc)
)
}