hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Address review comments

Browse Source
This commit is contained in:
Jeroen Ketema
2023-11-15 13:34:22 +01:00
parent 92c18960c5
commit 46e6e72593
3 changed files with 22 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql
View File

@@ -27,10 +27,13 @@ predicate isProcessOperationExplanation(DataFlow::Node arg, string processOperat
)
}
predicate isSource(FlowSource source, string sourceType) {
not source instanceof DataFlow::ExprNode and
sourceType = source.getSourceType()
}
module Config implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) {
node instanceof FlowSource and not node instanceof DataFlow::ExprNode
}
predicate isSource(DataFlow::Node node) { isSource(node, _) }
predicate isSink(DataFlow::Node node) { isProcessOperationExplanation(node, _) }
@@ -44,13 +47,14 @@ module Config implements DataFlow::ConfigSig {
module Flow = TaintTracking::Global<Config>;
from
string processOperation, DataFlow::Node source, DataFlow::Node sink, Flow::PathNode sourceNode,
Flow::PathNode sinkNode
string processOperation, string sourceType, DataFlow::Node source, DataFlow::Node sink,
Flow::PathNode sourceNode, Flow::PathNode sinkNode
where
source = sourceNode.getNode() and
sink = sinkNode.getNode() and
isSource(source, sourceType) and
isProcessOperationExplanation(sink, processOperation) and
Flow::flowPath(sourceNode, sinkNode)
select sink, sourceNode, sinkNode,
"The value of this argument may come from $@ and is being passed to " + processOperation + ".",
source, source.toString()
source, sourceType