hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

C++: Don't track indirection expressions in 'cpp/cleartext-transmission'. Instead, just track the direct expression.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2022-12-16 13:26:53 +00:00
parent 31b4dda7bd
commit 4ace171447
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
View File

@@ -224,7 +224,7 @@ predicate isSinkEncrypt(DataFlow::Node sink, Encrypted enc) {
*/
predicate isSourceImpl(DataFlow::Node source) {
exists(Expr e |
e = source.asIndirectConvertedExpr() and
e = source.asConvertedExpr() and
e.getUnconverted().(VariableAccess).getTarget() instanceof SourceVariable and
not e.hasConversion()
)