hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Fix up isParameterDeref.

Browse Source
This commit is contained in:
Geoffrey White
2022-01-24 11:01:14 +00:00
parent 4326e6f706
commit 588447d596
2 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cpp/ql/lib/semmle/code/cpp/models/implementations/Gets.qll
View File

@@ -59,7 +59,7 @@ private class FgetsFunction extends DataFlowFunction, TaintFunction, ArrayFuncti
override predicate hasArrayOutput(int bufParam) { bufParam = 0 }
override predicate hasSocketInput(FunctionInput input) { input.isParameter(2) }
override predicate hasSocketInput(FunctionInput input) { input.isParameterDeref(2) }
}

10
cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
View File

@@ -58,7 +58,10 @@ class Send extends SendRecv instanceof RemoteFlowSinkFunction {
call.getTarget() = this and
exists(FunctionInput input, int arg |
super.hasSocketInput(input) and
input.isParameter(arg) and
(
input.isParameter(arg) or
input.isParameterDeref(arg)
) and
result = call.getArgument(arg)
)
}
@@ -81,7 +84,10 @@ class Recv extends SendRecv instanceof RemoteFlowSourceFunction {
call.getTarget() = this and
exists(FunctionInput input, int arg |
super.hasSocketInput(input) and
input.isParameter(arg) and
(
input.isParameter(arg) or
input.isParameterDeref(arg)
) and
result = call.getArgument(arg)
)
}