mirror of
https://github.com/github/codeql.git
synced 2026-05-05 05:35:13 +02:00
C++: Accept command injection test changes
Making the DefaultTaintTracking configurations inactive removed many unneeded nodes and edges from the PathGraph predicates.
This commit is contained in:
Robert Marsh
@@ -1,38 +1,16 @@
|
||||
edges
|
||||
| tests.cpp:33:34:33:39 | call to getenv | tests.cpp:33:34:33:39 | Store |
|
||||
| tests.cpp:33:34:33:39 | call to getenv | tests.cpp:35:17:35:27 | environment |
|
||||
| tests.cpp:33:34:33:39 | call to getenv | tests.cpp:38:39:38:49 | (const char *)... |
|
||||
| tests.cpp:33:34:33:39 | call to getenv | tests.cpp:38:39:38:49 | environment |
|
||||
| tests.cpp:33:34:33:39 | call to getenv | tests.cpp:38:39:38:49 | environment indirection |
|
||||
| tests.cpp:33:34:33:39 | call to getenv | tests.cpp:38:39:38:49 | environment indirection |
|
||||
| tests.cpp:33:34:33:39 | call to getenv | tests.cpp:42:5:42:16 | Phi |
|
||||
| tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:42:5:42:16 | Phi |
|
||||
| tests.cpp:38:39:38:49 | environment indirection | tests.cpp:38:25:38:36 | strncat output argument |
|
||||
| tests.cpp:38:39:38:49 | environment indirection | tests.cpp:38:25:38:36 | strncat output argument |
|
||||
| tests.cpp:38:39:38:49 | environment indirection | tests.cpp:38:25:38:36 | strncat output argument |
|
||||
| tests.cpp:38:39:38:49 | environment indirection | tests.cpp:38:25:38:36 | strncat output argument |
|
||||
| tests.cpp:42:5:42:16 | Phi | tests.cpp:51:22:51:25 | badSource output argument |
|
||||
| tests.cpp:42:5:42:16 | Phi | tests.cpp:51:22:51:25 | badSource output argument |
|
||||
| tests.cpp:51:22:51:25 | badSource output argument | tests.cpp:53:16:53:19 | (const char *)... |
|
||||
| tests.cpp:51:22:51:25 | badSource output argument | tests.cpp:53:16:53:19 | data indirection |
|
||||
| tests.cpp:51:22:51:25 | badSource output argument | tests.cpp:53:16:53:19 | data indirection |
|
||||
nodes
|
||||
| tests.cpp:33:34:33:39 | Store | semmle.label | Store |
|
||||
| tests.cpp:33:34:33:39 | call to getenv | semmle.label | call to getenv |
|
||||
| tests.cpp:33:34:33:39 | call to getenv | semmle.label | call to getenv |
|
||||
| tests.cpp:33:34:33:39 | call to getenv | semmle.label | call to getenv |
|
||||
| tests.cpp:35:17:35:27 | environment | semmle.label | environment |
|
||||
| tests.cpp:38:25:38:36 | strncat output argument | semmle.label | strncat output argument |
|
||||
| tests.cpp:38:39:38:49 | (const char *)... | semmle.label | (const char *)... |
|
||||
| tests.cpp:38:39:38:49 | environment | semmle.label | environment |
|
||||
| tests.cpp:38:39:38:49 | environment indirection | semmle.label | environment indirection |
|
||||
| tests.cpp:38:39:38:49 | environment indirection | semmle.label | environment indirection |
|
||||
| tests.cpp:42:5:42:16 | Phi | semmle.label | Phi |
|
||||
| tests.cpp:42:5:42:16 | Phi | semmle.label | Phi |
|
||||
| tests.cpp:51:22:51:25 | badSource output argument | semmle.label | badSource output argument |
|
||||
| tests.cpp:51:22:51:25 | badSource output argument | semmle.label | badSource output argument |
|
||||
| tests.cpp:53:16:53:19 | (const char *)... | semmle.label | (const char *)... |
|
||||
| tests.cpp:53:16:53:19 | data indirection | semmle.label | data indirection |
|
||||
| tests.cpp:53:16:53:19 | data indirection | semmle.label | data indirection |
|
||||
subpaths
|
||||
#select
|
||||
|
||||
@@ -1,338 +1,62 @@
|
||||
edges
|
||||
| test.cpp:16:20:16:23 | argv | test.cpp:16:20:16:26 | Store |
|
||||
| test.cpp:16:20:16:23 | argv | test.cpp:16:20:16:26 | access to array |
|
||||
| test.cpp:16:20:16:23 | argv | test.cpp:22:45:22:52 | userName |
|
||||
| test.cpp:16:20:16:23 | argv | test.cpp:22:45:22:52 | userName indirection |
|
||||
| test.cpp:16:20:16:23 | argv | test.cpp:22:45:22:52 | userName indirection |
|
||||
| test.cpp:16:20:16:23 | argv | test.cpp:23:12:23:19 | (const char *)... |
|
||||
| test.cpp:16:20:16:23 | argv | test.cpp:23:12:23:19 | command1 indirection |
|
||||
| test.cpp:16:20:16:23 | argv | test.cpp:29:45:29:52 | (const char *)... |
|
||||
| test.cpp:16:20:16:23 | argv | test.cpp:29:45:29:52 | userName |
|
||||
| test.cpp:16:20:16:23 | argv | test.cpp:29:45:29:52 | userName indirection |
|
||||
| test.cpp:22:13:22:20 | sprintf output argument | test.cpp:23:12:23:19 | command1 indirection |
|
||||
| test.cpp:22:45:22:52 | userName indirection | test.cpp:22:13:22:20 | sprintf output argument |
|
||||
| test.cpp:22:45:22:52 | userName indirection | test.cpp:22:13:22:20 | sprintf output argument |
|
||||
| test.cpp:22:45:22:52 | userName indirection | test.cpp:22:13:22:20 | sprintf output argument |
|
||||
| test.cpp:22:45:22:52 | userName indirection | test.cpp:22:13:22:20 | sprintf output argument |
|
||||
| test.cpp:38:17:38:22 | call to getenv | test.cpp:38:17:38:22 | Store |
|
||||
| test.cpp:38:17:38:22 | call to getenv | test.cpp:41:20:41:24 | (const char *)... |
|
||||
| test.cpp:38:17:38:22 | call to getenv | test.cpp:41:20:41:24 | envCC |
|
||||
| test.cpp:38:17:38:22 | call to getenv | test.cpp:41:20:41:24 | envCC indirection |
|
||||
| test.cpp:47:21:47:26 | call to getenv | test.cpp:47:21:47:26 | Store |
|
||||
| test.cpp:47:21:47:26 | call to getenv | test.cpp:50:35:50:43 | envCflags |
|
||||
| test.cpp:47:21:47:26 | call to getenv | test.cpp:50:35:50:43 | envCflags indirection |
|
||||
| test.cpp:47:21:47:26 | call to getenv | test.cpp:50:35:50:43 | envCflags indirection |
|
||||
| test.cpp:47:21:47:26 | call to getenv | test.cpp:51:10:51:16 | (const char *)... |
|
||||
| test.cpp:47:21:47:26 | call to getenv | test.cpp:51:10:51:16 | command indirection |
|
||||
| test.cpp:50:11:50:17 | sprintf output argument | test.cpp:51:10:51:16 | command indirection |
|
||||
| test.cpp:50:35:50:43 | envCflags indirection | test.cpp:50:11:50:17 | sprintf output argument |
|
||||
| test.cpp:50:35:50:43 | envCflags indirection | test.cpp:50:11:50:17 | sprintf output argument |
|
||||
| test.cpp:50:35:50:43 | envCflags indirection | test.cpp:50:11:50:17 | sprintf output argument |
|
||||
| test.cpp:50:35:50:43 | envCflags indirection | test.cpp:50:11:50:17 | sprintf output argument |
|
||||
| test.cpp:62:9:62:16 | (void *)... | test.cpp:62:9:62:16 | filename indirection |
|
||||
| test.cpp:62:9:62:16 | fread output argument | test.cpp:64:20:64:27 | (const char *)... |
|
||||
| test.cpp:62:9:62:16 | fread output argument | test.cpp:64:20:64:27 | filename indirection |
|
||||
| test.cpp:62:9:62:16 | fread output argument | test.cpp:64:20:64:27 | filename indirection |
|
||||
| test.cpp:62:9:62:16 | fread output argument | test.cpp:65:10:65:16 | (const char *)... |
|
||||
| test.cpp:62:9:62:16 | fread output argument | test.cpp:65:10:65:16 | command indirection |
|
||||
| test.cpp:64:11:64:17 | strncat output argument | test.cpp:65:10:65:16 | command indirection |
|
||||
| test.cpp:64:20:64:27 | filename indirection | test.cpp:64:11:64:17 | strncat output argument |
|
||||
| test.cpp:64:20:64:27 | filename indirection | test.cpp:64:11:64:17 | strncat output argument |
|
||||
| test.cpp:64:20:64:27 | filename indirection | test.cpp:64:11:64:17 | strncat output argument |
|
||||
| test.cpp:64:20:64:27 | filename indirection | test.cpp:64:11:64:17 | strncat output argument |
|
||||
| test.cpp:71:9:71:15 | (void *)... | test.cpp:71:9:71:15 | command indirection |
|
||||
| test.cpp:71:9:71:15 | fread output argument | test.cpp:73:11:73:17 | array to pointer conversion |
|
||||
| test.cpp:71:9:71:15 | fread output argument | test.cpp:73:11:73:17 | command indirection |
|
||||
| test.cpp:71:9:71:15 | fread output argument | test.cpp:74:10:74:16 | (const char *)... |
|
||||
| test.cpp:71:9:71:15 | fread output argument | test.cpp:74:10:74:16 | command indirection |
|
||||
| test.cpp:82:9:82:16 | (void *)... | test.cpp:82:9:82:16 | filename indirection |
|
||||
| test.cpp:82:9:82:16 | fread output argument | test.cpp:84:20:84:27 | (const char *)... |
|
||||
| test.cpp:82:9:82:16 | fread output argument | test.cpp:84:20:84:27 | filename indirection |
|
||||
| test.cpp:82:9:82:16 | fread output argument | test.cpp:84:20:84:27 | filename indirection |
|
||||
| test.cpp:82:9:82:16 | fread output argument | test.cpp:85:32:85:38 | array to pointer conversion |
|
||||
| test.cpp:82:9:82:16 | fread output argument | test.cpp:85:32:85:38 | command indirection |
|
||||
| test.cpp:84:11:84:17 | strncat output argument | test.cpp:85:32:85:38 | command indirection |
|
||||
| test.cpp:84:20:84:27 | filename indirection | test.cpp:84:11:84:17 | strncat output argument |
|
||||
| test.cpp:84:20:84:27 | filename indirection | test.cpp:84:11:84:17 | strncat output argument |
|
||||
| test.cpp:84:20:84:27 | filename indirection | test.cpp:84:11:84:17 | strncat output argument |
|
||||
| test.cpp:84:20:84:27 | filename indirection | test.cpp:84:11:84:17 | strncat output argument |
|
||||
| test.cpp:91:9:91:16 | (void *)... | test.cpp:91:9:91:16 | filename indirection |
|
||||
| test.cpp:91:9:91:16 | fread output argument | test.cpp:93:17:93:24 | (const char *)... |
|
||||
| test.cpp:91:9:91:16 | fread output argument | test.cpp:93:17:93:24 | filename indirection |
|
||||
| test.cpp:91:9:91:16 | fread output argument | test.cpp:93:17:93:24 | filename indirection |
|
||||
| test.cpp:91:9:91:16 | fread output argument | test.cpp:94:45:94:48 | array to pointer conversion |
|
||||
| test.cpp:91:9:91:16 | fread output argument | test.cpp:94:45:94:48 | path indirection |
|
||||
| test.cpp:93:11:93:14 | strncat output argument | test.cpp:94:45:94:48 | path indirection |
|
||||
| test.cpp:93:17:93:24 | filename indirection | test.cpp:93:11:93:14 | strncat output argument |
|
||||
| test.cpp:93:17:93:24 | filename indirection | test.cpp:93:11:93:14 | strncat output argument |
|
||||
| test.cpp:93:17:93:24 | filename indirection | test.cpp:93:11:93:14 | strncat output argument |
|
||||
| test.cpp:93:17:93:24 | filename indirection | test.cpp:93:11:93:14 | strncat output argument |
|
||||
| test.cpp:99:21:99:32 | (const char *)... | test.cpp:99:21:99:32 | call to getenv indirection |
|
||||
| test.cpp:99:21:99:32 | (const char *)... | test.cpp:99:21:99:33 | call to basic_string |
|
||||
| test.cpp:99:21:99:32 | (const char *)... | test.cpp:100:25:100:29 | (reference to) |
|
||||
| test.cpp:99:21:99:32 | (const char *)... | test.cpp:100:25:100:29 | envCC indirection |
|
||||
| test.cpp:99:21:99:32 | (const char *)... | test.cpp:100:31:100:31 | call to operator+ |
|
||||
| test.cpp:99:21:99:32 | (const char *)... | test.cpp:100:31:100:31 | call to operator+ |
|
||||
| test.cpp:99:21:99:32 | (const char *)... | test.cpp:101:10:101:16 | (const basic_string<char, char_traits<char>, allocator<char>>)... |
|
||||
| test.cpp:99:21:99:32 | (const char *)... | test.cpp:101:10:101:16 | command indirection |
|
||||
| test.cpp:100:31:100:31 | call to operator+ | test.cpp:101:10:101:16 | (const basic_string<char, char_traits<char>, allocator<char>>)... |
|
||||
| test.cpp:100:31:100:31 | call to operator+ | test.cpp:101:10:101:16 | command indirection |
|
||||
| test.cpp:106:20:106:25 | call to getenv | test.cpp:107:33:107:36 | path indirection |
|
||||
| test.cpp:106:20:106:38 | (const char *)... | test.cpp:106:20:106:38 | call to getenv indirection |
|
||||
| test.cpp:106:20:106:38 | (const char *)... | test.cpp:106:20:106:39 | call to basic_string |
|
||||
| test.cpp:106:20:106:38 | (const char *)... | test.cpp:107:31:107:31 | call to operator+ |
|
||||
| test.cpp:106:20:106:38 | (const char *)... | test.cpp:107:31:107:31 | call to operator+ |
|
||||
| test.cpp:106:20:106:38 | (const char *)... | test.cpp:107:33:107:36 | (reference to) |
|
||||
| test.cpp:106:20:106:38 | (const char *)... | test.cpp:107:33:107:36 | path indirection |
|
||||
| test.cpp:106:20:106:38 | (const char *)... | test.cpp:108:10:108:16 | (const basic_string<char, char_traits<char>, allocator<char>>)... |
|
||||
| test.cpp:106:20:106:38 | (const char *)... | test.cpp:108:10:108:16 | command indirection |
|
||||
| test.cpp:107:31:107:31 | call to operator+ | test.cpp:108:10:108:16 | (const basic_string<char, char_traits<char>, allocator<char>>)... |
|
||||
| test.cpp:107:31:107:31 | call to operator+ | test.cpp:108:10:108:16 | command indirection |
|
||||
| test.cpp:113:20:113:25 | call to getenv | test.cpp:114:19:114:22 | path indirection |
|
||||
| test.cpp:113:20:113:38 | (const char *)... | test.cpp:113:20:113:38 | call to getenv indirection |
|
||||
| test.cpp:113:20:113:38 | (const char *)... | test.cpp:113:20:113:39 | call to basic_string |
|
||||
| test.cpp:113:20:113:38 | (const char *)... | test.cpp:114:10:114:23 | (const basic_string<char, char_traits<char>, allocator<char>>)... |
|
||||
| test.cpp:113:20:113:38 | (const char *)... | test.cpp:114:10:114:23 | call to operator+ indirection |
|
||||
| test.cpp:113:20:113:38 | (const char *)... | test.cpp:114:19:114:22 | (reference to) |
|
||||
| test.cpp:113:20:113:38 | (const char *)... | test.cpp:114:19:114:22 | path indirection |
|
||||
| test.cpp:119:20:119:25 | call to getenv | test.cpp:120:19:120:22 | path indirection |
|
||||
| test.cpp:119:20:119:38 | (const char *)... | test.cpp:119:20:119:38 | call to getenv indirection |
|
||||
| test.cpp:119:20:119:38 | (const char *)... | test.cpp:119:20:119:39 | call to basic_string |
|
||||
| test.cpp:119:20:119:38 | (const char *)... | test.cpp:120:10:120:23 | call to operator+ indirection |
|
||||
| test.cpp:119:20:119:38 | (const char *)... | test.cpp:120:17:120:17 | call to operator+ |
|
||||
| test.cpp:119:20:119:38 | (const char *)... | test.cpp:120:19:120:22 | (reference to) |
|
||||
| test.cpp:119:20:119:38 | (const char *)... | test.cpp:120:19:120:22 | path indirection |
|
||||
| test.cpp:129:9:129:12 | (void *)... | test.cpp:129:9:129:12 | temp indirection |
|
||||
| test.cpp:129:9:129:12 | fread output argument | test.cpp:131:11:131:14 | Store |
|
||||
| test.cpp:129:9:129:12 | fread output argument | test.cpp:131:11:131:14 | call to atoi |
|
||||
| test.cpp:129:9:129:12 | fread output argument | test.cpp:131:11:131:14 | call to atoi |
|
||||
| test.cpp:129:9:129:12 | fread output argument | test.cpp:131:16:131:19 | array to pointer conversion |
|
||||
| test.cpp:129:9:129:12 | fread output argument | test.cpp:131:16:131:19 | temp indirection |
|
||||
| test.cpp:129:9:129:12 | fread output argument | test.cpp:132:42:132:42 | x |
|
||||
| test.cpp:129:9:129:12 | fread output argument | test.cpp:133:10:133:16 | (const char *)... |
|
||||
| test.cpp:129:9:129:12 | fread output argument | test.cpp:133:10:133:16 | command indirection |
|
||||
| test.cpp:131:11:131:14 | call to atoi | test.cpp:131:11:131:14 | Store |
|
||||
| test.cpp:131:11:131:14 | call to atoi | test.cpp:132:42:132:42 | x |
|
||||
| test.cpp:131:11:131:14 | call to atoi | test.cpp:133:10:133:16 | (const char *)... |
|
||||
| test.cpp:131:11:131:14 | call to atoi | test.cpp:133:10:133:16 | command indirection |
|
||||
| test.cpp:140:9:140:11 | (void *)... | test.cpp:140:9:140:11 | str indirection |
|
||||
| test.cpp:140:9:140:11 | fread output argument | test.cpp:142:31:142:33 | array to pointer conversion |
|
||||
| test.cpp:140:9:140:11 | fread output argument | test.cpp:142:31:142:33 | str indirection |
|
||||
| test.cpp:140:9:140:11 | fread output argument | test.cpp:142:31:142:33 | str indirection |
|
||||
| test.cpp:140:9:140:11 | fread output argument | test.cpp:143:10:143:16 | (const char *)... |
|
||||
| test.cpp:140:9:140:11 | fread output argument | test.cpp:143:10:143:16 | command indirection |
|
||||
| test.cpp:142:11:142:17 | sprintf output argument | test.cpp:143:10:143:16 | command indirection |
|
||||
| test.cpp:142:31:142:33 | str indirection | test.cpp:142:11:142:17 | sprintf output argument |
|
||||
| test.cpp:142:31:142:33 | str indirection | test.cpp:142:11:142:17 | sprintf output argument |
|
||||
| test.cpp:142:31:142:33 | str indirection | test.cpp:142:11:142:17 | sprintf output argument |
|
||||
| test.cpp:142:31:142:33 | str indirection | test.cpp:142:11:142:17 | sprintf output argument |
|
||||
| test.cpp:150:9:150:11 | (void *)... | test.cpp:150:9:150:11 | str indirection |
|
||||
| test.cpp:150:9:150:11 | fread output argument | test.cpp:152:31:152:33 | array to pointer conversion |
|
||||
| test.cpp:150:9:150:11 | fread output argument | test.cpp:152:31:152:33 | str indirection |
|
||||
| test.cpp:150:9:150:11 | fread output argument | test.cpp:153:10:153:16 | (const char *)... |
|
||||
| test.cpp:150:9:150:11 | fread output argument | test.cpp:153:10:153:16 | command indirection |
|
||||
| test.cpp:160:9:160:12 | (void *)... | test.cpp:160:9:160:12 | temp indirection |
|
||||
| test.cpp:160:9:160:12 | fread output argument | test.cpp:162:11:162:14 | Store |
|
||||
| test.cpp:160:9:160:12 | fread output argument | test.cpp:162:11:162:14 | call to atoi |
|
||||
| test.cpp:160:9:160:12 | fread output argument | test.cpp:162:11:162:14 | call to atoi |
|
||||
| test.cpp:160:9:160:12 | fread output argument | test.cpp:162:16:162:19 | array to pointer conversion |
|
||||
| test.cpp:160:9:160:12 | fread output argument | test.cpp:162:16:162:19 | temp indirection |
|
||||
| test.cpp:160:9:160:12 | fread output argument | test.cpp:165:24:165:24 | x |
|
||||
| test.cpp:160:9:160:12 | fread output argument | test.cpp:166:44:166:48 | array to pointer conversion |
|
||||
| test.cpp:160:9:160:12 | fread output argument | test.cpp:166:44:166:48 | temp2 indirection |
|
||||
| test.cpp:160:9:160:12 | fread output argument | test.cpp:168:10:168:16 | (const char *)... |
|
||||
| test.cpp:160:9:160:12 | fread output argument | test.cpp:168:10:168:16 | command indirection |
|
||||
| test.cpp:162:11:162:14 | call to atoi | test.cpp:162:11:162:14 | Store |
|
||||
| test.cpp:162:11:162:14 | call to atoi | test.cpp:165:24:165:24 | x |
|
||||
| test.cpp:162:11:162:14 | call to atoi | test.cpp:166:44:166:48 | array to pointer conversion |
|
||||
| test.cpp:162:11:162:14 | call to atoi | test.cpp:166:44:166:48 | temp2 indirection |
|
||||
| test.cpp:162:11:162:14 | call to atoi | test.cpp:168:10:168:16 | (const char *)... |
|
||||
| test.cpp:162:11:162:14 | call to atoi | test.cpp:168:10:168:16 | command indirection |
|
||||
nodes
|
||||
| test.cpp:16:20:16:23 | argv | semmle.label | argv |
|
||||
| test.cpp:16:20:16:23 | argv | semmle.label | argv |
|
||||
| test.cpp:16:20:16:23 | argv | semmle.label | argv |
|
||||
| test.cpp:16:20:16:26 | Store | semmle.label | Store |
|
||||
| test.cpp:16:20:16:26 | access to array | semmle.label | access to array |
|
||||
| test.cpp:22:13:22:20 | sprintf output argument | semmle.label | sprintf output argument |
|
||||
| test.cpp:22:45:22:52 | userName | semmle.label | userName |
|
||||
| test.cpp:22:45:22:52 | userName indirection | semmle.label | userName indirection |
|
||||
| test.cpp:22:45:22:52 | userName indirection | semmle.label | userName indirection |
|
||||
| test.cpp:23:12:23:19 | (const char *)... | semmle.label | (const char *)... |
|
||||
| test.cpp:23:12:23:19 | command1 indirection | semmle.label | command1 indirection |
|
||||
| test.cpp:23:12:23:19 | command1 indirection | semmle.label | command1 indirection |
|
||||
| test.cpp:29:45:29:52 | (const char *)... | semmle.label | (const char *)... |
|
||||
| test.cpp:29:45:29:52 | userName | semmle.label | userName |
|
||||
| test.cpp:29:45:29:52 | userName indirection | semmle.label | userName indirection |
|
||||
| test.cpp:38:17:38:22 | Store | semmle.label | Store |
|
||||
| test.cpp:38:17:38:22 | call to getenv | semmle.label | call to getenv |
|
||||
| test.cpp:38:17:38:22 | call to getenv | semmle.label | call to getenv |
|
||||
| test.cpp:41:20:41:24 | (const char *)... | semmle.label | (const char *)... |
|
||||
| test.cpp:41:20:41:24 | envCC | semmle.label | envCC |
|
||||
| test.cpp:41:20:41:24 | envCC indirection | semmle.label | envCC indirection |
|
||||
| test.cpp:47:21:47:26 | Store | semmle.label | Store |
|
||||
| test.cpp:47:21:47:26 | call to getenv | semmle.label | call to getenv |
|
||||
| test.cpp:47:21:47:26 | call to getenv | semmle.label | call to getenv |
|
||||
| test.cpp:47:21:47:26 | call to getenv | semmle.label | call to getenv |
|
||||
| test.cpp:50:11:50:17 | sprintf output argument | semmle.label | sprintf output argument |
|
||||
| test.cpp:50:35:50:43 | envCflags | semmle.label | envCflags |
|
||||
| test.cpp:50:35:50:43 | envCflags indirection | semmle.label | envCflags indirection |
|
||||
| test.cpp:50:35:50:43 | envCflags indirection | semmle.label | envCflags indirection |
|
||||
| test.cpp:51:10:51:16 | (const char *)... | semmle.label | (const char *)... |
|
||||
| test.cpp:51:10:51:16 | command indirection | semmle.label | command indirection |
|
||||
| test.cpp:51:10:51:16 | command indirection | semmle.label | command indirection |
|
||||
| test.cpp:62:9:62:16 | (void *)... | semmle.label | (void *)... |
|
||||
| test.cpp:62:9:62:16 | (void *)... | semmle.label | (void *)... |
|
||||
| test.cpp:62:9:62:16 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test.cpp:62:9:62:16 | filename | semmle.label | filename |
|
||||
| test.cpp:62:9:62:16 | filename indirection | semmle.label | filename indirection |
|
||||
| test.cpp:62:9:62:16 | fread output argument | semmle.label | fread output argument |
|
||||
| test.cpp:62:9:62:16 | fread output argument | semmle.label | fread output argument |
|
||||
| test.cpp:64:11:64:17 | strncat output argument | semmle.label | strncat output argument |
|
||||
| test.cpp:64:20:64:27 | (const char *)... | semmle.label | (const char *)... |
|
||||
| test.cpp:64:20:64:27 | filename indirection | semmle.label | filename indirection |
|
||||
| test.cpp:64:20:64:27 | filename indirection | semmle.label | filename indirection |
|
||||
| test.cpp:65:10:65:16 | (const char *)... | semmle.label | (const char *)... |
|
||||
| test.cpp:65:10:65:16 | command indirection | semmle.label | command indirection |
|
||||
| test.cpp:65:10:65:16 | command indirection | semmle.label | command indirection |
|
||||
| test.cpp:71:9:71:15 | (void *)... | semmle.label | (void *)... |
|
||||
| test.cpp:71:9:71:15 | (void *)... | semmle.label | (void *)... |
|
||||
| test.cpp:71:9:71:15 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test.cpp:71:9:71:15 | command | semmle.label | command |
|
||||
| test.cpp:71:9:71:15 | command indirection | semmle.label | command indirection |
|
||||
| test.cpp:71:9:71:15 | fread output argument | semmle.label | fread output argument |
|
||||
| test.cpp:73:11:73:17 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test.cpp:73:11:73:17 | command indirection | semmle.label | command indirection |
|
||||
| test.cpp:74:10:74:16 | (const char *)... | semmle.label | (const char *)... |
|
||||
| test.cpp:74:10:74:16 | command indirection | semmle.label | command indirection |
|
||||
| test.cpp:82:9:82:16 | (void *)... | semmle.label | (void *)... |
|
||||
| test.cpp:82:9:82:16 | (void *)... | semmle.label | (void *)... |
|
||||
| test.cpp:82:9:82:16 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test.cpp:82:9:82:16 | filename | semmle.label | filename |
|
||||
| test.cpp:82:9:82:16 | filename indirection | semmle.label | filename indirection |
|
||||
| test.cpp:82:9:82:16 | fread output argument | semmle.label | fread output argument |
|
||||
| test.cpp:82:9:82:16 | fread output argument | semmle.label | fread output argument |
|
||||
| test.cpp:84:11:84:17 | strncat output argument | semmle.label | strncat output argument |
|
||||
| test.cpp:84:20:84:27 | (const char *)... | semmle.label | (const char *)... |
|
||||
| test.cpp:84:20:84:27 | filename indirection | semmle.label | filename indirection |
|
||||
| test.cpp:84:20:84:27 | filename indirection | semmle.label | filename indirection |
|
||||
| test.cpp:85:32:85:38 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test.cpp:85:32:85:38 | command indirection | semmle.label | command indirection |
|
||||
| test.cpp:85:32:85:38 | command indirection | semmle.label | command indirection |
|
||||
| test.cpp:91:9:91:16 | (void *)... | semmle.label | (void *)... |
|
||||
| test.cpp:91:9:91:16 | (void *)... | semmle.label | (void *)... |
|
||||
| test.cpp:91:9:91:16 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test.cpp:91:9:91:16 | filename | semmle.label | filename |
|
||||
| test.cpp:91:9:91:16 | filename indirection | semmle.label | filename indirection |
|
||||
| test.cpp:91:9:91:16 | fread output argument | semmle.label | fread output argument |
|
||||
| test.cpp:91:9:91:16 | fread output argument | semmle.label | fread output argument |
|
||||
| test.cpp:93:11:93:14 | strncat output argument | semmle.label | strncat output argument |
|
||||
| test.cpp:93:17:93:24 | (const char *)... | semmle.label | (const char *)... |
|
||||
| test.cpp:93:17:93:24 | filename indirection | semmle.label | filename indirection |
|
||||
| test.cpp:93:17:93:24 | filename indirection | semmle.label | filename indirection |
|
||||
| test.cpp:94:45:94:48 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test.cpp:94:45:94:48 | path indirection | semmle.label | path indirection |
|
||||
| test.cpp:94:45:94:48 | path indirection | semmle.label | path indirection |
|
||||
| test.cpp:99:21:99:26 | call to getenv | semmle.label | call to getenv |
|
||||
| test.cpp:99:21:99:32 | (const char *)... | semmle.label | (const char *)... |
|
||||
| test.cpp:99:21:99:32 | (const char *)... | semmle.label | (const char *)... |
|
||||
| test.cpp:99:21:99:32 | call to getenv indirection | semmle.label | call to getenv indirection |
|
||||
| test.cpp:99:21:99:33 | call to basic_string | semmle.label | call to basic_string |
|
||||
| test.cpp:100:25:100:29 | (reference to) | semmle.label | (reference to) |
|
||||
| test.cpp:100:25:100:29 | envCC indirection | semmle.label | envCC indirection |
|
||||
| test.cpp:100:31:100:31 | call to operator+ | semmle.label | call to operator+ |
|
||||
| test.cpp:100:31:100:31 | call to operator+ | semmle.label | call to operator+ |
|
||||
| test.cpp:101:10:101:16 | (const basic_string<char, char_traits<char>, allocator<char>>)... | semmle.label | (const basic_string<char, char_traits<char>, allocator<char>>)... |
|
||||
| test.cpp:101:10:101:16 | command indirection | semmle.label | command indirection |
|
||||
| test.cpp:106:20:106:25 | call to getenv | semmle.label | call to getenv |
|
||||
| test.cpp:106:20:106:25 | call to getenv | semmle.label | call to getenv |
|
||||
| test.cpp:106:20:106:38 | (const char *)... | semmle.label | (const char *)... |
|
||||
| test.cpp:106:20:106:38 | (const char *)... | semmle.label | (const char *)... |
|
||||
| test.cpp:106:20:106:38 | call to getenv indirection | semmle.label | call to getenv indirection |
|
||||
| test.cpp:106:20:106:39 | call to basic_string | semmle.label | call to basic_string |
|
||||
| test.cpp:107:31:107:31 | call to operator+ | semmle.label | call to operator+ |
|
||||
| test.cpp:107:31:107:31 | call to operator+ | semmle.label | call to operator+ |
|
||||
| test.cpp:107:33:107:36 | (reference to) | semmle.label | (reference to) |
|
||||
| test.cpp:107:33:107:36 | path indirection | semmle.label | path indirection |
|
||||
| test.cpp:107:33:107:36 | path indirection | semmle.label | path indirection |
|
||||
| test.cpp:108:10:108:16 | (const basic_string<char, char_traits<char>, allocator<char>>)... | semmle.label | (const basic_string<char, char_traits<char>, allocator<char>>)... |
|
||||
| test.cpp:108:10:108:16 | command indirection | semmle.label | command indirection |
|
||||
| test.cpp:113:20:113:25 | call to getenv | semmle.label | call to getenv |
|
||||
| test.cpp:113:20:113:25 | call to getenv | semmle.label | call to getenv |
|
||||
| test.cpp:113:20:113:38 | (const char *)... | semmle.label | (const char *)... |
|
||||
| test.cpp:113:20:113:38 | (const char *)... | semmle.label | (const char *)... |
|
||||
| test.cpp:113:20:113:38 | call to getenv indirection | semmle.label | call to getenv indirection |
|
||||
| test.cpp:113:20:113:39 | call to basic_string | semmle.label | call to basic_string |
|
||||
| test.cpp:114:10:114:23 | (const basic_string<char, char_traits<char>, allocator<char>>)... | semmle.label | (const basic_string<char, char_traits<char>, allocator<char>>)... |
|
||||
| test.cpp:114:10:114:23 | call to operator+ indirection | semmle.label | call to operator+ indirection |
|
||||
| test.cpp:114:19:114:22 | (reference to) | semmle.label | (reference to) |
|
||||
| test.cpp:114:19:114:22 | path indirection | semmle.label | path indirection |
|
||||
| test.cpp:114:19:114:22 | path indirection | semmle.label | path indirection |
|
||||
| test.cpp:119:20:119:25 | call to getenv | semmle.label | call to getenv |
|
||||
| test.cpp:119:20:119:25 | call to getenv | semmle.label | call to getenv |
|
||||
| test.cpp:119:20:119:38 | (const char *)... | semmle.label | (const char *)... |
|
||||
| test.cpp:119:20:119:38 | (const char *)... | semmle.label | (const char *)... |
|
||||
| test.cpp:119:20:119:38 | call to getenv indirection | semmle.label | call to getenv indirection |
|
||||
| test.cpp:119:20:119:39 | call to basic_string | semmle.label | call to basic_string |
|
||||
| test.cpp:120:10:120:23 | call to operator+ indirection | semmle.label | call to operator+ indirection |
|
||||
| test.cpp:120:17:120:17 | call to operator+ | semmle.label | call to operator+ |
|
||||
| test.cpp:120:19:120:22 | (reference to) | semmle.label | (reference to) |
|
||||
| test.cpp:120:19:120:22 | path indirection | semmle.label | path indirection |
|
||||
| test.cpp:120:19:120:22 | path indirection | semmle.label | path indirection |
|
||||
| test.cpp:129:9:129:12 | (void *)... | semmle.label | (void *)... |
|
||||
| test.cpp:129:9:129:12 | (void *)... | semmle.label | (void *)... |
|
||||
| test.cpp:129:9:129:12 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test.cpp:129:9:129:12 | fread output argument | semmle.label | fread output argument |
|
||||
| test.cpp:129:9:129:12 | temp | semmle.label | temp |
|
||||
| test.cpp:129:9:129:12 | temp indirection | semmle.label | temp indirection |
|
||||
| test.cpp:131:11:131:14 | Store | semmle.label | Store |
|
||||
| test.cpp:131:11:131:14 | call to atoi | semmle.label | call to atoi |
|
||||
| test.cpp:131:11:131:14 | call to atoi | semmle.label | call to atoi |
|
||||
| test.cpp:131:16:131:19 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test.cpp:131:16:131:19 | temp indirection | semmle.label | temp indirection |
|
||||
| test.cpp:132:42:132:42 | x | semmle.label | x |
|
||||
| test.cpp:133:10:133:16 | (const char *)... | semmle.label | (const char *)... |
|
||||
| test.cpp:133:10:133:16 | command indirection | semmle.label | command indirection |
|
||||
| test.cpp:140:9:140:11 | (void *)... | semmle.label | (void *)... |
|
||||
| test.cpp:140:9:140:11 | (void *)... | semmle.label | (void *)... |
|
||||
| test.cpp:140:9:140:11 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test.cpp:140:9:140:11 | fread output argument | semmle.label | fread output argument |
|
||||
| test.cpp:140:9:140:11 | fread output argument | semmle.label | fread output argument |
|
||||
| test.cpp:140:9:140:11 | str | semmle.label | str |
|
||||
| test.cpp:140:9:140:11 | str indirection | semmle.label | str indirection |
|
||||
| test.cpp:142:11:142:17 | sprintf output argument | semmle.label | sprintf output argument |
|
||||
| test.cpp:142:31:142:33 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test.cpp:142:31:142:33 | str indirection | semmle.label | str indirection |
|
||||
| test.cpp:142:31:142:33 | str indirection | semmle.label | str indirection |
|
||||
| test.cpp:143:10:143:16 | (const char *)... | semmle.label | (const char *)... |
|
||||
| test.cpp:143:10:143:16 | command indirection | semmle.label | command indirection |
|
||||
| test.cpp:143:10:143:16 | command indirection | semmle.label | command indirection |
|
||||
| test.cpp:150:9:150:11 | (void *)... | semmle.label | (void *)... |
|
||||
| test.cpp:150:9:150:11 | (void *)... | semmle.label | (void *)... |
|
||||
| test.cpp:150:9:150:11 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test.cpp:150:9:150:11 | fread output argument | semmle.label | fread output argument |
|
||||
| test.cpp:150:9:150:11 | str | semmle.label | str |
|
||||
| test.cpp:150:9:150:11 | str indirection | semmle.label | str indirection |
|
||||
| test.cpp:152:31:152:33 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test.cpp:152:31:152:33 | str indirection | semmle.label | str indirection |
|
||||
| test.cpp:153:10:153:16 | (const char *)... | semmle.label | (const char *)... |
|
||||
| test.cpp:153:10:153:16 | command indirection | semmle.label | command indirection |
|
||||
| test.cpp:160:9:160:12 | (void *)... | semmle.label | (void *)... |
|
||||
| test.cpp:160:9:160:12 | (void *)... | semmle.label | (void *)... |
|
||||
| test.cpp:160:9:160:12 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test.cpp:160:9:160:12 | fread output argument | semmle.label | fread output argument |
|
||||
| test.cpp:160:9:160:12 | temp | semmle.label | temp |
|
||||
| test.cpp:160:9:160:12 | temp indirection | semmle.label | temp indirection |
|
||||
| test.cpp:162:11:162:14 | Store | semmle.label | Store |
|
||||
| test.cpp:162:11:162:14 | call to atoi | semmle.label | call to atoi |
|
||||
| test.cpp:162:11:162:14 | call to atoi | semmle.label | call to atoi |
|
||||
| test.cpp:162:16:162:19 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test.cpp:162:16:162:19 | temp indirection | semmle.label | temp indirection |
|
||||
| test.cpp:165:24:165:24 | x | semmle.label | x |
|
||||
| test.cpp:166:44:166:48 | array to pointer conversion | semmle.label | array to pointer conversion |
|
||||
| test.cpp:166:44:166:48 | temp2 indirection | semmle.label | temp2 indirection |
|
||||
| test.cpp:168:10:168:16 | (const char *)... | semmle.label | (const char *)... |
|
||||
| test.cpp:168:10:168:16 | command indirection | semmle.label | command indirection |
|
||||
subpaths
|
||||
#select
|
||||
| test.cpp:23:12:23:19 | command1 | test.cpp:16:20:16:23 | argv | test.cpp:23:12:23:19 | command1 indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string) | test.cpp:16:20:16:23 | argv | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument |
|
||||
|
||||
Reference in New Issue
Block a user