hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-13 18:59:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Refactor ExecTainted.ql to need concatenation

Browse Source 
This makes ExecTainted report results only when the tainted value does
not become the start of the string which is eventually run as a shell
command. The theory is that those cases are likely to be deliberate, and
part of the expected threat model of the program (e.g. $CC in make).
This lines up better with the results I considered fixable true
positives in LGTM testing
This commit is contained in:
Robert Marsh
2021-06-30 22:09:34 +00:00
committed by Robert Marsh
parent 8f4df8603a
commit 6f408f949c
4 changed files with 509 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cpp/ql/lib/semmle/code/cpp/commons/Printf.qll
View File

@@ -253,6 +253,13 @@ class FormattingFunctionCall extends Expr {
// format arguments must be known
exists(getTarget().(FormattingFunction).getFirstFormatArgumentIndex())
}
/**
*
*/
Expr getOutputArgument(boolean isStream) {
result = this.(Call).getArgument(this.(Call).getTarget().(FormattingFunction).getOutputParameterIndex(isStream))
}
}
/**