C++: Remove the problematic taint tracking rule. It seems like we get the flows from dataflow already now.

2025-12-17 17:23:36 +01:00 · 2020-09-14 09:26:41 +02:00
parent ff09104089
commit 78b24b76a0
1 changed files with 0 additions and 9 deletions
--- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
@@ -257,15 +257,6 @@ private predicate instructionTaintStep(Instruction i1, Instruction i2) {
  i2.(ChiInstruction).getPartial() = i1.(WriteSideEffectInstruction) and
  not i2.isResultConflated()
  or
-  // Flow from an element to an array or union that contains it.
-  i2.(ChiInstruction).getPartial() = i1 and
-  not i2.isResultConflated() and
-  exists(Type t | i2.getResultLanguageType().hasType(t, false) |
-    t instanceof Union
-    or
-    t instanceof ArrayType
-  )
-  or
  exists(BinaryInstruction bin |
    bin = i2 and
    predictableInstruction(i2.getAnOperand().getDef()) and