hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

C++: Update PotentiallyExposedSystemData with DataFlow::ConfigSig

Browse Source
This commit is contained in:
Jeroen Ketema
2023-03-08 14:53:26 +01:00
parent 53aa34bdd3
commit 7fe1a9431c
1 changed files with 9 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql
View File

@@ -28,17 +28,15 @@ import cpp
import semmle.code.cpp.ir.dataflow.TaintTracking import semmle.code.cpp.ir.dataflow.TaintTracking
import semmle.code.cpp.models.interfaces.FlowSource import semmle.code.cpp.models.interfaces.FlowSource
import semmle.code.cpp.security.OutputWrite import semmle.code.cpp.security.OutputWrite
import DataFlow::PathGraph import PotentiallyExposedSystemData::PathGraph
import SystemData import SystemData
class PotentiallyExposedSystemDataConfiguration extends TaintTracking::Configuration { module PotentiallyExposedSystemDataConfiguration implements DataFlow::ConfigSig {
PotentiallyExposedSystemDataConfiguration() { this = "PotentiallyExposedSystemDataConfiguration" } predicate isSource(DataFlow::Node source) {
override predicate isSource(DataFlow::Node source) {
source = any(SystemData sd | sd.isSensitive()).getAnExpr() source = any(SystemData sd | sd.isSensitive()).getAnExpr()
} }
override predicate isSink(DataFlow::Node sink) { predicate isSink(DataFlow::Node sink) {
exists(OutputWrite ow, Expr child | child = ow.getASource().getAChild*() | exists(OutputWrite ow, Expr child | child = ow.getASource().getAChild*() |
// Most sinks receive a pointer as an argument (for example `printf`), // Most sinks receive a pointer as an argument (for example `printf`),
// and we use an indirect sink for those. // and we use an indirect sink for those.
@@ -53,9 +51,10 @@ class PotentiallyExposedSystemDataConfiguration extends TaintTracking::Configura
} }
} }
from module PotentiallyExposedSystemData =
PotentiallyExposedSystemDataConfiguration config, DataFlow::PathNode source, TaintTracking::Make<PotentiallyExposedSystemDataConfiguration>;
DataFlow::PathNode sink
where config.hasFlowPath(source, sink) from PotentiallyExposedSystemData::PathNode source, PotentiallyExposedSystemData::PathNode sink
where PotentiallyExposedSystemData::hasFlowPath(source, sink)
select sink, source, sink, "This operation potentially exposes sensitive system data from $@.", select sink, source, sink, "This operation potentially exposes sensitive system data from $@.",
source, source.getNode().toString() source, source.getNode().toString()