hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Model ConversionConstructor instead of all Constructors.

Browse Source
This commit is contained in:
Geoffrey White
2020-06-18 18:17:45 +01:00
parent 3f4ebd285f
commit ab8d1ea723
1 changed files with 5 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
cpp/ql/src/semmle/code/cpp/models/implementations/MemberFunction.qll
View File

@@ -7,17 +7,13 @@ import semmle.code.cpp.models.interfaces.DataFlow
import semmle.code.cpp.models.interfaces.Taint
/**
* Model for C++ constructors (including copy and move constructors).
* Model for C++ conversion constructors.
*/
class ConstructorModel extends Constructor, TaintFunction {
class ConversionConstructorModel extends ConversionConstructor, TaintFunction {
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
// taint flow from any constructor argument to the returned object
exists(int idx |
input.isParameter(idx) and
output.isReturnValue() and
not this.(CopyConstructorModel).hasDataFlow(input, output) and // don't duplicate where we have data flow
not this.(MoveConstructorModel).hasDataFlow(input, output) // don't duplicate where we have data flow
)
// taint flow from the first constructor argument to the returned object
input.isParameter(0) and
output.isReturnValue()
}
}