hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Factor body of isSink into its own predicate.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2024-04-16 22:05:39 +01:00
parent b201fd0bdd
commit b2974ba1c6
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
cpp/ql/src/experimental/Security/CWE/CWE-416/IteratorToExpiredContainer.ql
View File

@@ -11,7 +11,6 @@
* external/cwe/cwe-664
*/
// IMPORTANT: This query does not currently find anything since it relies on extractor and analysis improvements that hasn't yet been released
import cpp
import semmle.code.cpp.ir.IR
import semmle.code.cpp.dataflow.new.DataFlow
@@ -19,6 +18,11 @@ import semmle.code.cpp.models.implementations.StdContainer
import semmle.code.cpp.models.implementations.StdMap
import semmle.code.cpp.models.implementations.Iterator
private predicate tempToDestructorSink(DataFlow::Node sink, CallInstruction call) {
call = sink.asOperand().(ThisArgumentOperand).getCall() and
call.getStaticCallTarget() instanceof Destructor
}
/**
* A configuration to track flow from a temporary variable to the qualifier of
* a destructor call
@@ -28,9 +32,7 @@ module TempToDestructorConfig implements DataFlow::ConfigSig {
source.asInstruction().(VariableAddressInstruction).getIRVariable() instanceof IRTempVariable
}
predicate isSink(DataFlow::Node sink) {
sink.asOperand().(ThisArgumentOperand).getCall().getStaticCallTarget() instanceof Destructor
}
predicate isSink(DataFlow::Node sink) { tempToDestructorSink(sink, _) }
}
module TempToDestructorFlow = DataFlow::Global<TempToDestructorConfig>;