hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Fix FP.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2024-03-18 15:54:53 +00:00
parent e373341f62
commit b944f3b411
2 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
cpp/ql/src/experimental/Security/CWE/CWE-416/IteratorToExpiredContainer.ql
View File

@@ -80,6 +80,20 @@ module DestroyedToBeginConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source = getADestroyedNode() }
predicate isSink(DataFlow::Node sink) { isSinkImpl(sink, _) }
DataFlow::FlowFeature getAFeature() {
// By blocking argument-to-parameter flow we ensure that we don't enter a
// function body where the temporary outlives anything inside the function.
// This prevents false positives in cases like:
// ```cpp
// void foo(const std::vector<int>& v) {
// for(auto x : v) { ... } // this is fine since v outlives the loop
// }
// ...
// foo(create_temporary())
// ```
result instanceof DataFlow::FeatureHasSinkCallContext
}
}
module DestroyedToBeginFlow = DataFlow::Global<DestroyedToBeginConfig>;