hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

C++: Address review comments.

Browse Source
This commit is contained in:
Geoffrey White
2020-08-12 12:43:28 +01:00
parent a655124213
commit b99ca60154
1 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
cpp/ql/src/semmle/code/cpp/models/implementations/StdString.qll
View File

@@ -26,8 +26,7 @@ class StdStringCStr extends TaintFunction {
class StdStringPlus extends TaintFunction {
StdStringPlus() {
this.hasQualifiedName("std", "operator+") and
this.getParameter(0).getType().getUnspecifiedType().(ReferenceType).getBaseType() =
any(StdBasicString s).getAnInstantiation()
this.getUnspecifiedType() = any(StdBasicString s).getAnInstantiation()
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
@@ -49,9 +48,17 @@ class StdStringAppend extends TaintFunction {
this.hasQualifiedName("std", "basic_string", "append")
}
/**
* Gets the index of a parameter to this function that is a string.
*/
int getAStringParameter() {
getParameter(result).getType() instanceof PointerType or
getParameter(result).getType() instanceof ReferenceType
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
// flow from parameter to string itself (qualifier) and return value
input.isParameterDeref(0) and
input.isParameterDeref(getAStringParameter()) and
(
output.isQualifierObject() or
output.isReturnValueDeref()