From bcd84efe8ded15a7885c34a80f6d91e33ae9e431 Mon Sep 17 00:00:00 2001
From: Mathias Vorreiter Pedersen <mathiasvp@github.com>
Date: Mon, 10 Feb 2020 15:50:52 +0100
Subject: [PATCH] C++: Add += and friends to adjustedSink

---
 .../src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
index 44ce2430c23..e69653a06b3 100644
--- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
@@ -338,6 +338,9 @@ private Element adjustedSink(DataFlow::Node sink) {
   or
   // Taint `e--` and `e++` when `e` is tainted.
   result.(PostfixCrementOperation).getAnOperand() = sink.asExpr()
+  or
+  // Taint `e1 += e2` when `e1` or `e2` is tainted.
+  result.(AssignArithmeticOperation).getAnOperand() = sink.asExpr()
 }
 
 predicate tainted(Expr source, Element tainted) {