hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Fix the FP.

Browse Source
This commit is contained in:
Geoffrey White
2022-02-24 10:16:00 +00:00
parent 326dfa5bc2
commit c16302be13
3 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql
View File

@@ -57,7 +57,12 @@ class HttpStringToUrlOpenConfig extends TaintTracking::Configuration {
override predicate isSource(DataFlow::Node src) {
// Sources are strings containing an HTTP URL not in a private domain.
src.asExpr() instanceof HttpStringLiteral
src.asExpr() instanceof HttpStringLiteral and
// block taint starting at `strstr`, which is likely testing an existing URL, rather than constructing an HTTP URL.
not exists(FunctionCall fc |
fc.getTarget().getName() = ["strstr", "strcasestr"] and
fc.getAnArgument() = src.asExpr()
)
}
override predicate isSink(DataFlow::Node sink) {