hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Add more sinks.

Browse Source
This commit is contained in:
Geoffrey White
2021-11-10 16:43:28 +00:00
parent ae622bd482
commit c29011a5cf
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql
View File

@@ -54,16 +54,16 @@ class HttpStringToUrlOpenConfig extends TaintTracking::Configuration {
override predicate isSink(DataFlow::Node sink) {
exists(FunctionCall fc |
fc.getTarget().hasGlobalOrStdName(["system", "gethostbyname"]) and
fc.getTarget().hasGlobalOrStdName(["system", "gethostbyname", "getaddrinfo"]) and
sink.asExpr() = fc.getArgument(0)
or
fc.getTarget().hasGlobalOrStdName(["send", "URLDownloadToFile"]) and
fc.getTarget().hasGlobalOrStdName(["send", "URLDownloadToFile", "URLDownloadToCacheFile"]) and
sink.asExpr() = fc.getArgument(1)
or
fc.getTarget().hasGlobalOrStdName("curl_easy_setopt") and
fc.getTarget().hasGlobalOrStdName(["curl_easy_setopt", "getnameinfo"]) and
sink.asExpr() = fc.getArgument(2)
or
fc.getTarget().hasGlobalOrStdName("ShellExecute") and
fc.getTarget().hasGlobalOrStdName(["ShellExecute", "ShellExecuteA", "ShellExecuteW"]) and
sink.asExpr() = fc.getArgument(3)
)
}