hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-10 17:29:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Model taint flow through std::swap.

Browse Source
This commit is contained in:
Geoffrey White
2019-07-12 17:06:44 +01:00
parent f132bca06e
commit c2fd2e273e
6 changed files with 29 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cpp/ql/src/semmle/code/cpp/models/Models.qll
View File

@@ -6,3 +6,4 @@ private import implementations.Pure
private import implementations.Strcat
private import implementations.Strcpy
private import implementations.Strftime
private import implementations.Swap

23
cpp/ql/src/semmle/code/cpp/models/implementations/Swap.qll Normal file
View File

@@ -0,0 +1,23 @@
import semmle.code.cpp.models.interfaces.DataFlow
import semmle.code.cpp.models.interfaces.Taint
/**
* The standard function `swap`.
*/
class Swap extends DataFlowFunction {
Swap() {
this.hasQualifiedName("std", "swap")
}
override predicate hasDataFlow(FunctionInput input, FunctionOutput output) {
(
input.isInParameterPointer(0) and
output.isOutParameterPointer(1)
)
or
(
input.isInParameterPointer(1) and
output.isOutParameterPointer(0)
)
}
}