hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 05:01:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

C++: Simplify cpp/sql-injection barrier

Browse Source 
SQL sanitizers will not likely also be sources, so using `isBarrierIn` here
does not make a lot of sense.

I ran with and without this change on MRVA and got identical results.
This commit is contained in:
Jeroen Ketema
2026-01-23 09:03:48 +01:00
parent e40f896b17
commit ccd07b8a63
1 changed files with 1 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
View File

@@ -45,9 +45,7 @@ module SqlTaintedConfig implements DataFlow::ConfigSig {
predicate isBarrier(DataFlow::Node node) {
node.asExpr().getUnspecifiedType() instanceof IntegralType
}
predicate isBarrierIn(DataFlow::Node node) {
or
exists(SqlBarrierFunction sql, int arg, FunctionInput input |
node.asIndirectArgument() = sql.getACallToThisFunction().getArgument(arg) and
input.isParameterDeref(arg) and