hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 20:25:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Use asDefiningArgument() where appropriate.

Browse Source
This commit is contained in:
Geoffrey White
2022-03-08 18:56:10 +00:00
parent 9ebdb2ac1d
commit d1b04b4e07
6 changed files with 36 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql
View File

@@ -21,9 +21,7 @@ import SystemData
class ExposedSystemDataConfiguration extends TaintTracking::Configuration {
ExposedSystemDataConfiguration() { this = "ExposedSystemDataConfiguration" }
override predicate isSource(DataFlow::Node source) {
source.asConvertedExpr() = any(SystemData sd).getAnExpr()
}
override predicate isSource(DataFlow::Node source) { source = any(SystemData sd).getAnExpr() }
override predicate isSink(DataFlow::Node sink) {
exists(FunctionCall fc, FunctionInput input, int arg |

2
cpp/ql/src/Security/CWE/CWE-497/PotentiallyExposedSystemData.ql
View File

@@ -35,7 +35,7 @@ class PotentiallyExposedSystemDataConfiguration extends TaintTracking::Configura
PotentiallyExposedSystemDataConfiguration() { this = "PotentiallyExposedSystemDataConfiguration" }
override predicate isSource(DataFlow::Node source) {
source.asExpr() = any(SystemData sd | sd.isSensitive()).getAnExpr()
source = any(SystemData sd | sd.isSensitive()).getAnExpr()
}
override predicate isSink(DataFlow::Node sink) {

50
cpp/ql/src/Security/CWE/CWE-497/SystemData.qll
View File

@@ -4,6 +4,7 @@
import cpp
import semmle.code.cpp.commons.Environment
import semmle.code.cpp.ir.dataflow.TaintTracking
/**
* An element that should not be exposed to an adversary.
@@ -12,7 +13,7 @@ abstract class SystemData extends Element {
/**
* Gets an expression that is part of this `SystemData`.
*/
abstract Expr getAnExpr();
abstract DataFlow::Node getAnExpr();
/**
* Holds if this system data is considered especially sensitive (for example
@@ -33,7 +34,7 @@ class EnvData extends SystemData {
.regexpMatch(".*(user|host|admin|root|home|path|http|ssl|snmp|sock|port|proxy|pass|token|crypt|key).*")
}
override Expr getAnExpr() { result = this }
override DataFlow::Node getAnExpr() { result.asConvertedExpr() = this }
override predicate isSensitive() {
this.(EnvironmentRead)
@@ -49,7 +50,7 @@ class EnvData extends SystemData {
class SQLClientInfo extends SystemData {
SQLClientInfo() { this.(FunctionCall).getTarget().hasName("mysql_get_client_info") }
override Expr getAnExpr() { result = this }
override DataFlow::Node getAnExpr() { result.asConvertedExpr() = this }
override predicate isSensitive() { any() }
}
@@ -68,21 +69,24 @@ private predicate sqlConnectInfo(FunctionCall source, Expr use) {
class SQLConnectInfo extends SystemData {
SQLConnectInfo() { sqlConnectInfo(this, _) }
override Expr getAnExpr() { sqlConnectInfo(this, result) }
override DataFlow::Node getAnExpr() { sqlConnectInfo(this, result.asConvertedExpr()) }
override predicate isSensitive() { any() }
}
private predicate posixSystemInfo(FunctionCall source, Element use) {
private predicate posixSystemInfo(FunctionCall source, DataFlow::Node use) {
// size_t confstr(int name, char *buf, size_t len)
// - various OS / system strings, such as the libc version
// int statvfs(const char *__path, struct statvfs *__buf)
// int fstatvfs(int __fd, struct statvfs *__buf)
source.getTarget().hasName(["confstr", "statvfs", "fstatvfs"]) and
use.asDefiningArgument() = source.getArgument(1)
or
// - various filesystem parameters
// int uname(struct utsname *buf)
// - OS name and version
source.getTarget().hasName(["confstr", "statvfs", "fstatvfs", "uname"]) and
use = source.getArgument(1)
source.getTarget().hasName("uname") and
use.asDefiningArgument() = source.getArgument(0)
}
/**
@@ -91,10 +95,10 @@ private predicate posixSystemInfo(FunctionCall source, Element use) {
class PosixSystemInfo extends SystemData {
PosixSystemInfo() { posixSystemInfo(this, _) }
override Expr getAnExpr() { posixSystemInfo(this, result) }
override DataFlow::Node getAnExpr() { posixSystemInfo(this, result) }
}
private predicate posixPWInfo(FunctionCall source, Element use) {
private predicate posixPWInfo(FunctionCall source, DataFlow::Node use) {
// struct passwd *getpwnam(const char *name);
// struct passwd *getpwuid(uid_t uid);
// struct passwd *getpwent(void);
@@ -104,7 +108,7 @@ private predicate posixPWInfo(FunctionCall source, Element use) {
source
.getTarget()
.hasName(["getpwnam", "getpwuid", "getpwent", "getgrnam", "getgrgid", "getgrent"]) and
use = source
use.asConvertedExpr() = source
or
// int getpwnam_r(const char *name, struct passwd *pwd,
// char *buf, size_t buflen, struct passwd **result);
@@ -115,14 +119,20 @@ private predicate posixPWInfo(FunctionCall source, Element use) {
// int getgrnam_r(const char *name, struct group *grp,
// char *buf, size_t buflen, struct group **result);
source.getTarget().hasName(["getpwnam_r", "getpwuid_r", "getgrgid_r", "getgrnam_r"]) and
use = source.getArgument([1, 2, 4])
(
use.asConvertedExpr() = source.getArgument([1, 2]) or
use.asDefiningArgument() = source.getArgument(4)
)
or
// int getpwent_r(struct passwd *pwd, char *buffer, size_t bufsize,
// struct passwd **result);
// int getgrent_r(struct group *gbuf, char *buf,
// size_t buflen, struct group **gbufp);
source.getTarget().hasName(["getpwent_r", "getgrent_r"]) and
use = source.getArgument([0, 1, 3])
(
use.asConvertedExpr() = source.getArgument([0, 1]) or
use.asDefiningArgument() = source.getArgument(3)
)
}
/**
@@ -131,15 +141,15 @@ private predicate posixPWInfo(FunctionCall source, Element use) {
class PosixPWInfo extends SystemData {
PosixPWInfo() { posixPWInfo(this, _) }
override Expr getAnExpr() { posixPWInfo(this, result) }
override DataFlow::Node getAnExpr() { posixPWInfo(this, result) }
override predicate isSensitive() { any() }
}
private predicate windowsSystemInfo(FunctionCall source, Element use) {
private predicate windowsSystemInfo(FunctionCall source, DataFlow::Node use) {
// DWORD WINAPI GetVersion(void);
source.getTarget().hasGlobalName("GetVersion") and
use = source
use.asConvertedExpr() = source
or
// BOOL WINAPI GetVersionEx(_Inout_ LPOSVERSIONINFO lpVersionInfo);
// void WINAPI GetSystemInfo(_Out_ LPSYSTEM_INFO lpSystemInfo);
@@ -149,7 +159,7 @@ private predicate windowsSystemInfo(FunctionCall source, Element use) {
.hasGlobalName([
"GetVersionEx", "GetVersionExA", "GetVersionExW", "GetSystemInfo", "GetNativeSystemInfo"
]) and
use = source.getArgument(0)
use.asDefiningArgument() = source.getArgument(0)
}
/**
@@ -158,7 +168,7 @@ private predicate windowsSystemInfo(FunctionCall source, Element use) {
class WindowsSystemInfo extends SystemData {
WindowsSystemInfo() { windowsSystemInfo(this, _) }
override Expr getAnExpr() { windowsSystemInfo(this, result) }
override DataFlow::Node getAnExpr() { windowsSystemInfo(this, result) }
}
private predicate windowsFolderPath(FunctionCall source, Element use) {
@@ -217,7 +227,7 @@ private predicate windowsFolderPath(FunctionCall source, Element use) {
class WindowsFolderPath extends SystemData {
WindowsFolderPath() { windowsFolderPath(this, _) }
override Expr getAnExpr() { windowsFolderPath(this, result) }
override DataFlow::Node getAnExpr() { windowsFolderPath(this, result.asDefiningArgument()) }
}
private predicate logonUser(FunctionCall source, VariableAccess use) {
@@ -231,7 +241,7 @@ private predicate logonUser(FunctionCall source, VariableAccess use) {
class LogonUser extends SystemData {
LogonUser() { logonUser(this, _) }
override Expr getAnExpr() { logonUser(this, result) }
override DataFlow::Node getAnExpr() { logonUser(this, result.asConvertedExpr()) }
override predicate isSensitive() { any() }
}
@@ -313,7 +323,7 @@ private predicate regQuery(FunctionCall source, TRegQueryParameter param) {
class RegQuery extends SystemData {
RegQuery() { regQuery(this, _) }
override Expr getAnExpr() { regQuery(this, TReturnData(result)) }
override DataFlow::Node getAnExpr() { regQuery(this, TReturnData(result.asDefiningArgument())) }
override predicate isSensitive() {
exists(Expr e |

3
cpp/ql/test/query-tests/Security/CWE/CWE-497/SAMATE/PotentiallyExposedSystemData.expected
View File

@@ -1,11 +1,8 @@
edges
| tests.c:57:21:57:28 | array to pointer conversion | tests.c:70:70:70:77 | array to pointer conversion |
| tests.c:57:21:57:28 | password | tests.c:70:70:70:77 | array to pointer conversion |
nodes
| tests.c:57:21:57:28 | array to pointer conversion | semmle.label | array to pointer conversion |
| tests.c:57:21:57:28 | password | semmle.label | password |
| tests.c:70:70:70:77 | array to pointer conversion | semmle.label | array to pointer conversion |
subpaths
#select
| tests.c:70:70:70:77 | array to pointer conversion | tests.c:57:21:57:28 | array to pointer conversion | tests.c:70:70:70:77 | array to pointer conversion | This operation potentially exposes sensitive system data from $@. | tests.c:57:21:57:28 | array to pointer conversion | array to pointer conversion |
| tests.c:70:70:70:77 | array to pointer conversion | tests.c:57:21:57:28 | password | tests.c:70:70:70:77 | array to pointer conversion | This operation potentially exposes sensitive system data from $@. | tests.c:57:21:57:28 | password | password |

8
cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.expected
View File

@@ -20,8 +20,8 @@ edges
| tests_sockets.cpp:63:15:63:20 | call to getenv | tests_sockets.cpp:76:19:76:22 | path |
| tests_sockets.cpp:63:15:63:20 | call to getenv | tests_sockets.cpp:80:20:80:23 | (const void *)... |
| tests_sockets.cpp:63:15:63:20 | call to getenv | tests_sockets.cpp:80:20:80:23 | path |
| tests_sysconf.cpp:36:21:36:27 | pathbuf | tests_sysconf.cpp:39:19:39:25 | (const void *)... |
| tests_sysconf.cpp:36:21:36:27 | pathbuf | tests_sysconf.cpp:39:19:39:25 | pathbuf |
| tests_sysconf.cpp:36:21:36:27 | confstr output argument | tests_sysconf.cpp:39:19:39:25 | (const void *)... |
| tests_sysconf.cpp:36:21:36:27 | confstr output argument | tests_sysconf.cpp:39:19:39:25 | pathbuf |
nodes
| tests2.cpp:63:13:63:18 | call to getenv | semmle.label | call to getenv |
| tests2.cpp:63:13:63:18 | call to getenv | semmle.label | call to getenv |
@@ -58,7 +58,7 @@ nodes
| tests_sockets.cpp:76:19:76:22 | path | semmle.label | path |
| tests_sockets.cpp:80:20:80:23 | (const void *)... | semmle.label | (const void *)... |
| tests_sockets.cpp:80:20:80:23 | path | semmle.label | path |
| tests_sysconf.cpp:36:21:36:27 | pathbuf | semmle.label | pathbuf |
| tests_sysconf.cpp:36:21:36:27 | confstr output argument | semmle.label | confstr output argument |
| tests_sysconf.cpp:39:19:39:25 | (const void *)... | semmle.label | (const void *)... |
| tests_sysconf.cpp:39:19:39:25 | pathbuf | semmle.label | pathbuf |
subpaths
@@ -77,4 +77,4 @@ subpaths
| tests_sockets.cpp:43:20:43:23 | path | tests_sockets.cpp:26:15:26:20 | call to getenv | tests_sockets.cpp:43:20:43:23 | path | This operation exposes system data from $@. | tests_sockets.cpp:26:15:26:20 | call to getenv | call to getenv |
| tests_sockets.cpp:76:19:76:22 | path | tests_sockets.cpp:63:15:63:20 | call to getenv | tests_sockets.cpp:76:19:76:22 | path | This operation exposes system data from $@. | tests_sockets.cpp:63:15:63:20 | call to getenv | call to getenv |
| tests_sockets.cpp:80:20:80:23 | path | tests_sockets.cpp:63:15:63:20 | call to getenv | tests_sockets.cpp:80:20:80:23 | path | This operation exposes system data from $@. | tests_sockets.cpp:63:15:63:20 | call to getenv | call to getenv |
| tests_sysconf.cpp:39:19:39:25 | pathbuf | tests_sysconf.cpp:36:21:36:27 | pathbuf | tests_sysconf.cpp:39:19:39:25 | pathbuf | This operation exposes system data from $@. | tests_sysconf.cpp:36:21:36:27 | pathbuf | pathbuf |
| tests_sysconf.cpp:39:19:39:25 | pathbuf | tests_sysconf.cpp:36:21:36:27 | confstr output argument | tests_sysconf.cpp:39:19:39:25 | pathbuf | This operation exposes system data from $@. | tests_sysconf.cpp:36:21:36:27 | confstr output argument | confstr output argument |

62
cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/PotentiallyExposedSystemData.expected
View File

@@ -1,38 +1,15 @@
edges
| tests.cpp:48:15:48:20 | call to getenv | tests.cpp:48:15:48:36 | (const char *)... |
| tests.cpp:48:15:48:20 | call to getenv | tests.cpp:48:15:48:36 | (const char *)... |
| tests.cpp:48:15:48:36 | (const char *)... | tests.cpp:48:15:48:36 | (const char *)... |
| tests.cpp:48:15:48:36 | (const char *)... | tests.cpp:48:15:48:36 | (const char *)... |
| tests.cpp:49:15:49:20 | call to getenv | tests.cpp:49:15:49:36 | (const char *)... |
| tests.cpp:49:15:49:20 | call to getenv | tests.cpp:49:15:49:36 | (const char *)... |
| tests.cpp:49:15:49:36 | (const char *)... | tests.cpp:49:15:49:36 | (const char *)... |
| tests.cpp:49:15:49:36 | (const char *)... | tests.cpp:49:15:49:36 | (const char *)... |
| tests.cpp:50:15:50:20 | call to getenv | tests.cpp:50:15:50:36 | (const char *)... |
| tests.cpp:50:15:50:20 | call to getenv | tests.cpp:50:15:50:36 | (const char *)... |
| tests.cpp:50:15:50:36 | (const char *)... | tests.cpp:50:15:50:36 | (const char *)... |
| tests.cpp:50:15:50:36 | (const char *)... | tests.cpp:50:15:50:36 | (const char *)... |
| tests.cpp:57:18:57:23 | call to getenv | tests.cpp:57:18:57:39 | (const char_type *)... |
| tests.cpp:57:18:57:23 | call to getenv | tests.cpp:57:18:57:39 | (const char_type *)... |
| tests.cpp:57:18:57:39 | (const char_type *)... | tests.cpp:57:18:57:39 | (const char_type *)... |
| tests.cpp:57:18:57:39 | (const char_type *)... | tests.cpp:57:18:57:39 | (const char_type *)... |
| tests.cpp:58:41:58:46 | call to getenv | tests.cpp:58:41:58:62 | (const char_type *)... |
| tests.cpp:58:41:58:46 | call to getenv | tests.cpp:58:41:58:62 | (const char_type *)... |
| tests.cpp:58:41:58:62 | (const char_type *)... | tests.cpp:58:41:58:62 | (const char_type *)... |
| tests.cpp:58:41:58:62 | (const char_type *)... | tests.cpp:58:41:58:62 | (const char_type *)... |
| tests.cpp:59:43:59:48 | call to getenv | tests.cpp:59:43:59:64 | (const char *)... |
| tests.cpp:59:43:59:48 | call to getenv | tests.cpp:59:43:59:64 | (const char *)... |
| tests.cpp:59:43:59:64 | (const char *)... | tests.cpp:59:43:59:64 | (const char *)... |
| tests.cpp:59:43:59:64 | (const char *)... | tests.cpp:59:43:59:64 | (const char *)... |
| tests.cpp:86:29:86:31 | *msg | tests.cpp:88:15:88:17 | msg |
| tests.cpp:86:29:86:31 | msg | tests.cpp:88:15:88:17 | msg |
| tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:34 | (const char *)... |
| tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:34 | (const char *)... |
| tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:34 | call to getenv |
| tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:34 | call to getenv indirection |
| tests.cpp:97:13:97:34 | (const char *)... | tests.cpp:97:13:97:34 | (const char *)... |
| tests.cpp:97:13:97:34 | (const char *)... | tests.cpp:97:13:97:34 | (const char *)... |
| tests.cpp:97:13:97:34 | (const char *)... | tests.cpp:97:13:97:34 | call to getenv |
| tests.cpp:97:13:97:34 | (const char *)... | tests.cpp:97:13:97:34 | call to getenv indirection |
| tests.cpp:97:13:97:34 | call to getenv | tests.cpp:86:29:86:31 | msg |
| tests.cpp:97:13:97:34 | call to getenv indirection | tests.cpp:86:29:86:31 | *msg |
| tests.cpp:107:30:107:32 | *msg | tests.cpp:111:15:111:17 | tmp |
@@ -43,24 +20,15 @@ edges
| tests.cpp:122:30:122:32 | msg | tests.cpp:124:15:124:17 | msg |
| tests.cpp:131:14:131:19 | call to getenv | tests.cpp:131:14:131:35 | call to getenv |
| tests.cpp:131:14:131:19 | call to getenv | tests.cpp:131:14:131:35 | call to getenv indirection |
| tests.cpp:131:14:131:35 | (const char *)... | tests.cpp:131:14:131:35 | call to getenv |
| tests.cpp:131:14:131:35 | (const char *)... | tests.cpp:131:14:131:35 | call to getenv indirection |
| tests.cpp:131:14:131:35 | call to getenv | tests.cpp:107:30:107:32 | msg |
| tests.cpp:131:14:131:35 | call to getenv indirection | tests.cpp:107:30:107:32 | *msg |
| tests.cpp:132:14:132:19 | call to getenv | tests.cpp:132:14:132:35 | call to getenv |
| tests.cpp:132:14:132:19 | call to getenv | tests.cpp:132:14:132:35 | call to getenv indirection |
| tests.cpp:132:14:132:35 | (const char *)... | tests.cpp:132:14:132:35 | call to getenv |
| tests.cpp:132:14:132:35 | (const char *)... | tests.cpp:132:14:132:35 | call to getenv indirection |
| tests.cpp:132:14:132:35 | call to getenv | tests.cpp:114:30:114:32 | msg |
| tests.cpp:132:14:132:35 | call to getenv indirection | tests.cpp:114:30:114:32 | *msg |
| tests.cpp:133:14:133:19 | call to getenv | tests.cpp:133:14:133:35 | (const char *)... |
| tests.cpp:133:14:133:19 | call to getenv | tests.cpp:133:14:133:35 | (const char *)... |
| tests.cpp:133:14:133:19 | call to getenv | tests.cpp:133:14:133:35 | call to getenv |
| tests.cpp:133:14:133:19 | call to getenv | tests.cpp:133:14:133:35 | call to getenv indirection |
| tests.cpp:133:14:133:35 | (const char *)... | tests.cpp:133:14:133:35 | (const char *)... |
| tests.cpp:133:14:133:35 | (const char *)... | tests.cpp:133:14:133:35 | (const char *)... |
| tests.cpp:133:14:133:35 | (const char *)... | tests.cpp:133:14:133:35 | call to getenv |
| tests.cpp:133:14:133:35 | (const char *)... | tests.cpp:133:14:133:35 | call to getenv indirection |
| tests.cpp:133:14:133:35 | call to getenv | tests.cpp:122:30:122:32 | msg |
| tests.cpp:133:14:133:35 | call to getenv indirection | tests.cpp:122:30:122:32 | *msg |
| tests_passwd.cpp:16:8:16:15 | call to getpwnam | tests_passwd.cpp:18:29:18:31 | pwd |
@@ -69,34 +37,27 @@ nodes
| tests.cpp:48:15:48:20 | call to getenv | semmle.label | call to getenv |
| tests.cpp:48:15:48:20 | call to getenv | semmle.label | call to getenv |
| tests.cpp:48:15:48:36 | (const char *)... | semmle.label | (const char *)... |
| tests.cpp:48:15:48:36 | (const char *)... | semmle.label | (const char *)... |
| tests.cpp:49:15:49:20 | call to getenv | semmle.label | call to getenv |
| tests.cpp:49:15:49:20 | call to getenv | semmle.label | call to getenv |
| tests.cpp:49:15:49:36 | (const char *)... | semmle.label | (const char *)... |
| tests.cpp:49:15:49:36 | (const char *)... | semmle.label | (const char *)... |
| tests.cpp:50:15:50:20 | call to getenv | semmle.label | call to getenv |
| tests.cpp:50:15:50:20 | call to getenv | semmle.label | call to getenv |
| tests.cpp:50:15:50:36 | (const char *)... | semmle.label | (const char *)... |
| tests.cpp:50:15:50:36 | (const char *)... | semmle.label | (const char *)... |
| tests.cpp:57:18:57:23 | call to getenv | semmle.label | call to getenv |
| tests.cpp:57:18:57:23 | call to getenv | semmle.label | call to getenv |
| tests.cpp:57:18:57:39 | (const char_type *)... | semmle.label | (const char_type *)... |
| tests.cpp:57:18:57:39 | (const char_type *)... | semmle.label | (const char_type *)... |
| tests.cpp:58:41:58:46 | call to getenv | semmle.label | call to getenv |
| tests.cpp:58:41:58:46 | call to getenv | semmle.label | call to getenv |
| tests.cpp:58:41:58:62 | (const char_type *)... | semmle.label | (const char_type *)... |
| tests.cpp:58:41:58:62 | (const char_type *)... | semmle.label | (const char_type *)... |
| tests.cpp:59:43:59:48 | call to getenv | semmle.label | call to getenv |
| tests.cpp:59:43:59:48 | call to getenv | semmle.label | call to getenv |
| tests.cpp:59:43:59:64 | (const char *)... | semmle.label | (const char *)... |
| tests.cpp:59:43:59:64 | (const char *)... | semmle.label | (const char *)... |
| tests.cpp:86:29:86:31 | *msg | semmle.label | *msg |
| tests.cpp:86:29:86:31 | msg | semmle.label | msg |
| tests.cpp:88:15:88:17 | msg | semmle.label | msg |
| tests.cpp:97:13:97:18 | call to getenv | semmle.label | call to getenv |
| tests.cpp:97:13:97:18 | call to getenv | semmle.label | call to getenv |
| tests.cpp:97:13:97:34 | (const char *)... | semmle.label | (const char *)... |
| tests.cpp:97:13:97:34 | (const char *)... | semmle.label | (const char *)... |
| tests.cpp:97:13:97:34 | call to getenv | semmle.label | call to getenv |
| tests.cpp:97:13:97:34 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:107:30:107:32 | *msg | semmle.label | *msg |
@@ -109,17 +70,14 @@ nodes
| tests.cpp:122:30:122:32 | msg | semmle.label | msg |
| tests.cpp:124:15:124:17 | msg | semmle.label | msg |
| tests.cpp:131:14:131:19 | call to getenv | semmle.label | call to getenv |
| tests.cpp:131:14:131:35 | (const char *)... | semmle.label | (const char *)... |
| tests.cpp:131:14:131:35 | call to getenv | semmle.label | call to getenv |
| tests.cpp:131:14:131:35 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:132:14:132:19 | call to getenv | semmle.label | call to getenv |
| tests.cpp:132:14:132:35 | (const char *)... | semmle.label | (const char *)... |
| tests.cpp:132:14:132:35 | call to getenv | semmle.label | call to getenv |
| tests.cpp:132:14:132:35 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests.cpp:133:14:133:19 | call to getenv | semmle.label | call to getenv |
| tests.cpp:133:14:133:19 | call to getenv | semmle.label | call to getenv |
| tests.cpp:133:14:133:35 | (const char *)... | semmle.label | (const char *)... |
| tests.cpp:133:14:133:35 | (const char *)... | semmle.label | (const char *)... |
| tests.cpp:133:14:133:35 | call to getenv | semmle.label | call to getenv |
| tests.cpp:133:14:133:35 | call to getenv indirection | semmle.label | call to getenv indirection |
| tests_passwd.cpp:16:8:16:15 | call to getpwnam | semmle.label | call to getpwnam |
@@ -129,43 +87,23 @@ subpaths
#select
| tests.cpp:48:15:48:20 | call to getenv | tests.cpp:48:15:48:20 | call to getenv | tests.cpp:48:15:48:20 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:48:15:48:20 | call to getenv | call to getenv |
| tests.cpp:48:15:48:36 | (const char *)... | tests.cpp:48:15:48:20 | call to getenv | tests.cpp:48:15:48:36 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:48:15:48:20 | call to getenv | call to getenv |
| tests.cpp:48:15:48:36 | (const char *)... | tests.cpp:48:15:48:36 | (const char *)... | tests.cpp:48:15:48:36 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:48:15:48:36 | (const char *)... | (const char *)... |
| tests.cpp:48:15:48:36 | (const char *)... | tests.cpp:48:15:48:36 | (const char *)... | tests.cpp:48:15:48:36 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:48:15:48:36 | (const char *)... | (const char *)... |
| tests.cpp:49:15:49:20 | call to getenv | tests.cpp:49:15:49:20 | call to getenv | tests.cpp:49:15:49:20 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:49:15:49:20 | call to getenv | call to getenv |
| tests.cpp:49:15:49:36 | (const char *)... | tests.cpp:49:15:49:20 | call to getenv | tests.cpp:49:15:49:36 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:49:15:49:20 | call to getenv | call to getenv |
| tests.cpp:49:15:49:36 | (const char *)... | tests.cpp:49:15:49:36 | (const char *)... | tests.cpp:49:15:49:36 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:49:15:49:36 | (const char *)... | (const char *)... |
| tests.cpp:49:15:49:36 | (const char *)... | tests.cpp:49:15:49:36 | (const char *)... | tests.cpp:49:15:49:36 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:49:15:49:36 | (const char *)... | (const char *)... |
| tests.cpp:50:15:50:20 | call to getenv | tests.cpp:50:15:50:20 | call to getenv | tests.cpp:50:15:50:20 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:50:15:50:20 | call to getenv | call to getenv |
| tests.cpp:50:15:50:36 | (const char *)... | tests.cpp:50:15:50:20 | call to getenv | tests.cpp:50:15:50:36 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:50:15:50:20 | call to getenv | call to getenv |
| tests.cpp:50:15:50:36 | (const char *)... | tests.cpp:50:15:50:36 | (const char *)... | tests.cpp:50:15:50:36 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:50:15:50:36 | (const char *)... | (const char *)... |
| tests.cpp:50:15:50:36 | (const char *)... | tests.cpp:50:15:50:36 | (const char *)... | tests.cpp:50:15:50:36 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:50:15:50:36 | (const char *)... | (const char *)... |
| tests.cpp:57:18:57:23 | call to getenv | tests.cpp:57:18:57:23 | call to getenv | tests.cpp:57:18:57:23 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:57:18:57:23 | call to getenv | call to getenv |
| tests.cpp:57:18:57:39 | (const char_type *)... | tests.cpp:57:18:57:23 | call to getenv | tests.cpp:57:18:57:39 | (const char_type *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:57:18:57:23 | call to getenv | call to getenv |
| tests.cpp:57:18:57:39 | (const char_type *)... | tests.cpp:57:18:57:39 | (const char_type *)... | tests.cpp:57:18:57:39 | (const char_type *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:57:18:57:39 | (const char_type *)... | (const char_type *)... |
| tests.cpp:57:18:57:39 | (const char_type *)... | tests.cpp:57:18:57:39 | (const char_type *)... | tests.cpp:57:18:57:39 | (const char_type *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:57:18:57:39 | (const char_type *)... | (const char_type *)... |
| tests.cpp:58:41:58:46 | call to getenv | tests.cpp:58:41:58:46 | call to getenv | tests.cpp:58:41:58:46 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:58:41:58:46 | call to getenv | call to getenv |
| tests.cpp:58:41:58:62 | (const char_type *)... | tests.cpp:58:41:58:46 | call to getenv | tests.cpp:58:41:58:62 | (const char_type *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:58:41:58:46 | call to getenv | call to getenv |
| tests.cpp:58:41:58:62 | (const char_type *)... | tests.cpp:58:41:58:62 | (const char_type *)... | tests.cpp:58:41:58:62 | (const char_type *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:58:41:58:62 | (const char_type *)... | (const char_type *)... |
| tests.cpp:58:41:58:62 | (const char_type *)... | tests.cpp:58:41:58:62 | (const char_type *)... | tests.cpp:58:41:58:62 | (const char_type *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:58:41:58:62 | (const char_type *)... | (const char_type *)... |
| tests.cpp:59:43:59:48 | call to getenv | tests.cpp:59:43:59:48 | call to getenv | tests.cpp:59:43:59:48 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:59:43:59:48 | call to getenv | call to getenv |
| tests.cpp:59:43:59:64 | (const char *)... | tests.cpp:59:43:59:48 | call to getenv | tests.cpp:59:43:59:64 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:59:43:59:48 | call to getenv | call to getenv |
| tests.cpp:59:43:59:64 | (const char *)... | tests.cpp:59:43:59:64 | (const char *)... | tests.cpp:59:43:59:64 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:59:43:59:64 | (const char *)... | (const char *)... |
| tests.cpp:59:43:59:64 | (const char *)... | tests.cpp:59:43:59:64 | (const char *)... | tests.cpp:59:43:59:64 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:59:43:59:64 | (const char *)... | (const char *)... |
| tests.cpp:88:15:88:17 | msg | tests.cpp:97:13:97:18 | call to getenv | tests.cpp:88:15:88:17 | msg | This operation potentially exposes sensitive system data from $@. | tests.cpp:97:13:97:18 | call to getenv | call to getenv |
| tests.cpp:88:15:88:17 | msg | tests.cpp:97:13:97:34 | (const char *)... | tests.cpp:88:15:88:17 | msg | This operation potentially exposes sensitive system data from $@. | tests.cpp:97:13:97:34 | (const char *)... | (const char *)... |
| tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:18 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:97:13:97:18 | call to getenv | call to getenv |
| tests.cpp:97:13:97:34 | (const char *)... | tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:34 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:97:13:97:18 | call to getenv | call to getenv |
| tests.cpp:97:13:97:34 | (const char *)... | tests.cpp:97:13:97:34 | (const char *)... | tests.cpp:97:13:97:34 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:97:13:97:34 | (const char *)... | (const char *)... |
| tests.cpp:97:13:97:34 | (const char *)... | tests.cpp:97:13:97:34 | (const char *)... | tests.cpp:97:13:97:34 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:97:13:97:34 | (const char *)... | (const char *)... |
| tests.cpp:111:15:111:17 | tmp | tests.cpp:131:14:131:19 | call to getenv | tests.cpp:111:15:111:17 | tmp | This operation potentially exposes sensitive system data from $@. | tests.cpp:131:14:131:19 | call to getenv | call to getenv |
| tests.cpp:111:15:111:17 | tmp | tests.cpp:131:14:131:35 | (const char *)... | tests.cpp:111:15:111:17 | tmp | This operation potentially exposes sensitive system data from $@. | tests.cpp:131:14:131:35 | (const char *)... | (const char *)... |
| tests.cpp:119:7:119:12 | (const char *)... | tests.cpp:132:14:132:19 | call to getenv | tests.cpp:119:7:119:12 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:132:14:132:19 | call to getenv | call to getenv |
| tests.cpp:119:7:119:12 | (const char *)... | tests.cpp:132:14:132:35 | (const char *)... | tests.cpp:119:7:119:12 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:132:14:132:35 | (const char *)... | (const char *)... |
| tests.cpp:124:15:124:17 | msg | tests.cpp:133:14:133:19 | call to getenv | tests.cpp:124:15:124:17 | msg | This operation potentially exposes sensitive system data from $@. | tests.cpp:133:14:133:19 | call to getenv | call to getenv |
| tests.cpp:124:15:124:17 | msg | tests.cpp:133:14:133:35 | (const char *)... | tests.cpp:124:15:124:17 | msg | This operation potentially exposes sensitive system data from $@. | tests.cpp:133:14:133:35 | (const char *)... | (const char *)... |
| tests.cpp:133:14:133:19 | call to getenv | tests.cpp:133:14:133:19 | call to getenv | tests.cpp:133:14:133:19 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:133:14:133:19 | call to getenv | call to getenv |
| tests.cpp:133:14:133:35 | (const char *)... | tests.cpp:133:14:133:19 | call to getenv | tests.cpp:133:14:133:35 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:133:14:133:19 | call to getenv | call to getenv |
| tests.cpp:133:14:133:35 | (const char *)... | tests.cpp:133:14:133:35 | (const char *)... | tests.cpp:133:14:133:35 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:133:14:133:35 | (const char *)... | (const char *)... |
| tests.cpp:133:14:133:35 | (const char *)... | tests.cpp:133:14:133:35 | (const char *)... | tests.cpp:133:14:133:35 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:133:14:133:35 | (const char *)... | (const char *)... |
| tests_passwd.cpp:18:29:18:31 | pwd | tests_passwd.cpp:16:8:16:15 | call to getpwnam | tests_passwd.cpp:18:29:18:31 | pwd | This operation potentially exposes sensitive system data from $@. | tests_passwd.cpp:16:8:16:15 | call to getpwnam | call to getpwnam |
| tests_passwd.cpp:19:26:19:28 | pwd | tests_passwd.cpp:16:8:16:15 | call to getpwnam | tests_passwd.cpp:19:26:19:28 | pwd | This operation potentially exposes sensitive system data from $@. | tests_passwd.cpp:16:8:16:15 | call to getpwnam | call to getpwnam |