hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Account for pointer / reference parameters to operator<<.

Browse Source
This commit is contained in:
Geoffrey White
2020-09-11 15:04:52 +01:00
parent d648150322
commit d3ca140eeb
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
cpp/ql/src/semmle/code/cpp/models/implementations/StdString.qll
View File

@@ -309,14 +309,20 @@ class StdOStreamOut extends DataFlowFunction, TaintFunction {
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
// flow from first parameter to qualifier
// flow from first parameter (value or pointer) to qualifier
input.isParameter(0) and
output.isQualifierObject()
or
// flow from first parameter to return value
input.isParameterDeref(0) and
output.isQualifierObject()
or
// flow from first parameter (value or pointer) to return value
input.isParameter(0) and
output.isReturnValueDeref()
or
input.isParameterDeref(0) and
output.isReturnValueDeref()
or
// reverse flow from returned reference to the qualifier
input.isReturnValueDeref() and
output.isQualifierObject()