C++: Suppress FieldAddressInstruction taint

See code comment. This fixes false positives on openjdk/jdk.
2026-04-30 11:15:13 +02:00 · 2020-04-06 15:10:47 +02:00
parent 3b76509159
commit e37aab5002
4 changed files with 11 additions and 7 deletions
--- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/defaulttainttracking.cpp
+++ b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/defaulttainttracking.cpp
@@ -93,8 +93,8 @@ struct Point {
  int y;

  void callSink() {
-    sink(this->x); // tainted
-    sink(this->y); // not tainted [FALSE POSITIVE]
+    sink(this->x); // tainted [NOT DETECTED]
+    sink(this->y); // not tainted
  }
 };