hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 20:26:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

C++: Update NonConstantFormat with DataFlow::ConfigSig

Browse Source
This commit is contained in:
Jeroen Ketema
2023-03-08 14:45:50 +01:00
parent 661160a98e
commit e65ba13da4
1 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql
View File

@@ -120,7 +120,7 @@ predicate isNonConst(DataFlow::Node node, boolean isIndirect) {
} }
pragma[noinline] pragma[noinline]
predicate isSanitizerNode(DataFlow::Node node) { predicate isBarrierNode(DataFlow::Node node) {
underscoreMacro([node.asExpr(), node.asIndirectExpr()]) underscoreMacro([node.asExpr(), node.asIndirectExpr()])
or or
exists(node.asExpr()) and exists(node.asExpr()) and
@@ -132,10 +132,8 @@ predicate isSinkImpl(DataFlow::Node sink, Expr formatString) {
exists(FormattingFunctionCall fc | formatString = fc.getArgument(fc.getFormatParameterIndex())) exists(FormattingFunctionCall fc | formatString = fc.getArgument(fc.getFormatParameterIndex()))
} }
class NonConstFlow extends TaintTracking::Configuration { module NonConstFlowConfiguration implements DataFlow::ConfigSig {
NonConstFlow() { this = "NonConstFlow" } predicate isSource(DataFlow::Node source) {
override predicate isSource(DataFlow::Node source) {
exists(boolean isIndirect, Type t | exists(boolean isIndirect, Type t |
isNonConst(source, isIndirect) and isNonConst(source, isIndirect) and
t = source.getType() and t = source.getType() and
@@ -143,16 +141,18 @@ class NonConstFlow extends TaintTracking::Configuration {
) )
} }
override predicate isSink(DataFlow::Node sink) { isSinkImpl(sink, _) } predicate isSink(DataFlow::Node sink) { isSinkImpl(sink, _) }
override predicate isSanitizer(DataFlow::Node node) { isSanitizerNode(node) } predicate isBarrier(DataFlow::Node node) { isBarrierNode(node) }
} }
module NonConstFlow = TaintTracking::Make<NonConstFlowConfiguration>;
from FormattingFunctionCall call, Expr formatString from FormattingFunctionCall call, Expr formatString
where where
call.getArgument(call.getFormatParameterIndex()) = formatString and call.getArgument(call.getFormatParameterIndex()) = formatString and
exists(NonConstFlow cf, DataFlow::Node sink | exists(DataFlow::Node sink |
cf.hasFlowTo(sink) and NonConstFlow::hasFlowTo(sink) and
isSinkImpl(sink, formatString) isSinkImpl(sink, formatString)
) )
select formatString, select formatString,