C++: Add support for iterator parameters to std::vector::assign.

2025-12-20 10:46:30 +01:00 · 2020-09-02 16:49:18 +01:00
parent 8e9faac363
commit f61c7ffc1a
5 changed files with 22 additions and 4 deletions
--- a/cpp/ql/src/semmle/code/cpp/models/implementations/StdContainer.qll
+++ b/cpp/ql/src/semmle/code/cpp/models/implementations/StdContainer.qll
@@ -106,9 +106,17 @@ class StdSequenceContainerAssign extends TaintFunction {
      getDeclaringType().getTemplateArgument(0).(Type).getUnspecifiedType() // i.e. the `T` of this `std::vector<T>`
  }

+  /**
+   * Gets the index of a parameter to this function that is an iterator.
+   */
+  int getAnIteratorParameterIndex() { getParameter(result).getType() instanceof Iterator }
+
  override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
-    // flow from parameter to string itself (qualifier) and return value
-    input.isParameterDeref(getAValueTypeParameterIndex()) and
+    // flow from parameter to container itself (qualifier)
+    (
+      input.isParameterDeref(getAValueTypeParameterIndex()) or
+      input.isParameter(getAnIteratorParameterIndex())
+    ) and
    output.isQualifierObject()
  }
 }