hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Add models-as-data models for ZMQ networking library + wiring.

Browse Source
This commit is contained in:
Geoffrey White
2024-03-28 17:57:20 +00:00
parent 16f9ad06ef
commit fa26b55452
7 changed files with 69 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql
View File

@@ -16,6 +16,7 @@ import cpp
import semmle.code.cpp.ir.dataflow.TaintTracking
import semmle.code.cpp.models.interfaces.FlowSource
import semmle.code.cpp.models.implementations.Memset
import semmle.code.cpp.security.FlowSources
import ExposedSystemData::PathGraph
import SystemData
@@ -23,10 +24,12 @@ module ExposedSystemDataConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source = any(SystemData sd).getAnExpr() }
predicate isSink(DataFlow::Node sink) {
exists(FunctionCall fc, FunctionInput input, int arg |
fc.getTarget().(RemoteFlowSinkFunction).hasRemoteFlowSink(input, _) and
input.isParameterDeref(arg) and
fc.getArgument(arg).getAChild*() = sink.asIndirectExpr()
sink instanceof RemoteFlowSink
or
// workaround for cases where the sink contains the tainted thing as a child; this could
// probably be handled better with taint inheriting content or similar modelling.
exists(RemoteFlowSink sinkNode |
sinkNode.asIndirectExpr().getAChild*() = sink.asIndirectExpr()
)
}