hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
z80coder/ATM-feature-optimisation
codeql/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.ql
Cornelius Riemenschneider 5b1ab86ac6 C++: Port DefaultTaintTracking tests to inline expectations test.
2020-12-01 19:00:45 +01:00

44 lines
1.6 KiB
Plaintext
Raw Permalink Blame History

import cpp
import semmle.code.cpp.security.Security
import semmle.code.cpp.security.TaintTrackingImpl as ASTTaintTracking
import semmle.code.cpp.ir.dataflow.DefaultTaintTracking as IRDefaultTaintTracking
import TestUtilities.InlineExpectationsTest
predicate astTaint(Expr source, Element sink, string globalVar) {
ASTTaintTracking::taintedIncludingGlobalVars(source, sink, globalVar) and globalVar != ""
}
predicate irTaint(Expr source, Element sink, string globalVar) {
IRDefaultTaintTracking::taintedIncludingGlobalVars(source, sink, globalVar) and globalVar != ""
}
class IRGlobalDefaultTaintTrackingTest extends InlineExpectationsTest {
IRGlobalDefaultTaintTrackingTest() { this = "IRGlobalDefaultTaintTrackingTest" }
override string getARelevantTag() { result = "ir" }
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(Expr source, Element tainted |
tag = "ir" and
irTaint(source, tainted, value) and
location = tainted.getLocation() and
element = tainted.toString()
)
}
}
class ASTGlobalDefaultTaintTrackingTest extends InlineExpectationsTest {
ASTGlobalDefaultTaintTrackingTest() { this = "ASTGlobalDefaultTaintTrackingTest" }
override string getARelevantTag() { result = "ast" }
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(Expr source, Element tainted |
tag = "ast" and
astTaint(source, tainted, value) and
location = tainted.getLocation() and
element = tainted.toString()
)
}
}
Reference in New Issue View Git Blame Copy Permalink