hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-03 00:31:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
08f6fbbe107f4fc65e1c12f317b6c5482fca8dba
codeql/cpp/ql/lib/semmle/code/cpp/models/interfaces/FlowSource.qll

69 lines
2.4 KiB
Plaintext
Raw Blame History

/**
* Provides classes for modeling functions that return data from (or send data to) potentially untrusted
* sources. To use this QL library, create a QL class extending `DataFlowFunction` with a
* characteristic predicate that selects the function or set of functions you
* are modeling. Within that class, override the predicates provided by
* `RemoteFlowSourceFunction` or `RemoteFlowSinkFunction` to match the flow within that function.
*/
import cpp
import FunctionInputsAndOutputs
import semmle.code.cpp.models.Models
/**
* A library function that returns data that may be read from a network connection.
*/
abstract class RemoteFlowSourceFunction extends Function {
/**
* Holds if remote data described by `description` flows from `output` of a call to this function.
*/
abstract predicate hasRemoteFlowSource(FunctionOutput output, string description);
/**
* Holds if remote data from this source comes from a socket or stream
* described by `input`. There is no result if none is specified by a
* parameter.
*/
predicate hasSocketInput(FunctionInput input) { none() }
}
/**
* DEPRECATED: Use `RemoteFlowSourceFunction` instead.
*
* A library function that returns data that may be read from a network connection.
*/
deprecated class RemoteFlowFunction = RemoteFlowSourceFunction;
/**
* A library function that returns data that is directly controlled by a user.
*/
abstract class LocalFlowSourceFunction extends Function {
/**
* Holds if data described by `description` flows from `output` of a call to this function.
*/
abstract predicate hasLocalFlowSource(FunctionOutput output, string description);
}
/**
* DEPRECATED: Use `LocalFlowSourceFunction` instead.
*
* A library function that returns data that is directly controlled by a user.
*/
deprecated class LocalFlowFunction = LocalFlowSourceFunction;
/** A library function that sends data over a network connection. */
abstract class RemoteFlowSinkFunction extends Function {
/**
* Holds if data described by `description` flows into `input` to a call to this function, and is then
* send over a network connection.
*/
abstract predicate hasRemoteFlowSink(FunctionInput input, string description);
/**
* Holds if data put into this sink is transmitted through a socket or stream
* described by `input`. There is no result if none is specified by a
* parameter.
*/
predicate hasSocketInput(FunctionInput input) { none() }
}
Reference in New Issue View Git Blame Copy Permalink