mirror of
https://github.com/github/codeql.git
synced 2025-12-24 04:36:35 +01:00
dcb24e07c3
With this change, the `IRDataflowTestCommon.qll` and `DataflowTestCommon.qll` files use the same definitions of sources and sinks. Since the IR data flow library is meant to be compatible with the AST data flow library, this is what we ought to be testing. Two alerts change but not necessarily for the right reasons.
30 lines
826 B
Plaintext
30 lines
826 B
Plaintext
import cpp
|
|
import semmle.code.cpp.ir.dataflow.DataFlow
|
|
|
|
/** Common data flow configuration to be used by tests. */
|
|
class TestAllocationConfig extends DataFlow::Configuration {
|
|
TestAllocationConfig() {
|
|
this = "TestAllocationConfig"
|
|
}
|
|
|
|
override predicate isSource(DataFlow::Node source) {
|
|
source.asExpr().(FunctionCall).getTarget().getName() = "source"
|
|
or
|
|
source.asParameter().getName().matches("source%")
|
|
or
|
|
// Track uninitialized variables
|
|
exists(source.asUninitialized())
|
|
}
|
|
|
|
override predicate isSink(DataFlow::Node sink) {
|
|
exists(FunctionCall call |
|
|
call.getTarget().getName() = "sink" and
|
|
sink.asExpr() = call.getAnArgument()
|
|
)
|
|
}
|
|
|
|
override predicate isBarrier(DataFlow::Node barrier) {
|
|
barrier.asExpr().(VariableAccess).getTarget().hasName("barrier")
|
|
}
|
|
}
|