mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
22 lines
747 B
Plaintext
22 lines
747 B
Plaintext
import semmle.code.cpp.dataflow.new.TaintTracking
|
|
private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers
|
|
|
|
/**
|
|
* Flows from algorithm values to operations, specific to OpenSsl
|
|
*/
|
|
module AvcToCallArgConfig implements DataFlow::ConfigSig {
|
|
predicate isSource(DataFlow::Node source) {
|
|
exists(OpenSslAlgorithmValueConsumer c | c.getResultNode() = source)
|
|
}
|
|
|
|
/**
|
|
* Trace to any call accepting the algorithm.
|
|
* NOTE: users must restrict this set to the operations they are interested in.
|
|
*/
|
|
predicate isSink(DataFlow::Node sink) {
|
|
exists(Call c | c.getAnArgument() = [sink.asIndirectExpr(), sink.asExpr()])
|
|
}
|
|
}
|
|
|
|
module AvcToCallArgFlow = TaintTracking::Global<AvcToCallArgConfig>;
|