mirror of
https://github.com/github/codeql.git
synced 2025-12-22 03:36:30 +01:00
5eeb5c6e67
We designed the IR's `DataFlow::Node.asExpr` very carefully so that it's suitable for taint tracking, but then we didn't use it in `DefaultTaintTracking.qll`. This meant that the sources in `ArithmeticWithExtremeValues.ql` didn't get associated with any `Instruction` and thus didn't propagate anywhere. With this commit, the mapping of `Expr`-based sources to IR data-flow nodes uses `asExpr`.