mirror of
https://github.com/github/codeql.git
synced 2025-12-18 09:43:15 +01:00
16 lines
506 B
Plaintext
16 lines
506 B
Plaintext
import csharp
|
|
|
|
module TaintConfig implements DataFlow::ConfigSig {
|
|
predicate isSource(DataFlow::Node node) { node.asExpr().(StringLiteral).getValue() = "tainted" }
|
|
|
|
predicate isSink(DataFlow::Node node) {
|
|
exists(MethodCall mc | mc.getTarget().hasName("Sink") and node.asExpr() = mc.getArgument(0))
|
|
}
|
|
}
|
|
|
|
module Taint = TaintTracking::Global<TaintConfig>;
|
|
|
|
from DataFlow::Node source, DataFlow::Node sink
|
|
where Taint::flow(source, sink)
|
|
select sink, "Data flow from $@.", source, source.toString()
|