mirror of
https://github.com/github/codeql.git
synced 2026-02-11 12:41:06 +01:00
b2fe615ef2
Using API graphs instead of points-to. Unfortunately, some results will be lost because of this, due to the fact that points-to tracks bitwise operations on small numbers (i.e. flags), whereas API graphs does no such thing. This means using something like `stat.S_IWUSR | stat.S_IWGRP` will not work. A custom type tracker (like the one used for `re` flags) could be used to recapture this behaviour, but I think that's best left as future work, as it's not clear to me that this query is actually worth the effort it would take to implement this.