hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
c20ee76826e10318f8f39c6fae901b743c2e8254
codeql/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.ql
Erik Krogh Kristensen 69353bb014 patch upper-case acronyms to be PascalCase
2022-03-11 11:10:33 +01:00

44 lines
1.6 KiB
Plaintext
Raw Blame History

import cpp
import semmle.code.cpp.security.Security
import semmle.code.cpp.security.TaintTrackingImpl as ASTTaintTracking
import semmle.code.cpp.ir.dataflow.DefaultTaintTracking as IRDefaultTaintTracking
import TestUtilities.InlineExpectationsTest
predicate astTaint(Expr source, Element sink, string globalVar) {
ASTTaintTracking::taintedIncludingGlobalVars(source, sink, globalVar) and globalVar != ""
}
predicate irTaint(Expr source, Element sink, string globalVar) {
IRDefaultTaintTracking::taintedIncludingGlobalVars(source, sink, globalVar) and globalVar != ""
}
class IRGlobalDefaultTaintTrackingTest extends InlineExpectationsTest {
IRGlobalDefaultTaintTrackingTest() { this = "IRGlobalDefaultTaintTrackingTest" }
override string getARelevantTag() { result = "ir" }
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(Expr source, Element tainted |
tag = "ir" and
irTaint(source, tainted, value) and
location = tainted.getLocation() and
element = tainted.toString()
)
}
}
class AstGlobalDefaultTaintTrackingTest extends InlineExpectationsTest {
AstGlobalDefaultTaintTrackingTest() { this = "ASTGlobalDefaultTaintTrackingTest" }
override string getARelevantTag() { result = "ast" }
override predicate hasActualResult(Location location, string element, string tag, string value) {
exists(Expr source, Element tainted |
tag = "ast" and
astTaint(source, tainted, value) and
location = tainted.getLocation() and
element = tainted.toString()
)
}
}
Reference in New Issue View Git Blame Copy Permalink