mirror of
https://github.com/github/codeql.git
synced 2025-12-17 09:13:20 +01:00
db231a111c
The current PAM auth bypass query which was contributed by me a few months back, alert on a vulenrable function but does not check if the function is actually function. This leads to a lot of fasle positives. With this PR, I add a taint-tracking configuration to check if the username parameter can actually be supplied by an attacker. This should bring the FP's significantly down.