Module DefaultTaintTracking

DEPRECATED: Use semmle.code.cpp.ir.dataflow.TaintTracking as a replacement.

An IR taint tracking library that uses an IR DataFlow configuration to track taint from user inputs as defined by semmle.code.cpp.security.Security.

Import path

import semmle.code.cpp.ir.dataflow.DefaultTaintTracking

Imports

Security	Definitions related to security queries. These can be extended for specific code bases.
cpp	Provides classes and predicates for working with C/C++ code.

Aliases

TaintedWithPath	Provides definitions for augmenting source/sink pairs with data-flow paths between them. From a `@kind path-problem` query, import this module in the global scope, extend `TaintTrackingConfiguration`, and use `taintedWithPath` in place of `tainted`.
globalVarFromId	Gets the global variable whose qualified name is `id`. Use this predicate together with `taintedIncludingGlobalVars`. Example:
predictableOnlyFlow	Functions that we should only allow taint to flow through (to the return value) if all but the source argument are ‘predictable’. This is done to emulate the old security library’s implementation rather than due to any strong belief that this is the right approach.
tainted	Holds if `tainted` may contain taint from `source`.
taintedIncludingGlobalVars	Holds if `tainted` may contain taint from `source`, where the taint passed through a global variable named `globalVar`.