CodeQL library for C/C++
codeql/cpp-all 0.4.4 (changelog, source)

Predicate TaintedWithPath::taintedWithPath

Holds if tainted may contain taint from source, where sourceNode and sinkNode are the corresponding PathNodes that can be used in a query to provide path explanations. Extend TaintTrackingConfiguration to use this predicate.

A tainted expression is either directly user input, or is computed from user input in a way that users can probably control the exact output of the computation.

Import path

predicate taintedWithPath(Expr source, Element tainted, PathNode sourceNode, PathNode sinkNode)