CodeQL library for C/C++
Search

Predicate TaintedWithPath::taintedWithPath

Holds if tainted may contain taint from source, where sourceNode and sinkNode are the corresponding PathNodes that can be used in a query to provide path explanations. Extend TaintTrackingConfiguration to use this predicate.

A tainted expression is either directly user input, or is computed from user input in a way that users can probably control the exact output of the computation.

Import path

import semmle.code.cpp.ir.dataflow.DefaultTaintTracking
predicate taintedWithPath(Expr source, Element tainted, PathNode sourceNode, PathNode sinkNode)