CodeQL library for C/C++
Search

Predicate predictableOnlyFlow

Functions that we should only allow taint to flow through (to the return value) if all but the source argument are ‘predictable’. This is done to emulate the old security library’s implementation rather than due to any strong belief that this is the right approach.

Note that the list itself is not very principled; it consists of all the functions listed in the old security library’s [default] isPureFunction that have more than one argument, but are not in the old taint tracking library’s returnArgument predicate.

Import path

import semmle.code.cpp.ir.dataflow.DefaultTaintTracking
predicate predictableOnlyFlow(string name)