CodeQL library for C/C++

Predicate tainted

Holds if tainted may contain taint from source.

A tainted expression is either directly user input, or is computed from user input in a way that users can probably control the exact output of the computation.

This doesn’t include data flow through global variables. If you need that you must call taintedIncludingGlobalVars.

Import path

predicate tainted(Expr source, Element tainted)