CodeQL library for C/C++
codeql/cpp-all 0.12.11 (changelog, source)
Index
Search

Module TaintTrackingUtil

Import path

import semmle.code.cpp.ir.dataflow.internal.TaintTrackingUtil

Predicates

defaultAdditionalTaintStep

Holds if the additional step from src to sink should be included in all global taint flow configurations.

defaultImplicitTaintRead

Holds if default TaintTracking::Configurations should allow implicit reads of c at sinks and inputs to additional taint steps.

defaultTaintSanitizer

Holds if node should be a sanitizer in all global taint flow configurations but not in local taint.

localAdditionalTaintStep

Holds if taint can flow in one local step from nodeFrom to nodeTo excluding local data flow steps. That is, nodeFrom and nodeTo are likely to represent different objects.

localExprTaint

Holds if taint can flow from e1 to e2 in zero or more local (intra-procedural) steps.

localInstructionTaint

Holds if taint can flow from i1 to i2 in zero or more local (intra-procedural) steps.

localTaint

Holds if taint may propagate from source to sink in zero or more local (intra-procedural) steps.

localTaintStep

Holds if taint propagates from nodeFrom to nodeTo in exactly one local (intra-procedural) step.

modeledTaintStep

Holds if taint can flow from nodeIn to nodeOut through a call to a modeled function.