Import path
import semmle.code.cpp.ir.dataflow.internal.TaintTrackingUtil
Predicates
| defaultAdditionalTaintStep | Holds if the additional step from src to sink should be included in all global taint flow configurations.
|
| defaultImplicitTaintRead | Holds if default TaintTracking::Configurations should allow implicit reads of c at sinks and inputs to additional taint steps.
|
| defaultTaintSanitizer | Holds if node should be a sanitizer in all global taint flow configurations but not in local taint.
|
| localAdditionalTaintStep | Holds if taint can flow in one local step from nodeFrom to nodeTo excluding local data flow steps. That is, nodeFrom and nodeTo are likely to represent different objects.
|
| localExprTaint | Holds if taint can flow from e1 to e2 in zero or more local (intra-procedural) steps.
|
| localInstructionTaint | Holds if taint can flow from i1 to i2 in zero or more local (intra-procedural) steps.
|
| localTaint | Holds if taint may propagate from source to sink in zero or more local (intra-procedural) steps.
|
| localTaintStep | Holds if taint propagates from nodeFrom to nodeTo in exactly one local (intra-procedural) step. This relation is only used for local taint flow (for example TaintTracking::localTaint(source, sink)) so it may contain special cases that should only apply to local taint flow.
|
| modeledTaintStep | Holds if taint can flow from nodeIn to nodeOut through a call to a modeled function.
|