Module Taint

Provides an abstract class for accurate taint modeling of library functions when source code is not available. To use this QL library, create a QL class extending TaintFunction with a characteristic predicate that selects the function or set of functions you are modeling. Within that class, override the predicates provided by TaintFunction to match the flow within that function.

Import path

import semmle.code.cpp.models.interfaces.Taint

Imports

Function	Provides classes for working with functions, including template functions.
FunctionInputsAndOutputs	Provides a set of QL classes for indicating dataflows through a particular parameter, return value, or qualifier, as well as flows at one level of pointer indirection.
Models
PartialFlow	Provides an abstract class to override the implicit assumption that a dataflow/taint-tracking model always fully override the parameters they are are modeled as writing to. To use this QL library, create a QL class extending `PartialFlowFunction` with a characteristic predicate that selects the function or set of functions you are modeling and override the `isPartialWrite` predicate.

Classes

TaintFunction

A library function for which a taint-tracking library should propagate taint from a parameter or qualifier to an output buffer, return value, or qualifier.