CodeQL library for C/C++
codeql/cpp-all 6.1.4-dev (changelog, source)
Index
Search

Module Security

Definitions related to security queries. These can be extended for specific code bases.

Import path

import semmle.code.cpp.security.Security

Imports

Environment

Reading from the environment, for example with ‘getenv’.

Expr

Provides classes modeling C/C++ expressions.

FlowSource

Provides classes for modeling functions that return data from (or send data to) potentially untrusted sources. To use this QL library, create a QL class extending DataFlowFunction with a characteristic predicate that selects the function or set of functions you are modeling. Within that class, override the predicates provided by RemoteFlowSourceFunction or RemoteFlowSinkFunction to match the flow within that function.

SecurityOptions

Security pack options.

Sql

Provides abstract classes for modeling functions that execute and escape SQL query strings. To extend this QL library, create a QL class extending SqlExecutionFunction or SqlEscapeFunction with a characteristic predicate that selects the function or set of functions you are modeling. Within that class, override the predicates provided by the class to match the way a parameter flows into the function and, in the case of SqlEscapeFunction, out of the function.

Predicates

argv

The argv parameter to the main function

isProcessOperationArgument

Convenience accessor for SecurityOptions.isProcessOperationArgument

isPureFunction

Convenience accessor for SecurityOptions.isPureFunction

raisesPrivilege

Convenient accessor for SecurityOptions.raisesPrivilege

sqlArgument

Convenience accessor for SecurityOptions.sqlArgument

Classes

SecurityOptions

Extend this class to customize the security queries for a particular code base. Provide no constructor in the subclass, and override any methods that need customizing.