For other CodeQL resources, including tutorials and examples, see the CodeQL documentation

TaintTrackingImpl

Module TaintTrackingImpl

DEPRECATED: we now use semmle.code.cpp.ir.dataflow.DefaultTaintTracking, which is based on the IR but designed to behave similarly to this old library.

Provides the implementation of semmle.code.cpp.security.TaintTracking. Do not import this file directly.

Import path


                                import semmle.code.cpp.security.TaintTrackingImpl

Imports

Security	Definitions related to security queries. These can be extended for specific code bases.
cpp	Provides classes and predicates for working with C/C++ code.

Predicates

globalVarFromId
resolveCall	Resolve potential target function(s) for `call`.
tainted	A tainted expression is either directly user input, or is computed from user input in a way that users can probably control the exact output of the computation.
taintedIncludingGlobalVars	A tainted expression is either directly user input, or is computed from user input in a way that users can probably control the exact output of the computation.

Classes

DataSensitiveCallExpr	A data sensitive call expression.
DataSensitiveExprCall	Call through a function pointer.
DataSensitiveOverriddenFunctionCall	Call to a virtual function.
FlowLocalScopeVariable	A local scope variable for which flow through is allowed.
FlowVariable	A variable for which flow through is allowed.