CodeQL library for C/C++
Search

Module TaintTrackingImpl

DEPRECATED: we now use semmle.code.cpp.ir.dataflow.DefaultTaintTracking, which is based on the IR but designed to behave similarly to this old libarary.

Provides the implementation of semmle.code.cpp.security.TaintTracking. Do not import this file directly.

Import path

import semmle.code.cpp.security.TaintTrackingImpl

Imports

Security

Definitions related to security queries. These can be extended for specific code bases.

cpp

Provides classes and predicates for working with C/C++ code.

Predicates

globalVarFromId
resolveCall

Resolve potential target function(s) for call.

tainted

A tainted expression is either directly user input, or is computed from user input in a way that users can probably control the exact output of the computation.

taintedIncludingGlobalVars

A tainted expression is either directly user input, or is computed from user input in a way that users can probably control the exact output of the computation.

Classes

DataSensitiveCallExpr

A data sensitive call expression.

DataSensitiveExprCall

Call through a function pointer.

DataSensitiveOverriddenFunctionCall

Call to a virtual function.

FlowLocalScopeVariable

A local scope variable for which flow through is allowed.

FlowVariable

A variable for which flow through is allowed.