Predicate taintedIncludingGlobalVars
A tainted expression is either directly user input, or is computed from user input in a way that users can probably control the exact output of the computation.
This version gives the same results as tainted but also includes data flow through global variables.
The parameter globalVar
is the name of the last global variable used to move the
value from source to tainted.
Import path
import semmle.code.cpp.security.TaintTrackingImpl
predicate
taintedIncludingGlobalVars
(
Expr
source
,
Element
tainted
,
string
globalVar
)