CodeQL library for C#
codeql/csharp-all 0.8.9 (changelog, source)
Search

Member predicate HardcodedSymmetricEncryptionKey::TaintTrackingConfiguration::isAdditionalTaintStep

Since CryptographicBuffer uses native code inside, taint tracking doesn’t pass through it. Need to create an additional custom step.

predicate isAdditionalTaintStep(Node pred, Node succ)