C++: Add TaintInheritingContent
#16063
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| /** | ||
| * Object->field flow when the object is of type | ||
| * TaintInheritingContentObject and the field is named | ||
| * flowFromObject | ||
| */ |
Check warning
Code scanning / CodeQL
Class QLDoc style.
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll
Outdated
Show resolved
Hide resolved
| @@ -37,6 +38,13 @@ predicate localAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeT | |||
| ) | |||
| or | |||
| any(Ssa::Indirection ind).isAdditionalTaintStep(nodeFrom, nodeTo) | |||
| or | |||
| // object->field conflation for content that is a `TaintInheritingContent`. | |||
There was a problem hiding this comment.
It would be nice if this comment expressed the intended direction, i.e. from qualifier to field in a read of qualifier->field.
There was a problem hiding this comment.
That was indeed what I thought I was communicating with the object->field arrow. But if that's not clear I can make it more explicit
There was a problem hiding this comment.
I see what you mean, for me the word "conflation" suggests a two-way relationship (merging two things into one) which threw me off a bit - but the comment in the TaintInheritingContent class itself is completely clear.
Co-authored-by: Geoffrey White <[email protected]>
|
I guess a DCA run doesn't make much sense as there are no (default) models that use this at the moment. |
Totally agree. Once you're happy with this we can merge it. I expect the DIL to be completely identical before and after (since the abstract class is empty). |
Many other languages have found this class very useful and in the name of aligning languages we should add it to C/C++ as well.