Skip to content

C++: Get IR taint tracking library in sync#1886

Merged
semmle-qlci merged 4 commits into
github:masterfrom
jbj:ir-taint-shared
Sep 12, 2019
Merged

C++: Get IR taint tracking library in sync#1886
semmle-qlci merged 4 commits into
github:masterfrom
jbj:ir-taint-shared

Conversation

@jbj

@jbj jbj commented Sep 6, 2019

Copy link
Copy Markdown
Contributor

This PR replays the work in #1757 and #1806 on the IR taint-tracking library.

@jbj jbj added the C++ label Sep 6, 2019
@jbj jbj requested a review from rdmarsh2 September 6, 2019 12:57
@jbj jbj requested a review from a team as a code owner September 6, 2019 12:57
@jbj

jbj commented Sep 10, 2019

Copy link
Copy Markdown
Contributor Author

Rebased to fix merge conflicts.

*/
predicate localAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
// Taint can flow into using ordinary data flow.
DataFlow::localFlowStep(nodeFrom, nodeTo)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This conjunct contradicts the qldoc

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well spotted. Fixed.

This case was not supposed to be there -- that was the whole point of
having the `localAdditionalTaintStep` predicate.

@rdmarsh2 rdmarsh2 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Jenkins failures look transient - I've restarted the tests.

@semmle-qlci semmle-qlci merged commit 10076a6 into github:master Sep 12, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants