-
Notifications
You must be signed in to change notification settings - Fork 283
Expand file tree
/
Copy pathex8.ql
More file actions
30 lines (24 loc) · 856 Bytes
/
ex8.ql
File metadata and controls
30 lines (24 loc) · 856 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
import cpp
import semmle.code.cpp.dataflow.TaintTracking
class NetworkBytes extends FieldAccess {
NetworkBytes() {
this.getQualifier().getType().getName() = "amqp_bytes_t" and
this.getTarget().getName() = "bytes"
}
}
class TargetFunction extends Function {
TargetFunction() { this.getName() = "amqp_pool_alloc_bytes" }
}
class Config extends TaintTracking::Configuration {
Config() { this = "rabbitmq-c" }
override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof NetworkBytes }
override predicate isSink(DataFlow::Node sink) {
exists(TargetFunction function, FunctionCall call |
call = function.getACallToThisFunction() and
call.getAnArgument() = sink.asExpr()
)
}
}
from Config config, DataFlow::Node source, DataFlow::Node sink
where config.hasFlow(source, sink)
select source, sink