github
diff --git a/‎cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll‎
Lines changed: 13 additions & 2 deletions b/‎cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll‎
Lines changed: 13 additions & 2 deletions
diff --git a/‎cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql‎
Lines changed: 1 addition & 2 deletions b/‎cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql‎
Lines changed: 1 addition & 2 deletions
@@ -752,15 +752,26 @@ private predicate exprNodeShouldBeIndirectOperand(IndirectOperand node, Expr e,
   not convertedExprMustBeOperand(e)
 }
 
+private predicate indirectExprNodeShouldBeIndirectOperand0(
+  VariableAddressInstruction instr, IndirectOperand node, Expr e
+) {
+  instr = node.getOperand().getDef() and
+  not node instanceof ExprNode and
+  e = instr.getAst().(Expr).getUnconverted()
+}
+
 /** Holds if `node` should be an `IndirectOperand` that maps `node.asIndirectExpr()` to `e`. */
 private predicate indirectExprNodeShouldBeIndirectOperand(IndirectOperand node, Expr e) {
   exists(Instruction instr |
     instr = node.getOperand().getDef() and
     not node instanceof ExprNode
   |
-    e = instr.(VariableAddressInstruction).getAst().(Expr).getFullyConverted()
+    exists(Expr e0 |
+      indirectExprNodeShouldBeIndirectOperand0(instr, node, e0) and
+      e = e0.getFullyConverted()
+    )
     or
-    not instr instanceof VariableAddressInstruction and
+    not indirectExprNodeShouldBeIndirectOperand0(_, _, e.getUnconverted()) and
     e = instr.getConvertedResultExpression()
   )
 }
 
@@ -261,8 +261,7 @@ class ToEncryptionConfiguration extends TaintTracking2::Configuration {
   ToEncryptionConfiguration() { this = "ToEncryptionConfiguration" }
 
   override predicate isSource(DataFlow::Node source) {
-    any(FromSensitiveConfiguration config).hasFlow(source, _) and
-    isSourceImpl(source)
+    any(FromSensitiveConfiguration config).hasFlow(source, _)
   }
 
   override predicate isSink(DataFlow::Node sink) { isSinkEncrypt(sink, _) }
Original file line number	Diff line number	Diff line change
`@@ -261,8 +261,7 @@ class ToEncryptionConfiguration extends TaintTracking2::Configuration {`
`261`	`261`	`ToEncryptionConfiguration() { this = "ToEncryptionConfiguration" }`
`262`	`262`
`263`	`263`	`override predicate isSource(DataFlow::Node source) {`
`264`		`- any(FromSensitiveConfiguration config).hasFlow(source, _) and`
`265`		`- isSourceImpl(source)`
	`264`	`+ any(FromSensitiveConfiguration config).hasFlow(source, _)`
`266`	`265`	`}`
`267`	`266`
`268`	`267`	`override predicate isSink(DataFlow::Node sink) { isSinkEncrypt(sink, _) }`