You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/language/learn-ql/cpp/dataflow.rst
+43Lines changed: 43 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -244,6 +244,49 @@ The following data flow configuration tracks data flow from environment variable
244
244
select fopen, "This 'fopen' uses data from $@.",
245
245
getenv, "call to 'getenv'"
246
246
247
+
The following taint-tracking configuration tracks data from a call to ``ntohl`` to an array index operation. It uses the ``Guards`` library to recognize expressions that have been bounds-checked, and defines ``isSanitizer`` to prevent taint from propagating through them. It also uses ``isAdditionalTaintStep`` to add flow from loop bounds to loop indexes.
248
+
249
+
.. code-block:: ql
250
+
251
+
import cpp
252
+
import semmle.code.cpp.controlflow.Guards
253
+
import semmle.code.cpp.dataflow.TaintTracking
254
+
255
+
class NetworkToBufferSizeConfiguration extends TaintTracking::Configuration {
256
+
NetworkToBufferSizeConfiguration() { this = "NetworkToBufferSizeConfiguration" }
0 commit comments