Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit d6ccd63

Browse files
MathiasVPMathiasVP
committed
C++: Reorganize the setup in the 'Flow from a qualifier to a field access' section.
1 parent 3de32e8 commit d6ccd63

1 file changed

Lines changed: 12 additions & 2 deletions

File tree

docs/codeql/codeql-language-guides/advanced-dataflow-scenarios-cpp.rst

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -98,7 +98,17 @@ This is simple to match because we see:
9898
Flow from a qualifier to a field access
9999
---------------------------------------
100100

101-
However, sometimes the writes or reads are not visible to CodeQL (for example, because the implementation of the function isn’t included in the database), and so dataflow won't be able to match up all stores with reads, and thus you don't get the result you want. For example, consider the following example:
101+
However, sometimes the writes or reads are not visible to CodeQL (for example, because the implementation of the function isn't included in the database), and so dataflow won't be able to match up all stores with reads, and thus you don't get the result you want. For example, consider an alternative setup where our source of data starts as the outgoing argument of a function `write_user_input_to`. We can model this setup in the dataflow library using the following ``isSource``:
102+
103+
.. code-block:: ql
104+
predicate isSource(DataFlow::Node source) {
105+
exists(Call call |
106+
call.getTarget().hasName("write_user_input_to") and
107+
source.asDefiningArgument() = call.getArgument(0)
108+
)
109+
}
110+
111+
This would match the call to ``write_user_input_to`` in the following example:
102112

103113
.. code-block:: cpp
104114
@@ -123,7 +133,7 @@ However, sometimes the writes or reads are not visible to CodeQL (for example, b
123133
free(u);
124134
}
125135
126-
Here, flow starts at the outgoing argument of ``write_user_input_to(...)`` and proceeds to ``u->p``. However, because CodeQL has not observed a write to p prior to the read ``u->p``, dataflow will stop at ``u``. In order to convince CodeQL to proceed we need to add an additional flow step through field reads like so:
136+
Flow now starts at the outgoing argument of ``write_user_input_to(...)`` and proceeds to ``u->p``. However, because CodeQL has not observed a write to ``p`` prior to the read ``u->p``, dataflow will stop at ``u``. In order to convince CodeQL to proceed we need to add an additional flow step through field reads like so:
127137

128138
.. code-block:: ql
129139

0 commit comments

Comments
 (0)