Add string to int sanitizer.

intrigus · intrigus · commit 894a0f1c3b70 · 2022-09-12T21:02:18.000+02:00
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql b/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql
@@ -45,6 +45,10 @@ class WordexpTaintConfiguration extends TaintTracking::Configuration {
       not isCommandSubstitutionDisabled(fc)
     )
   }
+
+  override predicate isSanitizer(DataFlow::Node node) {
+    node.asExpr().getUnspecifiedType() instanceof IntegralType
+  }
 }
 
 from WordexpTaintConfiguration conf, DataFlow::PathNode sourceNode, DataFlow::PathNode sinkNode

Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,10 @@ class WordexpTaintConfiguration extends TaintTracking::Configuration {`
`45`	`45`	`not isCommandSubstitutionDisabled(fc)`
`46`	`46`	`)`
`47`	`47`	`}`
	`48`	`+`
	`49`	`+ override predicate isSanitizer(DataFlow::Node node) {`
	`50`	`+ node.asExpr().getUnspecifiedType() instanceof IntegralType`
	`51`	`+ }`
`48`	`52`	`}`
`49`	`53`
`50`	`54`	`from WordexpTaintConfiguration conf, DataFlow::PathNode sourceNode, DataFlow::PathNode sinkNode`