CPP:Only consider **argv as tainted.

alexet · alexet · commit a2f2b6c33f2c · 2023-08-25T13:05:10.000+01:00
diff --git a/cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll b/cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll
@@ -53,7 +53,7 @@ private class ArgvSource extends LocalFlowSource {
     exists(Function main, Parameter argv |
       main.hasGlobalName("main") and
       main.getParameter(1) = argv and
-      this.asParameter(_) = argv
+      this.asParameter(2) = argv
     )
   }
 

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ private class ArgvSource extends LocalFlowSource {`
`53`	`53`	`exists(Function main, Parameter argv \|`
`54`	`54`	`main.hasGlobalName("main") and`
`55`	`55`	`main.getParameter(1) = argv and`
`56`		`- this.asParameter(_) = argv`
	`56`	`+ this.asParameter(2) = argv`
`57`	`57`	`)`
`58`	`58`	`}`
`59`	`59`