Merge pull request github#8702 from jketema/command-line-sanitizer

jketema · web-flow · commit 4cfe04567ff6 · 2022-04-08T23:42:35.000+02:00
C++: Use `isSanitizerOut(DataFlow::Node node)` in `cpp/command-line-injection`
diff --git a/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql b/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
@@ -116,8 +116,8 @@ class ExecTaintConfiguration extends TaintTracking::Configuration {
     state instanceof ConcatState
   }
 
-  override predicate isSanitizerOut(DataFlow::Node node, DataFlow::FlowState state) {
-    isSink(node, state) // Prevent duplicates along a call chain, since `shellCommand` will include wrappers
+  override predicate isSanitizerOut(DataFlow::Node node) {
+    isSink(node, _) // Prevent duplicates along a call chain, since `shellCommand` will include wrappers
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -116,8 +116,8 @@ class ExecTaintConfiguration extends TaintTracking::Configuration {`
`116`	`116`	`state instanceof ConcatState`
`117`	`117`	`}`
`118`	`118`
`119`		`- override predicate isSanitizerOut(DataFlow::Node node, DataFlow::FlowState state) {`
`120`		- isSink(node, state) // Prevent duplicates along a call chain, since `shellCommand` will include wrappers
	`119`	`+ override predicate isSanitizerOut(DataFlow::Node node) {`
	`120`	+ isSink(node, _) // Prevent duplicates along a call chain, since `shellCommand` will include wrappers
`121`	`121`	`}`
`122`	`122`	`}`
`123`	`123`