C++: Use isSanitizerOut(DataFlow::Node node) in cpp/command-line-injection

jketema · jketema · commit 83d35a9a9654 · 2022-04-08T11:28:17.000+02:00
diff --git a/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql b/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
@@ -116,8 +116,8 @@ class ExecTaintConfiguration extends TaintTracking::Configuration {
     state instanceof ConcatState
   }
 
-  override predicate isSanitizerOut(DataFlow::Node node, DataFlow::FlowState state) {
-    isSink(node, state) // Prevent duplicates along a call chain, since `shellCommand` will include wrappers
+  override predicate isSanitizerOut(DataFlow::Node node) {
+    isSink(node, _) // Prevent duplicates along a call chain, since `shellCommand` will include wrappers
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -116,8 +116,8 @@ class ExecTaintConfiguration extends TaintTracking::Configuration {`
`116`	`116`	`state instanceof ConcatState`
`117`	`117`	`}`
`118`	`118`
`119`		`- override predicate isSanitizerOut(DataFlow::Node node, DataFlow::FlowState state) {`
`120`		- isSink(node, state) // Prevent duplicates along a call chain, since `shellCommand` will include wrappers
	`119`	`+ override predicate isSanitizerOut(DataFlow::Node node) {`
	`120`	+ isSink(node, _) // Prevent duplicates along a call chain, since `shellCommand` will include wrappers
`121`	`121`	`}`
`122`	`122`	`}`
`123`	`123`