You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/language/learn-ql/cpp/dataflow.rst
+11-3Lines changed: 11 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -244,15 +244,15 @@ The following data flow configuration tracks data flow from environment variable
244
244
select fopen, "This 'fopen' uses data from $@.",
245
245
getenv, "call to 'getenv'"
246
246
247
-
The following taint tracking configuration tracks data from a call to ``ntohl`` to an array index operation. It uses the ``Guards`` library to recognize expressions that have been bounds checked and avoid propagating taint through them.
247
+
The following taint tracking configuration tracks data from a call to ``ntohl`` to an array index operation. It uses the ``Guards`` library to recognize expressions that have been bounds checked and avoid propagating taint through them. It also uses ``isAdditionalTaintStep`` to add flow from loop bounds to loop indexes.
248
248
249
249
.. code-block:: ql
250
250
251
251
import cpp
252
252
import semmle.code.cpp.controlflow.Guards
253
253
import semmle.code.cpp.dataflow.TaintTracking
254
254
255
-
class NetworkToBufferSizeConfiguration extends DataFlow::Configuration {
255
+
class NetworkToBufferSizeConfiguration extends TaintTracking::Configuration {
256
256
NetworkToBufferSizeConfiguration() { this = "NetworkToBufferSizeConfiguration" }
0 commit comments