C++: Only allow implicit reads of fields that exist on the sink node's type.

MathiasVP · MathiasVP · commit 825628675ed9 · 2023-02-08T13:08:22.000Z
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/taint.ql b/cpp/ql/test/library-tests/dataflow/taint-tests/taint.ql
@@ -106,7 +106,7 @@ module IRTest {
     override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {
       // allow arbitrary reads at sinks
       isSink(node) and
-      c = any(DataFlow::ContentSet c_)
+      c.(DataFlow::FieldContent).getField().getDeclaringType() = node.getType().getUnspecifiedType()
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -106,7 +106,7 @@ module IRTest {`
`106`	`106`	`override predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet c) {`
`107`	`107`	`// allow arbitrary reads at sinks`
`108`	`108`	`isSink(node) and`
`109`		`- c = any(DataFlow::ContentSet c_)`
	`109`	`+ c.(DataFlow::FieldContent).getField().getDeclaringType() = node.getType().getUnspecifiedType()`
`110`	`110`	`}`
`111`	`111`	`}`
`112`	`112`	`}`