codeql/cpp/ql/test/library-tests/dataflow/recursion/chained_use.ql at sauyon/java-spring-stringutils · ByteDecoder/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
import cpp
import semmle.code.cpp.dataflow.DataFlow
import semmle.code.cpp.dataflow.DataFlow2
import semmle.code.cpp.dataflow.DataFlow3
import semmle.code.cpp.dataflow.DataFlow4
import semmle.code.cpp.dataflow.TaintTracking
import semmle.code.cpp.dataflow.TaintTracking2
import semmle.code.cpp.dataflow.RecursionPrevention

class TestConf1 extends DataFlow::Configuration {
  TestConf1() { this = "TestConf1" }

  override predicate isSource(DataFlow::Node source) { any() }

  override predicate isSink(DataFlow::Node sink) { any() }
}

class TestConf2 extends DataFlow2::Configuration {
  TestConf2() { this = "TestConf2" }

  override predicate isSource(DataFlow::Node source) {
    exists(TestConf1 conf1 | conf1.hasFlowTo(source))
  }

  override predicate isSink(DataFlow::Node sink) { exists(TestConf1 conf1 | conf1.hasFlowTo(sink)) }

  override predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
    exists(TestConf1 conf1 |
      conf1.hasFlowTo(n1) and
      conf1.hasFlowTo(n2)
    )
  }
}

class TestConf3 extends DataFlow3::Configuration {
  TestConf3() { this = "TestConf3" }

  override predicate isSource(DataFlow::Node source) {
    exists(TestConf2 conf2 | conf2.hasFlowTo(source))
  }

  override predicate isSink(DataFlow::Node sink) { exists(TestConf2 conf2 | conf2.hasFlowTo(sink)) }

  override predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
    exists(TestConf2 conf2 |
      conf2.hasFlowTo(n1) and
      conf2.hasFlowTo(n2)
    )
  }
}

class TestConf4 extends DataFlow4::Configuration {
  TestConf4() { this = "TestConf4" }

  override predicate isSource(DataFlow::Node source) {
    exists(TestConf3 conf3 | conf3.hasFlowTo(source))
  }

  override predicate isSink(DataFlow::Node sink) { exists(TestConf3 conf3 | conf3.hasFlowTo(sink)) }

  override predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
    exists(TestConf3 conf3 |
      conf3.hasFlowTo(n1) and
      conf3.hasFlowTo(n2)
    )
  }
}

select 1