Merge pull request #9870 from jketema/exec-tainted-join

jketema · web-flow · commit 466eb4a845c5 · 2022-07-21T11:22:02.000+02:00
C++: Fix join-order problem in `cpp/command-line-injection`
diff --git a/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql b/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
@@ -77,7 +77,7 @@ class ExecState extends DataFlow::FlowState {
   ExecState() {
     this =
       "ExecState (" + fst.getLocation() + " | " + fst + ", " + snd.getLocation() + " | " + snd + ")" and
-    interestingConcatenation(fst, snd)
+    interestingConcatenation(pragma[only_bind_into](fst), pragma[only_bind_into](snd))
   }
 
   DataFlow::Node getFstNode() { result = fst }

Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,7 @@ class ExecState extends DataFlow::FlowState {`
`77`	`77`	`ExecState() {`
`78`	`78`	`this =`
`79`	`79`	`"ExecState (" + fst.getLocation() + " \| " + fst + ", " + snd.getLocation() + " \| " + snd + ")" and`
`80`		`- interestingConcatenation(fst, snd)`
	`80`	`+ interestingConcatenation(pragma[only_bind_into](fst), pragma[only_bind_into](snd))`
`81`	`81`	`}`
`82`	`82`
`83`	`83`	`DataFlow::Node getFstNode() { result = fst }`