1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
import cpp
import semmle.code.cpp.dataflow.DataFlow
class StringLiteralNode extends DataFlow::Node {
StringLiteralNode() { this.asExpr() instanceof StringLiteral }
}
class CmpArgNode extends DataFlow::Node {
CmpArgNode() {
exists(FunctionCall fc |
fc.getTarget().getName().regexpMatch(".*(str|mem|strn|b)*(cmp|str)*") and
fc.getArgument(0) = this.asExpr()
)
or
exists(FunctionCall fc |
fc.getTarget().getName().regexpMatch(".*(str|mem|strn|b)*(cmp|str)*") and
fc.getArgument(1) = this.asExpr()
)
}
}
from StringLiteralNode src, CmpArgNode arg
where
DataFlow::localFlow(src, arg)
select src.asExpr().(StringLiteral).toString()
|
