You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
import cpp
import semmle.code.cpp.dataflow.TaintTracking
import DataFlow::PathGraph
classNetworkByteSwapextendsExpr{NetworkByteSwap(){exists(MacroInvocationmi|(mi.getMacro().hasName("ntohs")ormi.getMacro().hasName("ntohl")ormi.getMacro().hasName("ntohll"))andthis=mi.getExpr())}}classConfigextends TaintTracking::Configuration{Config(){this="NetworkToMemFuncLength"}overridepredicateisSource(DataFlow::Nodesource){// source has to be called as Expr type because // Class NetworkByteSwap is Expr type and // has to be the same.// source type is DataFlow::Node originallysource.asExpr()instanceofNetworkByteSwap}overridepredicateisSink(DataFlow::Nodesink){exists(FunctionCallfc|fc.getTarget().getName()="memcpy"and// Here I'm taking last argument of memcpy// and saving it in sink.asExpr().// Ref: http://www.cplusplus.com/reference/cstring/memcpy// Memcpy has 3 arguments: memcpy(destination, source, bytes to copy)sink.asExpr()=fc.getArgument(fc.getNumberOfArguments()-1))}}fromConfigcfg, DataFlow::PathNodesource, DataFlow::PathNodesinkwherecfg.hasFlowPath(source,sink)selectsink,source,sink,"Network byte swap flows to memcpy"