C++: Fix two bugs found by @rdmarsh2

jbj · rdmarsh2 · jbj · commit 108d5177b8d2 · 2020-04-04T15:24:44.000+02:00
Co-Authored-By: Robert Marsh &lt;rdmarsh2@gmail.com&gt;
diff --git a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql
@@ -34,6 +34,6 @@ where
   not taintedWithoutGlobals(arg) and
   taintedWithPath(userValue, arg, sourceNode, sinkNode) and
   isUserInput(userValue, cause)
-select arg,
+select arg, sourceNode, sinkNode,
   "The value of this argument may come from $@ and is being used as a formatting argument to " +
     printfFunction, userValue, cause
diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
@@ -489,7 +489,7 @@ module TaintedWithPath {
     }
   }
 
-  private class WrapPathNode extends PathNode, TPathNode {
+  private class WrapPathNode extends PathNode, TWrapPathNode {
     DataFlow3::PathNode inner() { this = TWrapPathNode(result) }
 
     override string toString() { result = this.inner().toString() }

Original file line number	Diff line number	Diff line change
`@@ -489,7 +489,7 @@ module TaintedWithPath {`
`489`	`489`	`}`
`490`	`490`	`}`
`491`	`491`
`492`		`- private class WrapPathNode extends PathNode, TPathNode {`
	`492`	`+ private class WrapPathNode extends PathNode, TWrapPathNode {`
`493`	`493`	`DataFlow3::PathNode inner() { this = TWrapPathNode(result) }`
`494`	`494`
`495`	`495`	`override string toString() { result = this.inner().toString() }`