[DIFF-INFORMED] C++: DecompressionBombs

d10c · d10c · commit e382cb5696cc · 2025-08-15T12:00:48.000+02:00
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql b/cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql
@@ -28,6 +28,14 @@ module DecompressionTaintConfig implements DataFlow::ConfigSig {
   predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
     any(DecompressionFlowStep s).isAdditionalFlowStep(node1, node2)
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
+
+  Location getASelectedSourceLocation(DataFlow::Node source) { none() }
+
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    exists(FunctionCall fc | result = [sink.getLocation(), fc.getLocation()] | isSink(fc, sink))
+  }
 }
 
 module DecompressionTaint = TaintTracking::Global<DecompressionTaintConfig>;

Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,14 @@ module DecompressionTaintConfig implements DataFlow::ConfigSig {`
`28`	`28`	`predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {`
`29`	`29`	`any(DecompressionFlowStep s).isAdditionalFlowStep(node1, node2)`
`30`	`30`	`}`
	`31`	`+`
	`32`	`+ predicate observeDiffInformedIncrementalMode() { any() }`
	`33`	`+`
	`34`	`+ Location getASelectedSourceLocation(DataFlow::Node source) { none() }`
	`35`	`+`
	`36`	`+ Location getASelectedSinkLocation(DataFlow::Node sink) {`
	`37`	`+ exists(FunctionCall fc \| result = [sink.getLocation(), fc.getLocation()] \| isSink(fc, sink))`
	`38`	`+ }`
`31`	`39`	`}`
`32`	`40`
`33`	`41`	`module DecompressionTaint = TaintTracking::Global<DecompressionTaintConfig>;`