C++: Reduce duplication.

Author: geoffw0

cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql

@@ -88,6 +88,11 @@ module TaintedPathConfig implements DataFlow::ConfigSig {
       hasUpperBoundsCheck(checkedVar)
     )
   }
+
+  predicate isBarrierOut(DataFlow::Node node) {
+    // make sinks barriers so that we only report the closest instance
+    isSink(node)
+  }
 }
 
 module TaintedPath = TaintTracking::Global<TaintedPathConfig>;

cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected

@@ -9,7 +9,6 @@ edges
 | test.c:48:21:48:26 | *call to getenv | test.c:48:21:48:26 | *call to getenv | provenance |  |
 | test.c:48:21:48:26 | *call to getenv | test.c:49:11:49:17 | *tainted | provenance |  |
 | test.c:54:21:54:26 | *call to getenv | test.c:55:11:55:16 | *buffer | provenance | TaintFunction |
-| test.c:54:21:54:26 | *call to getenv | test.c:56:11:56:16 | *buffer | provenance | TaintFunction |
 | test.c:74:13:74:18 | read output argument | test.c:76:11:76:16 | *buffer | provenance |  |
 | test.c:75:13:75:18 | read output argument | test.c:76:11:76:16 | *buffer | provenance |  |
 nodes
@@ -27,7 +26,6 @@ nodes
 | test.c:49:11:49:17 | *tainted | semmle.label | *tainted |
 | test.c:54:21:54:26 | *call to getenv | semmle.label | *call to getenv |
 | test.c:55:11:55:16 | *buffer | semmle.label | *buffer |
-| test.c:56:11:56:16 | *buffer | semmle.label | *buffer |
 | test.c:69:14:69:20 | *access to array | semmle.label | *access to array |
 | test.c:74:13:74:18 | read output argument | semmle.label | read output argument |
 | test.c:75:13:75:18 | read output argument | semmle.label | read output argument |
@@ -40,7 +38,6 @@ subpaths
 | test.c:44:11:44:18 | fileName | test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | *fileName | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:43:17:43:24 | scanf output argument | user input (value read by scanf) |
 | test.c:49:11:49:17 | tainted | test.c:48:21:48:26 | *call to getenv | test.c:49:11:49:17 | *tainted | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:48:21:48:26 | *call to getenv | user input (an environment variable) |
 | test.c:55:11:55:16 | buffer | test.c:54:21:54:26 | *call to getenv | test.c:55:11:55:16 | *buffer | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:54:21:54:26 | *call to getenv | user input (an environment variable) |
-| test.c:56:11:56:16 | buffer | test.c:54:21:54:26 | *call to getenv | test.c:56:11:56:16 | *buffer | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:54:21:54:26 | *call to getenv | user input (an environment variable) |
 | test.c:69:14:69:20 | access to array | test.c:8:27:8:30 | **argv | test.c:69:14:69:20 | *access to array | This argument to a file access function is derived from $@ and then passed to readFile(fileName), which calls fopen(filename). | test.c:8:27:8:30 | **argv | user input (a command-line argument) |
 | test.c:76:11:76:16 | buffer | test.c:74:13:74:18 | read output argument | test.c:76:11:76:16 | *buffer | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:74:13:74:18 | read output argument | user input (buffer read by read) |
 | test.c:76:11:76:16 | buffer | test.c:75:13:75:18 | read output argument | test.c:76:11:76:16 | *buffer | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:75:13:75:18 | read output argument | user input (buffer read by read) |