Module DataFlow

Provides a library for local (intra-procedural) and global (inter-procedural) data flow analysis: deciding whether data can flow from a source to a sink.

Unless configured otherwise, flow means that the exact value of the source may reach the sink. We do not track flow across pointer dereferences or array indexing. To track these types of flow, where the exact value may not be preserved, import semmle.code.cpp.dataflow.TaintTracking.

To use global (interprocedural) data flow, extend the class DataFlow::Configuration as documented on that class. To use local (intraprocedural) data flow, invoke DataFlow::localFlow or DataFlow::LocalFlowStep with arguments of type DataFlow::Node.

Import path




Provides classes and predicates for working with C/C++ code.