hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 21:34:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

[DIFF-INFORMED] Java: ArithmeticUncontrolled

Browse Source 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql#L36
This commit is contained in:
Nora Dimitrijević
2025-07-16 15:02:14 +02:00
parent 54546f6e99
commit 0bcdb421ed
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
java/ql/lib/semmle/code/java/security/ArithmeticUncontrolledQuery.qll
View File

@@ -19,6 +19,14 @@ module ArithmeticUncontrolledOverflowConfig implements DataFlow::ConfigSig {
predicate isSink(DataFlow::Node sink) { overflowSink(_, sink.asExpr()) }
predicate isBarrier(DataFlow::Node n) { overflowBarrier(n) }
predicate observeDiffInformedIncrementalMode() {
any() // merged with ArithmeticUncontrolledUnderflow in ArithmeticUncontrolled.ql
}
Location getASelectedSinkLocation(DataFlow::Node sink) {
exists(ArithExpr exp | result = exp.getLocation() | overflowSink(exp, sink.asExpr()))
}
}
/** Taint-tracking flow to reason about overflow from arithmetic with uncontrolled values. */
@@ -32,6 +40,14 @@ module ArithmeticUncontrolledUnderflowConfig implements DataFlow::ConfigSig {
predicate isSink(DataFlow::Node sink) { underflowSink(_, sink.asExpr()) }
predicate isBarrier(DataFlow::Node n) { underflowBarrier(n) }
predicate observeDiffInformedIncrementalMode() {
any() // merged with ArithmeticUncontrolledOverflow in ArithmeticUncontrolled.ql
}
Location getASelectedSinkLocation(DataFlow::Node sink) {
exists(ArithExpr exp | result = exp.getLocation() | underflowSink(exp, sink.asExpr()))
}
}
/** Taint-tracking flow to reason about underflow from arithmetic with uncontrolled values. */