From 13741ba1374f13a033dcb233d184bf67b00a2bad Mon Sep 17 00:00:00 2001
From: ihsinme <ihsinme@gmail.com>
Date: Thu, 23 Sep 2021 12:55:03 +0300
Subject: [PATCH] Update FindWrapperFunctions.ql

---
 .../Security/CWE/CWE-1041/FindWrapperFunctions.ql        | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql b/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql
index 1df7babc862..5b609697b73 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql
@@ -6,6 +6,7 @@
  * @problem.severity warning
  * @precision medium
  * @tags correctness
+ *       maintainability
  *       security
  *       external/cwe/cwe-1041
  */
@@ -48,7 +49,7 @@ predicate conditionsOutsideWrapper(FunctionCall fcp) {
   not exists(ExprCall ectmp | fcp = ectmp.getAnArgument().getAChild*())
 }
 
-/** Holds if the conditions for a call within the wrapper function are met. */
+/** Held if the conditions for calling `fcp` inside the `fnp` wrapper function are met. */
 pragma[inline]
 predicate conditionsInsideWrapper(FunctionCall fcp, Function fnp) {
   not exists(FunctionCall fctmp2 |
@@ -60,7 +61,7 @@ predicate conditionsInsideWrapper(FunctionCall fcp, Function fnp) {
   fnp.getNumberOfParameters() > 0 and
   // the call arguments must be passed through the arguments of the wrapper function
   forall(int i | i in [0 .. fcp.getNumberOfArguments() - 1] |
-    fcp.getArgument(i).(VariableAccess).getTarget() = fnp.getAParameter().getAnAccess().getTarget()
+    globalValueNumber(fcp.getArgument(i)) = globalValueNumber(fnp.getAParameter().getAnAccess())
   ) and
   // there should be no more than one required call inside the wrapper function
   not exists(FunctionCall fctmp |
@@ -119,8 +120,8 @@ predicate conditionsForWrapper(FunctionCall fcp, Function fnp) {
     forall(int i | i in [0 .. fnp.getNumberOfParameters() - 1] |
       fnp.getParameter(i).getAnAccess().getTarget() =
         fcp.getAnArgument().(VariableAccess).getTarget() or
-      fnp.getParameter(i).getType() instanceof Class or
-      fnp.getParameter(i).getType().(ReferenceType).getBaseType() instanceof Class or
+      fnp.getParameter(i).getUnspecifiedType() instanceof Class or
+      fnp.getParameter(i).getUnspecifiedType().(ReferenceType).getBaseType() instanceof Class or
       fnp.getParameter(i).getAnAccess().getTarget() =
         fctmp.getAnArgument().(VariableAccess).getTarget()
     )