False positive fix for cpp/uninitialized-local

2026-04-21 06:55:31 +02:00 · 2024-01-29 13:21:05 -05:00
parent aeae208dc3
commit 13cf555cee
3 changed files with 22 additions and 1 deletions
--- a/Management/UninitializedLocal.ql
+++ b/Management/UninitializedLocal.ql
@@ -86,5 +86,10 @@ from
 where
  conf.hasFlowPath(source, sink) and
  isSinkImpl(sink.getInstruction(), va) and
-  v = va.getTarget()
+  v = va.getTarget() and
+  (
+    exists(Call c | c.getQualifier() = va)
+    implies
+    exists(Call c | c.getQualifier() = va and not c.getTarget().isStatic())
+  )
 select va, "The variable $@ may not be initialized at this access.", v, v.getName()
--- a/cpp/ql/src/change-notes/2024-01-29-uninitialized-local-false-positive.md
+++ b/cpp/ql/src/change-notes/2024-01-29-uninitialized-local-false-positive.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Corrected a false positive with `cpp/uninitialized-local`: `a->func()` is a false positive if `func` is static regardless of if `a` is initializeed.
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/test.cpp
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/test.cpp
@@ -532,4 +532,16 @@ int non_exhaustive_switch_2(State s) {
 		return y; // GOOD (y is not initialized when s = StateC, but if s = StateC we won't reach this point)
 	}
 	return 0;
+}
+
+class StaticMethodClass{
+    public:
+    static int get(){
+        return 1;
+    }
+};
+
+int static_method_false_positive(){
+    StaticMethodClass *t;
+	int i = t->get(); // GOOD: the `get` method is static and this is equivalent to StaticMethodClass::get()
 }