hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #58 from microsoft/jb1/improper-array-index

Browse Source 
Jb1/improper array index
This commit is contained in:
Josh Brown
2024-04-19 03:24:27 +10:00
committed by GitHub
parent 9709ebb2a3 db49d95e77
commit 20033b9b04
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql
View File

@@ -66,7 +66,10 @@ predicate predictableInstruction(Instruction instr) {
}
module ImproperArrayIndexValidationConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { isFlowSource(source, _) }
predicate isSource(DataFlow::Node source) {
isFlowSource(source, _) and
not source.getLocation().getFile().getRelativePath().regexpMatch("(.*/)?tests?/.*")
}
predicate isBarrier(DataFlow::Node node) {
hasUpperBound(node.asExpr())
@@ -117,7 +120,8 @@ module ImproperArrayIndexValidationConfig implements DataFlow::ConfigSig {
module ImproperArrayIndexValidation = TaintTracking::Global<ImproperArrayIndexValidationConfig>;
from
ImproperArrayIndexValidation::PathNode source, ImproperArrayIndexValidation::PathNode sink,
ImproperArrayIndexValidation::PathNode source,
ImproperArrayIndexValidation::PathNode sink,
string sourceType
where
ImproperArrayIndexValidation::flowPath(source, sink) and