hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5973 from MathiasVP/more-uncontrolled-arith-improvements

Browse Source 
C++: More `cpp/uncontrolled-arithmetic` improvements
This commit is contained in:
Jonas Jensen
2021-06-01 10:44:29 +02:00
committed by GitHub
parent 6d7b95c15d 8765c33847
commit 2261085cfe
2 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
View File

@@ -19,7 +19,11 @@ import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
import TaintedWithPath
predicate isUnboundedRandCall(FunctionCall fc) {
fc.getTarget().getName() = "rand" and not bounded(fc)
exists(Function func | func = fc.getTarget() |
func.hasGlobalOrStdOrBslName("rand") and
not bounded(fc) and
func.getNumberOfParameters() = 0
)
}
/**
@@ -84,6 +88,10 @@ predicate bounded(Expr e) {
boundedDiv(e, any(DivExpr div).getLeftOperand())
or
boundedDiv(e, any(AssignDivExpr div).getLValue())
or
boundedDiv(e, any(RShiftExpr shift).getLeftOperand())
or
boundedDiv(e, any(AssignRShiftExpr div).getLValue())
}
predicate isUnboundedRandCallOrParent(Expr e) {