Major change in order to support the rule for C as well as cpp

2026-04-29 18:55:14 +02:00 · 2018-09-21 16:47:31 -07:00
parent 94f752c59c
commit 242ee10806
12 changed files with 293 additions and 114 deletions
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.c
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.c
@@ -0,0 +1,100 @@
+// semmle-extractor-options: --microsoft
+// winnt.h
+typedef long HRESULT;
+#define SUCCEEDED(hr) (((HRESULT)(hr)) >= 0)
+#define FAILED(hr) (((HRESULT)(hr)) < 0)
+
+typedef _Bool    bool;
+#define FALSE 0
+
+// minwindef.h
+typedef int                 BOOL;
+#ifndef FALSE
+#define FALSE               0
+#endif
+#ifndef TRUE
+#define TRUE                1
+#endif
+
+// winerror.h
+#define S_OK                                   ((HRESULT)0L)
+#define S_FALSE                                ((HRESULT)1L)
+#define _HRESULT_TYPEDEF_(_sc) ((HRESULT)_sc)
+#define E_UNEXPECTED                     _HRESULT_TYPEDEF_(0x8000FFFFL)
+
+HRESULT HresultFunction()
+{
+    return S_OK;
+}
+
+BOOL BoolFunction()
+{
+    return FALSE;
+}
+
+bool BoolFunction2()
+{
+    return FALSE;
+}
+
+HRESULT IncorrectHresultFunction()
+{
+    return BoolFunction(); // BUG
+}
+
+HRESULT IncorrectHresultFunction2()
+{
+    return BoolFunction2(); // BUG
+}
+
+void IncorrectTypeConversionTest() {
+
+    HRESULT hr = HresultFunction();
+    if ((BOOL)hr) // BUG
+    {
+        // ...
+    }
+    if ((bool)hr) // BUG
+    {
+        // ...
+    }
+    if (SUCCEEDED(hr)) // Correct Usage
+    {
+        // ...
+    }
+
+    if (SUCCEEDED(BoolFunction())) // BUG
+    {
+        // ...
+    }
+    if (SUCCEEDED(BoolFunction2())) // BUG
+    {
+        // ...
+    }
+    if (BoolFunction()) // Correct Usage
+    {
+        // ...
+    }
+    BOOL b = IncorrectHresultFunction(); // BUG
+    bool b2 = IncorrectHresultFunction(); // BUG
+
+    hr = E_UNEXPECTED;
+    if (!hr) // BUG
+    {
+        // ...
+    }
+    if (!FAILED(hr)) // Correct Usage
+    {
+        // ...
+    }
+
+    hr = S_FALSE;
+    if (hr) // BUG
+    {
+        // ...
+    }
+    if (SUCCEEDED(hr)) // Correct Usage
+    {
+        // ...
+    }
+}
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.cpp
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.cpp
@@ -0,0 +1,97 @@
+// semmle-extractor-options: --microsoft
+// winnt.h
+typedef long HRESULT; 
+#define SUCCEEDED(hr) (((HRESULT)(hr)) >= 0)
+#define FAILED(hr) (((HRESULT)(hr)) < 0)
+
+// minwindef.h
+typedef int                 BOOL; 
+#ifndef FALSE
+#define FALSE               0
+#endif
+#ifndef TRUE
+#define TRUE                1
+#endif
+
+// winerror.h
+#define S_OK                                   ((HRESULT)0L)
+#define S_FALSE                                ((HRESULT)1L)
+#define _HRESULT_TYPEDEF_(_sc) ((HRESULT)_sc)
+#define E_UNEXPECTED                     _HRESULT_TYPEDEF_(0x8000FFFFL)
+
+HRESULT HresultFunction()
+{
+    return S_OK;
+}
+
+BOOL BoolFunction()
+{
+    return FALSE;
+}
+
+bool BoolFunction2()
+{
+    return FALSE;
+}
+
+HRESULT IncorrectHresultFunction()
+{
+    return BoolFunction(); // BUG
+}
+
+HRESULT IncorrectHresultFunction2()
+{
+    return BoolFunction2(); // BUG
+}
+
+void IncorrectTypeConversionTest() {
+
+    HRESULT hr = HresultFunction();
+    if ((BOOL)hr) // BUG
+    {
+        // ...
+    }
+    if ((bool)hr) // BUG
+    {
+        // ...
+    }
+    if (SUCCEEDED(hr)) // Correct Usage
+    {
+        // ...
+    }
+
+    if (SUCCEEDED(BoolFunction())) // BUG
+    {
+        // ...
+    }
+    if (SUCCEEDED(BoolFunction2())) // BUG
+    {
+        // ...
+    }
+    if (BoolFunction()) // Correct Usage
+    {
+        // ...
+    }
+    BOOL b = IncorrectHresultFunction(); // BUG
+    bool b2 = IncorrectHresultFunction(); // BUG
+
+    hr = E_UNEXPECTED;
+    if (!hr) // BUG
+    {
+        // ...
+    }
+    if (!FAILED(hr)) // Correct Usage
+    {
+        // ...
+    }
+
+    hr = S_FALSE;
+    if (hr) // BUG
+    {
+        // ...
+    }
+    if (SUCCEEDED(hr)) // Correct Usage
+    {
+        // ...
+    }
+}
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.expected
@@ -0,0 +1,20 @@
+| HResultBooleanConversion.c:42:12:42:23 | call to BoolFunction | Implicit conversion from BOOL to HRESULT |
+| HResultBooleanConversion.c:47:12:47:24 | call to BoolFunction2 | Implicit conversion from bool to HRESULT |
+| HResultBooleanConversion.c:53:15:53:16 | hr | Explicit conversion from HRESULT to BOOL |
+| HResultBooleanConversion.c:57:15:57:16 | hr | Explicit conversion from HRESULT to bool |
+| HResultBooleanConversion.c:66:9:66:33 | (...) | Explicit conversion from BOOL to HRESULT |
+| HResultBooleanConversion.c:70:9:70:34 | (...) | Explicit conversion from bool to HRESULT |
+| HResultBooleanConversion.c:78:14:78:37 | call to IncorrectHresultFunction | Implicit conversion from HRESULT to BOOL |
+| HResultBooleanConversion.c:79:15:79:38 | call to IncorrectHresultFunction | Implicit conversion from HRESULT to bool |
+| HResultBooleanConversion.c:82:10:82:11 | hr | Usage of a type HRESULT as an argument of a unary logical operation |
+| HResultBooleanConversion.c:92:9:92:10 | hr | Direct usage of a type HRESULT as a conditional expression |
+| HResultBooleanConversion.cpp:39:12:39:23 | call to BoolFunction | Implicit conversion from BOOL to HRESULT |
+| HResultBooleanConversion.cpp:44:12:44:24 | call to BoolFunction2 | Implicit conversion from bool to HRESULT |
+| HResultBooleanConversion.cpp:50:15:50:16 | hr | Explicit conversion from HRESULT to BOOL |
+| HResultBooleanConversion.cpp:54:15:54:16 | hr | Explicit conversion from HRESULT to bool |
+| HResultBooleanConversion.cpp:63:9:63:33 | (...) | Explicit conversion from BOOL to HRESULT |
+| HResultBooleanConversion.cpp:67:9:67:34 | (...) | Explicit conversion from bool to HRESULT |
+| HResultBooleanConversion.cpp:75:14:75:37 | call to IncorrectHresultFunction | Implicit conversion from HRESULT to BOOL |
+| HResultBooleanConversion.cpp:76:15:76:38 | call to IncorrectHresultFunction | Implicit conversion from HRESULT to bool |
+| HResultBooleanConversion.cpp:79:10:79:11 | hr | Implicit conversion from HRESULT to bool |
+| HResultBooleanConversion.cpp:89:9:89:10 | hr | Implicit conversion from HRESULT to bool |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.qlref
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.qlref
@@ -0,0 +1 @@
+Security/CWE/CWE-253/HResultBooleanConversion.ql
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-704/IncorrectTypeConversion.cpp
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-704/IncorrectTypeConversion.cpp
@@ -1,76 +0,0 @@
-// winnt.h
-typedef long HRESULT; 
-#define SUCCEEDED(hr) (((HRESULT)(hr)) >= 0)
-#define FAILED(hr) (((HRESULT)(hr)) < 0)
-
-// minwindef.h
-typedef int                 BOOL; 
-#ifndef FALSE
-#define FALSE               0
-#endif
-#ifndef TRUE
-#define TRUE                1
-#endif
-
-// winerror.h
-#define S_OK                                   ((HRESULT)0L)
-#define S_FALSE                                ((HRESULT)1L)
-#define _HRESULT_TYPEDEF_(_sc) ((HRESULT)_sc)
-#define E_UNEXPECTED                     _HRESULT_TYPEDEF_(0x8000FFFFL)
-
-HRESULT HresultFunction()
-{
-	return S_OK;
-}
-
-BOOL BoolFunction()
-{
-	return FALSE;
-}
-
-HRESULT IncorrectHresultFunction()
-{
-	return BoolFunction(); // BUG
-}
-
-void IncorrectTypeConversionTest() {
-	HRESULT hr = HresultFunction();
-	if ((BOOL)hr) // BUG
-	{
-		// ...
-	}
-	if (SUCCEEDED(hr)) // Correct Usage
-	{
-		// ...
-	}
-
-	if (SUCCEEDED(BoolFunction())) // BUG
-	{
-		// ...
-	}
-	if (BoolFunction()) // Correct Usage
-	{
-		// ...
-	}
-	BOOL b = IncorrectHresultFunction(); // BUG
-
-	hr = E_UNEXPECTED;
-	if (!hr) // BUG
-	{
-		// ...
-	}
-	if (!FAILED(hr)) // Correct Usage
-	{
-		// ...
-	}
-
-	hr = S_FALSE;
-	if (hr) // BUG
-	{
-		// ...
-	}
-	if (SUCCEEDED(hr)) // Correct Usage
-	{
-		// ...
-	}
-}
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-704/IncorrectTypeConversion.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-704/IncorrectTypeConversion.expected
@@ -1,6 +0,0 @@
-| IncorrectTypeConversion.cpp:33:9:33:20 | call to BoolFunction | Implicit conversion from BOOL to HRESULT |
-| IncorrectTypeConversion.cpp:38:12:38:13 | hr | Explicit conversion from HRESULT to BOOL |
-| IncorrectTypeConversion.cpp:47:6:47:30 | (...) | Explicit conversion from BOOL to HRESULT |
-| IncorrectTypeConversion.cpp:55:11:55:34 | call to IncorrectHresultFunction | Implicit conversion from HRESULT to BOOL |
-| IncorrectTypeConversion.cpp:58:7:58:8 | hr | Implicit conversion from HRESULT to bool |
-| IncorrectTypeConversion.cpp:68:6:68:7 | hr | Implicit conversion from HRESULT to bool |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-704/IncorrectTypeConversion.qlref
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-704/IncorrectTypeConversion.qlref
@@ -1 +0,0 @@
-Security/CWE/CWE-704/IncorrectTypeConversion.ql
				`@@ -0,0 +1 @@`
				`Security/CWE/CWE-253/HResultBooleanConversion.ql`
				`@@ -1 +0,0 @@`
				`Security/CWE/CWE-704/IncorrectTypeConversion.ql`