From 2aa2f608a318c88643ac3a986acb5c396bf58b2e Mon Sep 17 00:00:00 2001
From: singleghost <codingman05@gmail.com>
Date: Tue, 10 Mar 2020 18:57:18 +0800
Subject: [PATCH] Move files related to integer overflow detection under the
 src/experimental folder

---
 .../RangeAnalysis.qll                         | 23 +++++++++++--------
 .../findOverflowExpr.qhelp                    |  0
 .../findOverflowExpr.ql                       |  4 +++-
 .../integer-overflow-example.go               |  0
 .../integer-overflow-solution-example.go      |  0
 5 files changed, 16 insertions(+), 11 deletions(-)
 rename ql/src/{Security/CWE-190 => experimental/integer-overflow-detection}/RangeAnalysis.qll (97%)
 rename ql/src/{Security/CWE-190 => experimental/integer-overflow-detection}/findOverflowExpr.qhelp (100%)
 rename ql/src/{Security/CWE-190 => experimental/integer-overflow-detection}/findOverflowExpr.ql (76%)
 rename ql/src/{Security/CWE-190 => experimental/integer-overflow-detection}/integer-overflow-example.go (100%)
 rename ql/src/{Security/CWE-190 => experimental/integer-overflow-detection}/integer-overflow-solution-example.go (100%)

diff --git a/ql/src/Security/CWE-190/RangeAnalysis.qll b/ql/src/experimental/integer-overflow-detection/RangeAnalysis.qll
similarity index 97%
rename from ql/src/Security/CWE-190/RangeAnalysis.qll
rename to ql/src/experimental/integer-overflow-detection/RangeAnalysis.qll
index f9f6f410415..1d9cda5227f 100644
--- a/ql/src/Security/CWE-190/RangeAnalysis.qll
+++ b/ql/src/experimental/integer-overflow-detection/RangeAnalysis.qll
@@ -5,6 +5,9 @@ class LenFunction extends BuiltinFunction {
   LenFunction() { this.getName().matches("len") }
 }
 
+Expr getAUse(SsaDefinition def) {
+  result = def.getVariable().getAUse().(IR::EvalInstruction).getExpr()
+}
 /*
  *  calculate the upper bound of an expression
  */
@@ -43,7 +46,7 @@ float getUpperBounds(Expr expr) {
     //if an expression with parenthesis, strip the parenthesis first
     exists(ParenExpr paren |
       paren = expr and
-      result = getUpperBounds(paren.getExpression())
+      result = getUpperBounds(paren.stripParens())
     )
     or
     //if this expression is an identifier
@@ -200,7 +203,7 @@ float getLowerBounds(Expr expr) {
   else (
     exists(ParenExpr paren |
       paren = expr and
-      result = getLowerBounds(paren.getExpression())
+      result = getLowerBounds(paren.stripParens())
     )
     or
     //if this expression is an identifer
@@ -387,7 +390,7 @@ float getDefUpperBounds(SsaDefinition def) {
             CompoundAssignStmt compoundAssign, float prevBound, float delta
           |
             assignInstr = explicitDef.getInstruction() and
-            prevDef.getAUse() = compoundAssign.getLhs() and
+            getAUse(prevDef) = compoundAssign.getLhs() and
             assignInstr = IR::assignInstruction(compoundAssign, 0) and
             prevBound = getDefUpperBounds(prevDef) and
             if compoundAssign instanceof AddAssignStmt
@@ -407,7 +410,7 @@ float getDefUpperBounds(SsaDefinition def) {
           then
             exists(IncDecStmt incOrDec, IR::IncDecInstruction instr, float exprLB |
               instr = explicitDef.getInstruction() and
-              exprLB = getUpperBounds(incOrDec.getExpr()) and
+              exprLB = getUpperBounds(incOrDec.getOperand()) and
               instr.getRhs().(IR::EvalIncDecRhsInstruction).getStmt() = incOrDec and
               (
                 //IncStmt(x++)
@@ -480,7 +483,7 @@ float getDefLowerBounds(SsaDefinition def) {
             CompoundAssignStmt compoundAssign, float prevBound, float delta
           |
             assignInstr = explicitDef.getInstruction() and
-            prevDef.getAUse() = compoundAssign.getLhs() and
+            getAUse(prevDef) = compoundAssign.getLhs() and
             assignInstr = IR::assignInstruction(compoundAssign, 0) and
             prevBound = getDefLowerBounds(prevDef) and
             if compoundAssign instanceof AddAssignStmt
@@ -500,7 +503,7 @@ float getDefLowerBounds(SsaDefinition def) {
           then
             exists(IncDecStmt incOrDec, IR::IncDecInstruction instr, float exprLB |
               instr = explicitDef.getInstruction() and
-              exprLB = getLowerBounds(incOrDec.getExpr()) and
+              exprLB = getLowerBounds(incOrDec.getOperand()) and
               instr.getRhs().(IR::EvalIncDecRhsInstruction).getStmt() = incOrDec and
               (
                 //IncStmt(x++)
@@ -565,7 +568,7 @@ predicate defDependsOnDef(SsaDefinition nextDef, SsaDefinition prevDef) {
     (compoundAssign instanceof AddAssignStmt or compoundAssign instanceof SubAssignStmt) and
     nextDef.(SsaExplicitDefinition).getInstruction() = IR::assignInstruction(compoundAssign, 0) and
     (
-      prevDef.getAUse() = compoundAssign.getLhs() or
+      getAUse(prevDef) = compoundAssign.getLhs() or
       defDependsOnExpr(prevDef, compoundAssign.getRhs())
     )
   )
@@ -579,7 +582,7 @@ predicate defDependsOnDef(SsaDefinition nextDef, SsaDefinition prevDef) {
         .getRhs()
         .(IR::EvalIncDecRhsInstruction)
         .getStmt() = incDec and
-    defDependsOnExpr(prevDef, incDec.getExpr())
+    defDependsOnExpr(prevDef, incDec.getOperand())
   )
   or
   //if `nextDef` coresponding to the init of a parameter, there is no coresponding `prevDef`
@@ -598,12 +601,12 @@ predicate defDependsOnExpr(SsaDefinition def, Expr expr) {
     //if an expression with parenthesis, strip the parenthesis
     exists(ParenExpr paren |
       paren = expr and
-      defDependsOnExpr(def, paren.getExpression())
+      defDependsOnExpr(def, paren.stripParens())
     )
     or
     exists(Ident ident |
       ident = expr and
-      def.getAUse() = ident
+      getAUse(def) = ident
     )
     or
     exists(AddExpr add | add = expr and defDependsOnExpr(def, add.getAnOperand()))
diff --git a/ql/src/Security/CWE-190/findOverflowExpr.qhelp b/ql/src/experimental/integer-overflow-detection/findOverflowExpr.qhelp
similarity index 100%
rename from ql/src/Security/CWE-190/findOverflowExpr.qhelp
rename to ql/src/experimental/integer-overflow-detection/findOverflowExpr.qhelp
diff --git a/ql/src/Security/CWE-190/findOverflowExpr.ql b/ql/src/experimental/integer-overflow-detection/findOverflowExpr.ql
similarity index 76%
rename from ql/src/Security/CWE-190/findOverflowExpr.ql
rename to ql/src/experimental/integer-overflow-detection/findOverflowExpr.ql
index d4eb95a108c..dd04d8bcffc 100644
--- a/ql/src/Security/CWE-190/findOverflowExpr.ql
+++ b/ql/src/experimental/integer-overflow-detection/findOverflowExpr.ql
@@ -1,7 +1,9 @@
 /**
+ * @id go/integer-overflow-detection
  * @name Find integer overflow 
  * @kind problem
  * @description This query is used to find the integer overflow problem that may occur when processing arithmetic operations in the program. Integer overflow often causes the results of the program to be incorrect, or the program crashes and exits.
+ * @problem.severity error
  */
 
 import go
@@ -10,4 +12,4 @@ import RangeAnalysis
 
 from Expr expr
 where exprMayOverflow(expr) or exprMayUnderflow(expr)
-select expr
+select expr, "this expression may cause an integer overflow"
diff --git a/ql/src/Security/CWE-190/integer-overflow-example.go b/ql/src/experimental/integer-overflow-detection/integer-overflow-example.go
similarity index 100%
rename from ql/src/Security/CWE-190/integer-overflow-example.go
rename to ql/src/experimental/integer-overflow-detection/integer-overflow-example.go
diff --git a/ql/src/Security/CWE-190/integer-overflow-solution-example.go b/ql/src/experimental/integer-overflow-detection/integer-overflow-solution-example.go
similarity index 100%
rename from ql/src/Security/CWE-190/integer-overflow-solution-example.go
rename to ql/src/experimental/integer-overflow-detection/integer-overflow-solution-example.go