C++: Do not alert on unreachable code in cpp/incorrect-string-type-conversion

2026-04-24 16:25:15 +02:00 · 2025-07-10 11:47:00 +02:00
parent 2907861075
commit 399967b507
3 changed files with 5 additions and 3 deletions
--- a/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql
+++ b/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql
@@ -14,6 +14,7 @@

 import cpp
 import semmle.code.cpp.controlflow.Guards
+import semmle.code.cpp.ir.IR

 class WideCharPointerType extends PointerType {
  WideCharPointerType() { this.getBaseType() instanceof WideCharType }
@@ -108,7 +109,9 @@ where
  // Avoid cases where the cast is guarded by a check to determine if
  // unicode encoding is enabled in such a way to disallow the dangerous cast
  // at runtime.
-  not isLikelyDynamicallyChecked(e1)
+  not isLikelyDynamicallyChecked(e1) and
+  // Avoid cases in unreachable blocks.
+  any(EnterFunctionInstruction e).getASuccessor+().getAst() = e1
 select e1,
  "Conversion from " + e1.getType().toString() + " to " + e2.getType().toString() +
    ". Use of invalid string can lead to undefined behavior."
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-704/WcharCharConversion.cpp
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-704/WcharCharConversion.cpp
@@ -118,7 +118,7 @@ size_t strlen(const char* str);
 template<typename C>
 size_t str_len(const C *str) {
 	if (sizeof(C) != 1) {
-		return wcslen((const wchar_t *)str); // $ SPURIOUS: Alert
+		return wcslen((const wchar_t *)str); // GOOD -- unreachable code
 	}

 	return strlen((const char *)str);
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-704/WcharCharConversion.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-704/WcharCharConversion.expected
@@ -11,5 +11,4 @@
 | WcharCharConversion.cpp:103:21:103:26 | buffer | Conversion from LPTSTR to LPWSTR. Use of invalid string can lead to undefined behavior. |
 | WcharCharConversion.cpp:106:21:106:26 | buffer | Conversion from LPTSTR to LPWSTR. Use of invalid string can lead to undefined behavior. |
 | WcharCharConversion.cpp:110:20:110:25 | buffer | Conversion from LPTSTR to LPWSTR. Use of invalid string can lead to undefined behavior. |
-| WcharCharConversion.cpp:121:34:121:36 | str | Conversion from const char * to const wchar_t *. Use of invalid string can lead to undefined behavior. |
 | WcharCharConversion.cpp:130:34:130:36 | str | Conversion from const char * to const wchar_t *. Use of invalid string can lead to undefined behavior. |