C++: Improve isGuarded.

2026-05-02 20:25:13 +02:00 · 2021-04-06 17:59:22 +01:00
parent 59ff3f315b
commit 3ecd13531f
3 changed files with 10 additions and 8 deletions
--- a/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql
+++ b/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql
@@ -16,12 +16,16 @@ import semmle.code.cpp.valuenumbering.GlobalValueNumbering
 import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
 import semmle.code.cpp.controlflow.Guards

-/** Holds if `sub` is guarded by a condition which ensures that `left >= right`. */
+/**
+ *  Holds if `sub` is guarded by a condition which ensures that
+ * `left >= right`.
+ */
 pragma[noinline]
 predicate isGuarded(SubExpr sub, Expr left, Expr right) {
-  exists(GuardCondition guard |
-    guard.controls(sub.getBasicBlock(), true) and
-    guard.ensuresLt(left, right, 0, sub.getBasicBlock(), false)
+  exists(GuardCondition guard, int k |
+    guard.controls(sub.getBasicBlock(), _) and
+    guard.ensuresLt(left, right, k, sub.getBasicBlock(), false) and
+    k >= 0
  )
 }

--- a/cpp/ql/test/query-tests/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero/UnsignedDifferenceExpressionComparedZero.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero/UnsignedDifferenceExpressionComparedZero.expected
@@ -17,8 +17,6 @@
 | test.cpp:137:6:137:14 | ... > ... | Unsigned subtraction can never be negative. |
 | test.cpp:146:7:146:15 | ... > ... | Unsigned subtraction can never be negative. |
 | test.cpp:152:7:152:15 | ... > ... | Unsigned subtraction can never be negative. |
-| test.cpp:156:7:156:15 | ... > ... | Unsigned subtraction can never be negative. |
-| test.cpp:169:6:169:14 | ... > ... | Unsigned subtraction can never be negative. |
 | test.cpp:182:6:182:14 | ... > ... | Unsigned subtraction can never be negative. |
 | test.cpp:195:6:195:14 | ... > ... | Unsigned subtraction can never be negative. |
 | test.cpp:208:6:208:14 | ... > ... | Unsigned subtraction can never be negative. |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero/test.cpp
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero/test.cpp
@@ -153,7 +153,7 @@ void test8() {
 			// ...
 		}
 	} else {
-		if (a - b > 0) { // GOOD (as a > b) [FALSE POSITIVE]
+		if (a - b > 0) { // GOOD (as a > b)
 			// ...
 		}
 	}
@@ -166,7 +166,7 @@ void test8() {

 	if (a < b) return;

-	if (a - b > 0) { // GOOD (as a >= b) [FALSE POSITIVE]
+	if (a - b > 0) { // GOOD (as a >= b)
 		// ...
 	}
 }