Merge pull request #5325 from ihsinme/ihsinme-patch-245

CPP: Add query for CWE-783 Operator Precedence Logic Error When Use Bool Type

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/OperatorPrecedenceLogicErrorWhenUseBoolType.expected

@@ -0,0 +1,5 @@
+| test.cpp:10:8:10:10 | - ... | this expression needs attention |
+| test.cpp:12:3:12:6 | ... ++ | this expression needs attention |
+| test.cpp:13:3:13:6 | ++ ... | this expression needs attention |
+| test.cpp:14:6:14:21 | ... = ... | this expression needs attention |
+| test.cpp:16:6:16:21 | ... = ... | this expression needs attention |

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/OperatorPrecedenceLogicErrorWhenUseBoolType.qlref

@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-788/semmle/tests/test.cpp

@@ -0,0 +1,26 @@
+int tmpFunc()
+{
+  return 12;
+}
+void testFunction()
+{
+  int i1,i2,i3;
+  bool b1,b2,b3;
+  char c1,c2,c3;
+  b1 = -b2; //BAD
+  b1 = !b2; //GOOD
+  b1++; //BAD
+  ++b1; //BAD
+  if(i1=tmpFunc()!=i2) //BAD
+    return;
+  if(i1=tmpFunc()!=11) //BAD
+    return;
+  if((i1=tmpFunc())!=i2) //GOOD
+    return;
+  if((i1=tmpFunc())!=11) //GOOD
+    return;
+  if(i1=tmpFunc()!=1) //GOOD
+    return;
+  if(i1=tmpFunc()==b1) //GOOD
+    return;
+}