hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-30 12:18:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Remove FPs from right shifts and explicitly bounded random functions.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2021-05-31 15:40:02 +02:00
parent 10755ece88
commit 41c93d92d7
3 changed files with 15 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
View File

@@ -18,8 +18,16 @@ import semmle.code.cpp.security.TaintTracking
import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
import TaintedWithPath
string getAMinPattern() { result = ["%min%", "l%"] }
string getAMaxPattern() { result = ["%max%", "%bound%", "h%"] }
predicate isUnboundedRandCall(FunctionCall fc) {
fc.getTarget().getName() = "rand" and not bounded(fc)
exists(Function func | func = fc.getTarget() |
func.getName() = "rand" and
not bounded(fc) and
not func.getAParameter().getName().toLowerCase().matches([getAMinPattern(), getAMaxPattern()])
)
}
/**
@@ -84,6 +92,10 @@ predicate bounded(Expr e) {
boundedDiv(e, any(DivExpr div).getLeftOperand())
or
boundedDiv(e, any(AssignDivExpr div).getLValue())
or
boundedDiv(e, any(RShiftExpr shift).getLeftOperand())
or
boundedDiv(e, any(AssignRShiftExpr div).getLValue())
}
predicate isUnboundedRandCallOrParent(Expr e) {