formatting + example

fix

test fix

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.qhelp

Co-authored-by: Chris Smowton <smowton@github.com>

ql/src/experimental/CWE-369/DivideByZero.qhelp

@@ -2,8 +2,7 @@
 <qhelp>
     <overview>
         <p>
-        Divide by zero is division where the divisor (denominator) is zero. 
-        In Go, integer divide by zero leads to a panic, which might interrupt execution of the program and lead to program termination.
+        In Go, dividing an integer by zero leads to a panic, which might interrupt execution of the program and lead to program termination.
         </p>
     </overview>
     <recommendation>
@@ -18,5 +17,9 @@ The following example shows data received from user input being used as a diviso
 possibly causing a divide-by-zero panic.
         </p>
         <sample src="DivideByZeroBad.go" />
+        <p>
+This can be fixed by testing the divisor against against zero:
+        </p>
+        <sample src="DivideByZeroGood.go" />
     </example>
 </qhelp>

ql/src/experimental/CWE-369/DivideByZero.ql

@@ -1,8 +1,6 @@
 /**
  * @name Divide by zero
- * @description Converting the result of `strconv.Atoi`, `strconv.ParseInt`,
- *              and `strconv.ParseUint` to integer types or use of integer types for division without checks
- *              might lead to division by zero and panic, which cause denial of service.
+ * @description Dividing an integer by a user-controlled value may lead to division by zero and an unexpected panic.
  * @kind path-problem
  * @problem.severity error
  * @id go/divide-by-zero
@@ -63,6 +61,5 @@ class DivideByZeroCheckConfig extends TaintTracking::Configuration {
 
 from DataFlow::PathNode source, DataFlow::PathNode sink, DivideByZeroCheckConfig cfg
 where cfg.hasFlowPath(source, sink)
-select sink, source, sink,
-  "Variable $@ might be zero leading to a division-by-zero panic.",
-  sink, sink.getNode().toString()
+select sink, source, sink, "Variable $@ might be zero leading to a division-by-zero panic.", sink,
+  sink.getNode().toString()

ql/src/experimental/CWE-369/DivideByZeroGood.go

@@ -0,0 +1,23 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"strconv"
+)
+
+func main() {
+	if len(os.Args) < 2 {
+		fmt.Printf("Usage: ./program value\n")
+		return
+	}
+	val1 := 1337
+	value, _ := strconv.Atoi(os.Args[1])
+	if value == 0 {
+		fmt.Println("Division by zero attempted!")
+		return
+	}
+	out := val1 / value
+	fmt.Println(out)
+	return
+}

ql/test/experimental/CWE-369/DivideByZero.expected

@@ -9,5 +9,5 @@ nodes
 | DivideByZero.go:18:11:18:24 | type conversion : uint8 | semmle.label | type conversion : uint8 |
 | DivideByZero.go:19:16:19:20 | value | semmle.label | value |
 #select
-| DivideByZero.go:12:16:12:20 | value | DivideByZero.go:10:12:10:16 | selection of URL : pointer type | DivideByZero.go:12:16:12:20 | value | Variable $@, which is used at division statement might be zero leading to a division-by-zero panic. | DivideByZero.go:12:16:12:20 | value | value |
-| DivideByZero.go:19:16:19:20 | value | DivideByZero.go:17:12:17:16 | selection of URL : pointer type | DivideByZero.go:19:16:19:20 | value | Variable $@, which is used at division statement might be zero leading to a division-by-zero panic. | DivideByZero.go:19:16:19:20 | value | value |
+| DivideByZero.go:12:16:12:20 | value | DivideByZero.go:10:12:10:16 | selection of URL : pointer type | DivideByZero.go:12:16:12:20 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:12:16:12:20 | value | value |
+| DivideByZero.go:19:16:19:20 | value | DivideByZero.go:17:12:17:16 | selection of URL : pointer type | DivideByZero.go:19:16:19:20 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:19:16:19:20 | value | value |