From 4b24e5641ea78c4e16f93bd76932a030b7bf926d Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 27 Jan 2021 22:33:33 +0300 Subject: [PATCH] formatting + example fix test fix Update ql/src/experimental/CWE-369/DivideByZero.ql Co-authored-by: Chris Smowton Update ql/src/experimental/CWE-369/DivideByZero.qhelp Co-authored-by: Chris Smowton Update ql/src/experimental/CWE-369/DivideByZero.qhelp Co-authored-by: Chris Smowton --- .../experimental/CWE-369/DivideByZero.qhelp | 7 ++++-- ql/src/experimental/CWE-369/DivideByZero.ql | 9 +++----- .../experimental/CWE-369/DivideByZeroGood.go | 23 +++++++++++++++++++ .../CWE-369/DivideByZero.expected | 4 ++-- 4 files changed, 33 insertions(+), 10 deletions(-) create mode 100644 ql/src/experimental/CWE-369/DivideByZeroGood.go diff --git a/ql/src/experimental/CWE-369/DivideByZero.qhelp b/ql/src/experimental/CWE-369/DivideByZero.qhelp index 2fadf452e48..ae39d1df890 100644 --- a/ql/src/experimental/CWE-369/DivideByZero.qhelp +++ b/ql/src/experimental/CWE-369/DivideByZero.qhelp @@ -2,8 +2,7 @@

- Divide by zero is division where the divisor (denominator) is zero. - In Go, integer divide by zero leads to a panic, which might interrupt execution of the program and lead to program termination. + In Go, dividing an integer by zero leads to a panic, which might interrupt execution of the program and lead to program termination.

@@ -18,5 +17,9 @@ The following example shows data received from user input being used as a diviso possibly causing a divide-by-zero panic.

+

+This can be fixed by testing the divisor against against zero: +

+ diff --git a/ql/src/experimental/CWE-369/DivideByZero.ql b/ql/src/experimental/CWE-369/DivideByZero.ql index 70f0b0f38c6..8f7b0bf205d 100644 --- a/ql/src/experimental/CWE-369/DivideByZero.ql +++ b/ql/src/experimental/CWE-369/DivideByZero.ql @@ -1,8 +1,6 @@ /** * @name Divide by zero - * @description Converting the result of `strconv.Atoi`, `strconv.ParseInt`, - * and `strconv.ParseUint` to integer types or use of integer types for division without checks - * might lead to division by zero and panic, which cause denial of service. + * @description Dividing an integer by a user-controlled value may lead to division by zero and an unexpected panic. * @kind path-problem * @problem.severity error * @id go/divide-by-zero @@ -63,6 +61,5 @@ class DivideByZeroCheckConfig extends TaintTracking::Configuration { from DataFlow::PathNode source, DataFlow::PathNode sink, DivideByZeroCheckConfig cfg where cfg.hasFlowPath(source, sink) -select sink, source, sink, - "Variable $@ might be zero leading to a division-by-zero panic.", - sink, sink.getNode().toString() +select sink, source, sink, "Variable $@ might be zero leading to a division-by-zero panic.", sink, + sink.getNode().toString() diff --git a/ql/src/experimental/CWE-369/DivideByZeroGood.go b/ql/src/experimental/CWE-369/DivideByZeroGood.go new file mode 100644 index 00000000000..3b80421322b --- /dev/null +++ b/ql/src/experimental/CWE-369/DivideByZeroGood.go @@ -0,0 +1,23 @@ +package main + +import ( + "fmt" + "os" + "strconv" +) + +func main() { + if len(os.Args) < 2 { + fmt.Printf("Usage: ./program value\n") + return + } + val1 := 1337 + value, _ := strconv.Atoi(os.Args[1]) + if value == 0 { + fmt.Println("Division by zero attempted!") + return + } + out := val1 / value + fmt.Println(out) + return +} diff --git a/ql/test/experimental/CWE-369/DivideByZero.expected b/ql/test/experimental/CWE-369/DivideByZero.expected index f62d9ed3ef4..215db52ab8c 100644 --- a/ql/test/experimental/CWE-369/DivideByZero.expected +++ b/ql/test/experimental/CWE-369/DivideByZero.expected @@ -9,5 +9,5 @@ nodes | DivideByZero.go:18:11:18:24 | type conversion : uint8 | semmle.label | type conversion : uint8 | | DivideByZero.go:19:16:19:20 | value | semmle.label | value | #select -| DivideByZero.go:12:16:12:20 | value | DivideByZero.go:10:12:10:16 | selection of URL : pointer type | DivideByZero.go:12:16:12:20 | value | Variable $@, which is used at division statement might be zero leading to a division-by-zero panic. | DivideByZero.go:12:16:12:20 | value | value | -| DivideByZero.go:19:16:19:20 | value | DivideByZero.go:17:12:17:16 | selection of URL : pointer type | DivideByZero.go:19:16:19:20 | value | Variable $@, which is used at division statement might be zero leading to a division-by-zero panic. | DivideByZero.go:19:16:19:20 | value | value | +| DivideByZero.go:12:16:12:20 | value | DivideByZero.go:10:12:10:16 | selection of URL : pointer type | DivideByZero.go:12:16:12:20 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:12:16:12:20 | value | value | +| DivideByZero.go:19:16:19:20 | value | DivideByZero.go:17:12:17:16 | selection of URL : pointer type | DivideByZero.go:19:16:19:20 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:19:16:19:20 | value | value |