Merge pull request #10076 from erik-krogh/ql-for-ql-fixes

various QL-for-QL fixes
2025-12-20 10:46:30 +01:00 · 2022-08-18 15:46:48 +02:00
parent 61a2c0dab5 9e7c0c6ab9
commit 4f93f2b9ba
30 changed files with 51 additions and 65 deletions
--- a/cpp/ql/lib/experimental/semmle/code/cpp/semantic/SemanticExprSpecific.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/semantic/SemanticExprSpecific.qll
@@ -292,22 +292,20 @@ module SemanticExprConfig {

  class Guard = IRGuards::IRGuardCondition;

-  predicate guard(Guard guard, BasicBlock block) {
-    block = guard.(IRGuards::IRGuardCondition).getBlock()
-  }
+  predicate guard(Guard guard, BasicBlock block) { block = guard.getBlock() }

  Expr getGuardAsExpr(Guard guard) { result = guard }

  predicate equalityGuard(Guard guard, Expr e1, Expr e2, boolean polarity) {
-    guard.(IRGuards::IRGuardCondition).comparesEq(e1.getAUse(), e2.getAUse(), 0, true, polarity)
+    guard.comparesEq(e1.getAUse(), e2.getAUse(), 0, true, polarity)
  }

  predicate guardDirectlyControlsBlock(Guard guard, BasicBlock controlled, boolean branch) {
-    guard.(IRGuards::IRGuardCondition).controls(controlled, branch)
+    guard.controls(controlled, branch)
  }

  predicate guardHasBranchEdge(Guard guard, BasicBlock bb1, BasicBlock bb2, boolean branch) {
-    guard.(IRGuards::IRGuardCondition).controlsEdge(bb1, bb2, branch)
+    guard.controlsEdge(bb1, bb2, branch)
  }

  Guard comparisonGuard(Expr e) { result = e }
--- a/Management/UsingExpiredStackAddress.ql
+++ b/Management/UsingExpiredStackAddress.ql
@@ -268,7 +268,11 @@ class PathElement extends TPathElement {
  predicate isSink(IRBlock block) { exists(this.asSink(block)) }

  string toString() {
-    result = [asStore().toString(), asCall(_).toString(), asMid().toString(), asSink(_).toString()]
+    result =
+      [
+        this.asStore().toString(), this.asCall(_).toString(), this.asMid().toString(),
+        this.asSink(_).toString()
+      ]
  }

  predicate hasLocationInfo(
--- a/cpp/ql/src/experimental/Security/CWE/CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql
@@ -67,7 +67,7 @@ predicate findUseCharacterConversion(Expr exp, string msg) {
  exists(FunctionCall fc |
    fc = exp and
    (
-      exists(Loop lptmp | lptmp = fc.getEnclosingStmt().getParentStmt*()) and
+      fc.getEnclosingStmt().getParentStmt*() instanceof Loop and
      fc.getTarget().hasName(["mbtowc", "mbrtowc", "_mbtowc_l"]) and
      not fc.getArgument(0).isConstant() and
      not fc.getArgument(1).isConstant() and
--- a/cpp/ql/src/experimental/Security/CWE/CWE-190/DangerousUseOfTransformationAfterOperation.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-190/DangerousUseOfTransformationAfterOperation.ql
@@ -44,11 +44,8 @@ predicate conversionDoneLate(MulExpr mexp) {
      mexp.getEnclosingElement().(ComparisonOperation).hasOperands(mexp, e0) and
      e0.getType().getSize() = mexp.getConversion().getConversion().getType().getSize()
      or
-      e0.(FunctionCall)
-          .getTarget()
-          .getParameter(argumentPosition(e0.(FunctionCall), mexp, _))
-          .getType()
-          .getSize() = mexp.getConversion().getConversion().getType().getSize()
+      e0.(FunctionCall).getTarget().getParameter(argumentPosition(e0, mexp, _)).getType().getSize() =
+        mexp.getConversion().getConversion().getType().getSize()
    )
  )
 }
@@ -75,7 +72,7 @@ predicate signSmallerWithEqualSizes(MulExpr mexp) {
      ae.getRValue().getUnderlyingType().(IntegralType).isUnsigned() and
      ae.getLValue().getUnderlyingType().(IntegralType).isSigned() and
      (
-        not exists(DivExpr de | mexp.getParent*() = de)
+        not mexp.getParent*() instanceof DivExpr
        or
        exists(DivExpr de, Expr ec |
          e2.isConstant() and