hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Only use std::rand as a source of randomness.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2021-06-01 09:28:06 +02:00
parent 41c93d92d7
commit 615c805b2c
1 changed files with 1 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
View File

@@ -18,16 +18,8 @@ import semmle.code.cpp.security.TaintTracking
import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
import TaintedWithPath
string getAMinPattern() { result = ["%min%", "l%"] }
string getAMaxPattern() { result = ["%max%", "%bound%", "h%"] }
predicate isUnboundedRandCall(FunctionCall fc) {
exists(Function func | func = fc.getTarget() |
func.getName() = "rand" and
not bounded(fc) and
not func.getAParameter().getName().toLowerCase().matches([getAMinPattern(), getAMaxPattern()])
)
fc.getTarget().hasGlobalOrStdOrBslName("rand") and not bounded(fc)
}
/**