hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 04:39:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: test for guard-by-return in Overflow.qll

Browse Source
This commit is contained in:
Robert Marsh
2022-01-05 16:18:02 -05:00
parent d5682f157a
commit 617bdbc5ba
2 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/ArithmeticUncontrolled.expected
View File

@@ -11,6 +11,8 @@ edges
| test.c:137:13:137:16 | call to rand | test.c:139:10:139:10 | r |
| test.c:155:22:155:25 | call to rand | test.c:157:9:157:9 | r |
| test.c:155:22:155:27 | (unsigned int)... | test.c:157:9:157:9 | r |
| test.c:162:19:162:38 | (unsigned int)... | test.c:166:16:166:19 | data |
| test.c:162:33:162:36 | call to rand | test.c:166:16:166:19 | data |
| test.cpp:6:5:6:12 | ReturnValue | test.cpp:24:11:24:18 | call to get_rand |
| test.cpp:8:9:8:12 | call to rand | test.cpp:6:5:6:12 | ReturnValue |
| test.cpp:13:2:13:6 | * ... [post update] | test.cpp:30:13:30:14 | & ... [post update] |
@@ -57,6 +59,9 @@ nodes
| test.c:155:22:155:25 | call to rand | semmle.label | call to rand |
| test.c:155:22:155:27 | (unsigned int)... | semmle.label | (unsigned int)... |
| test.c:157:9:157:9 | r | semmle.label | r |
| test.c:162:19:162:38 | (unsigned int)... | semmle.label | (unsigned int)... |
| test.c:162:33:162:36 | call to rand | semmle.label | call to rand |
| test.c:166:16:166:19 | data | semmle.label | data |
| test.cpp:6:5:6:12 | ReturnValue | semmle.label | ReturnValue |
| test.cpp:8:9:8:12 | call to rand | semmle.label | call to rand |
| test.cpp:13:2:13:6 | * ... [post update] | semmle.label | * ... [post update] |
@@ -104,6 +109,8 @@ subpaths
| test.c:139:10:139:10 | r | test.c:137:13:137:16 | call to rand | test.c:139:10:139:10 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.c:137:13:137:16 | call to rand | Uncontrolled value |
| test.c:157:9:157:9 | r | test.c:155:22:155:25 | call to rand | test.c:157:9:157:9 | r | $@ flows to here and is used in arithmetic, potentially causing an underflow. | test.c:155:22:155:25 | call to rand | Uncontrolled value |
| test.c:157:9:157:9 | r | test.c:155:22:155:27 | (unsigned int)... | test.c:157:9:157:9 | r | $@ flows to here and is used in arithmetic, potentially causing an underflow. | test.c:155:22:155:25 | call to rand | Uncontrolled value |
| test.c:166:16:166:19 | data | test.c:162:19:162:38 | (unsigned int)... | test.c:166:16:166:19 | data | $@ flows to here and is used in arithmetic, potentially causing an underflow. | test.c:162:33:162:36 | call to rand | Uncontrolled value |
| test.c:166:16:166:19 | data | test.c:162:33:162:36 | call to rand | test.c:166:16:166:19 | data | $@ flows to here and is used in arithmetic, potentially causing an underflow. | test.c:162:33:162:36 | call to rand | Uncontrolled value |
| test.cpp:25:7:25:7 | r | test.cpp:8:9:8:12 | call to rand | test.cpp:25:7:25:7 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.cpp:8:9:8:12 | call to rand | Uncontrolled value |
| test.cpp:31:7:31:7 | r | test.cpp:13:10:13:13 | call to rand | test.cpp:31:7:31:7 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.cpp:13:10:13:13 | call to rand | Uncontrolled value |
| test.cpp:37:7:37:7 | r | test.cpp:18:9:18:12 | call to rand | test.cpp:37:7:37:7 | r | $@ flows to here and is used in arithmetic, potentially causing an overflow. | test.cpp:18:9:18:12 | call to rand | Uncontrolled value |

8
cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/test.c
View File

@@ -157,3 +157,11 @@ void moreTests() {
r = r - 100; // BAD
}
}
void guarded_test(unsigned p) {
unsigned data = (unsigned int)rand();
if (p >= data) {
return;
}
unsigned z = data - p; // GOOD [FALSE POSITIVE]
}