Merge pull request #20014 from jketema/wchar

C++: Do not alert on unreachable code in `cpp/incorrect-string-type-conversion`

cpp/ql/test/query-tests/Security/CWE/CWE-704/WcharCharConversion.cpp

@@ -18,13 +18,13 @@ void Test()
 	wchar_t *lpWchar = NULL;
 	LPCSTR lpcstr = "b";
 
-	lpWchar = (LPWSTR)"a"; // BUG
-	lpWchar = (LPWSTR)lpcstr; // BUG
+	lpWchar = (LPWSTR)"a"; // $ Alert
+	lpWchar = (LPWSTR)lpcstr; // $ Alert
 
-	lpWchar = (wchar_t*)lpChar;	// BUG
+	lpWchar = (wchar_t*)lpChar;	// $ Alert
 
-	fconstWChar((LPCWSTR)lpChar);	// BUG
-	fWChar((LPWSTR)lpChar);			// BUG
+	fconstWChar((LPCWSTR)lpChar);	// $ Alert
+	fWChar((LPWSTR)lpChar);			// $ Alert
 
 	lpChar = (LPSTR)"a"; // Valid
 	lpWchar = (LPWSTR)L"a"; // Valid
@@ -79,33 +79,64 @@ void CheckedConversionFalsePositiveTest3(unsigned short flags, LPTSTR buffer)
 	if(flags & UNICODE)
 		lpWchar = (LPWSTR)buffer; // GOOD
 	else
-		lpWchar = (LPWSTR)buffer; // BUG
+		lpWchar = (LPWSTR)buffer; // $ Alert
 
 	if((flags & UNICODE) == 0x8)
 		lpWchar = (LPWSTR)buffer; // GOOD
 	else
-		lpWchar = (LPWSTR)buffer; // BUG
+		lpWchar = (LPWSTR)buffer; // $ Alert
 
 	if((flags & UNICODE) != 0x8)
-		lpWchar = (LPWSTR)buffer; // BUG
+		lpWchar = (LPWSTR)buffer; // $ Alert
 	else
 		lpWchar = (LPWSTR)buffer; // GOOD
 
 	// Bad operator precedence
 	if(flags & UNICODE == 0x8)
-		lpWchar = (LPWSTR)buffer; // BUG
+		lpWchar = (LPWSTR)buffer; // $ Alert
 	else
-		lpWchar = (LPWSTR)buffer; // BUG
+		lpWchar = (LPWSTR)buffer; // $ Alert
 
 	if((flags & UNICODE) != 0)
 		lpWchar = (LPWSTR)buffer; // GOOD
 	else
-		lpWchar = (LPWSTR)buffer; // BUG
+		lpWchar = (LPWSTR)buffer; // $ Alert
 
 	if((flags & UNICODE) == 0)
-		lpWchar = (LPWSTR)buffer; // BUG
+		lpWchar = (LPWSTR)buffer; // $ Alert
 	else
 		lpWchar = (LPWSTR)buffer; // GOOD
 
-	lpWchar = (LPWSTR)buffer; // BUG
+	lpWchar = (LPWSTR)buffer; // $ Alert
+}
+
+typedef unsigned long long size_t;
+
+size_t wcslen(const wchar_t *str);
+size_t strlen(const char* str);
+
+template<typename C>
+size_t str_len(const C *str) {
+	if (sizeof(C) != 1) {
+		return wcslen((const wchar_t *)str); // GOOD -- unreachable code
+	}
+
+	return strlen((const char *)str);
+}
+
+template<typename C>
+size_t wrong_str_len(const C *str) {
+	if (sizeof(C) == 1) {
+		return wcslen((const wchar_t *)str); // $ Alert
+	}
+
+	return strlen((const char *)str);
+}
+
+void test_str_len(const wchar_t *wstr, const char *str) {
+	size_t len =
+	  str_len(wstr) + 
+	  str_len(str) +
+	  wrong_str_len(wstr) +
+	  wrong_str_len(str);
 }

cpp/ql/test/query-tests/Security/CWE/CWE-704/WcharCharConversion.expected

@@ -11,3 +11,4 @@
 | WcharCharConversion.cpp:103:21:103:26 | buffer | Conversion from LPTSTR to LPWSTR. Use of invalid string can lead to undefined behavior. |
 | WcharCharConversion.cpp:106:21:106:26 | buffer | Conversion from LPTSTR to LPWSTR. Use of invalid string can lead to undefined behavior. |
 | WcharCharConversion.cpp:110:20:110:25 | buffer | Conversion from LPTSTR to LPWSTR. Use of invalid string can lead to undefined behavior. |
+| WcharCharConversion.cpp:130:34:130:36 | str | Conversion from const char * to const wchar_t *. Use of invalid string can lead to undefined behavior. |

cpp/ql/test/query-tests/Security/CWE/CWE-704/WcharCharConversion.qlref

@@ -1 +1,2 @@
-Security/CWE/CWE-704/WcharCharConversion.ql
+query: Security/CWE/CWE-704/WcharCharConversion.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql