hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix getBaseType

Browse Source
This commit is contained in:
Slavomir
2020-07-01 11:21:15 +03:00
parent 7f65424556
commit 7475170ced
2 changed files with 11 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql
View File

@@ -13,17 +13,17 @@
import go
import DataFlow::PathGraph
Type getFinalType(Type typ) { result = getBaseType*(typ.getUnderlyingType()).getUnderlyingType() }
Type getBaseType(Type typ) {
result =
getBaseType*(typ.getUnderlyingType*().(PointerType).getBaseType*().getUnderlyingType*())
.getUnderlyingType*()
result = getBaseType*(typ.(PointerType).getBaseType*())
or
result = typ
}
/* A conversion to a `unsafe.Pointer` */
class ConversionToUnsafePointer extends ConversionExpr {
ConversionToUnsafePointer() { getBaseType(getType()) instanceof UnsafePointerType }
ConversionToUnsafePointer() { getFinalType(getType()) instanceof UnsafePointerType }
}
/* Type casting through the use of unsafe pointers.*/
@@ -59,9 +59,9 @@ predicate castShortArrayToLongerArray(
cfg.hasFlowPath(source, sink) and
cfg.isSource(source.getNode(), castLittle) and
cfg.isSink(sink.getNode(), castBig) and
arrTo = getBaseType(castBig.getTypeExpr().getType()) and
arrTo = getFinalType(castBig.getTypeExpr().getType()) and
(
arrFrom = getBaseType(castLittle.getOperand().getType()) and
arrFrom = getFinalType(castLittle.getOperand().getType()) and
arrFromAvailableSize = arrFrom.getLength() and
message =
"Dangerous array type casting to [" + arrTo.getLength() + "]" + arrTo.getElementType() +
@@ -95,11 +95,11 @@ predicate castTypeToArray(DataFlow::PathNode source, DataFlow::PathNode sink, st
cfg.hasFlowPath(source, sink) and
cfg.isSource(source.getNode(), castLittle) and
cfg.isSink(sink.getNode(), castBig) and
arrTo = getBaseType(castBig.getTypeExpr().getType()) and
arrTo = getFinalType(castBig.getTypeExpr().getType()) and
not (typeFrom instanceof ArrayType or typeFrom.getUnderlyingType() instanceof ArrayType) and
not typeFrom instanceof PointerType and
not castLittle.getOperand().getChildExpr(0).(IndexExpr).getBase().getType() instanceof ArrayType and
typeFrom = getBaseType(castLittle.getOperand().getType()) and
typeFrom = getFinalType(castLittle.getOperand().getType()) and
message =
"Dangerous type up-casting to [" + arrTo.getLength() + "]" + arrTo.getElementType() + " from "
+ typeFrom
@@ -121,11 +121,11 @@ predicate castDifferentBitSizeNumbers(
cfg.hasFlowPath(source, sink) and
cfg.isSource(source.getNode(), castLittle) and
cfg.isSink(sink.getNode(), castBig) and
numTo = getBaseType(castBig.getTypeExpr().getType()) and
numTo = getFinalType(castBig.getTypeExpr().getType()) and
(
numFrom = getBaseType(castLittle.getOperand().getType()) or
numFrom = getFinalType(castLittle.getOperand().getType()) or
numFrom =
getBaseType(getBaseType(castLittle.getOperand().getType())
getFinalType(getFinalType(castLittle.getOperand().getType())
.(StructType)
.getField(_)
.getType())

1
ql/test/experimental/Unsafe/WrongUsageOfUnsafe.expected
View File

@@ -53,7 +53,6 @@ nodes
| WrongUsageOfUnsafe.go:129:16:129:56 | type conversion | WrongUsageOfUnsafe.go:129:31:129:55 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:129:16:129:56 | type conversion | $@. | WrongUsageOfUnsafe.go:129:31:129:55 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
| WrongUsageOfUnsafe.go:149:16:149:56 | type conversion | WrongUsageOfUnsafe.go:149:31:149:55 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:149:16:149:56 | type conversion | $@. | WrongUsageOfUnsafe.go:149:31:149:55 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
| WrongUsageOfUnsafe.go:166:16:166:58 | type conversion | WrongUsageOfUnsafe.go:166:33:166:57 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:166:16:166:58 | type conversion | $@. | WrongUsageOfUnsafe.go:166:33:166:57 | type conversion | Dangerous array type casting to [17]string from [8]string |
| WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | WrongUsageOfUnsafe.go:189:31:189:55 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | $@. | WrongUsageOfUnsafe.go:189:31:189:55 | type conversion | Dangerous type up-casting to [17]uint8 from harmlessType |
| WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | WrongUsageOfUnsafe.go:189:31:189:55 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | $@. | WrongUsageOfUnsafe.go:189:31:189:55 | type conversion | Dangerous type up-casting to [17]uint8 from struct type |
| WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | $@. | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |
| WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | WrongUsageOfUnsafe.go:227:31:227:55 | type conversion : unsafe.Pointer | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | $@. | WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | Dangerous array type casting to [17]uint8 from [8]uint8 |