Merge pull request #5600 from ihsinme/ihsinme-patch-258

CPP: Add query for CWE-691 Insufficient Control Flow Management When Using Bit Operations

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-691/semmle/tests/InsufficientControlFlowManagementWhenUsingBitOperations.expected

@@ -0,0 +1,2 @@
+| test.c:8:6:8:51 | ... & ... | This bitwise operation appears in a context where a Boolean operation is expected. |
+| test.c:10:6:10:30 | ... & ... | This bitwise operation appears in a context where a Boolean operation is expected. |

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-691/semmle/tests/InsufficientControlFlowManagementWhenUsingBitOperations.qlref

@@ -0,0 +1 @@
+experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementWhenUsingBitOperations.ql

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-691/semmle/tests/test.c

@@ -0,0 +1,28 @@
+int tmpFunction(){
+  return 5;
+}
+void workFunction_0(char *s) {
+  int intSize;
+  char buf[80];
+  if(intSize>0 && intSize<80 && memset(buf,0,intSize)) return; // GOOD
+  if(intSize>0 & intSize<80 & memset(buf,0,intSize)) return; // BAD
+  if(intSize>0 && tmpFunction()) return;
+  if(intSize<0 & tmpFunction()) return; // BAD
+}
+void workFunction_1(char *s) {
+  int intA,intB;
+
+  if(intA + intB) return; // BAD [NOT DETECTED]
+  if(intA + intB>4) return; // GOOD
+  if(intA>0 && (intA + intB)) return; // BAD [NOT DETECTED]
+  while(intA>0)
+  {
+    if(intB - intA<10) break;
+    intA--;
+  }while(intA>0); // BAD [NOT DETECTED]
+  while(intA>0)
+  {
+    if(intB - intA<10) break;
+    intA--;
+  } // GOOD
+}