Merge remote-tracking branch 'upstream/master' into merge-master-next-20180913

2025-12-16 16:53:25 +01:00 · 2018-09-13 20:28:17 +02:00
parent bc0d4f1855 6266d8bf01
commit 9886e4a056
20 changed files with 105 additions and 20 deletions
--- a/Bugs/Arithmetic/IntMultToLong.ql
+++ b/Bugs/Arithmetic/IntMultToLong.ql
@@ -15,6 +15,7 @@
 *       external/cwe/cwe-197
 *       external/cwe/cwe-681
 */
+
 import java
 import semmle.code.java.dataflow.RangeUtils
 import semmle.code.java.Conversions
@@ -25,7 +26,8 @@ predicate small(MulExpr e) {
    lhs = e.getLeftOperand().getProperExpr().(ConstantIntegerExpr).getIntValue() and
    rhs = e.getRightOperand().getProperExpr().(ConstantIntegerExpr).getIntValue() and
    lhs * rhs = res and
-    t.getOrdPrimitiveType().getMinValue() <= res and res <= t.getOrdPrimitiveType().getMaxValue()
+    t.getOrdPrimitiveType().getMinValue() <= res and
+    res <= t.getOrdPrimitiveType().getMaxValue()
  )
 }

@@ -52,4 +54,7 @@ where
  // not obviously small and ok
  not small(e) and
  e.getEnclosingCallable().fromSource()
-select c, "$@ converted to "+ destType.getName() +" by use in " + ("a " + c.kind()).regexpReplaceAll("^a ([aeiou])", "an $1") + ".", e, sourceType.getName() + " multiplication"
+select c,
+  "Potential overflow in $@ before it is converted to " + destType.getName() + " by use in " +
+    ("a " + c.kind()).regexpReplaceAll("^a ([aeiou])", "an $1") + ".", e,
+  sourceType.getName() + " multiplication"
--- a/java/ql/test/query-tests/security/CWE-190/semmle/tests/IntMultToLong.expected
+++ b/java/ql/test/query-tests/security/CWE-190/semmle/tests/IntMultToLong.expected
@@ -1,4 +1,4 @@
-| Test.java:20:23:20:48 | ... * ... | $@ converted to long by use in an assignment context. | Test.java:20:23:20:48 | ... * ... | int multiplication |
-| Test.java:27:23:27:52 | ... + ... | $@ converted to long by use in an assignment context. | Test.java:27:23:27:48 | ... * ... | int multiplication |
-| Test.java:34:23:34:63 | ...?...:... | $@ converted to long by use in an assignment context. | Test.java:34:30:34:55 | ... * ... | int multiplication |
-| Test.java:41:25:41:49 | ... * ... | $@ converted to double by use in an assignment context. | Test.java:41:25:41:49 | ... * ... | long multiplication |
+| Test.java:20:23:20:48 | ... * ... | Potential overflow in $@ before it is converted to long by use in an assignment context. | Test.java:20:23:20:48 | ... * ... | int multiplication |
+| Test.java:27:23:27:52 | ... + ... | Potential overflow in $@ before it is converted to long by use in an assignment context. | Test.java:27:23:27:48 | ... * ... | int multiplication |
+| Test.java:34:23:34:63 | ...?...:... | Potential overflow in $@ before it is converted to long by use in an assignment context. | Test.java:34:30:34:55 | ... * ... | int multiplication |
+| Test.java:41:25:41:49 | ... * ... | Potential overflow in $@ before it is converted to double by use in an assignment context. | Test.java:41:25:41:49 | ... * ... | long multiplication |