Simplify logic in AllocationSizeOverflow query.

2026-01-30 14:52:57 +01:00 · 2020-05-14 15:22:15 +01:00
parent 9b53ad3b3c
commit 9c7e46386f
1 changed files with 9 additions and 18 deletions
--- a/ql/src/semmle/go/security/AllocationSizeOverflowCustomizations.qll
+++ b/ql/src/semmle/go/security/AllocationSizeOverflowCustomizations.qll
@@ -51,8 +51,8 @@ module AllocationSizeOverflow {
      exists(MarshalingFunction marshal, DataFlow::CallNode call |
        call = marshal.getACall() and
        // rule out cases where we can tell that the result will always be small
-        not forall(FunctionInput inp | inp = marshal.getAnInput() |
-          isSmall(inp.getNode(call).asExpr())
+        exists(FunctionInput inp | inp = marshal.getAnInput() |
+          isBig(inp.getNode(call).asExpr())
        ) and
        this = marshal.getOutput().getNode(call)
      )
@@ -152,26 +152,17 @@ module AllocationSizeOverflow {
    exists(StructType st | st = t | forall(Field f | f = st.getField(_) | isSmallType(f.getType())))
  }

-  /** Holds if `e` is an expression whose values are likely to marshal to relatively small blobs. */
-  private predicate isSmall(Expr e) {
-    isSmallType(e.getType())
-    or
-    e.isConst()
+  /** Holds if `e` is an expression whose values might marshal to relatively large blobs. */
+  private predicate isBig(Expr e) {
+    not isSmallType(e.getType()) and
+    not e.isConst()
    or
    exists(KeyValueExpr kv | kv = e |
-      isSmall(kv.getKey()) and
-      isSmall(kv.getValue())
+      isBig(kv.getKey()) or
+      isBig(kv.getValue())
    )
    or
-    isSmallCompositeLit(e, 0)
-  }
-
-  /** Holds if elements `n` and above of `lit` are small. */
-  private predicate isSmallCompositeLit(CompositeLit lit, int n) {
-    n = lit.getNumElement()
-    or
-    isSmall(lit.getElement(n)) and
-    isSmallCompositeLit(lit, n + 1)
+    isBig(e.(CompositeLit).getAnElement())
  }

  /**