hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-29 22:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

formatting fix

Browse Source 
Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>

Update ql/src/experimental/CWE-369/DivideByZero.ql

Co-authored-by: Chris Smowton <smowton@github.com>
This commit is contained in:
Your Name
2021-01-21 01:57:19 +03:00
committed by user
parent ad22445d16
commit a77f36fba8
1 changed files with 16 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
ql/src/experimental/CWE-369/DivideByZero.ql
View File

@@ -15,20 +15,23 @@ import DataFlow::PathGraph
import semmle.go.dataflow.internal.TaintTrackingUtil
class DivideByZeroSanitizeGuard extends DataFlow::BarrierGuard {
DivideByZeroSanitizeGuard() {
this.(DataFlow::EqualityTestNode).getAnOperand().getNumericValue() = 0 or
this.(DataFlow::RelationalComparisonNode).getAnOperand().getNumericValue() = 0
}
override predicate checks(Expr e, boolean branch) {
exists(
DataFlow::Node zero, DataFlow::Node checked, DataFlow::EqualityTestNode eqNode,
DataFlow::RelationalComparisonNode compNode
|
zero.getNumericValue() = 0 and
(
checked.getType().getUnderlyingType() instanceof IntegerType
) and
(
this.(DataFlow::EqualityTestNode).eq(branch.booleanNot(), checked, zero) or
this.(RelationalComparisonNode).leq(branch.booleanNot(), checked, zero, 0)
exists(DataFlow::Node zero, DataFlow::Node checked
|
zero.getNumericValue() = 0 and
e = checked.asExpr() and
checked.getType().getUnderlyingType() instanceof IntegerType and
(
this.(DataFlow::EqualityTestNode).eq(branch.booleanNot(), checked, zero) or
this.(DataFlow::RelationalComparisonNode).leq(branch.booleanNot(), checked, zero, 0)
)
)
)
}
}
@@ -40,9 +43,7 @@ class DivideByZeroCheckConfig extends TaintTracking::Configuration {
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
exists(Function f |
(
f.hasQualifiedName() = "Atoi" or
f.hasQualifiedName() = "ParseInt" or
f.hasQualifiedName() = "ParseUint"
f.hasQualifiedName("strconv", ["Atoi", "ParseInt", "ParseUint", "ParseFloat"])
) and
node1 = f.getACall().getArgument(0) and
node2 = f.getACall().getResult(0)