C++: Support ?: in UsingStrcpyAsBoolean.ql

I removed some unnecessary parentheses for symmetry, causing whitespace changes.
2026-05-01 03:35:13 +02:00 · 2019-01-09 14:14:05 +01:00
parent 0f88a4b312
commit aa0f2f2da3
3 changed files with 35 additions and 29 deletions
--- a/Typos/UsingStrcpyAsBoolean.ql
+++ b/Typos/UsingStrcpyAsBoolean.ql
@@ -44,34 +44,39 @@ predicate isStringCopyUsedInLogicalOperationOrCondition(FunctionCall func, Expr
  isStringComparisonFunction(func.getTarget().getQualifiedName()) and
  (
    (
-      (
-        // it is being used in an equality or logical operation
-        exists(EqualityOperation eop |
-          eop = expr1 and
-          func = eop.getAnOperand()
-        )
-        or
-        exists(UnaryLogicalOperation ule |
-          expr1 = ule and
-          func = ule.getOperand()
-        )
-        or
-        exists(BinaryLogicalOperation ble |
-          expr1 = ble and
-          func = ble.getAnOperand()
-        )
-      ) and
-      msg = "Return value of " + func.getTarget().getQualifiedName() +
-          " used in a logical operation."
-    )
+      // it is being used in an equality or logical operation
+      exists(EqualityOperation eop |
+        eop = expr1 and
+        func = eop.getAnOperand()
+      )
+      or
+      exists(UnaryLogicalOperation ule |
+        expr1 = ule and
+        func = ule.getOperand()
+      )
+      or
+      exists(BinaryLogicalOperation ble |
+        expr1 = ble and
+        func = ble.getAnOperand()
+      )
+    ) and
+    msg = "Return value of " + func.getTarget().getQualifiedName() +
+        " used in a logical operation."
    or
-    exists(ConditionalStmt condstmt |
-      // or the string copy function is used directly as the conditional expression
-      func = condstmt.getControllingExpr() and
-      expr1 = func and
-      msg = "Return value of " + func.getTarget().getQualifiedName() +
-          " used directly in a conditional expression."
-    )
+    // or the string copy function is used directly as the conditional expression
+    (
+      exists(ConditionalStmt condstmt |
+        func = condstmt.getControllingExpr() and
+        expr1 = func
+      )
+      or
+      exists(ConditionalExpr ce |
+        expr1 = ce and
+        func = ce.getCondition()
+      )
+    ) and
+    msg = "Return value of " + func.getTarget().getQualifiedName() +
+        " used directly in a conditional expression."
  )
 }

--- a/Typos/UsingStrcpyAsBoolean/UsingStrcpyAsBoolean.expected
+++ b/Typos/UsingStrcpyAsBoolean/UsingStrcpyAsBoolean.expected
@@ -5,6 +5,7 @@
 | test.c:50:9:50:15 | call to strncpy | Return value of strncpy used directly in a conditional expression. |
 | test.c:54:9:54:37 | ! ... | Return value of strncpy used in a logical operation. |
 | test.c:58:14:58:42 | ! ... | Return value of strncpy used in a logical operation. |
+| test.c:59:14:59:43 | ... ? ... : ... | Return value of strcpy used directly in a conditional expression. |
 | test.c:60:14:60:40 | ... && ... | Return value of strcpy used in a logical operation. |
 | test.c:62:14:62:40 | ... == ... | Return value of strcpy used in a logical operation. |
 | test.c:64:14:64:40 | ... != ... | Return value of strcpy used in a logical operation. |
@@ -24,7 +25,7 @@
 | test.cpp:127:9:127:37 | ! ... | Return value of strncpy used in a logical operation. |
 | test.cpp:131:14:131:20 | call to strncpy | Return value of strncpy used as Boolean. |
 | test.cpp:133:19:133:47 | ! ... | Return value of strncpy used in a logical operation. |
-| test.cpp:134:14:134:19 | call to strcpy | Return value of strcpy used as Boolean. |
+| test.cpp:134:14:134:43 | ... ? ... : ... | Return value of strcpy used directly in a conditional expression. |
 | test.cpp:135:14:135:40 | ... && ... | Return value of strcpy used in a logical operation. |
 | test.cpp:137:14:137:40 | ... == ... | Return value of strcpy used in a logical operation. |
 | test.cpp:139:14:139:40 | ... != ... | Return value of strcpy used in a logical operation. |
--- a/Typos/UsingStrcpyAsBoolean/test.c
+++ b/Typos/UsingStrcpyAsBoolean/test.c
@@ -56,7 +56,7 @@ void PositiveCases()
    }

    result = !strncpy(szbuf1, "test", 100); // Bug
-    result = strcpy(szbuf1, "test") ? 1 : 0; // Bug [NOT DETECTED]
+    result = strcpy(szbuf1, "test") ? 1 : 0; // Bug
    result = strcpy(szbuf1, "test") && 1; // Bug

    result = strcpy(szbuf1, "test") == 0; // Bug