hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-22 15:25:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

QL code and tests for C#/C++/JavaScript.

Browse Source
This commit is contained in:
Pavel Avgustinov
2018-08-02 17:53:23 +01:00
commit b55526aa58
10684 changed files with 581163 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
cpp/ql/src/Critical/InconsistentNullnessTesting.ql Normal file
View File

@@ -0,0 +1,22 @@
/**
* @name Inconsistent null check of pointer
* @description A dereferenced pointer is not checked for nullness in the given location, but is checked in other locations. Dereferencing a NULL pointer leads to undefined results.
* @kind problem
* @id cpp/inconsistent-nullness-testing
* @problem.severity warning
* @tags reliability
* external/cwe/cwe-476
*/
import cpp
from LocalScopeVariable v, ControlFlowNode def,
VariableAccess checked, VariableAccess unchecked
where checked = v.getAnAccess() and dereferenced(checked)
and unchecked = v.getAnAccess() and dereferenced(unchecked)
and definitionUsePair(v, def, checked)
and definitionUsePair(v, def, unchecked)
and checkedValid(v, checked)
and not(checkedValid(v, unchecked))
and not(unchecked.getParent+() instanceof SizeofOperator)
and forall(ControlFlowNode other | definitionUsePair(v, other, checked) | definitionUsePair(v, other, unchecked))
select unchecked, "This dereference is not guarded by a non-null check, whereas other dereferences are guarded"