From c15c216c47643a2fcd97a3a0f8c84987af6f5b01 Mon Sep 17 00:00:00 2001 From: thibaut hansmann Date: Thu, 5 May 2022 14:27:50 +0200 Subject: [PATCH] C/C++ : change Variable and ArrayType name + Add detection for Uint 32 and 64 --- .../Best Practices/WrongUintAccess.qhelp | 2 +- .../Best Practices/WrongUintAccess.ql | 22 +++++++++++-------- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/cpp/ql/src/experimental/Best Practices/WrongUintAccess.qhelp b/cpp/ql/src/experimental/Best Practices/WrongUintAccess.qhelp index 3b5ffd4d8b0..fa4b61f6c3c 100644 --- a/cpp/ql/src/experimental/Best Practices/WrongUintAccess.qhelp +++ b/cpp/ql/src/experimental/Best Practices/WrongUintAccess.qhelp @@ -8,7 +8,7 @@ -

Use a Uint8 instead

+

Use a int with a lower bit size instead. For instance in this example use a 8 bit int.

 diff --git a/cpp/ql/src/experimental/Best Practices/WrongUintAccess.ql b/cpp/ql/src/experimental/Best Practices/WrongUintAccess.ql index 41c73ce3f42..658b44115c4 100644 --- a/cpp/ql/src/experimental/Best Practices/WrongUintAccess.ql +++ b/cpp/ql/src/experimental/Best Practices/WrongUintAccess.ql @@ -8,16 +8,20 @@ */ import cpp -import semmle.code.cpp.controlflow.SSA from - Variable E, ArrayExpr useExpr, ArrayType defExpr, VariableDeclarationEntry def, VariableAccess use + Variable var, ArrayExpr useExpr, VariableDeclarationEntry def, ArrayType defLine, VariableAccess use where - def = defExpr.getATypeNameUse() and - E = def.getDeclaration() and + def = defLine.getATypeNameUse() and + var = def.getDeclaration() and use = useExpr.getArrayBase() and - E = use.getTarget() and - useExpr.getArrayOffset().getType() instanceof UInt16_t and - defExpr.getArraySize() <= 256 -select useExpr, "Using a UInt16_t to acess the array $@ of size " + defExpr.getArraySize() + ".", E, - E.getName() + var = use.getTarget() and ( + (useExpr.getArrayOffset().getType() instanceof UInt16_t and + defLine.getArraySize() <= 256) or + (useExpr.getArrayOffset().getType() instanceof UInt32_t and + defLine.getArraySize() <= 900) or + (useExpr.getArrayOffset().getType() instanceof UInt64_t and + defLine.getArraySize() <= 1000) + ) +select useExpr, "Using a " + useExpr.getArrayOffset().getType() +" to acess the array $@ of size " + defLine.getArraySize() + ".", var, + var.getName()