tests and docs updated

ql/src/experimental/CWE-369/DivideByZero.ql

@@ -43,10 +43,10 @@ class DivideByZeroCheckConfig extends TaintTracking::Configuration {
   override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
 
   override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
-    exists(Function f |
+    exists(Function f, DataFlow::CallNode cn | cn = f.getACall() |
       f.hasQualifiedName("strconv", ["Atoi", "ParseInt", "ParseUint", "ParseFloat"]) and
-      pred = f.getACall().getArgument(0) and
-      succ = f.getACall().getResult(0)
+      pred = cn.getArgument(0) and
+      succ = cn.getResult(0)
     )
   }
 

ql/test/experimental/CWE-369/DivideByZero.expected

@@ -2,12 +2,30 @@ edges
 | DivideByZero.go:10:12:10:16 | selection of URL : pointer type | DivideByZero.go:12:16:12:20 | value |
 | DivideByZero.go:17:12:17:16 | selection of URL : pointer type | DivideByZero.go:18:11:18:24 | type conversion : uint8 |
 | DivideByZero.go:18:11:18:24 | type conversion : uint8 | DivideByZero.go:19:16:19:20 | value |
+| DivideByZero.go:24:12:24:16 | selection of URL : pointer type | DivideByZero.go:26:16:26:20 | value |
+| DivideByZero.go:31:12:31:16 | selection of URL : pointer type | DivideByZero.go:33:16:33:20 | value |
+| DivideByZero.go:38:12:38:16 | selection of URL : pointer type | DivideByZero.go:40:16:40:20 | value |
+| DivideByZero.go:54:12:54:16 | selection of URL : pointer type | DivideByZero.go:55:11:55:24 | type conversion : uint8 |
+| DivideByZero.go:55:11:55:24 | type conversion : uint8 | DivideByZero.go:57:17:57:21 | value |
 nodes
 | DivideByZero.go:10:12:10:16 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
 | DivideByZero.go:12:16:12:20 | value | semmle.label | value |
 | DivideByZero.go:17:12:17:16 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
 | DivideByZero.go:18:11:18:24 | type conversion : uint8 | semmle.label | type conversion : uint8 |
 | DivideByZero.go:19:16:19:20 | value | semmle.label | value |
+| DivideByZero.go:24:12:24:16 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| DivideByZero.go:26:16:26:20 | value | semmle.label | value |
+| DivideByZero.go:31:12:31:16 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| DivideByZero.go:33:16:33:20 | value | semmle.label | value |
+| DivideByZero.go:38:12:38:16 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| DivideByZero.go:40:16:40:20 | value | semmle.label | value |
+| DivideByZero.go:54:12:54:16 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| DivideByZero.go:55:11:55:24 | type conversion : uint8 | semmle.label | type conversion : uint8 |
+| DivideByZero.go:57:17:57:21 | value | semmle.label | value |
 #select
 | DivideByZero.go:12:16:12:20 | value | DivideByZero.go:10:12:10:16 | selection of URL : pointer type | DivideByZero.go:12:16:12:20 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:12:16:12:20 | value | value |
 | DivideByZero.go:19:16:19:20 | value | DivideByZero.go:17:12:17:16 | selection of URL : pointer type | DivideByZero.go:19:16:19:20 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:19:16:19:20 | value | value |
+| DivideByZero.go:26:16:26:20 | value | DivideByZero.go:24:12:24:16 | selection of URL : pointer type | DivideByZero.go:26:16:26:20 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:26:16:26:20 | value | value |
+| DivideByZero.go:33:16:33:20 | value | DivideByZero.go:31:12:31:16 | selection of URL : pointer type | DivideByZero.go:33:16:33:20 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:33:16:33:20 | value | value |
+| DivideByZero.go:40:16:40:20 | value | DivideByZero.go:38:12:38:16 | selection of URL : pointer type | DivideByZero.go:40:16:40:20 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:40:16:40:20 | value | value |
+| DivideByZero.go:57:17:57:21 | value | DivideByZero.go:54:12:54:16 | selection of URL : pointer type | DivideByZero.go:57:17:57:21 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:57:17:57:21 | value | value |

ql/test/experimental/CWE-369/DivideByZero.go

@@ -19,3 +19,62 @@ func myHandler2(w http.ResponseWriter, r *http.Request) {
 	out := 1337 / value
 	fmt.Println(out)
 }
+
+func myHandler3(w http.ResponseWriter, r *http.Request) {
+	param1 := r.URL.Query()["param1"][0]
+	value, _ := strconv.ParseInt(param1, 10, 64)
+	out := 1337 / value
+	fmt.Println(out)
+}
+
+func myHandler4(w http.ResponseWriter, r *http.Request) {
+	param1 := r.URL.Query()["param1"][0]
+	value, _ := strconv.ParseFloat(param1, 32)
+	out := 1337 / value
+	fmt.Println(out)
+}
+
+func myHandler5(w http.ResponseWriter, r *http.Request) {
+	param1 := r.URL.Query()["param1"][0]
+	value, _ := strconv.ParseUint(param1, 10, 64)
+	out := 1337 / value
+	fmt.Println(out)
+}
+
+func myHandler6(w http.ResponseWriter, r *http.Request) {
+	param1 := r.URL.Query()["param1"][0]
+	value := int(param1[0])
+	if value != 0 {
+		out := 1337 / value
+		fmt.Println(out)
+	}
+}
+
+func myHandler7(w http.ResponseWriter, r *http.Request) {
+	param1 := r.URL.Query()["param1"][0]
+	value := int(param1[0])
+	if value >= 0 {
+		out := 1337 / value
+		fmt.Println(out)
+	}
+}
+
+func myHandler8(w http.ResponseWriter, r *http.Request) {
+	param1 := r.URL.Query()["param1"][0]
+	value, _ := strconv.ParseInt(param1, 10, 64)
+	if value > 0 {
+		out := 1337 / value
+		fmt.Println(out)
+	}
+}
+
+func myHandler9(w http.ResponseWriter, r *http.Request) {
+	param1 := r.URL.Query()["param1"][0]
+	value, _ := strconv.ParseInt(param1, 10, 64)
+	if value == 0 {
+		fmt.Println(param1)
+		return
+	}
+	out := 1337 / value
+	fmt.Println(out)
+}