From c29ab8958f85381fabc4750c2999741bdb0fb444 Mon Sep 17 00:00:00 2001
From: user <name@gmail.ccom>
Date: Wed, 10 Feb 2021 00:04:52 +0300
Subject: [PATCH] tests and docs updated

---
 ql/src/experimental/CWE-369/DivideByZero.ql   |  6 +-
 .../CWE-369/DivideByZero.expected             | 18 ++++++
 ql/test/experimental/CWE-369/DivideByZero.go  | 59 +++++++++++++++++++
 3 files changed, 80 insertions(+), 3 deletions(-)

diff --git a/ql/src/experimental/CWE-369/DivideByZero.ql b/ql/src/experimental/CWE-369/DivideByZero.ql
index 8f7b0bf205d..5b4518b1c6e 100644
--- a/ql/src/experimental/CWE-369/DivideByZero.ql
+++ b/ql/src/experimental/CWE-369/DivideByZero.ql
@@ -43,10 +43,10 @@ class DivideByZeroCheckConfig extends TaintTracking::Configuration {
   override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
 
   override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
-    exists(Function f |
+    exists(Function f, DataFlow::CallNode cn | cn = f.getACall() |
       f.hasQualifiedName("strconv", ["Atoi", "ParseInt", "ParseUint", "ParseFloat"]) and
-      pred = f.getACall().getArgument(0) and
-      succ = f.getACall().getResult(0)
+      pred = cn.getArgument(0) and
+      succ = cn.getResult(0)
     )
   }
 
diff --git a/ql/test/experimental/CWE-369/DivideByZero.expected b/ql/test/experimental/CWE-369/DivideByZero.expected
index 215db52ab8c..370d5d099c4 100644
--- a/ql/test/experimental/CWE-369/DivideByZero.expected
+++ b/ql/test/experimental/CWE-369/DivideByZero.expected
@@ -2,12 +2,30 @@ edges
 | DivideByZero.go:10:12:10:16 | selection of URL : pointer type | DivideByZero.go:12:16:12:20 | value |
 | DivideByZero.go:17:12:17:16 | selection of URL : pointer type | DivideByZero.go:18:11:18:24 | type conversion : uint8 |
 | DivideByZero.go:18:11:18:24 | type conversion : uint8 | DivideByZero.go:19:16:19:20 | value |
+| DivideByZero.go:24:12:24:16 | selection of URL : pointer type | DivideByZero.go:26:16:26:20 | value |
+| DivideByZero.go:31:12:31:16 | selection of URL : pointer type | DivideByZero.go:33:16:33:20 | value |
+| DivideByZero.go:38:12:38:16 | selection of URL : pointer type | DivideByZero.go:40:16:40:20 | value |
+| DivideByZero.go:54:12:54:16 | selection of URL : pointer type | DivideByZero.go:55:11:55:24 | type conversion : uint8 |
+| DivideByZero.go:55:11:55:24 | type conversion : uint8 | DivideByZero.go:57:17:57:21 | value |
 nodes
 | DivideByZero.go:10:12:10:16 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
 | DivideByZero.go:12:16:12:20 | value | semmle.label | value |
 | DivideByZero.go:17:12:17:16 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
 | DivideByZero.go:18:11:18:24 | type conversion : uint8 | semmle.label | type conversion : uint8 |
 | DivideByZero.go:19:16:19:20 | value | semmle.label | value |
+| DivideByZero.go:24:12:24:16 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| DivideByZero.go:26:16:26:20 | value | semmle.label | value |
+| DivideByZero.go:31:12:31:16 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| DivideByZero.go:33:16:33:20 | value | semmle.label | value |
+| DivideByZero.go:38:12:38:16 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| DivideByZero.go:40:16:40:20 | value | semmle.label | value |
+| DivideByZero.go:54:12:54:16 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
+| DivideByZero.go:55:11:55:24 | type conversion : uint8 | semmle.label | type conversion : uint8 |
+| DivideByZero.go:57:17:57:21 | value | semmle.label | value |
 #select
 | DivideByZero.go:12:16:12:20 | value | DivideByZero.go:10:12:10:16 | selection of URL : pointer type | DivideByZero.go:12:16:12:20 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:12:16:12:20 | value | value |
 | DivideByZero.go:19:16:19:20 | value | DivideByZero.go:17:12:17:16 | selection of URL : pointer type | DivideByZero.go:19:16:19:20 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:19:16:19:20 | value | value |
+| DivideByZero.go:26:16:26:20 | value | DivideByZero.go:24:12:24:16 | selection of URL : pointer type | DivideByZero.go:26:16:26:20 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:26:16:26:20 | value | value |
+| DivideByZero.go:33:16:33:20 | value | DivideByZero.go:31:12:31:16 | selection of URL : pointer type | DivideByZero.go:33:16:33:20 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:33:16:33:20 | value | value |
+| DivideByZero.go:40:16:40:20 | value | DivideByZero.go:38:12:38:16 | selection of URL : pointer type | DivideByZero.go:40:16:40:20 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:40:16:40:20 | value | value |
+| DivideByZero.go:57:17:57:21 | value | DivideByZero.go:54:12:54:16 | selection of URL : pointer type | DivideByZero.go:57:17:57:21 | value | Variable $@ might be zero leading to a division-by-zero panic. | DivideByZero.go:57:17:57:21 | value | value |
diff --git a/ql/test/experimental/CWE-369/DivideByZero.go b/ql/test/experimental/CWE-369/DivideByZero.go
index 575d23504f3..613479981b1 100644
--- a/ql/test/experimental/CWE-369/DivideByZero.go
+++ b/ql/test/experimental/CWE-369/DivideByZero.go
@@ -19,3 +19,62 @@ func myHandler2(w http.ResponseWriter, r *http.Request) {
 	out := 1337 / value
 	fmt.Println(out)
 }
+
+func myHandler3(w http.ResponseWriter, r *http.Request) {
+	param1 := r.URL.Query()["param1"][0]
+	value, _ := strconv.ParseInt(param1, 10, 64)
+	out := 1337 / value
+	fmt.Println(out)
+}
+
+func myHandler4(w http.ResponseWriter, r *http.Request) {
+	param1 := r.URL.Query()["param1"][0]
+	value, _ := strconv.ParseFloat(param1, 32)
+	out := 1337 / value
+	fmt.Println(out)
+}
+
+func myHandler5(w http.ResponseWriter, r *http.Request) {
+	param1 := r.URL.Query()["param1"][0]
+	value, _ := strconv.ParseUint(param1, 10, 64)
+	out := 1337 / value
+	fmt.Println(out)
+}
+
+func myHandler6(w http.ResponseWriter, r *http.Request) {
+	param1 := r.URL.Query()["param1"][0]
+	value := int(param1[0])
+	if value != 0 {
+		out := 1337 / value
+		fmt.Println(out)
+	}
+}
+
+func myHandler7(w http.ResponseWriter, r *http.Request) {
+	param1 := r.URL.Query()["param1"][0]
+	value := int(param1[0])
+	if value >= 0 {
+		out := 1337 / value
+		fmt.Println(out)
+	}
+}
+
+func myHandler8(w http.ResponseWriter, r *http.Request) {
+	param1 := r.URL.Query()["param1"][0]
+	value, _ := strconv.ParseInt(param1, 10, 64)
+	if value > 0 {
+		out := 1337 / value
+		fmt.Println(out)
+	}
+}
+
+func myHandler9(w http.ResponseWriter, r *http.Request) {
+	param1 := r.URL.Query()["param1"][0]
+	value, _ := strconv.ParseInt(param1, 10, 64)
+	if value == 0 {
+		fmt.Println(param1)
+		return
+	}
+	out := 1337 / value
+	fmt.Println(out)
+}