hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 20:26:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update DivideByZeroUsingReturnValue.ql

Browse Source
This commit is contained in:
ihsinme
2022-12-18 00:34:14 +03:00
committed by GitHub
parent 5ceab40841
commit c790b0fed6
1 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
cpp/ql/src/experimental/Security/CWE/CWE-369/DivideByZeroUsingReturnValue.ql
View File

@@ -62,7 +62,6 @@ predicate mayBeReturnZero(Function fn) {
} }
/** Gets the Guard which compares the expression `bound` */ /** Gets the Guard which compares the expression `bound` */
pragma[inline]
GuardCondition checkByValue(Expr bound, Expr val) { GuardCondition checkByValue(Expr bound, Expr val) {
exists(GuardCondition gc | exists(GuardCondition gc |
( (
@@ -122,6 +121,10 @@ predicate compareFunctionWithValue(Expr guardExp, Function compArg, Expr valArg)
pragma[inline] pragma[inline]
predicate checkConditions1(Expr div, Function fn, float changeInt) { predicate checkConditions1(Expr div, Function fn, float changeInt) {
exists(Expr val | exists(Expr val |
(
val.getEnclosingFunction() = fn or
val.getEnclosingFunction() = div.getEnclosingFunction()
) and
val.getValue().toFloat() = changeInt and val.getValue().toFloat() = changeInt and
compareFunctionWithValue(div, fn, val) compareFunctionWithValue(div, fn, val)
) )
@@ -169,6 +172,11 @@ predicate compareExprWithValue(Expr guardExp, Expr compArg, Expr valArg) {
pragma[inline] pragma[inline]
predicate checkConditions2(Expr div, Expr divVal, float changeInt2) { predicate checkConditions2(Expr div, Expr divVal, float changeInt2) {
exists(Expr val | exists(Expr val |
(
val.getEnclosingFunction() =
div.getEnclosingFunction().getACallToThisFunction().getEnclosingFunction() or
val.getEnclosingFunction() = div.getEnclosingFunction()
) and
val.getValue().toFloat() = changeInt2 and val.getValue().toFloat() = changeInt2 and
compareExprWithValue(div, divVal, val) compareExprWithValue(div, divVal, val)
) )
@@ -218,7 +226,7 @@ where
changeInt = 0 changeInt = 0
or or
// Denominator can be sum or difference. // Denominator can be sum or difference.
pragma[only_bind_into](changeInt) = getValueOperand(div.getRV(), findVal.getAnExpr(), _) and changeInt = getValueOperand(div.getRV(), findVal.getAnExpr(), _) and
mayBeReturnValue(fn, changeInt) mayBeReturnValue(fn, changeInt)
) and ) and
exp = div and exp = div and
@@ -246,14 +254,13 @@ where
changeInt2 = 0 changeInt2 = 0
or or
// Denominator can be sum or difference. // Denominator can be sum or difference.
pragma[only_bind_into](changeInt) = changeInt = getValueOperand(divFc.getArgument(posArg), findVal.getAnExpr(), _) and
getValueOperand(divFc.getArgument(posArg), findVal.getAnExpr(), _) and
mayBeReturnValue(fn, changeInt) and mayBeReturnValue(fn, changeInt) and
changeInt2 = 0 changeInt2 = 0
) )
or or
// Look for a situation where the difference or subtraction is considered as an argument, and it can be used in the same way. // Look for a situation where the difference or subtraction is considered as an argument, and it can be used in the same way.
pragma[only_bind_into](changeInt) = getValueOperand(div.getRV(), divVal, _) and changeInt = getValueOperand(div.getRV(), divVal, _) and
changeInt2 = changeInt and changeInt2 = changeInt and
mayBeReturnValue(fn, changeInt) and mayBeReturnValue(fn, changeInt) and
divFc.getArgument(posArg) = findVal.getAnExpr() divFc.getArgument(posArg) = findVal.getAnExpr()