hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Fix false positives

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2020-01-07 14:16:50 +01:00
parent 6bbe2c48bf
commit d9f931da3c
2 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
cpp/ql/src/Likely Bugs/Likely Typos/AssignWhereCompareMeant.ql
View File

@@ -38,6 +38,12 @@ abstract class BooleanControllingAssignment extends AssignExpr {
abstract predicate isWhitelisted();
}
/**
* Gets an operand of a logical operation expression (we need the restriction
* to BinaryLogicalOperation expressions to get the correct transitive closure).
*/
Expr getComparisonOperand(BinaryLogicalOperation op) { result = op.getAnOperand() }
class BooleanControllingAssignmentInExpr extends BooleanControllingAssignment {
BooleanControllingAssignmentInExpr() {
this.getParent() instanceof UnaryLogicalOperation or
@@ -45,7 +51,18 @@ class BooleanControllingAssignmentInExpr extends BooleanControllingAssignment {
exists(ConditionalExpr c | c.getCondition() = this)
}
override predicate isWhitelisted() { this.getConversion().(ParenthesisExpr).isParenthesised() }
override predicate isWhitelisted() {
this.getConversion().(ParenthesisExpr).isParenthesised()
or
// whitelist this assignment if all comparison operations in the expression that this
// assignment is part of, are ot parenthesized. In that case it seems like programmer
// is fine with unparenthesized comparison operands to binary logical operators, and
// the parenthesis around this assignment was used to call it out as an assignment.
this.isParenthesised() and
forex(ComparisonOperation op | op = getComparisonOperand*(this.getParent+()) |
not op.isParenthesised()
)
}
}
class BooleanControllingAssignmentInStmt extends BooleanControllingAssignment {

3
cpp/ql/test/query-tests/Likely Bugs/Likely Typos/AssignWhereCompareMeant/AssignWhereCompareMeant.expected
View File

@@ -14,11 +14,8 @@
| test.cpp:84:7:84:11 | ... = ... | Use of '=' where '==' may have been intended. |
| test.cpp:92:17:92:22 | ... = ... | Use of '=' where '==' may have been intended. |
| test.cpp:113:6:113:10 | ... = ... | Use of '=' where '==' may have been intended. |
| test.cpp:129:17:129:21 | ... = ... | Use of '=' where '==' may have been intended. |
| test.cpp:134:19:134:23 | ... = ... | Use of '=' where '==' may have been intended. |
| test.cpp:138:21:138:25 | ... = ... | Use of '=' where '==' may have been intended. |
| test.cpp:141:7:141:11 | ... = ... | Use of '=' where '==' may have been intended. |
| test.cpp:144:32:144:36 | ... = ... | Use of '=' where '==' may have been intended. |
| test.cpp:147:41:147:45 | ... = ... | Use of '=' where '==' may have been intended. |
| test.cpp:150:32:150:36 | ... = ... | Use of '=' where '==' may have been intended. |
| test.cpp:153:46:153:50 | ... = ... | Use of '=' where '==' may have been intended. |