From efa323c3045d97e0f09070a959a0841d6bc959d6 Mon Sep 17 00:00:00 2001
From: Alex Ford <alexrford@github.com>
Date: Thu, 29 Apr 2021 16:08:42 +0100
Subject: [PATCH] rb/overly-permissive-file use QL bitwise operators

---
 ql/src/queries/security/cwe-732/WeakFilePermissions.ql | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/ql/src/queries/security/cwe-732/WeakFilePermissions.ql b/ql/src/queries/security/cwe-732/WeakFilePermissions.ql
index 6296ca2dd84..c6d1760dc13 100644
--- a/ql/src/queries/security/cwe-732/WeakFilePermissions.ql
+++ b/ql/src/queries/security/cwe-732/WeakFilePermissions.ql
@@ -29,16 +29,17 @@ class FileModuleAccess extends Expr {
 }
 
 bindingset[p]
-int world_permission(int p) { result = p % 8 }
+int world_permission(int p) { result = p.bitAnd(7) }
 
 bindingset[p]
-int group_permission(int p) { result = (p / 8) % 8 }
+// 70 oct = 56 dec
+int group_permission(int p) { result = p.bitAnd(56) }
 
 bindingset[p]
 string access(int p) {
-  p % 4 >= 2 and result = "writable"
+  p.bitAnd(2) != 0 and result = "writable"
   or
-  p % 8 in [4, 5] and result = "readable"
+  p.bitAnd(2) = 0 and p.bitAnd(4) != 0 and result = "readable"
 }
 
 /** An expression specifing a file permission that allows group/others read or write access */