hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 14:52:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #60 from sauyon/bitwise-xor-fps

Browse Source 
MistypedExponentiation: Add a heuristic to reduce FPs
This commit is contained in:
Max Schaefer
2020-03-13 15:46:03 +00:00
committed by GitHub
parent 78ad006e68 ea5e6a324d
commit f41151350a
3 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
change-notes/1.24/analysis-go.md
View File

@@ -28,3 +28,4 @@ The CodeQL library for Go now contains a folder of simple "cookbook" queries tha
| Incomplete regular expression for hostnames (`go/incomplete-hostname-regexp`) | More results | The query now flags unescaped dots before the TLD in a hostname regex. |
| Reflected cross-site scripting (`go/reflected-xss`) | Fewer results | Untrusted input flowing into an HTTP header definition or into an `fmt.Fprintf` call with a constant prefix is no longer flagged, since it is in both cases often harmless. |
| Useless assignment to field (`go/useless-assignment-to-field`) | Fewer false positives | The query now conservatively handles fields promoted through embedded pointer types. |
| Bitwise exclusive-or used like exponentiation (`go/mistyped-exponentiation`) | Fewer false positives | The query now identifies when the value of an xor is assigned to a mask object, and excludes such results. |

8
ql/src/InconsistentCode/MistypedExponentiation.ql
View File

@@ -32,6 +32,14 @@ where
exists(Ident id | id = xe.getRightOperand() |
id.getName().regexpMatch("(?i)_*((exp(onent)?)|pow(er)?)")
)
) and
// exclude the right hand side of assignments to variables that have "mask" in their name
not exists(Assignment assign, Ident id | assign.getRhs() = xe.getParent*() |
id.getName().regexpMatch("(?i).*mask.*") and
(
assign.getLhs() = id or
assign.getLhs().(SelectorExpr).getSelector() = id
)
)
select xe,
"This expression uses the bitwise exclusive-or operator when exponentiation was likely meant."

2
ql/test/query-tests/InconsistentCode/MistypedExponentiation/main.go
View File

@@ -20,6 +20,8 @@ func main() {
fmt.Println(253 ^ expectingResponse) // OK
fmt.Println(2 ^ power) // Not OK
mask := (((1 << 10) - 1) ^ 7) // OK
// This is not ok, but isn't detected because the multiplication binds tighter
// than the xor operator and so the query doesn't see a constant on the left
// hand side of ^.