hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Move cpp/unsigned-difference-expression-compared-zero out of experimental.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2021-02-04 16:00:56 +01:00
parent c1c9f963b9
commit fd596ebbbb
7 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
cpp/ql/test/query-tests/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero/UnsignedDifferenceExpressionComparedZero.expected Normal file
View File

@@ -0,0 +1,10 @@
| test.cpp:6:5:6:13 | ... > ... | Unsigned subtraction can never be negative. |
| test.cpp:10:8:10:24 | ... > ... | Unsigned subtraction can never be negative. |
| test.cpp:15:9:15:25 | ... > ... | Unsigned subtraction can never be negative. |
| test.cpp:32:12:32:20 | ... > ... | Unsigned subtraction can never be negative. |
| test.cpp:39:12:39:20 | ... > ... | Unsigned subtraction can never be negative. |
| test.cpp:47:5:47:13 | ... > ... | Unsigned subtraction can never be negative. |
| test.cpp:55:5:55:13 | ... > ... | Unsigned subtraction can never be negative. |
| test.cpp:62:5:62:13 | ... > ... | Unsigned subtraction can never be negative. |
| test.cpp:69:5:69:13 | ... > ... | Unsigned subtraction can never be negative. |
| test.cpp:75:8:75:16 | ... > ... | Unsigned subtraction can never be negative. |

1
cpp/ql/test/query-tests/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero/UnsignedDifferenceExpressionComparedZero.qlref Normal file
View File

@@ -0,0 +1 @@
Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql

77
cpp/ql/test/query-tests/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero/test.cpp Normal file
View File

@@ -0,0 +1,77 @@
int getAnInt();
bool cond();
void test(unsigned x, unsigned y, bool unknown) {
if(x - y > 0) { } // BAD
unsigned total = getAnInt();
unsigned limit = getAnInt();
while(limit - total > 0) { // BAD
total += getAnInt();
}
if(total <= limit) {
while(limit - total > 0) { // GOOD [FALSE POSITIVE]
total += getAnInt();
if(total > limit) break;
}
}
if(x >= y) {
bool b = x - y > 0; // GOOD
}
if((int)(x - y) >= 0) { } // GOOD. Maybe an overflow happened, but the result is converted to the "likely intended" result before the comparison
if(unknown) {
y = x & 0xFF;
} else {
y = x;
}
bool b1 = x - y > 0; // GOOD [FALSE POSITIVE]
x = getAnInt();
y = getAnInt();
if(y > x) {
y = x - 1;
}
bool b2 = x - y > 0; // GOOD [FALSE POSITIVE]
int N = getAnInt();
y = x;
while(cond()) {
if(unknown) { y--; }
}
if(x - y > 0) { } // GOOD [FALSE POSITIVE]
x = y;
while(cond()) {
if(unknown) break;
y--;
}
if(x - y > 0) { } // GOOD [FALSE POSITIVE]
y = 0;
for(int i = 0; i < x; ++i) {
if(unknown) { ++y; }
}
if(x - y > 0) { } // GOOD [FALSE POSITIVE]
x = y;
while(cond()) {
if(unknown) { x++; }
}
if(x - y > 0) { } // GOOD [FALSE POSITIVE]
int n = getAnInt();
if (n > x - y) { n = x - y; }
if (n > 0) {
y += n; // NOTE: `n` is at most `x - y` at this point.
if (x - y > 0) {} // GOOD [FALSE POSITIVE]
}
}