Merge pull request #475 from geoffw0/av_164

jbj · web-flow · commit 2ce2c0a87604 · 2018-11-19T14:23:36.000+01:00
CPP: Fix AV Rule 164
diff --git a/cpp/ql/src/jsf/4.21 Operators/AV Rule 164.ql b/cpp/ql/src/jsf/4.21 Operators/AV Rule 164.ql
@@ -35,7 +35,7 @@ predicate constantValue(Expr e, int value) {
 predicate violation(BinaryBitwiseOperation op, int lhsBytes, int value) {
     (op instanceof LShiftExpr or op instanceof RShiftExpr) and
     constantValue(op.getRightOperand(), value) and
-    lhsBytes = op.getLeftOperand().getType().getSize() and
+    lhsBytes = op.getLeftOperand().getExplicitlyConverted().getType().getSize() and
     (value < 0 or value >= lhsBytes * 8)
 }
 
diff --git a/cpp/ql/test/query-tests/jsf/4.21 Operators/AV Rule 164/AV Rule 164.expected b/cpp/ql/test/query-tests/jsf/4.21 Operators/AV Rule 164/AV Rule 164.expected
@@ -0,0 +1,8 @@
+| test.c:3:2:3:9 | ... >> ... | AV Rule 164: The right-hand operand (here a value is -1) of this shift shall lie between 0 and 7. |
+| test.c:6:2:6:8 | ... >> ... | AV Rule 164: The right-hand operand (here a value is 8) of this shift shall lie between 0 and 7. |
+| test.c:8:2:8:9 | ... << ... | AV Rule 164: The right-hand operand (here a value is -1) of this shift shall lie between 0 and 7. |
+| test.c:11:2:11:8 | ... << ... | AV Rule 164: The right-hand operand (here a value is 8) of this shift shall lie between 0 and 7. |
+| test.c:18:2:18:9 | ... >> ... | AV Rule 164: The right-hand operand (here a value is -1) of this shift shall lie between 0 and 7. |
+| test.c:21:2:21:8 | ... >> ... | AV Rule 164: The right-hand operand (here a value is 8) of this shift shall lie between 0 and 7. |
+| test.c:23:2:23:25 | ... >> ... | AV Rule 164: The right-hand operand (here a value is -1) of this shift shall lie between 0 and 7. |
+| test.c:26:2:26:24 | ... >> ... | AV Rule 164: The right-hand operand (here a value is 8) of this shift shall lie between 0 and 7. |
diff --git a/cpp/ql/test/query-tests/jsf/4.21 Operators/AV Rule 164/AV Rule 164.qlref b/cpp/ql/test/query-tests/jsf/4.21 Operators/AV Rule 164/AV Rule 164.qlref
@@ -0,0 +1 @@
+jsf/4.21 Operators/AV Rule 164.ql
diff --git a/cpp/ql/test/query-tests/jsf/4.21 Operators/AV Rule 164/test.c b/cpp/ql/test/query-tests/jsf/4.21 Operators/AV Rule 164/test.c
@@ -0,0 +1,28 @@
+
+void f(unsigned char uc, signed char sc, int i) {
+	uc >> -1; // BAD
+	uc >> 0;
+	uc >> 7;
+	uc >> 8; // BAD
+
+	uc << -1; // BAD
+	uc << 0;
+	uc << 7;
+	uc << 8; // BAD
+	
+	uc >>= -1; // BAD [NOT DETECTED]
+	uc >>= 0; // BAD [NOT DETECTED]
+	uc >>= 7;
+	uc >>= 8; // BAD [NOT DETECTED]
+
+	sc >> -1; // BAD
+	sc >> 0;
+	sc >> 7;
+	sc >> 8; // BAD
+
+	((unsigned char)i) >> -1; // BAD
+	((unsigned char)i) >> 0;
+	((unsigned char)i) >> 7;
+	((unsigned char)i) >> 8; // BAD
+}
+

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ predicate constantValue(Expr e, int value) {`
`35`	`35`	`predicate violation(BinaryBitwiseOperation op, int lhsBytes, int value) {`
`36`	`36`	`(op instanceof LShiftExpr or op instanceof RShiftExpr) and`
`37`	`37`	`constantValue(op.getRightOperand(), value) and`
`38`		`- lhsBytes = op.getLeftOperand().getType().getSize() and`
	`38`	`+ lhsBytes = op.getLeftOperand().getExplicitlyConverted().getType().getSize() and`
`39`	`39`	`(value < 0 or value >= lhsBytes * 8)`
`40`	`40`	`}`
`41`	`41`