Merge pull request #2614 from geoffw0/arithun

jbj · web-flow · commit b8ee5a63dbfb · 2020-01-13T15:25:12.000+01:00
CPP: Speed up ArithmeticUncontrolled.ql
diff --git a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
@@ -16,12 +16,19 @@ import semmle.code.cpp.security.Overflow
 import semmle.code.cpp.security.Security
 import semmle.code.cpp.security.TaintTracking
 
+predicate isRandCall(FunctionCall fc) { fc.getTarget().getName() = "rand" }
+
+predicate isRandCallOrParent(Expr e) {
+  isRandCall(e) or
+  isRandCallOrParent(e.getAChild())
+}
+
 predicate isRandValue(Expr e) {
-  e.(FunctionCall).getTarget().getName() = "rand"
+  isRandCall(e)
   or
   exists(MacroInvocation mi |
     e = mi.getExpr() and
-    e.getAChild*().(FunctionCall).getTarget().getName() = "rand"
+    isRandCallOrParent(e)
   )
 }
 
