From e9cccb46c067ffb046218711f693c90fc51d5beb Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Thu, 25 Sep 2025 15:19:40 +0100 Subject: [PATCH 1/3] Go: mistyped-exponentiation: notice constants with likely-bitmask values --- go/ql/src/InconsistentCode/MistypedExponentiation.ql | 6 +++++- .../InconsistentCode/MistypedExponentiation/main.go | 7 +++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/go/ql/src/InconsistentCode/MistypedExponentiation.ql b/go/ql/src/InconsistentCode/MistypedExponentiation.ql index b445a713ce6f..91fb63d319c2 100644 --- a/go/ql/src/InconsistentCode/MistypedExponentiation.ql +++ b/go/ql/src/InconsistentCode/MistypedExponentiation.ql @@ -13,12 +13,16 @@ import go +private Expr getConstantInitialiser(Expr e) { + exists(DeclaredConstant c | e = c.getAReference() | result = c.getInit()) +} + /** Holds if `e` is not 0 and is either an octal or hexadecimal literal, or the number one. */ predicate maybeXorBitPattern(Expr e) { // 0 makes no sense as an xor bit pattern not e.getNumericValue() = 0 and // include octal and hex literals - e.(IntLit).getText().matches("0%") + [e, getConstantInitialiser(e)].(IntLit).getText().matches("0%") or e.getNumericValue() = 1 } diff --git a/go/ql/test/query-tests/InconsistentCode/MistypedExponentiation/main.go b/go/ql/test/query-tests/InconsistentCode/MistypedExponentiation/main.go index 2449ccdac62b..b8b4be44847e 100644 --- a/go/ql/test/query-tests/InconsistentCode/MistypedExponentiation/main.go +++ b/go/ql/test/query-tests/InconsistentCode/MistypedExponentiation/main.go @@ -22,6 +22,13 @@ func main() { mask := (((1 << 10) - 1) ^ 7) // OK + const ( + c1 = 0x1234 + c2 = 0x5678 + ) + + fmt.Println(c1 ^ c2) // OK + // This is not ok, but isn't detected because the multiplication binds tighter // than the xor operator and so the query doesn't see a constant on the left // hand side of ^. From 9e7a5214f31abbede39a6ba776664e61dea405be Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Thu, 25 Sep 2025 15:40:26 +0100 Subject: [PATCH 2/3] Change note --- go/ql/src/change-notes/2025-09-25-exponentiation-constants.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 go/ql/src/change-notes/2025-09-25-exponentiation-constants.md diff --git a/go/ql/src/change-notes/2025-09-25-exponentiation-constants.md b/go/ql/src/change-notes/2025-09-25-exponentiation-constants.md new file mode 100644 index 000000000000..cb6c5e43346f --- /dev/null +++ b/go/ql/src/change-notes/2025-09-25-exponentiation-constants.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The query `go/mistyped-exponentiation` now recognises constants whose initialisers are hex or octal constants, making them likely targets of the `^` bitwise-xor operator. From f5f61193a03b0c1697e28138503f3977d98fdac5 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com> Date: Fri, 26 Sep 2025 15:33:26 +0100 Subject: [PATCH 3/3] Delete change note --- go/ql/src/change-notes/2025-09-25-exponentiation-constants.md | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 go/ql/src/change-notes/2025-09-25-exponentiation-constants.md diff --git a/go/ql/src/change-notes/2025-09-25-exponentiation-constants.md b/go/ql/src/change-notes/2025-09-25-exponentiation-constants.md deleted file mode 100644 index cb6c5e43346f..000000000000 --- a/go/ql/src/change-notes/2025-09-25-exponentiation-constants.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The query `go/mistyped-exponentiation` now recognises constants whose initialisers are hex or octal constants, making them likely targets of the `^` bitwise-xor operator.