Skip to content

Commit 606dfa7

Browse files
committed
minor refactor for readability
1 parent 56e9c1f commit 606dfa7

File tree

1 file changed

+22
-11
lines changed

1 file changed

+22
-11
lines changed

cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql

Lines changed: 22 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
import cpp
1313
import LeapYear
1414
import semmle.code.cpp.controlflow.IRGuards
15+
import semmle.code.cpp.ir.IR
1516
import semmle.code.cpp.dataflow.new.TaintTracking
1617
import semmle.code.cpp.commons.DateTime
1718

@@ -764,6 +765,19 @@ module CandidateConstantToDayOrMonthAssignmentFlow =
764765

765766
import OperationToYearAssignmentFlow::PathGraph
766767

768+
/**
769+
* The value that the assignment resolves to doesn't represent February,
770+
* and/or if it represents a day, is a 'safe' day (meaning the 27th or prior).
771+
*/
772+
bindingset[dayOrMonthValSrcExpr]
773+
predicate isSafeValueForAssignmentOfMonthOrDayValue(Assignment a, Expr dayOrMonthValSrcExpr){
774+
a.getLValue() instanceof MonthFieldAccess and
775+
dayOrMonthValSrcExpr.getValue().toInt() != 2
776+
or
777+
a.getLValue() instanceof DayFieldAccess and
778+
dayOrMonthValSrcExpr.getValue().toInt() <= 27
779+
}
780+
767781
from OperationToYearAssignmentFlow::PathNode src, OperationToYearAssignmentFlow::PathNode sink
768782
where
769783
OperationToYearAssignmentFlow::flowPath(src, sink) and
@@ -776,20 +790,17 @@ where
776790
not exists(DataFlow::Node dayOrMonthValSrc, DataFlow::Node dayOrMonthValSink, Assignment a |
777791
CandidateConstantToDayOrMonthAssignmentFlow::flow(dayOrMonthValSrc, dayOrMonthValSink) and
778792
a.getRValue() = dayOrMonthValSink.asExpr() and
779-
(
793+
dayOrMonthValSink.getBasicBlock() = sink.getNode().getBasicBlock() and
794+
exists(IRBlock dayOrMonthValBB |
795+
dayOrMonthValBB = dayOrMonthValSrc.getBasicBlock() and
780796
// The source of the day is set in the same block as the source for the year
781797
// or the source for the day is set in the same block as the sink for the year
782-
dayOrMonthValSrc.getBasicBlock() = src.getNode().getBasicBlock() or
783-
dayOrMonthValSrc.getBasicBlock() = sink.getNode().getBasicBlock()
798+
dayOrMonthValBB in [
799+
src.getNode().getBasicBlock(),
800+
sink.getNode().getBasicBlock()
801+
]
784802
) and
785-
dayOrMonthValSink.getBasicBlock() = sink.getNode().getBasicBlock() and
786-
(
787-
a.getLValue() instanceof MonthFieldAccess and
788-
dayOrMonthValSrc.asExpr().getValue().toInt() != 2
789-
or
790-
a.getLValue() instanceof DayFieldAccess and
791-
dayOrMonthValSrc.asExpr().getValue().toInt() <= 27
792-
)
803+
isSafeValueForAssignmentOfMonthOrDayValue(a, dayOrMonthValSrc.asExpr())
793804
)
794805
// TODO: all days to sink are safe?
795806
select sink, src, sink,

0 commit comments

Comments
 (0)