Skip to content

Commit 9a902dd

Browse files
d10cd10c
committed
C++: TypeConfusion
1 parent 0da4f6c commit 9a902dd

1 file changed

Lines changed: 13 additions & 4 deletions

File tree

cpp/ql/src/Security/CWE/CWE-843/TypeConfusion.ql

Lines changed: 13 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -179,12 +179,21 @@ module Config implements DataFlow::ConfigSig {
179179

180180
int fieldFlowBranchLimit() { result = 0 }
181181

182-
predicate observeDiffInformedIncrementalMode() {
183-
any() // TODO: Make sure that the location overrides match the query's select clause: Column 5 does not select a source or sink originating from the flow call on line 208 (/Users/d10c/src/semmle-code/ql/cpp/ql/src/Security/CWE/CWE-843/TypeConfusion.ql@220:72:220:84), Column 5 does not select a source or sink originating from the flow call on line 218 (/Users/d10c/src/semmle-code/ql/cpp/ql/src/Security/CWE/CWE-843/TypeConfusion.ql@220:72:220:84), Column 7 does not select a source or sink originating from the flow call on line 208 (/Users/d10c/src/semmle-code/ql/cpp/ql/src/Security/CWE/CWE-843/TypeConfusion.ql@221:29:221:36), Column 7 does not select a source or sink originating from the flow call on line 218 (/Users/d10c/src/semmle-code/ql/cpp/ql/src/Security/CWE/CWE-843/TypeConfusion.ql@221:29:221:36), Flow call outside 'select' clause (/Users/d10c/src/semmle-code/ql/cpp/ql/src/Security/CWE/CWE-843/TypeConfusion.ql@187:5:187:28)
184-
}
182+
predicate observeDiffInformedIncrementalMode() { any() }
185183

186184
Location getASelectedSourceLocation(DataFlow::Node source) {
187-
none() // TODO: Make sure that this source location matches the query's select clause: Column 5 does not select a source or sink originating from the flow call on line 208 (/Users/d10c/src/semmle-code/ql/cpp/ql/src/Security/CWE/CWE-843/TypeConfusion.ql@220:72:220:84), Column 5 does not select a source or sink originating from the flow call on line 218 (/Users/d10c/src/semmle-code/ql/cpp/ql/src/Security/CWE/CWE-843/TypeConfusion.ql@220:72:220:84), Column 7 does not select a source or sink originating from the flow call on line 208 (/Users/d10c/src/semmle-code/ql/cpp/ql/src/Security/CWE/CWE-843/TypeConfusion.ql@221:29:221:36), Column 7 does not select a source or sink originating from the flow call on line 218 (/Users/d10c/src/semmle-code/ql/cpp/ql/src/Security/CWE/CWE-843/TypeConfusion.ql@221:29:221:36), Flow call outside 'select' clause (/Users/d10c/src/semmle-code/ql/cpp/ql/src/Security/CWE/CWE-843/TypeConfusion.ql@187:5:187:28)
185+
exists(Type badSourceType | result = badSourceType.getLocation() |
186+
isSourceImpl(source, badSourceType)
187+
)
188+
}
189+
190+
Location getASelectedSinkLocation(DataFlow::Node sink) {
191+
exists(Type sinkType | result = [sink.getLocation(), sinkType.getLocation()] |
192+
exists(UnsafeCast cast |
193+
sink.asExpr() = cast.getUnconverted() and
194+
sinkType = cast.getConvertedType()
195+
)
196+
)
188197
}
189198
}
190199

0 commit comments

Comments
 (0)