Skip to content

Commit ec2e5f7

Browse files
ropwareJBropwareJB
committed
Code Commenting
1 parent ca9f66c commit ec2e5f7

1 file changed

Lines changed: 31 additions & 4 deletions

File tree

cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModificationPrecise.ql

Lines changed: 31 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -61,14 +61,15 @@ class IgnorableExprExpr1900Mapping extends IgnorableOperation {
6161
}
6262
}
6363

64-
class IgnorableBinaryBitwiseOperation extends IgnorableOperation instanceof BinaryBitwiseOperation {
65-
}
64+
class IgnorableBinaryBitwiseOperation extends IgnorableOperation instanceof BinaryBitwiseOperation { }
6665

6766
class IgnorableUnaryBitwiseOperation extends IgnorableOperation instanceof UnaryBitwiseOperation { }
6867

69-
class IgnorableAssignmentBitwiseOperation extends IgnorableOperation instanceof AssignBitwiseOperation
70-
{ }
68+
class IgnorableAssignmentBitwiseOperation extends IgnorableOperation instanceof AssignBitwiseOperation { }
7169

70+
/**
71+
* An expression that is a candidate source for an dataflow configuration for an Operation that could flow to a Year field.
72+
*/
7273
predicate isOperationSourceCandidate(Expr e) {
7374
not e instanceof IgnorableOperation and
7475
(
@@ -84,6 +85,9 @@ predicate isOperationSourceCandidate(Expr e) {
8485
)
8586
}
8687

88+
/**
89+
* A Dataflow that identifies flows from an Operation (addition, subtraction, etc) to some ignorable operation (bitwise operations for example) that disqualify it
90+
*/
8791
module OperationSourceCandidateToIgnorableOperationConfig implements DataFlow::ConfigSig {
8892
predicate isSource(DataFlow::Node n) { isOperationSourceCandidate(n.asExpr()) }
8993

@@ -100,6 +104,9 @@ module OperationSourceCandidateToIgnorableOperationConfig implements DataFlow::C
100104
module OperationSourceCandidateToIgnorableOperationFlow =
101105
TaintTracking::Global<OperationSourceCandidateToIgnorableOperationConfig>;
102106

107+
/**
108+
* A dataflow that tracks an ignorable operation (eg. bitwise op) to a operation source, so we may disqualify it.
109+
*/
103110
module IgnorableOperationToOperationSourceCandidateConfig implements DataFlow::ConfigSig {
104111
predicate isSource(DataFlow::Node n) { n.asExpr() instanceof IgnorableOperation }
105112

@@ -114,6 +121,16 @@ module IgnorableOperationToOperationSourceCandidateConfig implements DataFlow::C
114121
module IgnorableOperationToOperationSourceCandidateFlow =
115122
TaintTracking::Global<IgnorableOperationToOperationSourceCandidateConfig>;
116123

124+
/**
125+
* The set of all expressions which is a candidate expression and also does not flow from to to some ignorable expression (eg. bitwise op)
126+
* ```
127+
* a = something <<< 2;
128+
* myDate.year = a + 1; // invalid
129+
* ...
130+
* a = someDate.year + 1;
131+
* myDate.year = a; // valid
132+
* ```
133+
*/
117134
class OperationSource extends Expr {
118135
OperationSource() {
119136
isOperationSourceCandidate(this) and
@@ -184,6 +201,9 @@ module OperationToYearAssignmentConfig implements DataFlow::ConfigSig {
184201

185202
module OperationToYearAssignmentFlow = TaintTracking::Global<OperationToYearAssignmentConfig>;
186203

204+
/**
205+
* A Dataflow configuration for tracing from one OperationToYearAssignmentFlow source to another OperationToYearAssignmentFlow source.
206+
*/
187207
module KnownYearOpSourceToKnownYearOpSourceConfig implements DataFlow::ConfigSig {
188208
predicate isSource(DataFlow::Node n) {
189209
exists(OperationToYearAssignmentFlow::PathNode src |
@@ -203,6 +223,9 @@ module KnownYearOpSourceToKnownYearOpSourceConfig implements DataFlow::ConfigSig
203223
module KnownYearOpSourceToKnownYearOpSourceFlow =
204224
TaintTracking::Global<KnownYearOpSourceToKnownYearOpSourceConfig>;
205225

226+
/**
227+
* There does not exist an OperationSource that flows through this given OperationSource expression.
228+
*/
206229
predicate isRootOperationSource(OperationSource e) {
207230
not exists(DataFlow::Node src, DataFlow::Node sink |
208231
src != sink and
@@ -211,6 +234,9 @@ predicate isRootOperationSource(OperationSource e) {
211234
)
212235
}
213236

237+
/**
238+
* A flow configuration from a Year field access to some Leap year check or guard
239+
*/
214240
module YearFieldAccessToLeapYearCheckConfig implements DataFlow::ConfigSig {
215241
predicate isSource(DataFlow::Node source) { source.asExpr() instanceof YearFieldAccess }
216242

@@ -246,6 +272,7 @@ module YearFieldAccessToLeapYearCheckConfig implements DataFlow::ConfigSig {
246272
module YearFieldAccessToLeapYearCheckFlow =
247273
TaintTracking::Global<YearFieldAccessToLeapYearCheckConfig>;
248274

275+
/** Does there exist a flow from the given YearFieldAccess to a Leap Year check or guard? */
249276
predicate isYearModifiedWithCheck(YearFieldAccess fa) {
250277
exists(YearFieldAccessToLeapYearCheckFlow::PathNode src |
251278
src.isSource() and

0 commit comments

Comments
 (0)