Make requested changes

Author: JordyZomer

cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql

@@ -2,7 +2,7 @@
  * @author Jordy Zomer
  * @name unsiged to signed used in pointer arithmetic
  * @description finds unsigned to signed conversions used in pointer arithmetic, potentially causing an out-of-bound access
- * @id cpp/out-of-bounds
+ * @id cpp/sign-conversion-pointer-arithmetic
  * @kind problem
  * @problem.severity warning
  * @tags reliability
@@ -14,15 +14,15 @@ import cpp
 import semmle.code.cpp.dataflow.DataFlow
 import semmle.code.cpp.security.Overflow
 
-from FunctionCall call, Function f, Parameter p, DataFlow::Node sink, PointerArithmeticOperation pao, Operation a, Operation b
+from FunctionCall call, Function f, Parameter p, DataFlow::Node sink, PointerArithmeticOperation pao
 where
 f = call.getTarget() and
 p = f.getAParameter() and
-p.getType().getUnderlyingType().(IntegralType).isSigned() and
-call.getArgument(p.getIndex()).getType().getUnderlyingType().(IntegralType).isUnsigned() and
+p.getUnspecifiedType().(IntegralType).isSigned() and
+call.getArgument(p.getIndex()).getUnspecifiedType().(IntegralType).isUnsigned() and
 pao.getAnOperand() = sink.asExpr() and
-not guardedLesser(a, sink.asExpr()) and
-not guardedGreater(b, call.getArgument(p.getIndex())) and
+not exists(Operation a | guardedLesser(a, sink.asExpr())) and
+not exists(Operation b | guardedGreater(b, call.getArgument(p.getIndex()))) and
 not call.getArgument(p.getIndex()).isConstant() and
 DataFlow::localFlow(DataFlow::parameterNode(p), sink)
 select call, "This call: $@  passes an unsigned int to a function that requires a signed int: $@. And then used in pointer arithmetic: $@", call, call.toString(), f, f.toString(), sink, sink.toString()