fix that js/file-system-race could have FPs related to loops

erik-krogh · erik-krogh · commit 7500a3181436 · 2022-10-11T13:41:51.000+02:00
diff --git a/javascript/ql/src/Security/CWE-367/FileSystemRace.ql b/javascript/ql/src/Security/CWE-367/FileSystemRace.ql
@@ -106,7 +106,7 @@ predicate useAfterCheck(FileCheck check, FileUse use) {
     )
   )
   or
-  check.getBasicBlock().getASuccessor+() = use.getBasicBlock()
+  check.getBasicBlock().(ReachableBasicBlock).strictlyDominates(use.getBasicBlock())
 }
 
 from FileCheck check, FileUse use
diff --git a/javascript/ql/test/query-tests/Security/CWE-367/tst.js b/javascript/ql/test/query-tests/Security/CWE-367/tst.js
@@ -41,3 +41,8 @@ const filePath3 = createFile();
 if (fs.existsSync(filePath3)) {
   fs.readFileSync(filePath3); // OK - a read after an existence check is OK 
 }
+
+const filePath4 = createFile();
+while(Math.random() > 0.5) {
+    fs.open(filePath4); // OK - it is only ever opened here.
+}

Original file line number	Diff line number	Diff line change
`@@ -106,7 +106,7 @@ predicate useAfterCheck(FileCheck check, FileUse use) {`
`106`	`106`	`)`
`107`	`107`	`)`
`108`	`108`	`or`
`109`		`- check.getBasicBlock().getASuccessor+() = use.getBasicBlock()`
	`109`	`+ check.getBasicBlock().(ReachableBasicBlock).strictlyDominates(use.getBasicBlock())`
`110`	`110`	`}`
`111`	`111`
`112`	`112`	`from FileCheck check, FileUse use`
Original file line number	Diff line number	Diff line change
`@@ -41,3 +41,8 @@ const filePath3 = createFile();`
`41`	`41`	`if (fs.existsSync(filePath3)) {`
`42`	`42`	`fs.readFileSync(filePath3); // OK - a read after an existence check is OK`
`43`	`43`	`}`
	`44`	`+`
	`45`	`+const filePath4 = createFile();`
	`46`	`+while(Math.random() > 0.5) {`
	`47`	`+ fs.open(filePath4); // OK - it is only ever opened here.`
	`48`	`+}`