Fix UnicodeDoS vulnerability in CWE-770

Sim4n6 · yoff · commit 085d803b14fa · 2024-03-15T14:17:23.000+01:00
diff --git a/python/ql/src/experimental/Security/CWE-770/UnicodeDoS.ql b/python/ql/src/experimental/Security/CWE-770/UnicodeDoS.ql
@@ -60,6 +60,16 @@ predicate underAValue(DataFlow::GuardNode g, ControlFlowNode node, boolean branc
         (op_gt = any(GtE gte) or op_gt = any(Gt gt)) and
         branch = true and
         cn.operands(_, op_gt, n.asCfgNode())
+        or
+        // not arg <= LIMIT OR not arg < LIMIT
+        (op_lt = any(LtE lte) or op_lt = any(Lt lt)) and
+        branch = false and
+        cn.operands(n.asCfgNode(), op_lt, _)
+        or
+        // not LIMIT >= arg OR not LIMIT > arg
+        (op_gt = any(GtE gte) or op_gt = any(Gt gt)) and
+        branch = false and
+        cn.operands(_, op_gt, n.asCfgNode())
       )
     |
       lenCall = API::builtin("len").getACall() and
