Merge pull request github#16557 from MathiasVP/fix-unique-pointer-query-fp

MathiasVP · web-flow · commit 1a0d66b33931 · 2024-05-22T15:09:54.000+01:00
C++: Fix `cpp/use-of-unique-pointer-after-lifetime-ends` FP
diff --git a/cpp/ql/src/Security/CWE/CWE-416/UseOfUniquePointerAfterLifetimeEnds.ql b/cpp/ql/src/Security/CWE/CWE-416/UseOfUniquePointerAfterLifetimeEnds.ql
@@ -30,6 +30,8 @@ where
   outlivesFullExpr(c) and
   not c.isFromUninstantiatedTemplate(_) and
   isUniquePointerDerefFunction(c.getTarget()) and
+  // Exclude cases where the pointer is implicitly converted to a non-pointer type
+  not c.getActualType() instanceof IntegralType and
   isTemporary(c.getQualifier().getFullyConverted())
 select c,
   "The underlying unique pointer object is destroyed after the call to '" + c.getTarget() +
diff --git a/cpp/ql/src/change-notes/2024-05-22-use-of-unique-pointer-after-lifetime-ends-fp.md b/cpp/ql/src/change-notes/2024-05-22-use-of-unique-pointer-after-lifetime-ends-fp.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The "Use of unique pointer after lifetime ends" query (`cpp/use-of-unique-pointer-after-lifetime-ends`) no longer reports an alert when the pointer is converted to a boolean
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-416/semmle/tests/UseOfUniquePtrAfterLifetimeEnds/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-416/semmle/tests/UseOfUniquePtrAfterLifetimeEnds/test.cpp
@@ -203,4 +203,12 @@ void test2(bool b1, bool b2) {
   auto s11 = b2 ? nullptr : sRefRef.get(); // GOOD
   const S* s12;
   s12 = sRefRef.get(); // GOOD
+}
+
+void test_convert_to_bool() {
+  bool b = get_unique_ptr().get(); // GOOD
+
+  if(get_unique_ptr().get()) { // GOOD
+
+  }
 }

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* The "Use of unique pointer after lifetime ends" query (`cpp/use-of-unique-pointer-after-lifetime-ends`) no longer reports an alert when the pointer is converted to a boolean