C++: Update the alert message in 'cpp/iterator-to-expired-container'.

MathiasVP · MathiasVP · commit 61ce7252e659 · 2024-04-30T16:12:54.000+01:00
diff --git a/cpp/ql/src/Security/CWE/CWE-416/IteratorToExpiredContainer.ql b/cpp/ql/src/Security/CWE/CWE-416/IteratorToExpiredContainer.ql
@@ -62,10 +62,9 @@ DataFlow::Node getADestroyedNode(DataFlow::Node n) {
   )
 }
 
-predicate destroyedToBeginSink(DataFlow::Node sink, FunctionCall fc) {
+predicate destroyedToBeginSink(DataFlow::Node sink) {
   exists(CallInstruction call |
     call = sink.asOperand().(ThisArgumentOperand).getCall() and
-    fc = call.getUnconvertedResultExpression() and
     call.getStaticCallTarget() instanceof BeginOrEndFunction
   )
 }
@@ -90,7 +89,7 @@ private predicate qualifierToDestroyed(DataFlow::Node node1, DataFlow::Node node
 module Config0 implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { qualifierToDestroyed(_, source) }
 
-  predicate isSink(DataFlow::Node sink) { destroyedToBeginSink(sink, _) }
+  predicate isSink(DataFlow::Node sink) { destroyedToBeginSink(sink) }
 }
 
 module Flow0 = DataFlow::Global<Config0>;
@@ -150,9 +149,9 @@ module Config implements DataFlow::StateConfigSig {
 
 module Flow = DataFlow::GlobalWithState<Config>;
 
-from Flow::PathNode source, Flow::PathNode sink, FunctionCall beginOrEnd, DataFlow::Node mid
+from Flow::PathNode source, Flow::PathNode sink, DataFlow::Node mid
 where
   Flow::flowPath(source, sink) and
-  destroyedToBeginSink(sink.getNode(), beginOrEnd) and
+  destroyedToBeginSink(sink.getNode()) and
   sink.getState() = Config::DestroyedToBegin(mid)
-select mid, "This object is destroyed before $@ is called.", beginOrEnd, beginOrEnd.toString()
+select mid, "This object is destroyed at the end of the full-expression."

Original file line number	Diff line number	Diff line change
`@@ -62,10 +62,9 @@ DataFlow::Node getADestroyedNode(DataFlow::Node n) {`
`62`	`62`	`)`
`63`	`63`	`}`
`64`	`64`
`65`		`-predicate destroyedToBeginSink(DataFlow::Node sink, FunctionCall fc) {`
	`65`	`+predicate destroyedToBeginSink(DataFlow::Node sink) {`
`66`	`66`	`exists(CallInstruction call \|`
`67`	`67`	`call = sink.asOperand().(ThisArgumentOperand).getCall() and`
`68`		`- fc = call.getUnconvertedResultExpression() and`
`69`	`68`	`call.getStaticCallTarget() instanceof BeginOrEndFunction`
`70`	`69`	`)`
`71`	`70`	`}`
`@@ -90,7 +89,7 @@ private predicate qualifierToDestroyed(DataFlow::Node node1, DataFlow::Node node`
`90`	`89`	`module Config0 implements DataFlow::ConfigSig {`
`91`	`90`	`predicate isSource(DataFlow::Node source) { qualifierToDestroyed(_, source) }`
`92`	`91`
`93`		`- predicate isSink(DataFlow::Node sink) { destroyedToBeginSink(sink, _) }`
	`92`	`+ predicate isSink(DataFlow::Node sink) { destroyedToBeginSink(sink) }`
`94`	`93`	`}`
`95`	`94`
`96`	`95`	`module Flow0 = DataFlow::Global<Config0>;`
`@@ -150,9 +149,9 @@ module Config implements DataFlow::StateConfigSig {`
`150`	`149`
`151`	`150`	`module Flow = DataFlow::GlobalWithState<Config>;`
`152`	`151`
`153`		`-from Flow::PathNode source, Flow::PathNode sink, FunctionCall beginOrEnd, DataFlow::Node mid`
	`152`	`+from Flow::PathNode source, Flow::PathNode sink, DataFlow::Node mid`
`154`	`153`	`where`
`155`	`154`	`Flow::flowPath(source, sink) and`
`156`		`- destroyedToBeginSink(sink.getNode(), beginOrEnd) and`
	`155`	`+ destroyedToBeginSink(sink.getNode()) and`
`157`	`156`	`sink.getState() = Config::DestroyedToBegin(mid)`
`158`		`-select mid, "This object is destroyed before $@ is called.", beginOrEnd, beginOrEnd.toString()`
	`157`	`+select mid, "This object is destroyed at the end of the full-expression."`