fix isBarrier according to code review

am0o0 · am0o0 · commit 7af4b8de7b2c · 2023-11-06T10:58:00.000+01:00
diff --git a/go/ql/src/experimental/CWE-522-DecompressionBombs/DecompressionBombs.ql b/go/ql/src/experimental/CWE-522-DecompressionBombs/DecompressionBombs.ql
@@ -49,11 +49,12 @@ module DecompressionBombsConfig implements DataFlow::StateConfigSig {
 
   predicate isBarrier(DataFlow::Node node) {
     // here I want to the CopyN return value be compared with < or > but I can't reach the tainted result
-    exists(Function f | f.hasQualifiedName("io", "CopyN") |
-      node = f.getACall().getArgument(1) and
-      TaintTracking::localExprTaint(f.getACall().getResult(0).asExpr(),
-        // only >=, <=,>,<
-        any(RelationalComparisonExpr rce).getAnOperand())
+    exists(Function f, DataFlow::CallNode cn |
+      f.hasQualifiedName("io", "CopyN") and cn = f.getACall()
+    |
+      node = cn.getArgument(1) and
+      TaintTracking::localTaint(cn.getResult(0),
+        any(DataFlow::RelationalComparisonNode rcn).getAnOperand())
     )
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -49,11 +49,12 @@ module DecompressionBombsConfig implements DataFlow::StateConfigSig {`
`49`	`49`
`50`	`50`	`predicate isBarrier(DataFlow::Node node) {`
`51`	`51`	`// here I want to the CopyN return value be compared with < or > but I can't reach the tainted result`
`52`		`- exists(Function f \| f.hasQualifiedName("io", "CopyN") \|`
`53`		`- node = f.getACall().getArgument(1) and`
`54`		`- TaintTracking::localExprTaint(f.getACall().getResult(0).asExpr(),`
`55`		`- // only >=, <=,>,<`
`56`		`- any(RelationalComparisonExpr rce).getAnOperand())`
	`52`	`+ exists(Function f, DataFlow::CallNode cn \|`
	`53`	`+ f.hasQualifiedName("io", "CopyN") and cn = f.getACall()`
	`54`	`+ \|`
	`55`	`+ node = cn.getArgument(1) and`
	`56`	`+ TaintTracking::localTaint(cn.getResult(0),`
	`57`	`+ any(DataFlow::RelationalComparisonNode rcn).getAnOperand())`
`57`	`58`	`)`
`58`	`59`	`}`
`59`	`60`	`}`