C++: Switch result conflation query to a slightly simpler dataflow-only approach.

geoffw0 · geoffw0 · commit 88b6bd947886 · 2021-11-24T18:25:57.000Z
diff --git a/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql b/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql
@@ -13,7 +13,6 @@
 
 import cpp
 import semmle.code.cpp.controlflow.Guards
-import semmle.code.cpp.valuenumbering.GlobalValueNumbering
 import semmle.code.cpp.dataflow.DataFlow
 
 class SSLGetVerifyResultCall extends FunctionCall {
@@ -36,14 +35,12 @@ class VerifyResultConfig extends DataFlow::Configuration {
   }
 }
 
-// TODO: use GVN on *both* sinks to get more results!?
-
 from
 	VerifyResultConfig config, DataFlow::Node source, DataFlow::Node sink1, DataFlow::Node sink2,
 	GuardCondition guard, Expr c1, Expr c2, boolean testIsTrue
 where
 	config.hasFlow(source, sink1) and
-	globalValueNumber(sink1.asExpr()) = globalValueNumber(sink2.asExpr()) and
+	config.hasFlow(source, sink2) and
 	guard.comparesEq(sink1.asExpr(), c1, 0, false, testIsTrue) and // (value != c1) => testIsTrue
 	guard.comparesEq(sink2.asExpr(), c2, 0, false, testIsTrue) and // (value != c2) => testIsTrue
 	c1.getValue().toInt() = 0 and
