Fix UnicodeDoS vulnerability in CWE-770 code

Sim4n6 · yoff · commit af19a0342e33 · 2024-03-15T14:17:23.000+01:00
diff --git a/python/ql/src/experimental/Security/CWE-770/UnicodeDoS.ql b/python/ql/src/experimental/Security/CWE-770/UnicodeDoS.ql
@@ -61,15 +61,15 @@ predicate underAValue(DataFlow::GuardNode g, ControlFlowNode node, boolean branc
         branch = true and
         cn.operands(_, op_gt, n.asCfgNode())
         or
-        // not arg <= LIMIT OR not arg < LIMIT
-        (op_lt = any(LtE lte) or op_lt = any(Lt lt)) and
+        // not arg >= LIMIT OR not arg > LIMIT
+        (op_gt = any(GtE gte) or op_gt = any(Gt gt)) and
         branch = false and
-        cn.operands(n.asCfgNode(), op_lt, _)
+        cn.operands(n.asCfgNode(), op_gt, _)
         or
-        // not LIMIT >= arg OR not LIMIT > arg
-        (op_gt = any(GtE gte) or op_gt = any(Gt gt)) and
+        // not LIMIT <= arg OR not LIMIT < arg
+        (op_lt = any(LtE lte) or op_lt = any(Lt lt)) and
         branch = false and
-        cn.operands(_, op_gt, n.asCfgNode())
+        cn.operands(_, op_lt, n.asCfgNode())
       )
     |
       lenCall = API::builtin("len").getACall() and
