C++: Include ComplementExpr as a sanitizer.

MathiasVP · MathiasVP · commit 04dcef5ec4e5 · 2021-07-12T11:53:47.000+02:00
diff --git a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
@@ -103,8 +103,11 @@ class UncontrolledArithConfiguration extends TaintTracking::Configuration {
     // If this expression is part of bitwise 'and' or 'or' operation it's likely that the value is
     // only used as a bit pattern.
     node.asExpr() =
-      any(BinaryBitwiseOperation op | op instanceof BitwiseOrExpr or op instanceof BitwiseAndExpr)
-          .getAnOperand*()
+      any(Operation op |
+        op instanceof BitwiseOrExpr or
+        op instanceof BitwiseAndExpr or
+        op instanceof ComplementExpr
+      ).getAnOperand*()
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -103,8 +103,11 @@ class UncontrolledArithConfiguration extends TaintTracking::Configuration {`
`103`	`103`	`// If this expression is part of bitwise 'and' or 'or' operation it's likely that the value is`
`104`	`104`	`// only used as a bit pattern.`
`105`	`105`	`node.asExpr() =`
`106`		`- any(BinaryBitwiseOperation op \| op instanceof BitwiseOrExpr or op instanceof BitwiseAndExpr)`
`107`		`- .getAnOperand*()`
	`106`	`+ any(Operation op \|`
	`107`	`+ op instanceof BitwiseOrExpr or`
	`108`	`+ op instanceof BitwiseAndExpr or`
	`109`	`+ op instanceof ComplementExpr`
	`110`	`+ ).getAnOperand*()`
`108`	`111`	`}`
`109`	`112`	`}`
`110`	`113`