C++: Improve isGuarded.

geoffw0 · geoffw0 · commit 3ecd13531f7b · 2021-04-06T22:21:59.000+01:00
diff --git a/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql b/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql
@@ -16,12 +16,16 @@ import semmle.code.cpp.valuenumbering.GlobalValueNumbering
 import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
 import semmle.code.cpp.controlflow.Guards
 
-/** Holds if `sub` is guarded by a condition which ensures that `left >= right`. */
+/**
+ *  Holds if `sub` is guarded by a condition which ensures that
+ * `left >= right`.
+ */
 pragma[noinline]
 predicate isGuarded(SubExpr sub, Expr left, Expr right) {
-  exists(GuardCondition guard |
-    guard.controls(sub.getBasicBlock(), true) and
-    guard.ensuresLt(left, right, 0, sub.getBasicBlock(), false)
+  exists(GuardCondition guard, int k |
+    guard.controls(sub.getBasicBlock(), _) and
+    guard.ensuresLt(left, right, k, sub.getBasicBlock(), false) and
+    k >= 0
   )
 }
 
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero/UnsignedDifferenceExpressionComparedZero.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero/UnsignedDifferenceExpressionComparedZero.expected
@@ -17,8 +17,6 @@
 | test.cpp:137:6:137:14 | ... > ... | Unsigned subtraction can never be negative. |
 | test.cpp:146:7:146:15 | ... > ... | Unsigned subtraction can never be negative. |
 | test.cpp:152:7:152:15 | ... > ... | Unsigned subtraction can never be negative. |
-| test.cpp:156:7:156:15 | ... > ... | Unsigned subtraction can never be negative. |
-| test.cpp:169:6:169:14 | ... > ... | Unsigned subtraction can never be negative. |
 | test.cpp:182:6:182:14 | ... > ... | Unsigned subtraction can never be negative. |
 | test.cpp:195:6:195:14 | ... > ... | Unsigned subtraction can never be negative. |
 | test.cpp:208:6:208:14 | ... > ... | Unsigned subtraction can never be negative. |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero/test.cpp
@@ -153,7 +153,7 @@ void test8() {
 			// ...
 		}
 	} else {
-		if (a - b > 0) { // GOOD (as a > b) [FALSE POSITIVE]
+		if (a - b > 0) { // GOOD (as a > b)
 			// ...
 		}
 	}
@@ -166,7 +166,7 @@ void test8() {
 
 	if (a < b) return;
 
-	if (a - b > 0) { // GOOD (as a >= b) [FALSE POSITIVE]
+	if (a - b > 0) { // GOOD (as a >= b)
 		// ...
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -153,7 +153,7 @@ void test8() {`
`153`	`153`	`// ...`
`154`	`154`	`}`
`155`	`155`	`} else {`
`156`		`- if (a - b > 0) { // GOOD (as a > b) [FALSE POSITIVE]`
	`156`	`+ if (a - b > 0) { // GOOD (as a > b)`
`157`	`157`	`// ...`
`158`	`158`	`}`
`159`	`159`	`}`
`@@ -166,7 +166,7 @@ void test8() {`
`166`	`166`
`167`	`167`	`if (a < b) return;`
`168`	`168`
`169`		`- if (a - b > 0) { // GOOD (as a >= b) [FALSE POSITIVE]`
	`169`	`+ if (a - b > 0) { // GOOD (as a >= b)`
`170`	`170`	`// ...`
`171`	`171`	`}`
`172`	`172`	`}`