C++: Add test cases exploring issues and potential issues with the query (especially related to simple range analysis).

geoffw0 · geoffw0 · commit 59ff3f315b34 · 2021-04-06T22:21:25.000+01:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero/UnsignedDifferenceExpressionComparedZero.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero/UnsignedDifferenceExpressionComparedZero.expected
@@ -8,3 +8,21 @@
 | test.cpp:62:5:62:13 | ... > ... | Unsigned subtraction can never be negative. |
 | test.cpp:69:5:69:13 | ... > ... | Unsigned subtraction can never be negative. |
 | test.cpp:75:8:75:16 | ... > ... | Unsigned subtraction can never be negative. |
+| test.cpp:83:6:83:14 | ... > ... | Unsigned subtraction can never be negative. |
+| test.cpp:92:6:92:14 | ... > ... | Unsigned subtraction can never be negative. |
+| test.cpp:101:6:101:14 | ... > ... | Unsigned subtraction can never be negative. |
+| test.cpp:110:6:110:14 | ... > ... | Unsigned subtraction can never be negative. |
+| test.cpp:119:6:119:14 | ... > ... | Unsigned subtraction can never be negative. |
+| test.cpp:128:6:128:14 | ... > ... | Unsigned subtraction can never be negative. |
+| test.cpp:137:6:137:14 | ... > ... | Unsigned subtraction can never be negative. |
+| test.cpp:146:7:146:15 | ... > ... | Unsigned subtraction can never be negative. |
+| test.cpp:152:7:152:15 | ... > ... | Unsigned subtraction can never be negative. |
+| test.cpp:156:7:156:15 | ... > ... | Unsigned subtraction can never be negative. |
+| test.cpp:169:6:169:14 | ... > ... | Unsigned subtraction can never be negative. |
+| test.cpp:182:6:182:14 | ... > ... | Unsigned subtraction can never be negative. |
+| test.cpp:195:6:195:14 | ... > ... | Unsigned subtraction can never be negative. |
+| test.cpp:208:6:208:14 | ... > ... | Unsigned subtraction can never be negative. |
+| test.cpp:219:7:219:15 | ... > ... | Unsigned subtraction can never be negative. |
+| test.cpp:226:8:226:16 | ... > ... | Unsigned subtraction can never be negative. |
+| test.cpp:252:10:252:18 | ... > ... | Unsigned subtraction can never be negative. |
+| test.cpp:266:10:266:24 | ... > ... | Unsigned subtraction can never be negative. |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero/test.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero/test.cpp
@@ -74,4 +74,194 @@ void test(unsigned x, unsigned y, bool unknown) {
   	y += n; // NOTE: `n` is at most `x - y` at this point.
   	if (x - y > 0) {} // GOOD [FALSE POSITIVE]
 	}
-}
+}
+
+void test2() {
+	unsigned int a = getAnInt();
+	unsigned int b = a;
+
+	if (a - b > 0) { // GOOD (as a = b) [FALSE POSITIVE]
+		// ...
+	}
+}
+
+void test3() {
+	unsigned int a = getAnInt();
+	unsigned int b = a - 1;
+
+	if (a - b > 0) { // GOOD (as a >= b) [FALSE POSITIVE]
+		// ...
+	}
+}
+
+void test4() {
+	unsigned int a = getAnInt();
+	unsigned int b = a + 1;
+
+	if (a - b > 0) { // BAD
+		// ...
+	}
+}
+
+void test5() {
+	unsigned int b = getAnInt();
+	unsigned int a = b;
+
+	if (a - b > 0) { // GOOD (as a = b) [FALSE POSITIVE]
+		// ...
+	}
+}
+
+void test6() {
+	unsigned int b = getAnInt();
+	unsigned int a = b + 1;
+
+	if (a - b > 0) { // GOOD (as a >= b) [FALSE POSITIVE]
+		// ...
+	}
+}
+
+void test7() {
+	unsigned int b = getAnInt();
+	unsigned int a = b - 1;
+
+	if (a - b > 0) { // BAD
+		// ...
+	}
+}
+
+void test8() {
+	unsigned int a = getAnInt();
+	unsigned int b = getAnInt();
+
+	if (a - b > 0) { // BAD
+		// ...
+	}
+
+	if (a >= b) { // GOOD
+		if (a - b > 0) { // GOOD (as a >= b)
+			// ...
+		}
+	} else {
+		if (a - b > 0) { // BAD
+			// ...
+		}
+	}
+
+	if (b >= a) { // GOOD
+		if (a - b > 0) { // BAD
+			// ...
+		}
+	} else {
+		if (a - b > 0) { // GOOD (as a > b) [FALSE POSITIVE]
+			// ...
+		}
+	}
+
+	while (a >= b) { // GOOD
+		if (a - b > 0) { // GOOD (as a >= b)
+			// ...
+		}
+	}
+
+	if (a < b) return;
+
+	if (a - b > 0) { // GOOD (as a >= b) [FALSE POSITIVE]
+		// ...
+	}
+}
+
+void test9() {
+	unsigned int a = getAnInt();
+	unsigned int b = getAnInt();
+
+	if (a < b) {
+		b = 0;
+	}
+
+	if (a - b > 0) { // GOOD (as a >= b) [FALSE POSITIVE]
+		// ...
+	}
+}
+
+void test10() {
+	unsigned int a = getAnInt();
+	unsigned int b = getAnInt();
+
+	if (a < b) {
+		a = b;
+	}
+
+	if (a - b > 0) { // GOOD (as a >= b) [FALSE POSITIVE]
+		// ...
+	}
+}
+
+void test11() {
+	unsigned int a = getAnInt();
+	unsigned int b = getAnInt();
+
+	if (a < b) return;
+
+	b = getAnInt();
+
+	if (a - b > 0) { // BAD
+		// ...
+	}
+}
+
+void test12() {
+	unsigned int a = getAnInt();
+	unsigned int b = getAnInt();
+	unsigned int c;
+
+	if ((b <= c) && (c <= a)) {
+		if (a - b > 0) { // GOOD (as b <= a) [FALSE POSITIVE]
+			// ...
+		}
+	}
+
+	if (b <= c) {
+		if (c <= a) {
+			if (a - b > 0) { // GOOD (as b <= a) [FALSE POSITIVE]
+				// ...
+			}
+		}
+	}
+}
+
+int test13() {
+	unsigned int a = getAnInt();
+	unsigned int b = getAnInt();
+
+	if (b != 0) {
+		return 0;
+	}
+
+	return (a - b > 0); // GOOD (as b = 0)
+}
+
+int test14() {
+	unsigned int a = getAnInt();
+	unsigned int b = getAnInt();
+
+	if (!b) {
+		return 0;
+	}
+
+	return (a - b > 0); // GOOD (as b = 0) [FALSE POSITIVE]
+}
+
+struct Numbers
+{
+	unsigned int a, b;
+};
+
+int test15(Numbers *n) {
+
+	if (!n) {
+		return 0;
+	}
+
+	return (n->a - n->b > 0); // BAD
+}
