Update OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql

ihsinme · web-flow · commit e5c30c2edfbe · 2021-08-03T15:29:51.000+03:00
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql b/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql
@@ -29,6 +29,12 @@ predicate isLogicalOrandBitwise(Expr exptmp) {
   (
     exptmp.(LogicalOrExpr).getRightOperand().(BinaryBitwiseOperation).getLeftOperand().getType()
       instanceof BoolType and
+    /**
+     * The essence of these lines is to improve the quality of detection by eliminating the situation 
+     * of processing a logical type by bit operations. In fact, the predicate looks for a situation 
+     * when the left operand of a bit operation has a boolean type, which already suggests that the priority is not correct. 
+     * But if the right-hand operand is 0 or 1, then there is a possibility that the author intended so.
+     */
     not exptmp
         .(LogicalOrExpr)
         .getRightOperand()
@@ -48,6 +54,12 @@ predicate isLogicalOrandBitwise(Expr exptmp) {
   (
     exptmp.(LogicalAndExpr).getRightOperand().(BinaryBitwiseOperation).getLeftOperand().getType()
       instanceof BoolType and
+    /**
+     * Looking for a situation in which the right-hand operand of a bit operation is not limited to 0 or 1.
+     * In this case, the logical operation will be performed with the result of a binary operation that is not a Boolean type.
+     * In my opinion this indicates a priority error. after all, it will be quite difficult for a developer 
+     * to evaluate the conversion of the results of a bit operation to a boolean type.
+     */
     not exptmp
         .(LogicalAndExpr)
         .getRightOperand()
@@ -165,12 +177,22 @@ where
   isLogicalOrandBitwise(exp) and
   msg = "Binary operations have higher priority."
   or
+  /** 
+   * Looking for a situation where the equality of the sizes of the first operands 
+   * might indicate that the developer planned to perform an operation between them.
+   * However, the absence of parentheses means that the rightmost operation will be performed initially. 
+   */
   isBitwiseandBitwise(exp) and
   isDifferentSize(exp.(BinaryBitwiseOperation).getLeftOperand(),
     exp.(BinaryBitwiseOperation).getRightOperand().(BinaryBitwiseOperation).getLeftOperand(),
     exp.(BinaryBitwiseOperation).getRightOperand().(BinaryBitwiseOperation).getRightOperand()) and
   msg = "Expression ranges do not match operation precedence."
   or
+  /**
+   * Looking for a out those expressions that, as a result of identifying the priority with parentheses, 
+   * will give different values. As a consequence, this piece of code was supposed to find errors associated 
+   * with possible outcomes of operations.
+   */
   isBitwiseandBitwise(exp) and
   isDifferentResults(exp.(BinaryBitwiseOperation).getLeftOperand(),
     exp.(BinaryBitwiseOperation).getRightOperand().(BinaryBitwiseOperation).getLeftOperand(),
