Merge pull request #58 from microsoft/jb1/improper-array-index

ropwareJB · web-flow · commit 20033b9b04c9 · 2024-04-19T03:24:27.000+10:00
Jb1/improper array index
diff --git a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql
@@ -66,7 +66,10 @@ predicate predictableInstruction(Instruction instr) {
 }
 
 module ImproperArrayIndexValidationConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { isFlowSource(source, _) }
+  predicate isSource(DataFlow::Node source) {
+    isFlowSource(source, _) and
+    not source.getLocation().getFile().getRelativePath().regexpMatch("(.*/)?tests?/.*")
+  }
 
   predicate isBarrier(DataFlow::Node node) {
     hasUpperBound(node.asExpr())
@@ -117,7 +120,8 @@ module ImproperArrayIndexValidationConfig implements DataFlow::ConfigSig {
 module ImproperArrayIndexValidation = TaintTracking::Global<ImproperArrayIndexValidationConfig>;
 
 from
-  ImproperArrayIndexValidation::PathNode source, ImproperArrayIndexValidation::PathNode sink,
+  ImproperArrayIndexValidation::PathNode source,
+  ImproperArrayIndexValidation::PathNode sink,
   string sourceType
 where
   ImproperArrayIndexValidation::flowPath(source, sink) and
