Merge branch 'brodes/seh_flow_phase1_throwing_models' of https://github.com/microsoft/codeql into brodes/seh_flow_phase1_throwing_models

bdrodes · bdrodes · commit 23485f185bfe · 2024-11-19T13:36:01.000-05:00
diff --git a/cpp/ql/src/Critical/UseAfterFree.qhelp b/cpp/ql/src/Critical/UseAfterFree.qhelp
@@ -8,7 +8,7 @@
 <p>
 This rule finds accesses through a pointer of a memory location that has already been freed (i.e. through a dangling pointer). 
 Such memory blocks have already been released to the dynamic memory manager, and modifying them can lead to anything 
-from a segfault to memory corruption that would cause subsequent calls to the dynamic memory manger to behave 
+from a segfault to memory corruption that would cause subsequent calls to the dynamic memory manager to behave 
 erratically, to a possible security vulnerability.
 </p>
 
diff --git a/python/extractor/semmle/python/passes/pruner.py b/python/extractor/semmle/python/passes/pruner.py
@@ -196,6 +196,25 @@ def visit_Attribute(self, node):
         if isinstance(node.value, ast.Name):
             self.nodes.add(node.value)
 
+class NotBooleanTestVisitor(ASTVisitor):
+    """Visitor that checks if a test is not a boolean test."""
+
+    def __init__(self):
+        self.nodes = set()
+
+    def visit_MatchLiteralPattern(self, node):
+        # MatchLiteralPatterns _look_ like boolean tests, but are not.
+        # Thus, without this check, we would interpret
+        #
+        # match x:
+        #    case False:
+        #        pass
+        #
+        # (and similarly for True) as if it was a boolean test. This would cause the true edge
+        # (leading to pass) to be pruned later on.
+        if isinstance(node.literal, ast.Name) and node.literal.id in ('True', 'False'):
+            self.nodes.add(node.literal)
+
 class NonlocalVisitor(ASTVisitor):
     def __init__(self):
         self.names = set()
@@ -306,6 +325,8 @@ def effective_constants_definitions(bool_const_defns, graph, branching_edges):
 def do_pruning(tree, graph):
     v = BoolConstVisitor()
     v.visit(tree)
+    not_boolean_test = NotBooleanTestVisitor()
+    not_boolean_test.visit(tree)
     nonlocals = NonlocalVisitor()
     nonlocals.visit(tree)
     global_vars = GlobalVisitor()
@@ -353,6 +374,8 @@ def do_pruning(tree, graph):
             b = const_value(pred.node)
             if b is None:
                 continue
+            if pred.node in not_boolean_test.nodes:
+                continue
             if b.contradicts(val):
                 to_be_removed.add((pred, succ))
         if not to_be_removed:
diff --git a/python/ql/test/query-tests/Statements/unreachable/UnreachableCode.expected b/python/ql/test/query-tests/Statements/unreachable/UnreachableCode.expected
@@ -4,5 +4,3 @@
 | test.py:21:5:21:38 | For | This statement is unreachable. |
 | test.py:28:9:28:21 | ExprStmt | This statement is unreachable. |
 | test.py:84:5:84:21 | ExceptStmt | This statement is unreachable. |
-| test.py:144:13:144:16 | Pass | This statement is unreachable. |
-| test.py:147:9:148:16 | Case | This statement is unreachable. |
