CPP: Add exception for wrapped whitelisted functions.

geoffw0 · geoffw0 · commit 7a877bfe14f5 · 2019-01-09T18:30:19.000Z
diff --git a/cpp/ql/src/Likely Bugs/Conversion/LossyFunctionResultCast.ql b/cpp/ql/src/Likely Bugs/Conversion/LossyFunctionResultCast.ql
@@ -8,6 +8,7 @@
  * @precision medium
  * @tags correctness
  */
+
 import cpp
 
 predicate whitelist(string fName) {
@@ -42,10 +43,23 @@ predicate whitelistPow(FunctionCall fc) {
   )
 }
 
+predicate whiteListWrapped(FunctionCall fc) {
+  whitelist(fc.getTarget().getName()) or
+  whitelistPow(fc) or
+  exists(ReturnStmt rs |
+    rs.getEnclosingFunction() = fc.getTarget() and
+    whiteListWrapped(rs.getExpr())
+  ) or
+  exists(ReturnStmt rs, Variable v |
+    rs.getEnclosingFunction() = fc.getTarget() and
+    rs.getExpr().(VariableAccess).getTarget() = v and
+    whiteListWrapped(v.getAnAssignedValue())
+  )
+}
+
 from FunctionCall c, FloatingPointType t1, IntegralType t2
 where t1 = c.getTarget().getType().getUnderlyingType() and
       t2 = c.getActualType() and
       c.hasImplicitConversion() and
-      not whitelist(c.getTarget().getName()) and
-      not whitelistPow(c)
+      not whiteListWrapped(c)
 select c, "Return value of type " + t1.toString() + " is implicitly converted to " + t2.toString() + " here."
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Conversion/LossyFunctionResultCast/ImplicitDowncastFromBitfield.expected b/cpp/ql/test/query-tests/Likely Bugs/Conversion/LossyFunctionResultCast/ImplicitDowncastFromBitfield.expected
@@ -7,4 +7,3 @@
 | test.cpp:101:10:101:12 | call to pow | Return value of type double is implicitly converted to int here. |
 | test.cpp:103:10:103:12 | call to pow | Return value of type double is implicitly converted to int here. |
 | test.cpp:105:10:105:12 | call to pow | Return value of type double is implicitly converted to int here. |
-| test.cpp:118:10:118:16 | call to myRound | Return value of type double is implicitly converted to int here. |
diff --git a/cpp/ql/test/query-tests/Likely Bugs/Conversion/LossyFunctionResultCast/test.cpp b/cpp/ql/test/query-tests/Likely Bugs/Conversion/LossyFunctionResultCast/test.cpp
@@ -115,5 +115,5 @@ double myRound(double v)
 
 void test3()
 {
-	int i = myRound(1.5); // GOOD [FALSE POSITIVE]
+	int i = myRound(1.5); // GOOD
 }

Original file line number	Diff line number	Diff line change
`@@ -115,5 +115,5 @@ double myRound(double v)`
`115`	`115`
`116`	`116`	`void test3()`
`117`	`117`	`{`
`118`		`- int i = myRound(1.5); // GOOD [FALSE POSITIVE]`
	`118`	`+ int i = myRound(1.5); // GOOD`
`119`	`119`	`}`