Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e9499b5

Browse files
geoffw0geoffw0
committed
CPP: Exclude switch statements.
1 parent 298ead1 commit e9499b5

4 files changed

Lines changed: 3 additions & 4 deletions

File tree

cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,7 @@ where exists
4848
ctls.getControllingExpr() = e1
4949
and e1.getType().(TypedefType).hasName("HRESULT")
5050
and not isHresultBooleanConverted(e1)
51+
and not ctls instanceof SwitchStmt // not controlled by a boolean condition
5152
and msg = "Direct usage of a type " + e1.getType().toString() + " as a conditional expression"
5253
)
5354
or

cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@ void IncorrectTypeConversionTest() {
106106
while (!HresultFunction()) {}; // BUG
107107
while (FAILED(HresultFunction())) {}; // Correct Usage
108108

109-
switch(hr) // Correct Usage [FALSE POSITIVE]
109+
switch(hr) // Correct Usage
110110
{
111111
case S_OK:
112112
case S_FALSE:

cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,7 @@ void IncorrectTypeConversionTest() {
103103
while (!HresultFunction()) {}; // BUG
104104
while (FAILED(HresultFunction())) {}; // Correct Usage
105105

106-
switch(hr) // Correct Usage [FALSE POSITIVE]
106+
switch(hr) // Correct Usage
107107
{
108108
case S_OK:
109109
case S_FALSE:

cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.expected

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,6 @@
99
| HResultBooleanConversion.c:82:10:82:11 | hr | Usage of a type HRESULT as an argument of a unary logical operation |
1010
| HResultBooleanConversion.c:92:9:92:10 | hr | Direct usage of a type HRESULT as a conditional expression |
1111
| HResultBooleanConversion.c:106:13:106:27 | call to HresultFunction | Usage of a type HRESULT as an argument of a unary logical operation |
12-
| HResultBooleanConversion.c:109:12:109:13 | hr | Direct usage of a type HRESULT as a conditional expression |
1312
| HResultBooleanConversion.cpp:39:12:39:23 | call to BoolFunction | Implicit conversion from BOOL to HRESULT |
1413
| HResultBooleanConversion.cpp:44:12:44:24 | call to BoolFunction2 | Implicit conversion from bool to HRESULT |
1514
| HResultBooleanConversion.cpp:50:15:50:16 | hr | Explicit conversion from HRESULT to BOOL |
@@ -21,4 +20,3 @@
2120
| HResultBooleanConversion.cpp:79:10:79:11 | hr | Implicit conversion from HRESULT to bool |
2221
| HResultBooleanConversion.cpp:89:9:89:10 | hr | Implicit conversion from HRESULT to bool |
2322
| HResultBooleanConversion.cpp:103:13:103:27 | call to HresultFunction | Implicit conversion from HRESULT to bool |
24-
| HResultBooleanConversion.cpp:106:12:106:13 | hr | Direct usage of a type HRESULT as a conditional expression |

0 commit comments

Comments
 (0)