Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ea1f396

Browse files
owen-mcowen-mc
committed
Make DivideByZero use new API
The extra nodes in .expected files are due to the changes from #13717, which are not applied to configuration classes extending DataFlow::Configuration or TaintTracking::Configuration.
1 parent 045936b commit ea1f396

2 files changed

Lines changed: 33 additions & 16 deletions

File tree

go/ql/src/experimental/CWE-369/DivideByZero.ql

Lines changed: 13 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,6 @@
1010
*/
1111

1212
import go
13-
import DataFlow::PathGraph
1413
import semmle.go.dataflow.internal.TaintTrackingUtil
1514

1615
/**
@@ -31,28 +30,30 @@ predicate divideByZeroSanitizerGuard(DataFlow::Node g, Expr e, boolean branch) {
3130
/**
3231
* A taint-tracking configuration for reasoning about division by zero, where divisor is user-controlled and unchecked.
3332
*/
34-
class DivideByZeroCheckConfig extends TaintTracking::Configuration {
35-
DivideByZeroCheckConfig() { this = "DivideByZeroCheckConfig" }
33+
module Config implements DataFlow::ConfigSig {
34+
predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
3635

37-
override predicate isSource(DataFlow::Node source) { source instanceof UntrustedFlowSource }
38-
39-
override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
36+
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
4037
exists(Function f, DataFlow::CallNode cn | cn = f.getACall() |
4138
f.hasQualifiedName("strconv", ["Atoi", "ParseInt", "ParseUint", "ParseFloat"]) and
42-
pred = cn.getArgument(0) and
43-
succ = cn.getResult(0)
39+
node1 = cn.getArgument(0) and
40+
node2 = cn.getResult(0)
4441
)
4542
}
4643

47-
override predicate isSanitizer(DataFlow::Node node) {
44+
predicate isBarrier(DataFlow::Node node) {
4845
node = DataFlow::BarrierGuard<divideByZeroSanitizerGuard/3>::getABarrierNode()
4946
}
5047

51-
override predicate isSink(DataFlow::Node sink) {
48+
predicate isSink(DataFlow::Node sink) {
5249
sink = DataFlow::exprNode(any(QuoExpr e).getRightOperand())
5350
}
5451
}
5552

56-
from DataFlow::PathNode source, DataFlow::PathNode sink, DivideByZeroCheckConfig cfg
57-
where cfg.hasFlowPath(source, sink)
53+
module Flow = TaintTracking::Global<Config>;
54+
55+
import Flow::PathGraph
56+
57+
from Flow::PathNode source, Flow::PathNode sink
58+
where Flow::flowPath(source, sink)
5859
select sink, source, sink, "This variable might be zero leading to a division-by-zero panic."

go/ql/test/experimental/CWE-369/DivideByZero.expected

Lines changed: 20 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,34 +1,50 @@
11
edges
22
| DivideByZero.go:10:12:10:16 | selection of URL | DivideByZero.go:10:12:10:24 | call to Query |
3-
| DivideByZero.go:10:12:10:24 | call to Query | DivideByZero.go:12:16:12:20 | value |
3+
| DivideByZero.go:10:12:10:24 | call to Query | DivideByZero.go:11:27:11:32 | param1 |
4+
| DivideByZero.go:11:2:11:33 | ... := ...[0] | DivideByZero.go:12:16:12:20 | value |
5+
| DivideByZero.go:11:27:11:32 | param1 | DivideByZero.go:11:2:11:33 | ... := ...[0] |
46
| DivideByZero.go:17:12:17:16 | selection of URL | DivideByZero.go:17:12:17:24 | call to Query |
57
| DivideByZero.go:17:12:17:24 | call to Query | DivideByZero.go:18:11:18:24 | type conversion |
68
| DivideByZero.go:18:11:18:24 | type conversion | DivideByZero.go:19:16:19:20 | value |
79
| DivideByZero.go:24:12:24:16 | selection of URL | DivideByZero.go:24:12:24:24 | call to Query |
8-
| DivideByZero.go:24:12:24:24 | call to Query | DivideByZero.go:26:16:26:20 | value |
10+
| DivideByZero.go:24:12:24:24 | call to Query | DivideByZero.go:25:31:25:36 | param1 |
11+
| DivideByZero.go:25:2:25:45 | ... := ...[0] | DivideByZero.go:26:16:26:20 | value |
12+
| DivideByZero.go:25:31:25:36 | param1 | DivideByZero.go:25:2:25:45 | ... := ...[0] |
913
| DivideByZero.go:31:12:31:16 | selection of URL | DivideByZero.go:31:12:31:24 | call to Query |
10-
| DivideByZero.go:31:12:31:24 | call to Query | DivideByZero.go:33:16:33:20 | value |
14+
| DivideByZero.go:31:12:31:24 | call to Query | DivideByZero.go:32:33:32:38 | param1 |
15+
| DivideByZero.go:32:2:32:43 | ... := ...[0] | DivideByZero.go:33:16:33:20 | value |
16+
| DivideByZero.go:32:33:32:38 | param1 | DivideByZero.go:32:2:32:43 | ... := ...[0] |
1117
| DivideByZero.go:38:12:38:16 | selection of URL | DivideByZero.go:38:12:38:24 | call to Query |
12-
| DivideByZero.go:38:12:38:24 | call to Query | DivideByZero.go:40:16:40:20 | value |
18+
| DivideByZero.go:38:12:38:24 | call to Query | DivideByZero.go:39:32:39:37 | param1 |
19+
| DivideByZero.go:39:2:39:46 | ... := ...[0] | DivideByZero.go:40:16:40:20 | value |
20+
| DivideByZero.go:39:32:39:37 | param1 | DivideByZero.go:39:2:39:46 | ... := ...[0] |
1321
| DivideByZero.go:54:12:54:16 | selection of URL | DivideByZero.go:54:12:54:24 | call to Query |
1422
| DivideByZero.go:54:12:54:24 | call to Query | DivideByZero.go:55:11:55:24 | type conversion |
1523
| DivideByZero.go:55:11:55:24 | type conversion | DivideByZero.go:57:17:57:21 | value |
1624
nodes
1725
| DivideByZero.go:10:12:10:16 | selection of URL | semmle.label | selection of URL |
1826
| DivideByZero.go:10:12:10:24 | call to Query | semmle.label | call to Query |
27+
| DivideByZero.go:11:2:11:33 | ... := ...[0] | semmle.label | ... := ...[0] |
28+
| DivideByZero.go:11:27:11:32 | param1 | semmle.label | param1 |
1929
| DivideByZero.go:12:16:12:20 | value | semmle.label | value |
2030
| DivideByZero.go:17:12:17:16 | selection of URL | semmle.label | selection of URL |
2131
| DivideByZero.go:17:12:17:24 | call to Query | semmle.label | call to Query |
2232
| DivideByZero.go:18:11:18:24 | type conversion | semmle.label | type conversion |
2333
| DivideByZero.go:19:16:19:20 | value | semmle.label | value |
2434
| DivideByZero.go:24:12:24:16 | selection of URL | semmle.label | selection of URL |
2535
| DivideByZero.go:24:12:24:24 | call to Query | semmle.label | call to Query |
36+
| DivideByZero.go:25:2:25:45 | ... := ...[0] | semmle.label | ... := ...[0] |
37+
| DivideByZero.go:25:31:25:36 | param1 | semmle.label | param1 |
2638
| DivideByZero.go:26:16:26:20 | value | semmle.label | value |
2739
| DivideByZero.go:31:12:31:16 | selection of URL | semmle.label | selection of URL |
2840
| DivideByZero.go:31:12:31:24 | call to Query | semmle.label | call to Query |
41+
| DivideByZero.go:32:2:32:43 | ... := ...[0] | semmle.label | ... := ...[0] |
42+
| DivideByZero.go:32:33:32:38 | param1 | semmle.label | param1 |
2943
| DivideByZero.go:33:16:33:20 | value | semmle.label | value |
3044
| DivideByZero.go:38:12:38:16 | selection of URL | semmle.label | selection of URL |
3145
| DivideByZero.go:38:12:38:24 | call to Query | semmle.label | call to Query |
46+
| DivideByZero.go:39:2:39:46 | ... := ...[0] | semmle.label | ... := ...[0] |
47+
| DivideByZero.go:39:32:39:37 | param1 | semmle.label | param1 |
3248
| DivideByZero.go:40:16:40:20 | value | semmle.label | value |
3349
| DivideByZero.go:54:12:54:16 | selection of URL | semmle.label | selection of URL |
3450
| DivideByZero.go:54:12:54:24 | call to Query | semmle.label | call to Query |

0 commit comments

Comments
 (0)