From fd21a725cf20c4821297507042c8f22aa6473c4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nora=20Dimitrijevi=C4=87?= Date: Thu, 27 Jun 2024 11:34:22 +0200 Subject: [PATCH] Update tests We are mostly losing precision due to excluding float operations from range analysis. --- .../Security/CWE/CWE-190/ArithmeticUncontrolled.ql | 2 +- .../PointlessComparison/PointlessComparison.c | 4 ++-- .../PointlessComparison/PointlessComparison.expected | 2 -- .../ArithmeticUncontrolled.expected | 12 ++++++++++++ .../CWE/CWE-190/semmle/ArithmeticUncontrolled/test.c | 2 +- 5 files changed, 16 insertions(+), 6 deletions(-) diff --git a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql index 54c3b013471ad..b660c53e2439d 100644 --- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql +++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql @@ -5,7 +5,7 @@ * @kind path-problem * @problem.severity warning * @security-severity 8.6 - * @precision high + * @precision medium * @id cpp/uncontrolled-arithmetic * @tags security * external/cwe/cwe-190 diff --git a/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/PointlessComparison/PointlessComparison.c b/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/PointlessComparison/PointlessComparison.c index fd1bc655051d2..e9445d0d959e1 100644 --- a/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/PointlessComparison/PointlessComparison.c +++ b/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/PointlessComparison/PointlessComparison.c @@ -261,7 +261,7 @@ int overeager_wraparound(unsigned int u32bound, unsigned long long u64bound) { int negative_zero(double dbl) { if (dbl >= 0) { - return dbl >= -dbl; // GOOD [FALSE POSITIVE] + return dbl >= -dbl; // GOOD } return 0; } @@ -334,7 +334,7 @@ int nan2(double x) { if (x < 0.0) { return 100; } - else if (x >= 0.0) { // BAD [Always true] + else if (x >= 0.0) { // BAD [Always true] [NOT DETECTED] return 200; } else { diff --git a/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/PointlessComparison/PointlessComparison.expected b/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/PointlessComparison/PointlessComparison.expected index 6c273b985eebf..18933ad1d82e4 100644 --- a/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/PointlessComparison/PointlessComparison.expected +++ b/cpp/ql/test/query-tests/Likely Bugs/Arithmetic/PointlessComparison/PointlessComparison.expected @@ -31,13 +31,11 @@ | PointlessComparison.c:126:12:126:18 | ... >= ... | Comparison is always true because a >= 20. | | PointlessComparison.c:129:12:129:16 | ... > ... | Comparison is always false because a <= 3. | | PointlessComparison.c:197:7:197:11 | ... < ... | Comparison is always false because x >= 0. | -| PointlessComparison.c:264:12:264:22 | ... >= ... | Comparison is always true because dbl >= 0 and 0 >= - .... | | PointlessComparison.c:273:9:273:18 | ... > ... | Comparison is always false because c <= 0. | | PointlessComparison.c:283:13:283:19 | ... >= ... | Comparison is always true because c >= 11. | | PointlessComparison.c:294:9:294:16 | ... >= ... | Comparison is always false because ui1 <= 0. | | PointlessComparison.c:303:9:303:14 | ... >= ... | Comparison is always false because c <= 0. | | PointlessComparison.c:312:9:312:14 | ... >= ... | Comparison is always false because c <= 0. | -| PointlessComparison.c:337:14:337:21 | ... >= ... | Comparison is always true because x >= 0. | | PointlessComparison.c:372:6:372:16 | ... >= ... | Comparison is always true because ... >> ... >= 1. | | PointlessComparison.c:373:6:373:16 | ... >= ... | Comparison is always false because ... >> ... <= 1. | | PointlessComparison.c:383:6:383:17 | ... >= ... | Comparison is always false because ... & ... <= 2. | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/ArithmeticUncontrolled.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/ArithmeticUncontrolled.expected index c21f9c38855c5..ec0fc949d60ab 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/ArithmeticUncontrolled.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/ArithmeticUncontrolled.expected @@ -11,6 +11,11 @@ edges | test.c:81:13:81:29 | ... ^ ... | test.c:83:9:83:9 | r | provenance | | | test.c:81:14:81:17 | call to rand | test.c:81:13:81:29 | ... ^ ... | provenance | | | test.c:81:23:81:26 | call to rand | test.c:81:13:81:29 | ... ^ ... | provenance | | +| test.c:104:13:104:16 | call to rand | test.c:104:13:104:16 | call to rand | provenance | | +| test.c:104:13:104:16 | call to rand | test.c:105:5:105:42 | ... = ... | provenance | | +| test.c:105:5:105:42 | ... = ... | test.c:106:13:106:13 | r | provenance | | +| test.c:106:13:106:13 | r | test.c:110:18:110:18 | r | provenance | | +| test.c:110:18:110:18 | r | test.c:111:3:111:3 | r | provenance | | | test.c:125:13:125:16 | call to rand | test.c:125:13:125:16 | call to rand | provenance | | | test.c:125:13:125:16 | call to rand | test.c:127:9:127:9 | r | provenance | | | test.c:131:13:131:16 | call to rand | test.c:131:13:131:16 | call to rand | provenance | | @@ -77,6 +82,12 @@ nodes | test.c:81:14:81:17 | call to rand | semmle.label | call to rand | | test.c:81:23:81:26 | call to rand | semmle.label | call to rand | | test.c:83:9:83:9 | r | semmle.label | r | +| test.c:104:13:104:16 | call to rand | semmle.label | call to rand | +| test.c:104:13:104:16 | call to rand | semmle.label | call to rand | +| test.c:105:5:105:42 | ... = ... | semmle.label | ... = ... | +| test.c:106:13:106:13 | r | semmle.label | r | +| test.c:110:18:110:18 | r | semmle.label | r | +| test.c:111:3:111:3 | r | semmle.label | r | | test.c:125:13:125:16 | call to rand | semmle.label | call to rand | | test.c:125:13:125:16 | call to rand | semmle.label | call to rand | | test.c:127:9:127:9 | r | semmle.label | r | @@ -149,6 +160,7 @@ subpaths | test.c:77:9:77:9 | r | test.c:75:13:75:19 | call to rand | test.c:77:9:77:9 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.c:75:13:75:19 | call to rand | uncontrolled value | | test.c:83:9:83:9 | r | test.c:81:14:81:17 | call to rand | test.c:83:9:83:9 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.c:81:14:81:17 | call to rand | uncontrolled value | | test.c:83:9:83:9 | r | test.c:81:23:81:26 | call to rand | test.c:83:9:83:9 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.c:81:23:81:26 | call to rand | uncontrolled value | +| test.c:111:3:111:3 | r | test.c:104:13:104:16 | call to rand | test.c:111:3:111:3 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.c:104:13:104:16 | call to rand | uncontrolled value | | test.c:127:9:127:9 | r | test.c:125:13:125:16 | call to rand | test.c:127:9:127:9 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.c:125:13:125:16 | call to rand | uncontrolled value | | test.c:133:5:133:5 | r | test.c:131:13:131:16 | call to rand | test.c:133:5:133:5 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.c:131:13:131:16 | call to rand | uncontrolled value | | test.c:139:10:139:10 | r | test.c:137:13:137:16 | call to rand | test.c:139:10:139:10 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.c:137:13:137:16 | call to rand | uncontrolled value | diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/test.c b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/test.c index 691801a620a5f..d3fab6bb4b2cc 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/test.c +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/test.c @@ -108,7 +108,7 @@ void randomTester() { } void add_100(int r) { - r += 100; // GOOD + r += 100; // GOOD [FALSE POSITIVE] } void randomTester2(int bound, int min, int max) {