From a3eecc33a890f4ce2ea98af800fc90774086f730 Mon Sep 17 00:00:00 2001 From: Josh Brown Date: Fri, 22 Mar 2024 14:47:14 -0700 Subject: [PATCH 1/3] Filter our sources in test folders --- .../src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql index 107be7bddfde..3c11d6d0d1e6 100644 --- a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql +++ b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql @@ -116,10 +116,15 @@ module ImproperArrayIndexValidationConfig implements DataFlow::ConfigSig { module ImproperArrayIndexValidation = TaintTracking::Global; +predicate isInTestFile(ImproperArrayIndexValidation::PathNode node){ + node.getNode().asExpr().getFile().getRelativePath().regexpMatch("/tests?/") +} + from ImproperArrayIndexValidation::PathNode source, ImproperArrayIndexValidation::PathNode sink, string sourceType where + not isInTestFile(source) and ImproperArrayIndexValidation::flowPath(source, sink) and isFlowSource(source.getNode(), sourceType) select sink.getNode(), source, sink, From 720285f724fef21dfe479f249a7a17c35dd2b50e Mon Sep 17 00:00:00 2001 From: Josh Brown Date: Mon, 25 Mar 2024 11:10:13 -0700 Subject: [PATCH 2/3] Filter out sources from test directories --- .../CWE/CWE-129/ImproperArrayIndexValidation.ql | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql index 3c11d6d0d1e6..83d1188df684 100644 --- a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql +++ b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql @@ -66,7 +66,10 @@ predicate predictableInstruction(Instruction instr) { } module ImproperArrayIndexValidationConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { isFlowSource(source, _) } + predicate isSource(DataFlow::Node source) { + isFlowSource(source, _) and + not source.asExpr().getFile().getRelativePath().regexpMatch("/tests?/") + } predicate isBarrier(DataFlow::Node node) { hasUpperBound(node.asExpr()) @@ -116,15 +119,11 @@ module ImproperArrayIndexValidationConfig implements DataFlow::ConfigSig { module ImproperArrayIndexValidation = TaintTracking::Global; -predicate isInTestFile(ImproperArrayIndexValidation::PathNode node){ - node.getNode().asExpr().getFile().getRelativePath().regexpMatch("/tests?/") -} - from - ImproperArrayIndexValidation::PathNode source, ImproperArrayIndexValidation::PathNode sink, + ImproperArrayIndexValidation::PathNode source, + ImproperArrayIndexValidation::PathNode sink, string sourceType where - not isInTestFile(source) and ImproperArrayIndexValidation::flowPath(source, sink) and isFlowSource(source.getNode(), sourceType) select sink.getNode(), source, sink, From db49d95e77207172cdd613ef73b0541062ab88c3 Mon Sep 17 00:00:00 2001 From: Josh Brown Date: Wed, 17 Apr 2024 11:47:23 -0700 Subject: [PATCH 3/3] Filter out tests directories --- cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql index 83d1188df684..66336de4624c 100644 --- a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql +++ b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql @@ -68,7 +68,7 @@ predicate predictableInstruction(Instruction instr) { module ImproperArrayIndexValidationConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { isFlowSource(source, _) and - not source.asExpr().getFile().getRelativePath().regexpMatch("/tests?/") + not source.getLocation().getFile().getRelativePath().regexpMatch("(.*/)?tests?/.*") } predicate isBarrier(DataFlow::Node node) {