Skip to content

CPP: Add query for CWE-783 Operator Precedence Logic Error When Use Bool Type#5325

Merged
rdmarsh2 merged 5 commits into
github:mainfrom
ihsinme:ihsinme-patch-245
Apr 13, 2021
Merged

CPP: Add query for CWE-783 Operator Precedence Logic Error When Use Bool Type#5325
rdmarsh2 merged 5 commits into
github:mainfrom
ihsinme:ihsinme-patch-245

Conversation

@ihsinme

@ihsinme ihsinme commented Mar 4, 2021

Copy link
Copy Markdown
Contributor

Good day.
This PR is looking for three situations of unsafe use of the bullish type.
it is the increment and negation applied to the boolean variable.
from a coding point of view, this does not change the value of the boolean variable, and requires developer attention.
Also, this is a situation of assigning a value to a function and simultaneously comparing its result, in the absence of a set priority, leads to confusion.

Information about the found and accepted fix in the project: SerenityOS/serenity#4494

@ihsinme ihsinme requested a review from a team as a code owner March 4, 2021 13:18
@rdmarsh2 rdmarsh2 self-assigned this Mar 4, 2021
@ihsinme

ihsinme commented Mar 19, 2021

Copy link
Copy Markdown
Contributor Author

Good day.
maybe I need to do something else for this PR?

@MathiasVP

MathiasVP commented Mar 19, 2021

Copy link
Copy Markdown
Contributor

Hi @ihsinme,

Thanks for another contribution. Sorry we haven't got around to reviewing your PR yet, but it's on our radar :) You will get a review very soon!

@rdmarsh2

rdmarsh2 commented Mar 19, 2021
edited
Loading

Copy link
Copy Markdown
Contributor

I've done an initial run on LGTM: https://lgtm.com/query/1099721324323715668/

Most of those results are true positives, but there's one false positive here using a custom my_bool typedef. It may be worth checking for typedefs that include bool in the name to handle that kind of pattern.

Thanks for the query and for including the test and example.

rdmarsh2
rdmarsh2 reviewed Mar 19, 2021
View reviewed changes
Comment thread cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql Outdated
Comment thread cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql Outdated
Comment thread cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql Outdated
Comment thread cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql Outdated
@ihsinme

ihsinme commented Mar 21, 2021

Copy link
Copy Markdown
Contributor Author

thanks for your corrections.
they are really important for this PR and for me personally.

@ihsinme @rdmarsh2
Apply suggestions from code review
26bac9f 
Co-authored-by: Robert Marsh <rdmarsh2@gmail.com>
@ihsinme

ihsinme commented Mar 21, 2021
edited
Loading

Copy link
Copy Markdown
Contributor Author

I've done an initial run on LGTM: https://lgtm.com/query/1099721324323715668/

Most of those results are true positives, but there's one false positive here using a custom my_bool typedef. It may be worth checking for typedefs that include bool in the name to handle that kind of pattern.

thanks for the bug found.
I suggest removing it based on criteria for using a variable outside of a condition, such as a boolean assignment.
https://lgtm.com/query/5898528743679763635/
if you agree with this fix, I will make the changes to the PR.

@ihsinme

ihsinme commented Mar 22, 2021

Copy link
Copy Markdown
Contributor Author

to avoid losing the situation when the developer got confused and named the variables of different types the same.
I slightly improved the query from the previous comment.
https://lgtm.com/query/2974469014939045566/

@ihsinme

ihsinme commented Mar 28, 2021

Copy link
Copy Markdown
Contributor Author

good day.
I hope I have corrected all your comments.

@ihsinme ihsinme mentioned this pull request Apr 12, 2021
Closed
1 task
@jbj

jbj commented Apr 13, 2021

Copy link
Copy Markdown
Contributor

Ping @rdmarsh2.

rdmarsh2
rdmarsh2 approved these changes Apr 13, 2021
View reviewed changes

@rdmarsh2 rdmarsh2 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me now.

@rdmarsh2 rdmarsh2 merged commit 419d25c into github:main Apr 13, 2021
@ihsinme

ihsinme commented Apr 13, 2021

Copy link
Copy Markdown
Contributor Author

thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@geoffw0 geoffw0 geoffw0 left review comments

+1 more reviewer

@rdmarsh2 rdmarsh2 rdmarsh2 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@rdmarsh2 rdmarsh2

Labels

C++ documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ihsinme @MathiasVP @rdmarsh2 @jbj @geoffw0