query-database icon indicating copy to clipboard operation
query-database copied to clipboard

Published 20 hours ago verified publisher icon joernio

Add undesired /dangerous type conversion queries

Open itsacoderepo opened this issue 3 years ago • 1 comments

Add a query undesired /dangerous type conversion

for example : "int" to "short"

int foo(int iPram)
{
    int iBig = 0;
    short sSmall = 0;

    iBig = iPram;
    sSmall = (short)iBig;
    return sSmall;
}

itsacoderepo avatar May 05 '21 08:05 itsacoderepo

Here are two queries that I use for similar patterns.

For finding mismatched casts, similar to the one in the example:

cpg.call.name("<operator>.cast").filter(
    call =>
        call.argument.order(1).code != call.argument.order(2).evalType).l

For finding mismatched assignments without a cast:

cpg.call.name("<operator>.assignment").filter(
    call => {
        def lhs = call.argument.order(1).isIdentifier
        def rhs = call.argument.order(2).isIdentifier

        if (lhs.size > 0 && rhs.size > 0) lhs.head.typeFullName != rhs.head.typeFullName
        else false
    }).l

jaiverma avatar May 06 '21 18:05 jaiverma