ValidContainerElementAccess: Address new FPs

We had some new false positives because in 2.18.4 string taint is tracked into the qualifier of a string operation, such as insert. This caused us to erroneously identify the container itself as a reference to an element of the container. This has been addressed by excluding uses of the owning container from pointer or reference access.
github · Dec 4, 2024 · 585b864 · 585b864
1 parent f12bef5
commit 585b864
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/cpp/common/src/codingstandards/cpp/Iterators.qll b/cpp/common/src/codingstandards/cpp/Iterators.qll
@@ -37,7 +37,9 @@ class ContainerPointerOrReferenceAccess extends ContainerAccess {
       ) and
       localTaint(DataFlow::exprNode(fc), DataFlow::exprNode(this)) and
       (getUnderlyingType() instanceof ReferenceType or getUnderlyingType() instanceof PointerType) and
-      fc.getQualifier().(VariableAccess).getTarget() = owningContainer
+      fc.getQualifier().(VariableAccess).getTarget() = owningContainer and
+      // Exclude cases where we see taint into the owning container
+      not this = owningContainer.getAnAccess()
     )
   }
 

diff --git a/cpp/common/test/rules/validcontainerelementaccess/ValidContainerElementAccess.expected b/cpp/common/test/rules/validcontainerelementaccess/ValidContainerElementAccess.expected
@@ -7,6 +7,4 @@
 | test.cpp:89:15:89:16 | it | Elements of $@ not accessed with valid reference, pointer, or iterator because of a prior $@. | test.cpp:86:20:86:20 | d | container | test.cpp:92:7:92:12 | call to insert | invalidation |
 | test.cpp:91:9:91:10 | it | Elements of $@ not accessed with valid reference, pointer, or iterator because of a prior $@. | test.cpp:86:20:86:20 | d | container | test.cpp:92:7:92:12 | call to insert | invalidation |
 | test.cpp:98:56:98:58 | loc | Elements of $@ not accessed with valid reference, pointer, or iterator because of a prior $@. | test.cpp:96:44:96:46 | str | container | test.cpp:99:9:99:14 | call to insert | invalidation |
-| test.cpp:99:5:99:7 | str | Elements of $@ not accessed with valid reference, pointer, or iterator because of a prior $@. | test.cpp:96:44:96:46 | str | container | test.cpp:99:9:99:14 | call to insert | invalidation |
 | test.cpp:99:16:99:18 | loc | Elements of $@ not accessed with valid reference, pointer, or iterator because of a prior $@. | test.cpp:96:44:96:46 | str | container | test.cpp:99:9:99:14 | call to insert | invalidation |
-| test.cpp:106:11:106:13 | str | Elements of $@ not accessed with valid reference, pointer, or iterator because of a prior $@. | test.cpp:103:45:103:47 | str | container | test.cpp:106:15:106:20 | call to insert | invalidation |