From d4b2c016344f04bf9f15e17ec0901ca09891da0f Mon Sep 17 00:00:00 2001 From: Pavel Avgustinov Date: Fri, 23 Nov 2018 14:22:44 +0000 Subject: [PATCH] Lift out intermediate helper predicate. --- .../Security/CWE/CWE-497/ExposedSystemData.ql | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql b/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql index ef804061e975..fc214b54f8ec 100644 --- a/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql +++ b/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql @@ -33,14 +33,7 @@ abstract class SystemData extends Element { result = getAnExpr() or // flow via global or member variable (conservative approximation) - exists(Variable var | - ( - var.getAnAssignedValue() = getAnExprIndirect() or - var.getAnAccess() = getAnExprIndirect() - ) and - result = var.getAnAccess() and - not var instanceof LocalScopeVariable - ) or + result = getAnAffectedVar().getAnAccess() or // flow via stack variable definitionUsePair(_, getAnExprIndirect(), result) or @@ -50,6 +43,17 @@ abstract class SystemData extends Element { // flow from assigned value to assignment expression result.(AssignExpr).getRValue() = getAnExprIndirect() } + + /** Gets a global or member variable that may be affected by this system + * data (conservative approximation). + */ + private Variable getAnAffectedVar() { + ( + result.getAnAssignedValue() = this.getAnExprIndirect() or + result.getAnAccess() = this.getAnExprIndirect() + ) and + not result instanceof LocalScopeVariable + } } /**