add link to the source variable in the alert-message for java/implicit-cast-in-compound-assignment

erik-krogh · erik-krogh · commit 795b767b6eff · 2024-04-08T07:14:48.000+02:00
diff --git a/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql b/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql
@@ -27,10 +27,11 @@ class DangerousAssignOpExpr extends AssignOp {
 
 predicate problematicCasting(Type t, Expr e) { e.getType().(NumType).widerThan(t) }
 
-from DangerousAssignOpExpr a, Expr e
+from DangerousAssignOpExpr a, Expr e, Variable v
 where
   e = a.getSource() and
-  problematicCasting(a.getDest().getType(), e)
+  problematicCasting(a.getDest().getType(), e) and
+  v = a.getDest().(VarAccess).getVariable()
 select a,
-  "Implicit cast of source type " + e.getType().getName() + " to narrower destination type " +
-    a.getDest().getType().getName() + "."
+  "Implicit cast of source $@ to narrower destination type " + a.getDest().getType().getName() + ".",
+  v, "type " + e.getType().getName()
diff --git a/java/ql/test/query-tests/security/CWE-190/semmle/tests/InformationLoss.expected b/java/ql/test/query-tests/security/CWE-190/semmle/tests/InformationLoss.expected
@@ -1,2 +1,2 @@
-| Test.java:68:5:68:25 | ...+=... | Implicit cast of source type long to narrower destination type int. |
-| Test.java:87:4:87:9 | ...+=... | Implicit cast of source type long to narrower destination type int. |
+| Test.java:68:5:68:25 | ...+=... | Implicit cast of source $@ to narrower destination type int. | Test.java:64:4:64:13 | int i | type long |
+| Test.java:87:4:87:9 | ...+=... | Implicit cast of source $@ to narrower destination type int. | Test.java:81:4:81:13 | int i | type long |
