JS: Fix some FPs in IncorrectSuffixCheck

asger-semmle · asger-semmle · commit 9293010e4c22 · 2019-05-16T10:56:17.000+01:00
diff --git a/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql b/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql
@@ -139,6 +139,16 @@ class UnsafeIndexOfComparison extends EqualityTest {
         not test.isInclusive() and
         value = -1
       )
+    ) and
+    // Check for indexOf being <0, or <=-1
+    not exists(RelationalComparison test |
+      test.getLesserOperand() = indexOf.getAnEquivalentIndexOfCall().getAUse() and
+      exists(int value | value = test.getGreaterOperand().getIntValue() |
+        value < 0
+        or
+        not test.isInclusive() and
+        value = 0
+      )
     )
   }
 
diff --git a/javascript/ql/test/query-tests/Security/CWE-020/tst.js b/javascript/ql/test/query-tests/Security/CWE-020/tst.js
@@ -79,3 +79,13 @@ function withIndexOfCheckBad(x, y) {
 function plus(x, y) {
   return x.indexOf("." + y) === x.length - (y.length + 1); // NOT OK
 }
+
+function withIndexOfCheckLower(x, y) {
+  let index = x.indexOf(y);
+  return !(index < 0) && index === x.length - y.length - 1; // OK
+}
+
+function withIndexOfCheckLowerEq(x, y) {
+  let index = x.indexOf(y);
+  return !(index <= -1) && index === x.length - y.length - 1; // OK
+}

Original file line number	Diff line number	Diff line change
`@@ -139,6 +139,16 @@ class UnsafeIndexOfComparison extends EqualityTest {`
`139`	`139`	`not test.isInclusive() and`
`140`	`140`	`value = -1`
`141`	`141`	`)`
	`142`	`+ ) and`
	`143`	`+ // Check for indexOf being <0, or <=-1`
	`144`	`+ not exists(RelationalComparison test \|`
	`145`	`+ test.getLesserOperand() = indexOf.getAnEquivalentIndexOfCall().getAUse() and`
	`146`	`+ exists(int value \| value = test.getGreaterOperand().getIntValue() \|`
	`147`	`+ value < 0`
	`148`	`+ or`
	`149`	`+ not test.isInclusive() and`
	`150`	`+ value = 0`
	`151`	`+ )`
`142`	`152`	`)`
`143`	`153`	`}`
`144`	`154`