Skip to content

Commit c750197

Browse files
raulgarciamsftraulgarciamsft
committed
Removing tabs & reformatting
1 parent 925c3b5 commit c750197

File tree

1 file changed

+19
-13
lines changed

1 file changed

+19
-13
lines changed

cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql

Lines changed: 19 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -32,30 +32,36 @@ class SetSecurityDescriptorDaclFunctionConfiguration extends DataFlow::Configura
3232
SetSecurityDescriptorDaclFunctionConfiguration() {
3333
this = "SetSecurityDescriptorDaclFunctionConfiguration"
3434
}
35-
35+
3636
override predicate isSource(DataFlow::Node source) {
37-
exists( NullValue nullExpr |
37+
exists(
38+
NullValue nullExpr |
3839
source.asExpr() = nullExpr
3940
)
4041
}
4142

4243
override predicate isSink(DataFlow::Node sink) {
43-
exists( SetSecurityDescriptorDaclFunctionCall call, VariableAccess val |
44+
exists(
45+
SetSecurityDescriptorDaclFunctionCall call, VariableAccess val |
4446
val = sink.asExpr() |
4547
val = call.getArgument(2)
4648
)
4749
}
4850
}
4951

5052
from SetSecurityDescriptorDaclFunctionCall call, string message
51-
where exists( NullValue nullExpr |
52-
message = "Setting a SECURITY_DESCRIPTOR's DACL to NULL will result in an unprotected object." |
53-
call.getArgument(1).getValue().toInt() != 0
54-
and call.getArgument(2) = nullExpr
55-
) or exists( Expr constassign, VariableAccess var,
56-
SetSecurityDescriptorDaclFunctionConfiguration config |
57-
message = "Setting a SECURITY_DESCRIPTOR's DACL using variable " + var + " that is set to NULL will result in an unprotected object." |
58-
var = call.getArgument(2)
59-
and config.hasFlow(DataFlow::exprNode(constassign), DataFlow::exprNode(var))
60-
)
53+
where exists
54+
(
55+
NullValue nullExpr |
56+
message = "Setting a SECURITY_DESCRIPTOR's DACL to NULL will result in an unprotected object." |
57+
call.getArgument(1).getValue().toInt() != 0
58+
and call.getArgument(2) = nullExpr
59+
) or exists
60+
(
61+
Expr constassign, VariableAccess var,
62+
SetSecurityDescriptorDaclFunctionConfiguration config |
63+
message = "Setting a SECURITY_DESCRIPTOR's DACL using variable " + var + " that is set to NULL will result in an unprotected object." |
64+
var = call.getArgument(2)
65+
and config.hasFlow(DataFlow::exprNode(constassign), DataFlow::exprNode(var))
66+
)
6167
select call, message

0 commit comments

Comments
 (0)