Merge pull request #1504 from xiemaisi/js/shift-bigint

Approved by asger-semmle
2019-06-26 18:30:48 +01:00 · 2019-06-26 18:30:48 +01:00 · 1a9f3624c2
--- a/change-notes/1.22/analysis-javascript.md
+++ b/change-notes/1.22/analysis-javascript.md
@ -21,7 +21,7 @@

 | **Query**                      | **Expected impact**          | **Change**                                                                |
 |--------------------------------|------------------------------|---------------------------------------------------------------------------|
-
+| Shift out of range | Fewer false positive results | This rule now correctly handles BigInt shift operands. |

 ## Changes to QL libraries

--- a/javascript/ql/src/Expressions/ShiftOutOfRange.qhelp
+++ b/javascript/ql/src/Expressions/ShiftOutOfRange.qhelp
@ -14,7 +14,9 @@ greater than 31, the left operand is actually only shifted by that value modulo

 <p>
 Use standard library functions such as <code>Math.pow</code> to perform the required
-shifting.
+shifting. Alternatively, you can use the
+<a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/BigInt">BigInt</a>
+type if it is available on your platform.
 </p>

 </recommendation>
--- a/javascript/ql/src/Expressions/ShiftOutOfRange.ql
+++ b/javascript/ql/src/Expressions/ShiftOutOfRange.ql
@ -1,7 +1,7 @@
 /**
 * @name Shift out of range
- * @description The shift operators '<<', '>>' and '>>>' only take the five least significant bits of their
- *              right operand into account. Thus, it is not possible to shift by more than 31 bits.
+ * @description The integer shift operators '<<', '>>' and '>>>' only take the five least significant bits of their
+ *              right operand into account. Thus, it is not possible to shift an integer by more than 31 bits.
 * @kind problem
 * @problem.severity error
 * @id js/shift-out-of-range
@ -14,5 +14,7 @@
 import javascript

 from ShiftExpr shift
-where shift.getRightOperand().getIntValue() > 31
+where
+  shift.getRightOperand().getIntValue() > 31 and
+  not shift.getRightOperand().stripParens() instanceof BigIntLiteral
 select shift, "Shift out of range."
--- a/javascript/ql/test/query-tests/Expressions/ShiftOutOfRange/tst.js
+++ b/javascript/ql/test/query-tests/Expressions/ShiftOutOfRange/tst.js
@ -1 +1,4 @@
-var n = 1<<40;
+var n = 1<<40; // NOT OK
+var n2 = BigInt(1) << 40n; // OK
+
+// semmle-extractor-options: --experimental