C++: Use localExprFlow in existing queries

This shortens the queries a bit and ensures test coverage of the new predicate.
2019-08-23 09:33:41 +02:00 · 2019-08-23 09:33:41 +02:00 · f1d7fde49d
--- a/cpp/ql/src/Critical/NewDelete.qll
+++ b/cpp/ql/src/Critical/NewDelete.qll
@ -47,7 +47,7 @@ predicate allocExprOrIndirect(Expr alloc, string kind) {
      or
      exists(Expr e |
        allocExprOrIndirect(e, kind) and
-        DataFlow::localFlow(DataFlow::exprNode(e), DataFlow::exprNode(rtn.getExpr()))
+        DataFlow::localExprFlow(e, rtn.getExpr())
      )
    )
  )
--- a/cpp/ql/src/Critical/OverflowStatic.ql
+++ b/cpp/ql/src/Critical/OverflowStatic.ql
@ -95,7 +95,7 @@ class CallWithBufferSize extends FunctionCall {

  int statedSizeValue() {
    exists(Expr statedSizeSrc |
-      DataFlow::localFlow(DataFlow::exprNode(statedSizeSrc), DataFlow::exprNode(statedSizeExpr())) and
+      DataFlow::localExprFlow(statedSizeSrc, statedSizeExpr()) and
      result = statedSizeSrc.getValue().toInt()
    )
  }
--- a/Bugs/Conversion/LossyFunctionResultCast.ql
+++ b/Bugs/Conversion/LossyFunctionResultCast.ql
@ -55,7 +55,7 @@ predicate whiteListWrapped(FunctionCall fc) {
  whitelistPow(fc) or
  exists(Expr e, ReturnStmt rs |
    whiteListWrapped(e) and
-    DataFlow::localFlow(DataFlow::exprNode(e), DataFlow::exprNode(rs.getExpr())) and
+    DataFlow::localExprFlow(e, rs.getExpr()) and
    fc.getTarget() = rs.getEnclosingFunction()
  )
 }
--- a/Typos/UsingStrcpyAsBoolean.ql
+++ b/Typos/UsingStrcpyAsBoolean.ql
@ -23,7 +23,7 @@ predicate isBoolean(Expr e1) {
 }

 predicate isStringCopyCastedAsBoolean(FunctionCall func, Expr expr1, string msg) {
-  DataFlow::localFlow(DataFlow::exprNode(func), DataFlow::exprNode(expr1)) and
+  DataFlow::localExprFlow(func, expr1) and
  isBoolean(expr1.getConversion*()) and
  func.getTarget() instanceof StrcpyFunction and
  msg = "Return value of " + func.getTarget().getName() + " used as a Boolean."
--- a/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
+++ b/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
@ -36,12 +36,10 @@ class MallocCall extends FunctionCall

 predicate terminationProblem(MallocCall malloc, string msg) {
  malloc.getAllocatedSize() instanceof StrlenCall and
-  not exists(DataFlow::Node def, DataFlow::Node use, FunctionCall fc, MemcpyFunction memcpy, int ix |
-    DataFlow::localFlow(def, use) and
-    def.asExpr() = malloc and
+  not exists(FunctionCall fc, MemcpyFunction memcpy, int ix |
+    DataFlow::localExprFlow(malloc, fc.getArgument(ix)) and
    fc.getTarget() = memcpy and
-    memcpy.hasArrayOutput(ix) and
-    use.asExpr() = fc.getArgument(ix)
+    memcpy.hasArrayOutput(ix)
  ) and
  msg = "This allocation does not include space to null-terminate the string."
 }