diff --git a/cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql b/cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql index 165fe0eed969..810879e262f0 100644 --- a/cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql +++ b/cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql @@ -48,6 +48,7 @@ where exists ctls.getControllingExpr() = e1 and e1.getType().(TypedefType).hasName("HRESULT") and not isHresultBooleanConverted(e1) + and not ctls instanceof SwitchStmt // not controlled by a boolean condition and msg = "Direct usage of a type " + e1.getType().toString() + " as a conditional expression" ) or diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.c b/cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.c index 9edcd34a8df0..732fd5f0f443 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.c +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.c @@ -97,4 +97,26 @@ void IncorrectTypeConversionTest() { { // ... } + + if (HresultFunction() == S_FALSE) // Correct Usage + { + // ... + } + + while (!HresultFunction()) {}; // BUG + while (FAILED(HresultFunction())) {}; // Correct Usage + + switch(hr) // Correct Usage + { + case S_OK: + case S_FALSE: + { + // ... + } break; + + default: + { + // ... + } break; + } } \ No newline at end of file diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.cpp index 04588c24264e..d2857226bfaa 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.cpp +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.cpp @@ -94,4 +94,26 @@ void IncorrectTypeConversionTest() { { // ... } + + if (HresultFunction() == S_FALSE) // Correct Usage + { + // ... + } + + while (!HresultFunction()) {}; // BUG + while (FAILED(HresultFunction())) {}; // Correct Usage + + switch(hr) // Correct Usage + { + case S_OK: + case S_FALSE: + { + // ... + } break; + + default: + { + // ... + } break; + } } \ No newline at end of file diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.expected index 15996702920f..6968dbb1c895 100644 --- a/cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.expected +++ b/cpp/ql/test/query-tests/Security/CWE/CWE-253/HResultBooleanConversion.expected @@ -8,6 +8,7 @@ | HResultBooleanConversion.c:79:15:79:38 | call to IncorrectHresultFunction | Implicit conversion from HRESULT to bool | | HResultBooleanConversion.c:82:10:82:11 | hr | Usage of a type HRESULT as an argument of a unary logical operation | | HResultBooleanConversion.c:92:9:92:10 | hr | Direct usage of a type HRESULT as a conditional expression | +| HResultBooleanConversion.c:106:13:106:27 | call to HresultFunction | Usage of a type HRESULT as an argument of a unary logical operation | | HResultBooleanConversion.cpp:39:12:39:23 | call to BoolFunction | Implicit conversion from BOOL to HRESULT | | HResultBooleanConversion.cpp:44:12:44:24 | call to BoolFunction2 | Implicit conversion from bool to HRESULT | | HResultBooleanConversion.cpp:50:15:50:16 | hr | Explicit conversion from HRESULT to BOOL | @@ -18,3 +19,4 @@ | HResultBooleanConversion.cpp:76:15:76:38 | call to IncorrectHresultFunction | Implicit conversion from HRESULT to bool | | HResultBooleanConversion.cpp:79:10:79:11 | hr | Implicit conversion from HRESULT to bool | | HResultBooleanConversion.cpp:89:9:89:10 | hr | Implicit conversion from HRESULT to bool | +| HResultBooleanConversion.cpp:103:13:103:27 | call to HresultFunction | Implicit conversion from HRESULT to bool |