C++: Reduce duplication in cpp/uncontrolled-process-operation
#20059
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This PR simplifies the UncontrolledProcessOperation.ql query by removing redundant code that was checking for process operation arguments using both direct and indirect expression patterns. The change eliminates duplication by keeping only the asIndirectExpr() method, as having both methods doesn't change the query results and was a leftover from earlier porting work.
Key Changes
- Removed redundant expression matching pattern in process operation detection
- Simplified argument matching to use only indirect expressions
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Having both
asExpr()andasIndirectExpr()doesn't appear to change any results. This was a leftover from back when we ported the default-taint-tracking queries over, and we still had a few remaining bugs inasExprandasIndirectExpr, and probably some remaining pointer sources that needed to be converted to pointee sources.I've manually verified that all the removed results from DCA are due to deduplication.