Fraunhofer-AISEC / cpg

A library to extract Code Property Graphs from C/C++, Java, Go, Python, Ruby and every other language through LLVM-IR.

https://fraunhofer-aisec.github.io/cpg/

Apache License 2.0

246 stars 59 forks source link

There is a logic error in ValueEvaluator. #1527

Closed HaHarden closed 1 month ago

HaHarden commented 1 month ago

There is a logic error in de.fraunhofer.aisec.cpg.analysis.ValueEvaluator#handleConditionalExpression.

testcase

public void test() {
        int a = 1;
        a = a != 1 ? 2 : a;
        System.out.println(a);
}

When outputting the value of reference 'a', it should equal 1, but the result is 2.

oxisto commented 1 month ago

Oh, it looks like the value evaluator stupidly just compared the lhs (a) and rhs (1) of the condition using == regardless of the actual operator used 🙈

https://github.com/Fraunhofer-AISEC/cpg/blob/bb92f3eb1a51c6b2a7fa1a45df5dd2d0108dff1c/cpg-analysis/src/main/kotlin/de/fraunhofer/aisec/cpg/analysis/ValueEvaluator.kt#L365-L369