Conversation
| call.getEnclosingFunction() = loop and | ||
| | ||
| // Guard check: ensures the call isn't wrapped in a conditional | ||
| not exists(IfStmt s | s.getAChild*() = call.getEnclosingStmt()) |
Collaborator
There was a problem hiding this comment.
La Guard est imparfaite,
Elle suppose que le if soit suffisemment discriminant pour protéger le matériel ce dont nous n'avons pas de preuve
| where | ||
| // Target the Arduino loop() function | ||
| loop.getName() = "loop" and | ||
| call.getEnclosingFunction() = loop and |
Collaborator
There was a problem hiding this comment.
Cette détéction de write n'est pas transitive, si une fonction externe appel un write et que cette fonction est présente dans la loop, la requête ne descend pas dans le call graph https://codeql.github.com/docs/codeql-language-guides/refining-a-query-to-account-for-edge-cases/
from Constructor c, Field f where f.getDeclaringType() = c.getDeclaringType() and f.isPrivate() // check for constructor initialization lists as well and not exists(ConstructorFieldInit i | i.getTarget() = f and i.getEnclosingFunction() = c) // check for initializations performed indirectly by methods called // as a result of the constructor being called and not exists(Function fun, Assignment a | c.calls*(fun) and a = f.getAnAssignment() and a.getEnclosingFunction() = fun) // ignore cases where the constructor source code is not available and exists(c.getBlock()) select c, "Constructor does not initialize fields $@.", f, f.getName()On pourrait les remplacer par
exists(Function loopFn | loopFn.getName() = "loop" and loopFn.calls*(call.getEnclosingFunction()) )Pour ajouter la transitivité
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces a new CodeQL query to help prevent accidental hardware damage on Arduino devices by detecting unsafe usage of the
EEPROM.writemethod inside the mainloop()function. It also adds an example C++ file that illustrates the problematic pattern.However, the
.expectedfile is missing for now.