Merge pull request #7177 from ihsinme/ihsinme-patch-6141

MathiasVP · web-flow · commit 6b1ac73a46f9 · 2021-12-06T09:24:59.000Z
fix request for cpp exceptions
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql b/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql
@@ -38,13 +38,7 @@ where
     fc.getTargetType().(Class).getABaseClass+().hasGlobalOrStdName("exception") or
     fc.getTargetType().(Class).getABaseClass+().hasGlobalOrStdName("CException")
   ) and
+  fc instanceof ExprInVoidContext and
   not fc.isInMacroExpansion() and
-  not exists(ThrowExpr texp | fc.getEnclosingStmt() = texp.getEnclosingStmt()) and
-  not exists(FunctionCall fctmp | fctmp.getAnArgument() = fc) and
-  not fc instanceof ConstructorDirectInit and
-  not fc.getEnclosingStmt() instanceof DeclStmt and
-  not fc instanceof ConstructorDelegationInit and
-  not fc.getParent() instanceof Initializer and
-  not fc.getParent() instanceof AllocationExpr and
-  msg = "This object does not generate an exception."
+  msg = "Object creation of exception type on stack. Did you forget the throw keyword?"
 select fc, msg
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-703/semmle/tests/FindIncorrectlyUsedExceptions.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-703/semmle/tests/FindIncorrectlyUsedExceptions.expected
@@ -1,3 +1,3 @@
-| test.cpp:35:3:35:33 | call to runtime_error | This object does not generate an exception. |
+| test.cpp:35:3:35:33 | call to runtime_error | Object creation of exception type on stack. Did you forget the throw keyword? |
 | test.cpp:41:3:41:11 | call to funcTest1 | There is an exception in the function that requires your attention. |
 | test.cpp:42:3:42:9 | call to DllMain | DllMain contains an exeption not wrapped in a try..catch block. |
