ihsinme: CPP Add query for CWE-1126: Declaration of Variable with Unnecessarily Wide Scope

[ihsinme]

Query

Relevant PR: github/codeql#5767

Report

the query finds the places where the variable is declared in the body of the loop. in situations where a similar variable is already used in a condition. my analysis showed that such coding methods are often used in various projects. however, these places do not always affect safety, the simplest example is the for loop.
therefore, I have as much as possible limited the request to identify situations that have a real impact on safety.

https://wiki.sei.cmu.edu/confluence/display/c/DCL01-C.+Do+not+reuse+variable+names+in+subscopes

• Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). We would love to have you spread the word about the good work you are doing

Result(s)

sleuthkit/sleuthkit#2329
https://github.com/RediSearch/RediSearch/blob/efe031ea498ca4299064027641fad3b8f262ef6a/src/rmutil/util.c#L66

[ihsinme]

another useful discovery.
excluding the perpetual cycle.

ryuichiueda/glueutils#2

[ghsecuritylab]

Your submission is now in status SecLab review.

For information, the evaluation workflow is the following:
CodeQL initial assessment > SecLab review > CodeQL review > SecLab finalize > Pay > Closed

[antonio-morales]

Hi @ihsinme!

We've reviewed the results running on LGTM, but unfortunately, there is no result for this query. Would you be able to provide a TP for this query in real-world software to meet the submission criteria? (glueutils is an experimental repo with only 3 stars)

Thanks.

[ihsinme]

good day.
above in the request, I presented two fixes that seemed to me TP.
ryuichiueda/glueutils#2
sleuthkit/sleuthkit#2329

if for further consideration it is necessary more, I will certainly look more.

[ihsinme]

(glueutils is an experimental repo with only 3 stars)

I totally agree. it looks like some kind of internal project, at the initial stage. but I brought this direction because ryuichiueda itself seemed to me quite professional.

[anticomputer]

@ihsinme thanks for the update, we'll move this forward for further review

[ghsecuritylab]

Your submission is now in status CodeQL review.

For information, the evaluation workflow is the following:
SecLab review > FP Check > CodeQL review > SecLab finalize > Pay > Closed

[ghsecuritylab]

Your submission is now in status SecLab finalize.

For information, the evaluation workflow is the following:
SecLab review > FP Check > CodeQL review > SecLab finalize > Pay > Closed

[ghsecuritylab]

Your submission is now in status Pay.

For information, the evaluation workflow is the following:
SecLab review > FP Check > CodeQL review > SecLab finalize > Pay > Closed

[xcorail]

Created Hackerone report 1219494 for bounty 309997 : [364] ihsinme: CPP Add query for CWE-1126: Declaration of Variable with Unnecessarily Wide Scope

[ghsecuritylab]

Your submission is now in status Closed.

For information, the evaluation workflow is the following:
SecLab review > FP Check > CodeQL review > SecLab finalize > Pay > Closed

[ihsinme]

Thanks