hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

[CPP-370] Reformat query.

Browse Source
This commit is contained in:
Ziemowit Laski
2019-04-26 13:59:08 -07:00
parent 775861c386
commit 012140fcd3
1 changed files with 14 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql
View File

@@ -17,6 +17,10 @@
import semmle.code.cpp.dataflow.DataFlow
import semmle.code.cpp.commons.Printf
// For the following `...gettext` functions, we assume that
// all translations preserve the type and order of `%` specifiers
// (and hence are safe to use as format strings). This
// assumption is hard-coded into the query.
predicate whitelistFunction(Function f, int arg) {
// basic variations of gettext
f.getName() = "_" and arg = 0
@@ -51,7 +55,8 @@ predicate whitelisted(Expr e) {
whitelistFunction(fc.getTarget(), arg) and
isConst(fc.getArgument(arg))
)
or underscoreMacro(e)
or
underscoreMacro(e)
}
predicate isConstMacro(Expr e) {
@@ -69,21 +74,20 @@ predicate isConst(Expr e) {
class ConstFlow extends DataFlow::Configuration {
ConstFlow() { this = "ConstFlow" }
override predicate isSource(DataFlow::Node source) {
isConst(source.asExpr())
}
override predicate isSource(DataFlow::Node source) { isConst(source.asExpr()) }
override predicate isSink(DataFlow::Node sink) {
exists(FormattingFunctionCall fc |
sink.asExpr() = fc.getArgument(fc.getFormatParameterIndex())
)
exists(FormattingFunctionCall fc | sink.asExpr() = fc.getArgument(fc.getFormatParameterIndex()))
}
}
from FormattingFunctionCall call, Expr formatString
where call.getArgument(call.getFormatParameterIndex()) = formatString
and not exists(ConstFlow cf, DataFlow::Node source, DataFlow::Node sink |
where
call.getArgument(call.getFormatParameterIndex()) = formatString and
not exists(ConstFlow cf, DataFlow::Node source, DataFlow::Node sink |
cf.hasFlow(source, sink) and
sink.asExpr() = formatString
)
select call, "The format string argument to " + call.getTarget().getQualifiedName() + " should be constant to prevent security issues and other potential errors."
select call,
"The format string argument to " + call.getTarget().getQualifiedName() +
" should be constant to prevent security issues and other potential errors."