hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-18 13:34:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Add more 'CommandExecutionFunction's.

Browse Source
This commit is contained in:
Mathias Vorreiter Pedersen
2024-11-25 13:43:20 +00:00
parent b1b62f2362
commit 03ab74e07d
2 changed files with 57 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cpp/ql/lib/semmle/code/cpp/models/Models.qll
View File

@@ -49,3 +49,4 @@ private import implementations.PostgreSql
private import implementations.System
private import implementations.StructuredExceptionHandling
private import implementations.ZMQ
private import implementations.Win32CommandExecution

56
cpp/ql/lib/semmle/code/cpp/models/implementations/Win32CommandExecution.qll Normal file
View File

@@ -0,0 +1,56 @@
private import semmle.code.cpp.models.interfaces.CommandExecution
/** The `ShellExecute` family of functions from Win32. */
class ShellExecute extends Function {
ShellExecute() { this.hasGlobalName("ShellExecute" + ["", "A", "W"]) }
}
private class ShellExecuteModel extends ShellExecute, CommandExecutionFunction {
override predicate hasCommandArgument(FunctionInput input) { input.isParameterDeref(2) }
}
/** The `WinExec` function from Win32. */
class WinExec extends Function {
WinExec() { this.hasGlobalName("WinExec") }
}
private class WinExecModel extends WinExec, CommandExecutionFunction {
override predicate hasCommandArgument(FunctionInput input) { input.isParameterDeref(0) }
}
/** The `CreateProcess` family of functions from Win32. */
class CreateProcess extends Function {
CreateProcess() { this.hasGlobalName("CreateProcess" + ["", "A", "W"]) }
}
private class CreateProcessModel extends CreateProcess, CommandExecutionFunction {
override predicate hasCommandArgument(FunctionInput input) { input.isParameterDeref(0) }
}
/** The `CreateProcessAsUser` family of functions from Win32. */
class CreateProcessAsUser extends Function {
CreateProcessAsUser() { this.hasGlobalName("CreateProcessAsUser" + ["", "A", "W"]) }
}
private class CreateProcessAsUserModel extends CreateProcessAsUser, CommandExecutionFunction {
override predicate hasCommandArgument(FunctionInput input) { input.isParameterDeref(1) }
}
/** The `CreateProcessWithLogonW` function from Win32. */
class CreateProcessWithLogonW extends Function {
CreateProcessWithLogonW() { this.hasGlobalName("CreateProcessWithLogonW") }
}
private class CreateProcessWithLogonModel extends CreateProcessWithLogonW, CommandExecutionFunction {
override predicate hasCommandArgument(FunctionInput input) { input.isParameterDeref(4) }
}
/** The `CreateProcessWithTokenW` function from Win32. */
class CreateProcessWithTokenW extends Function {
CreateProcessWithTokenW() { this.hasGlobalName("CreateProcessWithTokenW") }
}
private class CreateProcessWithTokenWModel extends CreateProcessWithTokenW, CommandExecutionFunction
{
override predicate hasCommandArgument(FunctionInput input) { input.isParameterDeref(2) }
}