hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Add DataFlow to strdup.

Browse Source
This commit is contained in:
Geoffrey White
2020-01-15 19:18:37 +00:00
parent 9b5be995d2
commit 04af2ace94
1 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
cpp/ql/src/semmle/code/cpp/models/implementations/Strdup.qll
View File

@@ -1,9 +1,12 @@
import semmle.code.cpp.models.interfaces.Allocation
import semmle.code.cpp.models.interfaces.ArrayFunction
import semmle.code.cpp.models.interfaces.DataFlow
import semmle.code.cpp.models.interfaces.Taint
/**
* A `strdup` style allocation function.
*/
class StrdupFunction extends AllocationFunction {
class StrdupFunction extends AllocationFunction, ArrayFunction, DataFlowFunction {
StrdupFunction() {
exists(string name |
hasGlobalOrStdName(name) and
@@ -28,4 +31,15 @@ class StrdupFunction extends AllocationFunction {
)
)
}
override predicate hasArrayInput(int bufParam) { bufParam = 0 }
override predicate hasArrayWithNullTerminator(int bufParam) { bufParam = 0 }
override predicate hasDataFlow(FunctionInput input, FunctionOutput output) {
// These always copy the full value of the input buffer to the result
// buffer
input.isParameterDeref(0) and
output.isReturnValueDeref()
}
}