hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Add DataFlow to strdup.

Browse Source
This commit is contained in:
Geoffrey White
2020-01-15 19:18:37 +00:00
parent 9b5be995d2
commit 04af2ace94
1 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
cpp/ql/src/semmle/code/cpp/models/implementations/Strdup.qll
View File

@@ -1,9 +1,12 @@
import semmle.code.cpp.models.interfaces.Allocation import semmle.code.cpp.models.interfaces.Allocation
import semmle.code.cpp.models.interfaces.ArrayFunction
import semmle.code.cpp.models.interfaces.DataFlow
import semmle.code.cpp.models.interfaces.Taint
/** /**
* A `strdup` style allocation function. * A `strdup` style allocation function.
*/ */
class StrdupFunction extends AllocationFunction { class StrdupFunction extends AllocationFunction, ArrayFunction, DataFlowFunction {
StrdupFunction() { StrdupFunction() {
exists(string name | exists(string name |
hasGlobalOrStdName(name) and hasGlobalOrStdName(name) and
@@ -28,4 +31,15 @@ class StrdupFunction extends AllocationFunction {
) )
) )
} }
override predicate hasArrayInput(int bufParam) { bufParam = 0 }
override predicate hasArrayWithNullTerminator(int bufParam) { bufParam = 0 }
override predicate hasDataFlow(FunctionInput input, FunctionOutput output) {
// These always copy the full value of the input buffer to the result
// buffer
input.isParameterDeref(0) and
output.isReturnValueDeref()
}
} }