hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

[CPP-370] Improve handling of _ macros by using taint sanitizers.

Browse Source
This commit is contained in:
Ziemowit Laski
2019-06-10 15:50:53 -07:00
parent 8f79cdb1fb
commit 0f5a4a7089
4 changed files with 22 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.c
View File

@@ -31,7 +31,7 @@ int main(int argc, char **argv) {
else
printf("No argument supplied.\n"); // ok
printf(_("No argument supplied.\n")); // not ok
printf(_("No argument supplied.\n")); // ok
printf(dgettext(NULL, "No argument supplied.\n")); // ok
@@ -40,10 +40,10 @@ int main(int argc, char **argv) {
printf(gettext("%d arguments\n"), argc-1); // ok
printf(any_random_function("%d arguments\n"), argc-1); // not ok
// Since `_` is mapped to `some_random_function` above,
// the following call will be flagged.
// Even though `_` is mapped to `some_random_function` above,
// the following call should not be flagged.
printf(_(any_random_function("%d arguments\n")),
argc-1); // not ok
argc-1); // ok
return 0;
}

2
cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.expected
View File

@@ -1,7 +1,5 @@
| NonConstantFormat.c:30:10:30:16 | access to array | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| NonConstantFormat.c:34:9:34:36 | call to any_random_function | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| NonConstantFormat.c:41:9:41:27 | call to any_random_function | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| NonConstantFormat.c:45:9:45:48 | call to any_random_function | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| nested.cpp:21:23:21:26 | fmt0 | The format string argument to snprintf should be constant to prevent security issues and other potential errors. |
| nested.cpp:79:32:79:38 | call to get_fmt | The format string argument to diagnostic should be constant to prevent security issues and other potential errors. |
| nested.cpp:87:18:87:20 | fmt | The format string argument to diagnostic should be constant to prevent security issues and other potential errors. |

8
cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/nested.cpp
View File

@@ -18,7 +18,7 @@ extern "C" int snprintf ( char * s, int n, const char * format, ... );
struct A {
void do_print(const char *fmt0) {
char buf[32];
snprintf(buf, 32, fmt0); // GOOD
snprintf(buf, 32, fmt0); // BAD [FALSE POSITIVE]
}
};
@@ -39,7 +39,7 @@ struct C {
void foo(void) {
C c;
c.do_some_printing(c.ext_fmt_str());
c.do_some_printing(c.ext_fmt_str()); // GOOD [NOT DETECTED]
}
struct some_class {
@@ -76,7 +76,7 @@ void diagnostic(const char *fmt, ...)
}
void bar(void) {
diagnostic (some_instance->get_fmt()); // GOOD
diagnostic (some_instance->get_fmt()); // BAD
}
namespace ns {
@@ -84,7 +84,7 @@ namespace ns {
class blab {
void out1(void) {
char *fmt = (char *)__builtin_alloca(10);
diagnostic(fmt); // GOOD
diagnostic(fmt); // BAD
}
};
}