hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Add detail to the model.

Browse Source
This commit is contained in:
Geoffrey White
2020-01-17 16:45:17 +00:00
parent 77a3778eef
commit 200545d88c
3 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cpp/ql/src/semmle/code/cpp/models/implementations/Pure.qll
View File

@@ -44,6 +44,10 @@ class PureStrFunction extends AliasFunction, ArrayFunction, TaintFunction, SideE
getParameter(bufParam).getUnspecifiedType() instanceof PointerType
}
override predicate hasArrayWithNullTerminator(int bufParam) {
getParameter(bufParam).getUnspecifiedType() instanceof PointerType
}
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
exists(ParameterIndex i |
input.isParameter(i) and

2
cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/NoSpaceForZeroTerminator.expected
View File

@@ -6,4 +6,6 @@
| test.cpp:24:35:24:40 | call to malloc | This allocation does not include space to null-terminate the string. |
| test.cpp:63:28:63:33 | call to malloc | This allocation does not include space to null-terminate the string. |
| test.cpp:71:28:71:33 | call to malloc | This allocation does not include space to null-terminate the string. |
| test.cpp:79:28:79:33 | call to malloc | This allocation does not include space to null-terminate the string. |
| test.cpp:89:35:89:40 | call to malloc | This allocation does not include space to null-terminate the string. |
| test.cpp:106:24:106:48 | new[] | This allocation does not include space to null-terminate the string. |

4
cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/test.cpp
View File

@@ -75,7 +75,7 @@ void bad6(char *str, char *dest) {
}
void bad7(char *str, char *str2) {
// BAD -- zero-termination proved by strcmp [NOT DETECTED]
// BAD -- zero-termination proved by strcmp
char *buffer = (char *)malloc(strlen(str));
decode(buffer, str);
if (strcmp(buffer, str2) == 0) {
@@ -85,7 +85,7 @@ void bad7(char *str, char *str2) {
}
void bad8(wchar_t *str) {
// BAD -- zero-termination proved by wcslen [NOT DETECTED]
// BAD -- zero-termination proved by wcslen
wchar_t *wbuffer = (wchar_t *)malloc(wcslen(str));
wdecode(wbuffer, str);
if (wcslen(wbuffer) == 0) {