hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Updates to address PR comments.

Browse Source
This commit is contained in:
Benjamin Rodes
2023-12-19 09:33:07 -05:00
parent 387eddadad
commit 48866e5358
1 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll
View File

@@ -39,6 +39,12 @@ class StringConcatenation extends Call {
result = this.getAnArgument() and result = this.getAnArgument() and
// addresses odd behavior with overloaded operators // addresses odd behavior with overloaded operators
// i.e., "call to operator+" appearing as an operand // i.e., "call to operator+" appearing as an operand
// occurs in cases like `string s = s1 + s2 + s3`, which is represented as
// `string s = (s1.operator+(s2)).operator+(s3);`
// By limiting to non-calls we get the leaf operands (the variables or raw strings)
// also, by not enuemrating allowed types (variables and strings) we avoid issues
// with missed corner cases or extensions/changes to CodeQL in the future which might
// invalidate that approach.
not result instanceof Call and not result instanceof Call and
// Limit the result type to string // Limit the result type to string
( (
@@ -62,11 +68,7 @@ class StringConcatenation extends Call {
or or
exists(int n | exists(int n |
result = this.getArgument(n) and result = this.getArgument(n) and
n >= n >= this.(FormattingFunctionCall).getTarget().getFirstFormatArgumentIndex()
this.(FormattingFunctionCall)
.getTarget()
.(FormattingFunction)
.getFirstFormatArgumentIndex()
) )
) )
) )
@@ -82,17 +84,15 @@ class StringConcatenation extends Call {
this.getArgument(this.getTarget().(StrcatFunction).getParamDest()) this.getArgument(this.getTarget().(StrcatFunction).getParamDest())
or or
// Hardcoding it is also the return // Hardcoding it is also the return
[result.asExpr(), result.asIndirectExpr()] = this.(Call) result.asExpr() = this.(Call)
else else
if this.getTarget() instanceof StrlcatFunction if this.getTarget() instanceof StrlcatFunction
then ( then (
[result.asExpr(), result.asIndirectExpr()] = result.asDefiningArgument() =
this.getArgument(this.getTarget().(StrlcatFunction).getParamDest()) this.getArgument(this.getTarget().(StrlcatFunction).getParamDest())
) else ) else
if this instanceof FormattingFunctionCall if this instanceof FormattingFunctionCall
then then result.asDefiningArgument() = this.(FormattingFunctionCall).getOutputArgument(_)
[result.asExpr(), result.asIndirectExpr()] = else result.asExpr() = this.(Call)
this.(FormattingFunctionCall).getOutputArgument(_)
else [result.asExpr(), result.asIndirectExpr()] = this.(Call)
} }
} }