C++: Use model interfaces in SafeExternalAPIFunction and make the three previosuly-used implementation models private.

2026-04-30 03:05:15 +02:00 · 2020-11-25 18:20:55 +01:00
parent 65dbb6e45f
commit 7730f5dfcf
3 changed files with 9 additions and 11 deletions
--- a/cpp/ql/src/Security/CWE/CWE-020/SafeExternalAPIFunction.qll
+++ b/cpp/ql/src/Security/CWE/CWE-020/SafeExternalAPIFunction.qll
@@ -13,9 +13,7 @@ abstract class SafeExternalAPIFunction extends Function { }
 /** The default set of "safe" external APIs. */
 private class DefaultSafeExternalAPIFunction extends SafeExternalAPIFunction {
  DefaultSafeExternalAPIFunction() {
-    // implementation note: this should be based on the properties of public interfaces, rather than accessing implementation classes directly.  When we've done that, the three classes referenced here should be made fully private.
-    this instanceof PureStrFunction or
-    this instanceof StrLenFunction or
-    this instanceof PureMemFunction
+    this instanceof ArrayFunction and
+    not this.(ArrayFunction).hasArrayOutput(_)
  }
 }
--- a/cpp/ql/src/Security/CWE/CWE-020/ir/SafeExternalAPIFunction.qll
+++ b/cpp/ql/src/Security/CWE/CWE-020/ir/SafeExternalAPIFunction.qll
@@ -13,9 +13,7 @@ abstract class SafeExternalAPIFunction extends Function { }
 /** The default set of "safe" external APIs. */
 private class DefaultSafeExternalAPIFunction extends SafeExternalAPIFunction {
  DefaultSafeExternalAPIFunction() {
-    // implementation note: this should be based on the properties of public interfaces, rather than accessing implementation classes directly.  When we've done that, the three classes referenced here should be made fully private.
-    this instanceof PureStrFunction or
-    this instanceof StrLenFunction or
-    this instanceof PureMemFunction
+    this instanceof ArrayFunction and
+    not this.(ArrayFunction).hasArrayOutput(_)
  }
 }
--- a/cpp/ql/src/semmle/code/cpp/models/implementations/Pure.qll
+++ b/cpp/ql/src/semmle/code/cpp/models/implementations/Pure.qll
@@ -8,7 +8,8 @@ import semmle.code.cpp.models.interfaces.SideEffect
 *
 * INTERNAL: do not use.
 */
-class PureStrFunction extends AliasFunction, ArrayFunction, TaintFunction, SideEffectFunction {
+private class PureStrFunction extends AliasFunction, ArrayFunction, TaintFunction,
+  SideEffectFunction {
  PureStrFunction() {
    hasGlobalOrStdName([
        "atof", "atoi", "atol", "atoll", "strcasestr", "strchnul", "strchr", "strchrnul", "strstr",
@@ -68,7 +69,7 @@ class PureStrFunction extends AliasFunction, ArrayFunction, TaintFunction, SideE
 *
 * INTERNAL: do not use.
 */
-class StrLenFunction extends AliasFunction, ArrayFunction, SideEffectFunction {
+private class StrLenFunction extends AliasFunction, ArrayFunction, SideEffectFunction {
  StrLenFunction() {
    hasGlobalOrStdName(["strlen", "strnlen", "wcslen"])
    or
@@ -123,7 +124,8 @@ private class PureFunction extends TaintFunction, SideEffectFunction {
 *
 * INTERNAL: do not use.
 */
-class PureMemFunction extends AliasFunction, ArrayFunction, TaintFunction, SideEffectFunction {
+private class PureMemFunction extends AliasFunction, ArrayFunction, TaintFunction,
+  SideEffectFunction {
  PureMemFunction() { hasGlobalOrStdName(["memchr", "memrchr", "rawmemchr", "memcmp", "memmem"]) }

  override predicate hasArrayInput(int bufParam) {