Merge pull request #695 from raulgarciamsft/users/raulga/c6324

cpp - Using the return value of a strcpy or related string copy function in an if statement

cpp/ql/test/query-tests/Likely Bugs/Likely Typos/UsingStrcpyAsBoolean/UsingStrcpyAsBoolean.expected

@@ -0,0 +1,34 @@
+| test.c:34:9:34:14 | call to strcpy | Return Value of strcpy used directly in a conditional expression. |
+| test.c:38:9:38:31 | ! ... | Return Value of strcpy used in a logical operation. |
+| test.c:42:9:42:35 | ... == ... | Return Value of strcpy used in a logical operation. |
+| test.c:46:9:46:48 | ... && ... | Return Value of strcpy used in a logical operation. |
+| test.c:50:9:50:15 | call to strncpy | Return Value of strncpy used directly in a conditional expression. |
+| test.c:54:6:54:34 | ! ... | Return Value of strncpy used in a logical operation. |
+| test.c:58:11:58:39 | ! ... | Return Value of strncpy used in a logical operation. |
+| test.c:60:11:60:37 | ... && ... | Return Value of strcpy used in a logical operation. |
+| test.c:62:11:62:37 | ... == ... | Return Value of strcpy used in a logical operation. |
+| test.c:64:11:64:37 | ... != ... | Return Value of strcpy used in a logical operation. |
+| test.cpp:75:9:75:14 | call to strcpy | Return Value of strcpy used directly in a conditional expression. |
+| test.cpp:79:9:79:31 | ! ... | Return Value of strcpy used in a logical operation. |
+| test.cpp:79:10:79:15 | call to strcpy | Return Value of strcpy used as boolean. |
+| test.cpp:83:9:83:35 | ... == ... | Return Value of strcpy used in a logical operation. |
+| test.cpp:87:9:87:48 | ... && ... | Return Value of strcpy used in a logical operation. |
+| test.cpp:87:27:87:32 | call to strcpy | Return Value of strcpy used as boolean. |
+| test.cpp:91:9:91:37 | call to wcscpy | Return Value of wcscpy used directly in a conditional expression. |
+| test.cpp:95:9:95:14 | call to wcscpy | Return Value of wcscpy used directly in a conditional expression. |
+| test.cpp:99:9:99:15 | call to _mbscpy | Return Value of _mbscpy used directly in a conditional expression. |
+| test.cpp:103:9:103:15 | call to strncpy | Return Value of strncpy used directly in a conditional expression. |
+| test.cpp:107:9:107:15 | call to wcsncpy | Return Value of wcsncpy used directly in a conditional expression. |
+| test.cpp:111:9:111:16 | call to _mbsncpy | Return Value of _mbsncpy used directly in a conditional expression. |
+| test.cpp:115:9:115:18 | call to _strncpy_l | Return Value of _strncpy_l used directly in a conditional expression. |
+| test.cpp:119:9:119:18 | call to _wcsncpy_l | Return Value of _wcsncpy_l used directly in a conditional expression. |
+| test.cpp:123:9:123:18 | call to _mbsncpy_l | Return Value of _mbsncpy_l used directly in a conditional expression. |
+| test.cpp:127:6:127:34 | ! ... | Return Value of strncpy used in a logical operation. |
+| test.cpp:127:7:127:13 | call to strncpy | Return Value of strncpy used as boolean. |
+| test.cpp:131:11:131:17 | call to strncpy | Return Value of strncpy used as boolean. |
+| test.cpp:133:16:133:44 | ! ... | Return Value of strncpy used in a logical operation. |
+| test.cpp:133:17:133:23 | call to strncpy | Return Value of strncpy used as boolean. |
+| test.cpp:135:11:135:16 | call to strcpy | Return Value of strcpy used as boolean. |
+| test.cpp:135:11:135:37 | ... && ... | Return Value of strcpy used in a logical operation. |
+| test.cpp:137:11:137:37 | ... == ... | Return Value of strcpy used in a logical operation. |
+| test.cpp:139:11:139:37 | ... != ... | Return Value of strcpy used in a logical operation. |

cpp/ql/test/query-tests/Likely Bugs/Likely Typos/UsingStrcpyAsBoolean/UsingStrcpyAsBoolean.qlref

@@ -0,0 +1 @@
+Likely Bugs/Likely Typos/UsingStrcpyAsBoolean.ql

cpp/ql/test/query-tests/Likely Bugs/Likely Typos/UsingStrcpyAsBoolean/test.c

@@ -0,0 +1,83 @@
+typedef unsigned int size_t; 
+typedef int* locale_t;
+
+char* strcpy(char* destination, const char* source)
+{
+    return destination;
+}
+char* strncpy(char* destination, const char* source, size_t count)
+{
+    return destination;
+}
+
+int SomeFunction()
+{
+    return 1;
+}
+
+int SomeFunctionThatTakesString(char* destination)
+{
+    return 1;
+}
+
+int strcmp(char* destination, const char* source)
+{
+    return 1;
+}
+
+void PositiveCases()
+{
+    char szbuf1[100];
+    char szbuf2[100];
+	int result;
+
+    if (strcpy(szbuf1, "test")) // Bug, direct usage
+    {
+    }
+
+    if (!strcpy(szbuf1, "test")) // Bug, unary binary operator
+    {
+    }
+
+    if (strcpy(szbuf1, "test") == 0) // Bug, equality operator
+    {
+    }
+
+    if (SomeFunction() && strcpy(szbuf1, "test")) // Bug, binary logical operator
+    {
+    }
+
+    if (strncpy(szbuf1, "test", 100))  // Bug
+    {
+    }
+
+	if (!strncpy(szbuf1, "test", 100))  // Bug
+	{
+	}
+
+	result = !strncpy(szbuf1, "test", 100);
+
+	result = strcpy(szbuf1, "test") && 1;
+
+	result = strcpy(szbuf1, "test") == 0;
+
+	result = strcpy(szbuf1, "test") != 0;
+}
+
+void NegativeCases()
+{
+    char szbuf1[100];
+
+    if (SomeFunction())
+    {
+    }
+
+    if (SomeFunctionThatTakesString(strcpy(szbuf1, "test")))
+    {
+    }
+
+    if (strcmp(szbuf1, "test"))
+    {
+    }
+
+}

cpp/ql/test/query-tests/Likely Bugs/Likely Typos/UsingStrcpyAsBoolean/test.cpp

@@ -0,0 +1,163 @@
+typedef unsigned long size_t; 
+typedef int* locale_t;
+
+char* strcpy(char* destination, const char* source)
+{
+    return destination;
+}
+wchar_t* wcscpy(wchar_t* destination, const wchar_t* source)
+{
+    return destination;
+}
+unsigned char* _mbscpy(unsigned char* destination, const unsigned char* source)
+{
+    return destination;
+}
+char* strncpy(char* destination, const char* source, size_t count)
+{
+    return destination;
+}
+wchar_t* wcsncpy(wchar_t* destination, const wchar_t* source, size_t count)
+{
+    return destination;
+}
+unsigned char* _mbsncpy(unsigned char* destination, const unsigned char* source, size_t count)
+{
+    return destination;
+}
+char* _strncpy_l(char* destination, const char* source, size_t count, locale_t locale)
+{
+    return destination;
+}
+wchar_t* _wcsncpy_l(wchar_t* destination, const wchar_t* source, size_t count, locale_t locale)
+{
+    return destination;
+}
+unsigned char* _mbsncpy_l(unsigned char* destination, const unsigned char* source, size_t count, locale_t locale)
+{
+    return destination;
+}
+
+int SomeFunction()
+{
+    return 1;
+}
+
+int SomeFunctionThatTakesString(char* destination)
+{
+    return 1;
+}
+
+int strcmp(char* destination, const char* source)
+{
+    return 1;
+}
+
+int strcpy_s(char* destination, size_t dest_size, const char* source)
+{
+    return 1;
+}
+
+#define WCSCPY_6324(x,y) wcscpy(x,y)
+
+void PositiveCases()
+{
+    char szbuf1[100];
+    char szbuf2[100];
+    wchar_t wscbuf1[100];
+    wchar_t wscbuf2[100];
+    unsigned char mbcbuf1[100];
+    unsigned char mbcbuf2[100];
+
+    locale_t x;
+    *x = 0;
+
+    if (strcpy(szbuf1, "test")) // Bug, direct usage
+    {
+    }
+
+    if (!strcpy(szbuf1, "test")) // Bug, unary binary operator
+    {
+    }
+
+    if (strcpy(szbuf1, "test") == 0) // Bug, equality operator
+    {
+    }
+
+    if (SomeFunction() && strcpy(szbuf1, "test")) // Bug, binary logical operator
+    {
+    }
+
+    if (WCSCPY_6324(wscbuf1, wscbuf2)) // Bug, using a macro
+    {
+    }
+
+    if (wcscpy(wscbuf1, wscbuf2)) // Bug
+    {
+    }
+
+    if (_mbscpy(mbcbuf1, mbcbuf2)) // Bug
+    {
+    }
+
+    if (strncpy(szbuf1, "test", 100))  // Bug
+    {
+    }
+
+    if (wcsncpy(wscbuf1, wscbuf2, 100)) // Bug
+    {
+    }
+
+    if (_mbsncpy(mbcbuf1, (const unsigned char*)"test", 100)) // Bug
+    {
+    }
+
+    if (_strncpy_l(szbuf1, "test", 100, x))  // Bug
+    {
+    }
+
+    if (_wcsncpy_l(wscbuf1, wscbuf2, 100, x)) // Bug
+    {
+    }
+
+    if (_mbsncpy_l(mbcbuf1, (const unsigned char*)"test", 100, x)) //Bug
+    {
+    }
+
+	if (!strncpy(szbuf1, "test", 100))  // Bug
+	{
+	}
+
+	bool b = strncpy(szbuf1, "test", 100);
+
+	bool result = !strncpy(szbuf1, "test", 100);
+
+	result = strcpy(szbuf1, "test") && 1;
+
+	result = strcpy(szbuf1, "test") == 0;
+
+	result = strcpy(szbuf1, "test") != 0;
+
+}
+
+void NegativeCases()
+{
+    char szbuf1[100];
+
+    if (SomeFunction())
+    {
+    }
+
+    if (SomeFunctionThatTakesString(strcpy(szbuf1, "test")))
+    {
+    }
+
+    if (strcmp(szbuf1, "test"))
+    {
+    }
+
+    if (strcpy_s(szbuf1, 100, "test"))
+    {
+    }
+
+}