mirror of
https://github.com/github/codeql.git
synced 2025-12-17 01:03:14 +01:00
C++: Add Windows command line and environment models
This commit is contained in:
Jeroen Ketema
20
cpp/ql/lib/ext/Windows.model.yml
Normal file
20
cpp/ql/lib/ext/Windows.model.yml
Normal file
@@ -0,0 +1,20 @@
|
|||||||
|
# partial model of windows system calls
|
||||||
|
extensions:
|
||||||
|
- addsTo:
|
||||||
|
pack: codeql/cpp-all
|
||||||
|
extensible: sourceModel
|
||||||
|
data: # namespace, type, subtypes, name, signature, ext, output, kind, provenance
|
||||||
|
# processenv.h
|
||||||
|
- ["", "", False, "GetCommandLineA", "", "", "ReturnValue[*]", "local", "manual"]
|
||||||
|
- ["", "", False, "GetCommandLineW", "", "", "ReturnValue[*]", "local", "manual"]
|
||||||
|
- ["", "", False, "GetEnvironmentStringsA", "", "", "ReturnValue[*]", "local", "manual"]
|
||||||
|
- ["", "", False, "GetEnvironmentStringsW", "", "", "ReturnValue[*]", "local", "manual"]
|
||||||
|
- ["", "", False, "GetEnvironmentVariableA", "", "", "Argument[*1]", "local", "manual"]
|
||||||
|
- ["", "", False, "GetEnvironmentVariableW", "", "", "Argument[*1]", "local", "manual"]
|
||||||
|
- addsTo:
|
||||||
|
pack: codeql/cpp-all
|
||||||
|
extensible: summaryModel
|
||||||
|
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
|
||||||
|
# shellapi.h
|
||||||
|
- ["", "", False, "CommandLineToArgvA", "", "", "Argument[*0]", "ReturnValue[**]", "taint", "manual"]
|
||||||
|
- ["", "", False, "CommandLineToArgvW", "", "", "Argument[*0]", "ReturnValue[**]", "taint", "manual"]
|
||||||
@@ -55,7 +55,7 @@ private class LocalModelSource extends LocalFlowSource {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A local data flow source that the `argv` parameter to `main` or `wmain`.
|
* A local data flow source that is the `argv` parameter to `main` or `wmain`.
|
||||||
*/
|
*/
|
||||||
private class ArgvSource extends LocalFlowSource {
|
private class ArgvSource extends LocalFlowSource {
|
||||||
ArgvSource() {
|
ArgvSource() {
|
||||||
@@ -69,6 +69,21 @@ private class ArgvSource extends LocalFlowSource {
|
|||||||
override string getSourceType() { result = "a command-line argument" }
|
override string getSourceType() { result = "a command-line argument" }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A local data flow source that is the `pCmdLine` parameter to `WinMain` or `wWinMain`.
|
||||||
|
*/
|
||||||
|
private class CmdLineSource extends LocalFlowSource {
|
||||||
|
CmdLineSource() {
|
||||||
|
exists(Function main, Parameter pCmdLine |
|
||||||
|
main.hasGlobalName(["WinMain", "wWinMain"]) and
|
||||||
|
main.getParameter(2) = pCmdLine and
|
||||||
|
this.asParameter(1) = pCmdLine
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
override string getSourceType() { result = "a command-line" }
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A remote data flow source that is defined through 'models as data'.
|
* A remote data flow source that is defined through 'models as data'.
|
||||||
*/
|
*/
|
||||||
|
|||||||
Reference in New Issue
Block a user