From aaa2a60b93cb82550c3668348fc2656fe59c95ce Mon Sep 17 00:00:00 2001 From: Ziemowit Laski Date: Thu, 26 Sep 2019 12:14:35 -0700 Subject: [PATCH] [zlaski/memset-model] Remove taint tracking from `Memset.qll`. Add `Memset.qll` to `Models.qll`. --- cpp/ql/src/semmle/code/cpp/models/Models.qll | 1 + .../src/semmle/code/cpp/models/implementations/Memset.qll | 8 +++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/cpp/ql/src/semmle/code/cpp/models/Models.qll b/cpp/ql/src/semmle/code/cpp/models/Models.qll index 0747b00c48d..c152a473259 100644 --- a/cpp/ql/src/semmle/code/cpp/models/Models.qll +++ b/cpp/ql/src/semmle/code/cpp/models/Models.qll @@ -1,6 +1,7 @@ private import implementations.IdentityFunction private import implementations.Inet private import implementations.Memcpy +private import implementations.Memset private import implementations.Printf private import implementations.Pure private import implementations.Strcat diff --git a/cpp/ql/src/semmle/code/cpp/models/implementations/Memset.qll b/cpp/ql/src/semmle/code/cpp/models/implementations/Memset.qll index be44181b7ba..75d1bee4c88 100644 --- a/cpp/ql/src/semmle/code/cpp/models/implementations/Memset.qll +++ b/cpp/ql/src/semmle/code/cpp/models/implementations/Memset.qll @@ -1,17 +1,19 @@ import semmle.code.cpp.Function import semmle.code.cpp.models.interfaces.ArrayFunction import semmle.code.cpp.models.interfaces.DataFlow -import semmle.code.cpp.models.interfaces.Taint /** * The standard function `memset` and its assorted variants */ -class MemsetFunction extends ArrayFunction, DataFlowFunction, TaintFunction { +class MemsetFunction extends ArrayFunction, DataFlowFunction { MemsetFunction() { hasGlobalName("memset") or + hasGlobalName("wmemset") or hasGlobalName("bzero") or hasGlobalName("__builtin_memset") or - hasQualifiedName("std", "memset") + hasGlobalName("__builtin_memset_chk") or + hasQualifiedName("std", "memset") or + hasQualifiedName("std", "wmemset") } override predicate hasArrayOutput(int bufParam) { bufParam = 0 }