C++: Add StrlenLiteralRangeExpr

2026-05-05 21:55:19 +02:00 · 2023-03-23 16:52:31 -07:00
parent bb27ba7d3c
commit b87f12d5b2
5 changed files with 33 additions and 0 deletions
--- a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/ExtendedRangeAnalysis.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/ExtendedRangeAnalysis.qll
@@ -3,3 +3,4 @@ import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
 // Import each extension we want to enable
 import extensions.SubtractSelf
 import extensions.ConstantBitwiseAndExprRange
+import extensions.StrlenLiteralRangeExpr
--- a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/StrlenLiteralRangeExpr.qll
+++ b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/extensions/StrlenLiteralRangeExpr.qll
@@ -0,0 +1,18 @@
+private import cpp
+private import experimental.semmle.code.cpp.models.interfaces.SimpleRangeAnalysisExpr
+
+/**
+ * Provides range analysis information for calls to `strlen` on literal strings.
+ * For example, the range of `strlen("literal")` will be 7.
+ */
+class StrlenLiteralRangeExpr extends SimpleRangeAnalysisExpr, FunctionCall {
+  StrlenLiteralRangeExpr() {
+    getTarget().hasGlobalOrStdName("strlen") and getArgument(0).isConstant()
+  }
+
+  override int getLowerBounds() { result = getArgument(0).getValue().length() }
+
+  override int getUpperBounds() { result = getArgument(0).getValue().length() }
+
+  override predicate dependsOnChild(Expr e) { none() }
+}