hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

CPP: Switch from a blacklist to whitelist approach for determining null termination.

Browse Source
This commit is contained in:
Geoffrey White
2019-11-19 14:49:28 +00:00
parent fbd9d9bdab
commit e6ea705ff2
4 changed files with 19 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/NoSpaceForZeroTerminator.expected
View File

@@ -1,12 +1,6 @@
| test2.cpp:35:28:35:33 | call to malloc | This allocation does not include space to null-terminate the string. |
| test.c:16:20:16:25 | call to malloc | This allocation does not include space to null-terminate the string. |
| test.c:32:20:32:25 | call to malloc | This allocation does not include space to null-terminate the string. |
| test.c:49:20:49:25 | call to malloc | This allocation does not include space to null-terminate the string. |
| test.cpp:24:35:24:40 | call to malloc | This allocation does not include space to null-terminate the string. |
| test.cpp:45:28:45:33 | call to malloc | This allocation does not include space to null-terminate the string. |
| test.cpp:55:28:55:33 | call to malloc | This allocation does not include space to null-terminate the string. |
| test.cpp:63:28:63:33 | call to malloc | This allocation does not include space to null-terminate the string. |
| test.cpp:71:28:71:33 | call to malloc | This allocation does not include space to null-terminate the string. |
| test.cpp:79:28:79:33 | call to malloc | This allocation does not include space to null-terminate the string. |
| test.cpp:89:35:89:40 | call to malloc | This allocation does not include space to null-terminate the string. |
| test.cpp:99:28:99:33 | call to malloc | This allocation does not include space to null-terminate the string. |

10
cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/test.cpp
View File

@@ -41,7 +41,7 @@ void good1(wchar_t *wstr) {
}
void bad3(char *str) {
// BAD -- zero-termination proved by sprintf (as destination)
// BAD -- zero-termination proved by sprintf (as destination) [NOT DETECTED]
char *buffer = (char *)malloc(strlen(str));
sprintf(buffer, "%s", str);
free(buffer);
@@ -51,7 +51,7 @@ void decode(char *dest, char *src);
void wdecode(wchar_t *dest, wchar_t *src);
void bad4(char *str) {
// BAD -- zero-termination proved by wprintf (as parameter)
// BAD -- zero-termination proved by wprintf (as parameter) [NOT DETECTED]
char *buffer = (char *)malloc(strlen(str));
decode(buffer, str);
wprintf(L"%s", buffer);
@@ -75,7 +75,7 @@ void bad6(char *str, char *dest) {
}
void bad7(char *str, char *str2) {
// BAD -- zero-termination proved by strcmp
// BAD -- zero-termination proved by strcmp [NOT DETECTED]
char *buffer = (char *)malloc(strlen(str));
decode(buffer, str);
if (strcmp(buffer, str2) == 0) {
@@ -85,7 +85,7 @@ void bad7(char *str, char *str2) {
}
void bad8(wchar_t *str) {
// BAD -- zero-termination proved by wcslen
// BAD -- zero-termination proved by wcslen [NOT DETECTED]
wchar_t *wbuffer = (wchar_t *)malloc(wcslen(str));
wdecode(wbuffer, str);
if (wcslen(wbuffer) == 0) {
@@ -95,7 +95,7 @@ void bad8(wchar_t *str) {
}
void good2(char *str, char *dest) {
// GOOD -- zero-termination not proven [FALSE POSITIVE]
// GOOD -- zero-termination not proven
char *buffer = (char *)malloc(strlen(str));
decode(buffer, str);
free(buffer);

2
cpp/ql/test/query-tests/Security/CWE/CWE-131/semmle/NoSpaceForZeroTerminator/test2.cpp
View File

@@ -31,7 +31,7 @@ namespace std
//// Test code /////
void bad1(char *str) {
// BAD -- Not allocating space for '\0' terminator
// BAD -- Not allocating space for '\0' terminator [NOT DETECTED]
char *buffer = (char *)malloc(strlen(str));
std::string str2(buffer);
free(buffer);