Merge pull request #5156 from geoffw0/modelsbsl

C++: Improve StdSet and StdPair models
2026-05-02 04:05:14 +02:00 · 2021-02-16 18:00:23 +01:00
parent 92df1f7a3d 04f15ad43a
commit f7f8dd49c6
2 changed files with 25 additions and 18 deletions
--- a/cpp/ql/src/semmle/code/cpp/models/implementations/StdPair.qll
+++ b/cpp/ql/src/semmle/code/cpp/models/implementations/StdPair.qll
@@ -7,10 +7,16 @@ import semmle.code.cpp.models.interfaces.Taint
 /**
 * An instantiation of `std::pair<T1, T2>`.
 */
-class StdPairClass extends ClassTemplateInstantiation {
-  StdPairClass() { getTemplate().hasQualifiedName("std", "pair") }
+private class StdPair extends ClassTemplateInstantiation {
+  StdPair() { this.hasQualifiedName(["std", "bsl"], "pair") }
 }

+/**
+ * DEPRECATED: This is now called `StdPair` and is a private part of the
+ * library implementation.
+ */
+deprecated class StdPairClass = StdPair;
+
 /**
 * Any of the single-parameter constructors of `std::pair` that takes a reference to an
 * instantiation of `std::pair`. These constructors allow conversion between pair types when the
@@ -18,9 +24,9 @@ class StdPairClass extends ClassTemplateInstantiation {
 */
 class StdPairCopyishConstructor extends Constructor, TaintFunction {
  StdPairCopyishConstructor() {
-    this.getDeclaringType() instanceof StdPairClass and
+    this.getDeclaringType() instanceof StdPair and
    this.getNumberOfParameters() = 1 and
-    this.getParameter(0).getUnspecifiedType().(ReferenceType).getBaseType() instanceof StdPairClass
+    this.getParameter(0).getUnspecifiedType().(ReferenceType).getBaseType() instanceof StdPair
  }

  override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
@@ -38,7 +44,7 @@ class StdPairCopyishConstructor extends Constructor, TaintFunction {
 * Additional model for `std::pair` constructors.
 */
 private class StdPairConstructor extends Constructor, TaintFunction {
-  StdPairConstructor() { this.hasQualifiedName("std", "pair", "pair") }
+  StdPairConstructor() { this.getDeclaringType() instanceof StdPair }

  /**
   * Gets the index of a parameter to this function that is a reference to
--- a/cpp/ql/src/semmle/code/cpp/models/implementations/StdSet.qll
+++ b/cpp/ql/src/semmle/code/cpp/models/implementations/StdSet.qll
@@ -5,14 +5,18 @@
 import semmle.code.cpp.models.interfaces.Taint
 import semmle.code.cpp.models.interfaces.Iterator

+/**
+ * An instantiation of `std::set` or `std::unordered_set`.
+ */
+private class StdSet extends ClassTemplateInstantiation {
+  StdSet() { this.hasQualifiedName(["std", "bsl"], ["set", "unordered_set"]) }
+}
+
 /**
 * Additional model for set constructors using iterator inputs.
 */
 private class StdSetConstructor extends Constructor, TaintFunction {
-  StdSetConstructor() {
-    this.hasQualifiedName("std", "set", "set") or
-    this.hasQualifiedName("std", "unordered_set", "unordered_set")
-  }
+  StdSetConstructor() { this.getDeclaringType() instanceof StdSet }

  /**
   * Gets the index of a parameter to this function that is an iterator.
@@ -36,7 +40,7 @@ private class StdSetConstructor extends Constructor, TaintFunction {
 * The standard set `insert` and `insert_or_assign` functions.
 */
 private class StdSetInsert extends TaintFunction {
-  StdSetInsert() { this.hasQualifiedName("std", ["set", "unordered_set"], "insert") }
+  StdSetInsert() { this.getClassAndName("insert") instanceof StdSet }

  override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
    // flow from last parameter to qualifier and return value
@@ -53,9 +57,7 @@ private class StdSetInsert extends TaintFunction {
 * The standard set `emplace` and `emplace_hint` functions.
 */
 private class StdSetEmplace extends TaintFunction {
-  StdSetEmplace() {
-    this.hasQualifiedName("std", ["set", "unordered_set"], ["emplace", "emplace_hint"])
-  }
+  StdSetEmplace() { this.getClassAndName(["emplace", "emplace_hint"]) instanceof StdSet }

  override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
    // flow from any parameter to qualifier and return value
@@ -76,7 +78,7 @@ private class StdSetEmplace extends TaintFunction {
 * The standard set `merge` function.
 */
 private class StdSetMerge extends TaintFunction {
-  StdSetMerge() { this.hasQualifiedName("std", ["set", "unordered_set"], "merge") }
+  StdSetMerge() { this.getClassAndName("merge") instanceof StdSet }

  override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
    // container1.merge(container2)
@@ -89,7 +91,7 @@ private class StdSetMerge extends TaintFunction {
 * The standard set `find` function.
 */
 private class StdSetFind extends TaintFunction {
-  StdSetFind() { this.hasQualifiedName("std", ["set", "unordered_set"], "find") }
+  StdSetFind() { this.getClassAndName("find") instanceof StdSet }

  override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
    input.isQualifierObject() and
@@ -101,7 +103,7 @@ private class StdSetFind extends TaintFunction {
 * The standard set `erase` function.
 */
 private class StdSetErase extends TaintFunction {
-  StdSetErase() { this.hasQualifiedName("std", ["set", "unordered_set"], "erase") }
+  StdSetErase() { this.getClassAndName("erase") instanceof StdSet }

  override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
    // flow from qualifier to iterator return value
@@ -116,8 +118,7 @@ private class StdSetErase extends TaintFunction {
 */
 private class StdSetEqualRange extends TaintFunction {
  StdSetEqualRange() {
-    this.hasQualifiedName("std", ["set", "unordered_set"],
-      ["lower_bound", "upper_bound", "equal_range"])
+    this.getClassAndName(["lower_bound", "upper_bound", "equal_range"]) instanceof StdSet
  }

  override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {