hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Add models-as-data models for ZMQ networking library + wiring.

Browse Source
This commit is contained in:
Geoffrey White
2024-03-28 17:57:20 +00:00
parent 16f9ad06ef
commit fa26b55452
7 changed files with 69 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cpp/ql/lib/semmle/code/cpp/models/Models.qll
View File

@@ -41,3 +41,4 @@ private import implementations.SqLite3
private import implementations.PostgreSql
private import implementations.System
private import implementations.StructuredExceptionHandling
private import implementations.ZMQ

36
cpp/ql/lib/semmle/code/cpp/models/implementations/ZMQ.qll Normal file
View File

@@ -0,0 +1,36 @@
/**
* Provides implementation classes modeling the ZeroMQ networking library.
*/
import semmle.code.cpp.models.interfaces.FlowSource
/**
* Remote flow sources.
*/
private class ZMQSource extends SourceModelCsv {
override predicate row(string row) {
row =
[
";;false;zmq_recv;;;Argument[*1];remote",
";;false;zmq_recvmsg;;;Argument[*1];remote",
";;false;zmq_msg_recv;;;Argument[*0];remote",
]
}
}
/**
* Remote flow sinks.
*/
private class ZMQSinks extends SinkModelCsv {
override predicate row(string row) {
row =
[
";;false;zmq_send;;;Argument[*1];remote-sink",
";;false;zmq_msg_init_data;;;Argument[*1];remote-sink",
";;false;zmq_sendmsg;;;Argument[*1];remote-sink",
";;false;zmq_msg_send;;;Argument[*0];remote-sink",
]
}
}
// TODO: flow into / through zmq_msg_data ?

12
cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll
View File

@@ -93,6 +93,9 @@ abstract class RemoteFlowSink extends DataFlow::Node {
abstract string getSinkType();
}
/**
* A remote flow sink derived from the `RemoteFlowSinkFunction` model.
*/
private class RemoteParameterSink extends RemoteFlowSink {
string sourceType;
@@ -106,3 +109,12 @@ private class RemoteParameterSink extends RemoteFlowSink {
override string getSinkType() { result = sourceType }
}
/**
* A remote flow sink defined in a CSV model.
*/
private class RemoteFlowFromCSVSink extends RemoteFlowSink {
RemoteFlowFromCSVSink() { sinkNode(this, "remote-sink") }
override string getSinkType() { result = "remote flow sink" }
}