hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

[CPP-370] Update the NonConstantFormat.expected result template.

Browse Source
This commit is contained in:
Ziemowit Laski
2019-04-24 11:46:03 -07:00
parent 0c86d4c112
commit ffddc5bff6
3 changed files with 37 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql
View File

@@ -38,24 +38,40 @@ predicate whitelistFunction(Function f, int arg) {
(arg = 1 or arg = 2)
}
predicate underscoreMacro(Expr e) {
exists(MacroInvocation mi |
mi.getMacroName() = "_" and
mi.getExpr() = e and
isConstMacro(e)
)
}
predicate whitelisted(Expr e) {
exists(FunctionCall fc, int arg | fc = e.(FunctionCall) |
whitelistFunction(fc.getTarget(), arg) and
isConst(fc.getArgument(arg))
)
or underscoreMacro(e)
}
predicate isConst(Expr e) {
predicate isConstMacro(Expr e) {
e instanceof StringLiteral
or
whitelisted(e)
}
predicate isConst(Expr e) {
isConstMacro(e)
or
underscoreMacro(e)
}
class ConstFlow extends DataFlow::Configuration {
ConstFlow() { this = "ConstFlow" }
override predicate isSource(DataFlow::Node source) {
isConst(source.asExpr())
none()
//isConst(source.asExpr())
}
override predicate isSink(DataFlow::Node sink) {

6
cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.c
View File

@@ -27,8 +27,9 @@ extern char *any_random_function(const char *);
#define NULL ((void*)0)
// The following is the recommended use for the `_` macro.
#define _(X) gettext(X)
// The `_` macro is treated specially. While it is typically set to
// `gettext`, we allow it to point at any function.
#define _(X) my_gettext(X)
int main(int argc, char **argv) {
if(argc > 1)
@@ -45,7 +46,6 @@ int main(int argc, char **argv) {
printf(gettext("%d arguments\n"), argc-1); // ok
printf(any_random_function("%d arguments\n"), argc-1); // not ok
// Our query also supports looking for `_` as a function.
#undef _
printf(_(any_random_function("%d arguments\n")),
argc-1); // not ok

17
cpp/ql/test/query-tests/Likely Bugs/Format/NonConstantFormat/NonConstantFormat.expected
View File

@@ -1,11 +1,20 @@
| NonConstantFormat.c:35:3:35:8 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| NonConstantFormat.c:36:3:36:8 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| NonConstantFormat.c:38:3:38:8 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| NonConstantFormat.c:40:2:40:7 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| NonConstantFormat.c:42:2:42:7 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| NonConstantFormat.c:44:2:44:7 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| NonConstantFormat.c:46:2:46:7 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| NonConstantFormat.c:47:2:47:7 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| NonConstantFormat.c:50:2:50:7 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:26:3:26:9 | call to sprintf | The format string argument to sprintf should be constant to prevent security issues and other potential errors. |
| test.cpp:45:3:45:8 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:46:3:46:8 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:47:3:47:8 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:48:3:48:8 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:49:3:49:8 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:50:3:50:8 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:54:5:54:10 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:55:5:55:10 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:56:5:56:10 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:57:5:57:10 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:58:5:58:10 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
@@ -15,8 +24,14 @@
| test.cpp:62:5:62:10 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:64:3:64:8 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:67:5:67:10 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:68:5:68:10 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:73:5:73:10 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:79:5:79:10 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:85:5:85:10 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:90:5:90:10 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:97:5:97:10 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:104:5:104:10 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:107:5:107:10 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:112:5:112:10 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:115:3:115:8 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |
| test.cpp:121:3:121:8 | call to printf | The format string argument to printf should be constant to prevent security issues and other potential errors. |