|
|
3d3dc8 |
From c4a34b71d4f51f071f7a722059e36388b41d30e4 Mon Sep 17 00:00:00 2001
|
|
|
3d3dc8 |
From: Evgeny Vereshchagin <evvers@ya.ru>
|
|
|
3d3dc8 |
Date: Mon, 11 Mar 2019 21:05:13 +0100
|
|
|
3d3dc8 |
Subject: [PATCH] lgtm: replace the query used for looking for fgets with a
|
|
|
3d3dc8 |
more general query
|
|
|
3d3dc8 |
|
|
|
3d3dc8 |
to make it easier to comlain about `strtok` :-)
|
|
|
3d3dc8 |
|
|
|
3d3dc8 |
Inspired by https://github.com/systemd/systemd/pull/11963, which, in turn,
|
|
|
3d3dc8 |
was prompted by https://github.com/systemd/systemd/pull/11555.
|
|
|
3d3dc8 |
|
|
|
3d3dc8 |
(cherry picked from commit 7ba5ded9dbd7737bc368521f5ea7c90e5b06ab3e)
|
|
|
3d3dc8 |
|
|
|
3d3dc8 |
Related: #2017033
|
|
|
3d3dc8 |
---
|
|
|
3d3dc8 |
.../PotentiallyDangerousFunction.ql | 30 +++++++++++++++++++
|
|
|
3d3dc8 |
.lgtm/cpp-queries/fgets.ql | 21 -------------
|
|
|
3d3dc8 |
2 files changed, 30 insertions(+), 21 deletions(-)
|
|
|
3d3dc8 |
create mode 100644 .lgtm/cpp-queries/PotentiallyDangerousFunction.ql
|
|
|
3d3dc8 |
delete mode 100644 .lgtm/cpp-queries/fgets.ql
|
|
|
3d3dc8 |
|
|
|
3d3dc8 |
diff --git a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
|
|
|
3d3dc8 |
new file mode 100644
|
|
|
3d3dc8 |
index 0000000000..ba80f4ad8c
|
|
|
3d3dc8 |
--- /dev/null
|
|
|
3d3dc8 |
+++ b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
|
|
|
3d3dc8 |
@@ -0,0 +1,30 @@
|
|
|
3d3dc8 |
+/**
|
|
|
3d3dc8 |
+ * @name Use of potentially dangerous function
|
|
|
3d3dc8 |
+ * @description Certain standard library functions are dangerous to call.
|
|
|
3d3dc8 |
+ * @kind problem
|
|
|
3d3dc8 |
+ * @problem.severity error
|
|
|
3d3dc8 |
+ * @precision high
|
|
|
3d3dc8 |
+ * @id cpp/potentially-dangerous-function
|
|
|
3d3dc8 |
+ * @tags reliability
|
|
|
3d3dc8 |
+ * security
|
|
|
3d3dc8 |
+ *
|
|
|
3d3dc8 |
+ * Borrowed from
|
|
|
3d3dc8 |
+ * https://github.com/Semmle/ql/blob/master/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
|
|
|
3d3dc8 |
+ */
|
|
|
3d3dc8 |
+import cpp
|
|
|
3d3dc8 |
+
|
|
|
3d3dc8 |
+predicate potentiallyDangerousFunction(Function f, string message) {
|
|
|
3d3dc8 |
+ (
|
|
|
3d3dc8 |
+ f.getQualifiedName() = "fgets" and
|
|
|
3d3dc8 |
+ message = "Call to fgets is potentially dangerous. Use read_line() instead."
|
|
|
3d3dc8 |
+ ) or (
|
|
|
3d3dc8 |
+ f.getQualifiedName() = "strtok" and
|
|
|
3d3dc8 |
+ message = "Call to strtok is potentially dangerous. Use extract_first_word() instead."
|
|
|
3d3dc8 |
+ )
|
|
|
3d3dc8 |
+}
|
|
|
3d3dc8 |
+
|
|
|
3d3dc8 |
+from FunctionCall call, Function target, string message
|
|
|
3d3dc8 |
+where
|
|
|
3d3dc8 |
+ call.getTarget() = target and
|
|
|
3d3dc8 |
+ potentiallyDangerousFunction(target, message)
|
|
|
3d3dc8 |
+select call, message
|
|
|
3d3dc8 |
diff --git a/.lgtm/cpp-queries/fgets.ql b/.lgtm/cpp-queries/fgets.ql
|
|
|
3d3dc8 |
deleted file mode 100644
|
|
|
3d3dc8 |
index a4181e4f3d..0000000000
|
|
|
3d3dc8 |
--- a/.lgtm/cpp-queries/fgets.ql
|
|
|
3d3dc8 |
+++ /dev/null
|
|
|
3d3dc8 |
@@ -1,21 +0,0 @@
|
|
|
3d3dc8 |
-/**
|
|
|
3d3dc8 |
- * @name Use of fgets()
|
|
|
3d3dc8 |
- * @description fgets() is dangerous to call. Use read_line() instead.
|
|
|
3d3dc8 |
- * @kind problem
|
|
|
3d3dc8 |
- * @problem.severity error
|
|
|
3d3dc8 |
- * @precision high
|
|
|
3d3dc8 |
- * @id cpp/fgets
|
|
|
3d3dc8 |
- * @tags reliability
|
|
|
3d3dc8 |
- * security
|
|
|
3d3dc8 |
- */
|
|
|
3d3dc8 |
-import cpp
|
|
|
3d3dc8 |
-
|
|
|
3d3dc8 |
-predicate dangerousFunction(Function function) {
|
|
|
3d3dc8 |
- exists (string name | name = function.getQualifiedName() |
|
|
|
3d3dc8 |
- name = "fgets")
|
|
|
3d3dc8 |
-}
|
|
|
3d3dc8 |
-
|
|
|
3d3dc8 |
-from FunctionCall call, Function target
|
|
|
3d3dc8 |
-where call.getTarget() = target
|
|
|
3d3dc8 |
- and dangerousFunction(target)
|
|
|
3d3dc8 |
-select call, target.getQualifiedName() + " is potentially dangerous"
|