Skip to content

Commit 555fdec

Browse files
lcarteylcartey
committed
Rule 21.2.2 - UnsafeStringHandlingFunctions.ql
Add a query to detect uses of a number of common unsafe string handling functions. [a]
1 parent 84697e6 commit 555fdec

File tree

4 files changed

+635
-0
lines changed

4 files changed

+635
-0
lines changed

cpp/misra/src/rules/RULE-21-2-2/UnsafeStringHandlingFunctions.ql

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
/**
2+
* @id cpp/misra/unsafe-string-handling-functions
3+
* @name RULE-21-2-2: The string handling functions from <cstring>, <cstdlib>, <cwchar> and <cinttypes> shall not be used
4+
* @description Using string handling functions from <cstring>, <cstdlib>, <cwchar> and <cinttypes>
5+
* headers may result in buffer overflows or unreliable error detection through errno.
6+
* @kind problem
7+
* @precision very-high
8+
* @problem.severity error
9+
* @tags external/misra/id/rule-21-2-2
10+
* scope/single-translation-unit
11+
* external/misra/enforcement/decidable
12+
* external/misra/obligation/required
13+
*/
14+
15+
import cpp
16+
import codingstandards.cpp.misra
17+
18+
predicate isBannedStringFunction(Function f) {
19+
f.hasGlobalName([
20+
"strcat", "strchr", "strcmp", "strcoll", "strcpy", "strcspn",
21+
"strerror", "strlen", "strncat", "strncmp", "strncpy", "strpbrk",
22+
"strrchr", "strspn", "strstr", "strtok", "strxfrm",
23+
"strtol", "strtoll", "strtoul", "strtoull", "strtod", "strtof", "strtold",
24+
"fgetwc", "fputwc", "wcstol", "wcstoll", "wcstoul", "wcstoull",
25+
"wcstod", "wcstof", "wcstold",
26+
"strtoumax", "strtoimax", "wcstoumax", "wcstoimax"
27+
])
28+
}
29+
30+
from Expr e, Function f, string msg
31+
where
32+
not isExcluded(e, BannedAPIsPackage::unsafeStringHandlingFunctionsQuery()) and
33+
(
34+
(e.(FunctionCall).getTarget() = f and isBannedStringFunction(f) and
35+
msg = "Call to banned string handling function '" + f.getName() + "'.")
36+
or
37+
(e.(AddressOfExpr).getOperand().(FunctionAccess).getTarget() = f and isBannedStringFunction(f) and
38+
msg = "Address taken of banned string handling function '" + f.getName() + "'.")
39+
or
40+
(e.(FunctionAccess).getTarget() = f and isBannedStringFunction(f) and
41+
not e.getParent() instanceof FunctionCall and
42+
not e.getParent() instanceof AddressOfExpr and
43+
msg = "Reference to banned string handling function '" + f.getName() + "'.")
44+
)
45+
select e, msg

0 commit comments

Comments
 (0)