Skip to content

Commit 7fa6646

Browse files
lcarteylcartey
committed
Rule 21.2.2 - use BannedFunction library
1 parent 7a28f02 commit 7fa6646

File tree

2 files changed

+162
-174
lines changed

2 files changed

+162
-174
lines changed

cpp/misra/src/rules/RULE-21-2-2/UnsafeStringHandlingFunctions.ql

Lines changed: 14 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -14,32 +14,20 @@
1414

1515
import cpp
1616
import codingstandards.cpp.misra
17+
import codingstandards.cpp.BannedFunctions
1718

18-
predicate isBannedStringFunction(Function f) {
19-
f.hasGlobalName([
20-
"strcat", "strchr", "strcmp", "strcoll", "strcpy", "strcspn",
21-
"strerror", "strlen", "strncat", "strncmp", "strncpy", "strpbrk",
22-
"strrchr", "strspn", "strstr", "strtok", "strxfrm",
23-
"strtol", "strtoll", "strtoul", "strtoull", "strtod", "strtof", "strtold",
24-
"fgetwc", "fputwc", "wcstol", "wcstoll", "wcstoul", "wcstoull",
25-
"wcstod", "wcstof", "wcstold",
26-
"strtoumax", "strtoimax", "wcstoumax", "wcstoimax"
27-
])
19+
class StringFunction extends Function {
20+
StringFunction() {
21+
this.hasGlobalName([
22+
"strcat", "strchr", "strcmp", "strcoll", "strcpy", "strcspn", "strerror", "strlen",
23+
"strncat", "strncmp", "strncpy", "strpbrk", "strrchr", "strspn", "strstr", "strtok",
24+
"strxfrm", "strtol", "strtoll", "strtoul", "strtoull", "strtod", "strtof", "strtold",
25+
"fgetwc", "fputwc", "wcstol", "wcstoll", "wcstoul", "wcstoull", "wcstod", "wcstof",
26+
"wcstold", "strtoumax", "strtoimax", "wcstoumax", "wcstoimax"
27+
])
28+
}
2829
}
2930

30-
from Expr e, Function f, string msg
31-
where
32-
not isExcluded(e, BannedAPIsPackage::unsafeStringHandlingFunctionsQuery()) and
33-
(
34-
(e.(FunctionCall).getTarget() = f and isBannedStringFunction(f) and
35-
msg = "Call to banned string handling function '" + f.getName() + "'.")
36-
or
37-
(e.(AddressOfExpr).getOperand().(FunctionAccess).getTarget() = f and isBannedStringFunction(f) and
38-
msg = "Address taken of banned string handling function '" + f.getName() + "'.")
39-
or
40-
(e.(FunctionAccess).getTarget() = f and isBannedStringFunction(f) and
41-
not e.getParent() instanceof FunctionCall and
42-
not e.getParent() instanceof AddressOfExpr and
43-
msg = "Reference to banned string handling function '" + f.getName() + "'.")
44-
)
45-
select e, msg
31+
from BannedFunctions<StringFunction>::Use use
32+
where not isExcluded(use, BannedAPIsPackage::unsafeStringHandlingFunctionsQuery())
33+
select use, use.getAction() + " banned string handling function '" + use.getFunctionName() + "'."

0 commit comments

Comments
 (0)