Rule 21.2.3 - BannedSystemFunction.ql

Add a new query for detecting uses of the banned function `system`. [a]

Author: lcartey

cpp/misra/src/rules/RULE-21-2-3/BannedSystemFunction.ql

@@ -0,0 +1,36 @@
+/**
+ * @id cpp/misra/banned-system-function
+ * @name RULE-21-2-3: The library function system from <cstdlib> shall not be used
+ * @description Using the system() function from cstdlib or stdlib.h causes undefined behavior and
+ *              potential security vulnerabilities.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-21-2-3
+ *       scope/single-translation-unit
+ *       external/misra/enforcement/decidable
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.cpp.misra
+import codingstandards.cpp.BannedFunctions
+
+class SystemFunction extends Function {
+  SystemFunction() { this.hasGlobalName("system") or this.hasQualifiedName("std", "system") }
+}
+
+from Element element, string message
+where
+  not isExcluded(element, BannedAPIsPackage::bannedSystemFunctionQuery()) and
+  (
+    element instanceof BannedFunctions<SystemFunction>::Use and
+    message =
+      element.(BannedFunctions<SystemFunction>::Use).getAction() + " banned function '" +
+        element.(BannedFunctions<SystemFunction>::Use).getFunctionName() + "'."
+    or
+    element instanceof MacroInvocation and
+    element.(MacroInvocation).getMacroName() = "system" and
+    message = "Use of banned macro 'system'."
+  )
+select element, message

cpp/misra/test/rules/RULE-21-2-3/BannedSystemFunction.expected

@@ -0,0 +1,9 @@
+| test.cpp:4:3:4:13 | call to system | Call to banned function 'system'. |
+| test.cpp:8:14:8:24 | system | Address taken for banned function 'system'. |
+| test.cpp:9:29:9:39 | system | Address taken for banned function 'system'. |
+| test.cpp:13:40:13:50 | system | Address taken for banned function 'system'. |
+| test.cpp:17:3:17:13 | call to system | Call to banned function 'system'. |
+| test.cpp:22:3:22:13 | call to system | Call to banned function 'system'. |
+| test.cpp:35:3:35:8 | call to system | Call to banned function 'system'. |
+| test.cpp:39:29:39:34 | system | Address taken for banned function 'system'. |
+| test.cpp:44:3:44:21 | system(x) | Use of banned macro 'system'. |

cpp/misra/test/rules/RULE-21-2-3/BannedSystemFunction.qlref

@@ -0,0 +1 @@
+rules/RULE-21-2-3/BannedSystemFunction.ql

cpp/misra/test/rules/RULE-21-2-3/test.cpp

@@ -0,0 +1,45 @@
+#include <cstdlib>
+
+void test_direct_call_to_system() {
+  std::system("echo hello"); // NON_COMPLIANT
+}
+
+void test_system_function_pointer() {
+  auto l1 = &std::system;                // NON_COMPLIANT
+  int (*l2)(const char *) = std::system; // NON_COMPLIANT
+}
+
+void test_system_address_taken() {
+  void *l1 = reinterpret_cast<void *>(&std::system); // NON_COMPLIANT
+}
+
+void test_system_call_with_null() {
+  std::system(nullptr); // NON_COMPLIANT
+}
+
+void test_system_call_with_variable() {
+  const char *l1 = "ls";
+  std::system(l1); // NON_COMPLIANT
+}
+
+void test_compliant_alternative() {
+  // Using compliant alternatives instead of system()
+  const char *l1 = "some command"; // COMPLIANT
+  // Implementation-specific alternatives would be used here
+}
+
+// Test with C-style header (rule also applies to <stdlib.h>)
+#include <stdlib.h>
+
+void test_c_style_header_system() {
+  system("echo hello"); // NON_COMPLIANT
+}
+
+void test_c_style_header_function_pointer() {
+  int (*l1)(const char *) = system; // NON_COMPLIANT
+}
+
+#define system(x) 0
+void test_system_macro_expansion() {
+  system("echo test"); // NON_COMPLIANT
+}