C++: use includes in OverrunWrite qhelp files

redsun82 · web-flow · commit 9d49ad9f203f · 2022-01-13T11:59:48.000Z
Also added the relevant CERT C _and_ C++ standard references where they
were missing, and did some minor stylistic tweaks to
`OverrunWriteFloat.qhelp`.
diff --git a/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.qhelp b/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.qhelp
@@ -18,8 +18,5 @@
 <p>To fix the problem, either the second argument to <code>snprintf</code> should be changed to 80, or the buffer extended to 256 characters.  A further improvement is to use a preprocessor define so that the size is only specified in one place, potentially preventing future recurrence of this issue.</p>
 
 </example>
-<references>
-
-
-</references>
+<include src="OverrunWriteReferences.inc.qhelp" />
 </qhelp>
diff --git a/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.qhelp b/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.qhelp
@@ -6,10 +6,7 @@
 <p>The program performs a buffer copy or write operation with no upper limit on the size of the copy, and it appears that certain inputs will cause a buffer overflow to occur in this case.  In addition to causing program instability, techniques exist which may allow an attacker to use this vulnerability to execute arbitrary code.</p>
 
 </overview>
-<recommendation>
-<p>Always control the length of buffer copy and buffer write operations.  <code>strncpy</code> should be used over <code>strcpy</code>, <code>snprintf</code> over <code>sprintf</code>, and in other cases 'n-variant' functions should be preferred.</p>
-
-</recommendation>
+<include src="OverrunWriteRecommendation.inc.qhelp" />
 <example>
 <sample src="OverrunWrite.c" />
 
@@ -24,13 +21,5 @@
 </ul>
 
 </example>
-<references>
-
-<li>CERT C Coding Standard: <a href="https://www.securecoding.cert.org/confluence/display/c/STR31-C.+Guarantee+that+storage+for+strings+has+sufficient+space+for+character+data+and+the+null+terminator">STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator</a>.</li>
-
-
-<!--  LocalWords:  preprocessor CWE STR
- -->
-
-</references>
+<include src="OverrunWriteReferences.inc.qhelp" />
 </qhelp>
diff --git a/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.qhelp b/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.qhelp
@@ -6,30 +6,19 @@
 <p>The program performs a buffer copy or write operation that includes one or more float to string conversions (i.e. the %f format specifier), which may overflow the destination buffer if extreme inputs are given.  In addition to causing program instability, techniques exist which may allow an attacker to use this vulnerability to execute arbitrary code.</p>
 
 </overview>
-<recommendation>
-<p>Always control the length of buffer copy and buffer write operations.  <code>strncpy</code> should be used over <code>strcpy</code>, <code>snprintf</code> over <code>sprintf</code>, and in other cases 'n-variant' functions should be preferred.</p>
-
-</recommendation>
+<include src="OverrunWriteRecommendation.inc.qhelp" />
 <example>
 <sample src="OverrunWriteFloat.c" />
 
-<p>In this example, the call to <code>sprintf</code> contains a %f format specifier.  Though a 256 character buffer has been allowed, it is not sufficient for the most extreme floating point inputs.  For example the representation of double value 1e304 (that is 1 with 304 zeroes after it) will overflow a buffer of this length.</p>
+<p>In this example, the call to <code>sprintf</code> contains a <code>%f</code> format specifier.  Though a 256 character buffer has been allowed, it is not sufficient for the most extreme floating point inputs.  For example the representation of double value 1e304 (that is 1 with 304 zeroes after it) will overflow a buffer of this length.</p>
 
 <p>To fix this issue three changes should be made:</p>
 <ul>
   <li>Control the size of the buffer using a preprocessor define.</li>
   <li>Replace the call to <code>sprintf</code> with <code>snprintf</code>, specifying the define as the maximum length to copy.  This will prevent the buffer overflow.</li>
-  <li>Consider using the %g format specifier instead of %f.</li>
+  <li>Consider using the <code>%g</code> format specifier instead of <code>%f</code>.</li>
 </ul>
 
 </example>
-<references>
-
-<li>CERT C Coding
-Standard: <a href="https://www.securecoding.cert.org/confluence/display/c/STR31-C.+Guarantee+that+storage+for+strings+has+sufficient+space+for+character+data+and+the+null+terminator">STR31-C. Guarantee
-that storage for strings has sufficient space for character data and
-the null terminator</a>.</li>
-
-
-</references>
+<include src="OverrunWriteReferences.inc.qhelp" />
 </qhelp>
diff --git a/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteRecommendation.inc.qhelp b/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteRecommendation.inc.qhelp
@@ -0,0 +1,10 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+<fragment>
+<recommendation>
+<p>Always control the length of buffer copy and buffer write operations. <code>strncpy</code> should be used over <code>strcpy</code>, <code>snprintf</code> over <code>sprintf</code>, and in other cases 'n-variant' functions should be preferred.</p>
+</recommendation>
+</fragment>
+</qhelp>
diff --git a/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteReferences.inc.qhelp b/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteReferences.inc.qhelp
@@ -0,0 +1,16 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+<fragment>
+<references>
+
+<li>CERT C Coding Standard: <a href="https://www.securecoding.cert.org/confluence/display/c/STR31-C.+Guarantee+that+storage+for+strings+has+sufficient+space+for+character+data+and+the+null+terminator">STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator</a>.</li>
+<li>CERT C++ Coding Standard: <a href="https://www.securecoding.cert.org/confluence/display/cplusplus/STR50-CPP.+Guarantee+that+storage+for+strings+has+sufficient+space+for+character+data+and+the+null+terminator">STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator</a>.</li>
+
+<!--  LocalWords:  preprocessor CWE STR
+ -->
+
+</references>
+</fragment>
+</qhelp>
diff --git a/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.qhelp b/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.qhelp
@@ -6,10 +6,7 @@
 <p>The program performs a buffer copy or write operation with no upper limit on the size of the copy.  An unexpectedly long input that reaches this code will cause the buffer to overflow.  In addition to causing program instability, techniques exist which may allow an attacker to use this vulnerability to execute arbitrary code.</p>
 
 </overview>
-<recommendation>
-<p>Always control the length of buffer copy and buffer write operations.  <code>strncpy</code> should be used over <code>strcpy</code>, <code>snprintf</code> over <code>sprintf</code> etc.  In general 'n-variant' functions should be preferred.</p>
-
-</recommendation>
+<include src="OverrunWriteRecommendation.inc.qhelp" />
 <example>
 <sample src="UnboundedWrite.c" />
 
@@ -18,13 +15,5 @@
 <p>To fix the problem the call to <code>sprintf</code> should be replaced with <code>snprintf</code>, specifying a maximum length of 80 characters.</p>
 
 </example>
-<references>
-
-<li>CERT C++ Coding Standard: <a href="https://www.securecoding.cert.org/confluence/display/cplusplus/STR50-CPP.+Guarantee+that+storage+for+strings+has+sufficient+space+for+character+data+and+the+null+terminator">STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator</a>.</li>
-
-
-<!--  LocalWords:  CWE STR
- -->
-
-</references>
+<include src="OverrunWriteReferences.inc.qhelp" />
 </qhelp>
diff --git a/cpp/ql/src/Security/CWE/CWE-120/VeryLikelyOverrunWrite.qhelp b/cpp/ql/src/Security/CWE/CWE-120/VeryLikelyOverrunWrite.qhelp
@@ -6,10 +6,7 @@
 <p>The program performs a buffer copy or write operation with no upper limit on the size of the copy, and by analysing the bounds of the expressions involved it appears that certain inputs will cause a buffer overflow to occur in this case.  In addition to causing program instability, techniques exist which may allow an attacker to use this vulnerability to execute arbitrary code.</p>
 
 </overview>
-<recommendation>
-<p>Always control the length of buffer copy and buffer write operations.  <code>strncpy</code> should be used over <code>strcpy</code>, <code>snprintf</code> over <code>sprintf</code>, and in other cases 'n-variant' functions should be preferred.</p>
-
-</recommendation>
+<include src="OverrunWriteRecommendation.inc.qhelp" />
 <example>
 <sample src="VeryLikelyOverrunWrite.c" />
 
@@ -23,13 +20,5 @@
 </ul>
 
 </example>
-<references>
-
-<li>CERT C Coding Standard: <a href="https://www.securecoding.cert.org/confluence/display/c/STR31-C.+Guarantee+that+storage+for+strings+has+sufficient+space+for+character+data+and+the+null+terminator">STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator</a>.</li>
-
-
-<!--  LocalWords:  preprocessor CWE STR
- -->
-
-</references>
+<include src="OverrunWriteReferences.inc.qhelp" />
 </qhelp>
