C++: Model getdelim and friends

Author: MathiasVP

cpp/ql/src/semmle/code/cpp/models/Models.qll

@@ -14,3 +14,4 @@ private import implementations.Strdup
 private import implementations.Strftime
 private import implementations.StdString
 private import implementations.Swap
+private import implementations.GetDelim

cpp/ql/src/semmle/code/cpp/models/implementations/GetDelim.qll

@@ -0,0 +1,40 @@
+import semmle.code.cpp.models.interfaces.Taint
+import semmle.code.cpp.models.interfaces.Alias
+import semmle.code.cpp.models.interfaces.SideEffect
+import semmle.code.cpp.models.interfaces.FlowSource
+
+/**
+ * The standard functions `getdelim`, `getwdelim` and the glibc variant `__getdelim`.
+ */
+class GetDelimFunction extends TaintFunction, AliasFunction, SideEffectFunction, RemoteFlowFunction {
+  GetDelimFunction() { hasGlobalName(["getdelim", "getwdelim", "__getdelim"]) }
+
+  override predicate hasTaintFlow(FunctionInput i, FunctionOutput o) {
+    i.isParameter(3) and o.isParameterDeref(0)
+  }
+
+  override predicate parameterNeverEscapes(int index) { index = [0, 1, 3] }
+
+  override predicate parameterEscapesOnlyViaReturn(int index) { none() }
+
+  override predicate parameterIsAlwaysReturned(int index) { none() }
+
+  override predicate hasOnlySpecificReadSideEffects() { any() }
+
+  override predicate hasOnlySpecificWriteSideEffects() { any() }
+
+  override predicate hasSpecificWriteSideEffect(ParameterIndex i, boolean buffer, boolean mustWrite) {
+    i = [0, 1] and
+    buffer = false and
+    mustWrite = true
+  }
+
+  override predicate hasSpecificReadSideEffect(ParameterIndex i, boolean buffer) {
+    i = 3 and buffer = false
+  }
+
+  override predicate hasRemoteFlowSource(FunctionOutput output, string description) {
+    output.isParameterDeref(0) and
+    description = "String read by " + this.getName()
+  }
+}