diff options
| author | Evgeny Vereshchagin <evvers@ya.ru> | 2019-03-11 21:05:13 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2019-03-12 10:08:23 +0100 |
| commit | 7ba5ded9dbd7737bc368521f5ea7c90e5b06ab3e (patch) | |
| tree | 9cf46d74b8ed2593dc309f78ffb52a5a53ef316a /.lgtm | |
| parent | 1f682e243fa0863c9f4f89adf89032ae37e8205e (diff) | |
| download | systemd-7ba5ded9dbd7737bc368521f5ea7c90e5b06ab3e.tar.gz | |
lgtm: replace the query used for looking for fgets with a more general query
to make it easier to comlain about `strtok` :-)
Inspired by https://github.com/systemd/systemd/pull/11963, which, in turn,
was prompted by https://github.com/systemd/systemd/pull/11555.
Diffstat (limited to '.lgtm')
| -rw-r--r-- | .lgtm/cpp-queries/PotentiallyDangerousFunction.ql | 30 | ||||
| -rw-r--r-- | .lgtm/cpp-queries/fgets.ql | 21 |
2 files changed, 30 insertions, 21 deletions
diff --git a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql new file mode 100644 index 0000000000..ba80f4ad8c --- /dev/null +++ b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql @@ -0,0 +1,30 @@ +/** + * @name Use of potentially dangerous function + * @description Certain standard library functions are dangerous to call. + * @kind problem + * @problem.severity error + * @precision high + * @id cpp/potentially-dangerous-function + * @tags reliability + * security + * + * Borrowed from + * https://github.com/Semmle/ql/blob/master/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql + */ +import cpp + +predicate potentiallyDangerousFunction(Function f, string message) { + ( + f.getQualifiedName() = "fgets" and + message = "Call to fgets is potentially dangerous. Use read_line() instead." + ) or ( + f.getQualifiedName() = "strtok" and + message = "Call to strtok is potentially dangerous. Use extract_first_word() instead." + ) +} + +from FunctionCall call, Function target, string message +where + call.getTarget() = target and + potentiallyDangerousFunction(target, message) +select call, message diff --git a/.lgtm/cpp-queries/fgets.ql b/.lgtm/cpp-queries/fgets.ql deleted file mode 100644 index a4181e4f3d..0000000000 --- a/.lgtm/cpp-queries/fgets.ql +++ /dev/null @@ -1,21 +0,0 @@ -/** - * @name Use of fgets() - * @description fgets() is dangerous to call. Use read_line() instead. - * @kind problem - * @problem.severity error - * @precision high - * @id cpp/fgets - * @tags reliability - * security - */ -import cpp - -predicate dangerousFunction(Function function) { - exists (string name | name = function.getQualifiedName() | - name = "fgets") -} - -from FunctionCall call, Function target -where call.getTarget() = target - and dangerousFunction(target) -select call, target.getQualifiedName() + " is potentially dangerous" |