Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 012140f

Browse files
zlaski-semmlezlaski-semmle
committed
[CPP-370] Reformat query.
1 parent 775861c commit 012140f

1 file changed

Lines changed: 14 additions & 10 deletions

File tree

cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql

Lines changed: 14 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,10 @@
1717
import semmle.code.cpp.dataflow.DataFlow
1818
import semmle.code.cpp.commons.Printf
1919

20+
// For the following `...gettext` functions, we assume that
21+
// all translations preserve the type and order of `%` specifiers
22+
// (and hence are safe to use as format strings). This
23+
// assumption is hard-coded into the query.
2024
predicate whitelistFunction(Function f, int arg) {
2125
// basic variations of gettext
2226
f.getName() = "_" and arg = 0
@@ -51,7 +55,8 @@ predicate whitelisted(Expr e) {
5155
whitelistFunction(fc.getTarget(), arg) and
5256
isConst(fc.getArgument(arg))
5357
)
54-
or underscoreMacro(e)
58+
or
59+
underscoreMacro(e)
5560
}
5661

5762
predicate isConstMacro(Expr e) {
@@ -69,21 +74,20 @@ predicate isConst(Expr e) {
6974
class ConstFlow extends DataFlow::Configuration {
7075
ConstFlow() { this = "ConstFlow" }
7176

72-
override predicate isSource(DataFlow::Node source) {
73-
isConst(source.asExpr())
74-
}
77+
override predicate isSource(DataFlow::Node source) { isConst(source.asExpr()) }
7578

7679
override predicate isSink(DataFlow::Node sink) {
77-
exists(FormattingFunctionCall fc |
78-
sink.asExpr() = fc.getArgument(fc.getFormatParameterIndex())
79-
)
80+
exists(FormattingFunctionCall fc | sink.asExpr() = fc.getArgument(fc.getFormatParameterIndex()))
8081
}
8182
}
8283

8384
from FormattingFunctionCall call, Expr formatString
84-
where call.getArgument(call.getFormatParameterIndex()) = formatString
85-
and not exists(ConstFlow cf, DataFlow::Node source, DataFlow::Node sink |
85+
where
86+
call.getArgument(call.getFormatParameterIndex()) = formatString and
87+
not exists(ConstFlow cf, DataFlow::Node source, DataFlow::Node sink |
8688
cf.hasFlow(source, sink) and
8789
sink.asExpr() = formatString
8890
)
89-
select call, "The format string argument to " + call.getTarget().getQualifiedName() + " should be constant to prevent security issues and other potential errors."
91+
select call,
92+
"The format string argument to " + call.getTarget().getQualifiedName() +
93+
" should be constant to prevent security issues and other potential errors."

0 commit comments

Comments
 (0)