CPP: Clean up PotentialBufferOverflow.ql a bit.

geoffw0 · geoffw0 · commit 0541950c44b0 · 2019-02-05T17:58:30.000Z
diff --git a/cpp/ql/src/Likely Bugs/Memory Management/PotentialBufferOverflow.ql b/cpp/ql/src/Likely Bugs/Memory Management/PotentialBufferOverflow.ql
@@ -13,12 +13,7 @@
 import cpp
 import semmle.code.cpp.commons.Buffer
 
-abstract class PotentiallyDangerousFunctionCall extends FunctionCall {
-  abstract predicate isDangerous();
-  abstract string getDescription();
-}
-
-class SprintfCall extends PotentiallyDangerousFunctionCall {
+class SprintfCall extends FunctionCall {
   SprintfCall() {
     this.getTarget().hasName("sprintf") or this.getTarget().hasName("vsprintf")
   }
@@ -31,16 +26,16 @@ class SprintfCall extends PotentiallyDangerousFunctionCall {
     result = this.getArgument(1).(FormatLiteral).getMaxConvertedLength()
   }
 
-  override predicate isDangerous() {
+  predicate isDangerous() {
     this.getMaxConvertedLength() > this.getBufferSize()
   }
 
-  override string getDescription() {
+  string getDescription() {
     result = "This conversion may yield a string of length "+this.getMaxConvertedLength().toString()+
              ", which exceeds the allocated buffer size of "+this.getBufferSize().toString()
   }
 }
 
-from PotentiallyDangerousFunctionCall c
+from SprintfCall c
 where c.isDangerous()
 select c, c.getDescription()

Original file line number	Diff line number	Diff line change
`@@ -13,12 +13,7 @@`
`13`	`13`	`import cpp`
`14`	`14`	`import semmle.code.cpp.commons.Buffer`
`15`	`15`
`16`		`-abstract class PotentiallyDangerousFunctionCall extends FunctionCall {`
`17`		`- abstract predicate isDangerous();`
`18`		`- abstract string getDescription();`
`19`		`-}`
`20`		`-`
`21`		`-class SprintfCall extends PotentiallyDangerousFunctionCall {`
	`16`	`+class SprintfCall extends FunctionCall {`
`22`	`17`	`SprintfCall() {`
`23`	`18`	`this.getTarget().hasName("sprintf") or this.getTarget().hasName("vsprintf")`
`24`	`19`	`}`
`@@ -31,16 +26,16 @@ class SprintfCall extends PotentiallyDangerousFunctionCall {`
`31`	`26`	`result = this.getArgument(1).(FormatLiteral).getMaxConvertedLength()`
`32`	`27`	`}`
`33`	`28`
`34`		`- override predicate isDangerous() {`
	`29`	`+ predicate isDangerous() {`
`35`	`30`	`this.getMaxConvertedLength() > this.getBufferSize()`
`36`	`31`	`}`
`37`	`32`
`38`		`- override string getDescription() {`
	`33`	`+ string getDescription() {`
`39`	`34`	`result = "This conversion may yield a string of length "+this.getMaxConvertedLength().toString()+`
`40`	`35`	`", which exceeds the allocated buffer size of "+this.getBufferSize().toString()`
`41`	`36`	`}`
`42`	`37`	`}`
`43`	`38`
`44`		`-from PotentiallyDangerousFunctionCall c`
	`39`	`+from SprintfCall c`
`45`	`40`	`where c.isDangerous()`
`46`	`41`	`select c, c.getDescription()`