Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 31dd3ca

Browse files
geoffw0geoffw0
committed
CPP: Autoformat.
1 parent cb8dcf7 commit 31dd3ca

9 files changed

Lines changed: 250 additions & 279 deletions

File tree

cpp/ql/src/Likely Bugs/Memory Management/Buffer Overflow/BufferAccess.qll

Lines changed: 36 additions & 85 deletions
Original file line numberDiff line numberDiff line change
@@ -20,55 +20,46 @@ abstract class Alloc extends Function { }
2020
* Allocation functions identified by the QL for C/C++ standard library.
2121
*/
2222
class DefaultAlloc extends Alloc {
23-
DefaultAlloc() {
24-
allocationFunction(this)
25-
}
23+
DefaultAlloc() { allocationFunction(this) }
2624
}
2725

2826
/** A buffer created through a call to an allocation function. */
2927
class AllocBuffer extends BufferWithSize {
3028
FunctionCall call;
29+
3130
AllocBuffer() {
3231
asExpr() = call and
3332
call.getTarget() instanceof Alloc
3433
}
3534

36-
override Expr getSizeExpr() {
37-
result = call.getArgument(0)
38-
}
35+
override Expr getSizeExpr() { result = call.getArgument(0) }
3936
}
4037

4138
/**
4239
* Find accesses of buffers for which we have a size expression.
4340
*/
4441
private class BufferWithSizeConfig extends TaintTracking::Configuration {
45-
BufferWithSizeConfig() {
46-
this = "BufferWithSize"
47-
}
42+
BufferWithSizeConfig() { this = "BufferWithSize" }
4843

49-
override predicate isSource(DataFlow::Node n) {
50-
n = any(BufferWithSize b)
51-
}
44+
override predicate isSource(DataFlow::Node n) { n = any(BufferWithSize b) }
5245

53-
override predicate isSink(DataFlow::Node n) {
54-
n.asExpr() = any(BufferAccess ae).getPointer()
55-
}
46+
override predicate isSink(DataFlow::Node n) { n.asExpr() = any(BufferAccess ae).getPointer() }
5647

5748
override predicate isSanitizer(DataFlow::Node s) {
5849
s = any(BufferWithSize b) and
5950
s.asExpr().getControlFlowScope() instanceof Alloc
6051
}
6152
}
6253

63-
6454
/**
65-
* An access(read or write) to a buffer, provided as a pair of
55+
* An access(read or write) to a buffer, provided as a pair of
6656
* a pointer to the buffer and the length of data to be read or written.
6757
* Extend this class to support different kinds of buffer access.
6858
*/
6959
abstract class BufferAccess extends Locatable {
7060
/** Gets the pointer to the buffer being accessed. */
7161
abstract Expr getPointer();
62+
7263
/** Gets the length of the data being read or written by this buffer access. */
7364
abstract Expr getAccessedLength();
7465
}
@@ -77,33 +68,26 @@ abstract class BufferAccess extends Locatable {
7768
* A buffer access through an array expression.
7869
*/
7970
class ArrayBufferAccess extends BufferAccess, ArrayExpr {
80-
override Expr getPointer() {
81-
result = this.getArrayBase()
82-
}
71+
override Expr getPointer() { result = this.getArrayBase() }
8372

84-
override Expr getAccessedLength() {
85-
result = this.getArrayOffset()
86-
}
73+
override Expr getAccessedLength() { result = this.getArrayOffset() }
8774
}
8875

8976
/**
9077
* A buffer access through an overloaded array expression.
9178
*/
9279
class OverloadedArrayBufferAccess extends BufferAccess, OverloadedArrayExpr {
93-
override Expr getPointer() {
94-
result = this.getQualifier()
95-
}
80+
override Expr getPointer() { result = this.getQualifier() }
9681

97-
override Expr getAccessedLength() {
98-
result = this.getAnArgument()
99-
}
82+
override Expr getAccessedLength() { result = this.getAnArgument() }
10083
}
10184

10285
/**
10386
* A buffer access through pointer arithmetic.
10487
*/
10588
class PointerArithmeticAccess extends BufferAccess, Expr {
10689
PointerArithmeticOperation p;
90+
10791
PointerArithmeticAccess() {
10892
this = p and
10993
p.getAnOperand().getType().getUnspecifiedType() instanceof IntegralType and
@@ -125,99 +109,66 @@ class PointerArithmeticAccess extends BufferAccess, Expr {
125109
* A pair of buffer accesses through a call to memcpy.
126110
*/
127111
class MemCpy extends BufferAccess, FunctionCall {
128-
MemCpy() {
129-
getTarget().hasName("memcpy")
130-
}
112+
MemCpy() { getTarget().hasName("memcpy") }
131113

132114
override Expr getPointer() {
133115
result = getArgument(0) or
134116
result = getArgument(1)
135117
}
136118

137-
override Expr getAccessedLength() {
138-
result = getArgument(2)
139-
}
119+
override Expr getAccessedLength() { result = getArgument(2) }
140120
}
141121

142122
class StrncpySizeExpr extends BufferAccess, FunctionCall {
143-
StrncpySizeExpr() {
144-
getTarget().hasName("strncpy")
145-
}
123+
StrncpySizeExpr() { getTarget().hasName("strncpy") }
146124

147125
override Expr getPointer() {
148126
result = getArgument(0) or
149127
result = getArgument(1)
150128
}
151129

152-
override Expr getAccessedLength() {
153-
result = getArgument(2)
154-
}
130+
override Expr getAccessedLength() { result = getArgument(2) }
155131
}
156132

157133
class RecvSizeExpr extends BufferAccess, FunctionCall {
158-
RecvSizeExpr() {
159-
getTarget().hasName("recv")
160-
}
134+
RecvSizeExpr() { getTarget().hasName("recv") }
161135

162-
override Expr getPointer() {
163-
result = getArgument(1)
164-
}
165-
override Expr getAccessedLength() {
166-
result = getArgument(2)
167-
}
136+
override Expr getPointer() { result = getArgument(1) }
137+
138+
override Expr getAccessedLength() { result = getArgument(2) }
168139
}
169140

170141
class SendSizeExpr extends BufferAccess, FunctionCall {
171-
SendSizeExpr() {
172-
getTarget().hasName("send")
173-
}
142+
SendSizeExpr() { getTarget().hasName("send") }
174143

175-
override Expr getPointer() {
176-
result = getArgument(1)
177-
}
178-
override Expr getAccessedLength() {
179-
result = getArgument(2)
180-
}
181-
}
144+
override Expr getPointer() { result = getArgument(1) }
182145

146+
override Expr getAccessedLength() { result = getArgument(2) }
147+
}
183148

184149
class SnprintfSizeExpr extends BufferAccess, FunctionCall {
185-
SnprintfSizeExpr() {
186-
getTarget().hasName("snprintf")
187-
}
150+
SnprintfSizeExpr() { getTarget().hasName("snprintf") }
188151

189-
override Expr getPointer() {
190-
result = getArgument(0)
191-
}
192-
override Expr getAccessedLength() {
193-
result = getArgument(1)
194-
}
152+
override Expr getPointer() { result = getArgument(0) }
153+
154+
override Expr getAccessedLength() { result = getArgument(1) }
195155
}
196156

197157
class MemcmpSizeExpr extends BufferAccess, FunctionCall {
198-
MemcmpSizeExpr() {
199-
getTarget().hasName("Memcmp")
200-
}
158+
MemcmpSizeExpr() { getTarget().hasName("Memcmp") }
201159

202160
override Expr getPointer() {
203161
result = getArgument(0) or
204162
result = getArgument(1)
205163
}
206-
override Expr getAccessedLength() {
207-
result = getArgument(2)
208-
}
164+
165+
override Expr getAccessedLength() { result = getArgument(2) }
209166
}
210167

211168
class MallocSizeExpr extends BufferAccess, FunctionCall {
212-
MallocSizeExpr() {
213-
getTarget().hasName("malloc")
214-
}
169+
MallocSizeExpr() { getTarget().hasName("malloc") }
215170

216-
override Expr getPointer() {
217-
none()
218-
}
219-
override Expr getAccessedLength() {
220-
result = getArgument(1)
221-
}
222-
}
171+
override Expr getPointer() { none() }
223172

173+
override Expr getAccessedLength() { result = getArgument(1) }
174+
}

cpp/ql/src/Likely Bugs/Memory Management/Buffer Overflow/NtohlArrayNoBound.qll

Lines changed: 19 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -5,33 +5,29 @@ import BufferAccess
55
import semmle.code.cpp.valuenumbering.GlobalValueNumbering
66

77
class NetworkFunctionCall extends FunctionCall {
8-
NetworkFunctionCall() {
9-
getTarget().hasName("ntohd") or
10-
getTarget().hasName("ntohf") or
11-
getTarget().hasName("ntohl") or
12-
getTarget().hasName("ntohll") or
13-
getTarget().hasName("ntohs")
14-
}
8+
NetworkFunctionCall() {
9+
getTarget().hasName("ntohd") or
10+
getTarget().hasName("ntohf") or
11+
getTarget().hasName("ntohl") or
12+
getTarget().hasName("ntohll") or
13+
getTarget().hasName("ntohs")
14+
}
1515
}
1616

1717
class NetworkToBufferSizeConfiguration extends DataFlow::Configuration {
18-
NetworkToBufferSizeConfiguration() {
19-
this = "NetworkToBufferSizeConfiguration"
20-
}
18+
NetworkToBufferSizeConfiguration() { this = "NetworkToBufferSizeConfiguration" }
2119

22-
override predicate isSource(DataFlow::Node node) {
23-
node.asExpr() instanceof NetworkFunctionCall
24-
}
20+
override predicate isSource(DataFlow::Node node) { node.asExpr() instanceof NetworkFunctionCall }
2521

26-
override predicate isSink(DataFlow::Node node) {
27-
node.asExpr() = any(BufferAccess ba).getAccessedLength()
28-
}
22+
override predicate isSink(DataFlow::Node node) {
23+
node.asExpr() = any(BufferAccess ba).getAccessedLength()
24+
}
2925

30-
override predicate isBarrier(DataFlow::Node node) {
31-
exists(GuardCondition gc, GVN gvn |
32-
gc.getAChild*() = gvn.getAnExpr() and
33-
globalValueNumber(node.asExpr()) = gvn and
34-
gc.controls(node.asExpr().getBasicBlock(), _)
35-
)
36-
}
26+
override predicate isBarrier(DataFlow::Node node) {
27+
exists(GuardCondition gc, GVN gvn |
28+
gc.getAChild*() = gvn.getAnExpr() and
29+
globalValueNumber(node.asExpr()) = gvn and
30+
gc.controls(node.asExpr().getBasicBlock(), _)
31+
)
32+
}
3733
}

cpp/ql/src/Likely Bugs/Memory Management/Buffer Overflow/NtohlArrayNoBoundOpenSource.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,4 +14,4 @@ import semmle.code.cpp.dataflow.DataFlow
1414

1515
from NetworkToBufferSizeConfiguration bufConfig, DataFlow::Node source, DataFlow::Node sink
1616
where bufConfig.hasFlow(source, sink)
17-
select sink, "Unchecked use of data from network function $@", source, source.toString()
17+
select sink, "Unchecked use of data from network function $@", source, source.toString()

0 commit comments

Comments
 (0)