Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 3709151

Browse files
MathiasVPMathiasVP
committed
C++: Add a MaD model for 'CAtlFileMappingBase' and mark reads as local flow sources.
1 parent ac0599c commit 3709151

4 files changed

Lines changed: 53 additions & 2 deletions

File tree

cpp/ql/lib/ext/CAtlFileMappingBase.model.yml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
extensions:
2+
- addsTo:
3+
pack: codeql/cpp-all
4+
extensible: summaryModel
5+
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
6+
- ["", "CAtlFileMappingBase", True, "CAtlFileMappingBase", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
7+
- ["", "CAtlFileMappingBase", True, "CopyFrom", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
8+
- ["", "CAtlFileMappingBase", True, "GetData", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
9+
- ["", "CAtlFileMappingBase", True, "GetHandle", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
10+
- ["", "CAtlFileMappingBase", True, "MapFile", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
11+
- ["", "CAtlFileMappingBase", True, "MapSharedMem", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"]
12+
- ["", "CAtlFileMappingBase", True, "OpenMapping", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
13+
- ["", "CAtlFileMappingBase", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]

cpp/ql/lib/semmle/code/cpp/models/Models.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,3 +54,4 @@ private import implementations.CA2AEX
5454
private import implementations.CComBSTR
5555
private import implementations.CPathT
5656
private import implementations.CAtlFile
57+
private import implementations.CAtlFileMapping

cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFileMapping.qll

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
import semmle.code.cpp.models.interfaces.FlowSource
2+
3+
/**
4+
* The `CAtlFileMapping` class from Microsoft's Active Template Library.
5+
*/
6+
class CAtlFileMapping extends Class {
7+
CAtlFileMapping() { this.hasGlobalName("CAtlFileMapping") }
8+
}
9+
10+
/**
11+
* The `CAtlFileMappingBase` class from Microsoft's Active Template Library.
12+
*/
13+
class CAtlFileMappingBase extends Class {
14+
CAtlFileMappingBase() { this.hasGlobalName("CAtlFileMappingBase") }
15+
}
16+
17+
private class CAtlFileMappingBaseGetData extends MemberFunction, LocalFlowSourceFunction {
18+
CAtlFileMappingBaseGetData() {
19+
this.getClassAndName("GetData") = any(CAtlFileMappingBase fileMaping).getADerivedClass*()
20+
}
21+
22+
override predicate hasLocalFlowSource(FunctionOutput output, string description) {
23+
output.isReturnValueDeref(1) and
24+
description = "data read by " + this.getName()
25+
}
26+
}
27+
28+
private class CAtlFileMappingGetData extends MemberFunction, LocalFlowSourceFunction {
29+
CAtlFileMappingGetData() {
30+
this.(ConversionOperator).getDeclaringType() instanceof CAtlFileMapping
31+
}
32+
33+
override predicate hasLocalFlowSource(FunctionOutput output, string description) {
34+
output.isReturnValueDeref(1) and
35+
description = "data read by " + this.getName()
36+
}
37+
}

cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -176,6 +176,6 @@ struct CAtlFileMapping : public CAtlFileMappingBase {
176176
};
177177

178178
void test_CAtlFileMapping(CAtlFileMapping<char> mapping) {
179-
char* data = static_cast<char*>(mapping); // $ MISSING: local_source
180-
void* data2 = mapping.GetData(); // $ MISSING: local_source
179+
char* data = static_cast<char*>(mapping); // $ local_source
180+
void* data2 = mapping.GetData(); // $ local_source
181181
}

0 commit comments

Comments
 (0)