Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 46f3f28

Browse files
geoffw0geoffw0
committed
C++: Fix broken merge.
1 parent 71e0da7 commit 46f3f28

1 file changed

Lines changed: 0 additions & 257 deletions

File tree

cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql

Lines changed: 0 additions & 257 deletions
Original file line numberDiff line numberDiff line change
@@ -18,263 +18,6 @@ import semmle.code.cpp.models.interfaces.FlowSource
1818
import DataFlow::PathGraph
1919
import SystemData
2020

21-
/**
22-
* Data originating from the environment.
23-
*/
24-
class EnvData extends SystemData {
25-
EnvData() {
26-
// identify risky looking environment variables only
27-
this.(EnvironmentRead)
28-
.getEnvironmentVariable()
29-
.toLowerCase()
30-
.regexpMatch(".*(user|host|admin|root|home|path|http|ssl|snmp|sock|port|proxy|pass|token|crypt|key).*")
31-
}
32-
33-
override Expr getAnExpr() { result = this }
34-
}
35-
36-
/**
37-
* Data originating from a call to `mysql_get_client_info()`.
38-
*/
39-
class SQLClientInfo extends SystemData {
40-
SQLClientInfo() { this.(FunctionCall).getTarget().hasName("mysql_get_client_info") }
41-
42-
override Expr getAnExpr() { result = this }
43-
}
44-
45-
private predicate sqlConnectInfo(FunctionCall source, VariableAccess use) {
46-
(
47-
source.getTarget().hasName("mysql_connect") or
48-
source.getTarget().hasName("mysql_real_connect")
49-
) and
50-
use = source.getAnArgument()
51-
}
52-
53-
/**
54-
* Data passed into an SQL connect function.
55-
*/
56-
class SQLConnectInfo extends SystemData {
57-
SQLConnectInfo() { sqlConnectInfo(this, _) }
58-
59-
override Expr getAnExpr() { sqlConnectInfo(this, result) }
60-
}
61-
62-
private predicate posixSystemInfo(FunctionCall source, Element use) {
63-
// size_t confstr(int name, char *buf, size_t len)
64-
// - various OS / system strings, such as the libc version
65-
// int statvfs(const char *__path, struct statvfs *__buf)
66-
// int fstatvfs(int __fd, struct statvfs *__buf)
67-
// - various filesystem parameters
68-
// int uname(struct utsname *buf)
69-
// - OS name and version
70-
source.getTarget().hasName(["confstr", "statvfs", "fstatvfs", "uname"]) and
71-
use = source.getArgument(1)
72-
}
73-
74-
/**
75-
* Data obtained from a POSIX system information call.
76-
*/
77-
class PosixSystemInfo extends SystemData {
78-
PosixSystemInfo() { posixSystemInfo(this, _) }
79-
80-
override Expr getAnExpr() { posixSystemInfo(this, result) }
81-
}
82-
83-
private predicate posixPWInfo(FunctionCall source, Element use) {
84-
// struct passwd *getpwnam(const char *name);
85-
// struct passwd *getpwuid(uid_t uid);
86-
// struct passwd *getpwent(void);
87-
// struct group *getgrnam(const char *name);
88-
// struct group *getgrgid(gid_t);
89-
// struct group *getgrent(void);
90-
source
91-
.getTarget()
92-
.hasName(["getpwnam", "getpwuid", "getpwent", "getgrnam", "getgrgid", "getgrent"]) and
93-
use = source
94-
or
95-
// int getpwnam_r(const char *name, struct passwd *pwd,
96-
// char *buf, size_t buflen, struct passwd **result);
97-
// int getpwuid_r(uid_t uid, struct passwd *pwd,
98-
// char *buf, size_t buflen, struct passwd **result);
99-
// int getgrgid_r(gid_t gid, struct group *grp,
100-
// char *buf, size_t buflen, struct group **result);
101-
// int getgrnam_r(const char *name, struct group *grp,
102-
// char *buf, size_t buflen, struct group **result);
103-
source.getTarget().hasName(["getpwnam_r", "getpwuid_r", "getgrgid_r", "getgrnam_r"]) and
104-
use = source.getArgument([1, 2, 4])
105-
or
106-
// int getpwent_r(struct passwd *pwd, char *buffer, size_t bufsize,
107-
// struct passwd **result);
108-
// int getgrent_r(struct group *gbuf, char *buf,
109-
// size_t buflen, struct group **gbufp);
110-
source.getTarget().hasName(["getpwent_r", "getgrent_r"]) and
111-
use = source.getArgument([0, 1, 3])
112-
}
113-
114-
/**
115-
* Data obtained from a POSIX user/password/group database information call.
116-
*/
117-
class PosixPWInfo extends SystemData {
118-
PosixPWInfo() { posixPWInfo(this, _) }
119-
120-
override Expr getAnExpr() { posixPWInfo(this, result) }
121-
}
122-
123-
private predicate windowsSystemInfo(FunctionCall source, Element use) {
124-
// DWORD WINAPI GetVersion(void);
125-
source.getTarget().hasGlobalName("GetVersion") and
126-
use = source
127-
or
128-
// BOOL WINAPI GetVersionEx(_Inout_ LPOSVERSIONINFO lpVersionInfo);
129-
// void WINAPI GetSystemInfo(_Out_ LPSYSTEM_INFO lpSystemInfo);
130-
// void WINAPI GetNativeSystemInfo(_Out_ LPSYSTEM_INFO lpSystemInfo);
131-
source
132-
.getTarget()
133-
.hasGlobalName([
134-
"GetVersionEx", "GetVersionExA", "GetVersionExW", "GetSystemInfo", "GetNativeSystemInfo"
135-
]) and
136-
use = source.getArgument(0)
137-
}
138-
139-
/**
140-
* Data obtained from a Windows system information call.
141-
*/
142-
class WindowsSystemInfo extends SystemData {
143-
WindowsSystemInfo() { windowsSystemInfo(this, _) }
144-
145-
override Expr getAnExpr() { windowsSystemInfo(this, result) }
146-
}
147-
148-
private predicate windowsFolderPath(FunctionCall source, Element use) {
149-
// BOOL SHGetSpecialFolderPath(
150-
// HWND hwndOwner,
151-
// _Out_ LPTSTR lpszPath,
152-
// _In_ int csidl,
153-
// _In_ BOOL fCreate
154-
// );
155-
source
156-
.getTarget()
157-
.hasGlobalName([
158-
"SHGetSpecialFolderPath", "SHGetSpecialFolderPathA", "SHGetSpecialFolderPathW"
159-
]) and
160-
use = source.getArgument(1)
161-
or
162-
// HRESULT SHGetKnownFolderPath(
163-
// _In_ REFKNOWNFOLDERID rfid,
164-
// _In_ DWORD dwFlags,
165-
// _In_opt_ HANDLE hToken,
166-
// _Out_ PWSTR *ppszPath
167-
// );
168-
source.getTarget().hasGlobalName("SHGetKnownFolderPath") and
169-
use = source.getArgument(3)
170-
or
171-
// HRESULT SHGetFolderPath(
172-
// _In_ HWND hwndOwner,
173-
// _In_ int nFolder,
174-
// _In_ HANDLE hToken,
175-
// _In_ DWORD dwFlags,
176-
// _Out_ LPTSTR pszPath
177-
// );
178-
source.getTarget().hasGlobalName(["SHGetFolderPath", "SHGetFolderPathA", "SHGetFolderPathW"]) and
179-
use = source.getArgument(4)
180-
or
181-
// HRESULT SHGetFolderPathAndSubDir(
182-
// _In_ HWND hwnd,
183-
// _In_ int csidl,
184-
// _In_ HANDLE hToken,
185-
// _In_ DWORD dwFlags,
186-
// _In_ LPCTSTR pszSubDir,
187-
// _Out_ LPTSTR pszPath
188-
// );
189-
source
190-
.getTarget()
191-
.hasGlobalName([
192-
"SHGetFolderPathAndSubDir", "SHGetFolderPathAndSubDirA", "SHGetFolderPathAndSubDirW"
193-
]) and
194-
use = source.getArgument(5)
195-
}
196-
197-
/**
198-
* Data obtained about Windows special paths (for example, the
199-
* location of `System32`).
200-
*/
201-
class WindowsFolderPath extends SystemData {
202-
WindowsFolderPath() { windowsFolderPath(this, _) }
203-
204-
override Expr getAnExpr() { windowsFolderPath(this, result) }
205-
}
206-
207-
private predicate logonUser(FunctionCall source, VariableAccess use) {
208-
source.getTarget().hasGlobalName(["LogonUser", "LogonUserW", "LogonUserA"]) and
209-
use = source.getAnArgument()
210-
}
211-
212-
/**
213-
* Data passed into a `LogonUser` (Windows) function.
214-
*/
215-
class LogonUser extends SystemData {
216-
LogonUser() { logonUser(this, _) }
217-
218-
override Expr getAnExpr() { logonUser(this, result) }
219-
}
220-
221-
private predicate regQuery(FunctionCall source, VariableAccess use) {
222-
// LONG WINAPI RegQueryValue(
223-
// _In_ HKEY hKey,
224-
// _In_opt_ LPCTSTR lpSubKey,
225-
// _Out_opt_ LPTSTR lpValue,
226-
// _Inout_opt_ PLONG lpcbValue
227-
// );
228-
source.getTarget().hasGlobalName(["RegQueryValue", "RegQueryValueA", "RegQueryValueW"]) and
229-
use = source.getArgument(2)
230-
or
231-
// LONG WINAPI RegQueryMultipleValues(
232-
// _In_ HKEY hKey,
233-
// _Out_ PVALENT val_list,
234-
// _In_ DWORD num_vals,
235-
// _Out_opt_ LPTSTR lpValueBuf,
236-
// _Inout_opt_ LPDWORD ldwTotsize
237-
// );
238-
source
239-
.getTarget()
240-
.hasGlobalName([
241-
"RegQueryMultipleValues", "RegQueryMultipleValuesA", "RegQueryMultipleValuesW"
242-
]) and
243-
use = source.getArgument(3)
244-
or
245-
// LONG WINAPI RegQueryValueEx(
246-
// _In_ HKEY hKey,
247-
// _In_opt_ LPCTSTR lpValueName,
248-
// _Reserved_ LPDWORD lpReserved,
249-
// _Out_opt_ LPDWORD lpType,
250-
// _Out_opt_ LPBYTE lpData,
251-
// _Inout_opt_ LPDWORD lpcbData
252-
// );
253-
source.getTarget().hasGlobalName(["RegQueryValueEx", "RegQueryValueExA", "RegQueryValueExW"]) and
254-
use = source.getArgument(4)
255-
or
256-
// LONG WINAPI RegGetValue(
257-
// _In_ HKEY hkey,
258-
// _In_opt_ LPCTSTR lpSubKey,
259-
// _In_opt_ LPCTSTR lpValue,
260-
// _In_opt_ DWORD dwFlags,
261-
// _Out_opt_ LPDWORD pdwType,
262-
// _Out_opt_ PVOID pvData,
263-
// _Inout_opt_ LPDWORD pcbData
264-
// );
265-
source.getTarget().hasGlobalName(["RegGetValue", "RegGetValueA", "RegGetValueW"]) and
266-
use = source.getArgument(5)
267-
}
268-
269-
/**
270-
* Data read from the Windows registry.
271-
*/
272-
class RegQuery extends SystemData {
273-
RegQuery() { regQuery(this, _) }
274-
275-
override Expr getAnExpr() { regQuery(this, result) }
276-
}
277-
27821
class ExposedSystemDataConfiguration extends TaintTracking::Configuration {
27922
ExposedSystemDataConfiguration() { this = "ExposedSystemDataConfiguration" }
28023

0 commit comments

Comments
 (0)