@@ -47,3 +47,42 @@ private class Strtok extends ArrayFunction, AliasFunction, TaintFunction, SideEf
4747 i = [ 0 , 1 ] and buffer = true
4848 }
4949}
50+
51+ /**
52+ * The function `strtok` is a variant of `strtok` that takes a `char**` parameter instead of
53+ * a `char*` as the first parameter.
54+ */
55+ private class Strsep extends ArrayFunction , AliasFunction , TaintFunction , SideEffectFunction {
56+ Strsep ( ) { this .hasGlobalName ( "strsep" ) }
57+
58+ override predicate hasArrayWithNullTerminator ( int bufParam ) { bufParam = 1 }
59+
60+ override predicate hasArrayInput ( int bufParam ) { bufParam = 1 }
61+
62+ override predicate parameterNeverEscapes ( int index ) { index = [ 0 , 1 ] }
63+
64+ override predicate parameterEscapesOnlyViaReturn ( int index ) { none ( ) }
65+
66+ override predicate parameterIsAlwaysReturned ( int index ) { none ( ) }
67+
68+ override predicate hasTaintFlow ( FunctionInput input , FunctionOutput output ) {
69+ // NOTE: What we really want here is: (input.isParameterDerefDeref(0) or input.isParameterDeref(1))
70+ // as the first conjunct.
71+ input .isParameterDeref ( [ 0 , 1 ] ) and
72+ ( output .isReturnValue ( ) or output .isReturnValueDeref ( ) )
73+ }
74+
75+ override predicate hasOnlySpecificReadSideEffects ( ) { any ( ) }
76+
77+ override predicate hasOnlySpecificWriteSideEffects ( ) { any ( ) }
78+
79+ override predicate hasSpecificWriteSideEffect ( ParameterIndex i , boolean buffer , boolean mustWrite ) {
80+ i = 0 and buffer = false and mustWrite = false
81+ }
82+
83+ override predicate hasSpecificReadSideEffect ( ParameterIndex i , boolean buffer ) {
84+ i = 0 and buffer = false
85+ or
86+ i = 1 and buffer = true
87+ }
88+ }
0 commit comments