Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 657fe0e

Browse files
jbjjbj
committed
C++: Tweak docs of UsingStrcpyAsBoolean.ql
This should make the documentation more in line with the documentation for our other queries. The @name of the query is changed to "Use of string copy function in a condition".
1 parent 563f815 commit 657fe0e

2 files changed

Lines changed: 19 additions & 16 deletions

File tree

cpp/ql/src/Likely Bugs/Likely Typos/UsingStrcpyAsBoolean.qhelp

Lines changed: 11 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -4,12 +4,14 @@
44
<qhelp>
55

66
<overview>
7-
<p>This rule finds uses of the string copy function calls that return the <code>destination</code> parameter,
8-
and that do not have a return value reserved to indicate an error.</p>
7+
<p>This rule flags calls to string copy functions used in conditions, either
8+
directly or as part of an equality operator or logical operator. The most
9+
common string copy functions always return their <code>destination</code>
10+
parameter and do not have a return value reserved to indicate an error.
11+
Therefore, such a function call always evaluates to true in a Boolean
12+
context.</p>
913

10-
<p>The rule flags occurrences using such string copy functions as the conditional of an <code>if</code> statement, either directly, as part of an equality operator or a logical operator.</p>
11-
12-
<p>The string copy functions that the rule takes into consideration are: </p>
14+
<p>The string copy functions that the rule takes into consideration are:</p>
1315
<ul>
1416
<li>strcpy</li>
1517
<li>wcscpy</li>
@@ -21,8 +23,8 @@ and that do not have a return value reserved to indicate an error.</p>
2123
<li>_mbsncpy</li>
2224
<li>_mbsncpy_l</li>
2325
</ul>
24-
25-
<p>NOTE: It is highly recommended to consider using a more secure version of string manipulation functions suchas as <code>strcpy_s</code>.</p>
26+
27+
<p>NOTE: It is highly recommended to consider using a more secure version of string manipulation functions such as as <code>strcpy_s</code>.</p>
2628

2729
</overview>
2830
<recommendation>
@@ -35,8 +37,8 @@ and that do not have a return value reserved to indicate an error.</p>
3537
</example>
3638

3739
<references>
38-
<li>Microsoft Books on Line: <a href="https://docs.microsoft.com/en-us/previous-versions/visualstudio/visual-studio-2012/ccf4h9w8(v=vs.110)">C6324</a></li>
39-
<li>Microsoft Books on Line: <a href="https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/strcpy-wcscpy-mbscpy?view=vs-2017">strcpy, wcscpy, _mbscpy</a></li>
40+
<li>Microsoft Code Analysis for C/C++: <a href="https://docs.microsoft.com/en-us/previous-versions/visualstudio/visual-studio-2012/ccf4h9w8(v=vs.110)">C6324</a></li>
41+
<li>Microsoft C library reference: <a href="https://docs.microsoft.com/en-us/cpp/c-runtime-library/reference/strcpy-wcscpy-mbscpy">strcpy, wcscpy, _mbscpy</a></li>
4042
<li>US-CERT: <a href="https://www.us-cert.gov/bsi/articles/knowledge/coding-practices/strcpy_s-and-strcat_s">strncpy_s() and strncat_s()</a></li>
4143

4244
</references>

cpp/ql/src/Likely Bugs/Likely Typos/UsingStrcpyAsBoolean.ql

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,14 @@
11
/**
2-
* @name Using the return value of a strcpy or related string copy function as a boolean operator
3-
* @description The return value for strcpy, strncpy, or related string copy functions have no reserved return value to indicate an error.
4-
* Using the return values of these functions as boolean function .
5-
* Either the intent was to use a more secure version of a string copy function (such as strcpy_s), or a string compare function (such as strcmp).
2+
* @name Use of string copy function in a condition
3+
* @description The return value for strcpy, strncpy, or related string copy
4+
* functions have no reserved return value to indicate an error.
5+
* Using them in a condition is likely to be a logic error.
66
* @kind problem
77
* @problem.severity error
88
* @precision high
99
* @id cpp/string-copy-return-value-as-boolean
1010
* @tags external/microsoft/C6324
11+
* correctness
1112
*/
1213

1314
import cpp
@@ -36,7 +37,7 @@ predicate isStringCopyCastedAsBoolean(FunctionCall func, Expr expr1, string msg)
3637
DataFlow::localFlow(DataFlow::exprNode(func), DataFlow::exprNode(expr1)) and
3738
isBoolean(expr1.getConversion*()) and
3839
isStringComparisonFunction(func.getTarget().getQualifiedName()) and
39-
msg = "Return Value of " + func.getTarget().getQualifiedName() + " used as boolean."
40+
msg = "Return value of " + func.getTarget().getQualifiedName() + " used as Boolean."
4041
}
4142

4243
predicate isStringCopyUsedInLogicalOperationOrCondition(FunctionCall func, Expr expr1, string msg) {
@@ -60,14 +61,14 @@ predicate isStringCopyUsedInLogicalOperationOrCondition(FunctionCall func, Expr
6061
func = ble.getAChild()
6162
)
6263
) and
63-
msg = "Return Value of " + func.getTarget().getQualifiedName() +
64+
msg = "Return value of " + func.getTarget().getQualifiedName() +
6465
" used in a logical operation."
6566
)
6667
or
6768
exists(ConditionalStmt condstmt | condstmt.getAChild() = expr1 |
6869
// or the string copy function is used directly as the conditional expression
6970
func = condstmt.getChild(0) and
70-
msg = "Return Value of " + func.getTarget().getQualifiedName() +
71+
msg = "Return value of " + func.getTarget().getQualifiedName() +
7172
" used directly in a conditional expression."
7273
)
7374
)

0 commit comments

Comments
 (0)