Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 7015a9c

Browse files
geoffw0geoffw0
committed
C++: Un-private a few classes that are now used by the current DefaultSafeExternalAPIFunction implementation.
1 parent cc8d4b4 commit 7015a9c

2 files changed

Lines changed: 21 additions & 10 deletions

File tree

cpp/ql/src/Security/CWE/CWE-020/SafeExternalAPIFunction.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ abstract class SafeExternalAPIFunction extends Function { }
1313
/** The default set of "safe" external APIs. */
1414
private class DefaultSafeExternalAPIFunction extends SafeExternalAPIFunction {
1515
DefaultSafeExternalAPIFunction() {
16+
// implementation note: this should be based on the properties of public interfaces, rather than accessing implementation classes directly. When we've done that, the three classes referenced here should be made fully private.
1617
this instanceof PureStrFunction or
1718
this instanceof StrLenFunction or
1819
this instanceof PureMemFunction

cpp/ql/src/semmle/code/cpp/models/implementations/Pure.qll

Lines changed: 20 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -3,14 +3,16 @@ import semmle.code.cpp.models.interfaces.Taint
33
import semmle.code.cpp.models.interfaces.Alias
44
import semmle.code.cpp.models.interfaces.SideEffect
55

6-
/** Pure string functions. */
7-
private class PureStrFunction extends AliasFunction, ArrayFunction, TaintFunction, SideEffectFunction {
6+
/**
7+
* Pure string functions.
8+
*
9+
* INTERNAL: do not use.
10+
*/
11+
class PureStrFunction extends AliasFunction, ArrayFunction, TaintFunction, SideEffectFunction {
812
PureStrFunction() {
9-
hasGlobalOrStdName([
10-
"atof", "atoi", "atol", "atoll", "strcasestr", "strchnul", "strchr", "strchrnul", "strstr",
11-
"strpbrk", "strcmp", "strcspn", "strncmp", "strrchr", "strspn", "strtod", "strtof",
12-
"strtol", "strtoll", "strtoq", "strtoul"
13-
])
13+
hasGlobalOrStdName(["atof", "atoi", "atol", "atoll", "strcasestr", "strchnul", "strchr",
14+
"strchrnul", "strstr", "strpbrk", "strcmp", "strcspn", "strncmp", "strrchr", "strspn",
15+
"strtod", "strtof", "strtol", "strtoll", "strtoq", "strtoul"])
1416
}
1517

1618
override predicate hasArrayInput(int bufParam) {
@@ -59,8 +61,12 @@ private class PureStrFunction extends AliasFunction, ArrayFunction, TaintFunctio
5961
}
6062
}
6163

62-
/** String standard `strlen` function, and related functions for computing string lengths. */
63-
private class StrLenFunction extends AliasFunction, ArrayFunction, SideEffectFunction {
64+
/**
65+
* String standard `strlen` function, and related functions for computing string lengths.
66+
*
67+
* INTERNAL: do not use.
68+
*/
69+
class StrLenFunction extends AliasFunction, ArrayFunction, SideEffectFunction {
6470
StrLenFunction() {
6571
hasGlobalOrStdName(["strlen", "strnlen", "wcslen"])
6672
or
@@ -110,7 +116,11 @@ private class PureFunction extends TaintFunction, SideEffectFunction {
110116
override predicate hasOnlySpecificWriteSideEffects() { any() }
111117
}
112118

113-
/** Pure raw-memory functions. */
119+
/**
120+
* Pure raw-memory functions.
121+
*
122+
* INTERNAL: do not use.
123+
*/
114124
class PureMemFunction extends AliasFunction, ArrayFunction, TaintFunction, SideEffectFunction {
115125
PureMemFunction() { hasGlobalOrStdName(["memchr", "memrchr", "rawmemchr", "memcmp", "memmem"]) }
116126

0 commit comments

Comments
 (0)