File tree Expand file tree Collapse file tree
cpp/ql/src/semmle/code/cpp/security Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -6,17 +6,21 @@ import semmle.code.cpp.security.FunctionWithWrappers
66/**
77 * A function for running a command using a command interpreter.
88 */
9- class SystemFunction extends FunctionWithWrappers {
9+ class SystemFunction extends FunctionWithWrappers , ArrayFunction {
1010 SystemFunction ( ) {
11- hasGlobalOrStdName ( "system" ) or
12- hasGlobalName ( "popen" ) or
11+ hasGlobalOrStdName ( "system" ) or // system(command)
12+ hasGlobalName ( "popen" ) or // popen(command, mode)
1313 // Windows variants
14- hasGlobalName ( "_popen" ) or
15- hasGlobalName ( "_wpopen" ) or
16- hasGlobalName ( "_wsystem" )
14+ hasGlobalName ( "_popen" ) or // _popen(command, mode)
15+ hasGlobalName ( "_wpopen" ) or // _wpopen(command, mode)
16+ hasGlobalName ( "_wsystem" ) // _wsystem(command)
1717 }
1818
1919 override predicate interestingArg ( int arg ) { arg = 0 }
20+
21+ override predicate hasArrayWithNullTerminator ( int bufParam ) { bufParam = 0 or bufParam = 1 }
22+
23+ override predicate hasArrayInput ( int bufParam ) { bufParam = 0 or bufParam = 1 }
2024}
2125
2226/**
You can’t perform that action at this time.
0 commit comments