Merge pull request #5174 from criemen/bsl-str

criemen · web-flow · commit 80eaf0b67ae9 · 2021-02-16T17:18:40.000+01:00
Model bsl functions in Str*.qll
diff --git a/cpp/ql/src/semmle/code/cpp/commons/Scanf.qll b/cpp/ql/src/semmle/code/cpp/commons/Scanf.qll
@@ -34,10 +34,10 @@ class Scanf extends ScanfFunction {
   Scanf() {
     this instanceof TopLevelFunction and
     (
-      hasName("scanf") or // scanf(format, args...)
-      hasName("wscanf") or // wscanf(format, args...)
-      hasName("_scanf_l") or // _scanf_l(format, locale, args...)
-      hasName("_wscanf_l") // _wscanf_l(format, locale, args...)
+      hasGlobalOrStdOrBslName("scanf") or // scanf(format, args...)
+      hasGlobalOrStdOrBslName("wscanf") or // wscanf(format, args...)
+      hasGlobalName("_scanf_l") or // _scanf_l(format, locale, args...)
+      hasGlobalName("_wscanf_l") // _wscanf_l(format, locale, args...)
     )
   }
 
@@ -53,10 +53,10 @@ class Fscanf extends ScanfFunction {
   Fscanf() {
     this instanceof TopLevelFunction and
     (
-      hasName("fscanf") or // fscanf(src_stream, format, args...)
-      hasName("fwscanf") or // fwscanf(src_stream, format, args...)
-      hasName("_fscanf_l") or // _fscanf_l(src_stream, format, locale, args...)
-      hasName("_fwscanf_l") // _fwscanf_l(src_stream, format, locale, args...)
+      hasGlobalOrStdOrBslName("fscanf") or // fscanf(src_stream, format, args...)
+      hasGlobalOrStdOrBslName("fwscanf") or // fwscanf(src_stream, format, args...)
+      hasGlobalName("_fscanf_l") or // _fscanf_l(src_stream, format, locale, args...)
+      hasGlobalName("_fwscanf_l") // _fwscanf_l(src_stream, format, locale, args...)
     )
   }
 
@@ -72,10 +72,10 @@ class Sscanf extends ScanfFunction {
   Sscanf() {
     this instanceof TopLevelFunction and
     (
-      hasName("sscanf") or // sscanf(src_stream, format, args...)
-      hasName("swscanf") or // swscanf(src, format, args...)
-      hasName("_sscanf_l") or // _sscanf_l(src, format, locale, args...)
-      hasName("_swscanf_l") // _swscanf_l(src, format, locale, args...)
+      hasGlobalOrStdOrBslName("sscanf") or // sscanf(src_stream, format, args...)
+      hasGlobalOrStdOrBslName("swscanf") or // swscanf(src, format, args...)
+      hasGlobalName("_sscanf_l") or // _sscanf_l(src, format, locale, args...)
+      hasGlobalName("_swscanf_l") // _swscanf_l(src, format, locale, args...)
     )
   }
 
@@ -91,10 +91,10 @@ class Snscanf extends ScanfFunction {
   Snscanf() {
     this instanceof TopLevelFunction and
     (
-      hasName("_snscanf") or // _snscanf(src, max_amount, format, args...)
-      hasName("_snwscanf") or // _snwscanf(src, max_amount, format, args...)
-      hasName("_snscanf_l") or // _snscanf_l(src, max_amount, format, locale, args...)
-      hasName("_snwscanf_l") // _snwscanf_l(src, max_amount, format, locale, args...)
+      hasGlobalName("_snscanf") or // _snscanf(src, max_amount, format, args...)
+      hasGlobalName("_snwscanf") or // _snwscanf(src, max_amount, format, args...)
+      hasGlobalName("_snscanf_l") or // _snscanf_l(src, max_amount, format, locale, args...)
+      hasGlobalName("_snwscanf_l") // _snwscanf_l(src, max_amount, format, locale, args...)
       // note that the max_amount is not a limit on the output length, it's an input length
       // limit used with non null-terminated strings.
     )
diff --git a/cpp/ql/src/semmle/code/cpp/models/implementations/Printf.qll b/cpp/ql/src/semmle/code/cpp/models/implementations/Printf.qll
@@ -15,18 +15,15 @@ private class Printf extends FormattingFunction, AliasFunction {
   Printf() {
     this instanceof TopLevelFunction and
     (
-      hasGlobalOrStdName(["printf", "wprintf"]) or
+      hasGlobalOrStdOrBslName(["printf", "wprintf"]) or
       hasGlobalName(["printf_s", "wprintf_s", "g_printf"])
     ) and
     not exists(getDefinition().getFile().getRelativePath())
   }
 
   override int getFormatParameterIndex() { result = 0 }
 
-  deprecated override predicate isWideCharDefault() {
-    hasGlobalOrStdName("wprintf") or
-    hasGlobalName("wprintf_s")
-  }
+  deprecated override predicate isWideCharDefault() { hasName(["wprintf", "wprintf_s"]) }
 
   override predicate isOutputGlobal() { any() }
 
@@ -44,15 +41,15 @@ private class Fprintf extends FormattingFunction {
   Fprintf() {
     this instanceof TopLevelFunction and
     (
-      hasGlobalOrStdName(["fprintf", "fwprintf"]) or
+      hasGlobalOrStdOrBslName(["fprintf", "fwprintf"]) or
       hasGlobalName("g_fprintf")
     ) and
     not exists(getDefinition().getFile().getRelativePath())
   }
 
   override int getFormatParameterIndex() { result = 1 }
 
-  deprecated override predicate isWideCharDefault() { hasGlobalOrStdName("fwprintf") }
+  deprecated override predicate isWideCharDefault() { hasName("fwprintf") }
 
   override int getOutputParameterIndex(boolean isStream) { result = 0 and isStream = true }
 }
@@ -64,7 +61,7 @@ private class Sprintf extends FormattingFunction {
   Sprintf() {
     this instanceof TopLevelFunction and
     (
-      hasGlobalOrStdName([
+      hasGlobalOrStdOrBslName([
           "sprintf", // sprintf(dst, format, args...)
           "wsprintf" // wsprintf(dst, format, args...)
         ])
@@ -90,22 +87,20 @@ private class Sprintf extends FormattingFunction {
   }
 
   override int getFormatParameterIndex() {
-    hasGlobalName("g_strdup_printf") and result = 0
+    hasName("g_strdup_printf") and result = 0
     or
-    hasGlobalName("__builtin___sprintf_chk") and result = 3
+    hasName("__builtin___sprintf_chk") and result = 3
     or
     not getName() = ["g_strdup_printf", "__builtin___sprintf_chk"] and
     result = 1
   }
 
   override int getOutputParameterIndex(boolean isStream) {
-    not hasGlobalName("g_strdup_printf") and result = 0 and isStream = false
+    not hasName("g_strdup_printf") and result = 0 and isStream = false
   }
 
   override int getFirstFormatArgumentIndex() {
-    if hasGlobalName("__builtin___sprintf_chk")
-    then result = 4
-    else result = getNumberOfParameters()
+    if hasName("__builtin___sprintf_chk") then result = 4 else result = getNumberOfParameters()
   }
 }
 
@@ -116,7 +111,7 @@ private class SnprintfImpl extends Snprintf {
   SnprintfImpl() {
     this instanceof TopLevelFunction and
     (
-      hasGlobalOrStdName([
+      hasGlobalOrStdOrBslName([
           "snprintf", // C99 defines snprintf
           "swprintf" // The s version of wide-char printf is also always the n version
         ])
@@ -163,10 +158,7 @@ private class SnprintfImpl extends Snprintf {
   }
 
   override predicate returnsFullFormatLength() {
-    (
-      hasGlobalOrStdName("snprintf") or
-      hasGlobalName(["g_snprintf", "__builtin___snprintf_chk", "snprintf_s"])
-    ) and
+    hasName(["snprintf", "g_snprintf", "__builtin___snprintf_chk", "snprintf_s"]) and
     not exists(getDefinition().getFile().getRelativePath())
   }
 
diff --git a/cpp/ql/src/semmle/code/cpp/models/implementations/Strcat.qll b/cpp/ql/src/semmle/code/cpp/models/implementations/Strcat.qll
@@ -13,7 +13,7 @@ import semmle.code.cpp.models.interfaces.SideEffect
  */
 class StrcatFunction extends TaintFunction, DataFlowFunction, ArrayFunction, SideEffectFunction {
   StrcatFunction() {
-    this.hasGlobalOrStdName([
+    this.hasGlobalOrStdOrBslName([
         "strcat", // strcat(dst, src)
         "strncat", // strncat(dst, src, max_amount)
         "wcscat", // wcscat(dst, src)
diff --git a/cpp/ql/src/semmle/code/cpp/models/implementations/Strcpy.qll b/cpp/ql/src/semmle/code/cpp/models/implementations/Strcpy.qll
@@ -13,7 +13,7 @@ import semmle.code.cpp.models.interfaces.SideEffect
  */
 class StrcpyFunction extends ArrayFunction, DataFlowFunction, TaintFunction, SideEffectFunction {
   StrcpyFunction() {
-    this.hasGlobalOrStdName([
+    this.hasGlobalOrStdOrBslName([
         "strcpy", // strcpy(dst, src)
         "wcscpy", // wcscpy(dst, src)
         "strncpy", // strncpy(dst, src, max_amount)
diff --git a/cpp/ql/src/semmle/code/cpp/models/implementations/Strtok.qll b/cpp/ql/src/semmle/code/cpp/models/implementations/Strtok.qll
@@ -15,7 +15,7 @@ import semmle.code.cpp.models.interfaces.Taint
  */
 private class Strtok extends ArrayFunction, AliasFunction, TaintFunction, SideEffectFunction {
   Strtok() {
-    this.hasGlobalOrStdName("strtok") or
+    this.hasGlobalOrStdOrBslName("strtok") or
     this.hasGlobalName(["strtok_r", "_strtok_l", "wcstok", "_wcstok_l", "_mbstok", "_mbstok_l"])
   }
 

Original file line number	Diff line number	Diff line change
`@@ -34,10 +34,10 @@ class Scanf extends ScanfFunction {`
`34`	`34`	`Scanf() {`
`35`	`35`	`this instanceof TopLevelFunction and`
`36`	`36`	`(`
`37`		`- hasName("scanf") or // scanf(format, args...)`
`38`		`- hasName("wscanf") or // wscanf(format, args...)`
`39`		`- hasName("_scanf_l") or // _scanf_l(format, locale, args...)`
`40`		`- hasName("_wscanf_l") // _wscanf_l(format, locale, args...)`
	`37`	`+ hasGlobalOrStdOrBslName("scanf") or // scanf(format, args...)`
	`38`	`+ hasGlobalOrStdOrBslName("wscanf") or // wscanf(format, args...)`
	`39`	`+ hasGlobalName("_scanf_l") or // _scanf_l(format, locale, args...)`
	`40`	`+ hasGlobalName("_wscanf_l") // _wscanf_l(format, locale, args...)`
`41`	`41`	`)`
`42`	`42`	`}`
`43`	`43`
`@@ -53,10 +53,10 @@ class Fscanf extends ScanfFunction {`
`53`	`53`	`Fscanf() {`
`54`	`54`	`this instanceof TopLevelFunction and`
`55`	`55`	`(`
`56`		`- hasName("fscanf") or // fscanf(src_stream, format, args...)`
`57`		`- hasName("fwscanf") or // fwscanf(src_stream, format, args...)`
`58`		`- hasName("_fscanf_l") or // _fscanf_l(src_stream, format, locale, args...)`
`59`		`- hasName("_fwscanf_l") // _fwscanf_l(src_stream, format, locale, args...)`
	`56`	`+ hasGlobalOrStdOrBslName("fscanf") or // fscanf(src_stream, format, args...)`
	`57`	`+ hasGlobalOrStdOrBslName("fwscanf") or // fwscanf(src_stream, format, args...)`
	`58`	`+ hasGlobalName("_fscanf_l") or // _fscanf_l(src_stream, format, locale, args...)`
	`59`	`+ hasGlobalName("_fwscanf_l") // _fwscanf_l(src_stream, format, locale, args...)`
`60`	`60`	`)`
`61`	`61`	`}`
`62`	`62`
`@@ -72,10 +72,10 @@ class Sscanf extends ScanfFunction {`
`72`	`72`	`Sscanf() {`
`73`	`73`	`this instanceof TopLevelFunction and`
`74`	`74`	`(`
`75`		`- hasName("sscanf") or // sscanf(src_stream, format, args...)`
`76`		`- hasName("swscanf") or // swscanf(src, format, args...)`
`77`		`- hasName("_sscanf_l") or // _sscanf_l(src, format, locale, args...)`
`78`		`- hasName("_swscanf_l") // _swscanf_l(src, format, locale, args...)`
	`75`	`+ hasGlobalOrStdOrBslName("sscanf") or // sscanf(src_stream, format, args...)`
	`76`	`+ hasGlobalOrStdOrBslName("swscanf") or // swscanf(src, format, args...)`
	`77`	`+ hasGlobalName("_sscanf_l") or // _sscanf_l(src, format, locale, args...)`
	`78`	`+ hasGlobalName("_swscanf_l") // _swscanf_l(src, format, locale, args...)`
`79`	`79`	`)`
`80`	`80`	`}`
`81`	`81`
`@@ -91,10 +91,10 @@ class Snscanf extends ScanfFunction {`
`91`	`91`	`Snscanf() {`
`92`	`92`	`this instanceof TopLevelFunction and`
`93`	`93`	`(`
`94`		`- hasName("_snscanf") or // _snscanf(src, max_amount, format, args...)`
`95`		`- hasName("_snwscanf") or // _snwscanf(src, max_amount, format, args...)`
`96`		`- hasName("_snscanf_l") or // _snscanf_l(src, max_amount, format, locale, args...)`
`97`		`- hasName("_snwscanf_l") // _snwscanf_l(src, max_amount, format, locale, args...)`
	`94`	`+ hasGlobalName("_snscanf") or // _snscanf(src, max_amount, format, args...)`
	`95`	`+ hasGlobalName("_snwscanf") or // _snwscanf(src, max_amount, format, args...)`
	`96`	`+ hasGlobalName("_snscanf_l") or // _snscanf_l(src, max_amount, format, locale, args...)`
	`97`	`+ hasGlobalName("_snwscanf_l") // _snwscanf_l(src, max_amount, format, locale, args...)`
`98`	`98`	`// note that the max_amount is not a limit on the output length, it's an input length`
`99`	`99`	`// limit used with non null-terminated strings.`
`100`	`100`	`)`
Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ import semmle.code.cpp.models.interfaces.Taint`
`15`	`15`	`*/`
`16`	`16`	`private class Strtok extends ArrayFunction, AliasFunction, TaintFunction, SideEffectFunction {`
`17`	`17`	`Strtok() {`
`18`		`- this.hasGlobalOrStdName("strtok") or`
	`18`	`+ this.hasGlobalOrStdOrBslName("strtok") or`
`19`	`19`	`this.hasGlobalName(["strtok_r", "_strtok_l", "wcstok", "_wcstok_l", "_mbstok", "_mbstok_l"])`
`20`	`20`	`}`
`21`	`21`