Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 948be09

Browse files
MathiasVPMathiasVP
committed
C++: Add an taint step from object to field for 'CComBSTR's.
1 parent 9b00484 commit 948be09

3 files changed

Lines changed: 30 additions & 13 deletions

File tree

cpp/ql/lib/semmle/code/cpp/models/Models.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,3 +51,4 @@ private import implementations.StructuredExceptionHandling
5151
private import implementations.ZMQ
5252
private import implementations.Win32CommandExecution
5353
private import implementations.CA2AEX
54+
private import implementations.CComBSTR

cpp/ql/lib/semmle/code/cpp/models/implementations/CComBSTR.qll

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
private import cpp
2+
private import semmle.code.cpp.ir.dataflow.FlowSteps
3+
private import semmle.code.cpp.dataflow.new.DataFlow
4+
5+
/** The `CComBSTR` class from the Microsoft "Active Template Library". */
6+
class CcomBstr extends Class {
7+
CcomBstr() { this.hasGlobalName("CComBSTR") }
8+
}
9+
10+
private class Mstr extends Field {
11+
Mstr() { this.getDeclaringType() instanceof CcomBstr and this.hasName("m_str") }
12+
}
13+
14+
private class MstrTaintInheritingContent extends TaintInheritingContent, DataFlow::FieldContent {
15+
MstrTaintInheritingContent() { this.getField() instanceof Mstr }
16+
}

cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -459,48 +459,48 @@ void test_CComBSTR() {
459459
char* x = indirect_source<char>();
460460
{
461461
CComBSTR b(x);
462-
sink(b.m_str); // $ MISSING: ir
462+
sink(b.m_str); // $ ir
463463

464464
CComBSTR b2(b);
465-
sink(b2.m_str); // $ MISSING: ir
465+
sink(b2.m_str); // $ ir
466466
}
467467
{
468468
CComBSTR b(10, x);
469-
sink(b.m_str); // $ MISSING: ir
469+
sink(b.m_str); // $ ir
470470
}
471471
{
472472
CComBSTR b(x);
473473

474474
CComBSTR b2;
475475
sink(b2.m_str);
476476
b2 += b;
477-
sink(b2.m_str); // $ MISSING: ir
477+
sink(b2.m_str); // $ ir
478478

479479
CComBSTR b3;
480480
b3 += x;
481-
sink(b3.m_str); // $ MISSING: ir
481+
sink(b3.m_str); // $ ir
482482
sink(static_cast<BSTR>(b3)); // $ ir
483483
sink(**&b3); // $ ir
484484

485485
CComBSTR b4;
486486
b4.Append(source<char>());
487-
sink(b4.m_str); // $ MISSING: ir
487+
sink(b4.m_str); // $ ir
488488

489489
CComBSTR b5;
490490
b5.AppendBSTR(b4.m_str);
491-
sink(b5.m_str); // $ MISSING: ir
491+
sink(b5.m_str); // $ ir
492492

493493
CComBSTR b6;
494494
b6.AppendBytes(x, 10);
495-
sink(b6.m_str); // $ MISSING: ir
495+
sink(b6.m_str); // $ ir
496496

497497
CComBSTR b7;
498498
b7.ArrayToBSTR(getSafeArray());
499-
sink(b7.m_str); // $ MISSING: ir
499+
sink(b7.m_str); // $ ir
500500

501501
CComBSTR b8;
502502
b8.AssignBSTR(b7.m_str);
503-
sink(b8.m_str); // $ MISSING: ir
503+
sink(b8.m_str); // $ ir
504504

505505
CComBSTR b9;
506506
SAFEARRAY safe;
@@ -514,14 +514,14 @@ void test_CComBSTR() {
514514
wchar_t* w = indirect_source<wchar_t>();
515515
{
516516
CComBSTR b(w);
517-
sink(b.m_str); // $ MISSING: ir
517+
sink(b.m_str); // $ ir
518518

519519
CComBSTR b2;
520520
b2.Attach(w);
521-
sink(b2.m_str); // $ MISSING: ir
521+
sink(b2.m_str); // $ ir
522522
}
523523
{
524524
CComBSTR b(10, w);
525-
sink(b.m_str); // $ MISSING: ir
525+
sink(b.m_str); // $ ir
526526
}
527527
}

0 commit comments

Comments
 (0)