CPP: Extend coverage.

geoffw0 · geoffw0 · commit a437e6c10313 · 2019-04-04T16:31:02.000+01:00
diff --git a/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql b/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
@@ -12,9 +12,14 @@
 import cpp
 
 predicate potentiallyDangerousFunction(Function f, string message) {
-  (
-    f.getQualifiedName() = "gmtime" and
-    message = "Call to gmtime is potentially dangerous"
+  exists(string name | name = f.getQualifiedName() |
+    (
+      name = "gmtime" or
+      name = "localtime" or
+      name = "ctime" or
+      name = "asctime"
+    ) and
+    message = "Call to " + name + " is potentially dangerous"
   ) or (
     f.getQualifiedName() = "gets" and
     message = "gets does not guard against buffer overflow"
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-676/semmle/PotentiallyDangerousFunction/PotentiallyDangerousFunction.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-676/semmle/PotentiallyDangerousFunction/PotentiallyDangerousFunction.expected
@@ -1,3 +1,6 @@
 | test.c:31:22:31:27 | call to gmtime | Call to gmtime is potentially dangerous |
 | test.c:42:2:42:5 | call to gets | gets does not guard against buffer overflow |
 | test.c:43:6:43:9 | call to gets | gets does not guard against buffer overflow |
+| test.c:48:19:48:27 | call to localtime | Call to localtime is potentially dangerous |
+| test.c:49:22:49:26 | call to ctime | Call to ctime is potentially dangerous |
+| test.c:50:23:50:29 | call to asctime | Call to asctime is potentially dangerous |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-676/semmle/PotentiallyDangerousFunction/test.c b/cpp/ql/test/query-tests/Security/CWE/CWE-676/semmle/PotentiallyDangerousFunction/test.c
@@ -45,7 +45,7 @@ void testGets() {
 
 void testTime()
 {
-	struct tm *now = localtime(time(NULL)); // BAD: localtime uses shared state [NOT DETECTED]
-	char *time_string = ctime(time(NULL)); // BAD: localtime uses shared state [NOT DETECTED]
-	char *time_string2 = asctime(now); // BAD: localtime uses shared state [NOT DETECTED]
+	struct tm *now = localtime(time(NULL)); // BAD: localtime uses shared state
+	char *time_string = ctime(time(NULL)); // BAD: localtime uses shared state
+	char *time_string2 = asctime(now); // BAD: localtime uses shared state
 }

Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ void testGets() {`
`45`	`45`
`46`	`46`	`void testTime()`
`47`	`47`	`{`
`48`		`- struct tm *now = localtime(time(NULL)); // BAD: localtime uses shared state [NOT DETECTED]`
`49`		`- char *time_string = ctime(time(NULL)); // BAD: localtime uses shared state [NOT DETECTED]`
`50`		`- char *time_string2 = asctime(now); // BAD: localtime uses shared state [NOT DETECTED]`
	`48`	`+ struct tm *now = localtime(time(NULL)); // BAD: localtime uses shared state`
	`49`	`+ char *time_string = ctime(time(NULL)); // BAD: localtime uses shared state`
	`50`	`+ char *time_string2 = asctime(now); // BAD: localtime uses shared state`
`51`	`51`	`}`