Skip to content

Commit 2b1b948

Browse files
ihsinmeihsinme
authored
Update LateCheckOfFunctionArgument.ql
1 parent cadb1d6 commit 2b1b948

File tree

1 file changed

+16
-18
lines changed

1 file changed

+16
-18
lines changed

cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql

Lines changed: 16 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -15,32 +15,31 @@
1515
import cpp
1616
import semmle.code.cpp.valuenumbering.GlobalValueNumbering
1717

18-
predicate numberArgument(Function f, int size) {
19-
f.hasGlobalOrStdName("write") and size = 2
18+
/ ** Pridekat allows you to get the number of the argument used for positioning in the buffer by the name of the function. * /
19+
predicate numberArgument(Function f, int apos) {
20+
f.hasGlobalOrStdName("write") and apos = 2
2021
or
21-
f.hasGlobalOrStdName("read") and size = 2
22+
f.hasGlobalOrStdName("read") and apos = 2
2223
or
23-
f.hasGlobalOrStdName("lseek") and size = 1
24+
f.hasGlobalOrStdName("lseek") and apos = 1
2425
or
25-
f.hasGlobalOrStdName("memmove") and size = 2
26+
f.hasGlobalOrStdName("memmove") and apos = 2
2627
or
27-
f.hasGlobalOrStdName("memset") and size = 2
28+
f.hasGlobalOrStdName("memset") and apos = 2
2829
or
29-
f.hasGlobalOrStdName("memcpy") and size = 2
30+
f.hasGlobalOrStdName("memcpy") and apos = 2
3031
or
31-
f.hasGlobalOrStdName("memcmp") and size = 2
32+
f.hasGlobalOrStdName("memcmp") and apos = 2
3233
or
33-
f.hasGlobalOrStdName("strncat") and size = 2
34+
f.hasGlobalOrStdName("strncat") and apos = 2
3435
or
35-
f.hasGlobalOrStdName("strncpy") and size = 2
36+
f.hasGlobalOrStdName("strncpy") and apos = 2
3637
or
37-
f.hasGlobalOrStdName("strncmp") and size = 2
38+
f.hasGlobalOrStdName("strncmp") and apos = 2
3839
or
39-
f.hasGlobalOrStdName("snprintf") and size = 1
40+
f.hasGlobalOrStdName("snprintf") and apos = 1
4041
or
41-
f.hasGlobalOrStdName("strndup") and size = 2
42-
or
43-
f.hasGlobalOrStdName("read") and size = 2
42+
f.hasGlobalOrStdName("strndup") and apos = 2
4443
}
4544

4645
class IfCompareWithZero extends IfStmt {
@@ -55,12 +54,11 @@ class IfCompareWithZero extends IfStmt {
5554

5655
from FunctionCall fc, IfCompareWithZero ifc, int na
5756
where
58-
numberArgument(fc.getTarget(), na) and
59-
na >= 0 and
57+
numberArgument(fc.getTarget(), na)
6058
globalValueNumber(fc.getArgument(na)) = globalValueNumber(ifc.noZerroOperand()) and
6159
dominates(fc, ifc) and
6260
not exists(IfStmt ifc1 |
6361
dominates(ifc1, fc) and
6462
globalValueNumber(fc.getArgument(na)) = globalValueNumber(ifc1.getCondition().getAChild*())
6563
)
66-
select fc, "Argument '$@' will be checked later.", fc.getArgument(na), fc.getArgument(na).toString()
64+
select fc, "The value of argument '$@' appears to be checked after the call, rather than before it.", fc.getArgument(na), fc.getArgument(na).toString()

0 commit comments

Comments
 (0)