Skip to content

Commit 500e96a

Browse files
authored
Merge pull request #920 from jketema/jketema/dataflow
Convert a number of queries to use the new dataflow library
2 parents 740bcd0 + d313bf2 commit 500e96a

File tree

27 files changed

+297
-294
lines changed

27 files changed

+297
-294
lines changed

c/cert/src/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818

1919
import cpp
2020
import codingstandards.c.cert
21-
import semmle.code.cpp.dataflow.DataFlow
21+
import semmle.code.cpp.dataflow.new.DataFlow
2222
import NonArrayPointerToArrayIndexingExprFlow::PathGraph
2323

2424
/**

c/cert/src/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.ql

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
import cpp
2020
import codingstandards.c.cert
2121
import codingstandards.cpp.types.Pointers
22-
import semmle.code.cpp.dataflow.TaintTracking
22+
import semmle.code.cpp.dataflow.new.TaintTracking
2323
import ScaledIntegerPointerArithmeticFlow::PathGraph
2424

2525
/**
@@ -61,9 +61,11 @@ class ScaledIntegerExpr extends Expr {
6161
ScaledIntegerExpr() {
6262
not this.getParent*() instanceof ArrayCountOfExpr and
6363
(
64-
this.(SizeofExprOperator).getExprOperand().getType().getSize() > 1
64+
exists(this.getValue()) and
65+
this.getAChild*().(SizeofExprOperator).getExprOperand().getType().getSize() > 1
6566
or
66-
this.(SizeofTypeOperator).getTypeOperand().getSize() > 1
67+
exists(this.getValue()) and
68+
this.getAChild*().(SizeofTypeOperator).getTypeOperand().getSize() > 1
6769
or
6870
this instanceof OffsetOfExpr
6971
)

c/cert/src/rules/ERR30-C/ErrnoReadBeforeReturn.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
import cpp
2020
import codingstandards.c.cert
2121
import codingstandards.c.Errno
22-
import semmle.code.cpp.dataflow.DataFlow
22+
import semmle.code.cpp.dataflow.new.DataFlow
2323

2424
/**
2525
* A call to an `OutOfBandErrnoSettingFunction`

c/cert/src/rules/ERR30-C/SetlocaleMightSetErrno.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
import cpp
1919
import codingstandards.c.cert
2020
import codingstandards.c.Errno
21-
import semmle.code.cpp.dataflow.DataFlow
21+
import semmle.code.cpp.dataflow.new.DataFlow
2222

2323
class SetlocaleFunctionCall extends FunctionCall {
2424
SetlocaleFunctionCall() { this.getTarget().hasGlobalName("setlocale") }

c/cert/src/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
import cpp
2020
import codingstandards.c.cert
2121
import codingstandards.cpp.Alignment
22-
import semmle.code.cpp.dataflow.DataFlow
22+
import semmle.code.cpp.dataflow.new.DataFlow
2323
import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
2424
import ExprWithAlignmentToCStyleCastFlow::PathGraph
2525

c/cert/src/rules/FIO45-C/ToctouRaceConditionsWhileAccessingFiles.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
import cpp
2020
import codingstandards.c.cert
2121
import codingstandards.cpp.standardlibrary.FileAccess
22-
import semmle.code.cpp.dataflow.DataFlow
22+
import semmle.code.cpp.dataflow.new.DataFlow
2323
import semmle.code.cpp.valuenumbering.GlobalValueNumbering
2424

2525
/**

c/cert/src/rules/MSC33-C/DoNotPassInvalidDataToTheAsctimeFunction.ql

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919

2020
import cpp
2121
import codingstandards.c.cert
22-
import semmle.code.cpp.dataflow.DataFlow
22+
import semmle.code.cpp.dataflow.new.DataFlow
2323

2424
/**
2525
* The argument of a call to `asctime`
@@ -29,6 +29,8 @@ class AsctimeArg extends Expr {
2929
this =
3030
any(FunctionCall f | f.getTarget().hasGlobalName(["asctime", "asctime_r"])).getArgument(0)
3131
}
32+
33+
DataFlow::Node asSink() { this = result.asIndirectExpr() }
3234
}
3335

3436
/**
@@ -37,20 +39,20 @@ class AsctimeArg extends Expr {
3739
*/
3840
module TmStructSafeConfig implements DataFlow::ConfigSig {
3941
predicate isSource(DataFlow::Node src) {
40-
src.asExpr()
42+
src.asIndirectExpr()
4143
.(FunctionCall)
4244
.getTarget()
4345
.hasGlobalName(["localtime", "localtime_r", "localtime_s", "gmtime", "gmtime_r", "gmtime_s"])
4446
}
4547

46-
predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof AsctimeArg }
48+
predicate isSink(DataFlow::Node sink) { exists(AsctimeArg arg | arg.asSink() = sink) }
4749
}
4850

4951
module TmStructSafeFlow = DataFlow::Global<TmStructSafeConfig>;
5052

5153
from AsctimeArg fc
5254
where
5355
not isExcluded(fc, Contracts7Package::doNotPassInvalidDataToTheAsctimeFunctionQuery()) and
54-
not TmStructSafeFlow::flowToExpr(fc)
56+
not TmStructSafeFlow::flowTo(fc.asSink())
5557
select fc,
5658
"The function `asctime` and `asctime_r` should be discouraged. Unsanitized input can overflow the output buffer."

c/cert/test/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.expected

Lines changed: 10 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,21 @@
1-
WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql:28,60-68)
2-
WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql:29,22-30)
3-
WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql:41,20-28)
4-
WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql:49,26-34)
5-
WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql:70,3-11)
61
edges
7-
| test.c:14:38:14:39 | p1 | test.c:18:10:18:11 | v1 | provenance | |
8-
| test.c:14:38:14:39 | p1 | test.c:19:10:19:11 | v2 | provenance | |
2+
| test.c:14:38:14:39 | p1 | test.c:16:13:16:14 | p1 | provenance | |
3+
| test.c:14:38:14:39 | p1 | test.c:17:13:17:14 | p1 | provenance | |
94
| test.c:14:38:14:39 | p1 | test.c:20:10:20:11 | p1 | provenance | |
105
| test.c:14:38:14:39 | p1 | test.c:21:10:21:11 | p1 | provenance | |
116
| test.c:14:38:14:39 | p1 | test.c:22:9:22:10 | p1 | provenance | |
127
| test.c:14:38:14:39 | p1 | test.c:23:13:23:14 | p1 | provenance | |
138
| test.c:14:38:14:39 | p1 | test.c:24:9:24:10 | p1 | provenance | |
149
| test.c:14:38:14:39 | p1 | test.c:25:9:25:10 | p1 | provenance | |
10+
| test.c:16:13:16:14 | p1 | test.c:18:10:18:13 | ... ++ | provenance | |
11+
| test.c:17:13:17:14 | p1 | test.c:19:10:19:13 | ... -- | provenance | |
1512
| test.c:51:30:51:38 | & ... | test.c:14:38:14:39 | p1 | provenance | |
1613
nodes
1714
| test.c:14:38:14:39 | p1 | semmle.label | p1 |
18-
| test.c:18:10:18:11 | v1 | semmle.label | v1 |
19-
| test.c:19:10:19:11 | v2 | semmle.label | v2 |
15+
| test.c:16:13:16:14 | p1 | semmle.label | p1 |
16+
| test.c:17:13:17:14 | p1 | semmle.label | p1 |
17+
| test.c:18:10:18:13 | ... ++ | semmle.label | ... ++ |
18+
| test.c:19:10:19:13 | ... -- | semmle.label | ... -- |
2019
| test.c:20:10:20:11 | p1 | semmle.label | p1 |
2120
| test.c:21:10:21:11 | p1 | semmle.label | p1 |
2221
| test.c:22:9:22:10 | p1 | semmle.label | p1 |
@@ -32,8 +31,8 @@ nodes
3231
| test.c:51:30:51:38 | & ... | semmle.label | & ... |
3332
subpaths
3433
#select
35-
| test.c:18:10:18:11 | v1 | test.c:51:30:51:38 | & ... | test.c:18:10:18:11 | v1 | Pointer arithmetic on non-array object pointer. |
36-
| test.c:19:10:19:11 | v2 | test.c:51:30:51:38 | & ... | test.c:19:10:19:11 | v2 | Pointer arithmetic on non-array object pointer. |
34+
| test.c:18:10:18:13 | ... ++ | test.c:51:30:51:38 | & ... | test.c:18:10:18:13 | ... ++ | Pointer arithmetic on non-array object pointer. |
35+
| test.c:19:10:19:13 | ... -- | test.c:51:30:51:38 | & ... | test.c:19:10:19:13 | ... -- | Pointer arithmetic on non-array object pointer. |
3736
| test.c:20:10:20:11 | p1 | test.c:51:30:51:38 | & ... | test.c:20:10:20:11 | p1 | Pointer arithmetic on non-array object pointer. |
3837
| test.c:21:10:21:11 | p1 | test.c:51:30:51:38 | & ... | test.c:21:10:21:11 | p1 | Pointer arithmetic on non-array object pointer. |
3938
| test.c:22:9:22:10 | p1 | test.c:51:30:51:38 | & ... | test.c:22:9:22:10 | p1 | Pointer arithmetic on non-array object pointer. |
Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,27 +1,27 @@
1-
WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotAddOrSubtractAScaledIntegerToAPointer.ql:77,56-64)
2-
WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotAddOrSubtractAScaledIntegerToAPointer.ql:78,22-30)
3-
WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotAddOrSubtractAScaledIntegerToAPointer.ql:80,20-28)
4-
WARNING: module 'DataFlow' has been deprecated and may be removed in future (DoNotAddOrSubtractAScaledIntegerToAPointer.ql:89,45-53)
51
edges
62
| test.c:7:13:7:14 | p1 | test.c:9:9:9:10 | p1 | provenance | |
3+
| test.c:16:19:16:41 | ... - ... | test.c:16:19:16:41 | ... - ... | provenance | |
74
| test.c:16:19:16:41 | ... - ... | test.c:18:26:18:31 | offset | provenance | |
85
| test.c:16:19:16:41 | ... - ... | test.c:29:6:29:11 | offset | provenance | |
6+
| test.c:17:17:17:26 | sizeof(<expr>) | test.c:17:17:17:26 | sizeof(<expr>) | provenance | |
97
| test.c:17:17:17:26 | sizeof(<expr>) | test.c:23:9:23:12 | size | provenance | |
108
| test.c:29:6:29:11 | offset | test.c:7:13:7:14 | p1 | provenance | |
119
nodes
1210
| test.c:7:13:7:14 | p1 | semmle.label | p1 |
1311
| test.c:9:9:9:10 | p1 | semmle.label | p1 |
1412
| test.c:16:19:16:41 | ... - ... | semmle.label | ... - ... |
13+
| test.c:16:19:16:41 | ... - ... | semmle.label | ... - ... |
14+
| test.c:17:17:17:26 | sizeof(<expr>) | semmle.label | sizeof(<expr>) |
1515
| test.c:17:17:17:26 | sizeof(<expr>) | semmle.label | sizeof(<expr>) |
1616
| test.c:18:26:18:31 | offset | semmle.label | offset |
1717
| test.c:23:9:23:12 | size | semmle.label | size |
1818
| test.c:25:9:25:18 | sizeof(<expr>) | semmle.label | sizeof(<expr>) |
19-
| test.c:27:17:27:26 | sizeof(<expr>) | semmle.label | sizeof(<expr>) |
19+
| test.c:27:12:27:26 | ... / ... | semmle.label | ... / ... |
2020
| test.c:29:6:29:11 | offset | semmle.label | offset |
2121
subpaths
2222
#select
2323
| test.c:9:9:9:10 | p1 | test.c:16:19:16:41 | ... - ... | test.c:9:9:9:10 | p1 | Scaled integer used in pointer arithmetic. |
2424
| test.c:18:26:18:31 | offset | test.c:16:19:16:41 | ... - ... | test.c:18:26:18:31 | offset | Scaled integer used in pointer arithmetic. |
2525
| test.c:23:9:23:12 | size | test.c:17:17:17:26 | sizeof(<expr>) | test.c:23:9:23:12 | size | Scaled integer used in pointer arithmetic. |
2626
| test.c:25:9:25:18 | sizeof(<expr>) | test.c:25:9:25:18 | sizeof(<expr>) | test.c:25:9:25:18 | sizeof(<expr>) | Scaled integer used in pointer arithmetic. |
27-
| test.c:27:17:27:26 | sizeof(<expr>) | test.c:27:17:27:26 | sizeof(<expr>) | test.c:27:17:27:26 | sizeof(<expr>) | Scaled integer used in pointer arithmetic. |
27+
| test.c:27:12:27:26 | ... / ... | test.c:27:12:27:26 | ... / ... | test.c:27:12:27:26 | ... / ... | Scaled integer used in pointer arithmetic. |
Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,3 @@
1-
WARNING: module 'DataFlow' has been deprecated and may be removed in future (ErrnoReadBeforeReturn.ql:46,7-15)
21
| test.c:69:7:69:11 | * ... | Do not read `errno` before checking the return value of function $@. | test.c:68:3:68:7 | call to ftell | call to ftell |
32
| test.c:69:7:69:11 | call to __errno_location | Do not read `errno` before checking the return value of function $@. | test.c:68:3:68:7 | call to ftell | call to ftell |
43
| test.c:70:5:70:10 | call to perror | Do not read `errno` before checking the return value of function $@. | test.c:68:3:68:7 | call to ftell | call to ftell |

0 commit comments

Comments
 (0)