[thirdparty/systemd.git] / .lgtm / cpp-queries / PotentiallyDangerousFunction.ql

/**
 * vi: sw=2 ts=2 et syntax=ql:
 *
 * Borrowed from
 * https://github.com/Semmle/ql/blob/master/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
 *
 * @name Use of potentially dangerous function
 * @description Certain standard library functions are dangerous to call.
 * @id cpp/potentially-dangerous-function
 * @kind problem
 * @problem.severity error
 * @precision high
 * @tags reliability
 *       security
 */
import cpp

predicate potentiallyDangerousFunction(Function f, string message) {
  (
    f.getQualifiedName() = "fgets" and
    message = "Call to fgets() is potentially dangerous. Use read_line() instead."
  ) or (
    f.getQualifiedName() = "strtok" and
    message = "Call to strtok() is potentially dangerous. Use extract_first_word() instead."
  ) or (
    f.getQualifiedName() = "strsep" and
    message = "Call to strsep() is potentially dangerous. Use extract_first_word() instead."
  ) or (
    f.getQualifiedName() = "dup" and
    message = "Call to dup() is potentially dangerous. Use fcntl(fd, FD_DUPFD_CLOEXEC, 3) instead."
  ) or (
    f.getQualifiedName() = "htonl" and
    message = "Call to htonl() is confusing. Use htobe32() instead."
  ) or (
    f.getQualifiedName() = "htons" and
    message = "Call to htons() is confusing. Use htobe16() instead."
  ) or (
    f.getQualifiedName() = "ntohl" and
    message = "Call to ntohl() is confusing. Use be32toh() instead."
  ) or (
    f.getQualifiedName() = "ntohs" and
    message = "Call to ntohs() is confusing. Use be16toh() instead."
  ) or (
    f.getQualifiedName() = "strerror" and
    message = "Call to strerror() is not thread-safe. Use strerror_r() or printf()'s %m format string instead."
  ) or (
    f.getQualifiedName() = "accept" and
    message = "Call to accept() is not O_CLOEXEC-safe. Use accept4() instead."
  ) or (
    f.getQualifiedName() = "dirname" and
    message = "Call dirname() is icky. Use path_extract_directory() instead."
  )
}

from FunctionCall call, Function target, string message
where
  call.getTarget() = target and
  potentiallyDangerousFunction(target, message)
select call, message
Commit	Line	Data
7ba5ded9	1	/**
c7d70210 FS	2	* vi: sw=2 ts=2 et syntax=ql:
	3	*
	4	* Borrowed from
	5	* https://github.com/Semmle/ql/blob/master/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
	6	*
7ba5ded9 EV	7	* @name Use of potentially dangerous function
7ba5ded9 EV	8	* @description Certain standard library functions are dangerous to call.
c7d70210	9	* @id cpp/potentially-dangerous-function
7ba5ded9 EV	10	* @kind problem
	11	* @problem.severity error
	12	* @precision high
7ba5ded9 EV	13	* @tags reliability
7ba5ded9 EV	14	* security
7ba5ded9 EV	15	*/
	16	import cpp
	17
	18	predicate potentiallyDangerousFunction(Function f, string message) {
	19	(
	20	f.getQualifiedName() = "fgets" and
9b480542	21	message = "Call to fgets() is potentially dangerous. Use read_line() instead."
7ba5ded9 EV	22	) or (
7ba5ded9 EV	23	f.getQualifiedName() = "strtok" and
9b480542 LP	24	message = "Call to strtok() is potentially dangerous. Use extract_first_word() instead."
	25	) or (
	26	f.getQualifiedName() = "strsep" and
	27	message = "Call to strsep() is potentially dangerous. Use extract_first_word() instead."
	28	) or (
	29	f.getQualifiedName() = "dup" and
	30	message = "Call to dup() is potentially dangerous. Use fcntl(fd, FD_DUPFD_CLOEXEC, 3) instead."
	31	) or (
	32	f.getQualifiedName() = "htonl" and
	33	message = "Call to htonl() is confusing. Use htobe32() instead."
	34	) or (
	35	f.getQualifiedName() = "htons" and
	36	message = "Call to htons() is confusing. Use htobe16() instead."
	37	) or (
	38	f.getQualifiedName() = "ntohl" and
	39	message = "Call to ntohl() is confusing. Use be32toh() instead."
	40	) or (
	41	f.getQualifiedName() = "ntohs" and
	42	message = "Call to ntohs() is confusing. Use be16toh() instead."
9ff46ede LP	43	) or (
	44	f.getQualifiedName() = "strerror" and
	45	message = "Call to strerror() is not thread-safe. Use strerror_r() or printf()'s %m format string instead."
e2d0fa6f LP	46	) or (
	47	f.getQualifiedName() = "accept" and
	48	message = "Call to accept() is not O_CLOEXEC-safe. Use accept4() instead."
0b1c6448 LP	49	) or (
	50	f.getQualifiedName() = "dirname" and
	51	message = "Call dirname() is icky. Use path_extract_directory() instead."
7ba5ded9 EV	52	)
	53	}
	54
	55	from FunctionCall call, Function target, string message
	56	where
	57	call.getTarget() = target and
	58	potentiallyDangerousFunction(target, message)
	59	select call, message