]>
Commit | Line | Data |
---|---|---|
7ba5ded9 | 1 | /** |
c7d70210 FS |
2 | * vi: sw=2 ts=2 et syntax=ql: |
3 | * | |
4 | * Borrowed from | |
5 | * https://github.com/Semmle/ql/blob/master/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql | |
6 | * | |
7ba5ded9 EV |
7 | * @name Use of potentially dangerous function |
8 | * @description Certain standard library functions are dangerous to call. | |
c7d70210 | 9 | * @id cpp/potentially-dangerous-function |
7ba5ded9 EV |
10 | * @kind problem |
11 | * @problem.severity error | |
12 | * @precision high | |
7ba5ded9 EV |
13 | * @tags reliability |
14 | * security | |
7ba5ded9 EV |
15 | */ |
16 | import cpp | |
17 | ||
18 | predicate potentiallyDangerousFunction(Function f, string message) { | |
19 | ( | |
20 | f.getQualifiedName() = "fgets" and | |
9b480542 | 21 | message = "Call to fgets() is potentially dangerous. Use read_line() instead." |
7ba5ded9 EV |
22 | ) or ( |
23 | f.getQualifiedName() = "strtok" and | |
9b480542 LP |
24 | message = "Call to strtok() is potentially dangerous. Use extract_first_word() instead." |
25 | ) or ( | |
26 | f.getQualifiedName() = "strsep" and | |
27 | message = "Call to strsep() is potentially dangerous. Use extract_first_word() instead." | |
28 | ) or ( | |
29 | f.getQualifiedName() = "dup" and | |
30 | message = "Call to dup() is potentially dangerous. Use fcntl(fd, FD_DUPFD_CLOEXEC, 3) instead." | |
31 | ) or ( | |
32 | f.getQualifiedName() = "htonl" and | |
33 | message = "Call to htonl() is confusing. Use htobe32() instead." | |
34 | ) or ( | |
35 | f.getQualifiedName() = "htons" and | |
36 | message = "Call to htons() is confusing. Use htobe16() instead." | |
37 | ) or ( | |
38 | f.getQualifiedName() = "ntohl" and | |
39 | message = "Call to ntohl() is confusing. Use be32toh() instead." | |
40 | ) or ( | |
41 | f.getQualifiedName() = "ntohs" and | |
42 | message = "Call to ntohs() is confusing. Use be16toh() instead." | |
9ff46ede LP |
43 | ) or ( |
44 | f.getQualifiedName() = "strerror" and | |
45 | message = "Call to strerror() is not thread-safe. Use strerror_r() or printf()'s %m format string instead." | |
e2d0fa6f LP |
46 | ) or ( |
47 | f.getQualifiedName() = "accept" and | |
48 | message = "Call to accept() is not O_CLOEXEC-safe. Use accept4() instead." | |
0b1c6448 LP |
49 | ) or ( |
50 | f.getQualifiedName() = "dirname" and | |
51 | message = "Call dirname() is icky. Use path_extract_directory() instead." | |
7ba5ded9 EV |
52 | ) |
53 | } | |
54 | ||
55 | from FunctionCall call, Function target, string message | |
56 | where | |
57 | call.getTarget() = target and | |
58 | potentiallyDangerousFunction(target, message) | |
59 | select call, message |