]>
Commit | Line | Data |
---|---|---|
7ba5ded9 EV |
1 | /** |
2 | * @name Use of potentially dangerous function | |
3 | * @description Certain standard library functions are dangerous to call. | |
4 | * @kind problem | |
5 | * @problem.severity error | |
6 | * @precision high | |
7 | * @id cpp/potentially-dangerous-function | |
8 | * @tags reliability | |
9 | * security | |
10 | * | |
11 | * Borrowed from | |
12 | * https://github.com/Semmle/ql/blob/master/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql | |
13 | */ | |
14 | import cpp | |
15 | ||
16 | predicate potentiallyDangerousFunction(Function f, string message) { | |
17 | ( | |
18 | f.getQualifiedName() = "fgets" and | |
9b480542 | 19 | message = "Call to fgets() is potentially dangerous. Use read_line() instead." |
7ba5ded9 EV |
20 | ) or ( |
21 | f.getQualifiedName() = "strtok" and | |
9b480542 LP |
22 | message = "Call to strtok() is potentially dangerous. Use extract_first_word() instead." |
23 | ) or ( | |
24 | f.getQualifiedName() = "strsep" and | |
25 | message = "Call to strsep() is potentially dangerous. Use extract_first_word() instead." | |
26 | ) or ( | |
27 | f.getQualifiedName() = "dup" and | |
28 | message = "Call to dup() is potentially dangerous. Use fcntl(fd, FD_DUPFD_CLOEXEC, 3) instead." | |
29 | ) or ( | |
30 | f.getQualifiedName() = "htonl" and | |
31 | message = "Call to htonl() is confusing. Use htobe32() instead." | |
32 | ) or ( | |
33 | f.getQualifiedName() = "htons" and | |
34 | message = "Call to htons() is confusing. Use htobe16() instead." | |
35 | ) or ( | |
36 | f.getQualifiedName() = "ntohl" and | |
37 | message = "Call to ntohl() is confusing. Use be32toh() instead." | |
38 | ) or ( | |
39 | f.getQualifiedName() = "ntohs" and | |
40 | message = "Call to ntohs() is confusing. Use be16toh() instead." | |
9ff46ede LP |
41 | ) or ( |
42 | f.getQualifiedName() = "strerror" and | |
43 | message = "Call to strerror() is not thread-safe. Use strerror_r() or printf()'s %m format string instead." | |
e2d0fa6f LP |
44 | ) or ( |
45 | f.getQualifiedName() = "accept" and | |
46 | message = "Call to accept() is not O_CLOEXEC-safe. Use accept4() instead." | |
7ba5ded9 EV |
47 | ) |
48 | } | |
49 | ||
50 | from FunctionCall call, Function target, string message | |
51 | where | |
52 | call.getTarget() = target and | |
53 | potentiallyDangerousFunction(target, message) | |
54 | select call, message |