[thirdparty/systemd.git] / .lgtm / cpp-queries / PotentiallyDangerousFunction.ql

/**
 * @name Use of potentially dangerous function
 * @description Certain standard library functions are dangerous to call.
 * @kind problem
 * @problem.severity error
 * @precision high
 * @id cpp/potentially-dangerous-function
 * @tags reliability
 *       security
 *
 * Borrowed from
 * https://github.com/Semmle/ql/blob/master/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
 */
import cpp

predicate potentiallyDangerousFunction(Function f, string message) {
  (
    f.getQualifiedName() = "fgets" and
    message = "Call to fgets() is potentially dangerous. Use read_line() instead."
  ) or (
    f.getQualifiedName() = "strtok" and
    message = "Call to strtok() is potentially dangerous. Use extract_first_word() instead."
  ) or (
    f.getQualifiedName() = "strsep" and
    message = "Call to strsep() is potentially dangerous. Use extract_first_word() instead."
  ) or (
    f.getQualifiedName() = "dup" and
    message = "Call to dup() is potentially dangerous. Use fcntl(fd, FD_DUPFD_CLOEXEC, 3) instead."
  ) or (
    f.getQualifiedName() = "htonl" and
    message = "Call to htonl() is confusing. Use htobe32() instead."
  ) or (
    f.getQualifiedName() = "htons" and
    message = "Call to htons() is confusing. Use htobe16() instead."
  ) or (
    f.getQualifiedName() = "ntohl" and
    message = "Call to ntohl() is confusing. Use be32toh() instead."
  ) or (
    f.getQualifiedName() = "ntohs" and
    message = "Call to ntohs() is confusing. Use be16toh() instead."
  ) or (
    f.getQualifiedName() = "strerror" and
    message = "Call to strerror() is not thread-safe. Use strerror_r() or printf()'s %m format string instead."
  ) or (
    f.getQualifiedName() = "accept" and
    message = "Call to accept() is not O_CLOEXEC-safe. Use accept4() instead."
  )
}

from FunctionCall call, Function target, string message
where
  call.getTarget() = target and
  potentiallyDangerousFunction(target, message)
select call, message
Commit	Line	Data
7ba5ded9 EV	1	/**
	2	* @name Use of potentially dangerous function
	3	* @description Certain standard library functions are dangerous to call.
	4	* @kind problem
	5	* @problem.severity error
	6	* @precision high
	7	* @id cpp/potentially-dangerous-function
	8	* @tags reliability
	9	* security
	10	*
	11	* Borrowed from
	12	* https://github.com/Semmle/ql/blob/master/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
	13	*/
	14	import cpp
	15
	16	predicate potentiallyDangerousFunction(Function f, string message) {
	17	(
	18	f.getQualifiedName() = "fgets" and
9b480542	19	message = "Call to fgets() is potentially dangerous. Use read_line() instead."
7ba5ded9 EV	20	) or (
7ba5ded9 EV	21	f.getQualifiedName() = "strtok" and
9b480542 LP	22	message = "Call to strtok() is potentially dangerous. Use extract_first_word() instead."
	23	) or (
	24	f.getQualifiedName() = "strsep" and
	25	message = "Call to strsep() is potentially dangerous. Use extract_first_word() instead."
	26	) or (
	27	f.getQualifiedName() = "dup" and
	28	message = "Call to dup() is potentially dangerous. Use fcntl(fd, FD_DUPFD_CLOEXEC, 3) instead."
	29	) or (
	30	f.getQualifiedName() = "htonl" and
	31	message = "Call to htonl() is confusing. Use htobe32() instead."
	32	) or (
	33	f.getQualifiedName() = "htons" and
	34	message = "Call to htons() is confusing. Use htobe16() instead."
	35	) or (
	36	f.getQualifiedName() = "ntohl" and
	37	message = "Call to ntohl() is confusing. Use be32toh() instead."
	38	) or (
	39	f.getQualifiedName() = "ntohs" and
	40	message = "Call to ntohs() is confusing. Use be16toh() instead."
9ff46ede LP	41	) or (
	42	f.getQualifiedName() = "strerror" and
	43	message = "Call to strerror() is not thread-safe. Use strerror_r() or printf()'s %m format string instead."
e2d0fa6f LP	44	) or (
	45	f.getQualifiedName() = "accept" and
	46	message = "Call to accept() is not O_CLOEXEC-safe. Use accept4() instead."
7ba5ded9 EV	47	)
	48	}
	49
	50	from FunctionCall call, Function target, string message
	51	where
	52	call.getTarget() = target and
	53	potentiallyDangerousFunction(target, message)
	54	select call, message