forked from github/codeql-coding-standards
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathInvalidatedEnvStringPointersWarn.qll
More file actions
33 lines (28 loc) · 1.2 KB
/
InvalidatedEnvStringPointersWarn.qll
File metadata and controls
33 lines (28 loc) · 1.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
/**
* Provides a library which includes a `problems` predicate for reporting
* warnings in handling environment string returned by standard library calls
*/
import cpp
import codingstandards.cpp.Customizations
import codingstandards.cpp.Exclusions
import codingstandards.cpp.rules.invalidatedenvstringpointers.InvalidatedEnvStringPointers as EnvString
abstract class InvalidatedEnvStringPointersWarnSharedQuery extends Query { }
Query getQuery() { result instanceof InvalidatedEnvStringPointersWarnSharedQuery }
class GlobalOrMemberVariable extends Variable {
GlobalOrMemberVariable() { this instanceof GlobalVariable or this instanceof MemberVariable }
}
query predicate problems(
EnvString::GetenvFunctionCall fc, string message, GlobalOrMemberVariable v, string vtext
) {
not isExcluded(fc, getQuery()) and
// Variable `v` is assigned with the `GetenvFunctionCall` return value
(
fc = v.getInitializer().getExpr()
or
exists(Assignment ae | fc = ae.getRValue() and v = ae.getLValue().(VariableAccess).getTarget())
) and
vtext = v.toString() and
message =
"The value of variable $@ might become invalid after a subsequent call to function `" +
fc.getTarget().getName() + "`."
}