Simplified ENV30-C

mbaluda · mbaluda · commit cb469e60b61d · 2022-08-12T00:52:05.000+02:00
diff --git a/c/cert/src/rules/ENV30-C/DoNotModifyTheReturnValueOfCertainFunctions.ql b/c/cert/src/rules/ENV30-C/DoNotModifyTheReturnValueOfCertainFunctions.ql
@@ -27,26 +27,21 @@ class NotModifiableCall extends FunctionCall {
 }
 
 /*
- * Returns an expression that modifies an object pointed by the return value of a call
- * to one of the `NotModifiableCall` functions.
+ * An expression that modifies an object.
  */
 
-Expr objectModified(NotModifiableCall c) {
-  // the pointed object is reassigned
-  exists(AssignExpr ae |
-    result =
-      [ae.getLValue().(PointerDereferenceExpr), ae.getLValue().(PointerFieldAccess).getQualifier*()] and
-    //exclude overwrite from the same function
-    not ae.getRValue().(FunctionCall).getTarget().getName() = c.getTarget().getName() and
-    //exclude overwriting of localeconv returned object with setlocale() with categories LC_ALL (0) LC_MONETARY (3) LC_NUMERIC (4)
-    not (
-      c.getTarget().getName() = "localeconv" and
-      ae.getRValue().(FunctionCall).getTarget().getName() = "setlocale" and
-      ae.getRValue().(FunctionCall).getArgument(0).getValue() = ["0", "3", "4"]
+class ObjectWrite extends Expr {
+  ObjectWrite() {
+    // the pointed object is reassigned
+    exists(Expr e |
+      e = [any(AssignExpr ae).getLValue(), any(CrementOperation co).getOperand()] and
+      (
+        this = e.(PointerDereferenceExpr).getOperand()
+        or
+        this = e.(PointerFieldAccess).getQualifier()
+      )
     )
-  )
-  or
-  exists(CrementOperation co | result = co.getOperand())
+  }
 }
 
 /**
@@ -59,23 +54,13 @@ class DFConf extends DataFlow::Configuration {
     source.asExpr() instanceof NotModifiableCall
   }
 
-  override predicate isSink(DataFlow::Node sink) { any() }
-
-  // Flow through pointer dereference expressions
-  override predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    exists(PointerDereferenceExpr de |
-      de.getOperand() = node1.asExpr() and
-      de = node2.asExpr()
-    )
-  }
+  override predicate isSink(DataFlow::Node sink) { sink.asExpr() instanceof ObjectWrite }
 }
 
 from DataFlow::PathNode source, DataFlow::PathNode sink
 where
   not isExcluded(sink.getNode().asExpr(),
     Contracts1Package::doNotModifyTheReturnValueOfCertainFunctionsQuery()) and
-  sink != source and
-  sink.getNode().asExpr() = objectModified(source.getNode().asExpr()) and
   // the modified object comes from a call to one of the ENV functions
   any(DFConf d).hasFlowPath(source, sink)
 select sink.getNode(), source, sink,
diff --git a/c/cert/test/rules/ENV30-C/DoNotModifyTheReturnValueOfCertainFunctions.expected b/c/cert/test/rules/ENV30-C/DoNotModifyTheReturnValueOfCertainFunctions.expected
@@ -1,78 +1,16 @@
 edges
-| test.c:5:18:5:22 | c_str | test.c:5:18:5:22 | c_str |
-| test.c:5:18:5:22 | c_str | test.c:5:18:5:22 | c_str |
-| test.c:5:18:5:22 | c_str | test.c:6:10:6:15 | * ... |
-| test.c:5:18:5:22 | c_str | test.c:6:11:6:15 | c_str |
-| test.c:5:18:5:22 | c_str | test.c:7:9:7:14 | * ... |
-| test.c:5:18:5:22 | c_str | test.c:7:10:7:14 | c_str |
-| test.c:5:18:5:22 | c_str | test.c:8:7:8:12 | * ... |
 | test.c:5:18:5:22 | c_str | test.c:8:8:8:12 | c_str |
-| test.c:5:18:5:22 | c_str | test.c:10:7:10:11 | c_str |
-| test.c:15:16:15:21 | call to getenv | test.c:17:3:17:20 | ... = ... |
-| test.c:15:16:15:21 | call to getenv | test.c:17:17:17:20 | env1 |
-| test.c:15:16:15:21 | call to getenv | test.c:19:7:19:10 | env1 |
 | test.c:15:16:15:21 | call to getenv | test.c:21:9:21:12 | env1 |
-| test.c:15:16:15:21 | call to getenv | test.c:21:9:21:12 | env1 |
-| test.c:21:9:21:12 | env1 | test.c:5:18:5:22 | c_str |
 | test.c:21:9:21:12 | env1 | test.c:5:18:5:22 | c_str |
-| test.c:21:9:21:12 | env1 | test.c:21:9:21:12 | ref arg env1 |
-| test.c:28:10:28:15 | call to getenv | test.c:28:3:28:27 | ... = ... |
-| test.c:28:10:28:15 | call to getenv | test.c:29:7:29:10 | env2 |
-| test.c:28:10:28:15 | call to getenv | test.c:32:39:32:42 | env2 |
-| test.c:28:10:28:15 | call to getenv | test.c:36:23:36:26 | env2 |
-| test.c:44:10:44:15 | call to getenv | test.c:44:3:44:27 | ... = ... |
-| test.c:44:10:44:15 | call to getenv | test.c:45:7:45:10 | env3 |
-| test.c:44:10:44:15 | call to getenv | test.c:48:24:48:27 | env3 |
-| test.c:60:11:60:19 | call to setlocale | test.c:60:3:60:32 | ... = ... |
-| test.c:60:11:60:19 | call to setlocale | test.c:62:15:62:19 | conv4 |
-| test.c:60:11:60:19 | call to setlocale | test.c:63:5:63:9 | conv4 |
-| test.c:68:31:68:40 | call to localeconv | test.c:69:7:69:11 | conv5 |
-| test.c:68:31:68:40 | call to localeconv | test.c:76:24:76:28 | conv5 |
+| test.c:61:11:61:20 | call to localeconv | test.c:64:5:64:9 | conv4 |
 nodes
 | test.c:5:18:5:22 | c_str | semmle.label | c_str |
-| test.c:5:18:5:22 | c_str | semmle.label | c_str |
-| test.c:5:18:5:22 | c_str | semmle.label | c_str |
-| test.c:5:18:5:22 | c_str | semmle.label | c_str |
-| test.c:6:10:6:15 | * ... | semmle.label | * ... |
-| test.c:6:11:6:15 | c_str | semmle.label | c_str |
-| test.c:7:9:7:14 | * ... | semmle.label | * ... |
-| test.c:7:10:7:14 | c_str | semmle.label | c_str |
-| test.c:8:7:8:12 | * ... | semmle.label | * ... |
 | test.c:8:8:8:12 | c_str | semmle.label | c_str |
-| test.c:10:7:10:11 | c_str | semmle.label | c_str |
-| test.c:15:16:15:21 | call to getenv | semmle.label | call to getenv |
 | test.c:15:16:15:21 | call to getenv | semmle.label | call to getenv |
-| test.c:17:3:17:20 | ... = ... | semmle.label | ... = ... |
-| test.c:17:17:17:20 | env1 | semmle.label | env1 |
-| test.c:19:7:19:10 | env1 | semmle.label | env1 |
-| test.c:21:9:21:12 | env1 | semmle.label | env1 |
 | test.c:21:9:21:12 | env1 | semmle.label | env1 |
-| test.c:21:9:21:12 | ref arg env1 | semmle.label | ref arg env1 |
-| test.c:28:3:28:27 | ... = ... | semmle.label | ... = ... |
-| test.c:28:10:28:15 | call to getenv | semmle.label | call to getenv |
-| test.c:28:10:28:15 | call to getenv | semmle.label | call to getenv |
-| test.c:29:7:29:10 | env2 | semmle.label | env2 |
-| test.c:32:39:32:42 | env2 | semmle.label | env2 |
-| test.c:36:23:36:26 | env2 | semmle.label | env2 |
-| test.c:44:3:44:27 | ... = ... | semmle.label | ... = ... |
-| test.c:44:10:44:15 | call to getenv | semmle.label | call to getenv |
-| test.c:44:10:44:15 | call to getenv | semmle.label | call to getenv |
-| test.c:45:7:45:10 | env3 | semmle.label | env3 |
-| test.c:48:24:48:27 | env3 | semmle.label | env3 |
-| test.c:58:25:58:34 | call to localeconv | semmle.label | call to localeconv |
-| test.c:60:3:60:32 | ... = ... | semmle.label | ... = ... |
-| test.c:60:11:60:19 | call to setlocale | semmle.label | call to setlocale |
-| test.c:60:11:60:19 | call to setlocale | semmle.label | call to setlocale |
-| test.c:62:15:62:19 | conv4 | semmle.label | conv4 |
-| test.c:63:5:63:9 | conv4 | semmle.label | conv4 |
-| test.c:68:31:68:40 | call to localeconv | semmle.label | call to localeconv |
-| test.c:68:31:68:40 | call to localeconv | semmle.label | call to localeconv |
-| test.c:69:7:69:11 | conv5 | semmle.label | conv5 |
-| test.c:76:24:76:28 | conv5 | semmle.label | conv5 |
+| test.c:61:11:61:20 | call to localeconv | semmle.label | call to localeconv |
+| test.c:64:5:64:9 | conv4 | semmle.label | conv4 |
 subpaths
-| test.c:21:9:21:12 | env1 | test.c:5:18:5:22 | c_str | test.c:5:18:5:22 | c_str | test.c:21:9:21:12 | ref arg env1 |
-| test.c:21:9:21:12 | env1 | test.c:5:18:5:22 | c_str | test.c:5:18:5:22 | c_str | test.c:21:9:21:12 | ref arg env1 |
 #select
-| test.c:8:7:8:12 | * ... | test.c:15:16:15:21 | call to getenv | test.c:8:7:8:12 | * ... | The object returned by the function getenv should no be modified. |
-| test.c:10:7:10:11 | c_str | test.c:15:16:15:21 | call to getenv | test.c:10:7:10:11 | c_str | The object returned by the function getenv should no be modified. |
-| test.c:63:5:63:9 | conv4 | test.c:60:11:60:19 | call to setlocale | test.c:63:5:63:9 | conv4 | The object returned by the function setlocale should no be modified. |
+| test.c:8:8:8:12 | c_str | test.c:15:16:15:21 | call to getenv | test.c:8:8:8:12 | c_str | The object returned by the function getenv should no be modified. |
+| test.c:64:5:64:9 | conv4 | test.c:61:11:61:20 | call to localeconv | test.c:64:5:64:9 | conv4 | The object returned by the function localeconv should no be modified. |
diff --git a/c/cert/test/rules/ENV30-C/test.c b/c/cert/test/rules/ENV30-C/test.c
@@ -7,7 +7,7 @@ void trstr(char *c_str, char orig, char rep) {
     if (*c_str == orig) {
       *c_str = rep; // NON_COMPLIANT
     }
-    ++c_str; // NON_COMPLIANT
+    ++c_str;
   }
 }
 
@@ -57,7 +57,8 @@ void f3(void) {
 void f4(void) {
   struct lconv *conv4 = localeconv();
 
-  conv4 = setlocale(LC_ALL, "C"); // COMPLIANT
+  setlocale(LC_ALL, "C"); // COMPLIANT
+  conv4 = localeconv();   // COMPLIANT
 
   if ('\0' == conv4->decimal_point[0]) {
     conv4->decimal_point = "."; // NON_COMPLIANT

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ void trstr(char *c_str, char orig, char rep) {`
`7`	`7`	`if (*c_str == orig) {`
`8`	`8`	`*c_str = rep; // NON_COMPLIANT`
`9`	`9`	`}`
`10`		`- ++c_str; // NON_COMPLIANT`
	`10`	`+ ++c_str;`
`11`	`11`	`}`
`12`	`12`	`}`
`13`	`13`
`@@ -57,7 +57,8 @@ void f3(void) {`
`57`	`57`	`void f4(void) {`
`58`	`58`	`struct lconv *conv4 = localeconv();`
`59`	`59`
`60`		`- conv4 = setlocale(LC_ALL, "C"); // COMPLIANT`
	`60`	`+ setlocale(LC_ALL, "C"); // COMPLIANT`
	`61`	`+ conv4 = localeconv(); // COMPLIANT`
`61`	`62`
`62`	`63`	`if ('\0' == conv4->decimal_point[0]) {`
`63`	`64`	`conv4->decimal_point = "."; // NON_COMPLIANT`