Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CPP: Make more alert-messages follow the style guide #10507

Merged
merged 9 commits into from Sep 24, 2022
Merged

CPP: Make more alert-messages follow the style guide #10507

merged 9 commits into from Sep 24, 2022

Conversation

erik-krogh
Copy link
Contributor

@erik-krogh erik-krogh commented Sep 21, 2022
edited

The tests are failing and that's fine, there is an internal PR where the tests pass (the internal PR updates some expected test outputs).

I've been working on making the alert-messages consistent across languages, and some fan out work from that is ensuring that the alert-messages follow the style guide (which I've also revised).

Fixes done as part of this PR:

  • Add a full stop at the end of the alert-message.
  • Avoid "here", but instead have something more descriptive. (Like "this allocation" or "expression").
  • Not having single-quotes around links (replacing '$@' with $@).
  • Make the alert-message the same as another language.
  • Removing links that linked to the alert-location.
  • Use depends on for taint-tracking queries and flows to for dataflow-queries.
  • Enclose code with single quotes.
  • Start an alert-message with an upper-case letter.

Some of the messages become inconsistent with other languages, but I'm updating one language at a time, so some will get out of sync.

Some other PRs in this series: JS, Py, Rb, Go, Java (draft).
Style guide update.

@erik-krogh erik-krogh added the WIP This is a work-in-progress, do not merge yet! label Sep 21, 2022
github-code-scanning[bot]
github-code-scanning bot found potential problems Sep 21, 2022
View changes
cpp/ql/src/Critical/FileMayNotBeClosed.ql Fixed Show fixed Hide fixed
cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql Fixed Show fixed Hide fixed
cpp/ql/src/Likely Bugs/RedundantNullCheckSimple.ql Fixed Show fixed Hide fixed
cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql Fixed Show fixed Hide fixed
cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql Fixed Show fixed Hide fixed
cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql Fixed Show fixed Hide fixed
cpp/ql/src/Best Practices/Unused Entities/UnusedLocals.ql Outdated
from LocalVariable v, Function f
where
f = v.getFunction() and
not exists(v.getAnAccess()) and
not v.isConst() and // workaround for folded constants
not exists(DeclStmt ds | ds.getADeclaration() = v and ds.isInMacroExpansion()) and // variable declared in a macro expansion
not declarationHasSideEffects(v) and
not exists(AsmStmt s | f = s.getEnclosingFunction()) and
not v.getAnAttribute().getName() = "unused" and
not any(ErrorExpr e).getEnclosingFunction() = f // unextracted expr may use `v`
select v, "Variable " + v.getName() + " is not used"
select v, "Variable " + v.getName() + " is not used."

Check warning

Code scanning / CodeQL

Consistent alert message Warning

The cpp/unused-local-variable query does not have the same alert message as java, py.
@erik-krogh erik-krogh mentioned this pull request Sep 21, 2022
Merged
@erik-krogh erik-krogh added the depends on internal PR This PR should only be merged in sync with an internal Semmle PR label Sep 21, 2022
@erik-krogh erik-krogh force-pushed the cpp-followMsg branch 3 times, most recently from d3f6148 to 045bd00 Compare Sep 22, 2022
github-code-scanning[bot]
github-code-scanning bot found potential problems Sep 22, 2022
View changes
cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql Outdated
from Expr origin, Expr e, string effect, PathNode sourceNode, PathNode sinkNode, Operation op
where
taintedWithPath(origin, e, sourceNode, sinkNode) and
op.getAnOperand() = e and
missingGuard(op, e, effect)
select e, sourceNode, sinkNode,
"$@ flows to here and is used in arithmetic, potentially causing an " + effect + ".", origin,
"User-provided value"
"$@ flows to an operand of an arithmetic expression, potentially causing an " + effect + ".",
origin, "User-provided value"

Check warning

Code scanning / CodeQL

Consistent alert message Warning

The cpp/tainted-arithmetic query does not have the same alert message as java.
cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql Outdated
from
PrintfLikeFunction printf, Expr arg, PathNode sourceNode, PathNode sinkNode,
string printfFunction, Expr userValue, string cause
where
printf.outermostWrapperFunctionCall(arg, printfFunction) and
taintedWithPath(userValue, arg, sourceNode, sinkNode) and
isUserInput(userValue, cause)
select arg, sourceNode, sinkNode,
"The value of this argument may come from $@ and is being used as a formatting argument to " +
printfFunction, userValue, cause
printfFunction + ".", userValue, cause

Check warning

Code scanning / CodeQL

Consistent alert message Warning

The cpp/tainted-format-string query does not have the same alert message as java, js, rb.
cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql Outdated
from
FromSensitiveConfiguration config, SensitiveExpr sensitive, DataFlow::PathNode source,
DataFlow::PathNode sink, SqliteFunctionCall sqliteCall
where
config.hasFlowPath(source, sink) and
source.getNode().asExpr() = sensitive and
sqliteCall.getASource() = sink.getNode().asExpr()
select sqliteCall, source, sink, "This SQLite call may store $@ in a non-encrypted SQLite database",
sensitive, "sensitive information"
select sqliteCall, source, sink,
"This SQLite call may store $@ in a non-encrypted SQLite database.", sensitive,
"sensitive information"

Check warning

Code scanning / CodeQL

Consistent alert message Warning

The cpp/cleartext-storage-database query does not have the same alert message as swift.
cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql Outdated
from
UncontrolledArithConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink,
VariableAccess va, string effect
where
config.hasFlowPath(source, sink) and
sink.getNode().asExpr() = va and
missingGuard(va, effect)
select sink.getNode(), source, sink,
"$@ flows to here and is used in arithmetic, potentially causing an " + effect + ".",
getExpr(source.getNode()), "Uncontrolled value"
"Arithmetic expression depends on an $@, potentially causing an " + effect + ".",
getExpr(source.getNode()), "uncontrolled value"

Check warning

Code scanning / CodeQL

Consistent alert message Warning

The cpp/uncontrolled-arithmetic query does not have the same alert message as java.
@erik-krogh erik-krogh removed the WIP This is a work-in-progress, do not merge yet! label Sep 22, 2022
@erik-krogh erik-krogh marked this pull request as ready for review Sep 22, 2022
@erik-krogh erik-krogh requested a review from a team as a code owner Sep 22, 2022
geoffw0
geoffw0 reviewed Sep 23, 2022
View changes
Copy link
Contributor

@geoffw0 geoffw0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed up to ImproperNullTerminationTainted.ql. Almost all of the changes are adding a full stop at the end of the message (which I approve of). I'll finish my review and try to add some more constructive suggestions in a few places later.

cpp/ql/src/Critical/FileMayNotBeClosed.ql Outdated Show resolved Hide resolved
cpp/ql/src/Critical/MemoryMayNotBeFreed.ql Show resolved Hide resolved
cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql Outdated Show resolved Hide resolved
cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql Outdated Show resolved Hide resolved
geoffw0
geoffw0 approved these changes Sep 23, 2022
View changes
Copy link
Contributor

@geoffw0 geoffw0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. 👍

@erik-krogh erik-krogh merged commit c2b5c39 into github:main Sep 24, 2022
11 of 13 checks passed
This was referenced Sep 26, 2022
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@geoffw0 geoffw0

Assignees
No one assigned
Labels
C++ depends on internal PR This PR should only be merged in sync with an internal Semmle PR documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@erik-krogh @geoffw0