Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

C++: Omit assign case from cpp/non-constant-format #14039

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

C++: Omit assign case from cpp/non-constant-format #14039

wants to merge 1 commit into from
+0 −2

Conversation

jketema
Copy link
Contributor

@jketema jketema commented Aug 23, 2023
edited

Running the following on 1000 996 MRVA projects gave 1 result:

from FormattingFunctionCall call, Expr formatString
where
  call.getArgument(call.getFormatParameterIndex()) = formatString and
  not exists(DataFlow::Node sink |
    B::NonConstFlow::flowTo(sink) and
    B::isSinkImpl(sink, formatString)
  )
  and
  exists(DataFlow::Node sink |
    A::NonConstFlow::flowTo(sink) and
    A::isSinkImpl(sink, formatString)
  )
select formatString,
  "The format string argument to " + call.getTarget().getName() +
    " should be constant to prevent security issues and other potential errors."

Where both A and B are modules that both contain all the non-constant format code, except that B omits the lines also omitted in this PR. The one result comes from here with the source being the assignment in the if one line above it. However, this is an FP as the (virtual) function only ever returns constant strings without any formatting directives.

DCA shows one missing result on Nelson, but it seems that one is not being flagged up for the reason it should be:

tostring(register char *s, int n)
...
{
    ...
    sf = str_fmt;
    ... [ omitted code includes stores to elements of sf ]
    for(s = s0; s < se; s++)
    {
        t = *(unsigned char *)s;
        sprintf(s1, sf[t], t);
        s1 += strlen(s1);
    }
   ...
}

The query (after modification) highlights two sources:

I agree that this is a TF. However, the reason it's being flagged up is silly, i.e., because an assignment occurs on the right hand side of the the assignment to the element of str_fmt. It seems that the query should actually try to detect whether mutable arrays are used as format strings instead of relying on an accidental occurring assignment on the right-hand side.

@github-actions github-actions bot added the C++ label Aug 23, 2023
@jketema jketema changed the title C++: Omit assign case from cpp/non-constant-format which does not do anything C++: Omit assign case from cpp/non-constant-format Aug 24, 2023
@jketema jketema marked this pull request as ready for review August 24, 2023 09:03
@jketema jketema requested a review from a team as a code owner August 24, 2023 09:03
@jketema
Copy link
Contributor Author

jketema commented Aug 24, 2023
edited

I seemed to have swapped A and B in the MRVA query. Re-running and reverting this to draft for now. Fixed in top-level comment.

@jketema jketema marked this pull request as draft August 24, 2023 09:29
@jketema jketema marked this pull request as ready for review August 24, 2023 11:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
C++
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@jketema