Add model of external functions that may throw

rvermeulen · rvermeulen · commit 1c1f63079518 · 2024-02-13T12:27:28.000-08:00
This allows us to extend the queries reasoning
about exceptions that maybe thrown with information
that is not directly retrievable from the source.

For example, standard library functions known to
throw exceptions that are not specified in their
signatures.
diff --git a/cpp/common/src/codingstandards/cpp/exceptions/ExceptionFlowCustomizations.qll b/cpp/common/src/codingstandards/cpp/exceptions/ExceptionFlowCustomizations.qll
@@ -1,9 +1,50 @@
+/*
+ * A library customize models that model the flow of exceptions through the program.
+ */
+
 import cpp
 private import codingstandards.cpp.exceptions.ExceptionFlow
 
 /** A `ThrowingExpr` which is the origin of a exceptions in the program. */
 abstract class OriginThrowingExpr extends ThrowingExpr { }
 
+/**
+ * A `FunctionCall` to an external function without an exception specification that *
+ *  may throw an exception.
+ */
+abstract class ExternalUnderspecifiedFunctionCallThrowingExpr extends FunctionCall, ThrowingExpr { }
+
+/**
+ * An extensible predicate that describes functions that when called may throw an exception.
+ */
+extensible predicate throwingFunctionModel(
+  string functionNamespaceQualifier, string functionTypeQualifier, string functionName,
+  string exceptionNamespaceQualifier, string exceptionType
+);
+
+/**
+ * A `FunctionCall` that may throw an exception of type `ExceptionType` as provded by
+ * the extensible predicate `throwingFunctionModel`.
+ */
+private class ExternalFunctionCallThrowingExpr extends FunctionCall, ThrowingExpr {
+  ExceptionType exceptionType;
+
+  ExternalFunctionCallThrowingExpr() {
+    exists(
+      string functionNamespaceQualifier, string functionTypeQualifier, string functionName,
+      string exceptionNamespaceQualifier, string exceptionTypeSpec
+    |
+      throwingFunctionModel(functionNamespaceQualifier, functionTypeQualifier, functionName,
+        exceptionNamespaceQualifier, exceptionTypeSpec) and
+      this.getTarget()
+          .hasQualifiedName(functionNamespaceQualifier, functionTypeQualifier, functionName) and
+      exceptionType.(Class).hasQualifiedName(exceptionNamespaceQualifier, exceptionTypeSpec)
+    )
+  }
+
+  override ExceptionType getAnExceptionType() { result = exceptionType }
+}
+
 /** An expression which directly throws. */
 class DirectThrowExprThrowingExpr extends DirectThrowExpr, OriginThrowingExpr {
   override ExceptionType getAnExceptionType() { result = getExceptionType() }
@@ -46,6 +87,10 @@ class FunctionCallThrowingExpr extends FunctionCall, ThrowingExpr {
         isNoExceptTrue(target)
       )
     )
+    or
+    result = this.(ExternalUnderspecifiedFunctionCallThrowingExpr).getAnExceptionType()
+    or
+    result = this.(ExternalFunctionCallThrowingExpr).getAnExceptionType()
   }
 }
 
diff --git a/cpp/common/src/ext/stdc++.model.yml b/cpp/common/src/ext/stdc++.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/common-cpp-coding-standards
+      extensible: throwingFunctionModel
+    data:
+      - ["std", "basic_string", "append", "std", "out_of_range"] 
+      - ["std", "basic_string", "reserve", "std", "length_error"] 
diff --git a/cpp/common/src/qlpack.yml b/cpp/common/src/qlpack.yml
@@ -3,3 +3,5 @@ version: 2.22.0-dev
 license: MIT
 dependencies:
   codeql/cpp-all: 0.9.3
+dataExtensions:
+  - ext/*.model.yml
