Skip to content

Commit 899ae90

Browse files
geoffw0geoffw0
committed
C++: Add GVN.
1 parent 0bb9a95 commit 899ae90

File tree

3 files changed

+3
-7
lines changed

3 files changed

+3
-7
lines changed

cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212

1313
import cpp
1414
import semmle.code.cpp.dataflow.TaintTracking
15+
import semmle.code.cpp.valuenumbering.GlobalValueNumbering
1516
import DataFlow::PathGraph
1617

1718
/**
@@ -61,7 +62,7 @@ class HttpStringToUrlOpenConfig extends TaintTracking::Configuration {
6162
// block taint starting at `strstr`, which is likely testing an existing URL, rather than constructing an HTTP URL.
6263
not exists(FunctionCall fc |
6364
fc.getTarget().getName() = ["strstr", "strcasestr"] and
64-
fc.getAnArgument() = src.asExpr()
65+
fc.getArgument(1) = globalValueNumber(src.asExpr()).getAnExpr()
6566
)
6667
}
6768

cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/UseOfHttp.expected

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,6 @@ edges
77
| test.cpp:40:11:40:17 | access to array | test.cpp:11:26:11:28 | url |
88
| test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | buffer |
99
| test.cpp:49:11:49:16 | buffer | test.cpp:11:26:11:28 | url |
10-
| test.cpp:93:28:93:36 | http:// | test.cpp:104:11:104:13 | ptr |
11-
| test.cpp:104:11:104:13 | ptr | test.cpp:11:26:11:28 | url |
1210
| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr |
1311
| test.cpp:121:11:121:13 | ptr | test.cpp:11:26:11:28 | url |
1412
nodes
@@ -21,8 +19,6 @@ nodes
2119
| test.cpp:40:11:40:17 | access to array | semmle.label | access to array |
2220
| test.cpp:46:18:46:26 | http:// | semmle.label | http:// |
2321
| test.cpp:49:11:49:16 | buffer | semmle.label | buffer |
24-
| test.cpp:93:28:93:36 | http:// | semmle.label | http:// |
25-
| test.cpp:104:11:104:13 | ptr | semmle.label | ptr |
2622
| test.cpp:110:21:110:40 | http://example.com | semmle.label | http://example.com |
2723
| test.cpp:121:11:121:13 | ptr | semmle.label | ptr |
2824
subpaths
@@ -31,5 +27,4 @@ subpaths
3127
| test.cpp:35:23:35:42 | http://example.com | test.cpp:35:23:35:42 | http://example.com | test.cpp:15:30:15:32 | url | A URL may be constructed with the HTTP protocol. |
3228
| test.cpp:36:26:36:45 | http://example.com | test.cpp:36:26:36:45 | http://example.com | test.cpp:15:30:15:32 | url | A URL may be constructed with the HTTP protocol. |
3329
| test.cpp:46:18:46:26 | http:// | test.cpp:46:18:46:26 | http:// | test.cpp:15:30:15:32 | url | A URL may be constructed with the HTTP protocol. |
34-
| test.cpp:93:28:93:36 | http:// | test.cpp:93:28:93:36 | http:// | test.cpp:15:30:15:32 | url | A URL may be constructed with the HTTP protocol. |
3530
| test.cpp:110:21:110:40 | http://example.com | test.cpp:110:21:110:40 | http://example.com | test.cpp:15:30:15:32 | url | A URL may be constructed with the HTTP protocol. |

cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/test.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -90,7 +90,7 @@ void test3(char *url)
9090
void test4(char *url)
9191
{
9292
const char *https_string = "https://"; // GOOD (https)
93-
const char *http_string = "http://"; // GOOD (we are not constructing the URL) [FALSE POSITIVE]
93+
const char *http_string = "http://"; // GOOD (we are not constructing the URL)
9494
char *ptr;
9595

9696
ptr = strstr(url, https_string);

0 commit comments

Comments
 (0)