Fixed #2005 (refactoring dangerous / obsolete functions checks)

This commit is contained in:
Debrard Sébastien 2010-08-31 18:58:01 +02:00 committed by Daniel Marjamäki
parent 4463f650d0
commit 071f7d5f34
7 changed files with 18 additions and 273 deletions

View File

@ -13,7 +13,6 @@ MAN_SOURCE=man/cppcheck.1.xml
LIBOBJ = lib/checkautovariables.o \ LIBOBJ = lib/checkautovariables.o \
lib/checkbufferoverrun.o \ lib/checkbufferoverrun.o \
lib/checkclass.o \ lib/checkclass.o \
lib/checkdangerousfunctions.o \
lib/checkexceptionsafety.o \ lib/checkexceptionsafety.o \
lib/checkmemoryleak.o \ lib/checkmemoryleak.o \
lib/checkobsoletefunctions.o \ lib/checkobsoletefunctions.o \
@ -43,7 +42,6 @@ TESTOBJ = test/testautovariables.o \
test/testclass.o \ test/testclass.o \
test/testconstructors.o \ test/testconstructors.o \
test/testcppcheck.o \ test/testcppcheck.o \
test/testdangerousfunctions.o \
test/testdivision.o \ test/testdivision.o \
test/testexceptionsafety.o \ test/testexceptionsafety.o \
test/testfilelister.o \ test/testfilelister.o \
@ -109,9 +107,6 @@ lib/checkbufferoverrun.o: lib/checkbufferoverrun.cpp lib/checkbufferoverrun.h li
lib/checkclass.o: lib/checkclass.cpp lib/checkclass.h lib/check.h lib/token.h lib/tokenize.h lib/classinfo.h lib/settings.h lib/errorlogger.h lib/checkclass.o: lib/checkclass.cpp lib/checkclass.h lib/check.h lib/token.h lib/tokenize.h lib/classinfo.h lib/settings.h lib/errorlogger.h
$(CXX) $(CXXFLAGS) -Ilib -c -o lib/checkclass.o lib/checkclass.cpp $(CXX) $(CXXFLAGS) -Ilib -c -o lib/checkclass.o lib/checkclass.cpp
lib/checkdangerousfunctions.o: lib/checkdangerousfunctions.cpp lib/checkdangerousfunctions.h lib/check.h lib/token.h lib/tokenize.h lib/classinfo.h lib/settings.h lib/errorlogger.h
$(CXX) $(CXXFLAGS) -Ilib -c -o lib/checkdangerousfunctions.o lib/checkdangerousfunctions.cpp
lib/checkexceptionsafety.o: lib/checkexceptionsafety.cpp lib/checkexceptionsafety.h lib/check.h lib/token.h lib/tokenize.h lib/classinfo.h lib/settings.h lib/errorlogger.h lib/checkexceptionsafety.o: lib/checkexceptionsafety.cpp lib/checkexceptionsafety.h lib/check.h lib/token.h lib/tokenize.h lib/classinfo.h lib/settings.h lib/errorlogger.h
$(CXX) $(CXXFLAGS) -Ilib -c -o lib/checkexceptionsafety.o lib/checkexceptionsafety.cpp $(CXX) $(CXXFLAGS) -Ilib -c -o lib/checkexceptionsafety.o lib/checkexceptionsafety.cpp
@ -193,9 +188,6 @@ test/testconstructors.o: test/testconstructors.cpp lib/tokenize.h lib/classinfo.
test/testcppcheck.o: test/testcppcheck.cpp lib/cppcheck.h lib/settings.h lib/errorlogger.h lib/checkunusedfunctions.h lib/check.h lib/token.h lib/tokenize.h lib/classinfo.h test/testsuite.h lib/path.h test/tinyxml/tinyxml.h test/tinyxml/tinystr.h test/testcppcheck.o: test/testcppcheck.cpp lib/cppcheck.h lib/settings.h lib/errorlogger.h lib/checkunusedfunctions.h lib/check.h lib/token.h lib/tokenize.h lib/classinfo.h test/testsuite.h lib/path.h test/tinyxml/tinyxml.h test/tinyxml/tinystr.h
$(CXX) $(CXXFLAGS) -Ilib -Icli -c -o test/testcppcheck.o test/testcppcheck.cpp $(CXX) $(CXXFLAGS) -Ilib -Icli -c -o test/testcppcheck.o test/testcppcheck.cpp
test/testdangerousfunctions.o: test/testdangerousfunctions.cpp lib/tokenize.h lib/classinfo.h lib/token.h lib/checkdangerousfunctions.h lib/check.h lib/settings.h lib/errorlogger.h test/testsuite.h
$(CXX) $(CXXFLAGS) -Ilib -Icli -c -o test/testdangerousfunctions.o test/testdangerousfunctions.cpp
test/testdivision.o: test/testdivision.cpp lib/tokenize.h lib/classinfo.h lib/token.h lib/checkother.h lib/check.h lib/settings.h lib/errorlogger.h test/testsuite.h test/testdivision.o: test/testdivision.cpp lib/tokenize.h lib/classinfo.h lib/token.h lib/checkother.h lib/check.h lib/settings.h lib/errorlogger.h test/testsuite.h
$(CXX) $(CXXFLAGS) -Ilib -Icli -c -o test/testdivision.o test/testdivision.cpp $(CXX) $(CXXFLAGS) -Ilib -Icli -c -o test/testdivision.o test/testdivision.cpp

View File

@ -1,63 +0,0 @@
/*
* Cppcheck - A tool for static C/C++ code analysis
* Copyright (C) 2007-2010 Daniel Marjamäki and Cppcheck team.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
//---------------------------------------------------------------------------
// Dangerous functions
//---------------------------------------------------------------------------
#include "checkdangerousfunctions.h"
//---------------------------------------------------------------------------
// Register this check class (by creating a static instance of it)
namespace
{
CheckDangerousFunctions instance;
}
void CheckDangerousFunctions::dangerousFunctions()
{
if (!_settings->_checkCodingStyle)
return;
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{
if (Token::simpleMatch(tok, "mktemp ("))
{
dangerousFunctionmktemp(tok);
}
else if (Token::simpleMatch(tok, "gets ("))
{
dangerousFunctiongets(tok);
}
}
}
//---------------------------------------------------------------------------
void CheckDangerousFunctions::dangerousFunctionmktemp(const Token *tok)
{
reportError(tok, Severity::style, "dangerousFunctionmktemp", "Found 'mktemp'. You should use 'mkstemp' instead");
}
void CheckDangerousFunctions::dangerousFunctiongets(const Token *tok)
{
reportError(tok, Severity::style, "dangerousFunctiongets", "Found 'gets'. You should use 'fgets' instead\n"
"Using gets can easily cause buffer overflows.");
}

View File

@ -1,82 +0,0 @@
/*
* Cppcheck - A tool for static C/C++ code analysis
* Copyright (C) 2007-2010 Daniel Marjamäki and Cppcheck team.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
//---------------------------------------------------------------------------
#ifndef CheckDangerousFunctionsH
#define CheckDangerousFunctionsH
//---------------------------------------------------------------------------
#include "check.h"
/// @addtogroup Checks
/// @{
/**
* @brief Using dangerous functions that are always insecure to use.
*/
class CheckDangerousFunctions : public Check
{
public:
/** This constructor is used when registering the CheckDangerousFunctions */
CheckDangerousFunctions() : Check()
{ }
/** This constructor is used when running checks. */
CheckDangerousFunctions(const Tokenizer *tokenizer, const Settings *settings, ErrorLogger *errorLogger)
: Check(tokenizer, settings, errorLogger)
{ }
void runSimplifiedChecks(const Tokenizer *tokenizer, const Settings *settings, ErrorLogger *errorLogger)
{
CheckDangerousFunctions checkDangerousFunctions(tokenizer, settings, errorLogger);
checkDangerousFunctions.dangerousFunctions();
}
/** Check for dangerous functions */
void dangerousFunctions();
private:
/** Report Error : Using dangerous function 'mktemp' */
void dangerousFunctionmktemp(const Token *tok);
/** Report Error : Using dangerous function 'gets' */
void dangerousFunctiongets(const Token *tok);
void getErrorMessages()
{
dangerousFunctionmktemp(0);
dangerousFunctiongets(0);
}
std::string name() const
{
return "Dangerous functions (buffer overflows)";
}
std::string classInfo() const
{
return "Warn if any of these dangerous functions are used:\n"
"* mktemp\n"
"* gets\n";
}
};
/// @}
//---------------------------------------------------------------------------
#endif

View File

@ -102,6 +102,8 @@ private:
_obsoleteFunctions.push_back(std::make_pair("vfork","Found obsolete function 'vfork'. It is recommended to use the function 'fork' instead")); _obsoleteFunctions.push_back(std::make_pair("vfork","Found obsolete function 'vfork'. It is recommended to use the function 'fork' instead"));
_obsoleteFunctions.push_back(std::make_pair("wcswcs","Found obsolete function 'wcswcs'. It is recommended to use the function 'wcsstr' instead")); _obsoleteFunctions.push_back(std::make_pair("wcswcs","Found obsolete function 'wcswcs'. It is recommended to use the function 'wcsstr' instead"));
_obsoleteFunctions.push_back(std::make_pair("gets","Found obsolete function 'gets'. It is recommended to use the function 'fgets' instead"));
} }

View File

@ -4,7 +4,6 @@ HEADERS += $$PWD/check.h \
$$PWD/checkautovariables.h \ $$PWD/checkautovariables.h \
$$PWD/checkbufferoverrun.h \ $$PWD/checkbufferoverrun.h \
$$PWD/checkclass.h \ $$PWD/checkclass.h \
$$PWD/checkdangerousfunctions.h \
$$PWD/checkexceptionsafety.h \ $$PWD/checkexceptionsafety.h \
$$PWD/checkmemoryleak.h \ $$PWD/checkmemoryleak.h \
$$PWD/checkobsoletefunctions.h \ $$PWD/checkobsoletefunctions.h \
@ -27,7 +26,6 @@ HEADERS += $$PWD/check.h \
SOURCES += $$PWD/checkautovariables.cpp \ SOURCES += $$PWD/checkautovariables.cpp \
$$PWD/checkbufferoverrun.cpp \ $$PWD/checkbufferoverrun.cpp \
$$PWD/checkclass.cpp \ $$PWD/checkclass.cpp \
$$PWD/checkdangerousfunctions.cpp \
$$PWD/checkexceptionsafety.cpp \ $$PWD/checkexceptionsafety.cpp \
$$PWD/checkmemoryleak.cpp \ $$PWD/checkmemoryleak.cpp \
$$PWD/checkobsoletefunctions.cpp \ $$PWD/checkobsoletefunctions.cpp \

View File

@ -1,116 +0,0 @@
/*
* Cppcheck - A tool for static C/C++ code analysis
* Copyright (C) 2007-2010 Daniel Marjamäki and Cppcheck team.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "tokenize.h"
#include "checkdangerousfunctions.h"
#include "testsuite.h"
#include <sstream>
extern std::ostringstream errout;
class TestDangerousFunctions : public TestFixture
{
public:
TestDangerousFunctions() : TestFixture("TestDangerousFunctions")
{ }
private:
void check(const char code[])
{
// Tokenize..
Tokenizer tokenizer;
std::istringstream istr(code);
tokenizer.tokenize(istr, "test.cpp");
tokenizer.simplifyTokenList();
// Assign variable ids
tokenizer.setVarId();
// Fill function list
tokenizer.fillFunctionList();
// Clear the error buffer..
errout.str("");
// Check for dangerous functions..
Settings settings;
settings._checkCodingStyle = true;
settings.inconclusive = true;
CheckDangerousFunctions checkDangerousFunctions(&tokenizer, &settings, this);
checkDangerousFunctions.dangerousFunctions();
}
void run()
{
TEST_CASE(testmktemp);
TEST_CASE(testgets);
TEST_CASE(testscanf);
}
void testmktemp()
{
check("void f()\n"
"{\n"
" char *x = mktemp(\"/tmp/zxcv\");\n"
"}\n");
ASSERT_EQUALS("[test.cpp:3]: (style) Found 'mktemp'. You should use 'mkstemp' instead\n", errout.str());
check("char * f(const std::string& strVal)\n"
"{\n"
" return(mktemp(strVal.c_str()));\n"
"}\n");
ASSERT_EQUALS("[test.cpp:3]: (style) Found 'mktemp'. You should use 'mkstemp' instead\n", errout.str());
check("char * f(const std::string& strVal)\n"
"{\n"
" return mktemp(strVal.c_str()) ;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:3]: (style) Found 'mktemp'. You should use 'mkstemp' instead\n", errout.str());
}
void testgets()
{
check("void f()\n"
"{\n"
" char *x = gets();\n"
"}\n");
ASSERT_EQUALS("[test.cpp:3]: (style) Found 'gets'. You should use 'fgets' instead\n", errout.str());
}
void testscanf()
{
check("void f()\n"
"{\n"
" char *x;\n"
" scanf(\"%s\", x);\n"
"}\n");
ASSERT_EQUALS("", errout.str());
}
};
REGISTER_TEST(TestDangerousFunctions)

View File

@ -43,7 +43,10 @@ private:
TEST_CASE(testrindex); TEST_CASE(testrindex);
// no false positives for variables // no false positives for variables
TEST_CASE(var); TEST_CASE(testvar);
// dangerous function
TEST_CASE(testgets);
} }
@ -181,7 +184,7 @@ private:
} }
void var() void testvar()
{ {
check("class Fred {\n" check("class Fred {\n"
"public:\n" "public:\n"
@ -191,6 +194,17 @@ private:
ASSERT_EQUALS("", errout.str()); ASSERT_EQUALS("", errout.str());
} }
void testgets()
{
check("void f()\n"
"{\n"
" char *x = gets();\n"
"}\n");
ASSERT_EQUALS("[test.cpp:3]: (style) Found obsolete function 'gets'. It is recommended to use the function 'fgets' instead\n", errout.str());
}
}; };
REGISTER_TEST(TestObsoleteFunctions) REGISTER_TEST(TestObsoleteFunctions)