Fixed #2005 (refactoring dangerous / obsolete functions checks)
This commit is contained in:
parent
4463f650d0
commit
071f7d5f34
8
Makefile
8
Makefile
|
@ -13,7 +13,6 @@ MAN_SOURCE=man/cppcheck.1.xml
|
||||||
LIBOBJ = lib/checkautovariables.o \
|
LIBOBJ = lib/checkautovariables.o \
|
||||||
lib/checkbufferoverrun.o \
|
lib/checkbufferoverrun.o \
|
||||||
lib/checkclass.o \
|
lib/checkclass.o \
|
||||||
lib/checkdangerousfunctions.o \
|
|
||||||
lib/checkexceptionsafety.o \
|
lib/checkexceptionsafety.o \
|
||||||
lib/checkmemoryleak.o \
|
lib/checkmemoryleak.o \
|
||||||
lib/checkobsoletefunctions.o \
|
lib/checkobsoletefunctions.o \
|
||||||
|
@ -43,7 +42,6 @@ TESTOBJ = test/testautovariables.o \
|
||||||
test/testclass.o \
|
test/testclass.o \
|
||||||
test/testconstructors.o \
|
test/testconstructors.o \
|
||||||
test/testcppcheck.o \
|
test/testcppcheck.o \
|
||||||
test/testdangerousfunctions.o \
|
|
||||||
test/testdivision.o \
|
test/testdivision.o \
|
||||||
test/testexceptionsafety.o \
|
test/testexceptionsafety.o \
|
||||||
test/testfilelister.o \
|
test/testfilelister.o \
|
||||||
|
@ -109,9 +107,6 @@ lib/checkbufferoverrun.o: lib/checkbufferoverrun.cpp lib/checkbufferoverrun.h li
|
||||||
lib/checkclass.o: lib/checkclass.cpp lib/checkclass.h lib/check.h lib/token.h lib/tokenize.h lib/classinfo.h lib/settings.h lib/errorlogger.h
|
lib/checkclass.o: lib/checkclass.cpp lib/checkclass.h lib/check.h lib/token.h lib/tokenize.h lib/classinfo.h lib/settings.h lib/errorlogger.h
|
||||||
$(CXX) $(CXXFLAGS) -Ilib -c -o lib/checkclass.o lib/checkclass.cpp
|
$(CXX) $(CXXFLAGS) -Ilib -c -o lib/checkclass.o lib/checkclass.cpp
|
||||||
|
|
||||||
lib/checkdangerousfunctions.o: lib/checkdangerousfunctions.cpp lib/checkdangerousfunctions.h lib/check.h lib/token.h lib/tokenize.h lib/classinfo.h lib/settings.h lib/errorlogger.h
|
|
||||||
$(CXX) $(CXXFLAGS) -Ilib -c -o lib/checkdangerousfunctions.o lib/checkdangerousfunctions.cpp
|
|
||||||
|
|
||||||
lib/checkexceptionsafety.o: lib/checkexceptionsafety.cpp lib/checkexceptionsafety.h lib/check.h lib/token.h lib/tokenize.h lib/classinfo.h lib/settings.h lib/errorlogger.h
|
lib/checkexceptionsafety.o: lib/checkexceptionsafety.cpp lib/checkexceptionsafety.h lib/check.h lib/token.h lib/tokenize.h lib/classinfo.h lib/settings.h lib/errorlogger.h
|
||||||
$(CXX) $(CXXFLAGS) -Ilib -c -o lib/checkexceptionsafety.o lib/checkexceptionsafety.cpp
|
$(CXX) $(CXXFLAGS) -Ilib -c -o lib/checkexceptionsafety.o lib/checkexceptionsafety.cpp
|
||||||
|
|
||||||
|
@ -193,9 +188,6 @@ test/testconstructors.o: test/testconstructors.cpp lib/tokenize.h lib/classinfo.
|
||||||
test/testcppcheck.o: test/testcppcheck.cpp lib/cppcheck.h lib/settings.h lib/errorlogger.h lib/checkunusedfunctions.h lib/check.h lib/token.h lib/tokenize.h lib/classinfo.h test/testsuite.h lib/path.h test/tinyxml/tinyxml.h test/tinyxml/tinystr.h
|
test/testcppcheck.o: test/testcppcheck.cpp lib/cppcheck.h lib/settings.h lib/errorlogger.h lib/checkunusedfunctions.h lib/check.h lib/token.h lib/tokenize.h lib/classinfo.h test/testsuite.h lib/path.h test/tinyxml/tinyxml.h test/tinyxml/tinystr.h
|
||||||
$(CXX) $(CXXFLAGS) -Ilib -Icli -c -o test/testcppcheck.o test/testcppcheck.cpp
|
$(CXX) $(CXXFLAGS) -Ilib -Icli -c -o test/testcppcheck.o test/testcppcheck.cpp
|
||||||
|
|
||||||
test/testdangerousfunctions.o: test/testdangerousfunctions.cpp lib/tokenize.h lib/classinfo.h lib/token.h lib/checkdangerousfunctions.h lib/check.h lib/settings.h lib/errorlogger.h test/testsuite.h
|
|
||||||
$(CXX) $(CXXFLAGS) -Ilib -Icli -c -o test/testdangerousfunctions.o test/testdangerousfunctions.cpp
|
|
||||||
|
|
||||||
test/testdivision.o: test/testdivision.cpp lib/tokenize.h lib/classinfo.h lib/token.h lib/checkother.h lib/check.h lib/settings.h lib/errorlogger.h test/testsuite.h
|
test/testdivision.o: test/testdivision.cpp lib/tokenize.h lib/classinfo.h lib/token.h lib/checkother.h lib/check.h lib/settings.h lib/errorlogger.h test/testsuite.h
|
||||||
$(CXX) $(CXXFLAGS) -Ilib -Icli -c -o test/testdivision.o test/testdivision.cpp
|
$(CXX) $(CXXFLAGS) -Ilib -Icli -c -o test/testdivision.o test/testdivision.cpp
|
||||||
|
|
||||||
|
|
|
@ -1,63 +0,0 @@
|
||||||
/*
|
|
||||||
* Cppcheck - A tool for static C/C++ code analysis
|
|
||||||
* Copyright (C) 2007-2010 Daniel Marjamäki and Cppcheck team.
|
|
||||||
*
|
|
||||||
* This program is free software: you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU General Public License as published by
|
|
||||||
* the Free Software Foundation, either version 3 of the License, or
|
|
||||||
* (at your option) any later version.
|
|
||||||
*
|
|
||||||
* This program is distributed in the hope that it will be useful,
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
* GNU General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License
|
|
||||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
*/
|
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
|
||||||
// Dangerous functions
|
|
||||||
//---------------------------------------------------------------------------
|
|
||||||
|
|
||||||
#include "checkdangerousfunctions.h"
|
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
|
||||||
|
|
||||||
|
|
||||||
// Register this check class (by creating a static instance of it)
|
|
||||||
namespace
|
|
||||||
{
|
|
||||||
CheckDangerousFunctions instance;
|
|
||||||
}
|
|
||||||
|
|
||||||
void CheckDangerousFunctions::dangerousFunctions()
|
|
||||||
{
|
|
||||||
if (!_settings->_checkCodingStyle)
|
|
||||||
return;
|
|
||||||
|
|
||||||
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
|
|
||||||
{
|
|
||||||
if (Token::simpleMatch(tok, "mktemp ("))
|
|
||||||
{
|
|
||||||
dangerousFunctionmktemp(tok);
|
|
||||||
}
|
|
||||||
else if (Token::simpleMatch(tok, "gets ("))
|
|
||||||
{
|
|
||||||
dangerousFunctiongets(tok);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
//---------------------------------------------------------------------------
|
|
||||||
|
|
||||||
|
|
||||||
void CheckDangerousFunctions::dangerousFunctionmktemp(const Token *tok)
|
|
||||||
{
|
|
||||||
reportError(tok, Severity::style, "dangerousFunctionmktemp", "Found 'mktemp'. You should use 'mkstemp' instead");
|
|
||||||
}
|
|
||||||
|
|
||||||
void CheckDangerousFunctions::dangerousFunctiongets(const Token *tok)
|
|
||||||
{
|
|
||||||
reportError(tok, Severity::style, "dangerousFunctiongets", "Found 'gets'. You should use 'fgets' instead\n"
|
|
||||||
"Using gets can easily cause buffer overflows.");
|
|
||||||
}
|
|
|
@ -1,82 +0,0 @@
|
||||||
/*
|
|
||||||
* Cppcheck - A tool for static C/C++ code analysis
|
|
||||||
* Copyright (C) 2007-2010 Daniel Marjamäki and Cppcheck team.
|
|
||||||
*
|
|
||||||
* This program is free software: you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU General Public License as published by
|
|
||||||
* the Free Software Foundation, either version 3 of the License, or
|
|
||||||
* (at your option) any later version.
|
|
||||||
*
|
|
||||||
* This program is distributed in the hope that it will be useful,
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
* GNU General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License
|
|
||||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
//---------------------------------------------------------------------------
|
|
||||||
#ifndef CheckDangerousFunctionsH
|
|
||||||
#define CheckDangerousFunctionsH
|
|
||||||
//---------------------------------------------------------------------------
|
|
||||||
|
|
||||||
#include "check.h"
|
|
||||||
|
|
||||||
/// @addtogroup Checks
|
|
||||||
/// @{
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @brief Using dangerous functions that are always insecure to use.
|
|
||||||
*/
|
|
||||||
|
|
||||||
class CheckDangerousFunctions : public Check
|
|
||||||
{
|
|
||||||
public:
|
|
||||||
/** This constructor is used when registering the CheckDangerousFunctions */
|
|
||||||
CheckDangerousFunctions() : Check()
|
|
||||||
{ }
|
|
||||||
|
|
||||||
/** This constructor is used when running checks. */
|
|
||||||
CheckDangerousFunctions(const Tokenizer *tokenizer, const Settings *settings, ErrorLogger *errorLogger)
|
|
||||||
: Check(tokenizer, settings, errorLogger)
|
|
||||||
{ }
|
|
||||||
|
|
||||||
void runSimplifiedChecks(const Tokenizer *tokenizer, const Settings *settings, ErrorLogger *errorLogger)
|
|
||||||
{
|
|
||||||
CheckDangerousFunctions checkDangerousFunctions(tokenizer, settings, errorLogger);
|
|
||||||
checkDangerousFunctions.dangerousFunctions();
|
|
||||||
}
|
|
||||||
|
|
||||||
/** Check for dangerous functions */
|
|
||||||
void dangerousFunctions();
|
|
||||||
|
|
||||||
private:
|
|
||||||
/** Report Error : Using dangerous function 'mktemp' */
|
|
||||||
void dangerousFunctionmktemp(const Token *tok);
|
|
||||||
/** Report Error : Using dangerous function 'gets' */
|
|
||||||
void dangerousFunctiongets(const Token *tok);
|
|
||||||
|
|
||||||
void getErrorMessages()
|
|
||||||
{
|
|
||||||
dangerousFunctionmktemp(0);
|
|
||||||
dangerousFunctiongets(0);
|
|
||||||
}
|
|
||||||
|
|
||||||
std::string name() const
|
|
||||||
{
|
|
||||||
return "Dangerous functions (buffer overflows)";
|
|
||||||
}
|
|
||||||
|
|
||||||
std::string classInfo() const
|
|
||||||
{
|
|
||||||
return "Warn if any of these dangerous functions are used:\n"
|
|
||||||
"* mktemp\n"
|
|
||||||
"* gets\n";
|
|
||||||
}
|
|
||||||
};
|
|
||||||
/// @}
|
|
||||||
//---------------------------------------------------------------------------
|
|
||||||
#endif
|
|
||||||
|
|
|
@ -102,6 +102,8 @@ private:
|
||||||
_obsoleteFunctions.push_back(std::make_pair("vfork","Found obsolete function 'vfork'. It is recommended to use the function 'fork' instead"));
|
_obsoleteFunctions.push_back(std::make_pair("vfork","Found obsolete function 'vfork'. It is recommended to use the function 'fork' instead"));
|
||||||
|
|
||||||
_obsoleteFunctions.push_back(std::make_pair("wcswcs","Found obsolete function 'wcswcs'. It is recommended to use the function 'wcsstr' instead"));
|
_obsoleteFunctions.push_back(std::make_pair("wcswcs","Found obsolete function 'wcswcs'. It is recommended to use the function 'wcsstr' instead"));
|
||||||
|
|
||||||
|
_obsoleteFunctions.push_back(std::make_pair("gets","Found obsolete function 'gets'. It is recommended to use the function 'fgets' instead"));
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,6 @@ HEADERS += $$PWD/check.h \
|
||||||
$$PWD/checkautovariables.h \
|
$$PWD/checkautovariables.h \
|
||||||
$$PWD/checkbufferoverrun.h \
|
$$PWD/checkbufferoverrun.h \
|
||||||
$$PWD/checkclass.h \
|
$$PWD/checkclass.h \
|
||||||
$$PWD/checkdangerousfunctions.h \
|
|
||||||
$$PWD/checkexceptionsafety.h \
|
$$PWD/checkexceptionsafety.h \
|
||||||
$$PWD/checkmemoryleak.h \
|
$$PWD/checkmemoryleak.h \
|
||||||
$$PWD/checkobsoletefunctions.h \
|
$$PWD/checkobsoletefunctions.h \
|
||||||
|
@ -27,7 +26,6 @@ HEADERS += $$PWD/check.h \
|
||||||
SOURCES += $$PWD/checkautovariables.cpp \
|
SOURCES += $$PWD/checkautovariables.cpp \
|
||||||
$$PWD/checkbufferoverrun.cpp \
|
$$PWD/checkbufferoverrun.cpp \
|
||||||
$$PWD/checkclass.cpp \
|
$$PWD/checkclass.cpp \
|
||||||
$$PWD/checkdangerousfunctions.cpp \
|
|
||||||
$$PWD/checkexceptionsafety.cpp \
|
$$PWD/checkexceptionsafety.cpp \
|
||||||
$$PWD/checkmemoryleak.cpp \
|
$$PWD/checkmemoryleak.cpp \
|
||||||
$$PWD/checkobsoletefunctions.cpp \
|
$$PWD/checkobsoletefunctions.cpp \
|
||||||
|
|
|
@ -1,116 +0,0 @@
|
||||||
/*
|
|
||||||
* Cppcheck - A tool for static C/C++ code analysis
|
|
||||||
* Copyright (C) 2007-2010 Daniel Marjamäki and Cppcheck team.
|
|
||||||
*
|
|
||||||
* This program is free software: you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU General Public License as published by
|
|
||||||
* the Free Software Foundation, either version 3 of the License, or
|
|
||||||
* (at your option) any later version.
|
|
||||||
*
|
|
||||||
* This program is distributed in the hope that it will be useful,
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
* GNU General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License
|
|
||||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#include "tokenize.h"
|
|
||||||
#include "checkdangerousfunctions.h"
|
|
||||||
#include "testsuite.h"
|
|
||||||
|
|
||||||
#include <sstream>
|
|
||||||
|
|
||||||
extern std::ostringstream errout;
|
|
||||||
|
|
||||||
class TestDangerousFunctions : public TestFixture
|
|
||||||
{
|
|
||||||
public:
|
|
||||||
TestDangerousFunctions() : TestFixture("TestDangerousFunctions")
|
|
||||||
{ }
|
|
||||||
|
|
||||||
private:
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
void check(const char code[])
|
|
||||||
{
|
|
||||||
// Tokenize..
|
|
||||||
Tokenizer tokenizer;
|
|
||||||
std::istringstream istr(code);
|
|
||||||
tokenizer.tokenize(istr, "test.cpp");
|
|
||||||
tokenizer.simplifyTokenList();
|
|
||||||
|
|
||||||
// Assign variable ids
|
|
||||||
tokenizer.setVarId();
|
|
||||||
|
|
||||||
// Fill function list
|
|
||||||
tokenizer.fillFunctionList();
|
|
||||||
|
|
||||||
// Clear the error buffer..
|
|
||||||
errout.str("");
|
|
||||||
|
|
||||||
// Check for dangerous functions..
|
|
||||||
Settings settings;
|
|
||||||
settings._checkCodingStyle = true;
|
|
||||||
settings.inconclusive = true;
|
|
||||||
CheckDangerousFunctions checkDangerousFunctions(&tokenizer, &settings, this);
|
|
||||||
checkDangerousFunctions.dangerousFunctions();
|
|
||||||
}
|
|
||||||
|
|
||||||
void run()
|
|
||||||
{
|
|
||||||
TEST_CASE(testmktemp);
|
|
||||||
TEST_CASE(testgets);
|
|
||||||
TEST_CASE(testscanf);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
void testmktemp()
|
|
||||||
{
|
|
||||||
check("void f()\n"
|
|
||||||
"{\n"
|
|
||||||
" char *x = mktemp(\"/tmp/zxcv\");\n"
|
|
||||||
"}\n");
|
|
||||||
ASSERT_EQUALS("[test.cpp:3]: (style) Found 'mktemp'. You should use 'mkstemp' instead\n", errout.str());
|
|
||||||
|
|
||||||
check("char * f(const std::string& strVal)\n"
|
|
||||||
"{\n"
|
|
||||||
" return(mktemp(strVal.c_str()));\n"
|
|
||||||
"}\n");
|
|
||||||
ASSERT_EQUALS("[test.cpp:3]: (style) Found 'mktemp'. You should use 'mkstemp' instead\n", errout.str());
|
|
||||||
|
|
||||||
check("char * f(const std::string& strVal)\n"
|
|
||||||
"{\n"
|
|
||||||
" return mktemp(strVal.c_str()) ;\n"
|
|
||||||
"}\n");
|
|
||||||
ASSERT_EQUALS("[test.cpp:3]: (style) Found 'mktemp'. You should use 'mkstemp' instead\n", errout.str());
|
|
||||||
}
|
|
||||||
|
|
||||||
void testgets()
|
|
||||||
{
|
|
||||||
check("void f()\n"
|
|
||||||
"{\n"
|
|
||||||
" char *x = gets();\n"
|
|
||||||
"}\n");
|
|
||||||
ASSERT_EQUALS("[test.cpp:3]: (style) Found 'gets'. You should use 'fgets' instead\n", errout.str());
|
|
||||||
}
|
|
||||||
|
|
||||||
void testscanf()
|
|
||||||
{
|
|
||||||
check("void f()\n"
|
|
||||||
"{\n"
|
|
||||||
" char *x;\n"
|
|
||||||
" scanf(\"%s\", x);\n"
|
|
||||||
"}\n");
|
|
||||||
ASSERT_EQUALS("", errout.str());
|
|
||||||
}
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
REGISTER_TEST(TestDangerousFunctions)
|
|
||||||
|
|
||||||
|
|
|
@ -43,7 +43,10 @@ private:
|
||||||
TEST_CASE(testrindex);
|
TEST_CASE(testrindex);
|
||||||
|
|
||||||
// no false positives for variables
|
// no false positives for variables
|
||||||
TEST_CASE(var);
|
TEST_CASE(testvar);
|
||||||
|
|
||||||
|
// dangerous function
|
||||||
|
TEST_CASE(testgets);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -181,7 +184,7 @@ private:
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void var()
|
void testvar()
|
||||||
{
|
{
|
||||||
check("class Fred {\n"
|
check("class Fred {\n"
|
||||||
"public:\n"
|
"public:\n"
|
||||||
|
@ -191,6 +194,17 @@ private:
|
||||||
ASSERT_EQUALS("", errout.str());
|
ASSERT_EQUALS("", errout.str());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void testgets()
|
||||||
|
{
|
||||||
|
check("void f()\n"
|
||||||
|
"{\n"
|
||||||
|
" char *x = gets();\n"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("[test.cpp:3]: (style) Found obsolete function 'gets'. It is recommended to use the function 'fgets' instead\n", errout.str());
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
REGISTER_TEST(TestObsoleteFunctions)
|
REGISTER_TEST(TestObsoleteFunctions)
|
||||||
|
|
Loading…
Reference in New Issue