walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

input validation: added checking

This commit is contained in:
Daniel Marjamäki 2009-02-19 08:03:14 +00:00
parent a844fa017e
commit 4e1f19a366
7 changed files with 707 additions and 471 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Makefile
View File

@ -12,6 +12,7 @@ OBJECTS = src/checkbufferoverrun.o \
src/checkmemoryleak.o \
src/checkother.o \
src/checkstl.o \
src/checkvalidate.o \
src/cppcheck.o \
src/cppcheckexecutor.o \
src/errorlogger.o \
@ -45,6 +46,7 @@ TESTOBJ = test/testbufferoverrun.o \
test/testtokenize.o \
test/testunusedprivfunc.o \
test/testunusedvar.o \
test/testvalidate.o \
src/checkbufferoverrun.o \
src/checkclass.o \
src/checkdangerousfunctions.o \
@ -53,6 +55,7 @@ TESTOBJ = test/testbufferoverrun.o \
src/checkmemoryleak.o \
src/checkother.o \
src/checkstl.o \
src/checkvalidate.o \
src/cppcheck.o \
src/cppcheckexecutor.o \
src/errorlogger.o \
@ -118,6 +121,9 @@ src/checkother.o: src/checkother.cpp src/checkother.h src/tokenize.h src/setting
src/checkstl.o: src/checkstl.cpp src/checkstl.h src/errorlogger.h src/settings.h src/token.h src/tokenize.h
g++ $(CXXFLAGS) -c -o src/checkstl.o src/checkstl.cpp
src/checkvalidate.o: src/checkvalidate.cpp src/checkvalidate.h src/errorlogger.h src/settings.h src/token.h src/tokenize.h
g++ $(CXXFLAGS) -c -o src/checkvalidate.o src/checkvalidate.cpp
src/cppcheck.o: src/cppcheck.cpp src/cppcheck.h src/settings.h src/errorlogger.h src/checkfunctionusage.h src/tokenize.h src/token.h src/preprocessor.h src/checkmemoryleak.h src/checkbufferoverrun.h src/checkdangerousfunctions.h src/checkclass.h src/checkheaders.h src/checkother.h src/checkstl.h src/filelister.h
g++ $(CXXFLAGS) -c -o src/cppcheck.o src/cppcheck.cpp
@ -214,6 +220,9 @@ test/testunusedprivfunc.o: test/testunusedprivfunc.cpp src/tokenize.h src/settin
test/testunusedvar.o: test/testunusedvar.cpp test/testsuite.h src/errorlogger.h src/settings.h src/tokenize.h src/token.h src/checkother.h
g++ $(CXXFLAGS) -c -o test/testunusedvar.o test/testunusedvar.cpp
test/testvalidate.o: test/testvalidate.cpp src/tokenize.h src/settings.h src/errorlogger.h src/token.h src/checkvalidate.h test/testsuite.h
g++ $(CXXFLAGS) -c -o test/testvalidate.o test/testvalidate.cpp
src/errorlogger.h: tools/errmsg
tools/errmsg
mv errorlogger.h src/

79
src/checkvalidate.cpp Normal file
View File

@ -0,0 +1,79 @@
/*
* Cppcheck - A tool for static C/C++ code analysis
* Copyright (C) 2007-2009 Daniel Marjamäki, Reijo Tomperi, Nicolas Le Cam,
* Leandro Penz, Kimmo Varis
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/
*/
#include "checkvalidate.h"
#include "errorlogger.h"
#include "token.h"
#include "tokenize.h"
CheckValidate::CheckValidate(const Tokenizer *tokenizer, ErrorLogger *errorLogger)
: _tokenizer(tokenizer), _errorLogger(errorLogger)
{
}
CheckValidate::~CheckValidate()
{
}
/**
* Check that there are input validation when reading number from FILE/stream
*/
void CheckValidate::readnum()
{
const Token *tok = _tokenizer->tokens();
while (tok)
{
unsigned int varId = 0;
// Search for a variable declaration
while (tok)
{
if (Token::Match(tok, "int %var% ;"))
{
varId = tok->next()->varId();
break;
}
tok = tok->next();
}
// Skip ahead a little with tok..
tok = tok->tokAt(2);
// Now take a look at the variable usage..
if (varId == 0)
continue;
// Search for bad input..
for (const Token *tok2 = tok; tok2; tok2 = tok2->next())
{
if (Token::Match(tok2, "cin >> %varid%", varId))
_errorLogger->unvalidatedInput(_tokenizer, tok2, tok2->strAt(2));
if (Token::Match(tok2, "fscanf ( %var% , %str% , %varid%", varId))
_errorLogger->unvalidatedInput(_tokenizer, tok2, tok2->strAt(6));
if (Token::Match(tok2, "scanf ( %str% , %varid%", varId))
_errorLogger->unvalidatedInput(_tokenizer, tok2, tok2->strAt(4));
}
}
}

53
src/checkvalidate.h Normal file
View File

@ -0,0 +1,53 @@
/*
* Cppcheck - A tool for static C/C++ code analysis
* Copyright (C) 2007-2009 Daniel Marjamäki, Reijo Tomperi, Nicolas Le Cam,
* Leandro Penz, Kimmo Varis
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/
*/
//---------------------------------------------------------------------------
#ifndef checkvalidateH
#define checkvalidateH
//---------------------------------------------------------------------------
class ErrorLogger;
class Token;
class Tokenizer;
class CheckValidate
{
public:
CheckValidate(const Tokenizer *tokenizer, ErrorLogger *errorLogger);
~CheckValidate();
/** Reading a number from a stream/FILE */
void readnum();
private:
const Tokenizer *_tokenizer;
ErrorLogger *_errorLogger;
/**
* Helper function used by the 'erase' function
* This function parses a loop
* @param it iterator token
*/
void eraseCheckLoop(const Token *it);
};
//---------------------------------------------------------------------------
#endif

9
src/errorlogger.h
View File

@ -459,6 +459,15 @@ public:
return true;
}
void unvalidatedInput(const Tokenizer *tokenizer, const Token *Location, const std::string &varname)
{
_writemsg(tokenizer, Location, "all", "Unvalidated input: " + varname + "", "unvalidatedInput");
}
static bool unvalidatedInput(const Settings &s)
{
return s._showAll;
}
static std::string callStackToString(const std::list<ErrorLogger::ErrorMessage::FileLocation> &callStack);

70
test/testvalidate.cpp Normal file
View File

@ -0,0 +1,70 @@
/*
* Cppcheck - A tool for static C/C++ code analysis
* Copyright (C) 2007-2009 Daniel Marjamäki, Reijo Tomperi, Nicolas Le Cam,
* Leandro Penz, Kimmo Varis
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/
*/
#include "../src/tokenize.h"
#include "../src/checkvalidate.h"
#include "testsuite.h"
#include <sstream>
extern std::ostringstream errout;
class TestValidate : public TestFixture
{
public:
TestValidate() : TestFixture("TestValidate")
{ }
private:
void run()
{
TEST_CASE(stdin1);
}
void check(const char code[])
{
// Tokenize..
Tokenizer tokenizer;
std::istringstream istr(code);
tokenizer.tokenize(istr, "test.cpp");
tokenizer.simplifyTokenList();
// Clear the error buffer..
errout.str("");
// Check char variable usage..
CheckValidate checkValidate(&tokenizer, this);
checkValidate.readnum();
}
void stdin1()
{
check("void foo()\n"
"{\n"
" int i;\n"
" std::cin >> i;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:4]: (all) Unvalidated input: i\n", errout.str());
}
};
REGISTER_TEST(TestValidate)

14
testrunner.vcproj
View File

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<VisualStudioProject
ProjectType="Visual C++"
Version="9.00"
Version="9,00"
Name="testrunner"
ProjectGUID="{ABA515EF-1C57-4980-8E40-2C937D212C9D}"
Keyword="Win32Proj"
@ -198,6 +198,10 @@
RelativePath=".\src\checkstl.h"
>
</File>
<File
RelativePath=".\src\checkvalidate.h"
>
</File>
<File
RelativePath=".\src\cppcheck.h"
>
@ -278,6 +282,10 @@
RelativePath=".\src\checkstl.cpp"
>
</File>
<File
RelativePath=".\src\checkvalidate.cpp"
>
</File>
<File
RelativePath=".\src\cppcheck.cpp"
>
@ -390,6 +398,10 @@
RelativePath=".\test\testunusedvar.cpp"
>
</File>
<File
RelativePath=".\test\testvalidate.cpp"
>
</File>
<File
RelativePath=".\src\token.cpp"
>

4
tools/errmsg.cpp
View File

@ -117,6 +117,10 @@ int main()
err.push_back(Message("pushback", Message::error, "After push_back or push_front, the iterator '%1' may be invalid", "iterator_name"));
// checkvalidate.cpp
err.push_back(Message("unvalidatedInput", Message::all, "Unvalidated input: %1", "varname"));
// Generate code..
std::cout << "Generate code.." << std::endl;
std::ofstream fout("errorlogger.h");