add CERT STR07-C check

This commit is contained in:
fuzzelhjb 2019-06-23 13:59:24 +02:00 committed by Daniel Marjamäki
parent 63bd29d644
commit 8fcfe0ceb0
2 changed files with 34 additions and 4 deletions

View File

@ -82,6 +82,18 @@ def isStandardFunction(token):
return False
return True
# Is this a function call
def isFunctionCall(token, function_names, number_of_arguments=None):
if not token.isName:
return False
if token.str not in function_names:
return False
if (token.next is None) or token.next.str != '(' or token.next != token.astParent:
return False
if number_of_arguments is None:
return True
return len(cppcheckdata.getArguments(token)) == number_of_arguments
# Get function arguments
def getArgumentsRecursive(tok, arguments):
if tok is None:
@ -248,6 +260,18 @@ def str05(data):
if (parentOp1.valueType.type in ('char', 'wchar_t')) and parentOp1.valueType.pointer and not parentOp1.valueType.constness:
reportError(parentOp1, 'style', 'Use pointers to const when referring to string literals', 'STR05-C')
# STR07-C
# Use the bounds-checking interfaces for string manipulation
def str07(data):
for token in data.tokenlist:
if not isFunctionCall(token, ('strcpy', 'strcat')):
continue
args = cppcheckdata.getArguments(token)
if len(args)!=2:
continue
if args[1].isString:
continue
reportError(token, 'style', 'Use the bounds-checking interfaces %s_s()' % (token.str), 'STR07-C')
for arg in sys.argv[1:]:
if arg == '-verify':
@ -275,6 +299,7 @@ for arg in sys.argv[1:]:
exp46(cfg)
int31(cfg, data.platform)
str05(cfg)
str07(cfg)
msc30(cfg)
if VERIFY:

View File

@ -1,8 +1,5 @@
// To test:
// ~/cppcheck/cppcheck --dump cert-test.c && python ../cert.py -verify cert-test.c.dump
#include <time.h>
#include <stdlib.h>
struct S {
short a;
short b;
@ -70,3 +67,11 @@ void str05()
wchar_t *str2 = L"hello"; //cert-STR05-C
}
void str07(char *buf, const char *newBuf)
{
const char *str="test";
strcat(buf,"bla");
strcat(buf, str); //cert-STR07-C
strcat(buf, newBuf); //cert-STR07-C
strcpy(str, newBuf); //cert-STR07-C
}