add CERT MSC24-C check (#1903)

* add CERT MSC24-C check * make check a bit more robust * fix cert tester * finetune MSC24 check
2019-07-04 12:19:52 +02:00 · 2019-07-04 12:19:52 +02:00 · 999aa407f4
parent 88dfb1968f
commit 999aa407f4
2 changed files with 71 additions and 1 deletions
--- a/addons/cert.py
+++ b/addons/cert.py
@ -231,7 +231,31 @@ def int31(data, platform):
                    'style',
                    'Ensure that integer conversions do not result in lost or misinterpreted data (casting ' + str(value.intvalue) + ' to ' + destType + ')',
                    'INT31-c')
-                break
+                break                
+# MSC24-C
+# Do not use deprecated or obsolescent functions
+def msc24(data):
+    for token in data.tokenlist:
+        if isFunctionCall(token, ('asctime',), 1):
+            reportError(token,'style','Do no use asctime() better use asctime_s()', 'MSC24-C')
+        elif isFunctionCall(token, ('atof',), 1):
+            reportError(token,'style','Do no use atof() better use strtod()', 'MSC24-C')
+        elif isFunctionCall(token, ('atoi',), 1):
+            reportError(token,'style','Do no use atoi() better use strtol()', 'MSC24-C')
+        elif isFunctionCall(token, ('atol',), 1):
+            reportError(token,'style','Do no use atol() better use strtol()', 'MSC24-C')
+        elif isFunctionCall(token, ('atoll',), 1):
+            reportError(token,'style','Do no use atoll() better use strtoll()', 'MSC24-C')
+        elif isFunctionCall(token, ('ctime',), 1):
+            reportError(token,'style','Do no use ctime() better use ctime_s()', 'MSC24-C')
+        elif isFunctionCall(token, ('fopen',), 2):
+            reportError(token,'style','Do no use fopen() better use fopen_s()', 'MSC24-C')
+        elif isFunctionCall(token, ('freopen',), 3):
+            reportError(token,'style','Do no use freopen() better use freopen_s()', 'MSC24-C')
+        elif isFunctionCall(token, ('rewind',), 1):
+            reportError(token,'style','Do no use rewind() better use fseek()', 'MSC24-C')
+        elif isFunctionCall(token, ('setbuf',), 2):
+            reportError(token,'style','Do no use setbuf() better use setvbuf()', 'MSC24-C')

 # MSC30-C
 # Do not use the rand() function for generating pseudorandom numbers
@ -341,6 +365,7 @@ for arg in sys.argv[1:]:
        str05(cfg)
        str07(cfg)
        str11(cfg)
+        msc24(cfg)
        msc30(cfg)

    if VERIFY:
--- a/addons/test/cert-test.c
+++ b/addons/test/cert-test.c
@ -54,6 +54,51 @@ unsigned char int31(int x)
    x = (unsigned long long)-1; // cert-INT31-c
 }

+void msc24()
+{
+    struct S {
+    int x; int fopen;
+    };
+    
+    struct S s;
+    time_t rawtime;
+    struct tm *timeinfo;
+    char buffer[256];
+    int i;
+    long int li;
+    long long int lli;
+    FILE *f;
+
+    s.fopen = 123;
+
+    f = fopen ("myfile.txt","w+");  //cert-MSC24-C
+    setbuf ( f , buffer )   //cert-MSC24-C
+    for ( i='A' ; i<='Z' ; i++)
+        fputc ( n, f);
+    rewind (f);             //cert-MSC24-C
+    fclose (f);
+
+    time ( &rawtime );
+    timeinfo = localtime ( &rawtime );
+    printf ( "The current date/time is: %s", asctime (timeinfo) ); //cert-MSC24-C
+
+    n = atof (buffer);              //cert-MSC24-C
+    m = sin (n*pi/180);
+
+    i = atoi (buffer);      //cert-MSC24-C
+
+    li = atol(buffer);      //cert-MSC24-C
+
+    lli = atoll(buffer);    //cert-MSC24-C
+
+    time (&rawtime);
+    printf ("The current local time is: %s", ctime (&rawtime)); //cert-MSC24-C
+
+    freopen ("myfile.txt","w",stdout);                  //cert-MSC24-C
+    printf ("This sentence is redirected to a file.");
+    fclose (stdout);
+}
+
 void msc30()
 {
    unsigned int num = rand(); // cert-MSC30-c