walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

refactoring error messages

This commit is contained in:
Daniel Marjamäki 2009-03-21 18:31:28 +01:00
parent 468ed653e2
commit da06c12925
6 changed files with 56 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/checkdangerousfunctions.cpp
View File

@ -53,20 +53,32 @@ void CheckDangerousFunctionsClass::dangerousFunctions()
{ {
if (Token::simpleMatch(tok, "mktemp (")) if (Token::simpleMatch(tok, "mktemp ("))
{ {
_errorLogger->dangerousFunctionmktemp(_tokenizer, tok); dangerousFunctionmktemp(tok);
} }
else if (Token::simpleMatch(tok, "gets (")) else if (Token::simpleMatch(tok, "gets ("))
{ {
_errorLogger->dangerousFunctiongets(_tokenizer, tok); dangerousFunctiongets(tok);
} }
else if (Token::simpleMatch(tok, "scanf (")) else if (Token::simpleMatch(tok, "scanf ("))
{ {
_errorLogger->dangerousFunctionscanf(_tokenizer, tok); dangerousFunctionscanf(tok);
} }
} }
} }
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
void CheckDangerousFunctionsClass::dangerousFunctionmktemp(const Token *tok)
{
reportError(tok, "style", "dangerousFunctionmktemp", "Found 'mktemp'. You should use 'mkstemp' instead");
}
void CheckDangerousFunctionsClass::dangerousFunctiongets(const Token *tok)
{
reportError(tok, "style", "dangerousFunctiongets", "Found 'gets'. You should use 'fgets' instead");
}
void CheckDangerousFunctionsClass::dangerousFunctionscanf(const Token *tok)
{
reportError(tok, "style", "dangerousFunctionscanf", "Found 'scanf'. You should use 'fgets' instead");
}

9
src/checkdangerousfunctions.h
View File

@ -45,6 +45,15 @@ public:
/** Check for buffer overruns */ /** Check for buffer overruns */
void dangerousFunctions(); void dangerousFunctions();
private:
/** Error Messages.. */
void dangerousFunctionmktemp(const Token *tok);
void dangerousFunctiongets(const Token *tok);
void dangerousFunctionscanf(const Token *tok);
}; };
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------

26
src/checksecurity.cpp
View File

@ -18,22 +18,8 @@
*/ */
#include "checksecurity.h" #include "checksecurity.h"
#include "errorlogger.h"
#include "token.h"
#include "tokenize.h"
CheckSecurity::CheckSecurity(const Tokenizer *tokenizer, ErrorLogger *errorLogger)
: _tokenizer(tokenizer), _errorLogger(errorLogger)
{
}
CheckSecurity::~CheckSecurity()
{
}
/** /**
* Check that there are input validation when reading number from FILE/stream * Check that there are input validation when reading number from FILE/stream
*/ */
@ -66,11 +52,11 @@ void CheckSecurity::readnum()
for (const Token *tok2 = tok; tok2; tok2 = tok2->next()) for (const Token *tok2 = tok; tok2; tok2 = tok2->next())
{ {
if (Token::Match(tok2, "cin >> %varid%", varId)) if (Token::Match(tok2, "cin >> %varid%", varId))
_errorLogger->unvalidatedInput(_tokenizer, tok2); unvalidatedInput(tok2);
if (Token::Match(tok2, "fscanf ( %var% , %str% , %varid%", varId)) if (Token::Match(tok2, "fscanf ( %var% , %str% , %varid%", varId))
_errorLogger->unvalidatedInput(_tokenizer, tok2); unvalidatedInput(tok2);
if (Token::Match(tok2, "scanf ( %str% , %varid%", varId)) if (Token::Match(tok2, "scanf ( %str% , %varid%", varId))
_errorLogger->unvalidatedInput(_tokenizer, tok2); unvalidatedInput(tok2);
} }
} }
} }
@ -103,11 +89,15 @@ void CheckSecurity::gui()
// Getting the value.. // Getting the value..
const Token *tok2 = Token::findmatch(tok, (dangerousfunc + " ( " + varname + " .").c_str()); const Token *tok2 = Token::findmatch(tok, (dangerousfunc + " ( " + varname + " .").c_str());
if (tok2) if (tok2)
_errorLogger->unvalidatedInput(_tokenizer, tok2); unvalidatedInput(tok2);
} }
} }
} }
} }
void CheckSecurity::unvalidatedInput(const Token *tok)
{
reportError(tok, "security", "unvalidatedInput", "Unvalidated input");
}

26
src/checksecurity.h
View File

@ -23,15 +23,26 @@
#define checksecurityH #define checksecurityH
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
class ErrorLogger; #include "check.h"
class Token;
class Tokenizer;
class CheckSecurity class CheckSecurity : public Check
{ {
public: public:
CheckSecurity(const Tokenizer *tokenizer, ErrorLogger *errorLogger); /** This constructor is used when registering the CheckClass */
~CheckSecurity(); CheckSecurity() : Check()
{ }
/** This constructor is used when running checks.. */
CheckSecurity(const Tokenizer *tokenizer, const Settings *settings, ErrorLogger *errorLogger)
: Check(tokenizer, settings, errorLogger)
{ }
void runSimplifiedChecks(const Tokenizer *tokenizer, const Settings *settings, ErrorLogger *errorLogger)
{
CheckSecurity checkSecurity(tokenizer, settings, errorLogger);
checkSecurity.readnum();
checkSecurity.gui();
}
/** Reading a number from a stream/FILE */ /** Reading a number from a stream/FILE */
void readnum(); void readnum();
@ -40,8 +51,7 @@ public:
void gui(); void gui();
private: private:
const Tokenizer *_tokenizer; void unvalidatedInput(const Token *tok);
ErrorLogger *_errorLogger;
}; };
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------

20
src/errorlogger.h
View File

@ -324,37 +324,25 @@ public:
return true; return true;
} }
void dangerousFunctionmktemp(const Tokenizer *tokenizer, const Token *Location)
{
_writemsg(tokenizer, Location, "style", "Found 'mktemp'. You should use 'mkstemp' instead", "dangerousFunctionmktemp");
}
static bool dangerousFunctionmktemp(const Settings &s) static bool dangerousFunctionmktemp(const Settings &s)
{ {
return s._checkCodingStyle; return s._checkCodingStyle;
} }
void dangerousFunctiongets(const Tokenizer *tokenizer, const Token *Location)
{
_writemsg(tokenizer, Location, "style", "Found 'gets'. You should use 'fgets' instead", "dangerousFunctiongets");
}
static bool dangerousFunctiongets(const Settings &s) static bool dangerousFunctiongets(const Settings &s)
{ {
return s._checkCodingStyle; return s._checkCodingStyle;
} }
void dangerousFunctionscanf(const Tokenizer *tokenizer, const Token *Location)
{
_writemsg(tokenizer, Location, "style", "Found 'scanf'. You should use 'fgets' instead", "dangerousFunctionscanf");
}
static bool dangerousFunctionscanf(const Settings &s) static bool dangerousFunctionscanf(const Settings &s)
{ {
return s._checkCodingStyle; return s._checkCodingStyle;
} }
void unvalidatedInput(const Tokenizer *tokenizer, const Token *Location)
{
_writemsg(tokenizer, Location, "security", "Unvalidated input", "unvalidatedInput");
}
static bool unvalidatedInput(const Settings &s) static bool unvalidatedInput(const Settings &s)
{ {
return s._security; return s._security;

4
test/testsecurity.cpp
View File

@ -52,7 +52,7 @@ private:
errout.str(""); errout.str("");
// Check char variable usage.. // Check char variable usage..
CheckSecurity checkSecurity(&tokenizer, this); CheckSecurity checkSecurity(&tokenizer, 0, this);
checkSecurity.readnum(); checkSecurity.readnum();
} }
@ -83,7 +83,7 @@ private:
errout.str(""); errout.str("");
// Check char variable usage.. // Check char variable usage..
CheckSecurity checkSecurity(&tokenizer, this); CheckSecurity checkSecurity(&tokenizer, 0, this);
checkSecurity.gui(); checkSecurity.gui();
} }