add CERT STR03-C check (#1898)

* add CERT STR03-C check * fix cert test
2019-06-24 18:41:43 +02:00 · 2019-06-24 18:41:43 +02:00 · f36d671bc5
parent 0d76d078e2
commit f36d671bc5
2 changed files with 21 additions and 0 deletions
--- a/addons/cert.py
+++ b/addons/cert.py
@ -231,6 +231,17 @@ def msc30(data):
        if simpleMatch(token, "rand ( )") and isStandardFunction(token):
            reportError(token, 'style', 'Do not use the rand() function for generating pseudorandom numbers', 'MSC30-c')

+# STR03-C
+# Do not inadvertently truncate a string
+def str03(data):
+    for token in data.tokenlist:
+        if not isFunctionCall(token, 'strncpy'):
+            continue
+        arguments = cppcheckdata.getArguments(token)
+        if len(arguments)!=3:
+            continue
+        if arguments[2].str=='(' and arguments[2].astOperand1.str=='sizeof':
+            reportError(token, 'style', 'Do not inadvertently truncate a string', 'STR03-C')

 # STR05-C
 # Use pointers to const when referring to string literals
@ -283,6 +294,7 @@ for arg in sys.argv[1:]:
        exp42(cfg)
        exp46(cfg)
        int31(cfg, data.platform)
+        str03(cfg)
        str05(cfg)
        str07(cfg)
        msc30(cfg)
--- a/addons/test/cert-test.c
+++ b/addons/test/cert-test.c
@ -61,6 +61,15 @@ void msc30()
    int a = rand;
 }

+void str03()
+{
+    char *string_data=(char*)malloc(16);
+    char a[16];
+    int d;
+    strncpy(a, string_data, sizeof(a));     //cert-STR03-C
+    strncpy(a, string_data, 5); d=sizeof(int);
+}
+
 void str05()
 {
    char *str1 = "abc";         //cert-STR05-C