-
Notifications
You must be signed in to change notification settings - Fork 28
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
NullPointerCharacterAssignment: CodeQL port of C28730 (#146)
codeql port of C28730
- Loading branch information
1 parent
c2febb9
commit c8369c9
Showing
5 changed files
with
398 additions
and
0 deletions.
There are no files selected for viewing
46 changes: 46 additions & 0 deletions
46
...ivers/general/queries/NullCharacterPointerAssignment/NullCharacterPointerAssignment.qhelp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd"> | ||
<qhelp> | ||
<overview> | ||
<p> | ||
Possible assignment of '\\0' directly to a pointer | ||
</p> | ||
</overview> | ||
<recommendation> | ||
<p> | ||
This warning indicates a probable typographical error: a null character is being assigned to a pointer; it is probably the case that the character is intended as a string terminator and should be assigned to the memory where the pointer is pointing. | ||
</p> | ||
</recommendation> | ||
<example> | ||
<p> | ||
Example of incorrect assignment of '\0' to a pointer | ||
</p> | ||
<sample language="c"> <![CDATA[ | ||
char a[8]; | ||
char *p = a; | ||
char x = 0; | ||
char y = '0'; | ||
p = '\0'; // should be *p = '\0'; | ||
}]]> | ||
</sample> | ||
<p> | ||
Example of correct assignment of '\0' to where the pointer is pointing | ||
</p> | ||
<sample language="c"> <![CDATA[ | ||
char a[8]; | ||
char *p = a; | ||
*p = '\0'; // correct! | ||
}]]> | ||
</sample> | ||
</example> | ||
<semmleNotes> | ||
<p> | ||
</p> | ||
</semmleNotes> | ||
<references> | ||
<li> | ||
<a href="https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/28730-possible-null-character-assignment"> | ||
Warning C28730 | ||
</a> | ||
</li> | ||
</references> | ||
</qhelp> |
30 changes: 30 additions & 0 deletions
30
src/drivers/general/queries/NullCharacterPointerAssignment/NullCharacterPointerAssignment.ql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
// Copyright (c) Microsoft Corporation. | ||
// Licensed under the MIT license. | ||
/** | ||
* @id cpp/drivers/null-character-pointer-assignment | ||
* @kind problem | ||
* @name Null Character Pointer Assignment | ||
* @description Possible assignment of '\\0' directly to a pointer | ||
* @platform Desktop | ||
* @feature.area Multiple | ||
* @impact Insecure Coding Practice | ||
* @repro.text | ||
* @owner.email: [email protected] | ||
* @opaqueid CQLD-C28730 | ||
* @problem.severity warning | ||
* @precision medium | ||
* @tags correctness | ||
* @scope domainspecific | ||
* @query-version v1 | ||
*/ | ||
|
||
|
||
import cpp | ||
|
||
from CharLiteral s, Assignment a | ||
where | ||
s.getCharacter() = "\\0" and | ||
a.getRValue() = s and | ||
a.getLValue().getType().getName().matches("% *") | ||
|
||
select a,"Possible assignment of '\\0' directly to a pointer" |
274 changes: 274 additions & 0 deletions
274
...ivers/general/queries/NullCharacterPointerAssignment/NullCharacterPointerAssignment.sarif
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,274 @@ | ||
{ | ||
"$schema": "https://json.schemastore.org/sarif-2.1.0.json", | ||
"version": "2.1.0", | ||
"runs": [ | ||
{ | ||
"tool": { | ||
"driver": { | ||
"name": "CodeQL", | ||
"organization": "GitHub", | ||
"semanticVersion": "2.17.6", | ||
"notifications": [ | ||
{ | ||
"id": "cpp/baseline/expected-extracted-files", | ||
"name": "cpp/baseline/expected-extracted-files", | ||
"shortDescription": { | ||
"text": "Expected extracted files" | ||
}, | ||
"fullDescription": { | ||
"text": "Files appearing in the source archive that are expected to be extracted." | ||
}, | ||
"defaultConfiguration": { | ||
"enabled": true | ||
}, | ||
"properties": { | ||
"tags": [ | ||
"expected-extracted-files", | ||
"telemetry" | ||
] | ||
} | ||
}, | ||
{ | ||
"id": "cpp/extractor/summary", | ||
"name": "cpp/extractor/summary", | ||
"shortDescription": { | ||
"text": "C++ extractor telemetry" | ||
}, | ||
"fullDescription": { | ||
"text": "C++ extractor telemetry" | ||
}, | ||
"defaultConfiguration": { | ||
"enabled": true | ||
} | ||
} | ||
], | ||
"rules": [ | ||
{ | ||
"id": "cpp/drivers/null-character-pointer-assignment", | ||
"name": "cpp/drivers/null-character-pointer-assignment", | ||
"shortDescription": { | ||
"text": "Null Character Pointer Assignment" | ||
}, | ||
"fullDescription": { | ||
"text": "Possible assignment of '\\\\0' directly to a pointer" | ||
}, | ||
"defaultConfiguration": { | ||
"enabled": true, | ||
"level": "warning" | ||
}, | ||
"properties": { | ||
"tags": [ | ||
"correctness" | ||
], | ||
"description": "Possible assignment of '\\\\0' directly to a pointer", | ||
"feature.area": "Multiple", | ||
"id": "cpp/drivers/null-character-pointer-assignment", | ||
"impact": "Insecure Coding Practice", | ||
"kind": "problem", | ||
"name": "Null Character Pointer Assignment", | ||
"opaqueid": "CQLD-C28730", | ||
"owner.email:": "[email protected]", | ||
"platform": "Desktop", | ||
"precision": "medium", | ||
"problem.severity": "warning", | ||
"query-version": "v1", | ||
"repro.text": "", | ||
"scope": "domainspecific" | ||
} | ||
} | ||
] | ||
}, | ||
"extensions": [ | ||
{ | ||
"name": "microsoft/windows-drivers", | ||
"semanticVersion": "1.1.0+2034189b0eace12539d3b51ced8d39b9cc9717f0", | ||
"locations": [ | ||
{ | ||
"uri": "file:///C:/codeql-home/WDDST/src/", | ||
"description": { | ||
"text": "The QL pack root directory." | ||
} | ||
}, | ||
{ | ||
"uri": "file:///C:/codeql-home/WDDST/src/qlpack.yml", | ||
"description": { | ||
"text": "The QL pack definition file." | ||
} | ||
} | ||
] | ||
} | ||
] | ||
}, | ||
"invocations": [ | ||
{ | ||
"toolExecutionNotifications": [ | ||
{ | ||
"locations": [ | ||
{ | ||
"physicalLocation": { | ||
"artifactLocation": { | ||
"uri": "driver/driver_snippet.c", | ||
"uriBaseId": "%SRCROOT%", | ||
"index": 0 | ||
} | ||
} | ||
} | ||
], | ||
"message": { | ||
"text": "" | ||
}, | ||
"level": "none", | ||
"descriptor": { | ||
"id": "cpp/baseline/expected-extracted-files", | ||
"index": 0 | ||
}, | ||
"properties": { | ||
"formattedMessage": { | ||
"text": "" | ||
} | ||
} | ||
}, | ||
{ | ||
"locations": [ | ||
{ | ||
"physicalLocation": { | ||
"artifactLocation": { | ||
"uri": "driver/fail_driver1.h", | ||
"uriBaseId": "%SRCROOT%", | ||
"index": 1 | ||
} | ||
} | ||
} | ||
], | ||
"message": { | ||
"text": "" | ||
}, | ||
"level": "none", | ||
"descriptor": { | ||
"id": "cpp/baseline/expected-extracted-files", | ||
"index": 0 | ||
}, | ||
"properties": { | ||
"formattedMessage": { | ||
"text": "" | ||
} | ||
} | ||
}, | ||
{ | ||
"locations": [ | ||
{ | ||
"physicalLocation": { | ||
"artifactLocation": { | ||
"uri": "driver/fail_driver1.c", | ||
"uriBaseId": "%SRCROOT%", | ||
"index": 2 | ||
} | ||
} | ||
} | ||
], | ||
"message": { | ||
"text": "" | ||
}, | ||
"level": "none", | ||
"descriptor": { | ||
"id": "cpp/baseline/expected-extracted-files", | ||
"index": 0 | ||
}, | ||
"properties": { | ||
"formattedMessage": { | ||
"text": "" | ||
} | ||
} | ||
}, | ||
{ | ||
"message": { | ||
"text": "Internal telemetry for the C++ extractor.\n\nNo action needed.", | ||
"markdown": "Internal telemetry for the C++ extractor.\n\nNo action needed." | ||
}, | ||
"level": "note", | ||
"timeUtc": "2024-08-17T05:27:20.110+00:00", | ||
"descriptor": { | ||
"id": "cpp/extractor/summary", | ||
"index": 1 | ||
}, | ||
"properties": { | ||
"attributes": { | ||
"cache-hits": 0, | ||
"cache-misses": 1, | ||
"extractor-failures": 1, | ||
"extractor-successes": 0, | ||
"trap-caching": "disabled" | ||
}, | ||
"visibility": { | ||
"statusPage": false, | ||
"telemetry": true | ||
} | ||
} | ||
} | ||
], | ||
"executionSuccessful": true | ||
} | ||
], | ||
"artifacts": [ | ||
{ | ||
"location": { | ||
"uri": "driver/driver_snippet.c", | ||
"uriBaseId": "%SRCROOT%", | ||
"index": 0 | ||
} | ||
}, | ||
{ | ||
"location": { | ||
"uri": "driver/fail_driver1.h", | ||
"uriBaseId": "%SRCROOT%", | ||
"index": 1 | ||
} | ||
}, | ||
{ | ||
"location": { | ||
"uri": "driver/fail_driver1.c", | ||
"uriBaseId": "%SRCROOT%", | ||
"index": 2 | ||
} | ||
} | ||
], | ||
"results": [ | ||
{ | ||
"ruleId": "cpp/drivers/null-character-pointer-assignment", | ||
"ruleIndex": 0, | ||
"rule": { | ||
"id": "cpp/drivers/null-character-pointer-assignment", | ||
"index": 0 | ||
}, | ||
"message": { | ||
"text": "Possible assignment of '\\0' directly to a pointer" | ||
}, | ||
"locations": [ | ||
{ | ||
"physicalLocation": { | ||
"artifactLocation": { | ||
"uri": "driver/driver_snippet.c", | ||
"uriBaseId": "%SRCROOT%", | ||
"index": 0 | ||
}, | ||
"region": { | ||
"startLine": 18, | ||
"startColumn": 5, | ||
"endColumn": 13 | ||
} | ||
} | ||
} | ||
], | ||
"partialFingerprints": { | ||
"primaryLocationLineHash": "3c26f4ab5be28a11:1", | ||
"primaryLocationStartColumnFingerprint": "0" | ||
} | ||
} | ||
], | ||
"columnKind": "utf16CodeUnits", | ||
"properties": { | ||
"semmle.formatSpecifier": "sarifv2.1.0" | ||
} | ||
} | ||
] | ||
} |
27 changes: 27 additions & 0 deletions
27
src/drivers/general/queries/NullCharacterPointerAssignment/driver_snippet.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
// Copyright (c) Microsoft Corporation. | ||
// Licensed under the MIT license. | ||
|
||
// Macros to enable or disable a code section that may or may not conflict with this test. | ||
#define SET_DISPATCH 1 | ||
|
||
// Template function. Not used for this test. | ||
void top_level_call() | ||
{ | ||
} | ||
void test_bad() | ||
{ | ||
char a[8]; | ||
char *p = a; | ||
char x = 0; | ||
char y = '0'; | ||
|
||
p = '\0'; // should be *p = '\0'; | ||
} | ||
|
||
void test_good() | ||
{ | ||
char a[8]; | ||
char *p = a; | ||
*p = '\0'; // correct! | ||
} | ||
// TODO add tests for query |
Oops, something went wrong.