Skip to content

Commit 763b991

Browse files
MathiasVPMathiasVP
committed
C++: Add models.
1 parent 749602c commit 763b991

3 files changed

Lines changed: 29 additions & 0 deletions

File tree

cpp/ql/lib/ext/CA2CAEX.model.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,3 +5,14 @@ extensions:
55
data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
66
- ["", "_U_STRINGorID", True, "_U_STRINGorID", "(UINT)", "", "Argument[0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"]
77
- ["", "_U_STRINGorID", True, "_U_STRINGorID", "(LPCTSTR)", "", "Argument[*0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"]
8+
- ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"]
9+
- ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"]
10+
- ["", "CA2AEX", True, "operator LPSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"]
11+
- ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"]
12+
- ["", "CA2AEX", True, "operator LPSTR", "", "", "Argument[-1].Field[m_szBuffer]", "ReturnValue[*]", "value", "manual"]
13+
- ["", "CA2CAEX", True, "CA2CAEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"]
14+
- ["", "CA2CAEX", True, "operator LPCSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"]
15+
- ["", "CA2WEX", True, "CA2WEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"]
16+
- ["", "CA2WEX", True, "operator LPWSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"]
17+
- ["", "CA2WEX", True, "CA2WEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"]
18+
- ["", "CA2WEX", True, "operator LPWSTR", "", "", "Argument[-1].Field[m_szBuffer]", "ReturnValue[*]", "value", "manual"]

cpp/ql/lib/semmle/code/cpp/models/Models.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,3 +50,4 @@ private import implementations.System
5050
private import implementations.StructuredExceptionHandling
5151
private import implementations.ZMQ
5252
private import implementations.Win32CommandExecution
53+
private import implementations.CA2AEX

cpp/ql/lib/semmle/code/cpp/models/implementations/CA2AEX.qll

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
private import cpp
2+
private import semmle.code.cpp.ir.dataflow.FlowSteps
3+
private import semmle.code.cpp.dataflow.new.DataFlow
4+
5+
/**
6+
* The `CA2AEX` (and related) classes from the Windows Active Template library.
7+
*/
8+
class Ca2Aex extends Class {
9+
Ca2Aex() { this.hasGlobalName(["CA2AEX", "CA2CAEX", "CA2WEX"]) }
10+
}
11+
12+
private class Ca2AexTaintInheritingContent extends TaintInheritingContent, DataFlow::FieldContent {
13+
Ca2AexTaintInheritingContent() {
14+
// The two members m_psz and m_szBuffer
15+
this.getField().getDeclaringType() instanceof Ca2Aex
16+
}
17+
}

0 commit comments

Comments
 (0)