forked from github/codeql-coding-standards
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathAttemptToWriteToAReadOnlyStream.ql
More file actions
37 lines (32 loc) · 1.31 KB
/
AttemptToWriteToAReadOnlyStream.ql
File metadata and controls
37 lines (32 loc) · 1.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
/**
* @id c/misra/attempt-to-write-to-a-read-only-stream
* @name RULE-22-4: There shall be no attempt to write to a stream which has been opened as read-only
* @description Attempting to write on a read-only stream is undefined behavior.
* @kind problem
* @precision very-high
* @problem.severity error
* @tags external/misra/id/rule-22-4
* correctness
* external/misra/c/2012/third-edition-first-revision
* external/misra/obligation/mandatory
*/
import cpp
import codingstandards.c.misra
import codingstandards.cpp.standardlibrary.FileAccess
import semmle.code.cpp.dataflow.new.DataFlow
module FileDFConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
// source is the return value of a call to fopen
source.asExpr().(FOpenCall).isReadOnlyMode()
}
predicate isSink(DataFlow::Node sink) {
// sink must be the second parameter of a FsetposCall call
sink.asExpr() = any(FileWriteFunctionCall write).getFileExpr()
}
}
module FileDFFlow = DataFlow::Global<FileDFConfig>;
from DataFlow::Node source, FileWriteFunctionCall sink
where
not isExcluded(sink, IO3Package::attemptToWriteToAReadOnlyStreamQuery()) and
FileDFFlow::flow(source, DataFlow::exprNode(sink.getFileExpr()))
select sink, "Attempt to write to a $@ opened as read-only.", source, "stream"