Merge pull request #183 from jbj/unsafe-strcat-perf

geoffw0 · web-flow · commit 1459b981f3cd · 2018-09-12T15:16:58.000+01:00
C++: Restructure UnsafeUseOfStrcat for performance
diff --git a/cpp/ql/src/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql b/cpp/ql/src/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql
@@ -29,11 +29,20 @@ predicate isEffectivelyConstAccess(VariableAccess a)
   )
 }
 
-from FunctionCall fc, VariableAccess src
-where fc.getTarget().hasName("strcat") and
-      src = fc.getArgument(1) and
-      not src.getType() instanceof ArrayType and
+class StrcatSource extends VariableAccess {
+  FunctionCall strcat;
+
+  StrcatSource() {
+    strcat.getTarget().hasName("strcat") and
+    this = strcat.getArgument(1)
+  }
+
+  FunctionCall getStrcatCall() { result = strcat }
+}
+
+from StrcatSource src
+where not src.getType() instanceof ArrayType and
       not exists(BufferSizeExpr bse |
         bse.getArg().(VariableAccess).getTarget() = src.getTarget()) and
       not isEffectivelyConstAccess(src)
-select fc, "Always check the size of the source buffer when using strcat."
+select src.getStrcatCall(), "Always check the size of the source buffer when using strcat."
