Merge pull request #1634 from aibaars/cookbook

Approved by aschackmull, dave-bartolomeo, hvitved, markshannon, xiemaisi, yh-semmle

Author: semmle-qlci

cpp/ql/examples/queries.xml

@@ -0,0 +1 @@
+<queries language="cpp"/>

cpp/ql/examples/snippets/addressof.ql

@@ -0,0 +1,16 @@
+/**
+ * @id cpp/examples/addressof
+ * @name Address of reference variable
+ * @description Finds address-of expressions (`&`) that take the address
+ *              of a reference variable
+ * @tags addressof
+ *       reference
+ */
+
+import cpp
+
+from AddressOfExpr addr, VariableAccess access
+where
+  access = addr.getOperand() and
+  access.getTarget().getType() instanceof ReferenceType
+select addr

cpp/ql/examples/snippets/arrayaccess.ql

@@ -0,0 +1,17 @@
+/**
+ * @id cpp/examples/arrayaccess
+ * @name Array access
+ * @description Finds array access expressions with an index expression
+ *              consisting of a postfix increment (`++`) expression.
+ * @tags array
+ *       access
+ *       index
+ *       postfix
+ *       increment
+ */
+
+import cpp
+
+from ArrayExpr a
+where a.getArrayOffset() instanceof PostfixIncrExpr
+select a

cpp/ql/examples/snippets/castexpr.ql

@@ -0,0 +1,16 @@
+/**
+ * @id cpp/examples/castexpr
+ * @name Cast expressions
+ * @description Finds casts from a floating point type to an integer type
+ * @tags cast
+ *       integer
+ *       float
+ *       type
+ */
+
+import cpp
+
+from Cast c
+where c.getExpr().getType() instanceof FloatingPointType
+  and c.getType() instanceof IntegralType
+select c

cpp/ql/examples/snippets/catch_exception.ql

@@ -0,0 +1,15 @@
+/**
+ * @id cpp/examples/catch-exception
+ * @name Catch exception
+ * @description Finds places where we catch exceptions of type `parse_error`
+ * @tags catch
+ *       try
+ *       exception
+ */
+ 
+import cpp
+
+from CatchBlock catch
+// `stripType` converts `const parse_error &` to `parse_error`.
+where catch.getParameter().getType().stripType().hasName("parse_error")
+select catch

cpp/ql/examples/snippets/constructor_call.ql

@@ -0,0 +1,16 @@
+/**
+ * @id cpp/examples/constructor-call
+ * @name Call to constructor
+ * @description Finds places where we call `new MyClass(...)`
+ * @tags call
+ *       constructor
+ *       new
+ */
+ 
+import cpp
+
+from NewExpr new, Constructor c
+where
+  c = new.getInitializer().(ConstructorCall).getTarget() and
+  c.getName() = "MyClass"
+select new

cpp/ql/examples/snippets/derives_from_class.ql

@@ -0,0 +1,20 @@
+/**
+ * @id cpp/examples/derives-from-class
+ * @name Class derives from
+ * @description Finds classes that derive from `std::exception`
+ * @tags base
+ *       class
+ *       derive
+ *       inherit
+ *       override
+ *       subtype
+ *       supertype
+ */
+ 
+import cpp
+
+from Class type
+where
+  type.getABaseClass+().hasName("exception") and
+  type.getNamespace().getName() = "std"
+select type

cpp/ql/examples/snippets/emptyblock.ql

@@ -0,0 +1,14 @@
+/**
+ * @id cpp/examples/emptyblock
+ * @name Empty blocks
+ * @description Finds empty block statements
+ * @tags empty
+ *       block
+ *       statement
+ */
+
+import cpp
+
+from Block blk
+where blk.getNumStmt() = 0
+select blk

cpp/ql/examples/snippets/emptythen.ql

@@ -0,0 +1,17 @@
+/**
+ * @id cpp/examples/emptythen
+ * @name If statements with empty then branch
+ * @description Finds `if` statements where the `then` branch is
+ *              an empty block statement
+ * @tags if
+ *       then
+ *       empty
+ *       conditional
+ *       branch
+ */
+
+import cpp
+
+from IfStmt i
+where i.getThen().(Block).getNumStmt() = 0
+select i

cpp/ql/examples/snippets/eq_true.ql

@@ -0,0 +1,18 @@
+/**
+ * @id cpp/examples/eq-true
+ * @name Equality test on boolean
+ * @description Finds tests like `==true`, `!=true`
+ * @tags equal
+ *       comparison
+ *       test
+ *       boolean
+ */
+ 
+import cpp
+
+from EqualityOperation eq, Expr trueExpr
+where
+  trueExpr = eq.getAnOperand() and
+  trueExpr.getType() instanceof BoolType and
+  trueExpr.getValue().toInt() = 1
+select eq